Slashdot Mirror

The Slashdot 10 Year Anniversary Charity Auction for the EFF is at an end and the numbers are in. We are still waiting for payment on one of the six items, but the grand total for the auctions is $9186.83. The big surprise was the anonymous reader who bought the Swag Bag AND the Low UID: he decided to donate an extra $1200 beyond his bids! Thanks to Daniel Peacock (who bought Hemos's burnt copy of Watchmen) and Michael Ravnitzk who bought Triton, the case of the first x86 that ran Slashdot in Feb 1998. He then turned around and told us to shelve it, to try to sell it again later. Instead he got a box of shirts. We're still waiting for payment on the email address, but hopefully nobody would be so crappy that they would scam a charity auction. And lastly, we would like to give special thanks to the University of Advancing Technology (here's a Coral Cache link) who paid $3,550.00 for that hyperlink you just read past. They wanted to express their support for Slashdot and for the EFF, and I think both of us appreciate it. Thanks to everyone who bid on items and congratulations to the winners. And the rest of you - don't feel bad that you missed it. You can always make a donation later - the EFF does good work. Tell them Slashdot sent you.

The Slashdot 10 Year Anniversary Charity Auction for the EFF is at an end and the numbers are in. We are still waiting for payment on one of the six items, but the grand total for the auctions is $9186.83. The big surprise was the anonymous reader who bought the Swag Bag AND the Low UID: he decided to donate an extra $1200 beyond his bids! Thanks to Daniel Peacock (who bought Hemos's burnt copy of Watchmen) and Michael Ravnitzk who bought Triton, the case of the first x86 that ran Slashdot in Feb 1998. He then turned around and told us to shelve it, to try to sell it again later. Instead he got a box of shirts. We're still waiting for payment on the email address, but hopefully nobody would be so crappy that they would scam a charity auction. And lastly, we would like to give special thanks to the University of Advancing Technology (here's a Coral Cache link) who paid $3,550.00 for that hyperlink you just read past. They wanted to express their support for Slashdot and for the EFF, and I think both of us appreciate it. Thanks to everyone who bid on items and congratulations to the winners. And the rest of you - don't feel bad that you missed it. You can always make a donation later - the EFF does good work. Tell them Slashdot sent you.

penguin_dance writes "A Pennsylvania mom is fighting back, suing Universal Music Publishing Group for having a home movie taken down off of YouTube. The movie, featuring her 18-month old bouncing to Prince's song, 'Let's Go Crazy,' was cited for removal by the Group for copyright infringement. Mom Stephanie Lenz was first afraid they'd come after her — then she got angry. She got YouTube to put the video back up, she's enlisted the help of the Electronic Frontier Foundation, and she's filed a civil lawsuit (pdf). 'I thought even though I didn't do anything wrong that they might want to file some kind of suit against me, take my house, come after me. And I didn't like feeling afraid ... I didn't like feeling that I could get in trouble for something as simple as posting a home video for my friends and family to see.'"

An anonymous reader writes "It's been widely reported that Comcast is engaged in a sneaky form of Internet filtering. The company is terminating its customers' BitTorrent sessions by sending misleading data onto the network. The end result is that instead of targeting key heavy users, Comcast is instead engaged in an all out war against P2P protocols. In an interview with CNET, the Electronic Frontier Foundation's Fred von Lohmann states that Comcast is 'throwing a spanner in the works of the Internet, hoping that this will somehow reduce bandwidth usage overall.' Other lawyers seem to have smelled blood, and are circling in the water. Lohmann reveals that '[The EFF has] already been contacted by attorneys who are considering legal action against Comcast.' Could Comcast be facing a class-action?"

ntk writes "Glenn Greenwald from Salon has a long, informative interview with Cindy Cohn, the EFF attorney leading the suit against AT&T over their warrantless wiretapping of their customers. It talks about why the White House is pushing for retroactive immunity against the telco, what the suit has revealed so far, and how little Congressfolk appear to know about how Internet traffic is being monitored."

As part of our 10-Year anniversary, we've decided to have a little charity auction, with the cash going to the EFF. The items currently up for bidding are 'Triton' (the big old tower case from the first x86 used to host Slashdot from Feb 11 1998 through much of 1999... picture is attached to the story if you're curious). A low numbered UID (3 or maybe 2 digits!) so you can win those stupid low UID pissing match threads. Your URL plugged in the story where we announce the auction winners. Oh the fame! The Slashdot Grab Bag: We're putting stuff around the office in a box- random t-shirts, hats, even an old Nokia NGage. The mystery box could contain anything that we stuff in the box before the contest ends... there's a picture of what we have so far attached. A copy of the watchmen trade paperback singed in Hemos's 1999 house fire. An @slashdot.org email alias (tasteful names only ;) The auctions will be running for like 10 days, and we'll post the results when they come up.

Triton currently has a couple of P2s in it that may or may not work, as well as a number of SCSI controllers that may or may not work. It also has a 300W power supply that may or may not work. Remember, you are donating to charity here... but these guts have been sitting in a closet for probably 5 years now. We don't have any idea what works.... the machine was originally hosted in our Holland office, but eventually was shipped to California for colocation. While there it got its guts replaced from dual P133s to dual P2s. After that, it flew back to Holland where it was a file server for a few years until we retired it

The grab box will at least contain some shirts. We have a crate of shirts- some given to us by random companies, others are mis-prints of various corporate things... I think we have some static stickers and hats... but there's no promises here... again... you're making a donation to a worthy charity here! The picture shows you some things that will probably be in the box including Nate's Nokia ngage, a collection of hats... we'll throw in a few of the 10-year anniversary t-shirts as well...

We're willing to sign the things if you think that makes it worth donating more. Or more likely not, if you think it's worth more without our childish scribblings on it. And bid high folks! This is for the EFF after all...

For only the second time in California history, a judge in Alameda County voided an election result and called for the election to be re-run, because the e-voting tallies from Diebold machines couldn't be audited. The vote was on a controversial ballot measure addressing the operation of medical marijuana dispensaries, and the result was a close margin. Activists went to court to demand a recount, but after the lawsuit was filed, elections officials sent voting machines back to Diebold. The court found that 96% of the necessary audit information had been erased. The judge ordered the ballot measure to be re-run in the next election.

kidcharles writes "Newsweek reports that a secretive lobbying campaign has been launched by telecommunications companies who are seeking retroactive immunity from private lawsuits over their cooperation with the NSA in the so-called 'terrorist surveillance program.' Director of National Intelligence Mike McConnell has claimed that lawsuits could 'bankrupt these companies.' The Electronic Frontier Foundation has filed a lawsuit against AT&T over their cooperation in the domestic spying program. EFF legal director Cindy Cohen said of the lobbying campaign, 'They are trying to completely immunize this [the surveillance program] from any kind of judicial review. I find it a little shocking that Congress would participate in the covering up of what has been going on.'"

An anonymous reader writes "With Steve Jobs' recent announcement of his intention to fight off the independent iPhone developers, the question worth asking is: How will Apple try to defeat the hackers: Software updates, or lawsuits? Will Apple risk losing its most frequently (ab)used legal tool, the Digital Millennium Copyright Act, in order to try and punish the developers of the iPhone unlocking tools? This CNET article explores the legal issues involved in this, which make it perfectly legal to reverse engineer your own iPhone, but illegal to share your circumventing source code with others."

An anonymous reader writes to alert us to a court win for the EFF in two cases in which DirecTV employed heavy-handed legal tactics to suppress security and computer science research into satellite and smart card technology. Here's the ruling (PDF) from the 9th US Circuit Court of Appeals. From the announcement: "The cases, DirecTV v. Huynh and DirecTV v. Oliver, involved a provision of federal law prohibiting the 'assembly' or 'modification' of equipment designed to intercept satellite signals. DirecTV maintained that the provision should cover anyone who works with equipment designed for interception of their signals, regardless of their motivation or whether any interception occurs. But in a hearing earlier this year, EFF argued that the provision should apply only to entities that facilitate illegal interception by other people and not to those who simply tinker or use the equipment, such as researchers and others working to further scientific knowledge of the devices at issue."

An anonymous reader writes to alert us to a court win for the EFF in two cases in which DirecTV employed heavy-handed legal tactics to suppress security and computer science research into satellite and smart card technology. Here's the ruling (PDF) from the 9th US Circuit Court of Appeals. From the announcement: "The cases, DirecTV v. Huynh and DirecTV v. Oliver, involved a provision of federal law prohibiting the 'assembly' or 'modification' of equipment designed to intercept satellite signals. DirecTV maintained that the provision should cover anyone who works with equipment designed for interception of their signals, regardless of their motivation or whether any interception occurs. But in a hearing earlier this year, EFF argued that the provision should apply only to entities that facilitate illegal interception by other people and not to those who simply tinker or use the equipment, such as researchers and others working to further scientific knowledge of the devices at issue."

ianare writes "H.R. 3155, the Intellectual Property Enhanced Criminal Enforcement Act of 2007, has been introduced in Congress by Rep. Steve Chabot (R-OH). In most cases, the bill appears to simply double existing penalties. One big change however, is that people could now be charged with criminal copyright infringement even if such infringement has not actually taken place. Not surprisingly, the EFF has condemned the legislation."

RobertB-DC writes "With no fanfare, and apparently no outcry from the privacy community, Anonymizer Inc. discontinued its web-based Private Surfing service effective June 20, 2007. No reason was given, either on the Anonymizer web site or on founder Lance Cottrell's privacy blog. Private Surfing customers are now required to download a anonymizing client that handles all TCP traffic, but the program is Windows-only (with Vista support still a work-in-progress). And of course it's closed-source, which means it has few advantages over several other alternatives."

H.R.811 sounds great: It's stated purpose is "to require a voter-verified permanent paper ballot." Unfortunately, it sounds like the details have some devils, as usual. From the Bev Harris article Is a flawed bill better than no bill?: "[T]he Holt Bill provides for a paper trail (toilet paper roll-style records affixed to DRE voting machines) in 2008, requires more durable ballots in 2010, and requires a complex set of audits. It also cements and further empowers a concentration of power over elections under the White House, gives explicit federal sanction to trade secrets in vote counting, mandates an expensive 'text conversion' device that does not yet exist which is not fully funded, and removes 'safe harbor' for states in a way that opens them up to unlimited, expensive, and destabilizing litigation." Update: 07/11 16:23 GMT by KD : Derek Slater writes "EFF's e-voting expert Matt Zimmerman recently published this article separating the myths about HR 811 from the facts, and countering many of the misleading and outright false claims being made about it."

H.R.811 sounds great: It's stated purpose is "to require a voter-verified permanent paper ballot." Unfortunately, it sounds like the details have some devils, as usual. From the Bev Harris article Is a flawed bill better than no bill?: "[T]he Holt Bill provides for a paper trail (toilet paper roll-style records affixed to DRE voting machines) in 2008, requires more durable ballots in 2010, and requires a complex set of audits. It also cements and further empowers a concentration of power over elections under the White House, gives explicit federal sanction to trade secrets in vote counting, mandates an expensive 'text conversion' device that does not yet exist which is not fully funded, and removes 'safe harbor' for states in a way that opens them up to unlimited, expensive, and destabilizing litigation." Update: 07/11 16:23 GMT by KD : Derek Slater writes "EFF's e-voting expert Matt Zimmerman recently published this article separating the myths about HR 811 from the facts, and countering many of the misleading and outright false claims being made about it."

We have another essay from Bennett Haselton for you to peruse. "Last week's coverage of AT&T's newly announced "anti-piracy initiative" mostly downplayed the key part of AT&T's proposal, which is filtering what their end users can access in the first place, not finding pirates or suing them after the fact. Friday's Associated Press article, which was reprinted on many news sites with headlines like "AT&T to Help Hollywood Track Down Internet Pirates" and "AT&T to ID Offshore Web Pirates", actually said only that "the effort is primarily aimed at pirates who set up operations in other countries" -- and since you can't really "aim" at pirates in Russia and China with anything except missiles, the statement suggests not identifying pirates or tracking them down, but pre-emptively blocking people from connecting to their servers. Only the Red Herring nailed it with their article title, "AT&T to Block Pirated Content"." Follow the magical URL to read the rest of Bennett's words on the matter.

I think this is a crucial distinction, because efforts to filter end users' connections (as opposed to making them pay consequences for their actions after the fact) have always been controversial, even when the content is illegal. The Center for Democracy and Technology successfully overturned a Pennsylvania law that required ISPs to block overseas child pornography sites, partly on the grounds that the filtering included many third-party Web sites as collateral damage. I've argued that a similar private-sector initiative called Canada Cleanfeed, where Canadian ISPs attempt to block child pornography Web sites, would do more harm than good. On the other hand, nobody's fighting very hard for the cause of child pornography downloaders who were caught and arrested. Web sites get sued and shut down all the time, but it was bigger news when Canadian ISP Telus blocked the Web site of a Telus labor union for three days. So it's a big deal whether we're talking about "pre-emptive" filtering, or fighting piracy "reactively" by going after violators.

AT&T Senior VP James Cicconi said in e-mail that "discussion about what the technology will or won't do is premature until we can invent it", but most of the hints so far have been that the anti-piracy technology will be "pre-emptive", i.e. filtering users' connections. Cicconi said on a conference panel that AT&T has to spend billions on network maintenance to carry illegal pirated traffic -- which they probably couldn't recoup by suing people, so the only way to prevent that would be to block it. And Cicconi has referred to the technology several times as a "network-based solution" -- but what else could that mean, except filtering?

So let's assume that's what's on the horizon. Interestingly, Cicconi said that AT&T did not plan to block actual Web sites. However, he said in e-mail, "If one could, with a high degree of certainty, spot and isolate illegal traffic from an offshore site, would you not think the copyright holders would have a reasonable argument for a court order to block that traffic (as opposed to the site itself)?" Presumably this could refer to a Web page with an index of links to BitTorrent files -- so they'd be willing to block the BitTorrent links, but not the Web page? But from that point of view, why not just block Web sites too? If an overseas webpage has a list of links to pirated content, and that content is served over http from the same Web server, wouldn't they want to block it?

But I doubt this would stem much piracy in the long run, because connection filtering to fight piracy became more commonplace, then the next generation of p2p file-trading programs would all just have circumvention capabilities built into them, that let you route your connection through a friend at an unfiltered ISP. You're on AT&T, you upload a file to your friend on Verizon which earns you some "credits" with his node in the p2p network, and instead of redeeming those credits to download a file from him, you use his node as a proxy to download a file indirectly from a site in Russia that AT&T is blocking you from accessing. Advanced users can do this already with tools like Virtual Private Networks and Tor, and some tweaks in a p2p program would just bring it within the range of the casual user.

On the other hand, if AT&T starts filtering traffic, it could set a bad precedent that any time a party in a legal proceeding wants a site declared "illegal", they can demand that AT&T (or other ISPs) block the site. It could be a site libeling a person, or a site hosting a decryption tool that breaks some company's poorly-designed code, or pretty much anything that some powerful person wanted to go away. Meanwhile, if an AT&T customer did get accused of downloading pirated content, now they could invoke the "AT&T didn't stop me" defense -- they thought that AT&T was filtering illegal content, and if they could get to it, then that meant it was legal! In both cases the problem comes from someone using the argument that once AT&T started doing any filtering at all, they should have gone further.

So I would watch the situation closely, even if you're not an AT&T user, and don't assume the situation will take care of itself. Cicconi said, "If a company like ours does dumb things and upsets our customers, we will lose them to someone else," which is something I'm skeptical of whenever I hear it used to defend various draconian anti-spam measures, but in this case I think it's even less applicable. When you're talking about spam filters, at least they always bring some benefit to the user (less spam), and the question is whether the free market weighs those benefits properly against the costs (more lost mail). On the other hand, if an ISP filters the user's connection, that brings no benefit to the user, and in a truly efficient market, all customers of such an ISP would just switch to an unfiltered one -- if that doesn't happen, it simply means the market in that case is not efficient. Is your ISP filtering your connection right now? Probably not, but how could you tell if they were? Right now we assume that ISPs don't filter connections because generally it's "just not done" (except when it is). In a few years we might not be so sure.

Bennett Haselton has written in with his latest report. He starts "Goodmail has announced partnerships with four new ISPs who will charge for "reliable" delivery of your e-mail messages if you want to bypass their spam filters. The news will probably generate another round of editorials like the ones written a year ago about AOL's plan to use Goodmail, including this one from Esther Dyson (for it) and this one from the EFF (against it)." Follow the magical clicky clicker below to read the rest of this story.

If I could ask one serious question of anyone who was defending pay-per-email, or sitting on the fence about it, this would be it: Suppose you sent an extremely urgent e-mail to your doctor or your lawyer, who for the sake of argument you're not able to reach by phone. The recipient's ISP owner happens to see the message before the user retrieves it, and realizes how urgently you need to get it through. So he moves it to the recipient's "spam" folder, and then calls you up and says: pay me $1,000 to move it to the recipient's inbox, or they'll never see it.

Does the ISP have the right to do that? If not, why not?

Perhaps you'd say that Goodmail's 1/4-penny-per-message is reasonable, but $1,000 for one message is too much. But then who decides what is "too much"? The marketplace? Then isn't the ISP admin just another player in the market, and $1,000 is what they want to charge? If you don't like it, you can go somewh... oh, wait, you can't, because there's no other way to get through to the recipient. If you ever get through to your doctor or lawyer, they might switch ISPs after they hear what happened, but should that be your only recourse?

The problem with the ISP charging $1,000 to deliver your message is not that $1,000 is "too much", but that they're charging for a service that has already been paid for. If your doctor or lawyer pays for an e-mail address, they're doing so with the understanding that their ISP will make a reasonable effort to deliver the non-spam e-mails that people try to send them. If their ISP then turns around and asks you for $1,000 to deliver the e-mail, then they're trying to double-bill for the same service, and if they block the message because you don't pay the $1,000, then the ISP is cheating the recipient out of a service that they've already purchased. And it's not just the recipient being cheated; if the recipient has an arrangement with you, as your doctor or lawyer would, then the ISP is interfering in their business relationship with you.

Now, if an ISP using Goodmail offers to let you bypass their filters by paying 1/4 penny per message, how is that different from the doctor example? Well, on the face of it, it's different in at least two ways: first, because the ISP is charging "only" 1/4 penny per message instead of $1,000, and second, they're not saying that your mail will be blocked if you don't pay, only that it might be. But are these qualitative differences, or just differences in degree?

Take the cost-per-message. I have a (verified opt-in) mailing list of about 50,000 people that I send mail to twice a week. In the aggregate, it is just important for me to get mail out to those subscribers, as it is for some people to get a single mail through to their doctor or lawyer. Also, in the aggregate, it would cost me about $1,000 per month if the ISPs collectively asked for 1/4 penny per message and threatened to block them otherwise. So is there any real difference between requesting $1,000 to unblock 50,000 e-mails, and requesting $1,000 to unblock a single e-mail, if you're just doing it because you know the sender urgently needs to get them through? (It's not a reflection of the ISP's costs -- downloading and storing 50,000 messages at 3 K each, costs almost nothing, certainly not anything close to $1,000. And again, I would argue it's a moot point anyway, because those services have already been paid for.)

And how much difference is there, really, between saying that a message (or a group of messages) might be blocked, and saying that a message definitely will be blocked? If it's bad for your doctor's ISP to call you up and say, "Give me $1,000 or there's a 100% chance that your message doesn't get through," what if they say, "Give me $1,000 or there's a 50% chance that your message doesn't get through," isn't that at least 50% as bad? You could say that in my doctor example, the blocking was deliberate, but in the case of the spam filter, it's accidental. But if an ISP chooses not to fix problems with its spam filter, then in a way it's still deliberately creating a certain percentage of cases where the spam filter will block legitimate mail, even if those cases occur at random.

There is one more difference between Goodmail and the scenarios I've described, which is that Goodmail not only lets you bypass an ISP's spam filters, it also certifies that you are trusted and not a phisher. If an ISP like AOL controls the user-interface that a user uses to check their mail, it can display the blue-ribbon "CertifiedEmail" icon next to a Goodmail-certified message. In this case, an ISP can plausibly claim that they're letting all legitimate e-mail get through, but they're still offering a benefit to Goodmail senders. The problem with this is that since phishing only works on users who are gullible to begin with, a phish could just as easily display the CertifiedEmail icon in the body of the message to try and gain a user's trust. It's all very well to say that a user should know that the CertifiedEmail icon only "counts" when it's displayed in the inbox, not in the message itself. But a user who knows that, would probably also know that their bank's Web page is not 209.211.253.169. And besides, most users of Comcast, Cox, RoadRunner and Verizon will be using their own mail clients like Eudora which won't display the "CertifiedEmail" icon anyway.

So it seems pretty clear that the main benefit of using Goodmail will be deliverability. And that's the basic Catch-22: If an ISP gives the same deliverability to non-Goodmail-certified messages, then who's going to use it? On the other hand, if an ISP gives better deliverability to Goodmail-certified messages than to other messages (much more likely), then they are to some extent misrepresenting the services they sell to their users, since users expect an ISP to make the best effort to deliver all legitimate e-mails, not just the ones from paying senders.

Goodmail likens their service to FedEx or UPS for "enhanced delivery" of paper mail as a way of getting the recipient's attention. But the difference is that if you're trying to reach your lawyer, then the office complex where he works (or the city that maintains the streets to his house) is providing the service that he expects and has paid for, namely, allowing different companies to deliver stuff to him there -- and because you have different choices, that means FedEx, UPS and the USPS have to compete with each other, and that keeps the delivery prices down. On the other hand, if an ISP blocks you from mailing their customer unless you pay their fee, then the ISP is going against what the customer expects them to do, and it is precisely that betrayal of trust that gives the ISP a monopoly on your ability to reach the customer -- which leads to them charging monopoly-style prices, like $1,000 to receive and store a few tens of thousands of messages.

There is a lot of debate about whether "the market" would fix problems of legitimate e-mail being lost. Esther Dyson's editorial was a classic libertarian defense of the free market as the arbiter of systems like Goodmail: "If it's a good model, it will succeed and improve over time. If it's a bad model, it will fail. Why not let the customers decide?" Actually I don't think the free market does fix most e-mail deliverability problems -- I've been involved in a few business that sent bulk e-mail (to subscribers who requested it and confirmed their subscriptions), and have had conversations with dozens of others, and we've all had problems sending to Hotmail, AOL, and Yahoo, and I've never, ever heard anyone say that their deliverability problems were solved by "the market". (Usually the problems just come and go, and nobody knows why.) But in a way this is all beside the point. Even if the market would stop more egregious abuses, what gives ISPs the right to charge senders for e-mail services that their customers have already paid for?

I actually met Richard Gingras, the CEO of Goodmail, and Charles Stiles, the postmaster of AOL, at a conference in Seattle last year where they were on a panel defending against the Goodmail controversy. They seemed like nice guys who were genuinely blindsided by the criticism that Goodmail had been receiving. It's easy to see the point of view of Goodmail's defenders -- if Bob wants to pay Alice to "certify" Bob, why would it be anybody else's business? It isn't, until it leads ISPs to steer people towards a system where if you want to be treated like a non-spammer, you have to pay -- even if, strictly speaking, the recipient is already paying to receive your mail.

As for the much-vaunted free whitelisting privileges that non-Goodmail senders will continue to enjoy, in the pre-Goodmail era I once found that AOL was blocking some of my mail to their users, so I called their postmaster department and learned the following facts:

• The first person I talked to, said that he checked the logs and our mail was being blocked because we didn't have reverse DNS set up. I thought this was odd because we did have it configured, but I thanked him and hung up.
• Then, I called back and got someone different. I asked them the same question and they said that according to his logs, our mail was being blocked because someone else at our ISP was sending spam. I asked him why they were blocking our IP address, if it was different from the IP of the alleged spammer; he paused and said, "Is there anything else I can help you with?", and this repeated several times as I thought my phone or his headset wasn't working, before I realized he was just being a dork.
• Then, I called back and got yet another person, and this person said that he could see our mail was being blocked because it contained banned content. I was pretty sure that was wrong, because you get a different-looking bounce if you're sending mail that contains a banned string, but I took a note of that anyway.
• Then, I called back and got a fourth person, who said that our mail was being blocked because some of their users had flagged mail from our IP address as spam. He paused for a brief conversation in the background, then came back and added, "This has already been explained to you, sir." I said that since I had gotten four different explanations in four different phone calls, I figured I could just keep calling and tallying the votes that I got for each explanation, until one of them emerged as the winner.

Much later I found out from someone else about the AOL whitelisting program, which I'm currently trying to see if it prevents us from getting blocked. But if none of the people answering the phone at the postmaster department knew or told me about it (and I confirmed that it did exist at the time), how many other organizations or businesses don't know?

ISPs adopting Goodmail say that while Goodmail senders can bypass their spam filters, non-Goodmail senders will continue to enjoy the same deliverability rates that they have in the past. That's what I'm afraid of.

Slashdot contributor Bennett Haselton has written an essay on a subtle privacy issue affecting many websites (including Slashdot!) He says "Suppose your girlfriend called up Match.com and said, "I think my boyfriend might be cheating on me. His e-mail address is joeblow - at - aol - dot - com. Can you tell me if he's a member?" And Match.com phone support told her, "Why, yes, he is a member. You'd better have a talk with him." After you had gotten over the guilt of getting caught -- I mean, the guilt of cheating -- would you not feel like Match.com had violated your privacy by telling a third party that you were a member?" Keep reading to see what he's getting at and to decide if and when it's a problem.

Something like this is actually possible with quite a few well-known sites -- given a person's e-mail address, it is possible to find out if they have an account with Match.com, PayPal, Netflix, eBay, Amazon, and Google (and, by the way, Slashdot [CT: We'd fix it if I thought it mattered]). For some of those sites, it may even be possible to take a long list of e-mail addresses and use an automated process to find out which of those addresses have accounts with those sites (something I didn't want to risk trying myself, but as a general rule, if you can do it once, you can do it many times, at least if you do it slowly enough). It does not enable the attacker to extract addresses from a site's membership rolls, which is a much more serious type of breach -- in this case, the attacker would have to already know a list of e-mail addresses, and would only be able to find out which of those addresses have accounts with a given service. And it definitely wouldn't enable an attacker to extract more sensitive information like passwords or personal data. But the ability to get a yes/no answer for whether an e-mail address belongs to a member of a given site, should be something that the site designer should take into account. I'm not even saying that it should necessarily be considered a security hole in most cases, just that it should be something that the site designers decide whether or not they want to permit it -- not something that was left in the open accidentally. Representatives from PayPal and Netflix assured me that they knew about the possibility of this attack and had countermeasures to detect it. In the case of Match.com, on the other hand, I would argue it looks like an oversight. For other sites, whether it's a security hole or not depends on your point of view.

There are three main causes for concern with this issue. The first is simple privacy -- for a site like Match.com, a person may not want other people to be able to find out that they're a member. The second is the possibility of making phishing attacks easier. If a phisher sends spam to a huge number of recipients, hoping to trick them into entering their login details on a counterfeit site, then generally their success rate would be proportional to the number of recipients who are members of that site (of which a certain percentage will be duped into entering their login info), but the speed at which the phishing site is shut down would be proportional to the total number of recipients (since any recipient would carry the same likelihood of reporting the phishing site to an ISP and helping to get it shut down). So if the phisher could find out which addresses on their list belong to actual members of a given site, and send mail to just those people, they could get more successful attacks in proportion to the number of e-mails sent. This is especially true of "puddle phishing" attacks, where only a small percentage of recipients are likely to be members of the site being phished. The third possibility is that the data could be valuable to spammers wanting to advertise a competing site -- a spammer advertising a dating site, for example, could get more band for their buck by advertising only to Match.com members. (Maybe even try a hybrid spam-with-just-a-hint-of-phish -- spam that says "Rejected a lot on Match.com?" to make the user think at first that the e-mail really is from Match.com, but then steer them towards a competitor.)

With a build-up like this, the attack is disappointingly simple. (In fact, I listed the possible consequences of the attack first, because otherwise the attack itself is too easy to dismiss.) If you haven't already guessed at least one of these methods, the three easy ways to find out if an e-mail address is associated with an account at a given site, are:

• Try to create a new account with that e-mail address. See if you get an error message saying the address is already associated with an account.
• Log in under an existing account, and try to switch to another e-mail address. See if you get an error message saying the address is already associated with an account.
• Use the forgot-your-password feature to request a password be sent to a given e-mail address. See if you get an error message saying that address is not associated with an account.

Each attack works better if you can avoid triggering an e-mail message sent to the e-mail address in question, whether in a success or failure condition. For example, if the forgot-your-password form only accepts an e-mail address as input, then if the e-mail address you enter really does belong to a member, a password reset e-mail will be sent to that member. That won't prevent you from continuing your attack, but if enough Match.com members get password reset e-mails that they didn't request, some of them will let Match.com know what is going on, and Match.com might find a way to stop the attack in progress. On the other hand, suppose the password-reset form requires an e-mail address and a birthdate, and if you enter an e-mail address without a birthdate, you get one error message telling you that the birthdate was missing, and another error message if the e-mail address you entered is not associated with an account. This avoids triggering an e-mail message to the user in either case, and increases the chance that you can carry on the attack longer without being noticed. And once you've confirmed that someone is a member, this type of password reset form would also let you use trial and error to determine their birthdate as well, something that might make identity theft easier later on. (This, by the way, is exactly how the current Match.com password reset form works. Match.com did not respond to requests for comment.)

With most popular sites that I tested, at least one of the above methods fail, but at least one other method succeeds. On Netflix, for example, the forgot-your-password form requires you to enter a last name and a credit card number, so that form can't be used to find out who is a member. On the new member signup page, though, you can enter an e-mail address and be told whether that e-mail address already belongs to a member. With Match.com, on the other hand, I already mentioned the weakness in the password-reset form, but if I tried to sign up for a new account but I didn't correctly pass the Turing test (reading numbers off a graphic and entering them in a text field), Match.com wouldn't tell me if the e-mail address was associated with an existing account. So that form could not be used to sift through 100,000 addresses and find which ones were Match.com members, but it could be used to find out if an individual person was a subscriber.

There are at least two simple countermeasures to this type of attack. The first is to require a Turing test when a user creates a new account, requests a password reset, or changes their e-mail address on file, and make sure that if the Turing test isn't completed correctly, then no error message is displayed about whether a given e-mail address does or does not exist in the system. This makes it hard for attackers to sift through a mountain of e-mail addresses finding out which ones already belong to accounts, but it still enables someone to check if someone is a member, one person at a time. For sites where that would be a privacy concern (again I'm thinking of Match.com), the other solution is better: send an error message to the e-mail address entered, not displayed to the user in their browser. If you try to sign up as joeblow@aol.com, and that address is already associated with an account, then display the normal message telling the user to check their inbox for confirmation -- but then send them a message saying their address is already in the system. eBay, for example, gets this right on their "forgot your userid" page -- if you enter an e-mail address not associated with an eBay account, it simply says, "eBay just sent your User ID to joeblow@aol.com. Check your email to get your User ID." (On the other hand, eBay's new user signup page lets you check if an e-mail address is assigned to an existing member, without needing to pass a Turing test.)

Netflix, eBay and PayPal also responded to say that they had monitors in place to detect "suspicious" activity, saying that even in cases where the forms did not require a Turing test, they could dynamically detect if someone were using a script to submit the form over and over to harvest data, but they declined to go into more detail. It seems to me this could work for forms that require you to be logged-in, but not for forms that don't. For example, on the Netflix new user page, how would they detect if it's the same person submitting e-mail addresses over and over again? Not by IP address -- you can use Tor and farms of open proxies scattered across the Internet to make it appear as if you're coming from lots of different IP addresses. However, consider the PayPal add-a-new-email-address form. This form does not require a Turing test, and does give you an error message if you try to add an address associated with another account. At first I thought this might be a loophole that an attacker could use to find all the PayPal users in a long list of addresses, but PayPal told me that if you do this enough times under the same account, eventually you will hit a limit where the form starts requiring a Turing test. I never got high enough to hit that limit. However, in this case the "dynamic detection" could actually work -- because you can only perform this action while logged in, and after you hit the limit, to continue testing more addresses would require another PayPal account -- and creating additional throwaway PayPal accounts does require a Turing test for each one. So I'll take their word for it that that attack is blocked, although, it seems to me it would be easier just to require a Turing test on the add-a-new-address page.

On the other hand, perhaps in the case of a site like Netflix, it's not something that users really need to worry about, if the company has no problem with it. Big deal, an attacker can find out whether you're a Netflix user -- but that's not a huge privacy violation, it's not like I shamefully hide those red envelopes under my shirt while I'm scurrying back from the mailbox. Now, a spammer can take a list of addresses and run them through the form to find out who is a Netflix customer, and then spam those users trying to lure them to a competing service -- but that's Netflix's problem, not ours, isn't it? (Well, it's our problem that we get the spam. But without using this attack, the alternative was that the spammer was just going to spam everybody on their list anyway, so by that argument, this attack actually results in less spam all around!)

Except... perhaps an attacker could try the third type of attack, a phishing attack to get people's Netflix usernames and passwords, but not in order to compromise their Netflix account, rather to see if the person has an account with the same password at eBay or PayPal. Perhaps a user would be wary of a PayPal phish since they see so many of them, but they might fall for a Netflix one -- although then the attacker's success would be limited to people who had Netflix and PayPal accounts, and were using the same password for them both...

So it seems to me it's not obvious when this should be considered a problem. (All of the sites mentioned in this article were e-mailed about this issue months ago, and so far none of them considered it a serious enough threat to block all three of the avenues of attack listed above.) If abuse of this type becomes common, perhaps eventually these "queryable membership lists" will come to be considered in the same way as open mail relays -- which were never considered a glaring security hole, but were abused in ways that triggered a shift in people's thinking that got them to be gradually phased out, going from open relays being the default standard up to the early 90's, to the point where many ISPs today prohibit customers from running them. Maybe "queryable membership lists" will start to be abused more, if anti-spam technologies get smart enough that spammers can't send 1 million messages at a time any more and have to limit themselves to, say, 100,000 messages at a time to get through people's filters, so they have to pick which 100,000 of their addresses they could get the most value out of. Or maybe things will go in a completely different direction and this will never become a problem. I just think that, for now, we should be aware that some form of this trick works on the majority of sites that require an account, and the types of abuses described are at least possible.

Seymour writes "Novell and the EFF have announced that Novell will be contributing to the EFF's Patent Busting Project. Novell will also support the EFF's efforts toward patent reform, including with the WIPO. Could this be Novell trying to get back in the good graces of Linux users? 'Novell's agreement with Microsoft has been a source of contention within open source circles, with one Red Hat executive accusing the company of appeasing Microsoft; others have accused Novell of violating the GPL with the agreement. Either way, signing the deal with Microsoft did a lot to sully Novell in the eyes of many Linux users, and Novell's decision to link up with the EFF on patents may have been made with an eye towards getting some of its street cred back with the OSS community.'"

An anonymous reader writes "The US house of representatives today passed a bill outlawing illegal domestic wiretapping by the government. Now government agencies are only allowed to access your private communications under terms of FISA. 'As the Senate Report noted, FISA "was designed . . . to curb the practice by which the Executive Branch may conduct warrantless electronic surveillance on its own unilateral determination that national security justifies it." The Bill ends plans by the Bush Administration that would give the NSA the freedom to pry into the lives of ordinary Americans. The ACLU noted that, despite many recent hearings about 'modernization' and 'technology neutrality,' the administration has not publicly provided Congress with a single example of how current FISA standards have either prevented the intelligence community from using new technologies, or proven unworkable for the agents tasked with following them.'"

Byte Swapper writes "After all the fuss over the AACS trying to censor a certain 128-bit number that now has something over two million hits on Google, the folks at Freedom to Tinker would like to point out that you too can own your own integer. They've set up a script that will generate a random number, encrypt a copyrighted haiku with it, and then deed the number back to you. You won't get a copyright on the number or the haiku, but your number has become an illegal circumvention device under the DMCA, such that anyone subject to US law caught distributing it can be punished under the DMCA's anti-trafficking section, for which the DMCA's Safe Harbor provisions do not apply. So F9090211749D5BE341D8C5565663C088 is truly mine now, and you can pry it out of my cold, dead fingers!"

enharmonix writes "A bit of an update on the recent Digg revolt over AACS. The NYTimes has taken notice and written quite a decent article that actually acknowledges that the take-down notices amount to censorship and documents instances of the infamous key appearing in purely expressive form. I was pleased to see the similarity to 2600 and deCSS was not lost on the Times either. More interesting is that the EFF's Fred von Lohmann blames the digg revolt on lawyers. And in an opinion piece, John Dvorak expands on that theme."

The following was written by frequent Slashdot editorial contributor Bennett Haselton. He writes "Recently author Annalee Newitz created a bit of a stir with the revelation that she had bought her way to the front page of the story-ranking site Digg. Since Digg allows any registered user to go to a story's URL and "digg it" in order to push it upward through the story-ranking system, it was inevitable that services like User/Submitter would come along, where a Digg user can pay for other users to cast votes to push their story up to the top. User/Submitter says they are currently backlogged and not taking new orders, but they say the service will return and will soon feature services for manipulating similar sites like Digg competitor reddit. Even if the new U/S features are vaporware, it probably won't be long before other companies offer similar services. But it seems like all of these story-ranking sites could prevent the manipulation by making one simple change to their voting algorithm."

Before getting to that though, what's at stake? The revelation that Digg could be trivially manipulated did not cause the site to be overrun with bogus stories all at once -- most of the links on the front page still look interesting. Newitz said that her story, which was deliberately chosen to be as lame as possible, got buried by users soon after it hit the front page, which is how Digg cleans spam stories out of the system. However, she also said that in the time that the story was on the front page, the story got about 35,000 hits, whereupon her server crashed and the traffic was thereafter divided with two other mirror sites; presumably if the server had stayed up, she would have gotten about 100,000 hits, all for an initial expenditure of $100, which is orders of magnitude cheaper than buying advertising any other way. (If she had done the same thing with a good story instead of a deliberately lame one, presumably the traffic gains resulting from word-of-mouth and repeat visitors would have been even higher.) As long as the benefits outweigh the cost, more and more unscrupulous users are likely to pay for such services, and since the service provided by User/Submitter is easy to copy, probably similar services will spring up to drive the price down even further. If nothing changes, then eventually sites like Digg and reddit will be flooded with nothing but paid stories. Most of the stories on the front page will probably still be interesting (why would you pay to promote a link, unless it was good enough to draw repeat visitors and get the most value for your money?), but everybody who didn't pay for votes would eventually get crowded out.

One Good Samaritan, Jim Messenger, managed to shut down one Digg manipulation service called Spike The Vote, by buying it out (for a paltry $1,275 - they must have wanted to get out fast) and then turning over to Digg. He warned people that the moral was: Don't sign up for Digg manipulation services, since Digg might get your information from them and then you'll be banned. Actually, I think the moral is simpler: if you're going to try anything like that, do it from a throwaway account that you don't care about losing if you get caught. (Or, only sign up with manipulation services which publish a privacy policy promising never to share your information, especially not with sites like Digg. Then if Digg buys them out, then the site has violated their privacy policy and Digg as the new owner inherits the liability for that, so you can sue them, right?) But as the idea spreads, it will probably become impractical to play whack-a-mole by shutting down manipulation services as they keep springing up. Any time the cost of providing a service (clicking on a few buttons) is small compared to the benefits of receiving the service (100,000 hits in 24 hours), a market will exist for it one way or another, whether you're talking about drug-smuggling, prostitution, or selling Digg votes.

However, I think there's a way to fix it, and here it is. Have you ever seen people put a link in their profile to their HotOrNot picture, saying "Go here and vote me a 10!!"? Similar to the people who send links to their friends and say, "I just posted this, please Digg this for me!" The difference is that on HotOrNot, it doesn't work. On HotOrNot, you can cast votes for a picture in one of two ways. The first way is to go directly to the URL for someone's picture; the second way is to load the front page, where a random picture from the database is selected at random, and vote for whatever picture comes up. The catch is that the votes that you cast by going directly to someone's picture, are simply ignored in calculating the average score for that photo. The only votes that are counted are the votes cast for random pictures displayed on the front page. So if you want to manipulate the voting for your own photo, you'd have to load the front page hundreds of thousands of times waiting for your own picture to come up repeatedly, which is hard to do without being detected.

To enable an algorithm like this on Digg and reddit, the sites could present users with a sidebar box that displays random stories from the pool of recent submissions. (reddit already has a serendipity feature that users can use to select a random story from the available pool, which could be leveraged for this purpose.) Once a story has collected, say, 100 votes -- or whatever number is considered sufficient to provide a representative random sample of how the story appeals to people -- then on that basis the story can either be buried or promoted to the top, where it would be seen by, say, 100,000 people. The elegance of this system is that bad content would only be seen by 100 people on average before it's buried, whereas good content would be seen by all the 100,000 people who view it on the front page, so the average user sees 1,000 pieces of good content for every 1 piece of crap. Even if 75% of users ignore the random story box completely, that just means you have to display it to 400 users instead of 100 before you have enough data points for a good random sample.

I suggested essentially the same algorithm for how an open-source search engine could work without being vulnerable to gaming even by those who understood all of its inner workings. The main difference, of course, is that Digg and reddit actually exist now. Digg declined to comment on the possible merits of such an algorithm; reddit's Steve Huffman said that the idea sounded interesting, although even if the idea got full buy-in, naturally any proposed change would take a long time to bring to fruition.

But it seems that an algorithm similar to this one would be the only way to prevent cheating on sites like Digg that sort content based on user votes. So it's ironic that HotOrNot, the only site I know of that is using a variation of this algorithm and hence is probably the most secure against cheating, is also the one where cheating is least likely to be a problem. Getting a high placement on Digg might enable you to make some money, but getting a highly rated picture on HotOrNot isn't going to make you rich (unless it helps you meet a millionaire who is using the site to find his third wife). Also, making HotOrNot meritocratic doesn't give people an incentive to improve the "content" that they submit, because up to the limits of what can be done with hair and wardrobe, you can't make yourself that much more attractive. With Digg and reddit, on the other hand, I might work harder at submitting a good story, if I knew that it worked in a perfectly meritocratic fashion that pushed good stories right to the top.

If you do this, you don't need any of the other countermeasures listed in Annalee Newitz's follow-up piece "Herding the Mob", such as analyzing user account history for suspicious behavior. As long as most users in the system are legitimate, most of the users in your random sample will be legitimate as well, and their voting will be representative of what most of the community would think. A story could also get a high score within a specific sub-area of the site like the sports page, but kept off of the main site front page, if the story got a high score from a random sampling of sports-oriented users but a low score from a sample of everyone else.

You could even sub-divide the topical areas further, down to a level of granularity like "Would Barack Obama make a good president?" A site called Helium is currently trying something like this -- users can submit essays on subjects like "Racial inequality or oppression: Do they truly exist in todays society?", and vote on how to rank other essays against each other. The voting works on the random selection principle that I'm advocating here -- users are presented with a pair of randomly chosen essays from a given category (not necessarily the same category for which you submitted an essay) and told to vote for the better one, so there's no way to tell all your friends to go to the link for your essay and give it a high rating. The main limitation though is that while the votes can push you to the top of a particular sub-category, that won't cause your article to "break out" and get to the front page of the site -- Helium says that those front-page articles are chosen at random by employees from the among those articles that are highly rated within their narrow category, so just being good is not enough. And if you want to write something that doesn't fit into any existing categories, you have to create a new category for your essay like I did, which will then be a category containing one essay that nobody else ever sees. Perhaps both of these limitations could be overcome by adding the option to rate randomly selected essays on a scale of 1 to 10 -- thus providing a way to rate essays that exist alone in their own category, and also a way to find the best essays across the entire site, rated against each other.

If Digg or reddit adopts a model that uses the random-voter-selection method, then there's the issue of how to handle the votes cast by users under the current system -- the ones who go to a story link and click "digg it", which is what makes the existing system vulnerable to gaming. Digg could do what HotOrNot does, and just ignore those votes outright, but users would probably view this as deceptive. Perhaps Digg could say that votes cast by self-selected users (the ones who go straight to the story link) are counted along with votes from randomly-selected users, unless the average of the self-selected votes is significantly different from the average from the randomly-selected votes, in which case the self-selected votes are ignored. Hopefully this would satisfy most users and preserve the "community" feel of the site, and only a spoilsport would point out that counting the self-selected votes only if they agree with the randomly-selected votes, is exactly the same thing as ignoring the self-selected votes entirely.

I asked the owner of User/Submitter what he thought about this. He was willing to talk with surprising candor (except about things like his real name) and spoke as if he'd like nothing better than for Digg to make changes to their service that would block his system from working. To both Annalee Newitz and me, he said, "We find it interesting that Digg still allows anybody to view any user's diggs. By way of this 'feature,' User/Submitter is able to verify that our users actually digg the stories they're given. Without this feature, Digg users are given complete digging privacy, and User/Submitter cannot exist." Some have expressed skepticism that the Digg cheaters really want Digg to fix the problem. But as a security tester, I can understand that mentality. If you report a problem, and a company doesn't fix it, eventually you get tempted to publicize the problem to draw attention to it. And if they still don't fix it, and it's a fairly benign security hole that merely enables some pranksters to get some undeserved attention, why not build a service around exploiting the hole, if will highlight the problem and encourage it to get fixed?

So I'm going to go out on a limb and say the U/S guy sincerely wants Digg to be more secure. However I disagree with him about his proposed fix, that of hiding a user's digg history. First of all, it won't stop anyone who creates a multitude of accounts all under their control -- you can use Tor to make it appear that you're coming from many different IP addresses, and build up a history of "legitimate" votes before using your votes to push sites deliberately. (Be sure to use different browsers, or vary your User-Agent header if you know how to do that, so that a series of votes from identical browser types doesn't give you away.) If your service does work by paying other users to cast votes, then you could still audit whether they're casting their votes honestly -- for example, create a test story, use 5 sockpuppet accounts to digg it 5 times, then tell your confederate to digg it. If the number of diggs doesn't go up to 6, then you know they're not honoring their end of the deal, and kick them out of the system. As long as most confederates think there might be some chance of getting caught if they don't play along, most of them would probably cast the votes that they were paid for, since it costs them nothing to do so and they wouldn't want to jeopardize their stream of easy money.

I asked the owner of User/Submitter if his service could defeat the random-sampling algorithm I described. "It would slow down our service," he answered, "but certainly wouldn't eliminate it because eventually a U/S User will have an opportunity to vote on a U/S Submission by way of chance." But I don't see how this would beat the algorithm -- some U/S voters would still get to vote on the story, but as long as there are far more legitimate voters than U/S voters, then a random sampling will almost always contain far more legitimate voters. The U/S owner also said, "Randomized voting privileges would be unnecessarily confusing, frustrating, and fragmenting. Not to forget: unfair and undemocratic." Well, you could keep it from being "confusing" or "frustrating" by keeping the existing interface (with the possible addition of a randomly-selected-story box), so that the only changes would be in how the votes are handled under the hood. "Fragmenting"? If anything, it seems to me that the existing Digg/reddit algorithms would be more fragmenting, keeping users within their existing communities of friend who vote for each others' stories; a random-selection box would give stories with "crossover appeal" a greater chance of success, bringing them to the attention of users who might otherwise never have seen them. As for "unfair and undemocratic", presumably this is a reaction to the fact that the votes of 100 users decide what everyone else sees. But it's already the case with Digg that the votes of a small number of users decide what content becomes popular. At least with a random sample of users, it would be the case that the vast majority of the time, the voting outcome would be the same as it would have been if the entire site had voted, due to the magic of representative sampling.

So, I'm putting this suggestion out there for the same reason that Jim Messenger bought out Spike The Vote -- because I don't want sites like Digg and reddit to be manipulated by the abusers. In fact, if they used this algorithm, they would become more meritocratic than they are now, because the systems would strictly favor the highest-rated content, instead of content written by people who have informal networks of friends who can all go digg their stories for them. If I were to design the user rating system to make it cheat-proof, these are the exact details of what I would do:

• Wherever they decide to post the "random story sampling" box (on the front page, or on a link off to a separate page, etc.), have it work so that as soon as new stories are submitted, they can be rotated into that box and displayed to a random set of users, until it's reached its total of 100 votes or however many are required to get a random sample.
• You can have "shutout voting" to kill off stories early that are obvious spam or otherwise really useless, without going through the full 100 votes. (For example, if 90% of the first 10 votes are negative, then stop collecting votes.) This decreases the number of users "inconvenienced" by really obvious spam and other garbage.
• For someone to submit content that gets rotated into that voting process, have them submit a Turing test (read numbers off of a graphic and type them in), or something similar. This prevents spammers from submitting spam content over and over just to have it viewed by those initial 10 voters. If they have to type in a number each time, it's not worth it.
• When users give votes to a story, give them the option to say why they voted the way that they did. (This is especially valuable if they're giving negative votes, then the submitter would know what to improve.) Personally I think the comments would be more valuable if each user can't see other users' comments, at the time they submit their own comments; this prevents the "me too" effect where everybody echoes the first two commenters. (When I ask for independent comments from people, and they almost all say the same thing without seeing each other's comments, that's when I know they have a point!)
• To prevent an attacker from having their own username hit the random-voting page over and over in hopes of voting up their own content, make sure that each user account is only allowed to vote on a given piece of content once (even if they found the content through the random-story page).
• Require a Turing test for new user signups. This would prevent an attacker from registering a huge number of accounts just to hit the random voting page with different users over and over, in hopes getting to vote on their own submitted content eventually.

Then after running this system for a while, look through some collected data to determine if the system could be more efficient. For example, do you really need a sample of 100 votes every time? Suppose you determine that in 99% of cases, you get the same result just from tabulating the first 50 votes, as you would have gotten from tabulating all 100 votes. Then you could modify the system to collect only the first 50 votes, and then make a decision.

Suggestions for improvement? Flaws (hopefully not fatal)? Everyone who cares about keeping community sites like Digg free from abuse, and who wants to create a path for the best content to rise to the top, let's put our heads together and see what we can think of. The above is intended merely as a jumping-off point, and although I've worked it over and I can't see any specific points to improve efficiency, that's probably just because I've been looking at it too long. And if you Digg this story for me I'll give you 1,000 times as much cash as I gave my Mom last Mother's Day.

An anonymous reader writes "In the overlooked case between Blizzard and MDY Industries, the creator of the WoWGlider bot, Blizzard is arguing that using any programs in conjunction with the World of Warcraft constitutes copyright violation. Apparently accessing the copy of the game client in RAM using another program infringes upon their rights. Under that logic, users do not even have the right to use anti-virus software in the event that the game becomes infected. Furthermore, Blizzard's legal filings downplay the role of their Warden software, which actively scans users' RAM, CPU, and storage devices (and potentially sensitive data) and sends information back to Blizzard to be processed."

Eric Goldman writes "Last month, Utah passed a law banning keyword advertising. Rep. Dan Eastman, the Utah legislator who sponsored the law, believes competitive keyword advertising is the equivalent of corporate identity theft, causing searchers to be (in his words) 'carjacked' and 'shanghaied' by advertisers. He also takes a swipe at the EFF, dismissing its critique of the law as 'criticism from the fringes.'"

JumperCable writes "The Electronic Frontier Foundation is seeking to bust an overly broad patent by a company called Acceris. Acceris claims patents on processes that implement voice-over-Internet protocol (VoIP) using analog phones as endpoints. These patents cover telephone calls over the Internet. Specifically, the claims describe a system that connects two parties where the receiving party does not need to have a computer or an Internet connection, but the call is routed in part through the Internet or any other 'public computer network'. The calls must also be 'full duplex', meaning that both parties can listen and talk at the same time, like in an ordinary phone call. To bust these overly broad claims, we need 'prior art' — any publication, article, patent or other public writing that describes the same or similar ideas being implemented before September 20, 1995."

JumperCable writes "The Electronic Frontier Foundation is seeking to bust an overly broad patent by a company called Acceris. Acceris claims patents on processes that implement voice-over-Internet protocol (VoIP) using analog phones as endpoints. These patents cover telephone calls over the Internet. Specifically, the claims describe a system that connects two parties where the receiving party does not need to have a computer or an Internet connection, but the call is routed in part through the Internet or any other 'public computer network'. The calls must also be 'full duplex', meaning that both parties can listen and talk at the same time, like in an ordinary phone call. To bust these overly broad claims, we need 'prior art' — any publication, article, patent or other public writing that describes the same or similar ideas being implemented before September 20, 1995."

Slashdot regular contributor Bennett Haselton writes "The reports of Sinbad's death become greatly exaggerated. A Wikipedia contributor is unmasked as a fraud, raising questions about why he wasn't called out earlier. NBC airs a piece about how anybody can edit any article on Wikipedia, and errors creep in as a result. (Duh.) But what's most frustrating about all these controversies surrounding Wikipedia is that news reports describe these incidents as if they are a permanent, unsolvable problem with any type of community-built encyclopedia, when in fact there seems to be a straightforward solution." More words follow. Just click the link.

In its simplest form, couldn't a person's academic credentials be verified by sending a confirmation link to their .edu e-mail? (Which could be identified as a faculty address either by a domain name like "faculty.schoolname.edu", or by a Web page in the faculty section of the school's Web site identifying the person's e-mail address?) And then once the user's bona fides have been verified in this or some other way, couldn't they put their seal of approval on any article whose contents need to be considered reliable, or that readers want to cite as an authoritative source? In this way, with only a few minutes of effort and without changing a single word of the article, its value is increased many times -- surely one of the best possible trade-offs in terms of effort versus reward. (As for the question of "What experts would do this?", the answer is, presumably the same people who contribute to sites like Wikipedia currently. If their motives are altruistic in the first place, hopefully they would be willing to take this extra step if they knew it would increase the article's usefulness.)

Something like this model is planned by the operators of Citizendium.org, a Wikipedia alternative (I balk at using the word "rival" although it is inevitable that people will see them that way). The last time I wrote about Citizendium, some thought it sounded like such a valentine to the project that they wondered if I was a shill; actually, sometimes a project just comes along that aligns almost exactly with what I would have done if I could have re-done a popular project like Wikipedia with a few design changes, and when that happens, I just say so. Some others may have wondered if I was sucking up for a board position or something. No, that would be, like, work. But I think they have some good ideas that will make them a more useful alternative in some cases, unless Wikipedia copies back some of their ideas in order to serve both needs at once, which would also be a good thing.

Consider the two major issues on which Citizendium is planning to take a different approach from Wikipedia: (1) user verification, and (2) putting published articles into an "approved" state under the stewardship of a credentialed editor, who has to sign off on any future changes to the article. The issue of user verification can be further divided into two sub-issues: (a) verifying users for the purpose of ascertaining their credentials, and (b) verifying users for the purpose of limiting the amount of vandalism committed by new users under pseudonyms. (While editorial control on Citizendium means that it is not possible to vandalize the public-facing version of an article after it has gone into an "approved" state, users can still vandalize an article while it is a "work in progress" being built up towards the first milestone where it can be approved. Citizendium founder Larry Sanger says that such vandals are surprisingly, pathetically motivated even though their work is only seen by a small audience.)

On the first issue, the one of verifying user credentials, I think the verification of .edu addresses especially would be a cheap and easy way to increase the value of every article that that user writes, or signs off on. I don't think, however, it's necessary to go as far as Citizendium is currently planning on going, by requiring real names and biographies of all users. My thinking is that if an article is synthesized by 100 monkeys with typewriters but the finished product is giving the blessing of a credentialed professor of physics, it's pretty much just as reliable as if the professor had written it themselves. And if the same article gets the blessing of multiple credentialed experts, it could justifiably be considered more reliable than many printed sources written by a single author. The point is that the credentials that matter, are those of the people who stake their reputation on the accuracy of the article, not necessarily those of the people who contribute to it. So on this front, I think that while Wikipedia asks too little of users' backgrounds, Citizendium's current plan would ask too much, because as long as you have the credentials of one person who has signed off on an article, collecting non-verifiable bios of the article's other contributors doesn't actually gain anything.

The other side of verifying credentials is the use of credentials to prevent vandalism. In this situation it's not necessary to verify that the user actually is who they say they are; the system only needs to ensure that the same user is not signing up over and over again after previous accounts get banned for abuse. (You could ban users by IP address, but tools like Tor make it easy for users to connect from what appears to be a different IP address every time.) A blog post from Citizendium founder Larry Sanger lists three possible approaches instead: (a) requiring existing user X to vouch for new user Z before Z can join; (b) requiring new user Z to provide a link to a "credible" Web page establishing their identity; or (c) requiring new user Z to provide a link to a "credible" Web page of some person X who can vouch for Z's identity. I don't know how quickly a system could grow by referrals only -- after all, I was surprised that GMail took off so quickly during the period when you could only join with an "invite" from an existing user. Then again, GMail was giving away something for free that almost everyone could use, so most people who wanted it, would find themselves closely linked to someone else who had it. Citizendium, on the other hand, asks not what they can do for you but what you can do for them, and so might not achieve enough penetration to spread by referrals only.

I suggested that one alternative would be to send a postcard to each new user's physical address with a unique six-digit number, which they would have to enter in order to complete their registration, in order to verify that new users really were unique. The problem here, apart from the privacy concerns, is the delay that users would incur before their registration was complete, which would take away the "instant gratification" that they could get from starting to contribute right away. (You could let users edit before their address is verified, but that would just enable the same person to keep re-creating new accounts with unique but fake addresses, and use them to commit vandalism before the account was found out.)

Another idea would be that for new users, their first, say, three edits would go into a queue to be reviewed by verified users, and once the first three edits have been approved, the user is able to make edits in real time. (Since anybody would be able to review a new user's edits to make sure they were not spam, the new user's edits could be reviewed very quickly, since any Citizendium volunteer who was online, could review the latest entries in the edit queue and approve them.) It's true that a user could game this system by, for example, submitting three minor improvements, and then using their unblocked account to vandalize articles while they're being worked on. However, even in this case, the "vandal" would probably end up having a positive contribution to the site, because of the three small improvements that they'd already made. If a legitimate Citizendium volunteer would have to spend more effort making those three small improvements, than it would take to let a new user make those constructive changes and then ban them and revert their destructive changes once the user is caught committing vandalism (and the latter wouldn't take much effort at all), then Citizendium has actually gotten a good deal out of the "vandal"! (To make this work, a user's first contributions could not be "neutral" changes like replacing one word with a synonym; they would have to be actual improvements, even small ones, thus ensuring that the net effect of a potential "vandal" is positive.) There may be other possible solutions. These are just alternatives in case the model of referral by trusted users turns out not to work.

Now switching to the other side of the reliability issue: Whether the default article that is displayed to the public for a given topic, should be the latest "stable" version approved by credentialed users, or the very latest version incorporating all edits submitted by any user whatsoever. Having talked with members of the Citizendium and Wikipedia communities in their respective forums, there appear to be three schools of thought on the article stability issue. The first is that the whole idea of putting articles into an "approved" state and moderating all changes going forward, goes against the "spirit" of wikis in general and Wikipedia in particular. The second, suggested on the Wikipedia discussion list by Sheldon Rampton, is that it would be a useful feature if credentialed users could select certain page versions in the page history and "sign off" on the accuracy of one of those past versions; the page displayed by default would be the bleeding-edge latest one (with all of the possible vandalism and inaccuracies that entails), but users who wanted a reliable, citable source could look in the history. The third school of thought is that reliability is so valuable, that the default page displayed to the public and carrying the stamp of the project, should be the latest version approved by credentialed editors -- the model that Citizendium currently has in mind.

I'm not really partial to the first view, since I think the success of the project should be defined by how it achieves its goals (whatever you define those goals to be) and not in whether it kept with its original "spirit". Since Wikipedia has far more readers than contributors, if your motivations for contributing to or maintaining Wikipedia are at all oriented towards doing good for other people, presumably meeting the needs of readers is more important than keeping the party going for contributors (provided, of course, that the environment for contributors is at least pleasant enough to keep them contributing). The choice between the second and third points of view is more interesting. There's no obvious best-of-both-worlds choice here, because what motivates many contributors (the fact that their changes go live to the entire world, right away) is also what motivates vandals.

On the other hand, the problem doesn't sound unsolvable. You could go with the Citizendium model of editor-approved changes but create a prioritized system for "urgent" updates, in the case of changes to an article made to incorporate current events. Suppose users (who have been verified using one or more of the methods above) are each issued a certain number of "credits" that they can use to mark a proposed update as an urgent, breaking change. (Misusing these credits to mark changes as "urgent", that really aren't, would be considered abuse tantamount to spamming or vandalism.) Then let's say, for example, Anna Nicole Smith dies. A user could submit this change to the Anna Nicole Smith article, along with a link to a reliable news source (e.g. a wire service story) and a credit marking the change as "urgent". Since an editor would not need any particular expertise to view the article and verify that the change was accurate, any editor could review the "urgent request queue" and approve that particular change for publication, ensuring that the queue was checked frequently throughout the day and urgent updates would get pushed through quickly. Thus the site could keep pace with breaking current events without the kind of inaccuracies that plagued Kenneth Lay's Wikipedia entry when he died.

So there's a trade-off there, between displaying all the latest changes by default and motivating people to contribute but also running the risk of vandalism, versus displaying only the latest editor-approved page. Where there is not a trade-off, that I can see, is in the option of simply having an editor-approved version of a given page -- whether it's displayed by default, or only stored in the version history where people can look for it. To me, both of these steps seem to consist of pure gain for relatively little effort:

1. Verify credentials of academic professionals by poking their .edu address.
2. Allow them to give their "blessing" to certain versions of a page in the page history, so that users can rely on those specific page versions and even cite them as sources where appropriate.

So I hope that Citizendium will help bring more prominence to the idea, and that something similar might get incorporated back into Wikipedia. The approval of an identity-verified expert can improve an article's value so much, for such comparitively little extra effort, that it makes no sense not to have that option.

Jivecat writes "Instant Live, a service of the concert promotion company Live Nation, makes recordings of live concerts that are rapidly burned onto CDs to be sold to the audience before they leave the venue. It's a nice service for fans, but Live Nation holds the patent for a technology that places markers between songs so they can be written as separate tracks rather than one big track — in effect giving them a monopoly on in-concert recordings. Now, thanks to the efforts of the EFF and a patent attorney, who found prior work of similar technology, the U.S. Patent Office has revoked Live Nation's patent. This is good news for those who consider Live Nation to be the Evil Empire when it comes to concert promotion."

destinyland writes "The EFF just announced victory over a serial abuser of DMCA copyright notices. To set an example, their settlement required Michael Crook to record a video apology to the entire internet for interfering with free speech. He's also required to withdraw every bogus DMCA notice, and refrain from future bogus notices, never contest the original image again, and take a remedial class on copyright law. He'd attempted to use flaws in the DMCA to censor an embarrassing picture of himself that he just didn't want appearing online — but instead the whole thing backfired."

Nurgled writes "The EFF, reportedly the only consumer rights organization to be granted membership of the Digital Video Broadcasting consortium, reports that TV and movie industry representatives have been pushing for DRM in the DVB technologies. This in itself is not entirely unexpected, but these talks have been going on in closed meetings. The EFF itself has been blocked from reporting on this until now as a condition of being allowed to attend. The proposed technologies allow rights-holders and broadcasters to severely hamper your ability to make use of broadcast television content, including the ability to retroactively blacklist any devices that consumers may already own that act in ways undesirable to the rights-holder or broadcaster. The EFF concludes that public interest and consumer rights advocates must fight back."

Slashdot contributor Bennett Haselton writes "When Jimmy Wales recently announced the Search Wikia project, an attempt to build an open-source search engine around the user-driven model that gave birth to Wikipedia, he said his goal was to create "the search engine that changes everything", as he underscored in a February 5 talk at New York University. I think it could, although not for the same main reasons that Wales has put forth -- I think that for a search engine to be truly meritocratic would be more of a revolution than for a search engine to be open-source, although both would be large steps forward. Indeed, if a search engine could be built that really returned results in order of average desirability to users, and resisted efforts by companies to "game" the system (even if everyone knew precisely how the ranking algorithm worked), it's hard to overstate how much that would change things both for businesses and consumers. The key question is whether such an algorithm could be created that wouldn't be vulnerable to non-merit-based manipulation. Regardless of what algorithms may be currently under consideration by thinkers within the Wikia company, I want to argue logically for some necessary properties that such an algorithm should have in order to be effective. Because if their search engine becomes popular, they will face such huge efforts from companies trying to manipulate the search results, that it will make Wikipedia vandalism look like a cakewalk." The rest of his essay follows.

This will be a trip into theory-land, so it may be frustrating to users who dislike talk about "vaporware" and want to see how something works in practice. I understand where you're coming from, but I submit it's valuable to raise these questions early. This is in any case not intended to supplant discussion about how things are things are currently progressing.

First, though, consider the benefits that such a search engine could bring, both to content consumers and content providers, if it really did return results sorted according to average community preferences. Suppose you wanted to find out if you had a knack for publishing recipes online and getting some AdSense revenue on the side. You take a recipe that you know, like apple pie, and check out the current results for "apple pie". There are some pretty straightforward recipes online, but you believe you can create a more complete and user-friendly one. So you write up your own recipe, complete with photographs of the process showing how ingredients should be chopped and what the crust mixture should look like, so that the steps are easier to follow. (Don't you hate it when a recipe says "cut into cubes" and you want to throttle the author and shout, "HOW BIG??" It drove me crazy until I found CookingForEngineers.com.) Anyway, you submit your recipe to the search engine to be included in the results for "apple pie", and if the sorting process is truly meritocratic, your recipe page rises to the top. Until, that is, someone decides to surpass you, and publishes an even more user-friendly recipe, perhaps with a link to a YouTube video of them showing how to make the pie, which they shot with a tripod video camera and a clip-on mike in their well-lit kitchen. In a world of perfect competition, content providers would be constantly leapfrogging each other with better and better content within each category (even a highly specific one like apple pie recipes), until further efforts would no longer pay for themselves with increased traffic revenue. (The more popular search terms, of course, would bring greater rewards for those listed at the top, and would be able to pay for greater efforts to improve the content within that category.) But this constant leapfrogging of better and better content requires efficient and speedy sorting of search results in order to work. It doesn't work if the search results can be gamed by someone willing to spend effort and money (not worth it for the author of a single apple pie recipe, but worth it for a big money-making recipe site), and it doesn't work if it's impossible for new entrants to get hits when the established players already dominate search results.

Efficient competition benefits consumers even more for results that are sorted by price (assuming that among comparable goods and services, the community promotes the cheapest-selling ones to the top of the search results, as "most desirable"). If you were a company selling dedicated Web hosting, for example, you would submit your site to the engine to be included in results for "dedicated hosting". If you could demonstrate to the community that your prices and services were superior to your competitors', and if the ranking algorithm really did rank sites according to the preferences of the average user, your site could quickly rise to the top, and you'd make a bundle on new sales -- until, of course, someone else had the same idea and knocked you out of the top spot by lowering their prices or improving their services. The more efficient the marketplace, the faster prices fall and service levels rise, until the prices just covered the cost of providing the service and compensating the business owner for their time. It would be a pure buyer's market.

It's important to precisely answer the question: Why would this system be better than a system like Google's search algorithm, which can be "gamed" by enterprising businesses and which doesn't always return the results first that the user would like the most? You might be tempted to answer that in an inefficient marketplace created by an inefficient search result sorting algorithm, a user sometimes ends up paying $79/month for hosting, instead of the $29/month that they might pay if the marketplace were perfectly efficient. But this by itself is not necessarily wasteful. The extra $50 that the user pays is the user's loss, but it's also the hosting company's gain. If we consider costs and benefits across all parties, the two cancel out. The world as a whole is not poorer because someone overpaid for hosting.

The real losses caused by an inefficient search algorithm, are the efforts spent by companies to game the search results (e.g. paying search engine optimization firms to try and get them to the top Google spot), and the reluctance of new players to enter that market if they don't have the resources to play those games. If two companies each spend $5,000 trying to knock each other off of the top spot for a search like "weddings", that's $5,000 worth of effort that gets burned up with no offsetting amount of goods and services added to the world. This is what economists call a deadweight loss, with no corresponding benefit to any party. The two wedding planners might as well have smashed their pastel cars into each other. Even if a single company spends the effort and money to move from position #50 to position #1, that gain to them is offset by the loss to the other 49 companies that each moved down by one position, so the net benefit across all parties is zero, and the effort that the company spent to raise their position would still be a deadweight loss.

On the other hand, if search engine results were sorted according to a true meritocracy, then companies that wanted to raise their rankings would have to spend effort improving their services instead. This is not a deadweight loss, since these efforts result in benefits or savings to the consumer.

I've been a member of several online entrepreneur communities, and I'd conservatively estimate that members spend less than 10% of the time talking about actually improving products and services, and more than 90% of the time talking about how to "game" the various systems that people use to find them, such as search engines and the media. I don't blame them, of course; they're just doing what's best for their company, in the inefficient marketplace that we live in. But I feel almost lethargic thinking of that 90% of effort that gets spent on activities that produce no new goods and services. What if the information marketplace really were efficient, and business owners spent nearly 100% of their efforts improving goods and services, so that every ounce of effort added new value to the world?

Think of how differently we'd approach the problem of creating a new Web site and driving traffic to it. A good programmer with a good idea could literally become an overnight success. If you had more modest goals, you could shoot a video of yourself preparing a recipe or teaching a magic trick, and just throw it out there and watch it bubble its way up the meritocracy to see if it was any good. You wouldn't have to spend any time networking or trying to rig the results, you just create good stuff and put it out there. No, despite whatever cheer-leading you may have heard, it doesn't quite work that way yet -- good online businessmen still talk about the importance of networking, advertising, and all the other components of gaming the system that don't relate to actually improving products and services. But there is no reason, in principle, why a perfectly meritocratic content-sorting engine couldn't be built. Would it revolutionize content on the Internet? And, could Search Wikia be the project to do it, or play a part in it?

Whatever search engine the Wikia company produced, it would probably have such a large following among the built-in open-source and Wikipedia fan base, that traffic wouldn't be a problem -- companies at the top of popular search results would definitely benefit. The question is whether the system can be designed so that it cannot be gamed. I agree with Jimmy Wales's stated intention to make the algorithm completely open, since this makes it easier for helpful third parties to find weaknesses and get them fixed, but of course it also makes it easier for attackers to find those weaknesses and exploit them. If you think Microsoft paying a blogger to edit Wikipedia is a problem, imagine what companies will do to try and manipulate the search results for a term like "mortgage". So what can be done?

The basic problem with any community that makes important decisions by "consensus" is that it can be manipulated by someone who creates multiple phantom accounts all under their control. Then if a decision is influenced by voting -- for example, the relative position of a given site in a list of search results -- then the attacker can have the phantom accounts all vote for one preferred site. You can look for large numbers of accounts created from the same IP address, but the attacker could use Tor and similar systems to appear to be coming from different IPs. You could attempt to verify the unique identity of each account holder, by phone for example, but this requires a lot of effort and would alienate privacy-conscious users. You could require a Turing test for each new account, but all this means is that an attacker couldn't use a script to create their 1,000 accounts -- an attacker could still create the accounts if they had enough time, or if they paid some kid in India to create the accounts. You could give users voting power in proportion to some kind of "karma" that they had built up over time by using the site, but this gives new users little influence and little incentive to participate; it also does nothing to stop influential users from "selling out" their votes (either because they became disillusioned, or because they signed up with that as their intent from the beginning!).

So, any algorithm designed to protect the integrity of the Search Wikia results would have to deal with this type of attack. In a recent article about Citizendium, a proposed Wikipedia alternative, I argued that you could deal with conventional wiki vandalism by having identity-verified experts sign off on the accuracy of an article at different stages. That's practical for a subject like biology, where you could have a group of experts whose collective knowledge covers the subject at the depth expected in an encyclopedia, but probably not for a topic like "dedicated hosting" where the task is to sift through tens of thousands of potential matches and find the best ones to list first. You need a new algorithm to harness the power of the community. I don't know how many possible solutions there are, but here is one way in which it could be done.

Suppose a user submits a requested change to the search results -- the addition of their new Site A, or the proposal that Site A should be ranked higher. This decision could be reviewed by a small subset of registered users, selected at random from the entire user population. If a majority of the users rate the new site highly enough as a relevant result for a particular term, then the site gets a high ranking. If not, then the site is given a low ranking, possibly with feedback being sent to the submitter as to why the site was not rated highly. The key is that the users who vote on the site have to be selected at random from among all users, instead of letting users self-select to vote on a particular decision.

The nice property of this system is that an attacker can't manipulate the voting simply by having a large number of accounts at their control -- they would have to control a significant proportion of accounts across the entire user population, in order to ensure that when the voters were selected randomly from the user population, the attacker controlled enough of those accounts to influence the outcome. (If an attacker ever really did spend the resources to reach that threshold point, and it became apparent that they were manipulating the votes, those votes could be challenged and overridden by a vote of users whose identities were known to the system. This would allow the verified-identity users to be used as an appeal of last resort to block abuse by a very dedicated adversary, while not requiring most users to verify their identity. This is basically what Jimmy Wales does when he steps in and arbitrates a Wikipedia dispute, acting as his own "user whose identity is known".)

This algorithm for an "automated meritocracy" (automeritocracy? still not very catchy at 7 syllables) could be extended to other types of user-built content sites as well. Musicians could submit songs to a peer review site, and the songs would be pushed out to a random subset of users interested in that genre, who would then vote on the songs. (If most users were too apathetic to vote, the site could tabulate the number of people who heard the song and then proceeded to buy or download it, and count those as "votes" in favor.) If the votes for the song are high enough, it gets pushed out to all users interested in that genre; if not, then the song doesn't make it past the first stage. If there are 100,000 users subscribed to a particular genre, but it only takes ratings from 100 users to determine whether or not a song is worth pushing out to everybody, that means that when "good" content is sent out to all 100,000 people but "bad" content only wastes the time of 100 users, the average user gets 1,000 pieces of "good" content for every 1 piece of "bad" content. New musicians wouldn't have to spend any time networking, promoting, recruiting friends to vote for them -- all of which have nothing to do with making the music better, and which fall into the category of deadweight losses described above.

An automeritocracy-like system could even be used as a spam filter for a large e-mail site. Suppose you want to send your newsletter to 100,000 Hotmail users (who really have signed up to receive it). Hotmail could allow your IP to send mail to 100,000 users the first time, and then if they receive too many spam complaints, block your future mailings as junk mail. But if that's their practice, there's nothing to stop you from moving to a new, unblocked IP and repeating the process from there. So instead, suppose that Hotmail stores your 100,000 received messages temporarily into users' "Junk Mail" folders, but selectively releases a randomly selected subset of 100 messages into users' inboxes. Suppose for arguments' sake that when a message is spam, 20% of users click the "This is spam" button, but if not, then only 1% of users click it. Out of the 100 users who see the message, if the number who click "This is spam" looks close to 1%, then since those 100 users were selected as a representative sample of the whole population, Hotmail concludes that the rest of the 100,000 messages are not spam, and moves them retroactively to users' inboxes. If the percentage of those 100 users who click "This is spam" is closer to 20%, then the rest of the 100,000 messages stay in Junk Mail. A spammer could only rig this system if they controlled a significant proportion of the 100,000 addresses on their list -- not impossible, but difficult, since you have to pass a Turing test to create each new Hotmail account.

The problem is, there's a huge difference between systems that implement this algorithm, and systems that implement something that looks superficially like this algorithm but actually isn't. Specifically, any site like HotOrNot, Digg, or Gather that lets users decide what to vote on, is vulnerable to the attack of using friends or phantom users to vote yourself up (or to vote someone else down). In a recent thread on Gather about a new contest that relied on peer ratings, many users lamented the fact that it was essentially rigged in favor of people with lots of friends who could give them a high score (or that ratings could be offset unfairly in the other direction by "revenge raters" giving you a 1 as payback for some low rating you gave them). I assume that the reason such sites were designed that way is that it just seemed natural that if your site is driven by user ratings, and if people can see a specific piece of content by visiting a URL, they should have the option on that page to vote on that content. But this unfortunately makes the system vulnerable to the phantom-users attack.

(Spam filters on sites like Hotmail also probably have the same problem. We don't know for sure what happens when the user clicks "This is spam" on a piece of mail, but it's likely that if a high enough percentage of users click "This is spam" for mail coming from a particular IP address, then future mails from that IP are blocked as spam. This means you could get your arch-rival Joe's newsletter blacklisted, by creating multiple accounts, signing them up for Joe's newsletter, and clicking "This is spam" when his newsletters come in. This is an example of the same basic flaw -- letting users choose what they want to vote on.)

So if the Wikia search site uses something like this "automeritocracy" algorithm to guard the integrity of its results, it's imperative not to use an algorithm vulnerable to the hordes-of-phantom-users attack. Some variation of selecting random voters from a large population of users would be one way to handle that.

Finally, there is a reason why it's important to pay attention to getting the algorithm right, rather than hoping that the best algorithm will just naturally "emerge" from the "marketplace of ideas" that results from different wiki-driven search sites competing with each other. The problem is that competition between such sites is itself highly inefficient -- a given user may take a long time to discover which site provides better search results on average, and in any case, it may be that Wiki-Search Site "B" has a better design but Wiki-Search Site "A" had first-mover advantage and got a larger number of registered users. When I wrote earlier about why I thought the Citizendium model was better than Wikipedia, several users pointed out that it may be a moot point, for two main reasons. First, most users will not switch to a better alternative if it never occurs to them. Second, for sites that are powered by a user community, it's very hard for a new competitor to gain ground, even with a superior design, if the success of your community depends on lots of people starting to use it all at once. You could write a better eBay or a better Match.com, but who would use it? Your target market will go to the others because that's where everybody else is. Citizendium is, I think, a special case, since they can fork articles that started life on Wikipedia, so Wikipedia doesn't have as huge of an advantage over them as they would if Citizendium had to start from scratch. But the general rule about imperfect competition still applies.

It's a chicken-and-egg problem: You can have Site A that works as a pure meritocracy, and Site B that works as an almost-meritocracy but can be gamed with some effort. But Site B may still win because the larger environment in which they compete with each other, is not itself a meritocracy. So we just have to cross our fingers and hope that Search Wikia gets it right, because if they don't, there's no guarantee that a better alternative will rise to take its place. But if they get it right, I can hardly wait to see what changes it would bring about.

schwaang writes that while the US continues to hash out concerns over the Real ID Act, which aims to create a national ID by standardizing state driver's licenses, China has already implemented a massive online ID database, which they say will help prevent fraud. From the Xinhua English-language site: "Anyone can now send a text message or visit the country's population information center's website, to check if the name and the ID number of a person's identity card match. If they do match the ID card-holder's picture also appears, said the Ministry, adding that no other information is available to ensure a citizen's privacy is protected. Completed at the end of 2006, China's population information database, the world's largest, contains personal information on 1.3 billion citizens. Giving public accessing to the database is also designed to correct mistakes if an individual discovers that their name, number and picture don't match."

Regular contributor Bennett Haselton has written in to say that "The Global Online Freedom Act, introduced last year during a firestorm of controversy over American companies cooperating with totalitarian governments in China and elsewhere, was introduced this month as the Global Online Freedom Act of 2007. When Chris Smith (R-NJ) first introduced the law in 2006, Yahoo was under fire for recently turning over information to Chinese authorities that led to the arrest of a political dissident, Microsoft was attacked for removing pages from MSN Spaces China at the behest of the government, Google was being criticized for removing political sites from search results displayed to China, and Cisco was accused of helping to enable Chinese filtering of the Web. All four corporations testified at a February 2006 House hearing during which Representative Tom Lantos summed up the mood of many of his colleagues by telling the companies, "I do not understand how your corporate leadership sleeps at night." The companies protested that they had no choice but to comply with local Chinese laws, but that they were troubled by their own actions, and -- in a rarity for individual tech companies, much less for a chorus -- they all invited the U.S. government to play a bigger role, while being vague about what the role should be."

GOFA would create a U.S.-government-designated list of "Internet restricting countries" and would in most cases prohibit U.S.-based companies from censoring content or turning over users' information to the governments of those countries. Do these companies want GOFA to pass? And is GOFA a good law? I think, yes and yes, but the answers are more complicated than they seem.

With American "collaboration" less in the news, GOFA made less of a splash when it was re-introduced this year, but it is still the subject of spirited debate. Reporters Without Borders, Amnesty International, and other human rights groups have already signed a statement supporting the July 2006 version of the bill (nearly identical the 2007 version). But blogger-journalist Rebecca MacKinnon argues that by creating a government-maintained list of "Internet censoring countries", the law falls short of calling for support of free speech in all countries (the initial list, for example, includes Iran and China, but leaves out notorious human rights violator and net-censor Saudi Arabia). Danny O'Brien of the EFF backs this position as well, and also argues the organization's long-standing position that "code is speech" and that filtering software should not be subject to export regulations that are proposed in the law.

I agree with MacKinnon that instead of using a list of "Internet restricting countries", we should require the same standards of U.S. companies wherever they do business, or at least, stop playing silly games like leaving Saudi Arabia off of a list of human rights violators because Bush is friends with the ruling family. I agree with the EFF that filtering software should be considered First-Amendment-protected speech like encryption software, and not be included on an export-prohibited "munitions" list. And for reasons listed below, I think that the law won't stop censoring countries from blocking any speech they want. But even with all of these qualifications, I think the law would be a step in the right direction, if only for the rules prohibiting companies from turning over users' personal information to the governments of countries like China and Iran. It's painful to give a pass to countries like Germany that also censor political speech, but I think that the situation is so much worse in places like China that we should do what we can in the short term. And for reasons I'll get into, I think that Microsoft, Yahoo, Google and Cisco are secretly hoping that a law like GOFA does get passed -- even if they can't come out and say so.

First, what the law does not do: There is still nothing to stop a U.S. company from blocking or removing legal, political content at the request of a foreign government. Section 204 says only that American content-hosting companies and content-filtering companies have to provide the U.S. government with a list of sites that have been removed or blocked at the behest of a censoring country.

Section 205 does say that U.S. companies may not block or remove sites that are operated by the U.S. government, or by any entity that receives grants from the International Broadcasting Bureau to help defeat foreign censorship. Presumably that would include Peacefire, at least during the periods when we're under contract to the IBB to develop the Circumventor software (but before you start calling me Hallibennett, I'm not working for the IBB right now, and it was my own idea to write this). So the American government, while requiring schools to block us in the U.S., would actually be helping to get us un-blocked in China and Iran! But Section 205 only says that a U.S. business may not block or shut down such sites. As far as I can tell, that means if the Cisco engineer on site in China sets up their routers for them, the Cisco engineer can't put VOANews.com on the block list. But then the Chinese official can walk across the room and add it to the list himself, can't he? Which is almost certainly what they'll do, since the routers are in their country.

So, I think the regulations against Internet blocking will be easy for foreign governments to ignore. But where the law could make a difference is in the prohibition against turning over users' personal data to law enforcement in censoring countries. Section 201 says that servers located in a censoring country cannot contain personally identifiable user information (so that the local police cannot simply storm in and seize the data). Section 202 says that American companies can only turn information over to law enforcement of a censoring country if the information is needed "for legitimate foreign law enforcement purposes as determined by the Department of Justice". MacKinnon has criticized this aspect of the law as well -- "If Americans don't want the DOJ to have access to their user information, why should anybody else?" Very true. But, even at the lowest point of public confidence in the Department of Justice, I think most people living outside of fortified compounds stocked with beef jerky and gold bullion, can agree that the U.S. DoJ has more integrity and legitimacy than the government of China, and that such a rule would mean fewer Chinese dissidents going to jail.

What do the affected U.S. companies think of the law? Microsoft, Yahoo, and Cisco did not respond to requests for comment. A Google PR person replied to say, "We welcome intiatives that expand access to information and protect the rights of users across the globe. At the same time, we remain concerned that legislation in this area can have unintended consequences, so we intend to study any such proposals closely, and work with proponents and others to reach the right outcome." When I replied that the Global Online Freedom Act had been proposed more than a year ago and had been online in its current form since June 2006, presumably enough time to "study such a proposal closely" and take a position on it, he said they would stick with that statement for now. (In his e-mail, he actually put quote marks around the company's statement, which I thought was a nice dry touch.)

But past statements from the respective companies have indicated they would be amenable to such a law. Bill Gates, never one to be shy about criticizing government regulation that he disagreed with, was asked in a February 2006 interview with the London Times, "Should the US government establish guidelines to regulate how internet companies deal with censorship in countries like China?" and answered, "I think something like the Foreign Corrupt Practices Act has been a resounding success in terms of very clearly outlining what companies can't do and other rich countries largely went along with that." At the February 2006 house hearings to discuss American companies' cooperation with overseas censors, representatives from all companies indicated that they actually wanted the government to play a bigger role -- they were vague about what such a role would be, but this was only a month after the first draft of the Global Online Freedom Act had been proposed, the only such law on the table at the time.

At first this might seem paradoxical -- why would companies seem amenable to, even supportive of, laws that would restrict what they can do? But it actually makes sense if you consider their negotiating position with the Chinese government. Currently, the Chinese censors can tell Microsoft, Yahoo, and Google that they either have to either play by the Chinese rules or get out, and the censors know that the companies will comply (without even necessarily feeling guilty about it -- the companies can always say that the Chinese people are better off with a censored version of their services than no access at all).

But if the companies' hands are tied by U.S. law, then they can basically present the Chinese government with a take-it-or-leave-it deal: You can use our e-mail and messenger and blog services, just know that our government won't let us turn over users' personal information if you ever want it. The Chinese censors are presumably coming from the point of view that they'd rather have a controlled Internet, but that it's more important to reap the economic benefits of having the Internet in their country, even if some control is lost (after all, if they didn't believe that, they wouldn't have connected to the Internet in the first place). Hence it's not likely that they'd throw out Yahoo Mail and Google search and MSN Messenger when so many users depend on these and use them for business as well as personal use. (Even if there are Chinese-made alternatives, there would be the huge cost of switching everyone over, and no longer being able to use the old tools to communicate with American companies.) So a law controlling the actions of U.S. companies would very probably allow them to keep doing business in censored countries, while giving them an excuse not to turn over users' data.

But, that might not work if it looks like the companies pushed too hard for the law themselves. If the Chinese see Yahoo fighting tooth and nail to pass a law that restricts what information Yahoo can hand over to China, the Chinese censors could take that as a slap in the face, and punish Yahoo for defying them even after the law is passed that prohibits Yahoo from cooperating. "Oh, you can't give us that information because of the law? This law right here that you lobbied for?"

So, when the general counsel of Yahoo says, "Ultimately, the greatest leverage lies with the U.S. government"; when the Vice President of Google tells Congress, "And certainly also, finally, there is a role for government. We do need your help, and you can help us"; when the associate general counsel of Microsoft testifies, "It is, therefore, the responsibility of governments, with the active leadership of the United States, to seek to reduce or reconcile these differences", I think what we're hearing are subtly encoded messages saying, "Pass this law, or something like it; we just can't look like we wanted it to pass." So, Congress should give them what they want, even if they can't ask for it directly. And at the same time they would be helping users in censored countries all around the world, before the next one gets sent to jail because an American company turned over their information.

Regular Slashdot contributor Bennett Haselton wrote in with a story about the DMCA. He starts "On January 16, a man named Guntram Graef who invoked the Digital Millennium Copyright Act to ask YouTube to remove a video of giant penises attacking his wife's avatar/character in the virtual community "Second Life", retracted the claim and stated that he now believes the video was not a copyright violation. (He had sent similar notices to BoingBoing and the Sydney Morning Herald just for posting screen shots of the video.) His statements in a C-Net interview suggest that he didn't mean to alienate the anti-censorship community and was probably angry over what he saw as a sexually explicit attack on his wife. But the event sparked renewed debate over the DMCA and what constitutes abuse of it. I sympathize with Graef and I admire him for admitting an error, but I still think the incident shows why the DMCA is a bad law." Hit that link below to read the rest of his story.

The DMCA is known mainly for its two most controversial provisions: the ban on technology to circumvent copyright restrictions, and the procedures by which ISPs must respond to "take down" notices if a third party claims that one of the ISP's users is violating their copyright. The first of these, I am opposed to in principle; the second, I am not opposed to in principle but I think is too easy to abuse in practice -- because I think incidents like the Graef case and my own limited court experience in related areas has suggested that the protections against DMCA-type abuses are very weak.

First, I'm against the anti-circumvention provision in principle because I agree with the position espoused by the EFF that computer code is protected under the First Amendment, even if some uses of that computer code may be illegal. After all, at one point a U.S. court even ruled that a manual for carrying out murders as a hit man was protected speech! That ruling was overturned on appeal, and the case was settled out of court before a final decision was ever reached, but still -- given that a handbook for killing people was considered free speech by at least one court, it's a bit of a stretch to think that a DVD-copying program should be given less protection. Just because X is illegal does not mean that tools or instructions for doing X should also be illegal.

With regard to the second provision, I'm not against requiring ISPs to take down infringing material on receipt of a notice from the copyright holder. But in practice there are two avenues for abuse here: (a) the party sending the take down notice can make statements that are not technically false, but which have the effect of persuading the ISP to take the material down, or (b) the party sending the take down notice can simply lie -- because the truth is that in too many cases, false statements made "under penalty of perjury" are not prosecuted, or even noticed, by the courts.

The EFF has already done a good job documenting abuses under the DMCA, and I'm not going to repeat all of that here. My argument is that these are not just temporary problems with a relatively new law, but rather that the abuses are the result of realities that won't change any time soon: ISPs being too busy to look closely at every complaint, and courts being too busy to go after everyone who violates court rules to get what they want. And thus it does no good to say that the DMCA would be fine if only enforcement actually got done properly instead of the ham-handed way it's been carried out so far, because that's not going to happen.

As I said, I think that if you have a bona fide case against a party, there's nothing wrong with taking action against them that would otherwise be considered a violation of their privacy and other rights. I've never sent a DMCA take down notice myself, but I've been involved in court cases in which I asked the judge to sign an order requiring a third party to turn over information about someone that was pertinent to the case. I don't consider that an abuse of the system, if the information you're after is relevant.

I realize this may separate me from some fellow privacy advocates, and some of the things I've done may make them uncomfortable. In one case, I had invited a girl to a charity luncheon where the tickets were $100 apiece, and when she showed up she had "forgotten her checkbook" and needed to borrow the money... Now, don't get ahead of me... Later, in what will not come as a huge spoiler to my fellow male Seattle residents, she apparently decided that, being a non-overweight, non-single-Mom, non-sexually-repressed girl in a city full of rich single guys, she was under no obligation to pay me back, and said, "Go ahead and sue me". Anyone who knows about my sideline taking spammers to court would tell you, it is not a terrifically smart move to say to me, "Go ahead and sue me". So, since I was going to be at the courthouse for an upcoming case against a spammer, I figured, why not, and filled out a Small Claims form with the defendant's address listed as "to be determined", since all I had was her cell phone number. Then I asked the judge to sign an order asking T-Mobile to give me the rest of her information so I could serve the papers on her. The judge signed it, I mailed it off to T-Mobile, and three weeks later T-Mobile sent me a letter containing her address, where I had the papers served. Most people don't know it's possible to do this just in a case where someone owes you $100 and all you have is a phone number, but that's just because a lawyer would never bother with such a small case, and most non-lawyers don't know the option exists -- and of course, it also depends on the judge, who may or may not sign the order.

(In that vein, people always ask me, is that sort of thing really worth the time? In this case, since I was going to be at the courthouse anyway, the extra time to write the motion, get it signed, and mail it off, was less than 30 minutes. But I was mainly curious about whether or not it could be done, and how much privacy protection there really is under the law, and knowing that was worth more to me than the $100 anyway.)

So I don't think it's unethical to request such information if you have a genuine case against a party. But while I don't think that what I did constitutes abuse of the system, I think it clearly shows how the system could be abused. Nobody checked my ID when I filed the case or asked the judge to sign the subpoena; I could have been anybody, and I could have disappeared once I had the information. (I had T-Mobile mail it to my address, but I could have just as easily had them mail it to the court, and then gone down and asked to look at the court file.) DMCA opponents should be aware that even without the DMCA, privacy protections are not as great as most people probably think they are.

As a result, I'm especially nervous about laws that enable abuse based on copyright assertions, because almost all of the legal threats we've ever received at Peacefire were based on what I considered to be bogus "copyright" claims. In 1997 we published a program that you could run on any computer with CYBERsitter blocking software installed, and it would decrypt the file that stored CYBERsitter's "secret" blocked-site list, and print it out in plain text. The CEO of CYBERsitter claimed that we were "violating every intellectual property law ever written" and sent threatening notices to our ISP demanding that they remove the program. I argued that every byte of the decryption program was our original work, so it didn't violate their copyright. In fact, it didn't even enable violations of their copyright, because it didn't make it any easier for someone to distribute illegal copies of their program, and I also said the decryption program served a worthwhile purpose by allowing customers or potential customers to see what the program really blocked. (Although to me, the enabling issue and the "worthwhile purpose" issue were secondary to the primary point, that original works of computer code should be protected by the First Amendment.) Fortunately our ISP stood their ground, but if the DMCA had existed back then, CYBERsitter could have invoked it, and possibly the extra pressure might have caused our ISP to back down. (Blocked-site-decryption programs were originally exempt from the DMCA as a result of the decision of the Copyright Office, but that exemption was revoked in 2006 because nobody had written a new decryption program in three years.)

So that was an example of how a company could intimidate an ISP into taking down material, without technically lying about the situation, but tacking on the words "copyright violation" and hoping the ISP would capitulate. What about cases where the sender of a DMCA take down notice just lies?

The Dutch activist group Bits Of Freedom conducted an experiment in 2004, in which they signed up with 10 different ISPs and posted a copy of a work that was clearly labeled with a notice that the author had died 100 years ago and the copyright had expired. Then they sent fake "complaints" to all 10 ISPs from an anonymous Hotmail address. 7 of the 10 ISPs removed the content immediately, and one even replied to give the personal details of the account holder, without being asked to do so. So completely fictitious complaints do apparently work. The DMCA does more protection than that because it requires the complainer to make a copyright claim "under penalty of perjury". But how much assurance does that really provide?

No one has yet tried to get our site shut down with a copyright claim or other accusation that was simply made up out of whole cloth. But my experiences in other areas have left me without much confidence in statements that are made "under penalty of perjury". The times I've been to court against spammers, I usually get to watch a few other Small Claims cases being tried. Probably at least once every time that I've been there, it's come to light that some party in a case said something that they almost certainly knew was not true, and I've never seen a judge do anything about it -- and court employees who have been there much longer have said they've never seen it happen either. (Judges are far more likely to get upset about people speaking out of turn. It's OK to lie, as long as you do it while the judge isn't talking!) It's true that Small Claims court is for resolving small matters, but lying under oath in Small Claims court is still a felony, punishable at least in theory by up to 10 years in jail. (And in any case, lawyers have told me that even in higher-level courtrooms, most false statements don't get anyone in big trouble. High-profile cases like Martha Stewart are the exception.) I don't think that everyone who lies under oath should go to the big house for 10 years. But I have no faith in the DMCA just because it requires accusatory statements to be made "under penalty of perjury", when judges usually let false statements under oath go completely unnoticed.

I doubt that a lawyer would risk their career and even their freedom to make up a completely fraudulent DMCA claim against us, such as claiming a page on our site was a ripoff of something originally produced by their client. But I don't think it's out of the realm if possibility that a lawyer would claim that, for example, a parody of one of their logos that appeared on our site, was a "copyright violation" -- even though the company would almost certainly be advised by their lawyer that such parodies are protected speech, which means their statement would constitute perjury, but it would probably never be punished.

The low point of my own confidence in the enforcement of anti-perjury laws, came when I sued a spammer who appeared in court and claimed that he had absolutely no knowledge of the spam being sent, and had never accepted any orders for spamming of any kind, while the judge, who appeared to hate anti-spam cases even more than most judges did, kept haranguing me for suing a clearly "innocent" person. I then played a recording of a conversation that I had with the spammer over the phone, pretending to be an interested customer (with a disclaimer played at the beginning of the call saying that it could be recorded, in order to make the taping legal), in which he said, among other things:

"I mean, we have all their information to back up any email we send them. If we have their ISP information, we can prove that they've given it out, because you can't get someone's ISP unless they've given it to somebody." [sic -- he meant "get someone's e-mail address", although the statement is still wrong]

"Do you already have your creatives and everything? So I've just got to upload what you have and just blast it out?" [note: "creatives" are copies of ads that sent out for you by advertisers and spammers]

"It's a United-States-based company but they pump everything through China and then it comes back to the United States."

The judge appeared very flustered at that point and started accusing me of "entrapment" (which was backwards -- I'd never heard of the spammer until he spammed me first, and then I called him afterwards, just to get evidence that he was in the spamming business in case he showed up in court and denied it). Since she claimed it was entrapment, I still lost and the spammer walked out home-free, without the judge ever even commenting on the questionable veracity of the statements he had made at the beginning. And that is all the protection that exists in the real world against people making false statements "under penalty of perjury".

The point is that when reading the wording of a proposed law, there's a temptation to think that the scenario described is exactly how the law will play out when it's enforced (see the "Alice, Bob and Charlie" scenario in the Wikipedia entry on the relevant section of the DMCA), and that anyone who deviates from the rules will be punished. But my narrow experience in court, in an area unrelated to the DMCA, taught me some things that several lawyers, with sad smiles, have confirmed to be true throughout the law: (a) judges will do what they want; (b) even if judges do sincerely want to follow the law, they're unlikely to agree on what it says; and (c) courts don't have the will or the time to chase down every person who violates the rules.

Don't judge a law by what it says will happen. Judge it by how it will play out if more than half of the steps in the process get screwed up. Guntram Graef apparently wasn't even trying to do anything dishonest when he got a video removed from YouTube on the basis of copyright claims that turned out not to be valid. Imagine how much abuse is possible when you're gaming the system on purpose.

shadowmage13 writes "Hollywood privately admits that DRM is not really about piracy. From the article: 'In a nutshell: DRM's sole purpose is to maximize revenues by minimizing your rights so that they can sell them back to you... Like all lies, there comes a point when the gig is up; the ruse is busted. For the movie studios, it's the moment they have to admit that it's not the piracy that worries them, but business models which don't squeeze every last cent out of customers.' You can take action on Digital Restrictions Management at DefectiveByDesign of the Free Software Foundation, Digital Freedom, and the Electronic Frontier Foundation."

JAFSlashdotter writes "If you enjoy MP3 or OGG streams of internet radio, it's time to pay attention. This week U.S. Senators Lamar Alexander, Joseph Biden, Dianne Feinstein, and Lindsey Graham decided to reintroduce the 'Platform Equality and Remedies for Rights Holders in Music (PERFORM) Act'. An Ars Technica article explains that PERFORM would restrict our rights to make non-commercial recordings under the Audio Home Recording Act of 1992, and require satellite and internet broadcasters to use 'technology to prevent music theft'. That means goodbye to your favorite streaming audio formats, hello DRM. The EFF said pretty much the same when this bill last reared its ugly head in April of 2006. It's too soon to get the text of this year's version (S.256) online, but it likely to resemble last year's S.2644, which is available through Thomas."

Salvance writes "While most bloggers who received the controversial Vista powered Acer from Microsoft are keeping them, Laughing Squid has decided to auction off his free laptop from Microsoft and donate all proceeds to the The Electronic Frontier Foundation. (EFF) He saw this as a great opportunity to support a worthy cause, and some other bloggers are following suit. What's funny is that Microsoft is now backpedaling and telling bloggers to send back the laptops. Do they even have a legal right to do so?"

Regular Slashdot contributor Bennett Haselton writes in to say "The December 1st release of Psiphon has sparked renewed interest in the various software programs that can help circumvent Internet censorship in China, Iran, and other censored countries. (Some of this interest undoubtedly being motivated by the fact that many of these programs also work for getting around blocking software at work or school.) Have you ever wanted to understand the science behind these programs, the way that mathematicians and codebreakers understand the magic behind PGP? If you loved the mental workout of reading "Applied Cryptography", have you ever wanted a tutorial to do the same for Psiphon and Tor and other anti-censorship programs?" The rest of his editorial follows.

Well, here's a primer, but you might be disappointed. Like making the Statue of Liberty disappear, it doesn't sound very cool once you know how it's done; the truth is that most anti-censorship programs, including mine, only work because the censors are not trying very hard.

(Note that I am going to be talking about ways that certain anti-censorship programs can be defeated. I don't believe that this is giving much help to censors, because these are obvious weaknesses that would occur to anyone who knows how the programs work. For reasons I'll get into at the end, I don't think these weaknesses actually make much difference.)

Basically, all anti-censorship programs fall into two categories: those that require you to have a helper outside of the censored country, and those that don't.

Take Psiphon. To use Psiphon, someone in a non-censored country has to install it on their home computer, which turns their computer into a Web server with an interface similar to Anonymouse.org, where you type in the URL of the page you want to view and it fetches it for you. The difference, of course, is that Anonymouse.org is widely known and blocked by any self-respecting Internet filtering system, while your newly created Psiphon URL pointing to your home computer is not blocked anywhere, yet. So if you set up a Psiphon URL on your computer in the U.S. and e-mail it to your friend in China, your friend can use it to surf wherever they want. (Note that this also has the desirable property that the person in China doesn't have to install any software, so they can use the URL even from a cybercafe computer with restricted user permissions.) The hurdle, of course, is that the person in China has to have a contact outside the country to help them. This is not a huge barrier for many Chinese, but it still means the program doesn't have the instant gratification property of something that you turn on and it just works.

Peacefire, by the way, had released the Circumventor program in 2003 which did essentially the same thing. (And the Circumventor was itself really just a wizard for installing a Web server with James Marshall's CGIProxy script, which deserves most of the credit, although the Circumventor did help bring it "to the masses", since most users don't have the ability to set up an SSL-enabled Web server themselves.) Psiphon made some improvements, namely:

• Ability to create password-protected accounts to restrict the URL to certain users.
• Smaller download (although it may not matter much since only broadband users would be installing it anyway).
• Ability to run on Linux. (Circumventor only works on Windows, although you can install CGIProxy on a Linux webserver if you know how.)

Circumventor has some of its own advantages, although they're the kind that could easily be incorporated into Psiphon soon:

• A wizard to help users forward incoming connections on their router and enter exceptions in software firewalls to make the software work. (If they want to. No tweaking people's firewall settings without asking them!)
• Slightly harder to block, due to some strategies such as using a different SSL certificate for each install (Psiphon uses the same one each time).

And both programs fall victim to the same attacks, although as far as I know, none of these have been implemented in practice:

• Blocking sites whose SSL certificates do not match the site hostname (easier for a censoring proxy server like the ones used in the Middle East, than for an IP firewall like the Great Firewall of China).
• Blocking outgoing Web connections to residential IP address ranges like Comcast.

But basically, they're the same program -- so the difference in press coverage has been illustrative of how much context matters to reporters. Psiphon is the "politically correct" version -- they've played down the fact that it can be used to get around blocking software in schools and played up the fact that it can be used to beat the censors in China and Iran, and the press coverage has focused exclusively on that human rights aspect. The Circumventor was also written to help foreign victims of censorship, and articles have been written about its uses for that purpose, but I've also been unapologetically promoting its use to get around blocking software at home and in school, as part of an advocacy for greater civil rights for people under 18. (Also because the more installations there are in the U.S., the more it helps users abroad.) As a result, some of the TV news pieces about it have used such ominous music and lighting that they practically looked like recycled footage from "To Catch a Predator". Of course, Psiphon can be used for exactly the same thing. (I also emailed some of the reporters who recently wrote about Psiphon, to tell them about Circumventor; so far, I haven't heard back from any of them, but I doubt they're being politically correct this time, I think they're just not thrilled that C-Net scooped them by three years and seven months.)

So, Psiphon and Circumventor fall in the first category -- programs that only work if you've got a contact outside the censored country to help you. In the second category is Tor, which was originally written to provide mathematically secure anonymity, but had the nice property that it could be used to get around the Great Firewall of China as well. With your browser in China using Tor as a proxy, packets are routed to other Tor nodes outside the country, which connect you with any blocked Web site that you want to see. Best of all, you just install it on a machine in China, and presto, it works, no nagging your expat cousin in the U.S. to install something on their computer to help you. Dynamic Internet Technologies, run by Chinese dissident Bill Xia in North Carolina, runs another service that works "out of the box" -- you send an instant-message to one of the DIT screen names, and it replies with a list of currently running Web proxies. (Bill has asked me not to publicize the actual screen names that perform this service, because it's intended only for Chinese users. I think that's a case of "security through obscurity", but I respect his wishes.)

Unfortunately, all such "instant gratification" solutions have the same basic weakness, which by a simple argument can be extended even to hypothetical future programs in the same category. In the case of a program like Tor, the censor only has to install the software, look at what IP addresses the software connects to when it bootstraps itself, and add those IP addresses to the blacklist. Even if the software chooses at random from multiple IP addresses to bootstrap to, the censor can still obtain all of them by repeatedly re-installing the software (possibly wiping the machine each time so the software can't tell that it's been installed before). No matter how you slice it, if Alice the legitimate user and Bob the censor download the program on the same day, Bob can make the program not work for Alice if he updates the blacklist quickly enough. He doesn't even have to reverse-engineer the software, he just has to use a network sniffer to see where it connects to. (For DIT's proxy-by-instant-message system, the censor can instant-message the screen name repeatedly, from different accounts, until they've collected and blocked all the available proxies; this would be analogous to re-installing Tor repeatedly and seeing what IPs it connects to.)

Peacefire has produced other approach which is a simple, obvious idea, and it was quite by accident that we found out it slips through the cracks of the seemingly "unsolvable" problem with instant-gratification outlined above. Like the other solutions, it works only as long as the censors are fairly lazy, but they are, and it does. About 30,000 people have signed up through a form on our site to be notified each time we create a new Circumventor site and mail it out, every 3 or 4 days. Agents of the blocking companies have joined the list too, of course, but we mail different sites to different subsets of the list. Now, an attack analogous to the attacks listed in the previous paragraph, would be for the censors to join under many different accounts, and then block any site that gets mailed to any of those accounts. But the catch is that when an address joins the list, a new site doesn't get mailed to that address until some random time in the future. So the censor has to check all of the fake Hotmail accounts that they've created, over and over, if they want to block all of the new sites as soon as they're released. Hardly impossible, but the censor can no longer use the instantaneous approach of: (1) enter the system / join the list / install the software; (2) see where it connects to and block those points of access; (3) repeat. (If we instantly e-mailed a randomly selected site to each new signup, then this attack would work.) By going from instant gratification to almost-instant-gratification, you change one of the conditions for the theorem stated in the previous paragraph, so that it no longer holds true. Still, like Tor and the DIT system, it could be blocked with a moderate amount of effort.

The Tor protocol, by the way, has been the subject of a great deal of sophisticated mathematical analysis, really brainy stuff that is beyond the scope of this article. But it's important to understand that that analysis focuses on the security of the Tor protocol for achieving anonymity. For anonymity, the protocol is very strong; for routing around censorship, it's fairly straightforward to defeat. That's not at all a criticism of the Tor developers; Tor was designed to achieve anonymity, and just turned out to work for beating censorship as well -- but only, of course, as long as the censors aren't making much effort to block it.

Which all leads to the obvious question: Why have the censors not bothered?

Nobody knows for sure, but I fear the answer is that the Chinese government and other censors know that the greatest weapon in their arsenal is not IP blocking, or keyword filtering, or even the threat of arrest. It's just apathy. The Chinese censors know what we anti-censorware developers in the free world keep forgetting: that most Chinese are not liberty-minded Jeffersonians chomping at the bit under the oppressive yoke of their government and waiting to be freed by circumvention software. As Michael Chase and James Mulvenon of the RAND Corporation put it in their report on Internet usage by Chinese dissidents, You've Got Dissent!: "[A]lthough some peer-to-peer applications... are designed specifically to combat censorship on the Internet and address privacy concerns, most Chinese Internet users are undoubtedly more interested in using peer-to-peer applications for entertainment purposes such as downloading MP3 music files." The censors know what Netscape knew when they fought tooth and nail against Microsoft including Internet Explorer on the desktop of every Windows machine: defaults matter. It doesn't matter that users can go to Netscape's site and download their browser, and it doesn't matter that users can access a banned site by installing a cool p2p program. Most people just don't.

When I first started working on the Circumventor, I assumed that since the Chinese Internet censorship bureau reportedly employed about 30,000 people, surely if they were already spending that much effort and money, they'd throw plenty of resources at defeating any new anti-censorship program, so the Circumventor would have to be able to withstand any such attack. But I was wrong. According to the RAND corporation paper, the censors have been quite busy, for example, policing political forums for dissident postings that other users might casually run into. But they apparently assume -- correctly, it seems -- that content doesn't pose much of a threat if users have to go out of their way and download a program to access it. And if the user has to have a friend outside the country to help them, then forget it.

This is not to downplay the enormous good that programs like Tor, Circumventor and Psiphon can do in bringing free speech to the people in censored countries who want it. But it's easy to forget that those often do not comprise a large part of the population.

One of the biggest disappointments for me came in May 2005 when I was looking for ways to get around the word filter on MSN China's blogging service. Microsoft, apparently acting on public relations advice from Lex Luthor, had decided to filter the words "freedom", "democracy", and "Taiwan independence" from the titles of blogs on MSN China. (I know, I know, they have to comply with Chinese laws to do business there. But I don't think the Chinese have actually outlawed the word "democracy".) Eventually I did find a loophole, so I searched on MSN for some Chinese blogs published by expatriates to ask them to help test the workaround for me. With a few exceptions, most of the bloggers were rather hostile, saying that they supported their government's efforts to censor the Internet and to stamp out Falun Gong as a dangerous "cult". (These were expats living in the U.S., so presumably they were not worried about the Chinese government sending a tank across the Pacific to run them over if they criticized the ruling party. Even if they thought they had to watch what they said because they might someday return to China, or because they still had family there, surely it would have been easier just to ignore me; the hostility that I encountered sounded genuine.) The moral is, no matter how much your movement believes in its efforts to help oppressed people, you can't just assume you'll be greeted as liberators (ahem).

So now you know most of what there is to know about the state of the art in anti-censorship software. It's just that there is less to understand than the hype originally suggests -- the programs aren't really secure, but they work because the censors aren't really trying. And there aren't any cool mathematical formulas that you can impress your friends with -- for that, you'll still have to go back to Applied Cryptography. It's a lot less impressive to be the Bruce Schneier of circumvention algorithms than it is to be the real Bruce Schneier.

Regular Slashdot contributor Bennett Haselton writes in to say "The December 1st release of Psiphon has sparked renewed interest in the various software programs that can help circumvent Internet censorship in China, Iran, and other censored countries. (Some of this interest undoubtedly being motivated by the fact that many of these programs also work for getting around blocking software at work or school.) Have you ever wanted to understand the science behind these programs, the way that mathematicians and codebreakers understand the magic behind PGP? If you loved the mental workout of reading "Applied Cryptography", have you ever wanted a tutorial to do the same for Psiphon and Tor and other anti-censorship programs?" The rest of his editorial follows.

Well, here's a primer, but you might be disappointed. Like making the Statue of Liberty disappear, it doesn't sound very cool once you know how it's done; the truth is that most anti-censorship programs, including mine, only work because the censors are not trying very hard.

(Note that I am going to be talking about ways that certain anti-censorship programs can be defeated. I don't believe that this is giving much help to censors, because these are obvious weaknesses that would occur to anyone who knows how the programs work. For reasons I'll get into at the end, I don't think these weaknesses actually make much difference.)

Basically, all anti-censorship programs fall into two categories: those that require you to have a helper outside of the censored country, and those that don't.

Take Psiphon. To use Psiphon, someone in a non-censored country has to install it on their home computer, which turns their computer into a Web server with an interface similar to Anonymouse.org, where you type in the URL of the page you want to view and it fetches it for you. The difference, of course, is that Anonymouse.org is widely known and blocked by any self-respecting Internet filtering system, while your newly created Psiphon URL pointing to your home computer is not blocked anywhere, yet. So if you set up a Psiphon URL on your computer in the U.S. and e-mail it to your friend in China, your friend can use it to surf wherever they want. (Note that this also has the desirable property that the person in China doesn't have to install any software, so they can use the URL even from a cybercafe computer with restricted user permissions.) The hurdle, of course, is that the person in China has to have a contact outside the country to help them. This is not a huge barrier for many Chinese, but it still means the program doesn't have the instant gratification property of something that you turn on and it just works.

Peacefire, by the way, had released the Circumventor program in 2003 which did essentially the same thing. (And the Circumventor was itself really just a wizard for installing a Web server with James Marshall's CGIProxy script, which deserves most of the credit, although the Circumventor did help bring it "to the masses", since most users don't have the ability to set up an SSL-enabled Web server themselves.) Psiphon made some improvements, namely:

• Ability to create password-protected accounts to restrict the URL to certain users.
• Smaller download (although it may not matter much since only broadband users would be installing it anyway).
• Ability to run on Linux. (Circumventor only works on Windows, although you can install CGIProxy on a Linux webserver if you know how.)

Circumventor has some of its own advantages, although they're the kind that could easily be incorporated into Psiphon soon:

• A wizard to help users forward incoming connections on their router and enter exceptions in software firewalls to make the software work. (If they want to. No tweaking people's firewall settings without asking them!)
• Slightly harder to block, due to some strategies such as using a different SSL certificate for each install (Psiphon uses the same one each time).

And both programs fall victim to the same attacks, although as far as I know, none of these have been implemented in practice:

• Blocking sites whose SSL certificates do not match the site hostname (easier for a censoring proxy server like the ones used in the Middle East, than for an IP firewall like the Great Firewall of China).
• Blocking outgoing Web connections to residential IP address ranges like Comcast.

But basically, they're the same program -- so the difference in press coverage has been illustrative of how much context matters to reporters. Psiphon is the "politically correct" version -- they've played down the fact that it can be used to get around blocking software in schools and played up the fact that it can be used to beat the censors in China and Iran, and the press coverage has focused exclusively on that human rights aspect. The Circumventor was also written to help foreign victims of censorship, and articles have been written about its uses for that purpose, but I've also been unapologetically promoting its use to get around blocking software at home and in school, as part of an advocacy for greater civil rights for people under 18. (Also because the more installations there are in the U.S., the more it helps users abroad.) As a result, some of the TV news pieces about it have used such ominous music and lighting that they practically looked like recycled footage from "To Catch a Predator". Of course, Psiphon can be used for exactly the same thing. (I also emailed some of the reporters who recently wrote about Psiphon, to tell them about Circumventor; so far, I haven't heard back from any of them, but I doubt they're being politically correct this time, I think they're just not thrilled that C-Net scooped them by three years and seven months.)

So, Psiphon and Circumventor fall in the first category -- programs that only work if you've got a contact outside the censored country to help you. In the second category is Tor, which was originally written to provide mathematically secure anonymity, but had the nice property that it could be used to get around the Great Firewall of China as well. With your browser in China using Tor as a proxy, packets are routed to other Tor nodes outside the country, which connect you with any blocked Web site that you want to see. Best of all, you just install it on a machine in China, and presto, it works, no nagging your expat cousin in the U.S. to install something on their computer to help you. Dynamic Internet Technologies, run by Chinese dissident Bill Xia in North Carolina, runs another service that works "out of the box" -- you send an instant-message to one of the DIT screen names, and it replies with a list of currently running Web proxies. (Bill has asked me not to publicize the actual screen names that perform this service, because it's intended only for Chinese users. I think that's a case of "security through obscurity", but I respect his wishes.)

Unfortunately, all such "instant gratification" solutions have the same basic weakness, which by a simple argument can be extended even to hypothetical future programs in the same category. In the case of a program like Tor, the censor only has to install the software, look at what IP addresses the software connects to when it bootstraps itself, and add those IP addresses to the blacklist. Even if the software chooses at random from multiple IP addresses to bootstrap to, the censor can still obtain all of them by repeatedly re-installing the software (possibly wiping the machine each time so the software can't tell that it's been installed before). No matter how you slice it, if Alice the legitimate user and Bob the censor download the program on the same day, Bob can make the program not work for Alice if he updates the blacklist quickly enough. He doesn't even have to reverse-engineer the software, he just has to use a network sniffer to see where it connects to. (For DIT's proxy-by-instant-message system, the censor can instant-message the screen name repeatedly, from different accounts, until they've collected and blocked all the available proxies; this would be analogous to re-installing Tor repeatedly and seeing what IPs it connects to.)

Peacefire has produced other approach which is a simple, obvious idea, and it was quite by accident that we found out it slips through the cracks of the seemingly "unsolvable" problem with instant-gratification outlined above. Like the other solutions, it works only as long as the censors are fairly lazy, but they are, and it does. About 30,000 people have signed up through a form on our site to be notified each time we create a new Circumventor site and mail it out, every 3 or 4 days. Agents of the blocking companies have joined the list too, of course, but we mail different sites to different subsets of the list. Now, an attack analogous to the attacks listed in the previous paragraph, would be for the censors to join under many different accounts, and then block any site that gets mailed to any of those accounts. But the catch is that when an address joins the list, a new site doesn't get mailed to that address until some random time in the future. So the censor has to check all of the fake Hotmail accounts that they've created, over and over, if they want to block all of the new sites as soon as they're released. Hardly impossible, but the censor can no longer use the instantaneous approach of: (1) enter the system / join the list / install the software; (2) see where it connects to and block those points of access; (3) repeat. (If we instantly e-mailed a randomly selected site to each new signup, then this attack would work.) By going from instant gratification to almost-instant-gratification, you change one of the conditions for the theorem stated in the previous paragraph, so that it no longer holds true. Still, like Tor and the DIT system, it could be blocked with a moderate amount of effort.

The Tor protocol, by the way, has been the subject of a great deal of sophisticated mathematical analysis, really brainy stuff that is beyond the scope of this article. But it's important to understand that that analysis focuses on the security of the Tor protocol for achieving anonymity. For anonymity, the protocol is very strong; for routing around censorship, it's fairly straightforward to defeat. That's not at all a criticism of the Tor developers; Tor was designed to achieve anonymity, and just turned out to work for beating censorship as well -- but only, of course, as long as the censors aren't making much effort to block it.

Which all leads to the obvious question: Why have the censors not bothered?

Nobody knows for sure, but I fear the answer is that the Chinese government and other censors know that the greatest weapon in their arsenal is not IP blocking, or keyword filtering, or even the threat of arrest. It's just apathy. The Chinese censors know what we anti-censorware developers in the free world keep forgetting: that most Chinese are not liberty-minded Jeffersonians chomping at the bit under the oppressive yoke of their government and waiting to be freed by circumvention software. As Michael Chase and James Mulvenon of the RAND Corporation put it in their report on Internet usage by Chinese dissidents, You've Got Dissent!: "[A]lthough some peer-to-peer applications... are designed specifically to combat censorship on the Internet and address privacy concerns, most Chinese Internet users are undoubtedly more interested in using peer-to-peer applications for entertainment purposes such as downloading MP3 music files." The censors know what Netscape knew when they fought tooth and nail against Microsoft including Internet Explorer on the desktop of every Windows machine: defaults matter. It doesn't matter that users can go to Netscape's site and download their browser, and it doesn't matter that users can access a banned site by installing a cool p2p program. Most people just don't.

When I first started working on the Circumventor, I assumed that since the Chinese Internet censorship bureau reportedly employed about 30,000 people, surely if they were already spending that much effort and money, they'd throw plenty of resources at defeating any new anti-censorship program, so the Circumventor would have to be able to withstand any such attack. But I was wrong. According to the RAND corporation paper, the censors have been quite busy, for example, policing political forums for dissident postings that other users might casually run into. But they apparently assume -- correctly, it seems -- that content doesn't pose much of a threat if users have to go out of their way and download a program to access it. And if the user has to have a friend outside the country to help them, then forget it.

This is not to downplay the enormous good that programs like Tor, Circumventor and Psiphon can do in bringing free speech to the people in censored countries who want it. But it's easy to forget that those often do not comprise a large part of the population.

One of the biggest disappointments for me came in May 2005 when I was looking for ways to get around the word filter on MSN China's blogging service. Microsoft, apparently acting on public relations advice from Lex Luthor, had decided to filter the words "freedom", "democracy", and "Taiwan independence" from the titles of blogs on MSN China. (I know, I know, they have to comply with Chinese laws to do business there. But I don't think the Chinese have actually outlawed the word "democracy".) Eventually I did find a loophole, so I searched on MSN for some Chinese blogs published by expatriates to ask them to help test the workaround for me. With a few exceptions, most of the bloggers were rather hostile, saying that they supported their government's efforts to censor the Internet and to stamp out Falun Gong as a dangerous "cult". (These were expats living in the U.S., so presumably they were not worried about the Chinese government sending a tank across the Pacific to run them over if they criticized the ruling party. Even if they thought they had to watch what they said because they might someday return to China, or because they still had family there, surely it would have been easier just to ignore me; the hostility that I encountered sounded genuine.) The moral is, no matter how much your movement believes in its efforts to help oppressed people, you can't just assume you'll be greeted as liberators (ahem).

So now you know most of what there is to know about the state of the art in anti-censorship software. It's just that there is less to understand than the hype originally suggests -- the programs aren't really secure, but they work because the censors aren't really trying. And there aren't any cool mathematical formulas that you can impress your friends with -- for that, you'll still have to go back to Applied Cryptography. It's a lot less impressive to be the Bruce Schneier of circumvention algorithms than it is to be the real Bruce Schneier.

NewYorkCountryLawyer writes "Judge Kenneth M. Karas has set Friday, January 26, 2007, at 2:15 P.M., as the oral argument date for Tenise Barker's motion to dismiss complaint, in Elektra v. Barker, in federal court in Manhattan. The argument will take place at the newer federal court house, located at 500 Pearl Street, New York, New York, in courtroom 21D on the 21st Floor. Proceedings are open to the public. This is the case in which amicus briefs were filed by the Motion Picture Association of America (MPAA), the Electronic Frontier Foundation (EFF), the U.S. Internet Industry Association (USIIA) and the Computer & Communications Industry Association (CCIA), and a Statement of Interest was filed by the U.S. Department of Justice (USDJ). Defendant Tenise Barker moved to dismiss the complaint on the ground that neither downloading nor uploading had been alleged sufficiently to give her notice of what she was being accused of, and on the further ground that merely "making available for distribution" was not a copyright infringement at all. The RIAA and MPAA argued that merely "making available" was indeed a copyright infringement. Defendant, CCIA, and USIIA argued that it was not. EFF argued that intangible computer network transmissions cannot be "distributions" within the meaning of the Copyright Act. USDJ argued that they can be. Defendant refrained from taking a position on that issue here and here. The DOJ refrained from taking a position on the "making available" argument, indicating that it had never prosecuted anyone for "making available". See page 5, footnote 3."

davidwr writes, "Earlier this year, EFF sued the Barney the Dinosaur people for harassing a Barney parody web site. Well, Barney finally surrendered, err I mean, learned to share. For more, read the case history at the EFF site."

davidwr writes, "Earlier this year, EFF sued the Barney the Dinosaur people for harassing a Barney parody web site. Well, Barney finally surrendered, err I mean, learned to share. For more, read the case history at the EFF site."

theodp writes "Just because Richard Stallman is paranoid doesn't mean Microsoft's not out to get you. For a hint about the possible end-game of Microsoft's Trusted Computing Initiative, check out the patent application published Thanksgiving Day for Trusted License Removal, in which Microsoft describes how to revoke rights to render based on 'who the user is, where the user is located, what type of computing device or other playback device the user is using, what rendering application is calling the copy protection system, the date, the time, etc.' So much for Microsoft's you-should-have-control assurances."

ColinPL writes, "The MPAA has launched yet another 'defensive attack,' this time on a small business that is pre-loading movie DVDs onto iPods and reselling them. The original DVDs of the movies that are loaded are also given to the customer. The MPAA is claiming that the service Load 'N Go Video offers is completely illegal because ripping a DVD is against the DMCA. The MPAA is also suing the company for copyright violation."

Turmoyl writes "Many Cedega (formerly WINEX) users claim to have been mistakenly caught up in a security sweep of the U.S. game servers performed by Blizzard's World of Warcraft Game Master (GM) staff. Affected users received the same strongly-worded 'Notice of Account Closure' email messages that true bot users did, in which they were accused of the 'Use of Third Party Automation Software.' While diagnosis of this event continues early speculation points to Blizzard's use of the Warden anti-cheating spyware application that is bundled with World of Warcraft, and the odd things that may have been produced by it when it was run via Cedega. Emails to World of Warcraft's Account Administration staff continue to go unanswered while the list of affected people continues to grow."

Spritzer writes "According to the EFF, the new Zune portable media player from Microsoft won't play files infected with the old Microsoft DRM. It seems that all of the 'PlaysforSure' media that has been sold and is currently being sold will not play on the Zune. In addition, Microsoft has now advocated violating the DMCA in order to transfer files to the player. Microsoft Zune architect J Allard was quoted as saying there's 'Lots of DVD ripping software out there that encodes to those formats, so the most popular formats out there, whether it's MPEG-4 or H.264, we'll support those.'" ZDNet offers up additional commentary on this revelation.

mrogers writes "Servers participating in the TOR anonymizing network have been seized by public prosecutors during a child porn crackdown in Germany. TOR provides anonymity for clients and servers by redirecting traffic through a network of volunteer-operated relays; the German prosecutors may have been trying to locate an anonymous server by examining the logs of the captured relays."

mrogers writes "Servers participating in the TOR anonymizing network have been seized by public prosecutors during a child porn crackdown in Germany. TOR provides anonymity for clients and servers by redirecting traffic through a network of volunteer-operated relays; the German prosecutors may have been trying to locate an anonymous server by examining the logs of the captured relays."

KingSkippus writes "You've got mail! ...and no job! The Atlanta Journal-Constitution is reporting that RadioShack has notified 400 workers by e-mail that they are being laid off. The e-mails state, 'The work force reduction notification is currently in progress. Unfortunately your position is one that has been eliminated.' Nothing says thank you for your years of service to our company quite like an e-boot out the door."