Slashdot Mirror

Spud Zeppelin writes "According to this article at The Motley Fool, Mattel is looking to sell its Learning Company software division for a substantial loss compared to what the company paid to acquire it. Among Learning Company's products is the recently controversial censorware product CyberPatrol." According to the Fool, the business "racked up big losses, driving the stock near its 52-week low and contributing to the resignation of Jill Barad, the company's former chairwoman and chief executive." This software seems not very profitable in the consumer market.

We just ran a story on Friday about Mattel, which makes the Web-censoring software product Cyber Patrol, and their attempted suppression of an essay and utility to decrypt CP's list of banned sites. Since then, things have gotten even uglier. Mattel's attorneys have been mass-mailing the mirrors of Eddy Jansson's site, demanding that ISPs remove them -- the original site and some of the mirrors have been taken down already. Just to make sure though, Mattel is updating the Cyber Patrol blacklists for all of their customers to include the homepages of the authors and all of the mirrors, blocked under every blocking category the product has. (more ...)

This means, for example, that if you have Cyber Patrol set to block "Full Nudity", you might think you're blocking pictures of nude human beings, but you're actually banning criticism of Mattel and the homepages of people Mattel is suing even if the decryption utility and essay aren't hosted there, such as Matthew Skala's homepage. Feel free to download the demo version of Cyber Patrol, update the filter list to the newest one, and check this out -- or just type it into their search engine, though that won't tell you it's banned under every category. Does Skala's page contain full nudity? No? Then you're seeing an example of a company purposefully and deliberately lying about the content of a page in order to serve their own agenda.

Same thing if you chose Violence/Profanity, or Partial Nudity, or Sexual Acts, Gross Depictions, Intolerance, or Satanic/Cult, or Drugs/Drug Culture, Militant/Extremist, or Sex Education, or Gambling, or Alcohol and Tobacco -- guess what? "All categories" also include "or criticism of our company or product."

Welcome to America in the new millennium, where a corporation just made the decision to ban several documents from the World Wide Web. They did it unilaterally, without court review, without any notice to the public whatsoever, yet their decisions are now being carried out (the Cyber Patrol product automatically updates its list of banned sites on a daily or weekly basis) in public schools and libraries and companies across the country, for children and adults. (Cyber Patrol uses the same list for the "corporate firewall" versions of its products.)

A list of mirrors is still available. Get it while you can. Declan McCullagh, a journalist for Wired, has started an archive of case-related documents; -- he too has received the legal threats, despite never hosting the banned essay. (The .uni files are actually TIFF images of the documents.)

And just as I was finishing up this story, I've received an e-mail in my capacity as censorware.org webmaster. A woman wrote:

The link to the essay you mentioned on your page [our homepage] date 3/16/00 must not be correct. Could you e-mail me the essay? I am a high school librarian and am trying to find out more about what Cyber Patrol filters. Thank you.

I wrote back, among other things:

In fact the link was correct, but Mattel (the maker of Cyber Patrol) has filed suit against the authors of that essay and made legal threats to that ISP which caused them to delete the page. So, the page existed on Friday, but does not today.

I certainly understand your desire to find out what Cyber Patrol blocks, but they are going to great lengths to stop you from finding out.

A few weeks ago we ran Keep It Legal to Embarrass Big Companies , detailing Peacefire's decryption of X-Stop's blacklist. Then just a few days ago, we noted that CyberPatrol's encrypted list had also been cracked. Well, Mattel, the maker of CyberPatrol and a Big Company, decided it didn't like to be embarrassed -- so it's filing suit against the coders in Canada and Sweden. In addition to demanding the removal of the decryption utility, Mattel is also seeking the logfiles of the Swedish ISP that hosts the decryption utility, to identify everyone who has downloaded it to date. Update: 03/16 6:50 PM EDT by J : Today's news was filled with Mattel's PR lies about their suit. Analysis follows.

Update: 03/16 6:50 PM EDT by J : The problems started with the AP story (cited above). The decryption software posted by the activists was described as "a method for kids to deduce their parents' password and access [pornographic] Web sites."

This was the spin that Mattel's PR people put on the story. They surely didn't want the news media reporting that activists had posted software that exposes their secret, hidden blacklist to the light of day. That wouldn't sound so good - it might get people to ask "why are these blacklists encrypted at all?"

Instead, Mattel's PR decided to say that the decryption software allows kids to view pornography. Predictable - this is the same smear that's always dragged out - but the media swallowed it uncritically. (The AP story was repeated on cnet, and everywhere else that uses the AP feed.)

Even the normally-critical Declan McCullagh wrote a story for Wired whose opening sentence was corporate propaganda. "Toy-maker Mattel has sued two programmers who revealed how to circumvent its CyberPatrol blocking software." Thankfully, the rest of his article gave the full story.

Mattel is not upset about CPHack's minor feature of circumventing the program when installed. Peacefire has been distributing their own instructions to disable Cyber Patrol for months now, and hasn't been sued. (They're pretty simple instructions, too.)

Mattel is upset that people can see the flaws in their software which were previously hidden by encryption. They want to continue selling bad software and will use the full force of law to prevent you from learning how bad it is. Legal papers have already been served and the proceedings will presumably begin shortly. Stay tuned - and don't trust press releases.

In the wake of recent announcements by Peacefire that they'd decrypted the secret block lists employed by two brands of censoring software, the "encryption" used by another major brand of software, Cyber Patrol, (produced by a company repugnant enough to advertise the increase in sales after Australia passed national censorship legislation), has also been broken. Matthew Skala and Eddy L O Jansson report in an in-depth essay about the practical difficulties encountered when undertaking this task. Their announcement follows.

Their announcement:

"March 11, 2000 - ANNOUNCEMENT

Cyber Patrol(R) 4, a "censorware" product intended to prevent users from accessing undesirable Internet content, has been reverse engineered by youth rights activists Eddy L O Jansson and Matthew Skala. A detailed report of their findings, titled "The Breaking of Cyber Patrol(R) 4", with commentary on the reverse engineering process and cryptographic attacks against the product's authentication system, has been posted on the World Wide Web at this address:

http://hem.passagen.se/eddy1/reveng/cp4/cp4break.html

The abstract of the report:

Several attacks are presented on the "sophisticated anti-hacker security" features of Cyber Patrol(R) 4, a "censorware" product intended to prevent users from accessing Internet content considered harmful. Motivations, tools, and methods are discussed for reverse engineering in general and reverse engineering of censorware in particular. The encryption of the configuration and data files is reversed, as are the password hash functions. File formats are documented, with commentary. Excerpts from the list of blocked sites are presented and commented upon. A package of source code and binaries implementing the attacks is included.

Eddy L O Jansson
srm_dfr@hotmail.com
http://hem.passagen.se/eddy1/index.html

Matthew Skala
mskala@ansuz.sooke.bc.ca
http://www.islandnet.com/~mskala/"

In the wake of recent announcements by Peacefire that they'd decrypted the secret block lists employed by two brands of censoring software, the "encryption" used by another major brand of software, Cyber Patrol, (produced by a company repugnant enough to advertise the increase in sales after Australia passed national censorship legislation), has also been broken. Matthew Skala and Eddy L O Jansson report in an in-depth essay about the practical difficulties encountered when undertaking this task. Their announcement follows.

Their announcement:

"March 11, 2000 - ANNOUNCEMENT

Cyber Patrol(R) 4, a "censorware" product intended to prevent users from accessing undesirable Internet content, has been reverse engineered by youth rights activists Eddy L O Jansson and Matthew Skala. A detailed report of their findings, titled "The Breaking of Cyber Patrol(R) 4", with commentary on the reverse engineering process and cryptographic attacks against the product's authentication system, has been posted on the World Wide Web at this address:

http://hem.passagen.se/eddy1/reveng/cp4/cp4break.html

The abstract of the report:

Several attacks are presented on the "sophisticated anti-hacker security" features of Cyber Patrol(R) 4, a "censorware" product intended to prevent users from accessing Internet content considered harmful. Motivations, tools, and methods are discussed for reverse engineering in general and reverse engineering of censorware in particular. The encryption of the configuration and data files is reversed, as are the password hash functions. File formats are documented, with commentary. Excerpts from the list of blocked sites are presented and commented upon. A package of source code and binaries implementing the attacks is included.

Eddy L O Jansson
srm_dfr@hotmail.com
http://hem.passagen.se/eddy1/index.html

Matthew Skala
mskala@ansuz.sooke.bc.ca
http://www.islandnet.com/~mskala/"