Slashdot Mirror

But the simple answer is, stop pirating content and they will stop taking you to court.

If only...

I'm a current T-Mobile customer with 2 cell phones on a single plan (one for me and one for my wife). After years of horrible customer service experiences, sub-par network service and, of course, after being psychologically sick of giving a company money that was involved with wholesale illegal wiretapping, we canceled our 2 cell phones, DSL service, and home landline (all AT&T).

We went to T-Mobile because they were one of the only other companies left. They were "new" to us, a fresh company with young motivated employees that actually sounded genuinely glad to help you. We were so happy with them.

When we heard about the pending merger with AT&T, we immediately started looking around. We haven't switched yet, but as soon as the merger was complete we would have broken our contract (we were pretty sure there would be something we could say about not paying an early cancellation fee since a merger wasn't in our contract). Over the past few months, we noticed little things start happening with our account (which may or may not be related to the merger, yet we never experienced it before the word was out). Extra bill charges, randomly having our account turn on Internet access on my wife's cell phone without us asking for it (and them charging us $30/month for it), and even when we called them, the vibrance in their voices were completely gone. I might be sounding wishy-washy about the customer service enthusiasm, but seriously. It was a DRAMATIC change. It already seemed like the call centers were moved to AT&T.

I really hope this thing is blocked. I want to stick with T-Mobile. I want to give my money to a company that isn't involved with an enormous constitutional rights violation. I want to be able to choose. I don't want another Ma Bell.

From the TOR site...

An exit relay is the final relay that Tor traffic passes through before it reaches its destination. Exit relays advertise their presence to the entire Tor network, so they can be used by any Tor users. Because Tor traffic exits through these relays, the IP address of the exit relay is interpreted as the source of the traffic. If a malicious user employs the Tor network to do something that might be objectionable or illegal, the exit relay may take the blame. People who run exit relays should be prepared to deal with complaints, copyright takedown notices, and the possibility that their servers may attract the attention of law enforcement agencies. If you aren't prepared to deal with potential issues like this, you might want to run a middle relay instead. We recommend that an exit relay should be operated on a dedicated machine in a hosting facility that is aware that the server is running an exit node. The Tor Project blog has these excellent tips for running an exit relay. See our legal FAQ on Tor for more info.

I applaud those who do this but sadly they will be taken advantage of for illegal purposes and therefor the operators are at risk.

In other posts people suggest that ISP's should suffer the same fate but don't are reminded of the "Common Carrier" law. If these individuals were to set them selves up as a common carrier I wonder if they would realize the same protections. Given that those with CC protection do in fact cooperate with LE would that then make them obliged to do so?

Clearly this is a guerilla marketing ploy by RealNetworks. By utilizing the Streisand effect, they hope to boost the offerings of content in their proprietary formats. That can only help them sell their lame tools, which otherwise nobody buys anymore. Perhaps they're desperate, but it's still clever. The interesting question is whether the Dutch courts will eventually punish them for their attempt to hijack judicial process. Oddly, neither http://eff.org/ nor http://edri.org/ seem to have anything to say about the case.

On a side note, if you want this functionality now, there is a firefox plugin called HTTPS Everywhere. It's a simple thing that pushes you onto SSL versions of sites (and now allows you to turn it off for individual sites quickly if it breaks something - as with google not allowing image searches over SSL).

The majority of consumers want to use a clean, simple product

A clean, simple product that they can use how they want to use,

Apple sells many of these.

without having to pay for every packet they send over the Internet or every CPU minute they consume,

If you're billed per packet sent, that's between you and your ISP. Apple has nothing to do with it. As for CPU time, that's the second time in this discussion I've seen you bring that up. WTF?! How does that make any kind of sense? Apple sells you computing devices which you then own. You are not billed for use of their CPUs. Selling (not renting!) CPUs is the core of their business. (If you look at their financial reports, profits on hardware sales dwarf everything else.)

I'll go further than bonch -- you're not merely talking nonsense, you have crossed over into "not even wrong" territory.

and they want to be able to connect hardware that might not be "approved"

At last, one accusation which is actually partially true! But only partially, because you can connect anything you like to a Mac, so long as you can get a driver for it. iDevices may reject some accessories without an ID chip which HW makers can only get with Apple's approval.

and view websites without censorship.

Right back to "not even wrong". Apple doesn't censor the web. Even if they wanted to, they can't.

You really think people do not care about freedom? See what happens when all the freedoms people have enjoyed because of the PC revolution are taken away from them.

People would care about censorship of the web and things like that, but that's not what is happening, now is it?

Some of your accusations don't even make sense. Attacks on reporters?

Yes, attacks on reporters:

http://www.eff.org/cases/apple-v-does

Good lord you're a tool. That's Apple attacking unknown leakers (as in, their own employees, most likely), not reporters. The reporters didn't get sued, they got subpoenaed to give evidence (IDs of the John Does who supplied them leaks).

http://news.cnet.com/Apple-suit-foreshadows-coming-products/2100-1047_3-5513582.html

This is much closer to the mark. They sued some rumors websites on the basis of misappropriation of trade secrets.

Unfortunately, one or two hits out of a giant mountain of wild anti-Apple babble still adds up to an incoherent raging nerd who's hurt that FSF-style openness isn't as popular or beneficial to the general public as he imagines it to be.

The majority of consumers want to use a clean, simple product

A clean, simple product that they can use how they want to use, without having to pay for every packet they send over the Internet or every CPU minute they consume, and they want to be able to connect hardware that might not be "approved" and view websites without censorship. You really think people do not care about freedom? See what happens when all the freedoms people have enjoyed because of the PC revolution are taken away from them.

Some of your accusations don't even make sense. Attacks on reporters?

Yes, attacks on reporters:

http://www.eff.org/cases/apple-v-does
http://news.cnet.com/Apple-suit-foreshadows-coming-products/2100-1047_3-5513582.html

There are several forms of 'meta cookie' which can be used to uniquely identify you, and which have nothing to do with either Flash or standard browser cookies. For example, check out Panopticlick. There are also older attacks such as history sniffing (defeated in modern browsers, but still available in the majority of active browsers). Plus there's permanently cached files (a JS file with an expiry set unreachably far in the future, with a server which responds that the file is always fresh, while the content of that file is uniquely identifiable information). DOM storage, HTML5 offline cache, and many other vectors are ways to stick information on your computer in ways you're probably not expecting.

Some sites have put together combinations of these approaches to make super cookies which are almost impossible to defeat without simultaneously erasing cache, cookies, flash cookies, all browsing history, and also making sure you're running a completely vanilla OS with a completely vanilla browser install (each addon or font, and many 3rd party programs can contribute to your fingerprint being more unique). If you have an unusual font or two installed, this all by itself can make you uniquely identifiable in a way that no level of browser scrubbing will protect you.

A "super" cookie is one where every means of uniquely identifying yourself has to be simultaneously scrubbed. If you miss even one, the rest are restored.

Double plus on your last paragraph -- browser headers are really really unique at this point: http://panopticlick.eff.org/

Using cookies is just simpler for advertisers, but banning those on the client without enforcing some "do not track" at the supplier end won't solve the problem. They'll just move to browser headers..

Private browsing isn't so private.. http://panopticlick.eff.org/

You can be pretty thoroughly tracked as an individual without cookies at all..

https://www.eff.org/deeplinks/2011/08/argentina-isps-ip-overblocking

While it seems everyone is milking the 'supercookie' cessation hype, at least one org is telling us why...

Online Behavioral Tracking

As others have noted, this (anonymous) submission may be pointless. (I haven't verified that, though.)

With that said, Canadians, please look to the future and learn about your options.

There is a great article/tutorial on Surveillance Self Defense at the EFF. Although it is aimed primarily at US citizens, much of it also applies to you - and the technical tools described are equally effective in any country.

I really want Canada to be a place of enlightened freedom, so I have someplace to go when the Corporate Snakes of America becomes too onerous to stomach any longer. Get to work on that, will ya?

They're using https://www.eff.org/https-everywhere

But at the very least, shouldn't the OSS community have an army of lawyers willing to work probono, or financed by various foundations, for this kind of thing exactly?

Hah! Almost spit milk through my nose reading this line. Lawyers? Probono on commercial work? (even if it's unpaid, it's commercial work). Lawyers expect to get paid for work just as most software developers expect to get paid at their day jobs. Defending a license like GPL isn't something a lawyer can do with a few hours of labor on Saturday afternoon.

And it would take an 'army' of them to fight these infractions. So unless everybody in the OSS community wants to pay dues to some foundation to fund a staff of 8 to 10 lawyers and their 16 to 20 support personnel this isn't likely to happen. Even EFF has only about 9 staff attorneys and they cover a huge mandate, not just FOSS software violations. http://www.eff.org/about/staff Their budget is close to 3.6 Million per year.

So if you want an army of lawyers to defend GPL or other licenses, build a foundation and raise 4 million per year.

Of course you can DIY the law yourself, you just have to spend your own time and money doing it.

[...] the fear of abuse [...] is mitigated by law and regulations.

No it isn't.

Giving the government more powerful surveillance toys when they've proven repeatedly that they can't be trusted with the current set is a BADIDEA(TM).

Actually, you'd probably be better off complaining to the elected members of the BART Board of Directors. I don't know who Molly Burke is, but SF's three BART directors are: Lynette Sweet, James Fang, and Tom Radulovich. Of the three, the first two are jokes better left ignored. Sweet is trying to use BART as a stepping stone to higher public office. Fang is, what? The only republican left in San Francisco? He's the guy who sees BART as a way to bring pork to SF. That leaves us with Radulovich, whose district actually encompasses Civic Center station. He's also the only director to have the balls to call out BART for making atrocious decisions, and the only one with some sort of interest in transit (beyond BART as a political platform). You wanna write to someone and get some sympathy, write to him. You wanna write to someone who will pander to whatever they think the constituents wanna hear, write to the latter.

And that's the problem with BART. This wasn't one rogue employee making a bad call, this is a structural problem.

In any case time for some shameless self-promotion: Let's take this thing as seriously or not as is deserved. Cheap shots aimed at BART available in thongs, onesies, iPad cases, and, of course, t-shirts and hoodies. Someone (aside from the EFF) had to go there.

It's good that you tested to see what was going on. But I imagine you used Google services and contacted Google servers. That means information can be tracked about you without leaving markers on your local computer (see here and here). And I'm sure Google's own browser will be sure to act in ways that are standard and don't hinder this. Google is certainly opposed to the 'Do Not Track' flag.

Google is very open about what they believe in and that's not a lot of privacy or anonymity. In 2009 Eric Schmidt said "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.". And their actions re Google+ effectively shows them agreeing with Facebook's Randi Zuckerberg who recently said "I think anonymity on the Internet has to go away.". And 97% of their revenue is from advertising, selling what they know about all of us.

Google wants to know *everything* about us. They want as much of that data to be as good as possible. And the WiFi data gathering and other events show that if there's a chance to get information, they get it, record it, and correlate it with what else they have. There appears to be no decision to limit what they get unless they violate statues and are found to have done so.

I believe in my controlling my privacy, being public and being anonymous as I decide circumstances dictate. I limit my interactions with Google as much as possible. Despite their good works (and there are a lot of them) they have a core philosophy that is just wrong.

Aside from browser ID strings - which as others mentioned are easily spoofed - traffic patterns are probably just as identifiable. If I were to tether from my computer, it's not just browser traffic they would see. My mail client would be reaching out checking for updates, Dropbox would keep checking for changes and syncing, as would Evernote... This is probably especially true for Windows users: antivirus traffic, Windows update traffic... Youtube videos could be loaded that otherwise wouldn't on a mobile device. Short, high-bandwidth bursts of traffic are more likely from a tethered desktop than a phone - in Chrome I often load up 6-8 of the pages in my home tab on start, simultaneously. That's hard to do in a mobile browser. Even the user agent string is a good indication - who browses everything with a user agent set to a desktop on a mobile device? Sure, it's useful at times, if a site is misbehaving, but most often the mobile versions of pages are better for mobile devices. If they see a whole session of browsing with a desktop user agent, yeah, they'll probably be suspicious.

And your browser reports more than what browser it is, what version, what OS. They generally report information on plugins and fonts and compatibilities, too, which can be very unique and easily identifiable: https://panopticlick.eff.org/

It sound like the Turkish government is beginning to emulate the repressive and regressive moral "leadership" established by the totalitarian Internet regimes in Australia, the US and the UK.

Hey! You get all the free speech you can pay for!

DNSSEC-based domain validation is an exciting possibility. But I've heard concerns over it:

For the time being, we will make just one remark about this. Many people have been touting DNSSEC PKI as a solution to the problem. While DNSSEC could be an improvement, we do not believe it is the right solution to the TLS security problem. One reason is that the DNS hierarchy is not trustworthy. Countries like the UAE and Tunisia control certificate authorities, and have a history of compromising their citizens' computer security. But these countries also control top-level DNS domains, and could control the DNSSEC entries for those ccTLDs. And the emergence of DNS manipulation by the US government also raises many concerns about whether DNSSEC will be reliable in the future.

Could you address those?

Yeah, I'll give it a shot.

First off "the right solution to the TLS security problem" is a problem. "TLS security" is not a single (the) problem but a multifaceted problem. DNSsec addresses (doesn't totally solve - none do - but does address) one of those facets (tying the cert to the domain owner). The fact that a malicious state level actor controls both DNS (and their ccTLD DNSsec signing) and the certificate authorities just leaves you in almost the same spot except I would argue that DNSsec has a leg up there. Not perfect, but better and more verifiable.

Controlling the CA, they can spoof a MITM certificate claiming to be you. Now, you have to validate all your certificates from an outside point of view. Or they issue the certificate and key to you (bad BAD practice done by many CAs for TLS E-Mail certs - they should NEVER have possession of the private key) and you will never be able to tell if they are abusing your cert or not. That's bad. That's real bad.

With DNSsec, you give them your public key signing key (ksk). They either properly sign it and publish it or they don't. You can verify this in the public DNS (plenty of public query servers and looking glasses and historical sites for DNS - aot site certs where you're on you own). You use your private ksk to that public key to sign your zone signing public keys (zsk) and you publish that public key yourself, which you can then also verify. Then you sign your records with the private key of your zone signing key. All of this should be confirmable from the public DNS but, in the case of a malicious state actor, you may still have to confirm it from an outside view (a looking glass or secure remote server) but you only need to verify that THEY properly published YOUR ksk public key and that they are not blocking DNSsec. You never give them your private key (never underestimate the power of what Bruce Schneier calls "rubber hose cryptography" - they beat the bejesus out of you till you give them the bloody key).

Is it bullet proof? In the face of a malicious state actor, nothing is bullet proof. We can only try to make it tougher for them.

DNSSEC-based domain validation is an exciting possibility. But I've heard concerns over it:

For the time being, we will make just one remark about this. Many people have been touting DNSSEC PKI as a solution to the problem. While DNSSEC could be an improvement, we do not believe it is the right solution to the TLS security problem. One reason is that the DNS hierarchy is not trustworthy. Countries like the UAE and Tunisia control certificate authorities, and have a history of compromising their citizens' computer security. But these countries also control top-level DNS domains, and could control the DNSSEC entries for those ccTLDs. And the emergence of DNS manipulation by the US government also raises many concerns about whether DNSSEC will be reliable in the future.

Could you address those?

The fact that you can get information via a second route does not mean that there is no speech problem with shutting down the first one. In a 1939 case, Schneider v. New Jersey, for example, the Supreme Court held that

one is not to have the exercise of his liberty of expression in appropriate places abridged on the plea that it may be exercised elsewhere.

It repeated this basic tenet some forty years later in Va. State Bd. of Pharmacy v. Va. Citizens Consumer Council, Inc.:

We are aware of no general principle that freedom of speech may be abridged when the speakerâ(TM)s listeners could come by his message by some other means....

I'm glad I'm not the only one who believes that this ruling is questionable, and is one step closer to a World Wide Web that is completely at the mercy of copyright holders.

Wrong, free speech has to have it inherently built in to allow for anonymous free speech. To go elsewhere is just as the article states (And I am NO fan of Micro$oft propaganda articles or studies) but in this case I think she is correct in that it is an authoritarian assertion of power over vulnerable people

Two quick examples of U.S. law the link anonymous speech directly to the Constitution Right to Free Speech that I found are "Talley v. California, 362 U.S. 60 (1960), the Court struck down a Los Angeles city ordinance that made it a crime to distribute anonymous pamphlets. In McIntyre v. Ohio Elections Commission, 514 U.S. 334 (1995), the Court struck down an Ohio statute that made it a crime to distribute anonymous campaign literature."

If you half an open mind, you might also want to check out the EFF site and try to look at it from another point of view. https://www.eff.org/issues/anonymity

Anonymity/pseudonimity is not purely for Trolls and F**wads.

Or, if you don't like Google, use DuckDuckGo, which uses HTTPS by default with no need for a browser extension.

Who cares what some manager at the next Geocities has to say about it? Facebook is a fad, it too will pass.

-jcr

Do we care what some manager at the next AltaVista has to say about this topic?

If you read the actual criminal complaint criminal complaint (pdf) on the eff website you'll see that this guy was a real piece of work. I don't have a problem with someone getting on their own lawn and saying whatever they want ABOUT someone else. Still gotta be careful with libel / slander, but aside from that have at it. He did that and it is mentioned in the complaint. I hope a judge says "he can do his own blog all he wants and he can tweet all he wants. He can take out ads in the paper, bla bla bla." However, when the content crosses a line then you have an issue. His threatening comments and harrassing attitude aimed directly at her in spite of already having restraining orders against him just make it over the top.

Do I hope a good judge gets this and picks it apart to remove the idea of "blogging or tweeting ABOUT a political figure / event / etc is illegal"? Absolutely. I hope they make very clear that he can say whatever he wants because he has freedom of speech. But we don't let weirdos keep coming up to women threatening to kill or rape them do we? We eventually say, okay, buster, here's a restraining order. Then if it keeps happening we slap cuffs on them. In this case he just thought he could get away with it b/c he wasn't physically in her presense, but he was doing the exact same thing. Again... I strongly suggest reading the link I provided. I'm not for limiting freedom under any circumstance, but I think this is a very simple logical extension and application of current law if applied to THIS CASE. But not just any case involving someone getting their feelings hurt b/c of twitter.

https://www.eff.org/files/filenode/us_v_cassidy/cassidy-complaint.pdf Page 5 onwards. HTH.

The Electronic Frontier Foundation has a history of providing legal assistance in GPL violation cases.

It's called a web browser.

EFF has shown that you free transmit all sorts of info, that taken as a whole, can uniquely identify you.

Visit it yourself and see where you're at: it told me my fingerprint was unique out of over 1.6M browsers already checked.

You can block pieces - such as using NoScript, or Tor - but then you only *reduce* your uniqueness

This is the best solution I have found so far:

1.) Install Vidalia: http://www.torproject.org/

2.) Install NoScript: http://noscript.net/ (Ghostery may be ok - but I'm not too familiar). This blocks Flash, Javascript, etc - but you can selectively enable certain content.

3.) Install the EFF's HTTPS Everywhere plugin: http://www.eff.org/https-everywhere
This will default sites like Google to use the SSL version of their pages if is possible - with Tor Exit Nodes being possibly monitored, SSL is your friend.

4.) Use AdBlock Plus: http://adblockplus.org/
This reduces unnecessary traffic through Tor (banner ads, etc).

Run your browser in Private Browsing mode as well and keep you History clean. Firefox has an option to clear this every time you exit. Tools to keep other things clear (Bleachbit on Linux and C-Cleaner on Windows never hurt)

If you are super-duper paranoid, you can use a Full Disk Encryption suite like Truecrypt: http://www.truecrypt.org/

Just make sure to pick a good passphrase (26+ characters) and keep your computer shutdown when you are not around it.

If you want to help out with Tor like me, I donated a share of my bandwidth to run a Tor Relay: https://www.torproject.org/docs/tor-doc-relay.html.en

PS I also change my IP address randomly every few weeks Simply changing your MAC address, hostname and then resetting your hardware will do this. Most ISPs do not retain data beyond 6mos so this also doesn't hurt.

PPS Fuck the police (with a cactus).

Taking a quick look at the JavaScript they use there doesn't appear to be anything particularly unusual going on such as browser fingerprinting, or even as encompassing as evercookie which can be easily defeated using built in browser options. The only thing that seems different about it is that it attempts to use more storage techniques than other tracking services, browser local storage , e-tag tracking, and ie userdata storage in addition to the common browser and flash cookies. To say that it "can't be dodged", while possibly true for the average user, doesn't hold for anyone who knows how to configure their browser for greater privacy.

Tenth, the section previously mentioned lacking the definition of "unregistered sex offender" is amended to add a definition for "sex offender" as someone who is required to be registered under the Sex Offender Registration and Notification Act. Unregistered sex offender remains undefined.

To my eye this means that anyone not required to register falls into the group of unregistered offenders; quite an assumption on their part I'd say.

The EFF has an action against this bill. Support them, please.

Well of course the US would never introduce mandatory data logging logging and retention https://www.eff.org/deeplinks/2011/07/house-committee-approves-bill-mandating-internet

https://secure.eff.org/site/Advocacy?cmd=display&page=UserAction&id=497

Why this link wouldn't be posted in the summary, I don't know.

And why Slashdot can't automatically turn addresses into links, I'll also never know.

I'm pretty sure I remember hearing that there's an 87% chance that your gender+birthdate+postalcode is unique... So, yeah, knowing your postalcode and birthdate gets you a lot without knowing your name.

NSA is restricted by law to deal with foreign communcations only.

Too bad the NSA acts outside the law.

There should be a no tracking extension. It should make it so that the style for the link does not change unless you are accessing it from the same domain name (or same page the link was clicked on, for the paranoid). Additionally, it should make all users have the same information presented. The EFF's panopticlick shows the types information that should be made the same across all browsers. In addition, it should make sure information reported is the same with javascript on or off. As more information is used to identify, the extension can be upgraded to include it as well.

Javascript makes it a lot easier to be tracked, go here with javascript enable and with it disabled, and note the difference in how much information they can glean from your browser, information which can be used to identify and track you.

http://www.eff.org/cases/att

We could get *really* crazy and have your *browser* stop giving out identifiable information to anyone that asks...

It's not that easy, since the browser itself may be identifiable.

http://panopticlick.eff.org/

That falls within the scope of something you can do stuff about.

not really
There's quite a few ways you can be tracked, even with all the browser's standard "information sharing" features disabled.

>>Seriously, I am in favor of random drug tests for all elected and appointed Federal officials.

Heh, like in Snow Crash, eh? Make the federal government only for the dedicated people willing to work for low pay in order to do something good for the country? Random drug testing and polygraph tests?

Actually? Maybe it wouldn't be so bad.

Well, in any event, it's worth supporting the EFF in their efforts on this. As always, they're on the right side of the issues. https://www.eff.org/deeplinks/2011/06/supreme-court-agrees-hear-key-warrantless-gps

If you are the true target of the FBI raid, you probably have bigger problems than the lost data, and in fact restoring the data may in fact cause you to be in even more legal trouble as they likely seized the servers specifically to stop you from continuing what you were doing.

On the contrary. You assume the FBI WAS RIGHT to target you. In fact with their near immunity from prosecution, the FBI screws-up plenty, and doesn't care.

Try the founding EFF case as the canonical exception to everything you just said: http://www.eff.org/about/history

False accusations of copyright infringement, DRM circumvention, leaked top-secret documents, etc. All things that could make you a target, yet perfectly legal, irreplaceable, and important to get restored as quickly as possible.

I've been around long enough to remember the Secret Service raid on Steve Jackson Games, which was the triggering event for founding the EFF.

Most companies don't have "The Feds turn up with search warrants and take all your stuff, including backup tapes" as a threat they plan for in their backup strategy. Off site backup doesn't protect against this.

I don't know what the problem is in this case - whether the backups were also seized, or that they simply lack the hardware to restore on to.

Yes, this people are dumb for rioting. Yes, I don't mind if they spend some time in jail or pay some fines. But this might be a good time to remove the facial recognition profile data from your facebook account.

http://www.eff.org/deeplinks/2011/06/how-disable-facebooks-facial-recognition-feature

By the way, Wired had a bit more information on the ruling also:

http://www.wired.com/threatlevel/2011/06/copyright-troll-sanctions/

A link to the PDF of the judge's order can be found on the EFF's website as well:

http://www.eff.org/cases/righthaven-v-democratic-underground

Yes: https://www.eff.org/

If you really have prior art, let EFF know: https://w2.eff.org/patent/

Firstly, none of what you've listed can be considered political censorship, with the exception of possibly wikileaks. Even with wikileaks, no civilian has been arrested in connection with helping the organization, even though its list of donors has been made public.

Secondly, however opposed we both may be to some of the examples of censorship you've listed, every one of the violations is outlined in US law and defined rather clearly. Censorship is a capricious thing in China, where the law is ambiguous -- "disruption of harmony" being an often used one brought out to punish those who voice political criticism and gain attention. In addition, what is illegal to say is never put on record for the public, never made clear. Public outcry is allowed one day, but it is made illegal the next when the party tire of it. The result is that no one knows how far is too far, so everyone practices self-censorship. It is exactly the "chilling effect" slashdotters like to grimly bring up.

Lastly, in the US, you can fight censorship in the courts, and you can win. It would be a fool's errand to attempt to do so in China where there is no ACLU, no EFF, and where the courts are independent only in the propaganda pages. Saying the US has its own problems with censorship is certainly relevant and true, but using the same wording to subtly imply that the US and China are equal in its suppression of speech is over-dramatic and ignorant of reality in the eyes of this Chinese American slashdotter.