March 30, 2011

"Shagging" on the USC Roof: Privacy Lessons for Participants, Photographer, and Us

Greetings. By now you've probably heard the story of the USC Frat Boy and his obviously willing female companion, who decided to burn a few calories via intimate calisthenics at the edge of a high USC building roof a few days ago.
[Photos - Warning: Only Minimally Censored]

To say that various parties around USC are upset about this situation would be the understatement of the academic year.

The privacy lessons for the involved couple seem obvious enough. The privacy lessons for the photographer -- and the rest of us -- are worth a bit of discussion.

A video interview with the (so far) anonymous photo fan surfaced today -- complete with disguised voice and his head carefully positioned beyond the visible video frame.

This mystery shutterbug -- a student at USC himself -- seems to display the tiniest bit of remorse for how this situation has exploded. He swears that he never intended for the photos to go public, and expresses surprise that somehow, someone managed to copy the photos from what he thought was a limited access Web photo account -- that he apparently only intended to share with a few friends.

Of course, we all know that the instant he enabled access to those photos for anyone other than himself, he lost all effective control over the images. Even someone without download privileges for the photos could have easily captured them directly from nearly any screen on which they were so much as momentarily displayed.

Virtually any time you share anything on the Internet, you are implicitly trusting all other involved parties not to abuse the associated files and data.

This doesn't mean that you shouldn't share. Far from it. But it does suggest that especially when dealing with any information that could be considered at all sensitive, it's up to the sharing party to very carefully choose with whom they are sharing. Don't blame the Web service if your "sharing buddies" turn out not to be trustworthy after all.

As for our friend the USC student with the SLR camera, what can we say about his protestations of innocence?

Should we consider his photo posting behavior to represent merely ignorance of the potential ramifications? Perhaps. But since he apparently decided to share the photos in the first place, his "I didn't mean it!" claims are, shall we say, not 100% convincing.

And by the way, the attempts to shield his identity, after his photos served to immediately identify the USC student on the roof, represent yet another privacy lesson.

To wit: Don't depend on lame vocal "disguises" to protect your identity in public interviews. For example, what happens if one throws a bit of processing at the audio of that interview, and approximates a correction for the crude pitch change obfuscation method employed?

Answer: This audio file (MP3 / ~2.3 MBytes).

Remember, as Austin Powers might say, "On the Internet, everybody might see those photos you snagged of the couple who shagged. Yeah, yeah, baby!"

Who ever said that privacy issues are boring?


Posted by Lauren at 09:46 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

"Gaming" Google's New "+1" Social Recommendations System?

Greetings. Google has begun deploying a new social recommendations system, called "+1" (the term "+1" has long been shorthand within Google for "I like this" or "I agree with this").

This system appears to have a great deal of merit and positive possibilities.

Of course, since these recommendations are typically shared in various ways, there are a range of implications.

Initially, +1 will reportedly be used to "tag" search results and ads, though ultimately +1 data may also affect search results rankings in the future.

Google appears to have well thought out the privacy issues associated with the +1 implementation.

However, I do have some concerns about the potential for purposeful "gaming" of the system to artificially distort and boost perceived "value" or "goodness" of specific results or ads, even in the absence of direct ranking effects per se at present.

And at such a time as +1 may be used for ranking, there's a key question to be considered (even in the absence of specific boost-oriented gaming attempts): Is a popular result necessarily a better result -- or the best result?

I brought this up with Google's Matt Cutts this morning, and he agreed that popular was not the same as best, but noted that Google was interested in exploring the +1 ratings as a potential rankings signal.

It will be interesting to see where this all leads.

But one possible hint of the complexities is already obvious. Within literally minutes of Google's official announcement of +1, I started receiving requests from various parties begging me to immediately +1 specific search results -- even telling me in detail how to find those results.

That sure didn't take long. Ouch.


Posted by Lauren at 12:40 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

Google Settles with FTC over Buzz Complaints (or: Much Ado About Little)

Greetings. Google has reached a settlement with the Federal Trade Commission over complaints related to their launch of Google Buzz last year.

The main features of this settlement are:

- requiring that Google obtain users' consent before sharing their information with third parties if Google changes its products or services in a way that results in information sharing that is contrary to any privacy promises made when the user's information was collected

- requires Google to establish and maintain a comprehensive privacy program

- requires that for the next 20 years, the company have audits conducted by independent third parties every two years to assess its privacy and data protection practices

Some observers have also suggested that Google's accidental collection of data from unencrypted, completely open Wi-Fi networks would have been considered to be a violation of such a settlement, resulting in fines of up to $16,000 per violation.

Google's blog posting regarding the settlement is here: (Official Google Blog)

The FTC's statement is here: (FTC)

My primary blog postings (both from February 2010) related to the Buzz launch were:

"'Google Buzz' -- and the Risks of 'Automatic Friends'"":


"The Google Buzz Launch -- and the Limits of Downing Dogfood":

In the first of my postings referenced above, I noted my concerns about the way default "friends" were assigned in Buzz, but I also pointed out that sharing itself was not forced on Gmail users, and in an update a few days later noted that Google had moved very rapidly to alter those settings in ways that appropriately addressed the concerns.

In the second posting, I speculated on the possible genesis of the Google Buzz launch issues, and noted the mass of hate mail I received for daring to publicly suggest that Google was indeed addressing Buzz concerns in a reasonable way.

My blogged thoughts on the vastly overblown Google Wi-Fi controversy are outlined in:

"Google's Wi-Fi Crucifixion, an Open Mike, and Public Is As Public Does"


"'Highly Illogical': The Hysteria Over Google's Wi-Fi Scanning"

As for the FTC settlement itself ... Google already spends a great deal of time and effort on privacy issues, but just as I've long argued for some sort of more formal Google "Ombudsman" or other more structured user contact apparatus, e.g. in my Google Ombudsman blog postings such as: -- a more formal privacy structure (perhaps even combined with an ombudsman-type system of some sort) will likely be a win-win for both Google and its users in the long run. There are many other large firms that already have more structured privacy/ombudsman frameworks, and they have usually served well.

Independent external privacy audits, and affirmative consent before changing key privacy provisions are good practices in any case, especially for substantial enterprises.

Yet I can't help but question the singling out of Google for such requirements given the relatively minor nature of the transgressions under discussion, while much more serious "privacy problems" by other firms have often been dismissed with merely a nod and a wink. Without casting aspersions on the FTC, it seems clear that much of the loudest complaining brouhaha regarding the Buzz launch was driven by traditional anti-Google elements, both obvious and of the hidden, insidious "astroturf" variety.

Overall, the settlement terms largely represent practices that can be viewed as good policy, and don't seem unreasonably onerous or drastically punitive.

However, I hope that in the future the application of such requirements will be considered appropriate as a matter of course for at least all large firms that deal with consumer information, and that relatively minor errors, purposely blown out of proportion by vested interests, not be the apparent primary impetus for regulatory actions in these areas.


Posted by Lauren at 12:14 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 28, 2011

NY Times Paywall: Ignoring the Micropayments Lesson from Outer Space!

Greetings. As you likely know by now, the New York Times paywall is scheduled to launch in the U.S. and globally today, to, uh, considerable controversy.

While their paywall system reportedly includes a range of exceptions and options, the bottom line is that it is complex for users and subject to bypass in various ways.

But beyond that, it is -- along with most other large news-oriented Web subscription services paywalls -- inherently selfish by design.

It may seem strange to call the Times' paywall selfish given the promised ability for free viewing of articles referred from other sites. But each such view will supposedly still count against a non-subscriber's monthly quota of 20 free "non-referral" views at the Times site itself, and when you hit that limit, your most inexpensive option for continued non-referred access appears to be a subscription purchase.

By contrast, if I have an urge to read the Times on any given day, I can pop over to a nearby newsstand and buy a single printed copy without any muss, fuss, complications, or further obligations.

The ability to easily buy a physical "day pass" to a newspaper is of course a model that goes back to the dawn of commercial journalism.

The beauty of a longer-term subscription model is clear enough to newspaper publishers -- the more dollars you can lock in on a guaranteed basis, especially for a product as essentially fungible as news, the better for the bottom line.

Yet there is another model -- one straight from the science fiction of outer space.

Gordon Randall Garrett's wonderful 1963 story A World by the Tale tells of a human author offered what appears to be a humiliatingly low royalty rate in exchange for galaxy-wide publication rights to his book, courtesy of a notoriously stingy Galactic Civilization that has recently discovered Earth. The royalty percentage? One thousandth of one percent.

But when his first royalty check arrived, the author was stunned by the enormous size of the resulting amount, and the information that such large sums could be expected to continue paying to him throughout the rest of his life -- making him even by Galactic standards a very wealthy man.

What he hadn't considered initially, is that the galaxy is a very big place.

And so, relatively, is the Internet.

There have been various attempts at implementing "micropayment" systems on the Net -- the equivalent of that seemingly tiny Galactic royalty offer.

None have been notably successful, due to a variety of technological, logistical, or other reasons. But the concept is still very sound, especially for the maturing Internet of today.

How many millions of people might be willing to pay a penny per page to view specific New York Times articles of interest -- or articles at other sites?

$10 at this rate would buy 1000 page views, that a user could distribute as desired among a wide variety of sites -- rather than being forced to spend relatively large chunks of cash at single sites for much greater access than they really need or want.

Instead of Internet users' limited content purchase funds being funneled to only a few powerful, established enterprises in big chunks, enormous numbers of users could individually spend a tiny amount at a vast range of individual sites, which could still see significant income based on the sheer volume of visitors.

I am not suggesting that the free, ad-based model that we've come to enjoy on the Internet is flawed or undesirable -- but it may be at serious risk not only due to expensive paywalls, but also as a result of "do-not-track" efforts that seem to be unwisely barreling ahead, without appropriate consideration of inherent complexities and potential collateral damages.

Nor am I saying that the New York Times -- arguably the greatest newspaper on the planet -- isn't worth paying for.

But I am suggesting that the sorts of online subscription models that we see emerging to date are likely to benefit the few over the many.

I spend considerable time and money to operate this blog and my other venues. I don't run ads. Are these postings worth a penny to the average viewer -- the traditional cost of single gumball? Or -- dare I think it -- could they even be worth, say, a full nickel?

At least in an existential sense, we're all likely doing something very wrong if our Internet efforts aren't worth a single cent.

A widely deployed, successful, Internet micropayments system could allow virtually all Web sites -- even very small ones who chose to use it -- a means to compete on a playing field where Internet users could spend individually tiny amounts to view materials of real interest, rather than much larger amounts to purchase subscription packages including all sorts of materials that they don't necessarily really care about.

While most news and information sites on the Net remained free access, this did not seem to be an issue of notable concern. But now that the relatively expensive "big site" subscription news paywalls are going up, it's definitely time to revisit the micropayments concept, to see if we can create an environment where a vast range of Web sites -- rather than mainly the privileged big boys alone -- can participate in these evolutions.

All else being equal, I'd prefer that the "free access" Internet model continue. But the major news sites in particular seem hellbent on ending this golden age, and frankly that's their definitely their right -- in the main they have quite valid financial concerns.

But it would be utterly unreasonable for the rest of us to just sit by and let these major firms suck up the entirety of content purchase income, leaving untold millions of valuable sites effectively shut out entirely. Micropayments may be the key to helping establish a sense of equality in this important regard.

If the Internet is going to move toward "pay to view" -- then we should demand that all worthwhile content providers, even the smallest of sites, should be able to equitably participate in this ecosystem if they wish to do so.

It is, after all, a big galaxy -- and Internet -- out there.


Posted by Lauren at 10:39 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 27, 2011

The Thumbs Up, Thumbs Down Dilemma: When Hate Means Love or Love Means Hate

Greetings. Love and Hate are unarguably among the most basic of human emotions, largely primal forces that guide our lives both consciously and likely unconsciously as well.

Judging from the dictionary definitions alone one would assume that these two sentiments are always polar opposites, "never the twain shall meet."

And for most of us when young at least, when the world seems painted in sharp "good vs. evil" black and white images, love and hate seem to be deceptively simple concepts.

But as we age, and experience the world in more of its complexity, the sometimes distressing truth emerges. The lines between hate and love -- emotional, spiritual, and physical -- are often blurry and indistinct, and sometimes entirely contradictory.

Like the psychotic character of Harry Powell from the terrifying 1955 film masterpiece The Night of the Hunter -- with LOVE and HATE tattooed on the knuckles of his right and left hands respectively -- the words alone do not provide dependable clues to our true thoughts and beliefs.

Yet the "social" aspects of the Web have increasingly been defined in terms of "binary" ratings: Like or Dislike - Love or Hate - Thumbs Up or Thumbs Down.

Such ratings, on videos, postings, comments, and myriad other Internet items, are not necessarily inconsequential. The resulting rankings and scores can affect visibility, monetization, and other aspects potentially important to both posters and viewers alike.

When YouTube discovered that most video rankings tended to bunch around the very "bottom" and "top" of their star-based rating system, that system was replaced with a simple thumbs up vs. thumbs down mechanism instead, further encouraging "binary" thinking in this regard. This change wasn't necessarily positive or negative in and of itself -- but to view it as a minor alteration would be a mistake, since constraints on choices inevitably -- and by definition -- have an impact on the choices that people will make.

Perhaps of even greater concern, it isn't always even clear as to exactly what an individual rating is actually referring to.

In Google Buzz (which I use heavily and consider to be an invaluable venue), you can "Like" a posting -- but not the later individual comments that become part of any given posting's discussion thread.

This frequently creates a dilemma when controversial topics are under discussion. If you agree with a particular comment, but perhaps not with other comments or the original posting, is it appropriate to "Like" the posting itself?

In practice, what tends to happen is that users will try to explain the specifics of their feelings regarding particular comments rather than use the ranking system itself, but this is not a substitute for ranking signals that actually affect totals such as "10 people liked this ..." In essence, if you don't use the formal "Like" or "Reshare" systems, your opinion can't enter the calculus per se.

A different aspect of these dilemmas is also apparent on YouTube. When rating a video -- thumbs up or thumbs down -- are you rating the "value" of the video itself, or are you expressing agreement (disagreement?) with the actual content of the video?

The same sort of concern can arise when rating other materials as well. I'll bet you've had the experience of seeing a posting containing some content with which you strongly disagreed, but that you considered to be a posting that more people should be exposed to -- as a negative example if nothing else.

So you hover over the "Like" or "Thumbs Up" button and say to yourself -- are people going to think I'm agreeing with what this nut is proclaiming, or will they understand that I just think that the item itself is important to view?

And perhaps you decide that rather than risk that confusion, you won't rate the item at all. Or you vote down the item to indicate your disagreement with the content, even though (or perhaps not realizing) that this may create a signal that actually tends to depress the rank of the item, making it less likely to be seen by others -- perhaps the exact opposite of your desired intention.

I've seen what appear to be exactly these scenarios with some of the material I've posted on YouTube. Upsetting but important content tends to be voted down, even as the associated comments' texts indicate how viewers feel that the video is important to see! YouTube does provide the capability for viewers to Thumbs Up or Thumbs Down individual comments -- which is extremely useful, but is dependent on the presence of comments in the first place for these additional signals.

While I've primarily used specific examples related to Google above, that's merely due to those services' wide visibility. In reality, the sorts of rating conflicts I've described are endemic across the Web, and have become very much "standard operating procedure" regardless of vendor.

And while it's understandable why such ranking dilemmas exist, they do seem to suggest that the binary Up/Down rating paradigm is fundamentally too limiting, and that it is sometimes skewing potential ranking signals in ways that may be exactly the opposite of many users' actual sensibilities regarding associated materials.

How to best improve this situation is definitely not obvious. It could be argued that the expansion of existing "Reshare" mechanisms could well serve -- by emphasizing users' indications that specific items are worthy of being more widely seen regardless of agreement or disagreement with the content itself. But Resharing tends to be a public activity where the party doing the sharing is identified in some manner, and many users are likely to be concerned that sharing still suggests agreement to one degree or another.

Certainly it would almost always be useful for users to be able to rate comments as well as original postings in all venues where ratings are available. Such capabilities are already present in a number of popular Web platforms, including YouTube as noted above.

More fundamentally, being able to individually specify whether one values a particular posting itself, separately and distinctly from liking or disliking the actual content of a posting, could be extremely useful.

How to functionally implement such a bifurcated ranking system in an intuitive way -- that does not itself foster user confusion -- is also very much a nontrivial question.

Overall, I believe it would behoove us to more intently explore the entire area of user rankings, with an eye toward clearly delineating the often marked differences between postings as "messengers" of information, vs. their contained messages themselves.

Just as glancing at Harry Powell's tattooed knuckles would tell us little about his true inner motivations, the user rankings on many Web sites may tend to mislead us, in that complex realm of what we really like, what we really dislike, and what we actually value on those sites that make up such an important part of so many lives today.


Posted by Lauren at 12:15 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 23, 2011

Last Night's New "Coast" Radio Interview: Internet, Google, Privacy, and Other Issues

Greetings. Literally just a few hours before air time last night, I was booked back onto the Coast to Coast AM radio program for a two hour interview slot.

[ Background information about the show - from Wired ]

As always when I guest on Coast, I enjoyed it greatly, and since we had plenty of time to work with, host George Noory and I covered an especially wide range of technology topics.

We started out with biometrics, then moved on to issues including the Google Books settlement court decision, bandwidth caps vs. video, ISPs, Internet competition, Net Neutrality, security, Facebook, anonymity, privacy, top-level domain (TLD) controversies (e.g., ".xxx"), Internet history, "Do-Not-Track" -- and much more.

No transcript is available yet, but since I did not do this interview over the phone, I'm hoping that the much higher audio quality will ultimately ease automated transcription. The actual interview itself lasted about one and a quarter hours spread out over two hours of the show.

The interview audio is available below and at:

Internet, Privacy, and More - "Coast to Coast AM" Radio - 3/22/11
(YouTube [Audio Only] / ~1.25 hours)

As always, your comments are most welcome.



Posted by Lauren at 08:34 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 22, 2011

Extremely Unfortunate: Court Rejects Google Books Settlement

Greetings. Unraveling years of work and negotiations, federal Judge Denny Chin has rejected the Google Books settlement.

I consider this action to be very bad news, unfortunate in the extreme for lovers of literature. The settlement wasn't perfect, but offered broad benefits to all involved parties, plus to the Internet community at large.

The details are in the full PDF text of the decision.

And for reference, my 2009 blog posting, The Joy of Libraries, a Fireman's Flame, and the Google Books Settlement may also be of interest.

There will be much more to say about this later.


Update (March 24, 2011): My discussion of the Google Book Settlement situation from my interview on Coast to Coast AM Radio two nights ago can be heard here.

Posted by Lauren at 01:45 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 21, 2011

AT&T's T-Mobile Merger Ploy: Rewarding the Worst

Greetings. One of our characteristic traits here in the U.S. is that we seem to love big things -- big banks, big insurance companies, and especially big telecommunications conglomerates.

Quality is not usually the relevant issue. We appear to fundamentally admire -- or at least tolerate -- corporate bigness, even gigantism, even when substandard quality (or worse) are the hallmarks of the enterprise or people involved.

This isn't to say that vast scale cannot be combined with high quality -- witness Google's organic growth and overall very high user satisfaction ratings, for example.

But in some sectors, bigness prospers not due to superior quality, but simply by leveraging "too big to fail" fears on a colossal scale.

This is why the Wall Street crooks who very nearly drove us into a depression are still raking in the billions -- party time continues for them essentially unabated. They know that they are pretty much untouchable since their tendrils so deeply pervade society that significant retribution against them might be suicidal for society at large.

AT&T, in its bold move to buy out T-Mobile USA for $39 billion, believes that it has similarly become "too big to fail" -- too big to be refused by anyone, including government regulators.

In the decades since the 1984 breakup of AT&T, we've watched as Ma Bell has carefully reassembled her component parts. For many years I've used the example of the T-1000 "shapeshifter" cop from Terminator 2 -- merging its blown-apart pieces back into a solid whole -- as an analogy for AT&T's resurrection. This has now become something of a common meme when talking about AT&T.

In the case of the T-Mobile merger, the T-1000 -- oops, I mean AT&T -- has trotted forth a number of predictable supporting arguments. Better coverage. Lower rates. This time AT&T is even claiming they're being patriotic by assimilating their lower-cost competitor -- a bigger AT&T is better for the USA, they claim.

There will be much written about the technical and economic aspects of this proposed merger in coming weeks and months.

But just for the hell of it, let's explore a more fundamental aspect of AT&T and the T-Mobile transaction. This isn't Jeopardy!, but I'll put this issue in the form of a question anyway:

Must we continue rewarding the worst, simply because they are so large?

And in many key respects, AT&T is the worst. Many surveys show their wireless services as being the lowest rated in the country. This isn't just a matter of overloaded networks and wireless expansion; they have become decreasingly consumer oriented for years in virtually every respect, with their quality declining ever faster as their size has grown.

This is not a condemnation of AT&T's employees overall. In fact, some of the most frustrated people I've talked to regarding AT&T, are their own customer service reps and technicians, who have watched their support resources decline precipitously, but dare not complain for fear of losing their jobs in a terrible economy. I've seen AT&T techs bend over backwards to try deal with botched-up circuits and situations, only to be blocked at every turn by higher level management.

To be sure, AT&T was on a downward quality spiral for a long span, but once their new corporate masters in Texas got control, the quality disintegration became palpable.

This isn't just a matter of wireless either, it's across the board with AT&T. Recently here in California, they retroactively increased the cost of low-income lifeline services by about a third. AT&T reps who happened to mention this to me related how they were flooded with calls from angry or crying subscribers wondering how they were going to maintain phone service. These AT&T reps felt mortified by what they were forced to tell customers.

And pray nothing goes wrong with an AT&T data circuit. The saga of one circuit I've had for many years is unfortunately representative. It's a circuit I have to keep running since no reasonable alternatives exist at my location. At one point, it was going down every 30 days or so, just like clockwork. It would take me hours on the phone to get it built back up, every time. This went on for months. None of the normal tech support channels (neither locally or outsourced overseas) could figure it out. Basically AT&T told me "tough luck."

Finally, using high-level AT&T contacts that most people naturally don't have, I was able to reach an AT&T engineering manager (in Texas, of course) who ultimately figured it out. As I had suspected, there was a database problem in their provisioning system. But no reasonable, normal means of finding this existed. I was eventually able to get this particular problem fixed. But what of ordinary customers who don't have my contacts? To use the vernacular, they're basically screwed.

And don't assume that the circuit in question has been all roses since then. In fact, the local interface hangs routinely requiring a power cycle to restore. This can happen every few days, or multiple times a day. More frequently, less frequently, no pattern has ever been established -- other than my suspicion that higher outside temperatures increase the failure rate. It's been like this for years. AT&T can't fix it. The techs tried really hard, equipment was replaced and so on, but the techs admitted that they simply didn't have the resources to properly debug in such situations any more.

One night, fed up with the circuit hanging for hours so frequently, I went on a rampage with a soldering iron, and literally threw together a hack to monitor the interface and physically power cycle whenever the interface hung. It worked, and I'm still using it constantly over two years later. Here -- take a look at what I call the "AT&T Fail Reset Hack". It's that nightmare of wire and solder just to the right of the punchdown blocks. Your ability to read this blog posting partly depends on the actions of that silly homemade device.

How often does the data circuit still hang? Here's a link into the actual real-time reset log dating back to the original night of installation. See for yourself.

I should never have had to deal with such a situation -- and been required to build such a hack -- to keep a relatively expensive AT&T circuit up and running.

Yes, these are but individual examples, but they are emblematic of so much that has gone wrong with AT&T as they've become larger ... and larger ... and larger still.

AT&T's being again so enormous is simply bad news for wireless subscribers and users of any other telecommunications services. AT&T's anti-consumerism and massively declining quality are the opposite of patriotic.

To reward AT&T's enveloping mediocrity with the prize of T-Mobile USA wouldn't just be "unthinkable" as various observers have already suggested, but would be nothing less than a full-fledged travesty.


Posted by Lauren at 12:25 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 18, 2011

ICANN Approves .XXX -- Boycott Urged -- ICM Keeps Blowing Smoke

Greetings. As expected, ICANN has approved the ".XXX" gTLD (Generic Top-Level Domain) -- or using my preferred notation in these postings to help avoid filter blocking: "dot-ex-ex-ex" ...

Back in 2005, in Open Letter: Why "Dot-Ex-Ex-Ex" is for Chumps, I urged the adult entertainment industry not to play along with any .xxx TLD should it come to pass.

It appears that they agree with me. The Free Speech Coalition, which represents the adult entertainment industry, strongly opposes the creation of this TLD, and is now recommending a boycott. They feel (quite accurately, indeed) that this TLD will be widely blocked, and will trigger efforts to force their members to give up all other Internet addresses and be present only in this new "red light district" TLD, creating a terrible precedent for Internet censorship and the crushing of free speech more generally.

Stuart Lawley, the man who has cornered ICANN into this terrible decision, and who stands to strike it rich by operating .xxx and associated civil liberties eviscerating services, is continuing to spout the same misleading statements as always.

Last July, in ICM Registry and Deceptive Dot-Ex-Ex-Ex Polls, I noted how his ICM Registry quoted deceptive polls to claim support for .xxx, by seeming to suggest that all adult services would be restricted only to this TLD, and would no longer have a presence elsewhere in other TLDs -- a completely false assertion today, and unlikely to occur in the U.S. without extremely drawn out and problematic court battles -- and perhaps not even then.

He's still at it, now saying that, "For the first time there will be a clearly defined web address for adult entertainment, out of the reach of minors ..." -- again seeming to imply that .xxx will somehow have exclusive control over adult entertainment sites -- and that minors will magically be blocked from accessing .xxx sites as well. Since Lawley has previously crowed about his ability to collect protective registrations for .xxx (from firms who otherwise wouldn't want to have anything to do with it or him), his "200K pre-reservations" claim can be easily recognized as a pure form of hypocrisy in action.

It's worth mentioning that even folks who should know better have apparently been taken in by Lawley's spiel -- or are acting that way. Gawker's article on this issue today ended with: "For the common Internet user, it should make randomly typing in random websites that less exciting, knowing you'll never be startled to learn that an innocuous URL leads to a foot fetish website." -- reinforcing the utterly false meme that porn sites would no longer be present in .COM and other conventional TLDs.

Looking at the details of ICANN's discussions about .xxx and their plans to finalize the process for a vast new expansion (by June) of additional gTLDs to further enrich the domain-industrial complex, it seems clear that they're very much tired out. The question of what's really right or wrong -- what's best for the Internet as a whole and for most users of the Net -- isn't in the forefront of their deliberations.

Now it's very much a matter of extricating themselves from the quicksand they created themselves in recent years via a series of 180-degree turns regarding process, governance, and TLDs in particular. They just want to be done with it all. They just want out.

When it comes to gTLD expansion in general, and to .xxx in particular, I hope that the Internet community, and domestic governments around the world, will take a firm stance not to allow ICANN's views to dictate what's best for the global Internet -- an Internet that is supposed to be for everyone -- not just the well-heeled masters of the domain money machine.

In the long run, I hope that projects such a IDONS - Internet Distributed Open Name System -- or some other new approach -- can make a positive difference and obsolete the TLD madness entirely.

In the meantime, some shorter term approaches to deal with this situation -- that individuals, firms, and other organizations can implement right now without needing approval from ICANN -- appear to be called for. More on that soon.


Update (March 18, 2011 22:30 PM): ICANN Chairman touts .XXX making porn more accessible and easier to filter

Posted by Lauren at 03:19 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 17, 2011

Brief Thoughts on "New York Times" Charging (and a Prediction)

Greetings. A bunch of people have already written to me, asking if I feel that the new New York Times charging regime is "good" or "bad."

I refuse to treat this as a binary issue. I very much like the NYTimes, and I don't want to see them fade in the manner of, say, my hometown L.A. Times.

However, the dynamics of paywalls in this space are exceedingly complex and rife with unknowns.

The complexity of the NYT paywall system, with various items being free (or not) depending on how you happened to access them, is likely to be very confusing to many Internet users. When faced with a paywall block, many will simply go to Google and try find some other related story from a (possibly lower quality) free source.

It's obvious that the Times is trying to thread the needle carefully, but I don't know if that will be good enough.

For example, my reading of their FAQ says that most stories linked from external (at least non-search-engine) sites will be readable without limitations. This of course avoids the nightmare of breaking millions of existing links to Times stories from sites all over the Web.

But I predict that browser add-ons that attempt to automate the process of creating free "link-based" bypass access to arbitrary Times stories may appear in very short order, as well as other paywall bypass techniques. How many people would bother to use them, vs. either subscribing or not reading various stories at all? Who knows?

Separately, I find the premium being charged for iPad app access to be problematic (even though I don't have an iPad). The "five free stories/day" limit on Google references also seems questionably arbitrary.

Overall, we'll just have to wait and see.


Update (March 17, 2011 2:22 PM): The impact of background "browser page prefetch" activities on users' "free pages" allocations may be another complicating issue to be considered. This is potentially important, since it appears that "link-based" articles will be visible even if non-subscribers' monthly quotas of free views are exceeded, but those "views" still count against your quota of "non-link" articles. This seems to imply that (usually invisible to the user) automatic browser prefretch activity could eat up some or all of the regular quota (currently 20 items), with the user perhaps never having actually viewed any of the associated pages. I hope for additional clarification on this point.

Posted by Lauren at 11:29 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 15, 2011

Collecting Personal Information About "Facebook Comments" Users for Fun and Profit!

Greetings. I've certainly made no secret of my very negative feelings towards the new incarnation of Facebook Comments that is being rapidly adopted by many Web sites, particularly news-related sites. As I noted in New Facebook Feature Empowers the Dangerous "Comment Nazis", I believe that this Facebook Comments system in particular is a significant threat to free speech.

However, I do want to be fair. Not everything about Facebook Comments is so bad. In fact, it appears that there's a bundle of money to be made by using Facebook Comments for "intelligence" purposes ...

Contact: Milo M. Münchhausen / FOR IMMEDIATE RELEASE
Phone: (703) 555-0099 Extension 666


April 1, 2011 - Internet Unlimited Analytics Surveillance Services (IUASS) of McLean, Virginia has announced an exciting expansion of its Internet surveillance and analysis services to include a wide range of features for surveillance exploitation and information analysis related to the "One Identity" Facebook Comments system, now being rapidly adopted as the only supported commenting system by both major and minor Web sites around the world.

Up until now, leveraging of Facebook data by law enforcement, insurance companies, and a broad variety of other enterprises -- for the locating and profiling of malcontents, underage violators, insurance fraud perpetrators, and other undesirables -- has been largely a manual process, often involving human observation of photos posted by Facebook users.

This all changes with the Facebook Comments system. By leveraging the fact that most Facebook users will only maintain a single identity within the Facebook ecosystem, and the new Facebook Comments requirement that all comments posted by a user at any participating site on the Internet must be publicly tagged with their Facebook identity, an enormous new range of surveillance and analysis possibilities have arrived, courtesy of Facebook CEO Mark Zuckerberg's "You Only Should Have One Identity on the Internet" vision. Mr. Zuckerberg's prescient and brilliant philosophy, by forcing most users of the Facebook Comment system to be fully identified for every comment that they post on all participating sites, regardless of topic or sensitivity, has enabled the ultimate linking of all aspects of persons' lives -- professional, personal, public, and private -- into a seamless continuum ripe for deep penetration, analysis, and appropriate exploitation.

IUASS' first new service to take advantage of the Facebook Comments surveillance potential, called FCUTO (Facebook Comments Unlimited Tracking Observer), currently offers two primary operational modes:

Target Mode - When the Facebook ID of a particular person is already known, FCUTO Target Mode will automatically search the Web to gather, analyze, and report (via fully-customizable dossiers) complete data regarding all sites and instances on the Internet (participating in the Facebook Comments system) where the target ID has posted comments. In addition to creating cross-indexed lists of sites and specific comments related to the target ID, the FCUTO service automatically determines the "Undesirability Index" (UI) for the target, based on a complex analysis of the sites visited, and the comments posted, by the target.

Insurance companies can determine if a target has commented in self-incriminating manners on sites discussing HIV/AIDS. Employers can learn if employees are making negative comments about their firm -- or positive comments about competitors -- and take appropriate punitive actions. Political groups can use FCUTO to verify that their members are not commenting on sites or in ways that could reflect badly on the group, or can use FCUTO to find potential gold mines of "dirty laundry" that could be used to tarnish the reputations of opponents.

Search Mode - FCUTO Search Mode is even more powerful. In Search Mode, you do not need to specify any individual target. Instead, you merely specify the topics, attributes, issues, or other parameters of interest, and FCUTO automatically creates indexed databases of all Facebook Comment user IDs that meet the required criteria anywhere on the Web. You can then use FCUTO Target Mode to build complete dossiers on specific targets of interest who were revealed via Search Mode.

For example, you might want to locate all Facebook IDs where the user has left Facebook Comments on news sites supporting liberal causes or criticizing public officials, while also commenting on sites discussing particular issues such as sexual matters, medical problems, or other data of potential value -- depending on your specific target goal sets and operational methodologies.

Under normal conditions without FCUTO, it would be impractical to correlate the public and private lives of so many individuals in a useful manner, but FCUTO, through the genius of Facebook Comments, enables all of this and much more!

Of course, FCUTO includes features to correlate collected data and created dossiers with all other data posted on Facebook by targeted individuals, and to cross-reference with public record data and private commercial databases. You'll know far more about your targets than they know about themselves!

# # #

For more information about using FCUTO to leverage Facebook Comments for your firm, organization, agency, or other enterprise, please contact Milo M. Münchhausen at (703) 555-0099 Extension 666, or via email:

- - -

"Yes. This posting is a satire."

Posted by Lauren at 07:11 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

Congress Wants Google to Censor Search Results, ISPs to Block Sites -- To Protect Hollywood?

"Another witness, analyst Daniel Castro of The Information Technology &
Innovation Foundation, gave Conyers some of the specifics he was
looking for: Congress should simply create blacklist of sites, then
force ISPs to block them and tell search engines to remove them from
lists of search results."
- Full Article

Greetings. While the particular idiocy represented by the quote above is somewhat different than the specific topic I discussed recently in Deleting History: Why Governments Demand Google Censor the Truth, many of the same factors are in play.

It's clear that the U.S. is willing to use unilateral powers to try shut down domain names (regardless of whether the associated sites are hosted in the U.S. or not), wants an ISP site blacklist, and wants to tell Google and other search engines what they can or cannot show in their search results. And since Congress is now raising protecting the entertainment industry to the same level of criticality as
stopping c-porn, we can be sure that Congress will also try to prevent any public lists from being created of what exactly has been blocked. It's sort of like "double secret probation" from "Animal House" -- but totally unfunny.

Even if Google and ISPs went along with this (likely after significant litigation, and assuming that courts confirmed this anti-American censorship), Congress' purpose will fail. The "pirate sites" in question will move further underground, but will always be able to find hosting. There will always be sites that tell where to find the associated links. And while Congress may recursively attempt to shut down sites that link to sites that themselves link to sites that contain pirate materials -- and so on -- it will be a losing battle -- made all the more fascinating to larger numbers of Internet users by the additional subterfuge involved.

But of course, Congress isn't only interested in blacklisting pirate sites and sites that help users find pirate sites. What Congress really wants is a flexible ISP and search engine blacklisting regime that could be employed to try block any content that Congress designates as undesirable or inappropriate. You can be sure that talk of c-porn and piracy is merely the foot in the door.

The vast majority of Internet users don't look at c-porn, and they don't download pirated movies. Freedom-loving Internet users around the world should be gearing up now to fight Congress (and their own domestic governments) that are desperately trying to mold the Internet into the ultimate mechanism of government-mandated information control and censorship.


Posted by Lauren at 01:34 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 11, 2011

Deleting History: Why Governments Demand Google Censor the Truth

"Day by day and almost minute by minute the past was brought up to date. In this way every prediction made by the Party could be shown by documentary evidence to have been correct, nor was any item of news, or any expression of opinion, which conflicted with the needs of the moment, ever allowed to remain on record. All history was a palimpsest, scraped clean and reinscribed exactly as often as was necessary."

      -- 1984, George Orwell

Greetings. It's all too easy to employ images from George Orwell's 1984 when discussing modern society, and particularly issues related to privacy. Even though I'd wager that most people reading this posting never have read 1984 all the way through, the mere mention of the title or the term "Big Brother" is usually enough to trigger the desired dread -- a handy shortcut for a writer, if nothing else.

But occasionally, we see real life imitating fiction in a way that so clearly invokes Orwell's text that resisting its pull is pretty much impossible.

Such is the case with the new hyper-privacy initiatives coming from various governments around the world, including the U.S. itself. Some of these efforts are aimed at explicitly censoring history, by forcing search engines (particularly Google), to remove search results that have become inconvenient, bothersome, upsetting, or otherwise no longer in keeping with (as Orwell might have said) the desires of the Party and/or various of its citizens.

This push to retroactively eliminate reality comes in various forms. Sites that merely link to sites that contain objectionable materials (e.g., pirated films) are now targets for "takedowns" with a minimum of due process -- some would argue with no due process at all.

Search engines like Google can be ordered to remove associated links from search results, and since Google routinely publishes such orders via Chilling Effects, this has in some cases resulted in a bizarre sequence of recursive takedown orders aimed at also removing the links to the Chilling Effects data. It's enough to even make Big Brother's head spin.

More broadly, countries like Spain, and now perhaps other members of the European Union, seem hellbent to establish a 1984ish "Right to be Forgotten" -- which seems aimed at the goal of "erasing" inconvenient references to articles or other materials from search engines and other sites.

Peter Fleischer, Google's Global Privacy Counsel, recently called this Foggy Thinking about the Right to Oblivion in his personal blog, and likened these efforts to using privacy claims as an excuse for censorship.

He is correct. In fact, what we're seeing on various fronts are attempts to hold back technology in unreasonable and ultimately impossible ways, much as occurred at various other times throughout technological history (early battles over the printing press are particularly noteworthy on this score).

In the Spanish case, the issue in play is references to a critical article regarding a plastic surgeon who was (at one time) involved in a dispute, since settled, with a patient. He wants search engine listings pointing to that article to be deleted from Google, since that article comes up highly ranked in search results for searches on his name.

The fact, of course, is that the dispute did occur. It is real. It is history. And attempting to retroactively delete references to it not only will ultimately be useless -- the Web with its many copies and mirrors is far less easily controlled than the print media of 1984 -- but sets a terrible precedent for retroactive censorship -- falsification, really -- of historical reality.

That such measures would even be contemplated is a symptom of a broader range of radical privacy positions that are increasingly alarming. Not only are we hearing calls to "edit history," but we see people going ballistic over photos of their home taken from public streets, as if their presence in the community could or should be erased from the consciousness of passers-by and the rest of society on which they (and we all) ultimately depend.

Ironically, many of these persons seem unconcerned about the vast deployment of real-time closed circuit (CCTV) surveillance systems under government control, citizens attempting to record contacts with law enforcement being charged with wiretapping, and a range of other very real risks from the interplay between government and citizens. This is made even more stark by the conflicting demands of some governments -- ordering massive data retention regimes for the government's use to track what Internet and phone users do, while simultaneously trying to limit the sorts of data available to the public at large.

Back to those Google search results. I do have sympathy for persons concerned about Web pages containing painful, negative, upsetting, or even completely false content about them, showing up highly ranked in associated searches. I receive complaints about such situations quite frequently, asking me for help in somehow deleting those results. Frankly, many of these stories are far more emotionally compelling than the case of the Spanish plastic surgeon.

But as I explain to these persons, and as I do strongly feel, the solution to such situations cannot be attempts to splice such materials out of history. Not only will this fail in the long run, but the collateral damage to free speech and civil liberties would likely be immense.

I have long maintained, as in Search Engine Dispute Notifications: Request For Comments, that the best ameliorant for such situations is not less information, but more information. Not censorship, but annotation.

A "right to be forgotten" is a terrible concept -- but in serious cases, we could perhaps use something more like "an opportunity to dispute," -- ideally offered voluntarily by search engines in specific situations, not by some sort of government edict.

In practice, this could be as simple as a small "Result is Disputed" link accompanying an associated search result, leading to a page where the dispute is discussed in detail. The actual result listing itself would not be removed, and its natural ranking would not be altered.

Most of the people who complain to me about serious situations involving search results are less concerned that the results exist in a highly ranked way on Google per se, but rather that no effective mechanism to tie-in "their side of the story" with such highly ranked results is available.

I am not suggesting that such dispute links should be common or available on demand. I do feel that they could be very usefully made available for particularly serious cases, as escalated through an organized "triage" mechanism.

This would not be a trivial undertaking. But I firmly believe that it is within the capabilities of Google and Bing at least, given the will to make it work.

In any case, I believe such a dispute links system would cause far less collateral damage than government-demanded link censorship, and help to provide effective, fair balance for seriously disputed Web pages that happen to rank very highly.

More information -- not less. That's what we should be striving for. The "right to be forgotten" being discussed in Europe is no less a form of censorship, of altering the historical record, than was the task of Winston Smith in the 1984 dystopia.

And that's the truth.


Posted by Lauren at 12:27 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 10, 2011

PC Video: From Postage Stamp to YouTube HD

Greetings. In 1992, just less than 20 years ago, Microsoft released their original "Video for Windows" (VfW) system. Does the word "MSCDEX" ring a bell -- perhaps cause a little shudder of memory down your spine?

Included with the VfW distribution was a sample video file, originally entitled:


On many typical CRT displays of the day, it appeared around the size of a postage stamp, but as the first such live action, full motion video most of us had seen on a home computer, it was still immensely cool -- all 11 seconds of it.

Here it is on YouTube (including its original soundtrack). As you can see, I've tried to more or less approximate the relative size you would have seen back then (when displayed now in a standard YouTube playback window). Anyway, it was small. Really small. And we watched it over and over again in fascination.

Fast forward almost two decades.

Over on the Official YouTube Blog today, YouTube has announced that they're hiring in a range of positions (not a big surprise). But they also mentioned in passing that they've almost reached the ripe old age of ... six.

Hard to believe that YouTube isn't even quite six years old yet? It feels like a lot longer, huh? This seems especially true given the way that YT has been in the middle of so many technical and nontechnical Internet-related issues, from home entertainment -- to people's revolutions -- to censorship battles -- to insanely gigantic lawsuits -- to Internet infrastructure to ... well you get the idea.

One rather interesting way to look at these incredible YouTube developments on the purely technical side over this period, is to inspect my record of uploaded YT videos.

My first logged YT upload was in January 2007, so I wasn't among the earliest YouTube adopters. By the time I began, the 10 minute per clip upload limit was in force (now 15 by default for "normal" accounts -- unlimited for many normal accounts with good reputations, nonprofits, various YouTube partners, etc.)

Even though I always uploaded with quite high resolution and generous data rates, those earliest videos of mine on YT are only at 240p resolution (standard 4:3 TV aspect ratio, of course).

Over the few years since then, the available resolutions have gone from 240p, to 360p, to 480p, to 720p HD and even higher. The standard YouTube video display aspect ratio has expanded from 4:3 to 16:9. Speed of processing has vastly improved, to the point that shorter videos are often pretty much through "first pass" processing within seconds of uploads finishing.

Then there's the YT auto-captioning system, various social communications tools, and a wide variety of other aspects that make up the entire YouTube/Google ecosystem.

The improvements in resolution and processing speed over time have allowed me to standardize my YT video uploads at 720p, 8 Mbits/sec, 16:9. Even when working with old archival materials, I always bump everything up to this level (either zooming/cropping 4:3 assets to fill the 16:9 window, or much more commonly centering those clips within the 16:9 window -- I refuse to distort aspect ratios by stretching!)

In a way, it seems like only the blink of an eye between that tiny video windsurfing demo of years ago, and the 16:9 HD videos that stream in today via a little black Google TV box onto my LCD TV.

For YouTube, it's not even six years yet. What will the next six bring? The answers won't only relate to technology, but also potentially to new legislation and laws, as various powerful parties have made it clear that they'd very much like to destroy YouTube's relatively egalitarian DMCA-compliant operational model, in favor of a much more restricted modality, dictated largely by traditional entertainment industry interests at the expense of most ordinary YouTube uploaders and viewers. The battles in this sphere have yet to really get underway.

So stay tuned. And keep your eyes on the screen ...

It's definitely not going to be boring.


Posted by Lauren at 07:51 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 09, 2011

VeriFone vs. Square: Much Exaggeration -- and Some Truth

Greetings. I woke up this morning to a pile of emails informing me of -- and asking me about -- the new "war" that has erupted between long-time credit card processor VeriFone, and very new, smartphone-dongle-based Square.

VeriFone really went nuclear today, with accusations and a video claiming that Square's free credit card reading device is a risky "credit card skimmer" that presents a clear and present danger to consumers.

In the video, VeriFone's CEO not only waves the consumer alarm flag, but announces that he's informed the major credit card companies of this risk, and he provides a quickie app to "demonstrate" the problem as well.

Most of the reactions from the tech community have been predictably harsh. Among these, suggestions that VeriFone is grossly exaggerating any potential problem, ignoring the many other ways that credit card information can be illicitly gathered (including the existence on the market of USB-based credit card readers and the like), is scared of competition from Square -- and so on.

All of these assertions would appear to be substantially correct.

However, there is an underlying truth to the key technical aspect of VeriFone's complaint, that should not be ignored.

All else being equal, it is far better for a credit card data capture system to encrypt the associated data from end-to-end, so that it is never "in the clear" in a user-accessible manner -- in contrast to the Square implementation, where the data can apparently be easily extracted in its unencrypted form.

That there are many other ways to illicitly capture this data, with or without card reading devices, is not the point. Credit card fraud is bad enough without adding another exploitable vector into the mix, especially one that hopes to have a recognizably high profile and be widely and specifically trusted, by merchants and customers alike.

Proper design in this day and age dictates that credit card reading dongle devices should only work with associated secure applications, and that all data read from cards should be encrypted within the dongle and be kept encrypted for the entire transit to the card processing agent.

Doing this properly would obviously require more work, and would presumably be more expensive than a simple little unencrypted scanner. But it's the right thing to do.

VeriFone is seemingly trying to take advantage of this situation for their own competitive benefit, and much of their rhetoric on this score is clearly hyperbolic.

But regardless of other potential credit card exploits that occur, and other insecure card reading devices that exist, it appears that Square voluntarily missed the chance to take the high road and set an example of best practices, since they chose to build their system without strong end-to-end encryption principles in mind.

This was a significant opportunity lost, and did not ultimately best serve the legitimate interests and concerns of credit card users, merchants, or processors.


Posted by Lauren at 10:42 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 07, 2011

New Facebook Feature Empowers the Dangerous "Comment Nazis"

Blog Update (March 15, 2011): Collecting Personal Information About "Facebook Comments" Users for Fun and Profit!

Greetings. Facebook's founder Mark Zuckerberg has been quoted as saying:

"You have one identity. The days of you having a different image for your work friends or co-workers and for the other people you know are probably coming to an end pretty quickly … Having two identities for yourself is an example of a lack of integrity."

This statement, particularly the latter portion, could only have been made by someone supremely self-confident -- and so young that they haven't accumulated much "life baggage" as of yet.

In fact, it is an extremely alarming statement, one that would have gladdened the hearts of despots and government spooks all through human history. Coming from the man child who controls the Facebook empire, such a quote should trigger alarm bells of concern for every person, everywhere, who cares about free speech and civil liberties.

A realization of Zuckerberg's stifling and twisted vision has now emerged in a new Facebook-based Web site commenting system, that permits sites to hand off their commenting infrastructures essentially wholly to Facebook, and requires users who wish to leave comments to do so using their Facebook identities (which, at least in theory, are supposed to be their real names and identities).

Popular site TechCrunch (recently purchased by AOL, it's worth remembering) immediately jumped on this bandwagon, along with this ingratiating note to their readers:

"More important, you’ll notice that any comments you write are being left under your real name, which spells bad news for you trolls and spammers."

Bad news for spammers and trolls perhaps, but even worse news for honest folks who wish to leave quality comments without being formally associated with them.

This isn't just a matter of stifling whistleblowers -- though that's an obvious effect. It's a matter of having basic control over your identity and your life.

Why the hell should it be the business of your boss or anyone else you know, if you want to legitimately comment on a hobby site, or a game site, or on any site about a controversial issue, for that matter?

Of course, there are two fairly obvious factors in play.

First is Zuckerberg's dream of turning Facebook into the world's centralized identity platform across most or all aspects of our lives. He's been clear enough about this goal.

But what the new Facebook commenting platform also does is very cleverly and insidiously leverage the complaints of the "Comment Nazis" to Facebook's advantage.

You don't know about the Comment Nazis? Let me introduce you.

All over the Web, we've seen signs that powerful interests are simply "fed up" with the free flow of information that anonymous comments permit. Such freedom has been particularly bothersome to parties who feel that they've been aggrieved by unidentified comments' authors.

So we've seen more sites demanding that comments be signed with real names, sometimes verified in one way or another. The Facebook comment ploy is a logical extension and centralization of this false "anonymous comments are dangerous" meme.

I've been running online mailing lists and discussion forums for decades -- all the way back into ARPANET days. I've run unmoderated, pre-moderated, and post-moderated venues. In recent years, I've depended mainly on the latter two models -- and they do take continuing work to be effective when you're unwilling to let spam, trash, racism, and other garbage pollute your materials.

Which points to another aspect of this controversy -- laziness. By outsourcing their commenting systems to Facebook (and so crushing the ability of conscientious parties to speak anonymously), participating sites "wash their hands" of most or all effort and responsibility for comment moderation, at the same time that they flush free speech on their sites down the toilet.

In cases of libel or defamation, etc., where sufficient legitimate showing is made for an offense and real damages, I believe that it can on some occasions be justified for a court to order the "unmasking" of an "anonymous" commenter via login or IP address information. But this needs to be strictly limited and controlled with rigorous due process.

But to force all comments into the realm of "single real identity" public exposure -- as Facebook now appears intent on doing -- is unacceptable, reprehensible, dangerous, and utterly at odds with basic free speech rights in the United States at least.

There are costs to living in a "free society" -- or what used to be a free society, at any rate. One of those is that we need to accept some speech that is painful or abhorrent, as part of the price for protecting free speech and civil rights for us all.

When anonymous speech is destroyed, whether under a boot and rifle shot, or via a simple mouse click on a massive social networking site, the damage is strikingly similar in the long run.

People become nervous about speaking their minds. They fear what their neighbor or employer will find out about their private lives. They self-censor and retreat from public life and discourse.

Anybody, and any firm, that encourages such travesties should be condemned in the strongest possible terms.

Our fellow human beings, and history itself, demand no less.


Blog Update (March 15, 2011): Collecting Personal Information About "Facebook Comments" Users for Fun and Profit!

Update (March 7, 2011 20:22 PM): A reader's note triggers a question. I wonder if Facebook's Zuckerberg would accuse those brave Egyptian Twitter users of "lacking integrity" since they usually tweeted without exposing their real identities during the recent upheaval -- would Mark dare say that to their faces? Just a thought ...

Update (March 8, 2011 5:16 PM): A reader describes how making political posts/comments under your real name can result in serious threats.

Update (March 9, 2011 12:40 PM): Another reader discusses the importance of anonymity for comments.

Posted by Lauren at 12:44 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 06, 2011

The Truth About YouTube and Advertising

Greetings. This topic really deserves a longer piece to get into the details, but I wanted to quickly note the unexpected spate of "anti-YouTube advertising" comments I received in reaction to my sending out a link earlier today to: In YouTube, Google finds a nimble model to compete with Facebook.

Most of these complaints were of the "I hate the way Google puts ads on everybody's videos" variety.

The problem is, Google/YouTube don't actually do this, and the notes I received suggest considerable confusion on this score.

True, the most popular videos have ads and tend to be actively monetized. But while I don't have hard statistics right at my fingertips tonight, I'd wager that the overwhelmingly vast majority of YouTube videos carry no ads at all.

Now, I'm like most other people -- there are some forms of ads related to videos that I find more irritating than others. I consider long "pre-roll" ads to be particularly irksome.

But I also feel that advertising overall on YouTube is a good value proposition, considering the vast array of material that I can access for free, much of which provides me with considerable enjoyment, as I've related in past postings.

There are really only a few ways to end up with ads on your YouTube videos.

One is to ask YouTube to become a partner, specifically to enable monetization.

Another way is to accept the "Enable Revenue Sharing" offer that you may receive if your video is trending in significant ways.

Both of these are entirely voluntary. So at this stage of the game, if you don't want to be a partner and you don't accept the Revenue Sharing offer, there normally won't be ads on, beside, or under your video.

And if you see ads on a video, it usually means that the party uploading the video requested (or agreed to) revenue sharing monetization.

There is an exception to all this. There is a way to end up with ads on your video without your permission, and with you not sharing in any revenue. And that's if your video triggers a copyright owner "Content ID" hit, that is, a claim that your video in whole or part infringes on a copyright owner, as per the DMCA.

For now, I won't get into the complicated controversies about YouTube Content ID, such as whether or not it is sometimes too aggressive, how it relates to Fair Use and preauthorized use considerations, etc. Nor will I consider here the various dispute mechanisms that exist for YouTube video uploaders related to DMCA/Content ID claims.

Leaving that all aside for now, Content ID carries an enormously positive benefit, in that it provides copyright owners with the means to assert their ownership of materials without ordering a full takedown of the associated videos.

And that's how ads may appear in such cases. If your uploaded video triggers Content ID, you'll be notified of the claim and the action specified by the copyright owner. There are various possibilities, including but not limited to:

  • Ads being inserted on or around the video

  • Links to "where to purchase this music" sites under the video (common when popular music has been used as a backing track during some portion of the video)

  • Video playback restricted in certain countries

  • And so on
Usually, the notification you receive regarding the Content ID hit is quite detailed and provides the information needed for you to decide how you want to proceed.

In many cases, Content ID options have been key to keeping popular videos available at all.

A classic example is the famous "Hitler in the Bunker" scene that has been used for countless parodies (and c'mon, admit it, some of them are pretty funny). For quite a while, the company owning the rights to that footage was routinely pulling down those videos one by one from YouTube, as full DMCA takedowns. But as of late (at least the last time I checked) they had changed their strategy, and now are simply monetizing those parodies with ads, rather than forcing their removal entirely.

Legal purists may choose to argue the Fair Use issues involved in this, but from a practical standpoint this seems like a pretty good win-win. The parodies' creators get to keep showing their work, and the creator of the source footage gets some action as well.

This complicated balancing act is now threatened with disruption by the horrendous COICA legislation in the U.S. Senate, that apparently seeks to undermine the entire premise of the DMCA, potentially creating such high liabilities that services like YouTube could be severely threatened (please see my recent "Internet Freedoms" Interview for more on COICA risks and related matters).

YouTube is a quintessential example of the complex issues that surround user-submitted materials on publicly accessible Web sites. I am an enormous YouTube fan, and I would consider its hobbling to be a tremendous loss, not just for entertainment, but in a vast array of serious educational aspects as well.

In these contexts, I frankly find shrill complaints about YouTube ads to be of relatively little consequence -- perhaps more a reflection of how people have come to expect everything for free on the Net -- even free from advertising -- never mind the immense costs involved in providing these services in the first place.

That's human nature, I suppose. But in the overall scheme of things, is watching some ads really such an unreasonable price to "pay" -- given what we receive from YouTube?

I think it's a pretty fair exchange. And that's a damned good deal in this life, especially these days.


Posted by Lauren at 08:18 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 03, 2011

The People Respond: How to Deal with ICANN's TLDs Mess!

Update (March 4, 2011): My own suggested solution to this dilemma: IDONS - Internet Distributed Open Name System -- or some other carefully engineered and deployed non-centralized alternative, that eventually may allow the existing TLD domain-industrial complex to wither away.

Greetings. I've been receiving a very high volume of responses to my latest note regarding ICANN and their planned flood of new TLDs (more properly, gTLDs). Many of these responses could be best described as, well, uh, rather intense.

I thought that you might find a quickie survey of the comments to be interesting, amusing, or possibly frightening -- maybe all of the above.

The first group is what I'd call the "Fatalist Faction." I could summarize their point of view as, "It's too late. The Domainers and ICANN have won. We're f----- as usual. The rich get richer as the Internet community at large has no say. The cybersquatters and phishers will have a field day. There's nothing to be done now." And so on.

An equally large contingent I'll call the "Litigation League." These respondents (from all over the world) are sending me all manner of proposals for civil litigation to be aimed at ICANN and/or Domainers who operate the new gTLDs. So far I've counted 18 essentially different proposed rationales for lawsuits aimed at preemptively blocking (or challenging after the fact), either specific ICANN actions related to new gTLDs, or (more commonly) attacking the basis under which ICANN assumes authority to make such decisions in the first place for the global Internet.

If the Litigation League sounds upset, wait until you meet an only slightly smaller group -- let's call them the "Prison Posse." These are the folks contacting me with their arguments that the activities in question rise to the level of criminal activity in one or more affected countries. They argue that aspects of the situation don't merely represent figurative examples of "protection rackets" or extortion aimed in particular at trademark owners and other entities wishing to protect their names, but that actual violations of criminal law are or will be occurring in these regards.

The phrase "lock them up and throw away the key" appeared more than once, and there were three different persons who invoked Guantanamo as an appropriate punishment locale. While one hopes that this latter idea was proposed at least a bit tongue in cheek, it does serve to demonstrate some of the depth of feelings surrounding these matters.

The Prison Posse suggests some pretty strong remedies. But the "Revenge Brigade" makes them look like lightweights. While smaller in number, the revenge contingent may be powerful indeed, given asymmetric technical pressures that could potentially be brought to bear. Their suggestions are a bit reminiscent of a James Bond film, and could be summarized as, "Don't worry about what ICANN and the Domainers do, their lives are going to be made miserable." Blacklists, domain and IP address blocking, and DDoS attacks appear to be the chosen weaponry of this group.

I even received some anonymous Instant Messages from members of this assemblage, more than one of which suggested that DDoS attacks could be "easily arranged" once targets were specified. I would assert that such fervor is ignored only at one's own risk.

For convenience, I'll also include in this category the many respondents who suggested that individual countries should simply ignore ICANN's edicts and go their own way regarding TLD issues, even if this risked significant network fragmentation and related disruptions.

Fatalism, Litigation, Prison, Revenge. A whole world of suggested possibilities, as vast as the Internet itself. Who might or will actually deploy any of these options? I don't know. I'm not a lawyer -- just a guy concerned about the Internet Community and making sure that the Internet serves everyone, not primarily the domain-industrial complex.

I will note here that there were also a few -- literally just a few -- responses that enthusiastically supported ICANN's gTLD expansion plans, seemingly all from persons involved in the ICANN process or domain industry one way or another.

But perhaps the suggestion I received that I liked the most -- at least in an existential sense -- came from only one person, who happens to be an old, old friend from ARPANET days. He suggested that no new gTLDs should be made operational unless personally approved by Internet luminary Jon Postel -- and further suggested that if Jon were not immediately present to judge any particular gTLD application, that application should be suspended until Jon again became available.

Unfortunately, I'm forced to categorize my friend's proposal as the "Heavenly Hopes" concept.

But it's the thought that counts.


Update (March 4, 2011): My own suggested solution to this dilemma: IDONS - Internet Distributed Open Name System -- or some other carefully engineered and deployed non-centralized alternative, that eventually may allow the existing TLD domain-industrial complex to wither away.

Posted by Lauren at 05:37 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein

March 01, 2011

A Note Regarding "Lauren vs. ICANN"

Greetings. I believe it might be worthwhile to restate and clarify some important nuances of my views regarding ICANN and their handling of the gTLD situation, aspects that may not be obvious to newer readers.

Unlike some ICANN critics, I have to my knowledge never been critical of any specific individuals associated with ICANN. In fact, I have on numerous occasions explicitly suggested that these parties are trying to do the best that they can with a very bad situation that has resulted from a complex array of factors, not the least being "mission creep" and the rapidly changing and growing Internet environment.

That having been said, I'm concerned about outcomes and impacts on the Internet community at large, and I view bad decisions coming out of ICANN in that light. That the participants in those decisions are to a large degree constrained and trapped in their "option sets" by prior decisions and actions (and related litigation risks) is understood and unfortunate. I can feel sympathy for this, but that doesn't reduce or change my concerns themselves.

I believe that it is undeniable that the primary force driving the new gTLD ecosystem is the enrichment of those registry/registrar players who are lucky enough to "score" the most valuable gTLD "real estate."

I've never met a single "ordinary" Internet user who has suggested that what we really need is more gTLDs. In fact, most users increasingly ignore the ever more confusing TLD situation in the first place, and instead simply use Google as their point of entry to most sites. (Have you ever noticed how often people even type domain addresses into Google, rather than into the browser address bars?)

Despite all the talk about processes and procedures and participants, the die was cast on most of this way back. The on and off nature of the dot-ex-ex-ex TLD is a good example. Given the amount of money involved, it seemed inevitable that it would ultimately be approved. This despite the fact that most of the adult entertainment industry doesn't want it (they know it will be widely blocked, and that some countries may try force them into it as a form of "red light" district). And most anti-porn crusaders who understand what it's really about don't want dot-ex-ex-ex either.

Confusion serves the purposes of those who would enrich themselves through the gTLD process (and I'm speaking here of gTLD operators, not so much about ICANN itself, though we can certainly argue about ICANN's costs, expenditures, and fee structures).

So when the fellow behind the dot-ex-ex-ex push wanted to convince folks that it was a great idea, we saw deceptive polls published giving the impression that porn sites would only be in the new gTLD, and conveniently neglecting to mention that in most cases for now they'd still have their ordinary dot-com addresses as well.

Perhaps of even more concern is media/press confusion about all of this. It is completely understandable that most of the press has come to believe that gTLDs are all about money and nothing else -- because that's very much the way the system has now become oriented.

I remember a recent interview I did regarding the battle over who would get the new gTLD dot-vegas. The discussion wasn't about serving the community -- it was all about who could successfully strong-arm the most registrations into that gTLD. When I asked how the various parties would handle a possible future dot-gambling or dot-slots or dot-roulette or ... there was stunned silence. It had apparently never occurred to them that their "franchise" could be diluted in the future.

Probably worst of all is the explicit "get rich quick gold rush" ideology and language used by the promoters of vastly expanded gTLDs. Even existing newer gTLDs (like dot-co) are often promoted not in terms of real value to registrants, but in terms of "protect your name in this TLD before someone else gets it!"

It's likely that in a legal sense this doesn't rise to the level of a protection racket or extortion -- but from an ethical point of view such terms clearly seem to apply.

When I take issue with ICANN processes, I'm not claiming that a range of stakeholders (notably not including the Internet community at large in any meaningful sense) don't in theory have input. Rather, I'm arguing that in the final analysis their input appears not to have significantly altered the ultimate point at which we find ourselves now, due to the money-driven course of events over the long term, with litigation threats also playing a major and continuing role.

Outside of basic questions of ethics and fairness, I am extremely concerned that ICANN's massive gTLD expansion may ultimately be the "straw that breaks the camel's back" leading to significant fragmentation of the Internet by domestic governments, and increasingly expansive Internet blocking and censorship.

While it certainly may be argued that a blocked party can usually get a different domain address, or be reached by IP address alone, or even use different IP addresses if those are blocked, in practice for most entities their range of options in these regards are significantly limited, especially given the heavy branding costs in a commercial context. And as we've already seen, the U.S. government is all too willing to turn off domains -- even those operated by total innocents in other countries -- without so much as a chance to counter charges, and certainly without the "bother" of a trial.

ICANN might do well to quote that great philosopher Curly Howard of The Three Stooges from Disorder in the Court, where he said, "I'm a victim of circumstance!"

For ICANN indeed is exactly that. But this cannot change the fact that it's no longer tenable for a private U.S. organization, hidden away in a nondescript Marina Del Rey office tower, to wield the power that they now possess.

The events and accidents of history that have led to this situation are clear enough, and the fears that any changes away from ICANN carry significant potential risks (as do all changes in life) are also obvious. Some ICANN supporters have indeed leveraged the latter concerns well, by invoking the specter of ITU and/or U.N. Internet control.

But the Internet is now too central and too crucially entangled with the core interests and concerns of countries around the world, for ICANN to be permitted its current role for much longer.

It's time to thank ICANN and its people, past and present, for their work and efforts, and to move on beyond ICANN toward structures and organizations truly fitting the needs of the global Internet -- which after all is supposed to be for everyone, everywhere -- in the 21st century and beyond.


Posted by Lauren at 11:31 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein