Discourse.net

EFF's Panopticlick Pierces My Privacy Illusion

Panopticlick

Ran this the other day in Firefox and got:

Your browser fingerprint appears to be unique among the 551,209 tested so far.

Currently, we estimate that your browser has a fingerprint that conveys at least 19.07 bits of identifying information.

Not one of the 551,209 browsers tested so far emit my plugin details

Similarly, not one of those 551,209 browsers has the same mix of fonts installed.

Might as well surf naked.

IE8 with privacy mode on is only a little better:

Within our dataset of several hundred thousand visitors, only one in 275,626 browsers have the same fingerprint as yours.

Currently, we estimate that your browser has a fingerprint that conveys 18.07 bits of identifying information.

And that 'other person' is probably … me.

Google Says It May Leave China

This seems like a big deal.

Official Google Blog: A new approach to China:

We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

See also AP via NYT, E-Mail Breach Has Google Threatening to Leave China.

The Internet is the Real Superhighway

Wendy Grossman has an interesting net.wars column up, Car talk, in which she expands on a CNBC suggestion that the Internet displaces the car:

… today's young people find their independence differently: through their cell phones and the Internet. … As children, many baby boomers shared bedrooms with siblings. Use of the family phone was often restricted. The home was most emphatically not a place where a young adult could expect any privacy.

Today, kids go out less, first because their parents worry about their safety, later because their friends and social lives are on tap from the individual bedrooms they now tend to have. And even if they have to share the family computer and use it in a well-trafficked location, they can carve themselves out a private space inside their phones, by text if not by voice.

That rings true: I had put down our eldest's seeming lack of enthusiasm for getting a driving license to his taste for being chauffeured — beats walking to the parking spot. But maybe it's the times and the PC in his room.

Find Out What Your Seach Engine Knows About You

Both Google and Yahoo now have pages disclosing what they think they know about you based on your searching habits, information used to target ads.

You can turn the 'feature' off by blocking cookies or opting out.

Where's Phil Agre?

I wrote the post below about Phil Agre seven weeks ago, but somehow never put it online. Now I read via the Great Grimmelmann that Phil Agre Is Missing and there is a web site dedicated to finding Phil Agre.

It seems I am not the only one wondering Where's Phil Agre?.

Phil was an incandescent presence in the early Internet studies world. He was a brilliant but erratic presenter. Mostly brilliant, once in a while just boring. But mostly brilliant. Scary brilliant. I remember being on a panel with Phil, we met for dinner or something the night before, he had a talk planned and written out. I saw him the next day carrying around a bound set of lined paper, like one uses for a diary, and writing in it, covering every line, page after page. Finally I asked him what he was writing. “I had a different idea for the talk.” And indeed the talk he gave was nothing like the one he'd told us about the day before, but it was brilliant.

Phil also ran RRE - the Red Rock Eater, a set of links and notes that had thousands of subscribers, back at a time when that was a lot of subscribers.

Where does the name Red Rock Eater come from?

Bennett Cerf's Book of Riddles. Question: What is big and red and eats rocks?

Answer: A big red rock eater.

Why such a funny name?

I wanted something as un-computer-like as possible.

Does the word “red” in the list's name have a political meaning?

Absolutely not.

Then one day, some time in 2003, he stopped posting to RRE, and more or less around then vanished from the conference scene. I miss him. I hope you're OK, Phil. There's a folder in my inbox waiting for you.

Annals of Phishing

For a minute there I thought I'd gotten my first phishing email from Iran. But after a look at the headers, I think maybe not?

Received: from law.miami.edu ([172.16.8.69]) by EXCHVS.law.miami.edu with Microsoft SMTPSVC;
Sun, 22 Nov 2009 18:28:14 -0500
Received: from ([194.225.184.9])
by mx-01.law.miami.edu with ESMTP id 5202001.34032630;
Sun, 22 Nov 2009 18:27:46 -0500
Received: from localhost (localhost.localdomain [127.0.0.1])
by mta.iums.ac.ir (Postfix) with ESMTP id CAFB3D74D7E;
Mon, 23 Nov 2009 02:56:57 +0330 (IRST)
X-Virus-Scanned: amavisd-new at mta.iums.ac.ir
Received: from mta.iums.ac.ir ([127.0.0.1])
by localhost (mta.iums.ac.ir [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id egIez7IMCKAL; Mon, 23 Nov 2009 02:56:57 +0330 (IRST)
Received: from mta.iums.ac.ir (mta.iums.ac.ir [194.225.184.9])
by mta.iums.ac.ir (Postfix) with ESMTP id 8333DD74D4B;
Mon, 23 Nov 2009 02:56:52 +0330 (IRST)
Date: Mon, 23 Nov 2009 02:56:47 +0330 (IRST)
From: OWA Management Group
Message-ID: <2520384.58051258932407817.JavaMail.root@zimbra.iums.ac.ir>
Subject: Account Update
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [173.162.144.44]
X-Mailer: Zimbra 5.0.16_GA_2921.RHEL4 (zclient/5.0.16_GA_2921.RHEL4)
To: undisclosed-recipients:;

It all looks very convincing…the IP numbers in the top part are Iranian. I might believe except for that last little bit, the X-Originating-IP … that comes from Comcast here in the US of A. Whether it went via Iran, or most of it is a forgery, I can't quite tell, as it's odd that this IP number doesn't appear anywhere else. I suppose another possibility is that it really is Iranian, and someone forged the X-Originating-IP to make it look like it came from Comcast, but I'm not sure why they would bother.

Books Snark

Snarky letter in today's NYTimes, Letter - How to Find a Book

To the Editor:

Re “A Library to Last Forever” (Op-Ed, Oct. 9):

Sergey Brin, the co-founder of Google, writes, “Today, if you want to access a typical out-of-print book, you have only one choice — fly to one of a handful of leading libraries in the country and hope to find it in the stacks.”

Fly??? I’m pretty sure I can e-mail a reference librarian and ask her to check holdings before I do anything so drastic as fly. Hasn’t this guy ever heard of the Internet?

Lauren Baratz-Logsted
Danbury, Conn., Oct. 9, 2009

Not to mention this major civilization advance known as “inter-library loan” — a service provided not only by university libraries but even by better public libraries.

Sweden Falls Off the Internet (Updated)

For a brief while, all .se domains were inaccessible to most Internet users due a small one-character typo.

The official explanation is at Incorrect DNS information | .SE. What seems to have happened is that someone left off the trailing “.” in the routine republication of the official announcement of the .se root zone.

The mistake was identified within an hour or so, and the official .se data republished, but without some of the authentication information it would usually carry. The result was, if I understand what happened, was that .se remained inaccessible for a while for two groups of people: those whose ISPs had uploaded the erroneous .se data and hadn't gotten around to updating to the corrected .se info, and those whose ISPs are meticulous about validating DNSSEC signatures and noted that the (corrected) replacement failed that test.

In short, the laziest and the most painstaking were the most effected.

Update More at Sweden’s Internet broken by DNS mistake, including this:

The problems were made worse by the fact that DNS lookups are cached externally. Since DNS lookups are cached a certain time and the .se zone has a 24 hour time-to-live (the time information is cached by external DNS servers), the problem could last for up to 24 hours for some users.

..

Problems that affect an entire top-level zone have very wide-ranging effects as can be seen by the .se incident. There are just over 900,000 .se domain names, and every single one of these were affected.

Annals of Marketing

The University of Miami has 20,000+ fans on Facebook. And it wants more - we faculty are asked to add UM to our Facebook fan list. (Good thing I don't have a Facebook account.)

And if that were not enough, there's a whole list of UM entities participating in social media. Two notable things about that list: the campus police do Facebook … and the Law School is nowhere on the list.

The World Stops

Via downforeveryoneorjustme.com:

It's not just you! http://gmail.com looks down from here.

Old Russian Joke Meets Japanese Reality

There is an old joke that when the hot line between the white house and the Kremlin was installed, the strategists were very concerned that a mistranslation might set off a world war, so they invested heavily in machine translation projects.

One way in which machine translations get tested is that you take a text in the first language, translate it to the second, then translate it back. If it's recognizable, you're doing well. Well, the story goes that the Army came up with computer program it thought would do the trick, but the folks at the White House demanded a live demo. At the demo they input the phrase “out of sight, out of mind”.

After a round trip via Russian, it came back as “blind drunk”.

I'm reminded of this by Translation Party which will take your English text, translate it to Japanese and back and repeat the process until it achieves what it calls a “equilibrium”. Inputting “out of sight, out of mind” I got “Vision and heart”.

So far, the most steps I can get it to do for a short saying is 11 (“Every llama thinks his load is the heaviest” becomes “All the heavy burden of Rama and his”).

And my weirdest is “Pot calling the kettle black” which quickly became “Runny nose, laughing eyes KUSO”.

(And “measure twice, cut once” went into an endless loop.)

ICANN Reverts to Its Roots

[Only] Four ICANN Board members dissent in vote on NCSG charter. Milton Mueller tries to find a silver lining in this cloud — four dissents! out of fourteen votes! — but it's pretty small.

By choosing to gut public participation — for that is the result that the ICANN staff has lead the Board into — ICANN makes a high-stakes bet about its future.

Will the Obama administration see this as proof that ICANN lacks the maturity to be trusted with increased independence? (One hopes.) Or will ICANN be able to sail under the radar and walk away with the Root while the staff keeps the ability to pay itself millions per year.

We'll see.

Mind the Neighbors

OK, here's a question:

I suppose one answer is that people sign up for a Twitter feed….

DRM Is An Accessory Before the Fact in the Kindle Deletions

The pseudonymous Mordaxus says, Kindle Brouhaha Isn't About DRM:

The issue is caused not by DRM, but by cloud computing. The problem is that Amazon has a cloud service in which Kindle customers can keep their e-books on Amazon's shelf, and shuffle them around to any Kindle-enable device they have (like a Kindle proper, or an iPhone running the Kindle app). Customers can even delete a book from their Kindle and get it back from the cloud at a later date.

The event is that Amazon removed the book from the cloud, not that it had DRM in it. If you are concerned by this, you should be concerned by the cloud service. The cloud service enabled Amazon to respond to a legal challenge by removing customers' data from the cloud. They didn't need DRM to do it. In contrast, if iTunes store or the Sony e-book store had improperly sold a book, they wouldn't be able to revoke it because they don't have a cloud service as part of the store. (eMusic, incidentally, regularly adds and removes music from their store with the waxing and waning of desire to sell it.)

This is why we need to look at it for what it is, a failure in a business model and in the cloud service.

Well, yes, OK. But also no: Without the DRM part, the Kindle users would have been able to copy their e-books to local storage (or to read on other devices) and wouldn't be as vulnerable to this. Plus, Amazon didn't just delete off-site copies, it deleted all local copies (which doesn't logically require DRM, but is likely enabled by it). And Amazon even delted user annotations on the deleted works — including at least one student's homework.

The Telling Link Tags

Slashdot reports on Computerized Election Results With No Election:

“In Honduras, according to breaking Catalan newspaper reports (translations available, USA Today mention), authorities have seized 45 computers containing certified election results for a constitutional election that never happened. The election had been scheduled for June 28, but on that day the president, Manuel Zelaya, was ousted. The 'certified' and detailed electronic records of the non-existent election show Zelaya's side having won overwhelmingly.”

Which is indeed interesting.

And one of the tags the editors put on the story is …. “Florida2000”.

How to Out E-Mail Eavesdroppers

Who is snooping on my email? - Privacy guru Richard M. Smith explains how to tell if someone is reading your email, and perhaps even whom.

You'll need your own web page, with access to server logs. Plus you'll need to be willing to have a file on you, if you don't already. (And for the last step you'll need snoopers dumb enough to use a traceable IP number.)

Why You Shouldn't Run BitTorrent Over Tor

Chris Brunner .com: Why You Shouldn't Run BitTorrent Over Tor

It begins:

If you didn't already know, Tor is a distributed anonymity network that allows anyone to use the Internet to both browse the web and publish information without giving away his or her identity.  It's a wonderful step in the direction of privacy and it serves an increasingly important role in today's world.  As far as usability goes, Tor clearly has more potential than any anonymity network that I've ever seen.  Tor could very easily be the most powerful tool that we as everyday people have to combat the gradual removal of our personal rights and freedom.

However, as of right now its most likely cause of death is not an organization or government, but rather its own users who in some cases, perhaps out of ignorance, take advantage of privacy the Tor network affords them by hiding behind it to steal software, movies, and music.  I'm not going to sit here and claim that I haven't pirated my fair share of all of the above; that's not what this is about.  Before you use BitTorrent on Tor, please stop and consider the effect this has on the Tor network.

And there's more….

Regulatory Arbitrage Lives

Back in 1997 — more than a decade ago — I wrote what may be my most-influential internet law article, The Internet as a Source of Regulatory Arbitrage. Here's the abstract:

The Internet is a transnational communication medium. Once connected, there is little that a single country can do to prevent citizens from communicating with the rest of the world without drastically reducing the economic and intellectual value of the medium. As a result, connection to the Internet enables regulatory arbitrage by which persons can, in certain circumstances, arrange their affairs so that they evade domestic regulations by structuring their communications or transactions to take advantage of foreign regulatory regimes. Regulatory arbitrage reduces the policy flexibility of nations by making certain types of domestic rules difficult to enforce. Citizens with access to the Internet can send and receive anonymous messages regardless of national law; both censorship and information export restrictions become nearly impossible to enforce, although governments have it in their power to impose some impediments to ease of use. The effectiveness of European-style data protection laws is reduced when personal information can be stored in offshore data havens. Ultimately, restrictions on certain types of transaction, e.g., restrictions imposed by securities laws, also may be undermined if these transactions can easily be carried out offshore. However, claims that income tax systems will be seriously undermined are, I argue, vastly overstated, at least in the medium term. On balance, therefore, I predict that the Internet's regulatory arbitrage effects will tend to promote liberal democratic values of openness and freedom more than they will detract from what most consider to be the modern states' legitimate regulatory powers.

In recent years I've started to fret that some of the assumptions on which it was based are not holding up — governments are getting better at blocking and filtering, whether it's the Great Firewall of China, or Saudi Arabia's attempts to crowdsource censorship.

Still, there's clearly some life left in the concept, as seen from this NYT article on how images from Iran are getting out to the internet

Throughout the week, supporters of the protesters around the world had been making their own computers available to Iranians who wanted to evade government censors.

These people have been publishing the IP addresses of their computers to public forums like Twitter — offering them as so-called proxy servers.

We hoped the Internet would be bad for despots; we feared it would be the Panopticon. The race is still on.

Internet Access, Human Rights (and Search Engines)

Cory Doctorow suggests that internet access will soon be considered a human right,

Homeless people and the Internet - Boing Boing: Here's a prediction: in five years, a UN convention will enshrine network access as a human right (preemptive strike against naysayers: “Human rights” aren't only water, food and shelter, they include such “nonessentials” as free speech, education, and privacy). In ten years, we won't understand how anyone thought it wasn't a human right.

Personally, I think it won't happen nearly that soon — we still need clean water world-wide, but it would be nice to imagine a world where we think we can't afford not make internet access a basic right.

I'm pretty sure Bruce Sterling imagined something like this in 'Islands in the Net'; I know that so many science fiction authors have characters from rich places describing their idea of abject poverty as being unable to afford 'net access for it be hovering between cliche and trope. Although in my imagined future, basic access to the cloud in rich places will be free; in nice places it will be plain free, in less-nice places you'll get ads in your head.

Incidentally, I had a fifteen-minute mental blackout about the author/title for 'Islands in the Net' — although I could remember the story. (Norman Spinrad? Nope. Stirling Robinson? Nope.) This is the one sort of search I make from time to time where Google is basically useless: I know the plot of a short story, or a book, but can't recall the title, the name of the main character, or the author. Amazon doesn't help either.

I could bleg about it when it happens, but that's not usually my style. (Oh heck: anyone recall the old pulpy short story about the guy who invents a ray gun you can make in your basement from common parts that can cut the world like a tomato, prevents the government from suppressing it, and justifies it by saying that now we'll have to be nice to each other? Who wrote that? What was it called? Paging the Nielsen Haydens.)

I'm like that with case names sometimes too, but legal facts tend to be sufficiently stylized that I can usually find them, or references to them, on Westlaw pretty quickly.

Twitter == Online Crack

So I understand why it is that so many got into Twitter (and then dropped it): you get an email every time someone decides to follow your feed. I have three! I'm a Multicellular Microorganism!

And then of course at some point, you level off, and then you quit….

What the World Is Seeing Online Today

Actually, I did get through eventually, but I couldn't figure out how to get Wolfram Alpha to give me a graph of the the national debt in dollars / GNP in inflation-adjusted (real) dollars over time.

I'm sure it will be a Very Cool tool once I get the hang of it.

HTML Footnoting Made Too Easy

Law professors rejoice; the rest of the world undoubtedly will see this as a sign that the web has gone to Hell: behold the Footnoter!

Footnoter lets you embed footnotes in the middle of an HTM document. [[For example, this might be a footnote]] It looks for the designated delimiters, pulls the footnote out, puts it at the end, and leaves a hyperlinked number in its stead. It defaults to the quick-and-dirty HTML that uses <sup> to superscript the number, but the Advanced section lets you instead insert CSS classes for the marker in the text, the marker that precedes the footnote, and for the footnote itself.

Early beta now, but once an idea like this is out, it can never be suppressed.

Cute Cats and Activists

I commend to you Ethan Zuckerman's The Cute Cat Theory Talk at ETech.

Google Is Hiring ... Goats

This apparently isn't a joke. Here is a photo of Google's latest employees:

More details at Tom's Hardware.

[Update: While we're on the subject of goats, see Nate Oman Dismembered Goats as a Key to Understanding Contract Law.]

NoScript Consdered Dangerous?

This is really interesting. Accoding to Adblock Plus and (a little) more: Attention NoScript users, one ostensibly pro-privacy firefox plugin, NoScript, was quietly interfering with the actions of another, Adblock, in order to force the first extensions ads on the user. When called on it, however, they (seem to have) stopped.

Are we in for a new round of extension wars?

What makes the charges particularly serious in this case is the allegation of not just lack of transparency, but active obfuscation, in updates of NoScript.

I've long used both Adblock and NoScript, but I'm seriously thinking of taking NoScript off my computer now.

Meanwhile, I've changed a setting in firefox's about:config to stop the NoScript changelog from coming up every time there's a minor version change (set noscript.firstRunRedirection to false). And I manually removed googlesyndication.com from NoScript's white list. If I find it reappeared after an update, NoScript is toast. And maybe even if it doesn't.

Then again, it seems as if the warring developers may be making peace.

Google Moves Into Letting Search Subjects Write (Some) Search Results

One of the principal things nearly anyone does on Google.com is a vanity search: We ask the question: What do people see when they put my name into Google?

Today, Google is announcing, for the first time, that anyone can change what is seen. (The initial launch is US only).

I agree with John Battelle's comments in News: Google Lets You Put Yourself Into Results For..Yourself: this is, as he puts it, “a Very Big Deal.”

Why? Well, Google has always been predicated on being a neutral black box. You, as a solitary entity, could not influence the results that Google provided (though of course a very large industry has emerged that attempts to do just that). But this launch changes the game, in a few very, very interesting ways.

First, and most obvious, this is Google leveraging its might in search to get more people to sign up for Google profiles. I shouldn't have to explain why this is important, given the competition from Facebook and Twitter, but trust me, it's really important that Google 1. know who you are and 2. compel you to have ongoing relationship with the company.

Second, this move creates, for the first time ever, a new signal that is directly controlled by an individual but changes what everyone else will see in results. True, for now, the results are at the bottom of the first page of results, but that doesn't mean it won't move up once Google learns enough to make it truly useful.

There's more at at the Searchblog

I'd add one other reason why this may turn out to be important: it becomes a first major step towards a privately managed amelioration of the “bad people post lies about you and Google links to them” problem that motivated Danielle Citron and others to advocate throwing the right to anonymity overboard. Maybe even better than the one I was talking about at the CCR symposium the other day (see What is To Be Done?”).

Internet Governance in Hard Times

I was invited to an interesting seminar in London, sonsored by the Oxford Internet Institute, The New Economic Context of Internet Governance. It was being held only a few steps away from where I used to work when I lived in London. And all they wanted was a two-page position paper.

Unfortunately, the travel budget doesn't really stretch to a day trip to London, and they didn't include a ticket with the invitation.

But what the heck, I wrote a position paper anyway, and I've appended it here. I'd appreciate comments. Virtual seminar, anyone?

Internet Governance in Hard Times

Internet governance (which I shall take to mean national and trans-national regulation of the Internet, something that is increasingly but not solely governmental) could play a very significant role in the worldwide diffusion and utilization of the Internet – although whether this role is likely to be positive or negative hangs in the balance.

At present, despite and in some cases because of the global economic contraction, we can expect continuation and probably acceleration of current trends of Internet penetration and importance. More people will have access to the internet. They will use it for a greater volume and variety of economic activity, displacing traditional intermediaries and merchants. (As regards consumer transactions we are likely to see continued convergence between telecoms and internet.) Lower costs will enable new markets, and empower the remote or disempowered to take part in existing markets. New information-based products, and old products enhanced with information technology will create value. Service jobs in select industries (not least mine) will migrate to low-cost producer nations whose citizens will tele-commute. Governments, if not necessarily all private participants in the sector, will look to PRHs and other IT-based innovations for substantial savings in health care. In sum, while on the one hand current financial conditions create a slowdown in investment in some sectors, the need to reduce costs may also force greater reliance on IT-enabled solutions that will present as lower cost substitutes for previously entrenched practices and sources of supply.

Equally importantly, and driven by similar cost-saving goals, nascent moves to expand the role of 'e-government' will pick up speed despite and in some cases because of the economic crisis.

And perhaps more importantly, the role of internet-empowered citizens, of 'civil society' online, should continue to grow. In more developed countries this may partly fill the voids being created by the demise of newspapers and other traditional watchdog groups whose resource base has been undermined. A similar dynamic is emerging in non-OECD nations, although the key democratizing and organizing tools are more likely to be telecoms-based rather than internet-based in the short run.

So long as they remain subject to ordinary market regulation (including most notably competition law) each of these three trends shows signs of resilience. Internet governance – both global and national – can nurture these trends, or it can undermine them. Agreements that harmonize rules for international trade or increase the standardization of telecommunications tend to drive growth. So does effective enforcement of competition law. On the other hand, to date, international internet governance has rarely been considered a driver of economic growth, save perhaps for policies to increase access (e.g. “digital divide” measures) and build new infrastructure. Intergovernmental agreements have introduced rules for data retention and sharing that may serve national security, but they also impose costs on those who must build and maintain the infrastructure. Indeed, to the extent that Internet governance has been identified with ICANN, it has more reasonably been seen as a barrier to the development of new uses of the DNS and a barrier to competition among registries and even among registrants who might have equally legitimate claims to descriptive and generic domain names. There are real dangers, however, that in the future ICANN's effects could be dwarfed by those of other trans-national actors.

The least likely, but most destructive, threat model follows from an intensification of the current economic crisis. Responding to political pressure, governments raise trade barriers, and treat communications policies as an arm of protectionism and, in the worst case, a medium that must be controlled either to contain domestic unrest or prevent foreign intervention in domestic affairs. The commons becomes Balkanized.

A more likely threat model begins with intellectual property owners succeeding in their attempts to convince governments to band together to require that IT and/or computer hardware be optimized to protect intellectual property rights. There are many different versions of this scenario, ranging from traffic shaping to deep packet inspection to hardware based so-called 'Trusted Computing'. While each of these scenarios produces some winners, they do so at a great social cost. The winners will tend to be established players. Building in technical limitations to limit users (whether at the edges or at the center) will inhibit innovation. And to the extent that national communication policies permit or encourage deprioritizing marginal voices, they risk setting back efforts by civil society groups and ordinary citizens to use the Internet as a tool of political monitoring and organization – ironically, due to their different pricing policies mobile telephony (and text messaging) are less likely to be affected in the short run.

The most likely threat model, one that is already a partial reality, is that Internet governance prioritizes security over privacy and in so doing makes citizens unwilling to take advantage of the full range of opportunities that IT offers. Numerous US government studies suggested that lack of consumer confidence was a major brake on the take-up of e-commerce in the US: people were afraid that their credit card details or other personal information were not safe online. As international agreements, or governments acting alone, increasingly require that traffic data or even actual communications be routinely archived by intermediaries in order that law enforcement may examine them at leisure, there is a significant danger that even in free and democratic countries people will be reluctant to rely on IT for any matters that they fear might be used against them. Worse, even if architecting the Internet to make it easy to monitor and trace has most positive effects in free and democratic countries, there is a severe spill-over effect to less-free and less-democratic nations. The opportunity cost to non-governmental organizations, and to spontaneous and popular opposition movements will be great; in the worst cases the direct costs may be fatal.

The IT sector is reaching a point of maturity where it needs less and less special regulation, and needs more and more to be treated like an ordinary business – except in one respect: moves to enhance the economic benefits flowing from the deployment of IT must be tied to a freedom agenda – or at least a do-no-harm liberty agenda – or ultimately we risk being seen to have retarded long run human flourishing for quite short-run benefits.

A. Michael Froomkin
Professor
University of Miami School of Law

ICANN Really Has Changed (Not)

ICANN has released a short list of candidates to replace Paul Twomey, who recently resigned as its President and CEO.

I'm amazed to report that I made the list. Not that there's any chance I'll get the job, of course.

Update: It's an April Fools joke, of course. ICANN's rate of change is measured on a nano scale….

Yes, I am a Data Glutton

In This Blog Sits at the: Grant McCracken is on to something at Data Glutton, Data Pauper:

I suddenly realized my problem with aggregators. When I configure my feeds, I want just about everything. … Wrap them up, I'll take them all. And then there are all the blogs. …

This informational excess is not inflicted on me by the market place, … No, this profusion of possibilility is created and sustained by me alone. Hi, my name is Grant McCracken and I'm a data glutton.

Data gluttony is a terrible condition. Everytime I turn on my aggregator, I feel like I am at an all-you-eat event at Denny's. Really, it can't end well. …

… All this “free” information is actually quite costly.

…

The upshot of this conversation for me was that a market in the information space is emerging. I won't pay anything for access to the New York Times. This is an interesting aggregator, but it's way too chunky for me to be exquisitely useful. I want a combination of machine and human editing that gives me all but only the things I need, and for this I am prepared to pay handsomely.

It's not that we won't pay for editing. It's becoming clear, I think, that we are now eager to pay for editing, even to pay a premium for editing. (After all, our careers now depend upon early warning, good information, timely intelligence. Not to know what we need to know in a dynamic economy, what could this cost us?)

We just don't want to pay for the editing now made available to us by the market place. …

This much is clear, there is a market emerging. It doesn't appear to have any entries. I wish they'd hurry up. Because otherwise I'm hopeless.

McCracken says he deals with his problem by turning it off, thus becoming a data pauper. I guess he's made of sterner stuff than me.

I don't think I'm ready for that.

Do Shepherds Dream of Electric Sheep?

I suppose this isn't the very strangest or very funniest thing I've seen online, but it's up there.

YouTube - Extreme Sheep LED Art

Naive or Predatory?

I own a very small number of .com domain names, one of which is a very nice memorable English word with no particularly commercial overtones. I use it for a bunch of private servers that handle my news feeds and some other web-based stuff I've set up to make my life easier, all stuff that moving wouldn't be that hard. There is a web page there, but it is just a silly image acting as a placeholder.

Every so often someone offers to buy it. I am amenable, but no one has ever offered serious money — the offers usually top out at the very low four figures — so I have held on to it.

Today I got the most ridiculously low offer yet:

Dear Sir/Madam,

I am contacting you on behalf of a small web development firm with which I work.

We have just recently instigated a development plan whereby we are slowly but surely building a large network of simple, information based websites. The intention is to create a Wikipedia style encyclopaedia of information. The difference is however that rather than be located on one central domain, we intend to develop these sites on individual, keyword rich domains. Our aim is to create a network such that if you want information on 'Childrens Birthdays' for example, then you can simply type in childrensbirthdays.com and find all the information you need. At the moment search engines like Google provide an unnecessary middle man. We aim to make finding what you want even simpler than it already is!

We are contacting you with regards to the domain name [NiceWord].com. Having completed a check of the whois database we obtained your details as being the owner/administrator of said domain name. We are interested in purchasing this domain name from you as it is an ideal domain name for our development.

We would be prepared to offer you 50 USD for your domain name. If this is acceptable, please do let us know and we will provide information on how we may proceed. We do not consider ourselves naive or unknowledgeable, and appreciate that some domains are being used for other things than websites: email for example, and again we appreciate that you may simply not want to sell your domain. If this is the case we ask that you let us know such that we can pursue alternative domains.

Independent of your decision, I thank you for your time and wish you all the best. Thanks

Jennifer

I don't know if they are just fishing, hoping to find a deal, if the recession is much worse than I thought, if this a lo-ball opening bid, or what, but the initial offer was so low it almost makes me mad.

On reflection, the “Dear Sir/Madam” bit, given they claimed they looked me up on whois and the nice word isn't in fact all that suitable for a search engine — more the reverse — makes me suspect a form-letter-based attempt to grab (at absurdly low prices) single word domains that don't appear from the outside to be in use for much.

So my reply suggesting their offer is risible probably will not produce anything.

'Think Before You Post'

I'm usually not a fan of PR attempts to scare kids about the Internet, as I think the dangers are usually over-hyped. But this think before you post PSA from cybertipline.com seems to me to get the pitch (in both senses of the word) just about right:

Spotted via Smashed Frog

99 Things

Thanks to Dan Burk, Greg Rutter's Definitive List of The 99 Things You Should Have Already Experienced On The Internet Unless You're a Loser or Old or Something.

I'm guessing from the titles that I've seen maybe a quarter of them. I guess I'm something, huh?

EU Court of Justice Upholds Validity of Data Retention Directive

The EU Court of Justice has upheld the validity of the Data Retention Directive ("Directive 2006/24/EC Retention of data generated or processed in connection with the provision of electronic communications services") in Ireland v Parliament , decided Feb. 10, 2008.

Is Wikipedia Like Fox News?

Slashdot, False Fact On Wikipedia Proves Itself:

Germany has a new minister of economic affairs. Mr. von und zu Guttenberg is descended from an old and noble lineage, so his official name is very long: Karl Theodor Maria Nikolaus Johann Jacob Philipp Franz Joseph Sylvester Freiherr von und zu Guttenberg. When first there were rumors that he would be appointed to the post, someone changed his Wikipedia entry and added the name 'Wilhelm,' so Wikipedia stated his full name as: Karl Theodor Maria Nikolaus Johann Jacob Philipp Wilhelm Franz Joseph Sylvester Freiherr von und zu Guttenberg. What resulted from this edit points up a big problem for our information society (in German; Google translation). The German and international press picked up the wrong name from Wikipedia — including well-known newspapers, Internet sites, and TV news such as spiegel.de, Bild, heute.de, TAZ, or Süddeutsche Zeitung. In the meantime, the change on Wikipedia was reverted, with a request for proof of the name. The proof was quickly found. On spiegel.de an article cites Mr. von und zu Guttenberg using his 'full name'; however, while the quote might have been real, the full name seems to have been looked up on Wikipedia while the false edit was in place. So the circle was closed: Wikipedia states a false fact, a reputable media outlet copies the false fact, and this outlet is then used as the source to prove the false fact to Wikipedia.

Not a reliable source. Of course, a similar thing happens on Fox 'news' all the time, cf. Echo chamber: Bloomberg “commentary” health IT falsehood goes from Limbaugh to WSJ's Moore and Fox, back to Limbaugh, but that's not a reliable source either.

Fox is united by a top-down intent; Wikipedia is plastic and subject to hijack by almost anyone… So Fox is consciously malign, Wikipedia (small-“d”) democratically inept?

WikiLeaks Posts Treasure Trove of CRS Reports

Via Joho the Blog » Wikileaks posts what our Congresspeople knew and when they knew it, a pointer to Wikileaks, Change you can download: a billion in secret Congressional reports.

By “billion” they mean what they claim is “nearly a billion dollars worth of quasi-secret reports commissioned by the United States Congress.”

The 6,780 reports, current as of this month, comprise over 127,000 pages of material on some of the most contentious issues in the nation, from the U.S. relationship with Israel to the financial collapse. Nearly 2,300 of the reports were updated in the last 12 months, while the oldest report goes back to 1990. The release represents the total output of the Congressional Research Service (CRS) electronically available to Congressional offices. The CRS is Congress's analytical agency and has a budget in excess of $100M per year.

…

Although all CRS reports are legally in the public domain, they are quasi-secret because the CRS, as a matter of policy, makes the reports available only to members of Congress, Congressional committees and select sister agencies such as the GAO.

Members of Congress are free to selectively release CRS reports to the public but are only motivated to do so when they feel the results would assist them politically. Universally embarrassing reports are kept quiet.

Regardless of the dollar figure, these are valuable reports to have accessible.

• Alphabetical list of leaked CRS reports.
• Chronological list of leaked CRS reports.

Whitehouse.gov Doesn't Like My Privacy Settings and Has Nothing on Guantanamo

Odd thing: when I go to Whitehouse.gov and allow Flash, the site complains about my privacy settings.

Click for a larger image.

The error message says,

The page did not process successfully because of the following:
• Field 'Email' is invalid
• Field 'Zip Code' is empty

Second odd thing: I wanted the full text of the order postponing trials at Guantanamo, the one that caused the following motion to be filed in Guantanamo,

In order to permit the newly inaugurated President and his administration time to review the military commission process, generally, and the cases currently pending before the military commissions, specifically, the Secretary of Defense has, by order of the President directed the chief prosecutor to seek continuances of 120 days in all pending case.

The Secretary of the Defense issued his order to the Chief Prosecutor in order to provide the administration sufficient time to conduct a review of detainees currently held at Guantanamo Bay, Cuba to evaluate the cases of detainees not approved for release or transfer to determine whether prosecution may be warranted for any offenses those detainees may have committed, and to determine which forum best suits any future prosecution.

But when I search for “Guantanamo” at whitehouse.gov I get … nothing.

Geekish, But Oh So Cool

Found via BoingBoing, The country's new robots.txt file at kottke.org.

Very geekish, but oh so cool.

Update: An expert writes: “This is actually crap. The old robots file just waved spiders off the text-only versions.”

If so, this may be the first time I misunderestimated the Bush administration.

Debunking Hysteria About Online 'Predators'

Enhancing Child Safety and Online Technologies is the “Final Report of the Internet Safety Technical Task Force to the Multi-State Working Group on Social Networking of State Attorneys General of the United States.”

To make a very, very, very long story short, what the panel found is exactly what I would have expected: that popular hysteria over online 'predators' is wildly overblown. Plus, age verification technology is of little value — to the extent there is a real problem online, it is that kids are mean to each other (think “recess”).

From the executive summary:

… the risks minors face online are complex and multifaceted and are in most cases not significantly different than those they face offline, and that as they get older, minors themselves contribute to some of the problems. In broad terms, the research to date shows:

• Sexual predation on minors by adults, both online and offline, remains a concern. Sexual predation in all its forms, including when it involves statutory rape, is an abhorrent crime. Much of the research based on law-enforcement cases involving Internet-related child exploitation predated the rise of social networks. This research found that cases typically involved post-pubescent youth who were aware that they were meeting an adult male for the purpose of engaging in sexual activity. The Task Force notes that more research specifically needs to be done concerning the activities of sex offenders in social network sites and other online environments, and encourages law enforcement to work with researchers to make more data available for this purpose. Youth report sexual solicitation of minors by minors more frequently, but these incidents, too, are understudied, underreported to law enforcement, and not part of most conversations about online safety.

• Bullying and harassment, most often by peers, are the most frequent threats that minors face, both online and offline.

• The Internet increases the availability of harmful, problematic and illegal content, but does not always increase minors’ exposure. Unwanted exposure to pornography does occur online, but those most likely to be exposed are those seeking it out, such as older male minors. Most research focuses on adult pornography and violent content, but there are also concerns about other content, including child pornography and the violent, pornographic, and other problematic content that youth themselves generate.

• The risk profile for the use of different genres of social media depends on the type of risk, common uses by minors, and the psychosocial makeup of minors who use them. Social network sites are not the most common space for solicitation and unwanted exposure to problematic content, but are frequently used in peer-to-peer harassment, most likely because they are broadly adopted by minors and are used primarily to reinforce pre-existing social relations.

• Minors are not equally at risk online. Those who are most at risk often engage in risky behaviors and have difficulties in other parts of their lives. The psychosocial makeup of and family dynamics surrounding particular minors are better predictors of risk than the use of specific media or technologies.

• Although much is known about these issues, many areas still require further research. For example, too little is known about the interplay among risks and the role that minors themselves play in contributing to unsafe environments.

There are also some sensible, cautious, suggestions about what can be done — but don't expect a magic bullet.

500 'Worst Passwords of All Time'

Amazingly, even my very worst, crummy, seemingly obvious, password that I use for many sites where no money changes hands did not make the list of alleged[*] The Top 500 Worst Passwords of All Time.

I should probably use more special keys; I tend to letter/number combos when it matters.

Many years ago I had a numerical password for a bank account that no longer exists. That number has been very useful worked into things since then.

[* -Why “alleged”? They don't actually say how this list was produced….]

Spotted via BoingBoing

So Much for Safe Browsing (Temporarily)

Via Ed Felton, news of a medium-sized bombshell in Researchers Show How to Forge Site Certificates:

Today at the Chaos Computing Congress, a group of researchers (Alex Sotirov, Marc Stevens, Jake Appelbaum, Arjen Lenstra, Benne de Weger, and David Molnar) announced that they have found a way to forge website certificates that will be accepted as valid by most browsers. This means that they can successfully impersonate any website, even for secure connections.

This is a big deal. But as Ed explains, it is based on an making worse a known weakness in the “MD5 with RSA” hashing algorithm. It can be fixed by having Equifax, which uses this now shown-to-be-insecure hast, replace the hash with something better. And having Equifax (and anyone else using it) revoking all existing certs based on this now vulnerable hash. (Which will cause a new wave of people ignoring security warnings…)

And, as Ed wisely notes,

… this is a sobering reminder that the certification process that underlies web site authentication —- a mechanism we all rely upon daily —- is far from bulletproof.

Seeking Tools for Web Page Design

I am a guy whose idea of a web page design tool has always been stuff like Kompozer, and I've got the homepage to prove it (although, actually, most of that was done by hand back in the day….).

But I was admiring a nice looking web page with good graphics and drop-down boxes the other day, and wondering how they'd done that. A quick look at the codes suggests it was done in iWeb 2.0.4. So I went looking for that.

Turns out, shoulda figured given the i, that's its for Mac, and I'm a PC guy.

I even went so far as to see how you might install a Mac tool on a PC. VMware? OK, been thinking of that to run Ubuntu next to XP. External hard drive? OK, got a few spares acting as paperweights. Bittorent a pirated copy? Forget it.

So … anyone know of a good, ideally free, XP-compatible (or maybe Ubuntu-compatible) web design tool that makes cool pages easily?

Florida Teen Films His Suicide On Webcam

It seems I'll be on Channel 10's 6pm news broadcast explaining why tragedies like this one — Pembroke Pines teen broadcasts suicide on webcam — don't mean that we need a special set of cops and regulators for the Internet. (Earlier Channel 10 story, saying up to 1500 people were watching his broadcast; eventually someone called the Pembroke Pines cops, but they broke in too late to save Abraham Biggs Jr.)

The facts are grisly:

A Pembroke Pines teenager told an Internet audience he wanted to kill himself by drug overdose — and then he followed through on his macabre threat while a live webcam captured it, according to the Broward County Medical Examiner's Office.

Abraham Biggs Jr., 19, ingested a lethal mixture of three different drugs early Wednesday, then continued to blog about it while others watched online and egged him on.

The end of the video — which shows Pembroke Pines police busting into his bedroom and discovering his body — remained up on LiveVideo.com as of Friday morning.

Yes, I blame the people involved, not “the Internet”.

Florida has displaced the common-law rule against suicide with some statutory provisions. The most relevant one is aimed at assisted suicide (there's also § 782.081, banning premeditated commercial exploitation of a suicide, but that seems to me not to apply to these facts). Here's the relevant law:

782.08 Assisting self-murder.—Every person deliberately assisting another in the commission of self-murder shall be guilty of manslaughter, a felony of the second degree, punishable as provided in s. 775.082, s. 775.083, or s. 775.084.

1. Does 'egging on' amount to 'deliberately assisting'?
2. If the statute does make 'egging on' manslaughter, does the First Amendment prevent its operation because it protects this sort of speech?

My gut instinct — and I'll quickly admit this is not my field at all — is that 'egging on' does not amount to 'deliberately assisting' under this statute, which was pretty clearly aimed at physician assisted suicide, and cases where someone gives a depressed person guns or pills. I see the law as criminalizing the provision of tools in the main. Perhaps this could be extended to specialized knowledge, such as telling a depressed person how to make or find a gap in a protective fence at 'Suicide Gulch'. But I don't see it as extending to encouragement — even if a psychiatrist might testify (let us imagine) that the encouragement was a necessary element of the victim's decision.

Good thing, too, because the second question is much harder…

What's the Point of This Stuff?

Most of the time I understand the theory behind email sp*m. People are hoping I'll click a link or reply. In the end they either want to sell me something, or they want to spoof some information from me. Similarly with blog sp*m — either it's ads, or an attempt to raise their Google rankings by showing a link from here (with a decent Google rank) to there.

But there are two kinds of sp*m I do not get at all.

The first kind is the blog comment with a link to a web site of garbage characters. Usually when I click, there's nothing there. What's the point? Is the botnet just practicing?

The second kind are email messages like the one I just got twice today, which I quote in its entirety, compete with original formatting:

Dear Sir,
I will like to know if it is possible for me to make
reservations of plane tickets in your travel agency for one of our
members and to pay remotely with international card accorded with
authorizations.
I remain on standby of a favourable response from your office. Please
confirm this booking and forwards fare as soon as possible.[Accra to
Cairo to Paris]
Name: [1] KOFI OPOKU
Date is 15th of November 27th of November 2008.
Best greetings.
Dr Aileen Winch

Any ideas?

Google's Time Machine

Goole has a Time Machine. Search the web as it was in January 2001.

Ubiquity Looks Cool

Mozilla Labs » Blog Archive » Introducing Ubiquity.

The Borg marches on?

Wheeeee

Go to google images. Search for something. Then copy/paste this code in your internet address bar:

javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI= document.images; DIL=DI.length; function A(){for(i=0; i<DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin(R*x1+i*x2+x3)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5 ); void(0)

Refresh for extra vigor.

Offline Wikipedia -- Only 3.5GB

WikiTaxi offers you an offline snapshot of the Wikipedia. The full English dump is only 3.5GB. (An abridged version is a svelte 25MB.)

Did you ever want to take Wikipedia with you while you are offline? Call on WikiTaxi: It is a portable application that delivers the Wikipedia of your choice to wherever you go.

WikiTaxi enables you to read, search, and browse Wikipedia offline. No Internet connection is needed, all pages are stored in a WikiTaxi database. Because Wikipedia is constantly growing, WikiTaxi uses compression to make sure that the database stays reasonably small.

…

WikiTaxi is up to date. It works with the original Wikipedia database dumps, which are updated regularly every few weeks or so. If you feel that your offline Wikipedia is getting to old, you can go online to download a more recent version or just copy it from a friend.

Not only is this just simply kewl, but I imagine scholars looking for a way to measure changes in the wikipedia will love this.

'88% of YouTube is Original Content'

Groklaw, 88% of YouTube is New and Original Content, Professor Says.

The citation is to this (long) YouTube presentation, “An anthropological introduction to YouTube” by Dr. Michael Wesch, an anthropologist at Kansas State University.

(Lots of other interesting stuff there too.)

Google Privacy Notice Visibility Varies by Location

Ted Byfield notices something interesting: Google: 'Privacy? Depends—where are you?'.

Documenting and figuring out how Google treats different language/national groups differently is going to be a full time job for someone…

A Taste of What Real-Time Data Can Do

From Emergent Chaos: Leveraging Public Data For Competitive Purposes who will I hope forgive me for quoting an entire post, but it's just so amazing:

The Freakonomics blog pretty much says it all:

The latest: importgenius.com, the brainchild of brothers Ryan and David Petersen, with Michael Kanko. They exploit customs reporting obligations and Freedom of Information requests to organize and publish — in real-time — the contents of every shipping container entering the United States. From importgenius.com.

There’s a neat ticker on the bottom of their page showing a trickle of these data. Watch it for a few minutes: it’s mesmerizing and provides a sometimes beautiful window into the wonders of international trade.

Talk about a not-so-covert channel leaking what your business is up to on a daily basis. What the Petersens and Kanko are onto is yet another unintended consequence of globalization. It makes me wonder what other sources like this are out there and accessible via the Freedom of Information Act. Similarly, as one commenter on the above article asked, how soon before people try to game the system:

I wonder if something like this will lead to a rise in ‘creative’ customs declarations. Say a proxy company to take that new shipment of 22,000 digital thingies that are then immediately sold to Apple and thus mitigating the chances of someone predicting the street date of their latest offering

DNS Cache Poisoning Exploit Sorta Patched

Do you run BIND as a caching resolver? If so, I gather this new exploit, CERT VU#800113 DNS Cache Poisoning Issue, is a pretty big deal, and you need a patch NOW.

Update: Links to more about this at Emergent Chaso, Massive Coordinated Vendor Patch For DNS. Patches for products other than BIND are out or will be soon.

Today's Discovery In Applied Informatics

I have found what I believe to be one of the last types of information for which search on the Internet remains utterly useless: finding where fireworks stands might located in the South Dade area.

I did discover that there's a store in Key Largo, but that's kinda far.

The big July 4 celebration in Coral Gables at the Biltmore has been canceled again — perhaps permanently. And the family doesn't want one of those boxes they sell in Publix this year…

If You Wait Long Enough, Everything Comes Back Into Style

If you wait long enough, everything comes back into style, and it seems that on the Internet the process is even faster than in fashion. Example: Hand-coding HTML is in fashion again. The article says “still”, but I think it's really “again”.

Timewaster or a Waste of Time

Although I am often a sucker for online timewasters (and never more than during the exam-writing season!), and although I gather some folks love this thing, I'm having some trouble figuring out the attraction of Pass the Ball, a shockwave object.

Can someone explain?

I've Been Joe-Jobbed Again

Someone has emailed the entire universe a series of cheap ads for tawdry goods forging my email address in the “from” line. It is not the first time I've been 'joe jobbed' but it seems to be an even more thorough job than in the past.

As a result, I'm getting a flood of mailed bounces, rejections, spam complaints and the like. No doubt many systems will now blacklist my address. And so on.

And it makes finding the real mail a bit of a needle in a haystack problem. Not to mention that if I tried to mail you, misspelled something, and it really bounced, I'll never notice.

If you need to reach me in the next few days, or more, please consider the phone if I don't reply.

Another Reason Why Comcast Isn't My ISP

Most of the reasons that Comcast isn't my ISP have to do with its aggressive opposition to net neutrality. But there's also a substantial quality of service issue: see, for example, Steven M. Bellovin, An Outage from Managing P2P Traffic?.

Not that I love AT&T, or that their net neutrality politics are so much better. But their service seems somewhat better, and they're a little less in-your-face about their views.

Gmail Unveils 'Custom Time'

Google has unveiled what looks to be a Really Useful Service as an enhancement to its Gmail (eternal Beta). They call it “custom time”.

New! Gmail Custom Time^TM  

Ever wish you could go back in time and send that crucial email that could have changed everything — if only it hadn't slipped your mind? Gmail can now help you with those missed deadlines, missed birthdays and missed opportunities.