The IT Nerd

In the last couple of days, the Federal Government has forced Rogers to open up its network on the Toronto Transit Commission subway to other carriers such as TELUS and Bell. Thus ending in my view, a lot of stonewalling by Rogers who were pretty clearly using the fact that they had this network as a competitive advantage. More on that in a bit. Right now, here’s the salient details of what is being forced upon Rogers:

• Rogers Communications must allow access to its network serving the TTC by October 3 at the latest to other carriers.
• All wireless carriers who offer service in Toronto will be required to have commercial agreements in place to provide service on the TTC network within the next 100 days.
• Every single TTC subway station will have mobile coverage by next June.
• About 80% of tunnels will have service by the end of 2025.
• The entire system will have full coverage by the end of 2026.

Now up until this announcement was made, the only people who had access to Rogers network were Rogers customers along with Freedom Mobile customers and Videotron customers. And only in a handful of places:

• The downtown U-shaped stretch of the Line 1 Yonge-University-Spadina,
• 13 stations on the Line 2 Bloor-Danforth from Keele to Castle Frank
• Tunnels between St. George and Yonge stations.

The actions by the Federal Government, which I applaud by the way, accelerates the expansion of this network and makes sure that the citizens of Toronto can get cell phone access when they take the subway. Especially since the subway isn’t a safe place given the fact that there have been what seems to be a never ending spree of violent incidents on the subway for months now.

And this issue with violence on the subway is part of why I see Rogers as the bad guy here. Rogers bought the bones of this 5G network from BAI Communications, who could never get anyone other than Freedom Mobile to jump on board this network, and clearly wanted to use this as a means to get people to switch to Rogers, as well as force carriers like TELUS and Bell to come on bended knee to Rogers and agree to whatever terms Rogers wanted to serve up to get access to this network. My problem with this is that as mentioned earlier violence is a serious problem on the subway. You would think that Rogers would at least partially put aside their business aspirations to work with other carriers to provide service on the subway so that people feel safer. But based on the fact that it took the Federal Government to lower the boom on Rogers, I guess not.

And the other thing that I would like to point out I am not the only person who thinks Rogers is the bad guy here. Not one person who I’ve talked to over the last couple of months has defended Rogers on this issue and they see Rogers as the bad guy. If you’re Tony Staffieri the CEO of Rogers, that must concern you as that’s not going to help you to acquire new customers or keep the ones you have. I’m not saying that Rogers needed to do this for free. They run a business after all and they have to get compensated for this somehow. But I find it highly implausible that Rogers couldn’t come to an agreement with TELUS, Bell, and other carriers if they really wanted to in order to make this happen.

Rogers during this whole episode hasn’t done itself any favours here. Thus they may want to keep that in mind going forward as I don’t know how many more times Rogers can do things to upset the public and get away with it.

I wanted to provide an update on this post in which I said that there was hope in terms of a remedy to Rogers long standing email issues that have been ongoing since March of this year. And I will say up front, some of you may not like this update.

The people who will like this update are the ones that are running Office 365. According to this document on the Microsoft website, the version of Microsoft Office 365 that supports Yahoo’s implementation of OAuth has fully rolled out. And I can confirm that if you have Office 365 and you have fully updated to the latest version, you can again add a Rogers email account to Outlook. If you need steps to do that, here’s what I have been doing for my many clients who have been affected by this issue:

1. Update Microsoft Office (save your work before doing this): 

• Go to File – Click on Office account on the left side: 

• Click on Update Options and choose Update Now:

• Follow the on screen instructions.

2. Go to File- Click on Add Account:

• A box should pop up where you can enter your Rogers email address. Once you do that another box should appear: 

• Enter the password that you use for Rogers webmail. Then follow the prompts that appear after that. 

This method has worked for every single one of my clients who is running Office 365. At this point you’re likely wondering why I keep saying “Office 365” when I talk about this method. I am saying this because this support for Yahoo’s implementation of OAuth appears to not exist in what Microsoft terms as “Consumer SKUs such as Office Personal and Office Home.” Meaning that if you decided to pay once for Microsoft Office rather than use Office 365 and pay monthly or yearly for it, you’re still out of luck and you’re still forced to get your email via webmail. I have confirmed that this doesn’t work with clients who have these versions of Microsoft Office. The only workaround for this appears to be to switch to Office 365. That’s an option that I simply can’t recommend to anyone who’s already paid for Microsoft Office.

Now it would be easy to light Microsoft up like a Christmas tree in a bonfire over this lack of support for non Office 365 users. And yeah, they likely should be bringing this support for OAuth to other versions of Microsoft Office. But Microsoft wouldn’t be in this situation if Rogers and Yahoo didn’t have an incident that has been ongoing since March of this year that made this an issue for Microsoft. So what I would say to both Rogers and Yahoo is that they need to both take some leadership on this and do whatever they need to do get Microsoft to roll this out so that ALL Microsoft Office users can put this issue to bed. Either that, or both Rogers and Yahoo need to fix the app specific password issue (or stop using app specific passwords altogether) so that Rogers users can use the email client of their choice with Rogers email. Because despite what Rogers tech support says, webmail is not an acceptable replacement for something like Outlook.

Of course instead of waiting for Rogers and Yahoo to fix this, you can take the option that I’ve been recommending for a while now. Which is to abandon Rogers email offering and use something else. The majority of my reasons can be found in this article. Rogers and Yahoo aren’t communicating to users about this issue. Nor do they have a resolution to this issue that works for their entire user base. Thus You cannot depend on both companies to save you from this if you’re affected by this. Which tells you all you need to know about both companies.

I will continue to monitor this and provide further updates as they come. Because if Rogers and Yahoo isn’t going to keep you updated, someone has to. And that appears to be yours truly. Which also tells you all you need to know about both companies.

Earlier this week I told you about an email scam that was using the name of Canadian telco Rogers to make you more likely to fall for it. That scam was pretty bad. But on Friday, I came across an even worse scam that uses the Rogers name.

I got a phone call that had a caller ID of “Rogers” with an area code that started with “888” which is likely spoofed. Now my wife and I haven’t been with Rogers for just over a year, but I decided to pick up the call anyway. When I did a woman asked for my wife. That made sense because the Rogers account was under her name. I told the woman that I was her husband and she could speak to me. That’s when things got interesting. The woman told me that she was calling from “Rogers Customer Loyalty” and our Rogers account was selected as part of a promotion.

This is when I started to get suspicious. Like I said earlier, we haven’t been with Rogers for just over a year. So while I can see a scenario where Rogers might call us to try and get us back, there’s no department within Rogers called “Rogers Customer Loyalty” that would do that. Thus I was starting to think that this was a scam. Normally, this is where I would suggest that you hang up. But I wanted to confirm my suspicions, so I played along.

The woman then said that the promotion in question was that Rogers wanted to give us a free iPhone 14 Pro Max with a 35GB data plan for $50 a month. That really started the alarm bells ringing because Rogers to my knowledge never gives away free phones. Not only that, they don’t as far as I know have a 35GB data plan for $50 a month. Thus I was really thinking that this was a scam. Again, instead of hanging up, I played along.

First they wanted to confirm some information. And the information that they offered up was my wife’s email address and name. Then they wanted me to confirm the order by sending me a six digit verification code.

Ding! This confirms that this is a scam.

What the threat actors are up to are getting access to your Rogers account using your email address so that they can order an iPhone of some description, ship it to some location where this phone and every other phone from anyone who fell for this scam is then shipped to some other country for resale. Likely India given the fact that the person who called me had an Indian accent. The other possibility is that you do get the phone, but they they will call you on the day that you get it and say that they messed up and you need to send the phone back. They’ll email you a “return label” that simply sends the phone to a location from where they can forward the phone overseas. In either case, you get stiffed with the bill for the phone. The threat actors need the six digit verification code to get into your account because Rogers has moved to using using two factor authentication in order to stop threat actors from brute forcing their way into your account.

At this point I hung up, but here’s what concerned me. The threat actors clearly have acquired some accurate information that allows them to perpetrate the scam. It makes me wonder if Rogers had some sort of data breach where this information ended up in the hands of threat actors, or did they use a third party call centre who has a copy of this data and are now using this information for evil purposes? I don’t know for sure. But given that they called me with some very accurate information, the question has to be asked.

So if you get a call like this, what should you do? This is what I suggest:

1. Hang up and call into Rogers using one of the phone numbers on the Rogers website. The person that you speak to will instantly be able to tell you if you have any offers on your account. Chances are that you don’t have any offers, or not ones that fit this description. Thus validating that this is a scam They may also put a fraud alert on your account for your protection. At the same time, you should also confirm that no changes have been made to your account.
2. Never, ever give the threat actor the six digit verification code. They may say things to convince you that it’s okay to give them the verification code, but they are lying. No Rogers employee would ever ask for this code. Ever.

A suggestion that I have is that if you get a call like this, you should change the email address that your Rogers account uses. That way you can spot scams like this easier.

In my research for writing this story, I have not heard of a similar scam that targets Bell or TELUS customers. Nor any other telco in Canada. But a Reddit thread that I found seems to validate that I am not the only person who got a call like this. Thus this seems to be strictly targeted towards Rogers customers which adds some weight to the fact that the threat actors clearly have some information to allow them to target Rogers customers. Thus I have to wonder what Rogers is doing to investigate this and address this as this is clearly a threat aimed at former and current Rogers customers. Given the scale of this issue, Rogers needs to say something. And the sooner the better. In the meantime, watch out for this scam.

Yesterday I posted that there seemed to be some hope in terms of Rogers finally fixing their email issues that have plagued users of Rogers email offering for months. I also asked for some help in validating this and as usual, the readers of this blog responded. And that response has helped me to construct this update so you have all the information that you need to use Rogers email offering if you wish to do so. Which I wouldn’t if I were you. More on that later.

First of all, Rogers or more accurately Yahoo! who Rogers gets its email services from have apparently implemented OAuth which is defined as follows:

OAuth (short for “Open Authorization“) is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft, and Twitter to permit users to share information about their accounts with third-party applications or websites.

I suspect that Yahoo! has implemented OAuth because their security when it comes to their email offering has been at best suspect for years as evidenced by numerous people getting their Yahoo! email accounts hacked over the years along with the company suffering some really bad security breaches. Thus going this route mitigates a lot of those issues. Maybe. That’s the cynical side of me saying that. But to be fair, Gmail has used OAuth for years and they don’t have the sort of security issues that Yahoo! has. Thus perhaps Yahoo! will get the same result.

Now the catch with OAuth is that your email client needs to have support for it. Microsoft who makes the Outlook email client appears to be rolling out support for OAuth on Yahoo! as per this document. However this support hasn’t appeared on Microsoft Office 365 product as of yet (Unless you want to run beta software, which I would not recommend). It however has started to appear on Microsoft’s one time purchase version of Office (where you pay once and you get the software forever unlike Office 365) as I have had reports of Rogers email all of a sudden starting to work or needing to be reconfigured before it starts working again, along with the fact that I have personally witnessed this working. I have also confirmed that the Mozilla email client Thunderbird seems to work as well.

So in short, to make this work you need the following:

• Your rogers email address which ends in @Rogers.com
• The password that you use for either the Rogers Member Center or Rogers Webmail
• Your Outlook email client updated to the latest version possible of Outlook or Mozilla Thunderbird

I will keep you updated as to developments on this front as I know that this is a top of mind issue for many Rogers customers.

Now, here’s why I wouldn’t bother doing any of this and instead encourage you to abandon Rogers email offering and use something else. The majority of my reasons can be found in this article. But my main reason for not recommending that you use Rogers email offering is that Rogers has really dropped the ball here. They have not communicated with their clients who pay them money for this. Which makes this issue, as bad is it is, much worse. Clearly Rogers hasn’t learned the lessons from last year’s massive outage about how to communicate to customers. Thus as a result, I would not trust them with your email.

Here’s a quick update to the Rogers email issues which have been ongoing for months with seemingly no resolution. But before I get to that, here’s a quick refresher in case you’re new to this fiasco that Rogers has inflicted upon their customers:

• I first reported on issues with Rogers email, and the inability to generate app specific passwords to allow users of Rogers email to use email clients like Outlook and Thunderbird on March 7th.  
• This issue dragged on for months. There is a workaround, but that workaround is sub optimal to say the least. And as this issue dragged on into April, I was left with no other option than to recommend to my many clients who are affected by this to dump Rogers as their email provider.
• Rogers has sort of admitted that there is an issue. But it took them a very long time to do that.

That last update was in the middle May. We’re now in July and I still have a number of clients who have been suffering from this issue. Some of them just got fed up and stopped using Rogers email. Or they got fed up and stopped using Rogers entirely. But some have hung on using Rogers Webmail which is the only way they can get email from Rogers.

However this might be changing. At this point I have only tested this once so I need a bigger sample size to confirm the this is a workable and reliable solution. But here’s what I did with a client yesterday.

Using Microsoft Outlook, I walked through the wizard to create a new email account. Instructions for using that wizard can be found here. As part of that process, this popped up:

Now the credentials that they are asking for are your email address (yournamehere@rogers.com for example), and your password. Specifically the same password that you would use for Rogers webmail. If you enter those credentials, it will do some work in the background and set up an IMAP email account that works perfectly. Though I will note that I had to try this three times before I got to that point, which implies that this does not work perfectly. But based on the sample size of one, it did work.

I would like to hear from others who have issues Rogers email. Does the above instructions work for you? Or has your email just “magically” started to work again? I encourage you to leave a comment below with your feedback as I would like to enhance the above instructions and get a better idea of how well this works for users of Rogers Email.

I’ve gotten a couple of calls from clients of mine who are having issues sending MMS messages on the Rogers. I did a search of Twitter and found this:

Rogers appears to know about the issue based on this. But there’s no ETA to resolution as of yet.

So if you’re having this issue, you’re not alone it seems. This really makes Rogers look bad given what happened to some of their customers yesterday, and their ongoing email issues. UPDATE: This is now fixed.

Speaking of Rogers email issues, here’s a quick refresher in case you’re new to the issues with Rogers email service that have been going on for months:

• I first reported on issues with Rogers email, and the inability to generate app specific passwords to allow users of Rogers email to use email clients like Outlook and Thunderbird on March 7th.  
• This issue dragged on for months. There is a workaround, but that workaround is sub optimal to say the least. And as this issue dragged on into April, I was left with no other option than to recommend to my many clients who are affected by this to dump Rogers as their email provider.
• Rogers has sort of admitted that there is an issue. But it took them a very long time to do that and there is currently no ETA to resolution. Even though we’re now into mid-May which makes it over two months since this issue first surfaced.

Now that you’re up to speed, while researching this MMS issue I came across this on Twitter :

Interestingly enough, Rogers replied. And they did so in detail and without using their usual canned responses that people hate:

I have to ask, what does “update this feature” mean? Does it mean that they are trying to find a way to go back to using a singular password like every other email service on the planet is capable of? Does it mean that they’re trying to fix the app specific password system that has been broken for months? Or are they working on something new? For example using OAuth instead of app specific passwords? Who knows what Rogers is or isn’t working on because they have not said much of anything. That leaves their customers who are affected by this issue in the dark and fuming. And I can’t say that I blame them as Rogers really have screwed up the handling of this issue.

I’ve said this before and I will say it again, because Rogers isn’t communicating if or when this issue will be fixed, your best course of action is to dump Rogers as your email provider. Clearly Rogers can’t help you to use your email using the tools you want to use, be it Outlook or some other email client as they can’t resolve this issue. And they won’t communicate to affected customers what they are going to do to get this issue resolved. Thus your only option is to dump them. In my opinion you don’t have any other choice as Rogers simply cannot be relied upon when it comes to email. And perhaps more based on their recent track record.

From the “we don’t need the bad press department” comes news that Rogers had a major outage in central Ontario that took out all their services. This was the view from Down Detector:

As you can see, Rogers had major issues between noon and 4PM yesterday where Internet, phone, TV, and landline phone were not working. It’s not clear what caused the outage. But I am sure that we’ll never find out as Rogers doesn’t communicate that info. But I can say that this latest outage with one of Canada’s largest telcos doesn’t make them look good.

Right off the top, I’m going to say that I believe that Rogers must be feeling the heat from Bell and the fact that Bell is rolling out fibre to the home anywhere and everywhere it can. And the fact is that as I said years ago, and when I got Bell’s fibre product in my home, Bell’s fibre optic Internet products destroy anything that Rogers has to offer as Rogers customers for the most part are stuck with cable. Now here’s why I say that. A reader pinged me with this:

Hello IT Nerd. I got an advertisement in my mailbox today where Rogers is offering “fibre-powered Internet” at my address. Does that mean that Rogers is about to roll out fibre to my address? Would you be able to answer this question? Thanks!

The first thing that I did was to reach out to him and ask him to check what speeds are offered at his address and send me the screenshot. I got this back in reply:

All of these options are Rogers cable based Internet offerings. Which I have said previously work like this:

They deliver Internet access by using a system they call “Hybrid Fibre” which means that the Rogers network is largely fibre optic cable. But the so-called “last mile” to your home is copper cable. The problem with that scheme is that copper cable can only handle so much bandwidth. Since Rogers is in the process of rolling out DOCSIS 3.1 across their network (at present they have DOCSIS 3.1 enabled on the downstream part of their Internet connections, but not on the upstream part of their Internet connections), that means that they’re capped at 10 Gbit/s downstream and 1 Gbit/s upstream as per this Wikipedia page.

The problem is that Rogers advertises their Internet offering like this:

You’ll note that it says “Good news! Fibre-powered Ignite Internet  is available at” followed by the address which I have redacted. Rogers isn’t being quite truthful as they are only providing fibre to the node and not the home. This is further backed up by the flyer that this person got in the mail:

Both of these pictures have references to “fibre-powered Internet”. The problem with that is consumers think that this is fibre from end to end like Bell. But it is not fibre from end to end. And that leaves consumers with a bad taste in their mouths. Take this post on Reddit as an example:

And the thing is, I’ve called out Rogers for this type of marketing before. Last year, Rogers was advertising “pure fibre to the home” when that wasn’t what they were delivering. But they quickly changed that about a week later. Presumably because of blowback from customers who thought that they were getting something other than what Rogers was actually delivering. I can only conclude that they are now doing this again because Bell is really putting the heat on them and they need to do something to acquire and retain customers on their Internet product. Which has a knock on effect for home phone and TV as well.

Rogers isn’t doing itself any favours by the way they are advertising their Internet offering. It confuses consumers who then are left with a bad taste in their mouths when it comes to Rogers when they find out that they’re not getting the service that they think that they should be getting. Honestly if I were Rogers, I would stop this immediately. And instead I would clearly explain to consumers how their technology works. Sure their technology in most places that Rogers operates isn’t as sexy as fibre to the home. But at least they would be completely honest. And that would be an improvement over what they are doing currently which is playing fast and loose with the facts.