/ Community, News

This week on Which? Conversation

Here’s what’s coming up during the week of 12 July 2021.

Welcome back to Which? Conversation! Congratulations or commiserations on the football, depending on which side of the pitch you’re on – though we do hope that issues with secondary ticking sites didn’t dampen your experience.

ℹ First time here? Here’s what to expect in our weekly roundups.

Each week we’ll recap the conversations and discussions in the week just gone, including key comments, contributions, suggestions for ideas. We’ll also look ahead to the conversations coming up in the weeks that follow.

We’ll also aim to keep you updated on what’s new around Which?, including the latest consumer news, updated advice guides, and areas where we’re looking to hear more of your experiences and opinions.

Comments on each roundup will be open for that week, and will close when the next roundup is posted. You’re welcome to continue conversations week to week, though please aim to post in the current week.

Last week on Which? Conversation

  • It was good to see so many of you join in our first expert event on Scams. Hopefully you found the event to be useful. Don’t worry if you missed it – all of our experts’ answers are still in the comments, and we’ll be recapping and summarising them soon.
  • Nearly 300 community members left a comment in response to our call on why the Payment System Regulator (PSR) must make reimbursement mandatory for scam victims, including many sharing personal stories of how they or people they know have scammed. We’ve flagged these to Which? Campaigns, and will use them as the basis for the next stage of campaign action.

What’s happening this week

Ever wonder what goes into a Which? supermarket investigation? We’re welcoming our senior researcher/writer Marianne Calnan to Which? Conversation this Friday at 2pm to answer your questions in the comments on online orders and deliveries, refunds, substitutions and pricing tactics, what supermarkets should be doing more of (or less of), and more.

Here’s what we’re planning to discuss this week on Which? Conversation:

  • Would you buy refurbished trainers? On Tuesday, our own Chirag Khetiya discusses how shoe manufacturers are aiming to reduce waste while giving you a discount on your kicks.
  • What are your tips for running your home efficiently? On Wednesday we’re keen to hear what changes you make around the home to reduce your carbon footprint and live more eco-friendly.

Ahead of next week’s lifting of restrictions in England, we’ll also be keeping an eye out for what this means for you. Check out the five things you need to know ahead of restrictions lifting, as well as what the coronavirus restrictions are in your area.

Questions of the week

Inspired by a comment from malcolm r, this week’s topic is on e-scooters. Back in June, Which? announced it would begin testing electric scooters as these products are becoming increasingly popular  despite being illegal in public spaces.

Do you think the fact that they’re illegal in public spaces stops people from buying them (or wanting to buy them)?

Would you buy an electric scooter, even though they're currently not legal to use in public spaces?
Loading ... Loading ...

Want to tell us more? Join us over in our earlier conversation.

You’ll also see a different poll each week appear in your right sidebar. This week’s sidebar poll comes from our product testing team and is very timely for summer:

How do you eat a Magnum ice cream?

Bite into it: and eat the chocolate and ice cream at the same time (69%, 378 Votes)

Remove and eat the chocolate, then the ice cream (21%, 113 Votes)

Suck the chocolate and ice cream (11%, 58 Votes)

Total Voters: 549

Loading ... Loading ...

In last week’s poll on utility providers we found out that most of you prefer to organise each one separately – though also that sometimes that choice isn’t necessarily available to consumers either. The poll is still open – if you missed it or are just joining us, feel free to pop back and vote accordingly.

What’s in store for you this week?

Over to you now – what are you looking forward to this week? Would the loosening of restrictions might make you consider a holiday abroad?

Let’s chat in the comments.

ℹ A few tips on making the comment threads in off-topic areas easier to navigate

Start with a topic sentence

Starting a comment with a clear topic line helps people scrolling through to find what you’re talking about more easily.

You may want to use HTML tags to make it stand out more, for example by bolding it using <b>. See our Frequently Asked Questions for further guidance on what HTML is allowed.

If you’d like to respond to a topic someone else has started, reply to the original parent comment using the Reply button

This helps keep conversation on a single topic together, as we currently do not support comment threads. If you’d like to change or start a new topic, use the comment box at the bottom of the page.

Feel free to move the conversation elsewhere

If you’re starting a discussion on a topic where we have an existing conversation, we’ll suggest shifting the conversation to that space. Equally if a conversation starts to drift from the topic originally being discussed, please do shift into the Lobby.

Feel free to link to others’ comments

You can copy the link to a specific comment from the date stamp on each comment. In Windows, right click the date stamp and select Copy Link Location.

Comments
Em says:
12 July 2021

@Moderators

Why can I see a comment posted by Wingman at 14:36 which contains a link to a website and is awaiting moderation? I am not even signed in to my own account, let alone anyone else’s.

I wondered about that. If the post is in moderation because it contains a link, I wonder why anyone other than the author can see it.

Wingman has posted numerous inoffensive comments in the past two months and is a registered user, so perhaps could be allowed to post links without approval.

Em says:
12 July 2021

When I refreshed the page, the comment disappeared, but I took a screen grab to prove I wasn’t imagining things.

@Moderators – let me know if you need more information and a secure way to get it to you.

I was just about to post on the same subject.

This morning, Which? exposed personal information of a vulnerable person by allowing his email address to be published. Not only that, but they have left his personal information in the public domain where it will very likely have already been picked up by web crawlers.

It won’t be a sophisticated scam that poor Michael will be caught out by, but negligence on the part of Which? as he is now in danger of further scams and identity theft.

Hiding it from view here does not remove it publicly so it needs to be completely deleted from the post.

Which? needs to contact him urgently and assist him to get his digital presence sorted out starting with a change of email address.

@jon-stricklin-coutinho

Em says:
12 July 2021

It won’t be the first. The reason I have stopped signing in using the dedicated email address em@ [domain] is because Which? leaked that email address – known only to them – to parties unknown. I now get the occasional spam with a viral payload.

Which? still haven’t acknowledged a data breach.

Em says:
13 July 2021

I’ve replied. Thanks for the follow up @Jon

Thanks Jon, his email address is no longer coming up in a search.

It is interesting that you point him to the Terms and Conditions, call his actions ‘unfortunate’ check the position of Which? and wash your hands of it. Apologies if I have got that wrong and you have contacted him to offer assistance if only to set him up with a new email address, but your post suggests otherwise.

The details he revealed exposed rather a lot about him including his age, possible address and the fact he posted in the manner he did suggested he was not too internet-savvy and would fall into the category of ‘vulnerable’. Just the sort of info required for identity theft.

If Which? was a bank, there would be cries of ‘the bank is not doing enough to protect people’. Banks also have Terms and Conditions, Guidelines, info on scams etc, so why doesn’t Which? adopt the same stance and say people should have read them instead of blaming the banks when all they do is follow people’s instructions to pay scammers?

You expect banks to notice an unusual transaction but at the same time allow email addresses to be posted. When we can’t screw a piece of wood, why can we post email addresses?

Slight double standards, don’t you think?

Edited
Seems the profanity filter now allows you to screw wood.

“Secondary ticking (sic) sites …… “ (intro para 1) are a time bomb that I thought were being defused?
It shows how we must be more careful what we type because it can result in something going amiss and leading to an explosive situation. Must banks repay any customer who has fallen foul of such a site?

What’s all that stuff about “lifting restrictions”? What lifting? It won’t make much difference for anyone like me with far too many appalling permanent life restrictions which only keep being made worse, not better. The government’s changes won’t stop me from constantly burning up and absolutely DROWNING in sweat and being confined to bed when there’s a wretched heat wave, they can’t stop me from being constantly tortured out of my skull by all manner of insane noise around me, and they won’t make it possible for me to travel anywhere further than local, they won’t make it possible for me to go to any restaurants or cafes or libraries etc. or go anywhere supposedly “social” etc. Some of us, and there IS plenty of others out there, have to live under permanent lockdown but it’s never mentioned anywhere is it? But it makes headlines when the normal crowd are affected and THEY have to live with some restrictions, like not being able to go to their rowdy pubs, which are their temples for their intoxicating idols, or go to any foreign resorts where there’s absolutely hyper-insane temperatures so hot it would be just like a KILN! Which they always crave because they all have bodies like reptiles, all so cold-blooded and always desperately craving insane heat. I can’t help noticing when I’m out how so many are still so wrapped up in great big thick heavily insulated winter jackets and coats, all in matt black of course for maximum heat absorbance when I’m only wearing a thin T-shirt and I’m absolutely FRYING and their hair is all so perfectly bone dry and mine’s absolutely drenched in filthy revolting sweat, and it’s their sort who fit stupid INSANE full length skylights on the buses in such a way that you can’t sit anywhere without absolutely BRUTAL HOT sun beating down on you so intensely and causing absolute TORTURE, and they just casually assume that “everybody” so revels in it because it’s so constantly excessively and selfishly glorified in the bigoted media. And then there’s the absolutely insane obsession with stupid clicking fingers and skull piercing “whistling” sound effects which is constantly played all day long in shops making them totally inaccessible for anyone like me, and it’s always the shops that sell the most essential goods, and there’s an absolutely insane idea going around that stupid insane finger snapping is somehow “relaxing”, well what absolute CRIMINAL insanity, that’s just like describing some dreadful medieval torture as somehow being relaxing, what absolute INSANITY! This is why there absolutely MUST be far more awareness about people suffering so appallingly like me, but instead no-one ever wants to know. Instead even so-called “disability” groups keep playing the same brutal torturing hell effects on the soundtracks of their online videos making them inaccessible, and again if I complain I just get totally ignored. There’s nothing but total contempt and blatant condescension for anyone like me. Far too many think that their services supposedly conform to the “equality” act as long as they can fit a wheelchair through the door, which of course absolutely does NOT make them conform in any such way at all.

Em says:
14 July 2021

Would it be possible to lock old Convos if they are not being actively monitored by the OP?

Judging from the last two pages of posts on “Cash Summit: Securing our Freedom to Pay” started in May 2021, it seems to have turned into Securing our Freedom to Pay Scammers – presumably not in cash. There are more than enough conversations about scamming on Convo, without having to obfuscate the point of others.

And we sometimes get caught out when replying to a “Latest Comment”, only to realize that the Convo has been dead for several years and unlikely to receive any further attention.

This has always been the problem with Which? Conversation. Without any active participation or moderation by the author or the editorial team, Conversations get spun in different directions. Even within the series on scams, they start on one particular type of scam but quickly become a convenient gathering point for other types.

I think we lost our way completely on the recent APP Fraud discussion, partly because nobody reads the preamble and follows sequential updates, but also because there are not the right links to more relevant Conversations. After a certain amount of time the comments become repetitious, one-way sound-bites, and [frankly] boring, so it is fair game to wander off onto a branch line.

I don’t know what the full answer is, but a bit more evidence that Which? is actually interested in what is being written by contributors would probably assist. I don’t think we should be too obsessed about remaining on topic after a few days of a fairly active Conversation but if it is being monitored with occasional steering then I am sure that would keep it on track better and therefore more valuable.

I agree there would be merit in locking some old Conversations when they have run dry, and I would also question whether adding to old Conversations with an Update and a spate of new but disconnected comments that seem to ignore or override the points made previously is the best approach.

Em says:
15 July 2021

I’ve noticed an old Convo is now active on the subject of mobile phone security and lack of updates: Brief cases: faulty mobile phone

@Gary @GDOW2 posted: “I’ve discovered via the Which website that my phone, a Huawei P20 Pro, no longer receives security updates. Surely that means it’s no longer fit for purpose?”

Some of the regulars here went on to confirm this view.

Does anyone have any actual evidence for Android devices that this is true, and the extent of the threat, or is this just based on the recent Which? Convo Why we’re calling for longer support for mobile phone (5 May 2021)

I did post a long comment at the end of that second Convo, as to why I don’t think security is something the average consumer needs to worry about, and is no reason to stop using a perfectly functional mobile phone. I can go into yet more detail, but I would like to address some specific threat, rather than speculate about what might be hiding behind the garden shed.

Failing a reply from Which?, can anyone else help to put this into perspective?

Em, I remember your contribution.
My gripe with Which? is their general lack of response to such informed and constructive comments. As a result, Convos can create the wrong impressions and can mislead those who look at them. I think Which? have a responsibility, when they publish a Convo and invite comments, to keep that Convo accurate in the information it gives.
Kate Bevan is normally pretty good at responding.

Em says:
15 July 2021

In particular, this statement: Those updates patch new security holes in the operating system and apps, and the longer you leave it, the more likely you are to fall victim to malware sneaking on to your phone, which could in turn lead to data loss or identity theft.

That is misleading at best. The Android updates issued by mobile phone manufacturers only update the Android operating system software. They do not update the Apps on a Google Android device. App security – the main source of malware – is dealt with by Google Play Protect.

You can see this for yourself. Go to Play Store, tap your Profile icon in the top right corner in the search bar, scroll down the menu and tap [Play Protect]. This automatically scans your device every 24 hours. You can launch a manual scan by tapping [Scan].

Em, I think you are correct to say that the Which? advice has not been reinforced by example of significant specific threats.

My support for their view is based on the worry that they are technically correct to point out that security is less than ideal when using an unpatched OS on the net.

In particular, I further worry that, if someone is using an out-of-support OS on the net and then they get scammed, this might provide a loophole that a bank could use to help justify not paying any compensation to them.

So I see it as a bit like driving without an MoT or insurance cover on a vehicle – it signals a lack of due diligence.

However, from my own experience of using devices out-of-support and from what I’ve seen of others also doing that, I think the risks can be over emphasised as regards evidence of actually getting hacked. Obviously those with vested interests, e.g. for selling replacement devices, can play on this for hurt and rescue tactics. But then again, the very best hacks will often go undetected or at least remain undetected for a long while.

As regards data loss or identity theft, I guess most internet users are their own worst enemies here, as in “Backups? What are those?”.

If you have precious data only on an Android phone, you can easily lose if you just lose the phone or if the phone fails and stops working. Those are probably much bigger risks that getting your OS hacked.

I’ve seen examples that show identify theft being a real pain, if it affects an important online account. Users should take proper steps to safeguard such accounts, including matters such as 2FA where possible.

Hello! You’re right that updates to the Android platform don’t directly update apps. However, app updates are delivered via Google Play*, and if you have an old, unsupported version of Play, you’re not going to get the app updates delivered via that service, and thus your unpatched apps are an increasing vulnerability on the phone.

Security mostly happens under the hood for most users. That’s both a good thing and a bad thing, IMO. It’s good in that it’s mostly low-friction and thus not an irritant that you keep having to attend to. The downside though is that if you’re not aware that regular patches are happening behind the scenes, you probably won’t notice when they stop being delivered.

So yes, you don’t have to worry about security so long as your device is supported. The longer it’s out of support, the more vulnerabilities you have on the device, both in the platform (Android itself) and in the apps that aren’t getting updates.

*Obviously this doesn’t apply if you’re using a newer Huawei phone, or you if have apps sideloaded via apk marketplaces or downloaded from other app stores, but it’s true for most ordinary Android users.

Em says:
15 July 2021

Thanks for your reply Kate. I wanted to reopen this debate in view of the latest Which? publication on the subject: “Mobile phone security: why phones over two years old could be a risk” on July 12 2021.

It is certainly correct to highlight that older Android phones may not be receiving security updates, because the tradition method of propagating these updates relies on both the manufacturer (e.g. Samsung) and the carrier (e.g. Vodafone) for deployment.

Since 2019, the Android licensing agreement requires manufacturers to provide quarterly updates in the first year and support updates for a further year. So in the case of some manufacturers, what Which? is highlighting as an issue – only two years manufacturer support -is actually an improvement!

But for more recent phones, it’s a total non-issue with regard to security. Google (the developers of Android) were still not happy with the new licensing agreement, given that Android security patches are being released monthly, but manufacturers of phones still in support were taking several months to catch up.

Rather than continuing to herd cats, as of Android 10 (the first release not called after a biscuit/sweet and deployed from late 2019), nearly all security patches are being delivered through Google Play System Updates. (Search “Project Mainline” for more information.)

To be clear, this no longer relies on phone manufacturers sending out Android security updates. As long as you have Android 10 or 11 installed, you will continue to receive important security updates for as long as Google develops them.

This new mechanism should help prevent issues like the Stagefright Bug (2015), where Google patched the software within two days of being notified, but phones remained vulnerable to attack for months afterwards, thanks largely to a “security” firm who were keen to push their own agenda and released the details of the exploit they had discovered. (I think I referred to this in my original post.)

If your phone has a firmware vulnerability, then that still has to be tested and distributed via the hardware manufacturer, but those are relatively few and far between. In summary, Android and App security that would affect most consumers has largely been taken out of the hands of the manufacturers.

Assuming that all the above information is correct*, Which? may need to review the policy of flagging more recent phones running Android 10 or above as no longer Best Buys, purely on security grounds.

To take one example, the Samsung S9 (shipped with Android 9) should be running Android 10 by now, and will continue to receive security patches, even thought Samsung will end support for the phone within 12 months.

* It’s not my day job, and I wish I was being paid for this 🙂 E.&.O.E. – no more time.

Em says:
15 July 2021

Further to the above – I said E.&O.E.

The situation with the Samsung S9 (for example) is complex. Plus I don’t have one to verify. Because the S9 originally shipped with Android 8 “Oreo”, the support for most Android Modular System Components (i.e. those that can be updated via Play Store) in Android 10 “Q” is optional, as determined by the manufacturer.

If you have a different make/model that shipped with Android 10 from new, those Components are now mandatory.

If your phone has Android 11 installed, whether shipped from new or installed via an upgrade (like my Samsung S10), then all the Modular System Components are mandatory. I can see these in my systemapex folder.

Eating junk food is a lot more expensive than cooking healthy meals with raw ingredients, and if you cook in bulk and freeze, you then have ready meals that require very little work.

Adding veg to mince and onion can quickly turned it into a spag bol, eaten with mash or even curried.

I freeze food in about 380g portions that feeds two with a bit more veg thrown in afterwards plus maybe a carb such as rice, pasta or potato.

A whole leg of lamb when on special offer at around £24 is turned into 8-10 curries for 2 bulked out with tinned spinach plus a roast dinner and cold meat for sandwiches with what is left on the bone. Frozen spinach added when defrosted improves the colour.

8 Saag Gosht (Lamb with spinach) from my local takeaway would cost £71.60 and mine feed two.

3 large chicken breasts from our local butcher at £8.50 make about 6 curries bulked out with lentils. I add mushrooms after defrosting.

6 Chicken Tikka Dhansaks from my local takeaway would cost £62.70 and mine feed two.

Spinach & Lentil curry is extremely cheap to make easy with tinned lentils and even cheaper if you buy dry lentils.

A joint of beef cut up for a stew and cooked in the slow cooker means tender with no gristly bits and again makes quite a few meals in advance.

Home-made pizza can be healthier and is definitely a lot cheaper.

Thai/Indonesian style veg stir-fry to use up left-over veg is better than a takeaway. We prefer tinned sweetcorn instead of the more expensive mange-tout that needs no preparation and there is never any waste.

OK, you do need a few extra ingredients to make your own meals from scratch, but it is healthier and so much cheaper than buying ready-made or take-aways and with the added advantage of not containing all the garbage that is added to our food these days.

We are never likely to turn vegan, but I do make our meat go a long way and some of our meals are meat-free.

I am against putting fruit and veg on prescription. What I would prescribe are cookery lessons to help those who, through eating badly, are unable to control their weight or that of their family.

Em says:
18 July 2021

Scams rocket by 33% during pandemic – 15 July 2021

Can anyone explain the numbers please, as there are no primary sources to fall back on? For each fraud, the Average cost appears to be Total Cost / Reported.

So only actual frauds incurring a loss are tabulated? What about all the reports to Action Fraud of suspected fraud tactics?

And #8 Phone Fraud looks particularly dubious with a Total Cost of £1,500,000.00 across 5,073 reports.

Hi all. This discussion has closed for the week, but you can get involved in the latest for the 19 July here: https://conversation.which.co.uk/community/news/this-week-19-july-2021/