November 29, 2007

Facebook to Users: "We Own You, Suckers!"

Update (7:30 PM PST): Word has arrived very late today, that apparently bowing to pressure and negative publicity, Facebook will now specifically request user approval "each time" before releasing transaction information under their Beacon system. I agree that this (if appropriately implemented) is a positive step -- presuming that the concept of an assumed opt-in has really been completely removed. However, a simple, complete opt-out option (or even better, a default condition of global opt-out) would still be much more appropriate if Facebook really cares about its users as more than raw materials for future profit center processing.

Greetings. The reaction of Facebook to growing protests by its users over the privacy-invasive implementation of user purchase tracking and promoting for its "Beacon" system, is rapidly becoming a textbook example of how easily arrogance can consume the friendly face of major online services.

When I was first asked for an opinion about Beacon when all details were not yet known, I suggested that it was getting into a touchy area, but that there were ways to handle the system details that could help minimize and mitigate such concerns. Unfortunately, Facebook has chosen a different path, and in the process is telling us more about the mentality of its leadership than a thousand press releases might have revealed.

We can leave aside all the cat-and-mouse details about how long an opt-out box appears, how big it is, or where on a page the box is located. It's obvious to anyone with half a brain and even a modicum of concern about privacy that such a feature, while really needing to be opt-in, should at an absolute bare minimum have a simple and universal opt-out capability. The privacy risks in Beacon as currently implemented are anything but trivial. It's easy to visualize scenarios under which the accidental release of purchase information could have serious repercussions indeed.

By greatly increasing the probability that users' purchases will be revealed unintentionally to third parties, Facebook's Beacon system dives deeply into the anti-privacy cesspool, in a manner that far exceeds potential problems with conventional Web site transactional tracking for internal use.

And by refusing to provide a simple "global" opt-out function, and then taking such an arrogant stance toward its community by belittling legitimate privacy concerns, Facebook and various advertising execs have demonstrated their sense of ownership over users, their belief that the old adage proclaiming "the customer is always right" has been turned on its head -- into a warped nightmare of consumers valued merely as fungible commodities to be fattened and treated like lambs for slaughter.

Luckily for its users, Facebook has some effective competitors, who we can hope will learn some important preemptive lessons from Facebook's current fiasco.

Perhaps it's time for Facebook aficionados to start voting with their feet -- or rather with their mice -- and show Facebook the virtual door. Don't worry too much about hurting their feelings. They'd likely give you the boot in short order if positions were reversed.


Posted by Lauren at 06:09 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 26, 2007

France Announces Massive Internet Surveillance by ISPs

Greetings. In a breathtaking act of arrogance reminiscent of the heyday of Louis XVI (and likely to trigger similar public reactions among many Internet users, though perhaps unfortunately absent the "equalizing" influence of la guillotine), the French government and its overseers (the entertainment industry), along with a cowering collection of gutless ISPs, have announced an agreement for ISPs to become the Internet Police Force in France.

Under the agreement (see below for links) ISPs will monitor users for presumed illegal activities (read that as "file sharing") and send reports on the accused to what amounts to an anti-piracy board.

This board could then mete out punishments as it sees fit, including (attempted) banishment from the Internet (via what amounts to a national blacklist).

To streamline the process, the entire procedure, as I understand it right now, would operate -- at least initially -- on an extrajudicial basis, without the messy intervention of courts, judges, trials, or other post-Magna Carta niceties that might help to assure that only the truly guilty are punished.

Proponents are arguing that this approach will avoid overly severe judicial judgments, but in reality it's clearly an attempt to avoid fixing broken laws, while kowtowing to entertainment industry demands.

The utter idiocy and recklessness of this approach is pretty much beyond description. It is ripe for privacy abuses on a grand scale, mistaken identities, false "convictions," and a long list of other associated problems.

On the positive side though, the plan is likely to speed widespread adoption of encryption, as even routine Internet communications move to secure and in some cases cloaked channels to avoid these kinds of repressive enforcement regimes.

It's one thing to use the conventional legal system to enforce legitimate intellectual property rights, but it's something wholly different to deputize ISPs into Network Monitors, feeding data to what apparently could easily become a Star Chamber operating outside the normal bounds of the conventional legal system.

More details from: BBC, or Le Monde (French) (or Google translation).

Liberté, egalité, fraternité?


Posted by Lauren at 12:55 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 23, 2007

Beware Software Gifts from the MPAA

Greetings. I'm on record as supporting reasonable efforts by the MPAA, RIAA, and their various cohorts to protect their intellectual property assets. However, a software tool being distributed to universities by the MPAA, supposedly to help the schools internally track student file sharing (and remember, there are efforts to make such tracking a requirement of federal law) appears to leak information like a sieve, not just to the MPAA but to the entire Internet.

Part of the MPAA toolkit's data leakage is obviously intentional -- like the "phone home" aspect that reveals a new installation to MPAA servers. Other aspects, like the open Web server that the toolkit installs, which exposes collected data publicly, may simply be the result of design incompetence.

Either way, I agree with those observers who suggest that installing this free software mess would be a big mistake on the part of university system administrators.

The MPAA now says that the current release that they've been pushing to the educators is only the beta version. I'm all in favor of betas, even extended ones, but a cardinal rule of software development says that you don't allow beta software to be used in outside production environments unless it has at least been vetted for major security and privacy problems.

In this case, the problems with the MPAA software are so obvious that they call into question the veracity -- or at least the competence -- of the entire project.

When our policymakers consider the desires of the entertainment industry to turn university IT departments into intellectual property cops, I hope that this particular fiasco will be duly noted.


Posted by Lauren at 09:03 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 21, 2007

Confused Billionaire Urges Blocking of Internet P2P Content

Greetings. I don't get to call billionaires "confused" every day -- after all, unless they were born to wealth, they obviously were better able to focus on the big bucks than I ever have.

But money doesn't buy understanding of complicated technical and policy issues -- or clarity of thought -- so rather than simply assert that Mark Cuban is shortsighted, silly, or perhaps just plain out of touch with the reality down in the trenches where most of us dwell, I'll simply call him confused.

When Comcast was caught with their pants down recently tampering with P2P traffic (and denying it until there was indisputable external proof), most observers understood the ramifications immediately. Comcast did more in one fell swoop to push the key issues of Network Neutrality back into the news than any other single event in the recent past.

So to see Mark spouting off with an open letter where he practically awards Comcast the Nobel Peace Prize and urges a total ban on P2P traffic (or a premium price surcharge), well again, there are many terms I could use to describe him, but I'll continue to stick with "confused" for now.

Admittedly, perhaps it's a mistake to pay much attention to Mark on this score. After all, even the more rabid P2P haters (that I've come across personally, anyway) haven't taken such a simplistic and I dare say so counterproductive a view of what's really a very complex topic.

But the risk is real that policymakers and telecom bigwigs might incorrectly assume that Mark actually knows what he's talking about regarding this matter, and that could potentially be disastrous for the Internet and its users.

So Mark, I'm sorry that your Internet connection has apparently been sluggish lately, but rather than attempting to make the entire Net march to your restrictive drummer via broad, oversimplified, and in some cases just plainly inaccurate statements, you might try working with the community toward keeping the Internet fair and equitable for everyone.

Cooperation can even work for billionaires.


Posted by Lauren at 10:23 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 19, 2007

The Verizon Wireless Feature That Might Get You Killed

Greetings. Sometimes you really have to wonder if anyone bothers to vet new cell phone features. Verizon has reached a new high (or low, depending on your point of view) by apparently requiring that all of their new cell phones emit a very loud warning tone -- audible yards away -- whenever 911 is dialed.

This fun feature can't be disabled, though a thumb over the earpiece holes might help muffle the telltale signal. It's just perfect for those dark and lonely nights when you think that you hear a prowler in your home. Pick up your Verizon cell phone, dial 911, and the loud tone in a quiet house might bring the intruder quickly into your presence, thereby verifying your concern! Now that's handy.

Verizon (always quick with explanations that often turn out to be wrong) initially claimed that the loud signal was required by FCC regulations. The FCC disagrees -- saying that the relevant rules merely require that the cell phones warn when 911 has been dialed -- they don't require the Verizon "make sure everyone in the surrounding area knows that you called 911" technique.

But take heart, even after your phone has revealed your location to an unwelcome visitor, all is not lost. You might still be able to use the phone as a weapon if you've got a good throwing arm. Those lithium-ion batteries can really smart if they hit just right.


Posted by Lauren at 05:29 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 05, 2007

"Network Neutrality Squad": Users Protecting an Open and Fair Internet

Greetings. I'm very pleased to announce a new project from PFIR - People For Internet Responsibility:

Network Neutrality Squad - NNSquad

PFIR Co-Founders Peter G. Neumann and I are joined in this announcement by Vinton G. Cerf, Keith Dawson (, David J. Farber (Carnegie Mellon University), Bob Frankston, Phil Karn (Qualcomm), David P. Reed, Paul Saffo, and Bruce Schneier (BT Counterpane).

Recent events such as Comcast's lack of candor regarding their secretive disruption of BitTorrent protocols, and Verizon's altering of domain name lookup results to favor their own advertising pages, are but tip-of-the-iceberg examples of how easily Internet operations can be altered in ways that may not be immediately obvious, but that still can have dramatic, distorting, and in some cases far-reaching negative consequences for the Internet's users.

The Network Neutrality Squad ("NNSquad") is an open-membership, open-source effort, enlisting the Internet's users to help keep the Internet's operations fair and unhindered from unreasonable restrictions.

The project's focus includes detection, analysis, and incident reporting of any anticompetitive, discriminatory, or other restrictive actions on the part of Internet service Providers (ISPs) or affiliated entities, such as the blocking or disruptive manipulation of applications, protocols, transmissions, or bandwidth; or other similar behaviors not specifically requested by their customers.

Other key aspects of the project are discussions, technology development and deployment, and associated activities -- fostering cooperation and mutually agreeable methodologies whenever possible -- aimed at keeping the Internet a maximally unhindered, useful, competitive, fair, and open environment for the broadest possible range of applications and services.

We invite individual, commercial, nonprofit, government, and all other Internet users and stakeholders (including ISPs) to participate in the Network Neutrality Squad.

Please join the moderated mailing list (choice of immediate distribution or digest) for project announcements and discussions, by sending a message (any subject or text) to, or by signing up at the mailing list Web page.

A moderated, interactive discussion and incident reporting forum is also available for more real-time communications on related topics.

Questions and comments are welcome at, or feel free to contact me directly for details.

Working together, we can help to keep the Internet an incredibly useful resource for everyone around the globe, unhampered by any efforts to skew its enormous capabilities in ways that could hinder the many while benefiting the relative few.

We hope that you'll join this cause. Thank you for your consideration.


(Affiliations shown for identification purposes only.)

Posted by Lauren at 04:03 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein