US Government Checking Up On Vista Users?

Found on Slashdot on Saturday, 21 July 2007
Browse Internet

This article at Whitedust displays some very interesting logs from Vista showing connections to the DoD Information Networking Center, United Nations Development program and the Halliburton Company; for no reason other than the machine was running Vista. From the article 'After running Vista for only a few days — with a complete love for the new platform the first sign of trouble erupted. I began noticing latency on my home network connection — so I booted my port sniffing software and networking tools to see what was happening. What I found was foundation shaking. The two images below show graphical depictions of what has and IS trying to connect to my computer even in an idle state'.

First of all: I'm not posting this because I take that article serious. In fact, I'm posting because it obviously shows what happens when people without much knowledge try to act smart. First, you don't "boot" port sniffing software; you boot an OS and launch an application. And the graphical proof? Screenshots of PeerGuardian. Sorry, but that's not a port sniffing software. Furthermore, the setup of the systems involved is nowhere described. Typically, PeerGuardian is run by filesharers, so I assume he downloads via Bittorrent. At this point one should ask exactly what is the reason for those packets. Vista or the P2P software? There can be many reasons: spoofed IPs, infected hosts, P2P sharers inside the DoD and so on. Oh, and the entry in the lists can be simply wrong. To sum it up: it's an article which doesn't need to be read at all; it won't even make a conspiracy theorist nod in agreement.

MPAA to FCC

Found on Ars Technica on Wednesday, 18 July 2007
Browse Internet

The MPAA is concerned that network neutrality rules might bring an end to such beloved technologies as digital watermarking, deep packet inspection, acoustic fingerprinting, and content filtering of all kinds.

The MPAA's concern is not with winning any sort of broad ideological ground in the debate over how the Internet should work, but to make sure that ISPs can "manage their networks to protect intellectual property in order to best serve the interests of content creators and the content-consuming public."

Going beyond the specific technologies listed above, the MPAA believes that ISPs need to have the right to control traffic shaping, quality of service guarantees, latency, and bandwidth hogging—all of special concern when it comes to regulating P2P traffic.

ISP's should not be allowed to meddle with the data running through the lines. They provide the access, nothing more, nothing less. When they advertise their service as unlimited it means I can make unlimited use of it. Bandwith shaping, filtering and similar activities clearly decrease the service I've paid for. If an ISP want to block P2P or free SMTP connections, it should say so; and not just in vague words in the fineprint on page 324 of the TOS. Then the customer can decide if he's ok with that or if he prefers to sign up with another, better ISP.

Google Still Using E.U. Data Retention Ruse

Found on Wired on Thursday, 12 July 2007
Browse Internet

Google's Global Privacy Counsel Peter Fleischer continues to mislead the public about why Google keeps detailed logs on its customers searches and internet activity.

Google's policy is a complicated beast that keeps personally identifiable logs for all of its services globally 18 months, at which time Google attempts to anonymize the data by losing a few digits of the IP addresses of entries in the logs.

But let's reiterate: There is no United States or E.U. law that requires Google to keep detailed logs of what individuals search for and click on at Google's search engine. It's simply dishonest to continually imply otherwise in order to hide the real political and monetary reasons that Google chooses to hang onto this data.

Google is keeping the data because its engineers love mining the data and because holding onto the data makes law enforcement agencies happy. How often do law enforcement agents or lawyers in divorce cases show up at Google HQ with subpoenas?

For instance, it could stop issuing cookies to anonymous users that last for decades.

For instance on the user sign-up page, Google currently automatically enrolls users in to a system that records and analyzes everything they do on the Web, with zero explanation that the "feature" involves recording, in perpetuity, every url visited while logged into their Google account.

That's why people should use Google as what is was designed to be: a search engine (of course with blocked cookies, but that should be clear). All Google products should be treated with a lot of suspicion. It may be sad to say so, but it's Google's own fault for ignoring privacy.

Google hack creates peer-to-peer network

Found on CNet News on Tuesday, 10 July 2007
Browse Internet

A video posted to YouTube in April offers a primer on how to use Google to pilfer music and video files in less time than it takes to download them from a peer-to-peer service.

The how-to video focuses on what is known as an "index of" search and shows users how to direct Google's search engine to locate files from unprotected computer systems, many of which are found on college campuses. University students around the country often store music on their schools' computer networks.

Ruska's formula also worked at Yahoo and other search engines, according to the FT. Record labels have always maintained that downloading unauthorized music files violates copyright law.

It's disapointing that CNet thinks this is something new; it's so old that it has a beard already. Johnny listed it long ago, but it looks like everything that's old automagically turns into something new as soon as someone posts it on Youtube. And it's not a "hack" and not a "peer-to-peer network". Otherwise every search would be hacking the Internet, and every website visit would be P2P sharing; it's just the basic usage of Google. I can already see the next breaking news: "Reverse gear detected! Watch the Youtube instructions to see this amazing hardware hack for cars!".

Spammers defeat Captchas

Found on CNet News on Monday, 09 July 2007
Browse Internet

According to security vendor BitDefender, spammers have defeated a system designed to differentiate humans from machines when registering new accounts online. Known as Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart), the system won't allow users to advance until distorted characters in a box are correctly entered. BitDefender says a new threat, Trojan.Spammer.HotLan.A, is using more than 15,000 automatically generated bogus Microsoft Hotmail accounts to spread, and is registering 500 new accounts per hour, suggesting the Captcha system has been defeated.

This isn't really really something that should be filed under "breaking news". Captcha-security has been breached quite some time ago, as most PHPBB admins might know. A quick search for PWNtcha brings up lots of results dealing with defeating captchas. Fixing broken captachs is just a temporary improvement, not a solution (in case of PHPBB, it helps a lot if you adjust the grayscale values to reduce the difference between background and text). Perhaps it's about time to replace the current approach of identifying text. For humans, it's easy to answer questions about a picture, like "how many people do you see?" or "what color has the car?". Of course the visitor has to be able to understand the language. This should be a minor point; not too many would sign up with a site they can't read.

Russia Shuts Down Allofmp3

Found on Techdirt on Tuesday, 03 July 2007
Browse Internet

The RIAA's always-intense lobbying efforts paid off when it got the US government to threaten Russia that unless it shut down the site, it wouldn't be admitted to the World Trade Organization. They've now gotten what they paid for their wish, as Allofmp3.com has now been shut down, after pressure from the Russian government. But in a move to highlight the utter pointlessness of all of this, the company behind Allofmp3 -- which has shown little concern for the flap over the WTO -- has already set up another site, Mp3sparks.com, which appears nearly identical to Allofmp3. The company says it's setting aside 15 percent of its revenues to pay royalties to record labels, and is considering paying another 5 percent on top of that, even though it's not legally required to do so. Of course, that's not likely to matter to the labels, which sued Allofmp3, even though it had apparently been trying to pay royalties to them, in accordance with Russian law.

Everybody, update your bookmarks. If you still like to listen to that useless music that's produced these days.

Google wants to protect you from Moore's Sicko

Found on ZDnet on Saturday, 30 June 2007
Browse Internet

Taking a break from reading the wall-to-wall iPhone coverage on TechMeme, I ran across a post from Lauren Turner, who works for Google as an account planner selling ads to the healthcare industry. In the post on what is called the Google Health Advertising blog, but only contains two posts, she assures potential advertisers that Google can help protect them from the negative impact of Michael Moore's just released film "Sicko," which does to the U.S healthcare system what Fahrenheit 9/11 did to the Bush administration.

I saw "Sicko" last night, and while the film doesn't include the point of the view of U.S. healthcare industry executives (I assume they didn't relish being on film with Moore) and over rotates in spots, who can deny that the U.S. healthcare system, and the U.S. government that won't fix it, is deeply flawed.

Moore makes his points best in the film in chronicling some of the tragedies resulting from our healthcare system, and in documenting how people who live Canada, the United Kingdom and France have nationalized, socialized health care systems and have longer lifespans than the U.S. population.

The truth always hurts, but trying to push it aside is the wrong way. America's so called health care is flawed and should be fixed.

Google flirts with online OS

Found on The Register on Friday, 29 June 2007
Browse Internet

It's only a matter of time before Google unveils a full-fledged online operating system. This week, Microsoft's biggest rival rolled out a new version of Docs & Spreadsheets - its online answer to Word and Excel - adding Windows-like folders, an improved search engine, and an all-around prettier interface.

Previously, Docs & Spreadsheets organized files using a tagging method reminiscent of Gmail, Google's web-based email client. With the addition of folders, the service feels much more like a classic desktop GUI. You can even move documents from folder to folder via drag and drop.

I wouldn't trust an online OS at all. Especially not if it's run by Google, a company known for collecting and storing all sorts of user information for later usage.

Google may close Gmail Germany

Found on Newlaunches on Saturday, 23 June 2007
Browse Internet

Spiegel a german news site is reporting that Google is threatening to shut down the german version of its Gmail service if the german Bundestag passes it’s new Internet surveillance law. Peter Fleischer, googles german privacy representative says the new law would be a severe blow against privacy and would go against Googles practice of also offering anonymous e-mail accounts. If the law is passed then starting 2008, any connection data concerning the internet, phone calls (With position data when cell phones are used), SMS etc. of any german citizen will be saved for 6 months, anonymizing services like Tor will be made illegal.

Funny that Google complains about privacy problems; they keep everything a user does for years. Setting that aside, it's still nice to see that some heavyweights step in. It will alert more people, and in turn shows politicans that a police state is not welcomed. In the end, it will push encryption and services like TOR (the article is not too clear, but only TOR exit nodes are affected). All that's just for public stunts: they won't get the real bad guys with that. This still requires traditional police work, not tons of logfiles and "in dubio contra reo" laws.

ISPs Inserting Ads Into Your Pages

Found on Slashdot on Friday, 22 June 2007
Browse Internet

Some ISPs are resorting to a new tactic to increase revenue: inserting advertisements into web pages requested by their end users. They use a transparent web proxy (such as this one) to insert javascript and/or HTML with the ads into pages returned to users. Neither the content provides nor the end-users have been notified that this is taking place, and I'm sure that they weren't asked for permission either.

There is an interesting question: is this legal? I doubt so. Those ISPs use the content generated by others to make money. I doubt that IBM, Intel, Microsoft and all the others are happy when ads are placed on their sites. Especially since the average users won't assume that their ISP put them there. I see a lawsuit coming.