Slashdot Mirror

"How many people have YOU heard of being sued for $150,000 for trading music?"

http://www.eff.org/deeplinks/archives/004679.php
From TFL
"For example, the RIAA is seeking $150000 in damages for each song recorded "

http://www.google.com/search?hl=en&lr=&q=google+ri aa+sues++songs&btnG=Search

Here I did the work for you now you can stop your hyperbolic defense of your statement that nothing has changed....

I agree - Wendy (founder of Chilling Effects) and Fred (EFF laywer) rock!

At least the UK has a superhero still attempting to defend freedom. I don't know of any in the US despite all our comics and movies about them.

Quite a few of those I have spoken with in the last few years have complained that the U.S. is going to heck. They extoll the many virtues of peaceful, liberal, safe Canada, where the people are very respectful of others and industry does not have free reign to guide the "sheep" wherever they like. It would seem that after all, real humans live in Canada. Wait, wait, I love Canada, don't get me wrong. The U.S. leadership is bailing the ocean into the ship as fast as they can, so to speak. Despite the preconceptions around here, I don't find this kind of news surprising. Instead, I'm just a little more sad about what we're doing to ourselves. We do, after all, elect people just like this everywhere, and at every level. For example, the international good ol' boys business club didn't have trouble with The Pirate Bay shutdown. Not at first, anyway. There's the other side. We've got good folks everywhere also. Thanks to /., EFF and many others there will always be sharing of knowledge. This bragging politician was certainly underestimating the part of humanity that still believes in accountability and communication. I won't count on him learning from it though. Cheers, I think.

If you're going to abbreviate things like that, make sure they don't abbreviate to actual technologies.

It only took a second or two for me to figure out you weren't talking about EFF, but it was still annoying.

Sure, here you go... how about Microsoft's championing of TPM use (hardware explicity motivated by DRM), and BitLocker, a system that Microsoft says is for *your* security, but is actually about storing content that you will not be able to access except by "Trusted" apps?

The entire basis of Windows was rearchitected to provide these features, and they are only the beginning... since Microsoft's next moves are towards controlling every single use of your software ("renting"), a system which relies on DRM (and DRM hardware).

EFF actually stepped into this case to help DirecTV with this suit.

http://www.eff.org/legal/cases/Snow_v_DirecTV/

IANAL - But the issue appears to me that Snow didn't adequatley make his website private because he allowed the public to gain access in a self-registering manner. The question becomes how would you then make it private - is that simply a screening process so after a user registers there is then an approval?

From EFF:

"The lower court had rightly dismissed the case, but for the wrong reasons. It held that the "Stored Communications Act" portion of the Electronic Communications Privacy Act of 1986 did not protect websites at all, even if they were configured to be private. It reached this privacy-destroying decision because DirecTV's lawyers had failed to make the better argument: that web sites are protected by the Stored Communications Act (or "SCA"), except when they are configured to be readily accessible to the general public."

I think tor might be what you're looking for.

Meh, this will simply mean internet users are going to get more serious about security.

It's sort of like the **AA shutting down p2p sites, all it does is make users become more cunning when coming up with new technology.

If the government starts snooping on what people are doing online, then everyone will start using SSL for everything. If they request the keys, then users will start using stuff like EFF's Tor http://tor.eff.org/

What then? The government will outlaw privacy? no, there's no way they will ever be snooping on what I'm doing without me putting up a fight first.

http://tor.eff.org/

Well, it's pretty simple. According to EFF: http://www.eff.org/Privacy/Crypto/Crypto_misc/DESC racker/ the network of over 100.000 machines and the custom des-cracker was able to try 256 billion keys a second.
IE, average time they'd take to crack a given message with a 56-bit DES key is: (2**56) / (245*(10**9)) /2 = 147056 seconds (or about 40 hours). That's how long it takes to try half the 56 bit keyspace.

They were lucky and hit the right key in half that time again.

Now, if you tried that, with a 128 bit key:
  (2**128) / (245*(10**9)) /2 = 694453810042731558088519607 seconds, or about 22005913315421057024 years. Can you see a difference between the two?

who determines which rights are "legitimate".

excuse me, but rights which are considered perfectly legitimate now were characterized as theft and piracy before.

I think what you mean by "legitimate" is what only one side believes is legitimate. The DMCA and DRM are removing the accountability from these assertions by removing judicial oversight of the ever fluctuating definition of fair use.

How short our internet memory is... http://www.eff.org/Censorship/Indymedia/ Remember when the US went through the UK to get Italy to seize servers?

Yes, have you? Nothing in the DMCA applies in this situation, as the content skipping does not circumvent a copy protection technology.

Here's the text of the act:
http://www.eff.org/IP/DMCA/hr2281_dmca_law_1998102 0_pl105-304.html

There are many places on the web that document the players that provide the skipping feature, and they've been discussed on slashdot in the past. I suspect many US slashdotters own such players precisely because they did research and bought such players for their convenience.

Did John Perry Barlow really write (p 20), "I come from Cyberspace, the new home of Mind". Ouch!

He really did: A Declaration of the Independence of Cyberspace. The whole thing reads the same as that one snippet. When he wrote about "the global social space we are building", do you think he meant MySpace?

Nobody owns the internet, do they?

Sure, people own pieces of it, and even then only in spurts (monthly bills, yearly domains, et cetera). But nobody really owns it, right?

Well, then why do corporations try to set it up as if they did?

Because they know they can get away with it.

There aren't that many ways to stop corporations from doing what they want. Signing some silly internet petition is going to do what, exactly? Oh, right, nothing.

There are groups that fight for you, one of many being The EFF, which I'm sure most of you know about.

But what can they do, if corporations put their funds together to buy -- oh, wait, sorry, lobby -- a Congressman into their pockets?

Well, they can hope Congress has a spine and realizes that Joe Schmoe will be severely impacted by this.

So, we can rant and rave all we want, but in the long run, it comes down whoever has the most support (which usually comes from who pays who the most) for any bills.

Corporate America, I pledge to thee!

Amnesty International's solution won't work.

Putting up some censored text does nothing to stop snooping and web tracking. This is a more important problem we have facing the global society.

Between the US and China there has been a rediculous number of infringements on human privacy and freedom of speech. I think the best way to stop the NSA and China's insistence on snooping and restricting is for as many people as possible to start participating in an anonymizing service, like the EFF's TOR Project. It wraps every web request in encryption and then routes it through other servers so noone can tell what the other person is looking for. I wrote a tutorial on putting this anonymizing software on a hidden volume in a USB key for those people who want to be able to surf the web, without big brother tracking them. Make your own DemocraKey, and let's take away every government's ability to regulate thought.

The problem is, whenever there are records collected so large, alternate uses are found for them. Collecting so much information is a gold mine for tracking individuals, regardless of whether or not that was the origional intention. Imagine an leader who disapproved of abortion who tracked calls to abortion clinics, and labeled those people as potential political threats. Or a military worker who wanted to eliminate all "sinners". It's possible using this sort of information, and that's scary. The quickest solution is for normal people to start encrypting their web browsing using software like TOR to encrypt their web browsing and public key encryption to encrypt their emails. I found an article about creating a free anonymizing usb key using open source software. Check it out and spread the word to actively protest the infringements on our rights.

What we need is a working FreeNet

http://tor.eff.org/

Read up on President John F Kennedy and Attorney General Robert Kennedy's surveilance of Martin Luther King.

Regrettably (and I AM trully sorry for both of us), you are are NOT correct. PLEASE read on.

U.S. judges ruled that persons can be tried for breaking the U.S. laws, no matter in which locale said laws were broken.

I cannot hotlink, but click below and look up FederalJudge Whyte's order, which basically states that it is not unconstitutional to prosecute for crimes done outside the jurisdiction of the state

Go to http://www.eff.org/IP/DMCA/US_v_Elcomsoft/
Look up judge's order under: U.S District Court Judge Ronald Whyte's Order denying Elcomsoft's Motion to Dismiss on Constitutional Grounds. (May 8, 2002)

Yeah, sure, Sklyarov was aquitted by a jury, but the earlier decision stands that stipulates that everybody in the World is subject to the U.S. (Federal) laws.

That's not it. Is it? I'm pretty sure they're referring to this PDF, since that's a 25 page redacted document.

I'm confused. I can't seem to figure out what is what. The Klein thing on Cryptome wasn't submitted by ATT, like TFA claims. What gives?

No such document, but here:
http://www.eff.org/legal/cases/att/ATTreplyonminut eorder.pdf

is a PDF such as described.

It might be PI-Redact.pdf from this page?

http://www.eff.org/legal/cases/att/#legal

The weak link in the *Frog model is that human interaction is required to vet spam and build response scripts, then deliver those response scripts to *Frog clients. The "spam to be vetted and scripted against" information needs to be delivered to a single point somehow. The scripts created need to be distributed to clients from a single point somehow.

Maybe the new clients can make greater use of torrents in their operation (as opposed to simply distributing the client installer via torrent). Example: a "spam vetter" person runs an administrative app that searches for a specific torrent. Spam to be vetted is sent from normal clients via torrent, picked up by "neighbor" clients. Eventually, the admin app is able to see the torrent available on a "neighbor" and picks it up. Same way in reverse for delivering scripts - the admin app torrents the script to a smaller number of neigbors, which seed it for more, etc.

I think what you looking for/describing is a hidden service on the Tor network

BlackFrog could include the Tor client with their client app and the clients could submit the spam to the spam vetters via a Hidden Service URL. This would hide BlackFrog's servers' IP address.

The attack against BlackFrog's server would then be an attack against Tor. Which might succeed the first few times. Don't know enough about Tor/Onion routing or hidden services to know how well a DDOS against a hidden service would work. It is an interesting thought experiment, tho.

There was a quote that used to float around the Internet back in the "old days" (the mid 90's) that the Internet could never be controlled beacuse "the Internet interprets censorship as damage and routes around it." Great quote. Used to be true. Isn't true anymore. The Internet has effectively been controlled.

How? The same say we've always been controlled. Fear. Fear of being caught saying something unpopular. The anonymity to say things we're afraid to, or can't, say in public - that anonymity that was once the hallmark of the Internet's freedom - is gone. The Internet isn't even remotely anonymous. There are some attempts to reintroduce anonymity to the Internet, but there are depressingly few people supporting them - and depressingly even more actively campaigning against them.

Why not? Fear. Fear of terrorists. Fear of pedophiles. Fear of libel. Fear of piracy. Irrational fears of things that don't go away when your anonymity does... but depressingly scary enough to enough people to coerce the majority of the population into giving up - handing over - the anonymity that finally allowed us to speak frankly and for the first time in the history of the human race, tell the unadulterated, pure, non-watered-down truth about everything - the anonymity we'd never had before, and that we'll likely never have again. It was great while it lasted.

Good! now i have a backup plan in case the courts come calling ;) http://www.eff.org/cgi/mt/mt-search.cgi?IncludeBlo gs=11&search=patent/ * lon3st4r *

FWIW there is a very good page on EFF's website about the ins and outs of student blogging.

And another one from Scholastic Administrator is also interesting.

Also, in case you are wondering; yes I do work at a school part time as a NetAdmin.

Distasteful as it is, by and large, the dealmaking class only hears "buzz" in terms of amplitude. The merits are irrelevant unless they somehow translate into either votes or dollars.

EFF leans toward this approach with headlines like "Entertainment companies want to control your computer" on their The Battle for Your Digital Media Devices page. These organizations are rightly not crafting these things for /. types; someone has to get aunt Sally's & cousin Topher's attention and get them asking what's going on. Lather & repeat until there's a ubiquitous murmer of discontent, ill-informed as it may be. A well-informed mob is smaller and more polite, so it's really hard to justify that extra overhead when you need to accomplish something *now*.

"Is there any physical limitation that would prevent you from wielding a pitchfork?" "Nope." "Got torch?" "Yep." "Lighter?" "Check." "Great! welcome to our cause! Right this way..."

Yikes! gotta run... there's a "CBS Investigates" on & I just overheard something about Lenovo computers being used to infect us all with the bird flu. Next thing you know, my brand of 2½-lb genetically engineered portabello mushrooms will turn out to increase my risk of age spots or something...

Seriously, if an individual did what Sony has, that person would be doing either community service or time in a federal pound-me-in-the-ass prison. And Sony?

Slap on the wrist, and no more.

I'm going to start a hacking corporation that runs a music industry as our legitimate, customer-facing front. We'll release rootkits on CDs of horrible music, and rip off as much privately-owned information from our unsuspecting users as we can. Of course, we won't get it directly -- we'll use elements of the non-corporate community to help us out; to help make us money by proxy...

OK, seriously, if the rule-of-law is to be consistent and thus mean anything in this country, Sony should be forced to send those responsible in the company to U.S. federal pound-me-in-the-ass prison. Why isn't this happening? Well, this was a civil case brought by the EFF. So what about the criminal case? The EFF says they're unaware of any such cases.

Assuming the network uses TCP, just use TOR:
http://tor.eff.org/

More info can be found here : http://www.eff.org/Privacy/printers/docucolor/

But making sure that the printer you use doesn't sell you out...

This sort of thing really is getting out of hand.

Just add Tor to this and you're good.

http://tor.eff.org/

This includes things like "we are investigating a known terrorist, and since you just published his face in the paper he went so far underground he won't even be able to find his asshole to wipe it after he takes a dump"...

"You have the ability to burn CD's, yes, but you do not have the ability to rip them (legally anyways). "

WRONG! The RIAA recently tried to claim it is illegal but before then their lawyer said in front of the Supreme Court

"The record companies, my clients, have said, for some time now, and it's been on their website for some time now, that it's perfectly lawful to take a CD that you've purchased, upload it onto your computer, put it onto your iPod."

So it is still not illegal. No guarantees about tomorrow, however.

Seems to be gaining momentum on the "vigilant review" front - two re-exams granted just recently:

Test.com: http://www.eff.org/news/archives/2006_05.php#00468 2
Clear Channel: http://www.eff.org/patent/wanted/patent.php?p=clea rchannel

God, I'm glad these guys do what they do.

http://www.eff.org/patent/

Seems to be gaining momentum on the "vigilant review" front - two re-exams granted just recently:

Test.com: http://www.eff.org/news/archives/2006_05.php#00468 2
Clear Channel: http://www.eff.org/patent/wanted/patent.php?p=clea rchannel

God, I'm glad these guys do what they do.

http://www.eff.org/patent/

Seems to be gaining momentum on the "vigilant review" front - two re-exams granted just recently:

Test.com: http://www.eff.org/news/archives/2006_05.php#00468 2
Clear Channel: http://www.eff.org/patent/wanted/patent.php?p=clea rchannel

God, I'm glad these guys do what they do.

http://www.eff.org/patent/

Here's some reading on the subject:

http://www.eff.org/Censorship/Terrorism_militias/f isa_faq.html

http://en.wikipedia.org/wiki/Foreign_Intelligence_ Surveillance_Act

Note in particular that FISA doesn't allow the kind of broad brush surveillance that is apparently happening here. From the eff link:

Under FISA, surveillance is generally permitted based on a finding of probable cause that the surveillance target is a foreign power or an agent of a foreign power -- not whether criminality is in any way involved.

The patriot act expanded the concept of foriegn power to include terrorist organization not backed by a specific foriegn power.

the EFF should do The Right Thing, and distrubute the documents on a net of hidden services within Tor.

Documents remain sealed, but remain in evidence.

Of course there's a market for this. Where have you been? Universities and Companies have been rolling these things out to keep an eye on their networks for a while now. And this has been predicted for a long time before that.

Here's another product which basically does the same thing

You couple this, along with lots of cheap SATA storage on a Hypertransport Bus, and you're looking at storing network information for at least months, possibly years. At the rate technology is going, it will only get easier to store all of a student/employee's network connectivity for forever.

It looks like the tinfoil hat crowd was right all along. Clearly it's time to wake up and become aware of this stuff, as it's only going to become more ubiquitous.

If you're looking for a defense, the only complete one is Tor .

From http://www.eff.org/legal/cases/att/faq.php#15
What is Daytona?
Daytona is a database management technology originally developed and maintained by the AT&T Laboratories division of AT&T, and is used by AT&T to manage multiple databases. Daytona was designed to handle very large databases and is used to manage "Hawkeye," AT&T's call detail record (CDR) database. Daytona is also used to manage AT&T's huge network-security database, known as "Aurora." As of September 2005, all of the CDR data managed by Daytona, when uncompressed, totaled more than 312 terabytes.
http://www.research.att.com/projects/daytona/

What is Hawkeye?
Hawkeye is AT&T's call detail record (CDR) database, which contains records of nearly every telephone communication carried over its domestic network since approximately 2001, records that include the originating and terminating phone numbers and the time and length for each call.

What is Aurora?
Aurora is a network-security database that had been used to store Internet traffic data since approximately 2003. The Aurora database contains huge amounts of data acquired by firewalls, routers, honeypots and other devices on AT&T's global IP (Internet Protocol) network and other networks connected to AT&T's network.

This is why we should all use Tor. The more people that use it (and setup their node as a server) the faster it gets.

Well, the statute does say (upon closer reading) SCMS or equivalent. And it turns out that XM states it has complied with the AHRA anyway. Apparently, though, the RIAA isn't letting this stand in their way.

Firstly, tor with Privoxy and a Firefox plugin that makes it easy to switch between it and a direct connection. Others may use FreeNet, but I personally don't bother.

For IRC, connect using SSL (If you trust the network admins. Even if you don't, still better than nothing) and perhaps through Tor as well. For email, anything PGP-ish.

Also, for protecting my files, I use TrueCrypt.

I prefer Tor because it is affiliated with the Electronic Frontier Foundation (EFF). A page on the EFF website states, "A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently . Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations."

The issue is trust. I trust the EFF.

On the other hand, some anonymous proxy servers are located in Mexico. Do I trust that Mexican society is a staunch advocate of privacy rights and other civil rights?

well, personally, if i'm doing something that i don't want traced, i'll fire up tor (http://tor.eff.org/)tor

i currently don't really worry about my email security (if someone wants to read my aunt's cookie recipes, thats fine by me). if i happened to be doing something important, i'd likely use some form of encryption, likely PGP or maybe something stronger.

Are they going to search our call records to determine the source of the leak?! *knock knock* "Oh Hi Bill." *ziiiiiing* (BSOD)

EFF