May 29, 2008

"NNSquad Network Measurement Agent" Beta Now Available

Greetings. The NNSquad Network Measurement Agent (NNMA) monitors network activity on computer systems, looking for and flagging a variety of potential problems. NNMA also includes a special function that attempts to detect reset (RST) packets that may have been injected into a TCP connection by any entity not located at the connection endpoints (for more on this feature, please see the NNMA methodology notes).

While the reset packet detection system included in this release is of interest, NNSquad views this package as more important in the long run as a development base for a broad range of network measurement functionalities and associated communications and analysis efforts.

The NNSquad Network Measurement Agent (NNMA) Beta 2.0.0.6 is released as open source software under the LGPL, by the Network Neutrality Squad project of People For Internet Responsibility (PFIR). It was developed from the "Buster" network management and security program, which was specifically open-sourced by its authors at Praemio, Inc. in furtherance of the NNSquad project. Additional licensing details are included in both the installable and source distribution archives.

This package is suitable for installation on Windows 2000, XP, and Vista.

Good luck, Mr. Phelps.

--Lauren--

Posted by Lauren at 05:30 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein


May 19, 2008

Confused Senator Lieberman Demands Google Stop "Aiding" Terrorists

Greetings. Senator Joseph Lieberman (aka Senator John McCain's "error-correcting" shadow) has joined the "blame it all on Google club" -- with demands that Google more effectively remove (or preemptively block?) al-Qaida and other terrorist-related videos from YouTube.

Google already pulls down videos after they're flagged by users for violating YouTube's violence or other relevant guidelines, but Lieberman seemingly wants Google to remove the videos on a more technically proactive basis. It should be easy he says, since the videos are already usually "branded" with the terrorist organizations' logos.

Interesting idea Senator -- but it won't fly. Prescreening the vast numbers of videos uploaded daily to YouTube is of course utterly impractical and unreasonable. True, Google now has a system in place to prevent certain (mostly relatively high-profile) copyrighted videos from appearing on YouTube, but this assumes the cooperation of the copyright holders who want to keep their materials off of YouTube.

The increasingly technically sophisticated producers and uploaders of terrorist videos presumably don't fall into that category.

If Google went through the time and effort to build a system to detect "Terrorist ID Bugs" (uh, "TIBs"), how much time do you think would elapse before such logos were no longer present in the produced materials, or simply cropped, replaced, or blotted out prior to YouTube uploading, specifically to thwart such detection systems? This could all be trivially accomplished using cheap and ubiquitous video editing tools. And by the way, in case you hadn't noticed, YouTube isn't the only fish in the sea when it comes to venues for Internet video distribution, either.

C'mon Senator, do you really think that the guys behind those horrific productions are idiots? They're not, you know. In the Internet age, censorship of the sort that you appear to desire -- even for laudable motives -- is effectively impossible.

That's simply the reality, whether you or anyone else likes it or not.

--Lauren--

Posted by Lauren at 06:53 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein


May 17, 2008

The MySpace Indictment Gets Worse -- And Facebook Tells Google to Stuff It

Greetings. Presented for your reading (and my typing) convenience, here are two unrelated "social networking" items combined into one posting.

First, more information has become available regarding the MySpace suicide indictment that I discussed a couple of days ago, and it appears that the risks I outlined then look even worse now.

Many legal experts seem to be generally in agreement that the anti-hacking law invoked in this case was never meant for this kind of situation and is really pushing the prosecutorial discretion envelope. Perhaps even worse, the conspiracy count attempts to prosecute a claimed conspiracy to violate MySpace's Terms of Service (TOS), and the creation of a phony "identity" on that site.

Wait a minute. Is simply violating the often insanely long and complex TOS at a site now a criminal offense, especially as relates to not telling the truth, the whole truth, and nothing but the truth when creating an online presence?

If you've never entered false information when signing up at a Web site, please raise your hand ... Hmm, not a lot of hands raised out there.

In this particular case, pretty much any young MySpace user could apparently have rather easily gained access to the profile and related information in question, but the authorities are attempting to prosecute an act of "phony identity" because -- apparently -- they can't find any truly appropriate statute to apply in this tragic harassment suicide case.

Already, I'm seeing news stories with headlines suggesting that using false identities on the Web might get you arrested. Please see my earlier postings for more discussion about why this is potentially such a dangerous situation for law-abiding Web users.

Onward to the next topic very briefly ... Facebook has pulled the plug on their connection to Google's "Friend Connect" service, claiming privacy violations on Google's part. I won't get into the details right now but since I've been asked about this I'll offer just a quick comment today.

As far as I can see, this situation is all about Facebook attempting to protect its own competitive position and essentially nothing whatever to do with privacy. I see no privacy-related problem with Google's handling of "Friend Connect" as relates to Facebook or other sites. It is clear that Facebook loses some element of control when users join "Friend Connect" -- but those users still have appropriate controls over their own privacy settings through the Google service.

If Facebook doesn't want to participate in the Google initiative that's Facebook's choice, but to inappropriately claim a purported privacy problem as a lame excuse undermines discussion and appropriate consideration of real privacy issues generally, and should not be tolerated.

After their "Beacon" fiasco -- a real privacy problem of their own making -- I'd hoped Facebook would be a bit more forthcoming, but apparently they still have a lot to learn.

--Lauren--

Posted by Lauren at 03:53 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein


May 15, 2008

Federal MySpace Indictment May Threaten Web "Anonymity"

Greetings. Back in January, I discussed (Can You Go to Prison for Lying to a Web Site?) the tragic case of a 13-year-old girl who committed suicide after receiving upsetting messages via MySpace, and the efforts of authorities to find some way to charge the senders of the messages, based on MySpace's location in Beverly Hills.

Of particular concern to me was the apparent plan to declare that providing false information in a profile (e.g. to MySpace) was a crime.

I haven't seen the actual indictment yet, but word is that an L.A. Federal Grand Jury has handed down one count of conspiracy and three counts of "accessing protected computers without authorization" -- the latter counts presumably focused on the MySpace profile.

I continue to offer my sympathies in this situation. But I must also again proactively warn that creating a precedent declaring that the providing of false information in a Web site profile is in and of itself a crime would be terrible public policy. It would put the privacy of millions of law-abiding Web users at risk, who frequently choose not to provide accurate information at Web sites that they visit, simply to protect their own personal and/or financial privacy and security.

While there is very little if any true anonymity on the Net, we should all be concerned about the rising tide of demands to force all Internet usage to be verifiably identified, regardless of the seemingly laudable goals often associated with such efforts.

--Lauren--

Addendum: Just to be completely clear on a key point -- it's quite possible that MySpace could have a cause for action in this case based on violations of their Terms of Service. However, the federal "accessing protected computers" statute was designed to protect against hardcore computer hacking and related system penetrations, not for cases of this sort, and this law has never before been applied in this kind of situation.

Such "stretching" of the law, apparently in an attempt to mollify public opinion, is highly problematic and risks significant negative collateral damage to law-abiding Internet users in the long run.

--LW--

Posted by Lauren at 12:46 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein


May 13, 2008

Google Testing "Face Blurring" for Street View

Greetings. Given all of the negative brouhaha regarding Google Street View, the overwhelmingly vast majority of which I consider to be unwarranted, I hope that Street View detractors will take note of Google's testing of technology to blur faces in Street View images.

There's no legal requirement forcing Google to do this (at least in the U.S., and I haven't heard of such requirements elsewhere), but they're clearly trying to go the extra mile in this regard.

It will be interesting to see if Google's mapping competitors are equally proactive.

--Lauren--

Posted by Lauren at 07:41 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein


ISP Wiretapping: FCC, FTC, and Congress Need to Act Now!

Greetings. Charter Communications has now announced that they intend to "wiretap" (that's the only appropriate term I can think of) subscribers' Internet Communications, and use the search data obtained in this manner to inject Charter's own targeted advertising into user data streams.

I believe that the "wait and see" timeout period on these abuses of DPI (Deep Packet Inspection) technology has now expired, and we now need to look to the FCC, FTC, and Congress for immediate actions to protect ISP subscribers' privacy rights, and both the privacy and business rights of the Internet services with whom those users communicate.

Charter's plans seem very much in line with both the Rogers Cable data insertion system (Google Hijacked -- Major ISP to Intercept and Modify Web Pages) and the UK "Phorm" system (UK ISPs to Spy on Google Users (and Others)), both of which I've discussed previously at some length.

As I've noted, the use of content monitoring systems by ISPs on other than a purely opt-in basis is nothing short of wiretapping (in a practical sense that we all can understand, legal loopholes notwithstanding). It is monitoring of communications between users and Internet services, and all of the touted anonymization claims and awkward opt-out cookies don't amount to a hill of beans.

This class of threats to privacy and business interests may have been "merely" theoretical before, but now is concrete and real.

Users can in some cases take their own protective steps by encrypting their communications whenever possible (Toward Pervasive Internet Encryption: Unshackling the Self-Signed Certificate).

But now is the time for our legislators and regulators to earn their salaries, and make it clear that ISPs are supposed to be carriers of communications, not spying on, tracking, and modifying subscriber communications for their own gains.

--Lauren--

Posted by Lauren at 09:51 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein