November 25, 2008

Sending Secret Messages Via Google's SearchWiki System

Greetings. I've previously written of some concerns associated with Google's new "SearchWiki" feature, a concept with considerable merit in theory, but as currently implemented appears to be easily abused.

Up to now I've noted the issues of "electronic graffiti" and similar problems associated with the current unmoderated SearchWiki environment, which also lacks site opt-outs, simple user opt-outs, or useful comment control mechanisms of the sort that do exist for Google's YouTube.

It appears that SearchWiki also provides an interesting platform for the global distribution of secret messages. By allowing users to attach publicly viewable, arbitrary comments to virtually any URLs returned in Google search results, SearchWiki can be used as a gigantic "spread-spectrum" secret message transmission medium.

Users need only associate individually innocuous message fragments (which may themselves be encoded in a wide variety of ways) as comments to the limited set of URLs returned by obscure Google search queries.

Without knowing the exact search query used to "aggregate" the comment set in any specific case, outside parties who might stumble across individual message fragments (as comments on arbitrary URLs) would be extremely unlikely to recognize them as parts of a coherent message, and would have no simple technique to locate the other parts of the message in any case. This is a key attribute of the described technique -- a message that is dispersed in this manner is unlikely to even be recognized as a message worthy of attention or log-based analysis.

Before I present an example, a few additional points of note.

Users must be logged in to Google with their Google accounts to attach or see SearchWiki comments. While for this example I created all message fragments with the generic nickname "Searcher" from a single account, in practical use it is likely that users would submit fragments from different accounts, and probably from different IP addresses. Google accounts can be easily created in just a few minutes, and using different accounts would not only help to defeat algorithmic methods that might be aimed at slowing comment submissions, but also could complicate associated forensic analysis of activity logs. By staging message fragment submissions in various ways over time, algorithmic detection of message creation patterns could also be made more difficult.

While Web pages and search results are typically ephemeral in nature, initial experiments suggest that they are stable enough over periods of time that would be useful for the sending of messages as described.

For this trivial example, I have created ten simple plaintext sentences that are attached to ten URLs. I cannot guarantee how long these comments will be present, and other comments may be added, since this query will now be widely publicly known (which wouldn't be the case in a practical use of this technique).

Each comment has been sequence numbered in an obvious fashion for demonstration purposes. Comments were individually created then the "promote" up-arrow was selected for each associated URL (this "promotion" step appears important to enable the rapid appearance of comments to other Google users).

In practical use, sequence information would most likely be kept more obscure. Keeping the actual comments in some form of plaintext would help avoid possibly being deleted as "unintelligible" text, though of course the actual meanings of the text words could be subject to code-based obscuring techniques. With a bit of effort, any data, including images, could probably be transmitted in this manner.

Only one word in each of the ten comment sentences for this basic example is part of the actual secret message. Your mission is to derive the complete secret message, which is currently dispersed across the space of Google's search database.

To aggregate the message fragments, you need to enter the appropriate search query into Google, while logged into a Google account. Then select the "See all notes for this SearchWiki" link at the bottom of the page. You should then be able to see comment links associated with a number of the associated URLs. Click on the links as necessary to view the actual comment texts, remember the encoding procedure I outlined above, and the secret message is yours.

One final thought before we begin. If I can use this technique, we can be sure that other parties can use it as well, including entities who would figure it out on their own without ever seeing this blog item. Forewarned is forearmed.

Special thanks to Lou Katz of Metron Computerware for his assistance in the testing of this technique.

OK, let's start. The secret message keyword search string is:

orthogonal terwilliger accordion

Click here to visit the appropriate Google search results page for this query.

Be seeing you.


Posted by Lauren at 06:02 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 24, 2008

YouTube Switches from 4:3 to 16:9

Greetings. It appears that YouTube has switched their standard video display window from 4:3 aspect ratio to 16:9 widescreen. As anyone can tell you who has ever worked to try make sure that a 16:9 image displayed reasonably in YouTube's previous 4:3 window -- not as straightforward as you might think -- this should be a welcome development, as was "high quality" video mode (if you know how to trigger it).

Of course, videos previously encoded 4:3 will now display black side panels, just like your home HDTV when showing standard definition fare -- assuming you're using the proper TV display mode and don't select the painful "distort the image to fill the screen" setting. (Note to History Channel: stretching most of your standard definition shows feeding on your "History HD" channel looks seriously awful.)


Posted by Lauren at 10:37 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 22, 2008

Serious Pollution of Google SearchWiki Results Already Appearing

Update (November 22, 2008 3:40 PM): Reports are coming in that Google SearchWiki has apparently vanished from some or all Google accounts. Confirmed. It's not known yet if this is just a momentary technical glitch or something more significant. Additional info as it becomes available ...

Update (November 22, 2008 6:20 PM): I'm now told that the disappearance of SearchWiki is indeed a technical problem and that it will return shortly, presumably in the same form as described in the blog entry below. Updates as news warrants.

Greetings. Yesterday I expressed mixed feelings about Google's new "SearchWiki" feature, noting that while the concept seemed to have merit in theory, the ease of potential abuse -- combined with the lack of mechanisms for sites to opt-out of the system or control comments being left associated with their sites -- was of considerable concern. Other observers have noted that there appears to be no way at the moment for Google users who are logged in to opt-out of the system either.

Unfortunately, it appears that significant abuse of the SearchWiki comments system has already begun, as demonstrated by various examples that upset readers have been e-mailing me since yesterday.

Most of these for now tend to fall into the "obscene trash" category, and decorum prevents me from passing them along -- though there are also signs that spam and more sophisticated abuse are beginning as well. One trend already appearing (logically enough from a human nature standpoint) is the defacing of search result links associated with major sites such as Wikipedia. It's quite jarring to see a serious search result displayed along with a string of obscene banter, or in other cases just long displays of utterly inane posers' back and forth comment chatter.

It's true that you don't have to look at the comments if you don't wish to, but that's little consolation for sites who now will have their Google search results associated with all manner of random garbage, attacks, obscenities, spam, and whatever else the darkest recesses of the mind can think up to abuse the audience that SearchWiki provides.

Most people would never dream of abusing SearchWiki, but unfortunately this doesn't mitigate the fact that a relatively small percentage of users can do a great deal of damage due to the asymmetric leverage that SearchWiki appears to provide them in its current incarnation.

If Google wishes to emphasize the potentially positive aspects of SearchWiki, and prevent Google's traditionally stellar search results from declining into a playground for comment abuse that could easily become a laughingstock -- or much worse -- I believe it is absolutely crucial that appropriate control and opt-out mechanisms be implemented as soon as practicable. With the best interests of Google in mind, I urge Google to do so.


Posted by Lauren at 01:27 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 21, 2008

Google's New "SearchWiki" -- Super Feature or Risky Graffiti Playground?

Greetings. Google has introduced a significant new search feature that is now accessible to users who are logged in to Google accounts.

Called SearchWiki, it allows users to modify the results returned for any given search query. Users who are not logged in to Google accounts will see conventional results without these added features.

Capabilities associated with SearchWiki include the ability to promote (that is, move upwards on the results display) result entries associated with particular searches, or to delete chosen results from the list that is displayed to you for any given search.

You can also place comments on search results, and this is where things get really interesting, and potentially very messy.

Changes that you make to your listings via SearchWiki only apply to your own results. Other people making the same search will not be affected by promotions or deletions that you have made.

However, any user who is logged in can choose options to display the number of promotions or deletions that have been associated by the SearchWiki user community at large for each item in a set of search results.

And -- here it comes! -- SearchWiki users can choose to view the comments that all other users have associated with search results.

This last feature is of course potentially the real beaut. While we may safely assume that most people will use the comment feature responsibly, it also seems certain that a small percentage -- which may still represent a relatively large number of persons in absolute terms -- will view this public comment capability very differently.

It seem inevitable that popular search results in particular will quickly become laden with all manner of "dueling comments" which can quickly descend into nastiness and even potentially libel. In fact, a quick survey of some obvious search queries shows that in the few hours that SearchWiki has been generally available, this pattern is already beginning to become established. It doesn't take a lot of imagination to visualize the scale of what could happen with the search results for anybody or anything who is the least bit controversial.

While Google provides a "thumbs down" mechanism to flag "inappropriate" comments for review, questions about how inappropriate materials will be defined, and how well Google will be able to handle large numbers of comments that may be flagged, remains to be seen.

This is all a very complex issue. On the one hand, reasoned comments can be very valuable. And since comments are only visible to Google users who are logged in and specifically ask to see them, comments will not be viewed by users who don't meet these two criteria.

On the other hand, it seems likely that persons, Web Sites, and other associated entities who feel that their search listings are being "polluted" (however they personally define pollution) may become extremely upset, especially since (unlike with YouTube comments, for example) there appears to be, as far as I know at this time, no way for a Web site owner to definitely delete comments, preapprove comments, or turn off the comments feature entirely for SearchWiki results associated with their sites.

They could try to use the "thumbs down" mechanism on each "offending" comment tied to every search query that they can think of pointing at their site. But this would obviously be utterly impractical in many cases, there's no guarantee that Google reviewers would remove the comments, and similar comments could quickly reappear in any case.

One thing we can depend on -- many individuals and sites who may feel that comments on their search results are defaming or otherwise damaging will likely demand some better way to control those comments, and in some cases will want to take legal action against the comment authors -- who will generally be very difficult to identify and locate.

This suggests that despite the real positive value that could come from the SearchWiki mechanisms, Google itself stands a significant chance of becoming the target of various significant legal actions that could be instigated by a range of parties who feel themselves to be aggrieved by the SearchWiki system.

One potential way to avoid this dilemma would be for Google to provide a means for sites to indicate that they do not wish to participate in the SearchWiki ecosystem (perhaps via a robots.txt type of indicator). Another possibility would be for sites to have access to a set of comment controls similar to those available to submitters of videos on Google's YouTube.

Google SearchWiki is pushing the search envelope in a major new direction that invokes a range of new and complicated questions. Such devotion to innovation is part of what makes Google great, but also can carry significant risks, complications, and sometimes serious unintended negative consequences.

It will be fascinating to see how SearchWiki plays out. Fasten your seat belt!


Blog Update (November 22, 2008): Serious Pollution of Google SearchWiki Results Already Appearing

Posted by Lauren at 12:05 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 17, 2008

Logic Lost In Google Flu Flap

Greetings. Last December, in For Google and Others, Few Good Deeds Go Unpunished, I noted how for companies like Google, it seems impossible to avoid ideologically-based criticisms even when performing obvious and valuable public services.

Another example of this sad dilemma has unfortunately burst onto the stage.

Google recently announced their Google Flu Trends service -- designed to help pinpoint potential flu outbreaks through analysis of search query data, and perhaps able to help focus on influenza problem spots well in advance of other leading metrics such as emergency room visits.

Does this analysis of user-provided query data necessarily represent the same kind of quality experimental data corpus as controlled experiments and statistically rigorous surveys? Probably not -- but the Google Flu Trends data, as I understand it, is not meant to replace those other forms of information. Rather, it is aimed at helping to provide a very early look at developing trends, to be accepted -- or not -- as observers feel appropriate.

When I heard about this project, it took me all of a few seconds to realize that it was a brilliant and potentially very valuable use of already existing data -- something that would likely be impossible without the benefit of Google's scale and analytical resources. How could anybody object to the use of aggregated Google data in direct support of such important public health goals?

So I was disappointed (but not really surprised) to learn today that some privacy advocates -- seemingly allowing ideology to overcome both logic and common sense -- are indeed complaining about Google Flu Trends.

It's true that there are areas where I'd like to see additional privacy-related actions by Google, but as I've said before, I believe that Google is already on a positive trajectory in this regard, and that they deserve credit for privacy enhancements already taken and in the process of deployment.

What Google doesn't deserve are knee-jerk negative reactions to services that are of clear -- one might even say overwhelmingly obvious -- potential benefit to society at large, without detrimental effects on privacy of any significance whatsoever. Arguing about the applicability of the reported data is one thing, but screaming "privacy violation" inappropriately is something else altogether.

I am increasingly disheartened by the ideologically skewed statements I see from many in the privacy community, which ever more frequently seem to fly in the face of realistic and balanced analysis of associated issues.

Such individuals and groups are free to proceed as they see fit of course, but I will not rubber stamp their pronouncements when I believe them to be wrong, and if that means I'm frequently standing alone so be it -- I have a pretty thick skin.

Still, it is unfortunate for us all when purveyors of the "Google as designated enemy" philosophy allow this view to supersede acknowledging when Google does things right.

We all deserve credit when credit is due. That holds true for me, for you, and yes, for Google Trends regarding the Flu.


Posted by Lauren at 03:33 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 16, 2008

Ludicrous: President Obama Likely To Be Cut Off From Most E-Mail

Greetings. The New York Times is reporting today on the high probability that President Obama will be forced to essentially give up using e-mail for most purposes, due to concerns over the implications of Records Act requirements.

Now that we're about to have a President who is tech-savvy in the Internet age, to enforce conditions that strip him of this key communications tool is a ludicrous situation.

To consider every e-mail to be a public record in the context of public interest and governmental transparency makes no more sense than would requiring that every phone call made by such officials also be recorded and be available for virtually unlimited future scrutiny.

While it can certainly be argued that situations arise where access to archived e-mail contents is valuable when investigating and adjudicating various situations -- in both the commercial and governmental worlds -- fears of inappropriate large scale e-mail disclosures may now be seriously undermining the use of this technology in both contexts, with the likely result being a detrimental reduction in often crucial communications.

E-mail is no longer a hi-tech novelty, it has become as fundamental to our world as physical mail and the telephone -- arguably now even more so than those two older technologies.

It's time that we rethink how records reporting policies, regulations, and laws may seriously restrain and damage useful and important communications. We should work toward striking some sort of balance to avoid creating situations where our leaders and others find themselves stripped of a crucial communications tool, over fears that their e-mail use doesn't include relevant and appropriate privacy protections.


Posted by Lauren at 10:35 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 13, 2008

The Obama Background Check Questionnaire

Greetings. So you want a top job with the upcoming Obama administration? You'd better be ready to bare your soul! A background check questionnaire for upper-level applicants to the Obama team has surfaced. It's a monster set of interrogatories, probably raising the level of arguably very intrusive questions -- relating both to the applicant and their family -- to a new level for such a document.

I do understand why the Obama team may feel it prudent to require the answering of such a "comprehensive" set of queries. But I also wonder how many qualified and talented people may be unnecessarily excluded based on their unwillingness (or inability -- some of the Internet-related questions are doozies) to plow through that Godzilla of a questionnaire or expose so much of their own (and their loved ones') personal lives.

You be the judge.


Posted by Lauren at 08:55 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 12, 2008

Network Neutrality and Groundhog Day

The following is adapted from a posting of mine distributed on Dave Farber's IP list earlier today ...

Greetings. I can only assume that much of the readership feels trapped in a situation like that of Bill Murray in the film "Groundhog Day" -- when the usual suspects start batting Net Neutrality back and forth here in IP.

But there are underlying truths in play -- this isn't like a movie review where opinions are mainly a matter of taste.

Let's start with a number. According to the best public estimates right now, the top 5 ISPs have over a 55% U.S. market share. The top 23 hold more than 75% market share.

Everyone else, including most of those 4000+ wireless ISPs that Brett Glass likes to talk about, are clustered down in the remaining less than 25%.

Brett portrays his (often laudable) business practices as if they were representative of the ISP industry at large. But even his own statements illustrate why so many observers put the dominant ISPs in a completely different category. From Brett's last posting here in IP:

"While the government seems intent upon making it impossible for us to compete by denying us reasonable access to radio spectrum and by allowing the telephone and cable companies to engage in anticompetitive practices with impunity (witness the Trinko case), we are surviving and growing nonetheless."

Who are these "telephone and cable companies" being referred to? None other than the dominant carriers with that monster Internet access market share!

Why aren't wireless ISPs on the radar for most consumers? In many cases, it's because they are not accessible for technical reasons in a given location, or can't offer a similarly attractive price/performance package as the dominants, frequently due to the anticompetitive situation that Brett cites.

David Reed brought up a critical point that illustrates why so many of us bristle when some advocates attempt to draw comparisons between Google's market share for particular Internet services, vs. the extremely limited practical competition for Internet access services for most U.S. Internet users.

The term "monopoly" gets thrown around a lot but it's a much more complex subject than simply a board game with a "Get Out of Jail Free" card.

First, it must always be remembered that whatever Google's scope, your friendly ISP has it beaten in terms of your data seven ways from Sunday. Every single blessed byte you send or receive, every TCP or UDP connection you directly establish, every piece of e-mail passes through your ISP. That is power with a capital P.

And how did these ISPs attain such exalted positions? Much of the time, simply by edict. Your local DSL and cable firms are usually the direct descendants of the basic telco and CATV services that were typically granted monopoly (in the most basic sense of the word) status in any given location.

This is precisely the sort of telecom situation where regulatory apparatus historically has been most applicable.

Google is entirely different. They weren't granted any exclusive establishment rights by municipalities or other government entities. They didn't even twist arms the way that courts have found Microsoft guilty of widely doing.

Google got to where they are now "simply" by being so effective at providing the services that they deploy, and through Internet users -- remaining free to enter non-Google URLs into their browsers at any time -- who have chosen to use those Google services.

A firm that achieves market dominance in any business segment through its own hard work and customer satisfaction is not the same as a company that achieved dominance by virtue of special privilege grants or illicit manipulation of the marketplace.

While it can be true that any dominant firm may sometimes be subject to certain extra responsibilities and in some cases specific restrictions, attempts to equate Google to ISPs in these regards are in my view misleading and inaccurate, and do not well serve reasoned dialogue on the serious issues involved in the Network Neutrality debates.


Posted by Lauren at 06:31 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

Sirius/XM Merger Attacks! Listeners Irate as Favorite Channels Vanish

Greetings. The merger of two satellite radio services into one -- promoted ironically as a boon to listeners, has finally taken its toll on programming. Today the newly branded Sirius/XM channel layout took hold on existing radios, and the Net is abuzz with listeners who have found themselves on the short end of the new lineup.

Favorite channels have in some cases vanished. Some of XM's best have been replaced with inferior Sirius alternatives. One of my most preferred channels -- Cinemagic -- which combines film scores with short movie excerpts -- is suddenly being announced as "off the air" until next year (and in what format when it returns, one wonders?).

Out of curiosity (and before I make a decision to cancel my subscription) I called customer service to find out what was really going on with Cinemagic. The rep insisted that it had merely moved channels, not gone off air -- even when I played the channel announcement to him that was clearly to the contrary!

In other words, they don't have a clue about what's really going on.

OK, I agree, the loss of movie music (hey, I'm a classic film fan) isn't the end of the world. But it's likely the end of this subscriber, and judging from what I'm seeing in various Web forums, I'm not the only one who is finding the "one satellite radio service is better than two" theory to be entirely unconvincing.

While there are alternatives -- such as Internet streams -- for much of this material, for in-car and portable situations satellite radio really has been a wonderful development. Or at least it was, until U.S. government agencies decided to void their own "no merger" rule for Sirius and XM, reducing the choice for consumers in this market segment by a full 50% in one fell swoop.

Fans of the now dead XM channels can presumably find other uses for their subscription fees -- unless they're on annual payment plans. Hmm, are the channel lineup changes sufficient cause to cancel an annual fee mid-year without penalty?

Satellite radio may have just driven a stake into its own heart.


Posted by Lauren at 11:12 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 11, 2008

Full Debian Linux on the G1!

Greetings. How long has it been now since the G1 officially hit the streets? Just less than three weeks, right? I've been noting the breathtaking speed of G1 hacking developments since the (pre-version RC30) root access exploit was discovered -- a definite reminder of how very fast work can proceed in an Open Source environment -- whether hacking related or not!

Now comes word that full-blown Debian Linux has been brought up on hacked G1s, in a manner that coexists with the G1's native Android Linux OS.

I haven't looked at the G1 Debian myself yet. I hope that folks are configuring it appropriately to constrain Linux's typically rather heavy disk I/O behavior -- flash memory has a limited number of erase cycles, so proper memory wear leveling (whether in the OS and/or within the hardware itself) is crucial.

But please note again that this fascinating R&D only applies to G1 units that have had root access enabled prior to Android system release RC30. Phones shipped at -- or upgraded to -- stock RC30 would not currently be able to participate directly in these endeavors.


Posted by Lauren at 12:48 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

Wal-Mart G1 Discount Goes Poof!

Greetings. I've previously discussed the claims of my local T-Mobile store that they'd price match (if shown a relevant ad) the lower (by $30) price that Wal-Mart announced for the HTC Google Android G1 when it actually appeared in "selected" Wal-Mart stores.

The G1 just listed on Wal-Mart's Web site, but they don't sell it online and the price is marked "varies by store." So finding an ad for price-matching purposes suddenly got significantly harder.

But this all may have just turned into a big no-op anyway. Rumors have been circulating that Wal-Mart had backed off on their plans to offer the G1 at a discount compared with T-Mobile, at least for now.

This morning I called the only "nearby" Wal-Mart (more than 30 miles away) to ask about G1 pricing. Indeed, they're in stock, but the basic pricing with 2-year contract appears essentially identical to that of T-Mobile, at least at the store I talked to: $179.88.

The salesperson seemed somewhat confused about whether tax applied to the discounted phone price or the full phone price (the store quoted the latter at $375), but in California you usually have to pay tax on the full, non-contract-discounted price of a cell phone.

Out of curiosity, I'd be interested to hear if any Wal-Mart stores are actually offering the G1 at a significant discount at the 2-year contract level.


Posted by Lauren at 12:30 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 10, 2008

What are you in for, kid? - "I worked for Google ... "

Greetings. Lost in the post-election buzz is a story of potentially major concern regarding free speech and the Internet, and the controversial issues of who is responsible for materials posted to the Net.

In Italy, prosecutors are bringing charges against four former and current Google employees, charging them with defamation and failure to appropriately control personal data.

The defendants in this case didn't post anything themselves. At issue is the posting of a video in 2006 to YouTube that showed students humiliating a youth with Down syndrome. Italian authorities are asserting that the posting of this video is contrary to Italian law, even though the video was removed from YouTube by Google within hours of Google being notified of its existence.

The ramifications of this case could be major indeed. YouTube reportedly receives hundreds of thousands of new videos daily (according to Google, at least 10 hours of video per minute are being uploaded).

Various countries around the world maintain an array of sometimes onerous and often conflicting rules about what constitutes "forbidden" video materials, and in some cases have at times pressured Google to remove various items and/or at least temporarily tried to block their populations from accessing YouTube at all.

Of course, these efforts don't ever really block the distribution of the videos in question, but the harassment value can be damaging in its own right.

But Italy, by bringing charges against Google executives relating to a video that was promptly removed from YouTube, are breaking very dangerous ground.

A successful prosecution in this case could lead to the draconian situation where no legitimate Internet site would be willing to allow videos to be posted without full pre-screening -- and even that assumes the expertise to determine what did or did not pass muster under any given set of national standards, which vary enormously and are continually changing.

This would create an utterly untenable situation that could bring the entire concept of "Web 2.0" user-contributed content to a grinding halt, at least out in the light. Underground -- well, we can safely assume that the content so distasteful to those governments would continue to flow under the radar. That's the technical reality of the Internet. But vast amounts of completely innocent materials would be stifled from legal distribution under the impractical demands for full proactive screening.

Given the reasoning behind Italy's prosecution -- especially if the prosecution is successful, why shouldn't we expect ever more countries to try take the same "shoot the messenger" approach? And why should we expect them to stop at videos involving children being harassed? How about "undesirable" political content? And audio materials? Why not try to restrict the posting of ordinary text and html pages the same way?

If anything you don't like shows up, toss the owners of the Web service in question into a dank cell and pull out the trusty Taser to show that you really mean business!

Seriously, with this prosecution, Italy is playing with fire, and the associated mindset could ultimately threaten to undermine the continuing growth, or even the continued operation, of vast aspects of the Internet that untold millions of persons around the world use and now depend upon every day.

If cooler heads don't prevail in Italy -- and even if they do -- we could have a very big problem on our hands just a short ways down the line.


Posted by Lauren at 06:11 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

Correction to "New Low ... Blame Obama" (earlier today)

Greetings. I'd like to make an important correction related to my entry earlier today: New Low for Anti-Net-Neutrality, Anti-Google Forces: Blame Obama!.

In that piece I took Scott Cleland to task, for what I termed his anti-Google, anti-network-neutrality arguments, and for seeming, in one of his recent blog postings, to suggest the potential for inappropriately favorable handling of Google, et al. by the upcoming Obama administration.

Scott's writing style isn't always the easiest to parse, and upon additional readings I've concluded that while he quoted other parties as impugning Obama's administration in this manner, Cleland himself is arguing against that particular interpretation. Judging from responses I've been getting, many other folks reading his piece got the same incorrect initial impression that I did, but that's not an excuse of course.

I stand by everything else in my posting regarding Cleland's views and organizations, and the manner in which some anti-neutrality, anti-Google forces are now attempting to suggest an inappropriate relationship between Obama and these issues.

However, I want to be clear that Scott Cleland himself is not an adherent of the anti-Obama viewpoint under discussion, and I apologize to Scott and the readership for my earlier mischaracterization on this score.


Posted by Lauren at 04:50 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

New Low for Anti-Net-Neutrality, Anti-Google Forces: Blame Obama!

Blog Update (November 10, 2008 4:50 PM): Correction to "New Low ... Blame Obama" (earlier today)

Greetings. The election is over, but it appears that one of the most visible spokesmen for anti-network-neutrality ISPs, and for Google-haters more broadly, is merrily borrowing a page from John McCain's losing "guilt-by-association" playbook.

Scott Cleland, President of Precursor LLC and chairman of its wholly-owned "anti-neutrality ISPs' mouthpiece" subsidiary, is a master of trying to divert substantive arguments into the bottomless pit of meaninglessness. He shamelessly has been attempting to negatively and inaccurately entwine Google and network neutrality arguments through various writings and public testimony.

I have previously critiqued some of Cleland's statements, and I'm on record as having been in favor of the (now defunct) Google/Yahoo ad deal as a positive step toward helping to ensure vibrant ad competition in the future.

But in his latest anti-Google tirade regarding that dead ad plan, Cleland stoops to what may be a new low, and appears to now be casting aspersions on President-elect Obama and his upcoming administration. Cleland apparently is concerned that Obama has been seen "palling around" with Google CEO Eric Schmidt, and Cleland seems to be nonsensically suggesting that Schmidt's (quite reasonable, in my opinion) personal endorsement of Obama now presages some sort of sweetheart deal between the Obama administration and Google.

Cleland's continuing anti-net-neutrality, anti-Google vendetta seems to know no bounds.

However, I try to be helpful whenever I can, and given Cleland's attitude, I'd like to suggest a possible spokeswoman for his cause who might be a perfect fit: Sarah Palin! Rumor is she'll have some spare time on her hands for a while at least, and she won't even need a new wardrobe to look stylish when providing public testimony for Cleland's organizations. Talk about a match made in heaven!

Just an idea. You betcha by golly!


Posted by Lauren at 12:40 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 08, 2008

G1 Jailbreak Fix Released (and Blocked), Plus Hacking Philosophy 101

Greetings. Google has released the promised fix (release RC30) to close the root access jailbreak in the Android G1. However, it seems likely that at least for G1's already in the field, it's too late to lock down this particular access exploit completely.

Newly distributed G1's will no doubt quickly be upgraded to RC30 before shipping, but for existing units in people's hands a variety of techniques are being widely discussed for blocking or altering this OTA (Over The Air) update. Modified system flash images are already being distributed that provide the desirable features of new updates but prevent the closure of root capabilities.

I've been doing Unix (and then Linux) system development since the days of Version 6 Unix (more than three decades ago) and they're by far my favorite OS environments. But there's an old axiom from way back about Unix (and by extension Linux) that still holds true today much of the time: "Once root, always root!" That is, if you ever get access to unrestricted root "superuser" capabilities, it can be very difficult for anyone to take them away from you later, if you know what you're doing.

Of course, for persons who receive phones preloaded with RC30 or later revisions, or who allow their G1s to upgrade to those levels, the current root door will be closed. But for anyone in the know with a pre-RC30 G1 right now, recalling their superuser capes will likely be difficult, especially since the G1's underlying Linux system is such a known quantity, and Android is Open Source (a design decision I certainly applaud).

But there do exist techniques that could make future G1 root exploits much more difficult, or make the lives of users who have deployed the current exploit on their own phones fairly miserable.

It will be up to Google to decide how hard they wish to push back against these developments, and especially how serious they view the current population of root-capable G1 phones to be.

An useful example might be gleaned from the TiVo experience (another Linux-based consumer project). TiVos have been heavily hacked in all sorts of ways, ranging from modifications to add in larger or multiple disk drives, to other more controversial unsanctioned alterations. And while TiVo has taken technical steps to make some of these modifications much less trivial to deploy than on their earlier platforms, they have not been "going after" the folks developing these exploits in a heavy-handed manner.

In fact, there is often a very visible bright line in the hacker community when it comes to these sorts of devices, between those who want to explore and access the hardware/OS to their hearts' content, vs. those who want to defraud (e.g., obtain related services for free).

My observation is that the former groups usually far outnumber the fraud-oriented latter ones.

A challenge for Google -- or any other organization in a similar situation -- is to balance their response to exploits in such a manner that they don't unintentionally drive significant numbers of persons from the more benign "exploration" category into the darker ("hell, we'll show 'em!") fraud category.

As usual, no simple answers, and no easy solutions.


Blog Update (January 1, 2009): Root Access Jailbreak for Google Android G1 RC30 -- Plus More Bonus Philosophy

Posted by Lauren at 08:01 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 07, 2008

Internet Foils Belgian Court's Attempt at Censorship

Greetings. Wikileaks is vividly demonstrating why I keep repeating the phrase "You can't effectively censor the Internet."

It seems that a Belgian satirical magazine just published a "sex satire" story involving the country's chief of police. Rather tasteless? Yeah, it seems so. But hardly earth-shattering.

Still, it was enough to trigger the Belgian legal system's ordering that all copies of the magazine be recalled from stores, presumably to try block distribution of the satire and its associated images.

The result is predictable to anyone who grasps the power of the Internet. Wikileaks has placed the materials in dispute online, where they will now garner far more attention -- and on a global scale -- than they ever would have if the Belgian authorities' censorship attempt hadn't been initiated.

By now the story and photos have been replicated on the Web around the planet, way beyond Belgium.

It's notable in this case that the original source materials didn't start on the Net. But the Internet's power to foil censorship can -- as this example makes clear -- easily extend beyond the Net back to conventional media that can easily be brought online with a simple scanner or video capture card.

Will the champions of censorship ever learn this basic yet awesome truth?


Posted by Lauren at 02:00 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 06, 2008

Google Android G1 Jailbreak ("That Didn't Take Long")

Blog Update (November 8, 2008 8:05 AM): G1 Jailbreak Fix Released (and Blocked), Plus Hacking Philosophy 101

Blog Update (November 6, 2008 7:40 PM): Google says a patch to close the G1 jailbreak described below will be pushed out soon. Will we see a repeat of the PSP/iPhone root battles after all?

Greetings. Well, we knew it would happen, but you gotta give the gang over at xda-developers credit for moving at warp speed. Looks like the HTC Google Android G1 has already been "jailbroken" -- that is, a procedure developed to grant full read/write "root"-level privileges on the device.

This potentially opens up capabilities not presently available to users on the G1, such as running applications from storage cards (instead of from limited internal memory), true daemons, and ... well, all kinds of useful and fun stuff.

Here's an article that gives more background on this development, and accurately (in my opinion) explains why it seems relatively unlikely that a serious iPhone-like "arms race" between Google and G1 users will develop to try repeatedly close (and crack) this sort of access to the G1's internals.

After all, the G1 is vastly more open than the iPhone to begin with, and apparently the G1 root crack was also (as one might expect) far simpler to implement than was the case in iPhone-land. Still, time will tell.

Have fun. But if you've never played Linux sysadmin, please don't complain to me if you brick your phone!

% su


Posted by Lauren at 04:46 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

Official T-Mobile Policy: Tough Luck If You Lose Messages

Greetings. In Readers Blow Their Stacks Over Voicemail Prompts and Beware: T-Mobile's Voicemail Paging Trap I recently discussed the serious risks of T-Mobile's voicemail system offering callers numeric paging even when the called party has numeric paging notification disabled (apparently the default setting).

The risks are obvious. Telling callers that they can leave a numeric page instead of a voicemail message, and then effectively throwing that page into the trash when the called party has paging notification off (and has no interest in returning a call to random paging call back numbers in any case), creates a terrible situation. You can easily end up with callers who believe that they are going to get a call back -- but never will. In critical situations, human nature being what it is, this could be disastrous.

The blog items noted above discuss this scenario in more detail.

I found it difficult to believe that official T-Mobile policy could possibly amount to the "tough luck" response that people seemed to be getting.

Unfortunately, it appears that T-Mobile is indeed giving their subscribers the "one-finger salute" on this matter.

I've now taken this issue up through T-Mobile Tier 2 support, media relations, and a few minutes ago with T-Mobile U.S. "Executive Resolutions" (Office of the President). I might as well have been talking to parrots. No, wait, that's not fair to parrots. You get more responsive statements when talking to those intelligent birds.

T-Mobile appears to be utterly and completely clueless about the risks associated with their current voicemail configuration, and totally unwilling to be educated on the matter. In all cases, I ended up receiving what sounded like the same prepared script informing me that "since all T-Mobile subscribers had the ability to enable numeric paging, all callers must receive the paging option."

I attempted to explain the obvious and potentially serious risks of accepting numeric pages, and even saying that they were sent, when the called party hadn't enabled paging notification and wouldn't return pages -- meaning that those pages were just being sucked into a black hole.

No luck. I might as well have been talking to machines -- the same unresponsive pap was just repeated to me again and again.

While I couldn't get any T-Mobile representative to admit it, it's clear that their policy in this regard amounts to a total lack of concern regarding whether or not T-Mobile subscribers can rely upon receiving even important messages.

I'm still not entirely sure whether I've penetrated deep enough within the T-Mobile corporate structure to reach someone competent to comprehend the risks involved in their current configuration. Perhaps there's someone in Germany (from where T-Mobile is ultimately controlled) who can understand the simple concepts involved.

In the meantime, I'll begin investigating the possible escalation of this matter to U.S. state and federal regulatory authorities.

Lost messages can be merely an inconvenience, or they can be a disaster affecting life and property. Technical problems will occur from time to time and can often be excused. But bad policies that create unnecessary risks, combined with an unwillingness to correct such policies, is an inexcusable situation.


Posted by Lauren at 11:36 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

Is Africa a Continent? Don't Ask Sarah Palin!

Greetings. An amazing and rather frightening report has appeared on the ABC News site, that appears to illustrate what a near miss this country just suffered with Sarah Palin.

With the election over, McCain staffers are spilling their guts about the would-have-been Vice President.

Their revelations include the accusation that when tapped for the V.P. role, Palin didn't know that Africa is a continent. It is also claimed that she didn't know the members of the North American Free Trade Agreement (OK children, let's name the three countries in North America! All together now ...)


But it's also reported that the $150,000 spent on Sarah's clothing and accessories wasn't even the entire tab, and that the GOP was flabbergasted when they learned where Sarah had done her shopping and the total she rang up for herself, plus (surprise!) her "First Dude" husband Todd.

This is now all somewhat academic to everyone but the GOP bean counters, except that Sarah may have future national office aspirations.

To think that Palin came as close as she did to becoming "one heartbeat away" from a potential U.S. President (who would have been the oldest one ever sworn into office) is nothing short of scary. And what it tells us about John McCain's judgment during the campaign is simply depressing.

But Sarah should be back in Alaska by now. And if she seriously wants to run for higher office in the future, at least she has time to work her way up to a Middle School level of geographic and global affairs knowledge.

It's time to quote "Eros" in Plan Nine From Outer Space yet again: That was too close!


Posted by Lauren at 08:05 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 05, 2008

Masochistic Thrills for Google/Yahoo Deal Breakers

Greetings. It has been announced that Google and Yahoo have terminated their proposed ad partnership plan due to continuing objections from Microsoft, DOJ, and other parties.

As I noted in How to Destroy Yahoo a few days ago, the collapse of this proposal could ultimately be devastating to Yahoo, and a major blow against vibrant competition in the Internet ad marketplace.

The Google-haters who pushed so hard to block the plan may ultimately come to realize that they have just shot themselves directly in their own feet. One assumes that they're lovers of self-inflicted pain. But it's very unfortunate that the rest of us have to be unwillingly along on their masochistic ride.


Posted by Lauren at 12:57 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

A Google Search to Aid President-Elect Obama?

Greetings. Before we return to our regularly scheduled blogging, I must take this opportunity to congratulate President-elect Obama on his election victory, and offer my best wishes for him, our country, and the world.

The challenges facing Barack Obama are of a magnitude that are almost impossible to even comprehend. This would be the case even if the current administration weren't leaving behind the horrendous mess that will greet Obama, his staff, and his family.

Perhaps Google could help provide a road map to the issues that are likely to be of concern to the upcoming President Obama. Just one simple URL might pretty much do the trick:*

OK, that query string won't really work. But you get the idea.

And so the adventure begins ...


Posted by Lauren at 12:22 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

November 01, 2008

ISPs Race Toward the Bandwidth Cap Twilight Zone

Greetings. ISPs say that they mainly exist to serve their subscribers. But increasingly, it's difficult to be sure about whose interests they're actually serving.

The New York Times is reporting that ISPs are all hot to trot for bandwidth caps and "extra usage" charges, and some of these seem best described as draconian.

Frontier is talking about a 5 GB/month bandwidth cap. T-Mobile, which had previously backed down on a 1 GB limit for Google Android G1 users, now is calling customer data usage levels "crazy" and is gearing up for limits and "excess data" fees.

All around the Internet, Internet Service Providers, having suckered users in for years based on the promise of "unlimited" usage (though in reality it never really was truly unlimited in most cases) are now priming the profit center pump -- with images of video moola dancing merrily in their bean counters' hearts.

The calculus seems rather straightforward. Legitimate video applications now reportedly exceed P2P in terms of data volume. But many ISPs are video suppliers in their own right (cable, DSL U-verse, etc.) These internal video services, especially pay-per-view, are cash cows supreme.

The last thing that ISPs want is to be competing with a vast range of outside Internet services which are also providing video. So to the extent that these "interlopers" can be marginalized and disadvantaged, the more subscribers can be expected to avail themselves of the ISPs' own video offerings.

Too simple an analysis? Video is only one factor? Fair enough. But unfortunately, much of the data regarding ISP Internet traffic, usage, and associated activities is considered proprietary by those very same ISPs -- rendering outside observers impotent to characterize the situation in a comprehensive manner.

So we usually just have to accept an ISP's word for it when they attempt to justify their disdain for what they call the "heavy users" of the Internet, vs. their preferred users, whom we assume are little old ladies from Pasadena who only use the Net on Sunday to check on the weather before heading out to church.

Speaking of Internet usage choices -- here's a question to ponder. Faced with bandwidth caps and extra charges, which of the following is the average Internet user likely to cut back? Video viewing? -- or routine application updates and their associated security fixes that often don't seem to do anything particularly visible nor interesting on users' systems?

Logic would point toward the former -- after all, video is typically going to eat a much larger share of data than updates (though with a 5 GB cap, even some routine updates are going to definitely take a significant chunk). Psychology however suggests that before many users will change their behavior with the applications that they most use and enjoy, they'll probably turn off everything else, and updates might easily fall into that latter category, with associated "interesting" ramifications.

The lack of an appropriate regulatory structure for ISPs in the U.S. has left consumers of all types, sizes, and needs at the ISPs' mercies. Consumers usually have no effective paths to verify ISP claims or protest their actions. Meanwhile, ISPs are moving rapidly toward usage-sensitive bandwidth caps and per-byte charging -- likely the most significant Internet paradigm shift to affect consumers since the Net was first commercialized.

If you're feeling complacent that these ISP crackdowns haven't affected your usage yet, don't get too comfortable.

There are many definitions of "service" -- and when it comes to various recent ISP actions, I'm increasingly reminded of a classic original Twilight Zone episode. To quote Lloyd Bochner in To Serve Man:

"Sooner or later, we'll all of us be on the menu."


Posted by Lauren at 11:15 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein