Slashdot Mirror

Maybe Peacefire's timing is bad. Two courts have recently said that the reverse-engineered DeCSS program is illegal to publish in the United States, and UCITA gets closer every second. Yet Peacefire today released a program that reverse-engineers the encryption on a list of sites blocked by a major censorware product. Maybe T-shirts that say 'X-Stop has a 68% error rate for blocking student homepages' will get classified as munitions next. Bennett Haselton shares his thoughts (below) on corporate crypto.

Bennett Haselton is the founder and head of Peacefire, an activist group to support the free-speech rights of young people. He suggests that you might want to download the X-Stop "smoking gun" evidence (4MB) before the company has a chance to remove it from their server.

The feature below was written by Mr.Haselton.

X-Stop is an Internet censoring program with an encrypted database of 370,000 URL's blocked under various categories: Sex, Drugs, Rock `n' Roll, etc. Their competitors like SurfWatch and Cyber Patrol also do not publish their blocked site lists; the officially given reason is to keep kids from using the lists to find smut on the Internet. This is silly, given how easy it is to find Internet porn without the aid of X-Stop's secret database (although if you still want to, you can download our codebreaker, follow the instructions to get the X-Stop list and decrypt it, and help yourself). But for the next part of our report, after we decoded the URL list, we looked at the first 50 URL's in the .edu domain that were still valid, and found that 34 of them were regular student home pages with nothing offensive (hence the "68% error rate" t-shirt slogan). None of those 34 students who responded to our e-mails could think of why X-Stop would want to block their pages.

X-Stop admits on their Web site that their database is put together by a Web spider called "Mudcrawler" and not by human reviewers, but even for a machine, a 68% error rate is pretty bad. And even though the real reason why these lists are encrypted is obviously to keep competitors from stealing them, this also makes it much harder for third parties to find out what the programs really block. In fact, X-Stop had once claimed that every URL on their list was reviewed by a human before getting blocked, but cyber lawyer Jonathan Wallace called them on it when he published "The X-Stop Files" in 1997, asking why X-Stop blocked several sites like the Quakers home page, the AIDS Quilt, and parts of Jonathan's own e-zine, The Ethical Spectacle. Peacefire also put up a page in 1998 about sites blocked by X-Stop, including an affirmative action site and a blind children's hospital. But these examples were all found through trial and error; today is the first day that the entire list of URL's has been made public. And to determine the 68% figure, it was necessary to have a copy of the entire list, so that the first 50 blocked sites could be used as a random sample.

So far, this is more or less the same story that took place in 1997 with another blocking program, CYBERsitter, right down to Jonathan Wallace posting a page about CYBERsitter and getting his site blocked. First, several people posted articles criticizing CYBERsitter's policies, and slowly CYBERsitter's public image deteriorated as word got out that they were blocking sites which criticized their company (even Time magazine got blocked, and then posted an article about how they found themselves on CYBERsitter's list). Then in April 1997, Peacefire released a program that broke the encryption on CYBERsitter's list of blocked URL's. CYBERsitter sent Peacefire a threatening letter demanding that we take down the program and remove all of our links to CYBERsitter's Web page. Jim Tyre, a volunteer lawyer and future founding member of the Censorware Project, sent CYBERsitter a reply telling them they had no case, and we never heard from them again. But UCITA, the Digital Millennium Copyright Act, and the two court injunctions against the right to post DeCSS, didn't exist in 1997. If we had released the CYBERsitter codebreaker today, would CYBERsitter actually file a lawsuit?

The outcome of the DeCSS court cases could, in fact, determine the rights of a private citizen to embarrass a big software company by reverse engineering their products and catching them in a lie. It's easy to forget the importance of legal protection for reverse engineering, because sometimes public opinion is enough: RealNetworks never sued Richard Smith when he revealed that copies of RealPlayer included a "globally unique identifier" to track user's listening habits, and Microsoft never sued Andrew Schulman when he discovered that Windows 3.1 threw up fake error messages about DR-DOS. These were large companies that would have been crucified if they had tried to sue someone for discovering something that the public thought they had a right to know anyway. But legal protections are still important, because sometimes public opinion isn't enough - when the software company doesn't have much of an online reputation to worry about, or when then they have a reputation but they don't care about it.

The RIAA, with their campaigns against MP3 technology and reverse-engineering SDMI, is an example of an organization that doesn't care about their online image - and why should they, since we all download our music for free anyway. CYBERsitter is another good example - they do care about their reputation, but in 1997 their image was that of a children's guardian angel and an ally in fighting government censorship, almost immune to criticism. It took an enormous amount of bad press - letters from CYBERsitter's CEO threatening ISP's and flaming people in general, and at one point actually mail-bombing a lady who sent them a complaint - before even advocates of blocking software started distancing themselves from the company. Even today, CYBERsitter's public image is fairly rosy, and their campaigns of legal harassment hardly affected their reputation at all. (What had you heard about CYBERsitter before you read this article?) It's hard to imagine Microsoft, for example, filing a similar lawsuit without embarrassing themselves and turning their intended target into a martyr. The real threat to "reverse engineering for the public good" is from medium-sized companies, small enough that not everything they do will get in the news, but still big enough to afford lots of lawyers.

This threat affects not just programmers, but even journalists who get anonymous tip-offs - like Brock Meeks and Declan McCullagh, who were threatened with an FBI investigation by CYBERsitter in 1996, after they published their "Keys to the Kingdom" article about sites that CYBERsitter and other "censorware" programs blocked. The part of the article that got them in so much trouble was this excerpt from CYBERsitter's bad- word file:

[up][the,his,her,your,my][ass,cunt,twat][,hole]
[wild,wet,net,cyber,have,making,having,getting,giving,phone][sex...]
[,up][the,his,her,your,my][butt,cunt,pussy,asshole,rectum,anus]
[,suck,lick][the,his,her,your,my][cock,dong,dick,penis,hard on...]
[gay,queer,bisexual][male,men,boy,group,rights,community,activities...]
[gay,queer,homosexual,lesbian,bisexual][society,culture]
[you][are][,a,an,too,to][stupid,dumb,ugly,fat,idiot,ass,fag,dolt,dummy]

If this now counts as a "trade secret" under the Digital Millennium Copyright Act, then our list of the 50 .edu sites blocked by X-Stop - and the study that found the 68% error rate - could be declared illegal. And under UCITA, CYBERsitter could even claim the enforceability of these excerpts from their license agreement:

Reverse Engineering Prohibited
Unauthorized reverse engineering of the Software, whether for edcucational, fair use, or other reason is expressly forbidden. For the purposes of this license the term "reverse engineering" shall apply to any and all information obtained by such methods as decompiling, decrypting, trial and error, or activity logging.

Non-Disclosure
Unauthorized disclosure of CYBERsitter operational details, hacks, work around methods, blocked sites, and blocked words or phrases are expressly prohibited.

So any CYBERsitter user who even discusses what the program blocks, would be in violation. Not that CYBERsitter would enforce this against everybody, but they probably would have liked to enforce it against Brock and Declan.

At this point, we don't know how X-Stop will respond to our report. But we do know that for all of their bluster, CYBERsitter never actually sued Brock, Declan or Peacefire. Given that CYBERsitter pursued the matter for months (and the fact that Brock and Declan had actual money), if CYBERsitter gave up, it's because they had no case. If the Digital Millennium Copyright Act, UCITA, or the DVD court rulings change that situation, then it will become much harder to criticize blocking software - or any kind of software - except for the user interface and other things that users can "see" without looking under the hood.

ralian writes "According to Time Daily peeved users have filed an $8 billion class action against AOL-Time Warner because of AOL 5. It's sort of funny to see Time reporting on a lawsuit against their parent company. Check it out here."

ralian writes "According to Time Daily peeved users have filed an $8 billion class action against AOL-Time Warner because of AOL 5. It's sort of funny to see Time reporting on a lawsuit against their parent company. Check it out here."

Almost everybody sent this one in: "AOL and Time Warner merge!" See stories at cnnfn.com, Yahoo! News or almost any other online news outlet. Or go straight to the source(s); the Time Warner and AOL press releases, which make this sound like the greatest thing since the first two 'net nodes were connected together. Now you'll be able to get all your Internet needs, from connectivity to content to shopping, delivered by a single experienced company. No more need to deal with Web sites that stray from the party line, take risks (and screw up now and then), or any of that other messy old-fashioned "Internet as anarchy" stuff. To get online in the future, all you'll need to do is plug in your computer, turn off your brain, and enjoy!

MAXOMENOS writes "Time Digital has a list of digital technology predictions for the year 2000. Among the more interesting ones: so-called '.com' businesses fade from the limelight, Linux shifts emphasis from the server and the desktop to embedded systems, and the IPO craze moves from Web-based retailers to something else. Check it out."

neal writes "Fortune has an article that selects Linus as one of the'people' to watch in 2000! " Just another sign of the recognition that Linux and Open Source as a whole has garnered over the last eighteen months or so. Here's to 2000 being even better than 1999.

Eric Harris and Dylan Klebold are cover boys again -- this time in Time Magazine, which discloses the contents of some home videos they made before the massacre, and which again graphically links the killings to gaming. This meme rocketed all over the Net, and as e-mail from the Hellmouth suggests, it touched some brutally raw nerves.

I didn't lose any family members, and nobody close to me died or was injured in the Columbine Massacre, but I have to disclose something: this has become a very personal story for me, more than a media, technology or cultural issue.

I will probably never know why many of my Slashdot columns showed up on the Trenchcoat Mafia website that Eric Harris and Dylan Klebold created, but they did. Then , after a series of Columbine-inspired "Hellmouth" columns about life in high school for the alienated, different, geeky and nerdy kids of the world - life changed for me.

I became peripherally involved in three kids' efforts to kill themselves. My e-mail frequently becomes a nearly unbearable torrent of misery - it shot up again after Time published its "exclusive" story this week -- as Columbine has given incompetent administrators and clueless journalists a license to humiliate and suspend, to segregate, libel and persecute the different and the alienated (See a few of today's e-mail offerings below).

Thanks to Rob and Jeff and Slashdot for publishing the "Hellmouth" series and keeping it up on the site. They have given a lot of these kids a place to go, and they express their thanks and appreciation almost every day.

Most of the country now believes kids are becoming more violent, when they're not. Parents believe schools have become more dangerous, when they're dramatically safer. Federal agencies like the FBI and ATF distribute "geek profiles" and profit-making corporations peddle software security programs to maintain secret lists of "potentially dangerous" students who also happen in some cases to be outspoken, individualistic and individualistic.

The war against these kids has become a crusade for conformity, intimidation and exclusion.

There hasn't been a day in the past eight months that I haven't gotten e-mail about life in the Hellmouth, post-Columbine. It comes from parents, teachers, mostly from geek kids. One that arrived yesterday from "Bear" quoted an online news story from Utah (I confirmed this story by checking a wire service):

To: jonkatz

"Jon. This week, a sixth-grader drafted a list of 12 "people to kill" after enduring months of taunting from classmates and has been kicked out of school.

The boy was indefinitely suspended last week pending a final decision by district administrators, said Kirk Denison, principal of Terra Linda Elementary School south of Salt Lake City. Denison said that the boy admitted he was "angry and frustrated" but denied he intended to kill the students, who had bullied him and thown dog feces in his face.

Surprisingly, the article did not mention plans to honor his tormentors for enabling administrators to identify and remove this dangerous kid from classes. Why, a student armed with a "list" could do untold damage! ?

[Jon], I simply can't get past the fact that this assault lasted for *months* and the administrators were obviously unwilling to act. Suspend the student - and prosecute everyone from the principal through district administrator for gross negligence, misfeasance, dereliction of duty, and conspiracy for assault and attempted murder after the fact. - Bear."

Hundreds of kids have relayed similar stories: They're suspended, sent home, pushed into alternative schools for getting angry, saying or writing hostile things, expressing themselves openly and honestly.

This week Time Magazine has re-opened some of these wounds with a cover story: "Exclusive: The Columbine Tapes: The killers tell why they did it."

The story includes details from a series of home videos Dylan Klebold and Eric Harris made before they died. A quote from one of them rocketed through the news media and the geek and gaming worlds within minutes of publication:

"Tick, tick, tick, tick?." says Eric Harris, shown holding a gun: "Haa! That fucking shotgun is straight out of Doom.?" The notion that computer games or the Net, or in the larger context popular culture, was the real villain at Columbine was dramatically reinforced in newspapers and on TV newscasts all over the country this week.

Time's cover story suggests that the real motivation for the Columbine shootings wasn't anger, a need for revenge against taunting or abuse, but a wish for celebrity. Time quotes the two kids arguments over which director could be trusted with their story, Steven Spielberg or Quentin Tarantino.

Yet despite the fact that the magazine presented a more thorough look at the boy's lives than has yet been presented by the media, nothing the boys said or did in their videos, and nothing in the Time story, comes close to explaining why these kids took guns and bombs to their school and slaughtered their classmates. The original, almost painfully obvious, likely conclusion remains: the boys were severely disturbed.

To me, the section that stood out in the long piece - because it was such a familiar refrain from the many thousands of e-mails I've gotten -- were quotes from Klebold and Harris. Harris talked about how people made fun of him, of "my face, my hair, my shirts." Klebold taunted his extended family: "You made me what I am. You added to the rage" and told fellow students: "I'm going to kill you all. You've been giving us shit for years."

This is a point that educators, journalists and politicians have almost criminally refused to consider: Perhaps the best way to keep kids from turning on their classmates is to protect them in the first place, to create humane, create educational environments in which it is as unacceptable to push dog feces into somebody's face as it is to threaten to blow up your school.

If administrators think their post-Columbine crusades - or the software and profiling programs they are deploying to spot "dangerous" kids -- are making schools safer, they are tragically mistaken. They're simply fueling the anger and suffering, or driving it underground.

Perhaps the saddest and most infuriating thing about this war on the young is that it's predicated on a false-hood: schools aren't getting more dangerous but safer, teenagers aren't becoming more violent but less, crime among the young isn't rising but plummeting [see below]:

A few e-mails, edited for length, from this week in the Hellmouth:

From: Jamie Date: Mon, 13 Dec 1999 17:59:20 EST To: jonkatz@slashdot.org Subject: thank you

I myself am in a weird situation. The jocks and preppies will like me for a short time but there are times where they do nothing but abuse me in different ways' There are people who want me to be popular but I can't stand most of these people. They are all about being a part of a group and not themselves. I wear what they don't like and they look down on me.

All of this pressure has built up with me and lately I've been cracking. My dad is hard-core businessmen. He can't stand the fact that I'm idealist and fight the power in my own little, mostly white, small town, that I can...

I play guitar and use it as an outlet of anger but my parents took it, my passion, away. I've been crying and having violent outbreaks. I'm withdrawing form all of my classes cuz I can't stand them anymore. All of this goes back to pressure from peers and parents. I got in an interesting talk with my comp teacher when I wrote an anti-censorship paper.

She didn't understand my passion for music and musical freedom. If I was a better player I would start a band but I still suck. I told her this and she laughed about it under her breath. anyways thanx for an anger outlet and thanx for your support against music censorship. If you get the time e-mail me back and give me a response. thanx J

To: jonkatz jonkatz@slashdot.org Subject: Can you help me?

"Jon, for the past six months I've been the target of the most vicious and most violent gang in the school - the football team. They've locked me in my locker, spray-painted my face, taken my laptop - yes, I am most definitely a proud geek, gamer and raver -- and gone through my personal stuff. I sort of lost it yesterday when one of them snapped a towel in the locker room that caught me in the eye and called me "geek-boy."

I said I was going to get a gun and kill him, just like Columbine. I don't have a gun, and have never seen one or touched one, but they reported me to the principal, and I was sent home. He said there was no choice, he had to protect the school from people like me. My mom says I might have to go to an alternative school for two years, as the principal says I'm possibly dangerous, and I can't be ignored. Is there anything I can do? My dad says I've ruined my life, that this will be in every government computer forever, and in my college file. I can't understand what's happened to me. 'Do words count so much more than actions? All my teachers know me, I'm not dangerous. But they won't talk to me now. And yes, I play Doom. That won't help either, I guess. How can you prove that you won't kill somebody? Dan, Maryland."

To: jonkatz jonkatz@slashdot.org

"Predicted teen-age crime wave failed to occur, numbers show," -by David Westphal, Fresno Bee (12/13/99) [link]

"WASHINGTON - In 1995, Americans were in a virtual panic over youth crime. Juvenile murder arrests were setting record after record. So were arrests for aggravated assault and robbery. Gun violence was growing progressively worse. And then came a startling prediction. As bad as juvenile crime had become, said a group of experts, it was about to get much, much worse.

"This is the lull before the crime storm," said criminologist James Alan Fox in an America Online forum. "The future may make 1995 look like the good old days."

Predictions like this one set off a rush of tough-on-crime initiatives that sent more juveniles to adult court, put more metal detectors in the nation's schools and resulted in dozens of new curfews across the country.

There's just one problem. This is a crime wave that never happened. Even as academics like Fox and John DiIulio were warning of a coming "super-predator" breed of young criminal, the juvenile crime rate was starting to head down. The violent crime arrest rate for juveniles fell another 11% last year, according to a new report, and now is down by 30% since 1994. The murder rate has been slashed nearly in half.

"The 'super-predator' never materialized," says Howard Snyder, director of the National Center for Juvenile Justice. "A lot of people think crime among young people is still going up. But in fact it's dropped. A lot."

The story of how violent lawbreaking began to wane among the nation's youth is a remarkable one, because so many people were convinced crime was headed in the opposite direction - and for some good reasons.

Arrests for murder and other violent crimes had been in a steady, sharp rise since 1988. What's more, the ranks of the young were about to spike upward, as children of the baby boomers came into their teens. U.S. News and World Report, in a sobering cover story predicting a juvenile crime "time bomb," declared in 1996 that there was "scant hope that the pessimistic trends will stop anytime soon. The tragic fact is that it may take an ever greater bloodbath to force effective crime solutions to the top of the nation's agenda."

Instead, to the astonishment of many, juvenile arrests plummeted. Robberies are down by 45% since 1994; aggravated assaults are off by 20%; rape is down by 25%. In several big urban states the decline has been even greater.

In New York, for example, the arrest rate for violent crimes is off by more than 60% in just three years.

Vincent Schiraldi, director of the Justice Policy Institute, says polls show that Americans overwhelmingly believe youth crime is still on the rise when in fact it's been falling sharply for four years. The result, he contends, has been an overreaction by the public and politicians to youth violence.

"You've got metal detectors showing up in schools where they don't even have a stoplight in town," he says. "Somehow Americans have been persuaded that our kids are animals out there with guns, headed to school."

Copyright ©1999, The Fresno Bee.

From: Mike Terry Date: Mon, 13 Dec 1999 13:30:00 -0800 (PST) To: jonkatz@slashdot.org Subject: Geek Profiling leads to expulsion link:

"the Hallsville school system had a bomb threat just days after Columbine. Nevertheless, this is pretty close to being a worst-case scenario."

This link tells the story of David, a high school student who was expelled four days after the Columbine shooting and forced into an alternative school because he fit the profile of Harris and Klebold. It's impossible to judge all of the merits of any case like this from a distance. Judge it for yourself.

Lev Grossman writes "Is the Internet alive? Of course not, silly. But as this article points out, in some ways it makes sense to study it as a living organism, or an ecosystem, in terms of its growth and structure. "

TRUSTe, the steward of the most visible symbol on the internet, is making a tough decision today. Today, it reveals what it intends to do about its client Real Networks. At stake is whatever's left of its credibility. (Update: 11/08 02:55: Real got off on a technicality: "because the transmission of user data ... did not involve collection of data on the RealNetworks Web site, the privacy incident was outside of the scope of TRUSTe's current privacy seal program.")

Unquestionably TRUSTe is the leader in third-party privacy assurance. Its only alternative is BBBOnline, which can boast only 100 members to TRUSTe's 750. But it's having a hard time living up to its motto, "Building a web you can believe in": sometimes it's hard to know what to believe.

TRUSTe's original idea was to allow a website to display one of three icons, indicating whether its privacy policy was good, ok, or bad. There turned out to be problems with this - strangely enough, no site wanted to post an icon saying that their privacy sucked - and the icons looked too similar anyway. So they went with one icon, a "badge" that every member site posts.

All the badge means is that the site has a privacy policy, and that, as far as TRUSTe knows, they haven't violated it.

If you think this is a questionable basis for a consumer advocacy group, you're right. But the real question is how it plays out in practice. Let's take a look at TRUSTe's track record.

Round I: TRUSTe and GeoCities. In June 1998, the FTC announced - to everyone's surprise - that it and GeoCities had come to a settlement regarding violations of consumer privacy.

Everyone was surprised because this was the first anyone had heard of it. Where was TRUSTe?

Caught flat-footed, TRUSTe scrambled for a few days, then made its own announcement. It pointed out that GeoCities had begun the alleged privacy violations before applying to become a member (in April) and being accepted (in May). Therefore, TRUSTe claimed, the violations were technically not under the scope of their investigation.

But turn that around and put it another way - it was able to become a TRUSTe member even while under investigation by the FTC, and TRUSTe said nothing.

It gets worse. The FTC and GeoCities issued conflicting releases about what the settlement actually meant. The FTC said that GeoCities had "misrepresented the purposes for which it was collecting personal identifying information" (including children's). GeoCities denied the charges.

So who was right? We still don't know. Despite this being precisely the issue that TRUSTe was set up to resolve, TRUSTe refused to confirm or deny the FTC's allegations.

In a 1998 open letter, I asked whether TRUSTe's initial review of GeoCities had included any really tough questions such as "are you currently under investigation by the Federal Trade Commission?" No answer. In fact, mention of the GeoCities incident seems to have been removed from TRUSTe's website.

The organization that wanted to make the FTC obsolete was not off to a good start.

Round II: TRUSTe and Microsoft. March 1999. This was the "Global User ID" case. It turned out Microsoft had been embedding a user ID into every document you created with their software. Since they put that ID on file when you registered their software, they have been capable for years of tracking authorship of even supposedly-anonymous documents.

And don't think it's just a theoretical concern. Just weeks later, the Melissa macro virus was unleashed, and its author was tracked down using this same ID. Any technology that can lead the cops to your door is potentially dangerous technology.

TRUSTe announced that this "compromises consumer trust and privacy" (duh), but said that since the Global User ID does not, strictly speaking, involve the Microsoft.com website, it had no jurisdiction. Their conclusion: "TRUSTe has determined that Microsoft.com was in compliance with all TRUSTe principles."

In reality, Microsoft's privacy page (prominently labeled with the TRUSTe seal) also discusses online registration of software products, and notes that the "personal profile" from their software registration appears on the website and is editable from the website. And that page claims that registration is covered by the TRUSTe guidelines. For TRUSTe to claim it's not requires some Clintonesque redefinitions.

CNET's headline was exactly right: "TRUSTe Clears Microsoft on Technicality."

Round III: TRUSTe and Deja News. April 1999. Again TRUSTe is taken by surprise when a computer sleuth discovers that Deja News has been collecting data on email sent by its users. When a reader clicked on an email link in a discussion posting, the destination email address was recorded, along with the presumable topic of discussion, the sender's IP number, and if registered, the sender's personal data.

This is not what one expects when sending private email! And this clearly involved Deja's website, so there was no question of another technicality.

TRUSTe's analysis of this situation was only two paragraphs long; here's all that happened:

"TRUSTe specified certain clarifying language to be included in the privacy statement. Deja News, independent of TRUSTe, then decided to discontinue the practice of tracking IP addresses in conjunction with the mail-to feature."

In fact, the situation was resolved long before TRUSTe even bothered to issue that statement. TRUSTe's suggestion of "clarifying language" had been obviated long before by Deja's indepedent action. See ZDNet's story of May 4th, which hopes that TRUSTe "will likely issue some sort of statement...this week." But TRUSTe stayed silent for four weeks.

Round IV: TRUSTe and Microsoft (again). A wide-open security hole in Microsoft's Hotmail is breached, and for a few hours everyone's inboxes are public domain. (If you don't think this is a serious privacy violation, read the stunning anonymous tale of cracking into an enemy's email, published on Salon.com the next day.)

TRUSTe's response is to call in an independent accounting firm to talk with Hotmail's programmers and security people, look over the source code, and generally try to make sure such a problem won't happen again. This isn't a bad idea - it just wasn't much of anything that Microsoft wouldn't have done on its own. Locking the barn door after the horse is gone doesn't help the people whose privacy has been lost. Microsoft is out of pocket a few bucks for the audit, and gets more than its money's worth by being able to say that TRUSTe still gives them a clean bill of health.

How can all these incidents have passed by without punishment of any kind? It's because of what TRUSTe is actually guaranteeing. Not that any company will actually keep its data private - but that the company is not lying in its privacy assurance.

That's right. You know those privacy promises you never read, the ones that are different on every website and all seem ten pages long? What TRUSTe does is promise you that, if you had read them, you'd know your rights.

If it wanted, a company could have its lawyers dress up "we will spam your email every day and sell your name and address to anyone who asks for them" in legalese, and get a TRUSTe badge on their homepage. Would you know you were being screwed? Not unless you speak fluent lawyer.

Is the FTC such a bogeyman that we really need to sell our privacy so cheap?

When Ralph Nader was pressing the government to impose strict safety standards on the auto industry, Henry Ford II complained that they were "unreasonable, arbitrary and technically unfeasible." After the laws were enacted anyway, a decade later he conceded: "We wouldn't have [these] kinds of safety ... unless there had been a federal law."

Imagine if our only automotive safety regulations were that Detroit must abide by its lawyers' fine print!

The usual argument is that requiring an actual guarantee of privacy would stifle business. The purpose in forming TRUSTe was to keep the internet corporation-friendly, by keeping the government out. TRUSTe was well-intentioned, no question. It was a noble experiment.

But, according to some influential people and groups, it has failed.

Forrester Research studies topics related to the internet and made privacy its concern in its September 1999 report, "Privacy Wake-Up Call." Its conclusions should not be surprising:

"Most privacy policies are a joke." Forrester says corporate privacy policies are legalese set up mostly to protect the corporations.

"Few companies meet key privacy protection principles." About 10%.

"Third-party programs show little traction." Hundreds of TRUSTe licensees don't amount to much on the billion-page net.

And, "third-party privacy firms...like TRUSTe...become more of a privacy advocate for industry rather than for consumers."

(Slashdot has more on this study.)

Even the Electronic Frontier Foundation, after years of straddling the fence on the issue, has finally recognized that self-policing just doesn't work. The EFF is not just the best-recognized internet rights advocacy group; it created TRUSTe.

Yet, in an October letter to the FTC, the EFF laid down its cards:

"Creation of TRUSTe and its seal program was one such early innovation of EFF. TRUSTe was successful in several areas. ... We now must move out of this awareness-raising mode and into an action mode where real protection can be achieved. Legislation is needed in order to achieve that goal. ... we think it is time to move away from a strict self-regulation approach to protecting privacy online."

The latest nail in the coffin came on November 1, when EFF Program Director Stanton McCandlish laid out the facts on the fight-censorship mailing list:

"Our stance has basically been that industry self-reg would be worth trying, but might or might not be enough. We did the 'proof of concept' ourselves, by launching and spinning off TRUSTe. But TRUSTe was intended to be and is a separate, independent entity, and was created as an experiment. The experiment is in many ways a failure..."

(McCandlish's personal opinion is even more scathing. Follow the link to read it.)

You wouldn't know this if you read the TRUSTe website. Their homepage proudly tells you about the six-month-old Georgetown study, but makes no mention of the Forrester Research report. It tells you that the FTC supports self-regulation (based on Georgetown), but won't tell you that its own parent, the EFF, thinks the ride is over.

If TRUSTe is a consumer rights and advocacy group, why are they only feeding us the feel-good stories? Aren't consumer groups supposed to be the ones that dig up dirt and tell us about potential problems?

The money trail leads to the answer. TRUSTe isn't a consumer advocacy group. TRUSTe doesn't get its money from consumers. Its money comes from corporate sponsors, and nobody wants to bite the hand that feeds them. Besides, those corporations want the message to be one of constant calm. Concerned customers are not good for sales.

Remember the GeoCities FTC findings that TRUSTe wouldn't comment on? GeoCities had just done an IPO and millions of dollars were at stake. GeoCities' sister corporation Engage Technologies (they are both subsidiaries of CMG Industries) was a Contributing Corporate Sponsor of TRUSTe. That conflict of interest was never mentioned.

(GeoCities has since been purchased by Yahoo.)

Remember the Microsoft incidents that TRUSTe waffled on? Microsoft is not just a member, but also a Premier Corporate Sponsor of TRUSTe. That conflict of interest totals $100,000 per year.

Round V. By now you've guessed that this is leading up to the current furor over Real Networks. Real is a TRUSTe member. Do I need to mention that it's also a Contributing Corporate Sponsor?

TRUSTe said that it would render judgement on Real Networks by the end of last week. Now it's saying today.

And it's making noises like they're actually going to do something this time:

"We could take the company to court for breach of contract, since they do have an agreement with us. Or, we can forward the case to the FTC... I guarantee that the damage to the reputation of the first company that we do that to will be big."

For its own sake, it had better. We're talking about a company whose product is a Trojan Horse that secretly scans your hard drive for valuable personal data. If TRUSTe doesn't unload with both barrels, its credibility will be negative zero.

Anything TRUSTe does may have a negligable effect in any case. Corporations only understand the bottom line, and RealNetworks stock shot up 25% in the five days following the privacy debacle. With the company's market cap $1.9 billion higher than it was a week ago, how much are they really going to care about some nonprofit gnat?

We can hope. Real.com today unveiled its new website, a music portal, which investors will be watching carefully. Also happening today is a conference held by the FTC and Commerce Department for data-profilers to announce what they're going to do to protect privacy. So if TRUSTe were trying to maximize the effect of their announcement, today would be the day they'd pick. It could be that the gnat will have a nasty bite that surprises everyone.

Still - you can dress an organization up in not-for-profit clothes, but that doesn't change that it's beholden to its revenue stream. TRUSTe says we can trust them to be objective, on the theory that their revenue stream will dry up if they don't do right by consumers. So far, there doesn't seem to be much truth to that. They haven't been doing us right, but their number of contributors and members just keeps growing.

I enjoy reading about the future envisioned by people like Gibson and Stephenson, where the net is totally unregulated and a "right to privacy" is a dim memory, or a joke. That doesn't mean I want to live in that future. Europe has consumer protection laws that are, from an American perspective, astonishingly strong. Maybe we should take a look at other countries' solutions, to see if there's something we could learn.

So far, all we've learned is what fails.

- Jamie McCarthy

KuRL writes "Entertainment Weekly is reporting (yeah, that's the right link, it's at the bottom of the page) that the one and only Who will reunite to play Vegas on October 29th. What? Not 'news for nerds' you complain? Well, the concert, entitled 'iBash '99' will be kick off the launch of Pixelon, and will be 'webcast' live." Caveats: most of Pixelon's content requires a Windows-only Netscape plug-in to view. I bummed my wife's (Windows) PC to try it - and it crashed repeatedly. And downloading a 30 second "preview" clip took over three minutes on my cable modem. It would take forever via dialup. I don't think the CmdrTaco/Pete Townshend online singalong we've all been looking forward to is going to happen quite yet. Oh, well.

jetpack writes "This isn't really news for nerds. In fact it's not even news (from 1996) However, since it is kinda related to some of the fun we've had with babblefish in the past, it seems kinda relevant. One of the documentation chix0rs here at work pointed this one out to me. Check out this interview with Madonna. " Ok, normally I wouldn't post something like this, but if you need a laugh, just read it. It's worth your time.

broohaha wrote to us with the online version of Time's interview with Steve Jobs. It's the cover of this week's edition, and gives an interesting perspective into the labyrinth of his mind. The most interesting part is the Pixar stuff, IMHO. Just waiting for Toy Story II right now.

An anonymous reader wrote in to point us to a Time Digital article (By Nathaniel Wice: Hey man!) about AOL Shelving plans for Netscape 5's release yet this year. So is the browser war really over? Does Mozilla have a chance?

Floydian Slip sent us a link to Time Digital which has an amusing 20 Questions with Transmeta. It doesn't say much, but it seems to debunk a few theories. I'm hearing 'RSN' rumors now, but nothing concrete yet. I need moles in Transmeta dammit. I know you're reading, why won't you squeal?!

I've been so busy on the code frenzy that I've been behind on the quickies! Tragic! First lets get the serious quickies out of the way: chris sent us the Atlanta Linux Showcase Tutorial and Conference program for the 3rd Annual ALS, comming up October 12-16, 1999, in Atlanta Georgia. Registration is open. Bl0w0ff noted that The dockapp warehouse has been upgraded and redesigned. k-rist sent us SimShatner. Here is a site selling a video history of Atari with interviews with the guys that did Pac-Man and all that early stuff. Someone sent us a link to another place you don't want to see a BSOD. Want some Blair Witch Parodies? irishmikev sent is a Southpark Parody and stairs sent The Blair Family Circus Project. How about a pair of strange places to put a server? Gareth Walwyn sent us one in a potted plant and GFD noted thatLinux Today has a story about a box that runs in a real Pizza Hut Box. If strange Linux boxes ain't your bag, someone submitted Apple Fritter which contains strange cases for Apples (Legos, Radios, and more) Jade wrote in with how to apply for the position of Sith Apprentice. and rjh pointed us to the iMaul (seems like a lot of stuff is coming in pairs today) Evan Vetere noticed that despair.com has new de-motivators. Matthew McCabe sent us tuxtiles which is taking votes on designs for "Linux Blankets". Since we're mentioning merchandise, I gotta plug Think Geek which is the first place I've seen with good stuff. They mailed us a box of freebies, but I actually woulda bought most of the stuff they sent me (mugs with #include <beer.h> and some sweet perl shirts and other cool stuff). Most of the "Geek" sites just sell crap but most of this was actually clever. We probably should also note that Copyleft finally has the new Slashdot shirts from our contest winners, they look great. ralphb was the first to say that Time Digital has an article on Slashdot.

Ralph Wiggam writes "A heartfelt, if somewhat sappy, article about the upcoming demise of Prodigy Classic. It gives credit to Prodigy for pioneering, or attempting to pioneer, things that history will probably not remember it for. Read the Time.com article here, and on October 1, pour some beer on the sidewalk for an old friend." Prodigy was my first online experience beyond local bulletin boards, back in 300 baud modem days. The original Prodigy was clunky as hell, but it was the first service to put "the masses" online. We knew the end was coming. Now we know exactly when. RIP Prodigy.

Mr H writes "According to Time's Person of the Century Poll Linus Torvalds is #15 out of 100." When I looked, Linus -- at #15 -- was ranked right below Madonna (#14), and right above Pope Paul VI (#16). Yitzhak Rabin was #1, Elvis Presley was #2, and Adolph Hitler was #3. Bill Gates, FYI, was ranked #17, Billy Graham was #4, and Albert Einstein was #5.

that guy writes "TIME Digital has a story about the Factoid, a next-generation "minimal PDA" being developed by Compaq. You carry it everywhere, and it remembers every fact you encounter. " I think that thing, along with the Itsy, is really realy cool. I'd even be willing to submit myself to beta testing! Anyone care to speculate on what could happen if something like this ever became somewhat widespread?

That Guy writes "This article explains how in a couple of years it'll be possible to drive cross-country listening to one radio station, in CD quality, with no static. " Seems like this is an intermediate step before all music is downloaded from the internet, and we just have cars with satellite net feeds. I guess it would matter to me more if I ever left the 5 mile radius around my house :)

VA Linux Systems has been selected as a Fortune Magazine "Cool Company". You can get the whole scoop on the Fortune site. The article talks about some of the people that have been been hired in by VA recently for the Linux Labs as well - with Jon "Mad Dog" Hall being one of them.

afniv writes "Time.com as a short article about Linux. The reviewer talks briefly about Linux install troubles and will have future installments. "

Jump Suit Jesse writes "It's been a long time in the making, but Be, Inc. may finally be going public. It should be interesting to see how this IPO fares before the alleged Red Hat IPO. Perhaps this cash infusion will be used for a nice propaganda campaign. "

BOredAtWork writes "Hey, it turns out that George Lucas guy is still alive, and making movies. He's got a new one coming out this summer, and it's even on the cover of the April 26th issue of Time! " You can read the article online.

Stepto writes "Time Magazine has an interesting interview with George "I am myth" Lucas. The topic is the power of myth and sort of an analyzation by Bill Moyers as to the whole global story of the (what will be) six movies. "

GroundBounce writes "Fortune.com has an opinion article in which Stuart Allsop proposes, among other things, completely elimniating government protection for intellectual property. In support of his argument, he points to cases (including Linux) where people have made money on unprotected IP, and the fact that copying can't really be prevented anyway. He also proposes removing copyright protection from Windows98 and Office as a way of dealing with the MS monopoly. "

Jason told me about this extraordinary story of a guy who took 15 years to solve a problem in his free time, only to find that his employer for 2 years (DSC now part of Alcatel) is suing him for the idea. While this story started a long time ago, it's still plodding on. Although I was sceptical, Time, Wired, and others back his story. What's his idea? A method to convert machine code back to a high level language. Would it help him to GPL it? That would make it available to DSC, but would allow him to come up with the best implementation before they do. Since the idea would be out of the bag, DSC couldn't do very much about it, right? Update: 02/11 12:45 by S : Evan pointed out to me that if he GPL'd the idea, he'd be in contempt of court and stuck in jail.

bjb writes "According to Entertainment Weekly, TNT will be broadcasting in May a show called "Pirates of Silicon Valley", which will follow Steve Jobs (Noah "ER" Wyle) and Bill Gates (Anthony Michael "Wierd Science" Hall). Supposedly this should be "accessible even to the non-computer savvy" " In other words, it probably won't be interesting to us. But I'm curious- We should SlashNET simulcast it and MST it into another dimension. Anyway, that link requires a paid login, but I've seen this elsewhere too so it's definitely true. Someone post some free links if you find 'em.

Several folks have written in to comment that the Feb issue of Wired (7.02) has the "Slashdot Effect" listed in the jargon watch section. An anonymous reader noted that news.com has an article about domain disputes that mentions Slashdot and the whole ajax.org mess from ages back. And finally, Time Digital has an article that refers to " Slashdot Longhairs" (along with rapid apple partisan and java futurist) to describe how biased MSs recent DOJ witness sounds. I don't have long hair. Do you? Thanks to Matthew Rose for that one.

Nathan Machula writes "Linux is one of Time magazine's top 10 technology stories of 1998. There's also a menacing picture of Linus! "

Al writes "TIME has an article about Linus and Linux. I guess this means we're mainstream now! " I figure we've seen it all now. Well, there is still Better Homes & Gardens, Rolling Stone and Cosmo...

Josh Baugher wrote in to say " Intel's chairman says he has seen the future of computing " Yes.. you heard it right. Andy Grove says that Imac is a lot what computers in the future will be like. " All I know is that they look even better candidates to be fish-tankized. Anyone got extra Macs they wanna send for fish tank conversion? We'll make a story out of it-send me mail here.

Trixter writes "Just a quick note that the educational content version of OpenSource called OpenContent has finally been recognized by mainstream media in a fairly well-written article that serves as a primer to OpenContent. "

Lev Grossman writes "The Netly News has a story on the arrest of one Toto, a longtime screed-writer on the cypherpunk list, who threatened the president and planted a bomb in Canada. What gave him away? His PGP key. " The story is even more strange and interesting. Netly News does a good job of providing the background and talking about the case in general.

Lev Grossman writes "The Netly News has a story on the arrest of one Toto, a longtime screed-writer on the cypherpunk list, who threatened the president and planted a bomb in Canada. What gave him away? His PGP key. " The story is even more strange and interesting. Netly News does a good job of providing the background and talking about the case in general.

whee! writes "This article points out the true nature of Al Gore on privacy issues. Big Brother is watching you."

Ok, we've got a buncha quickies all queued up, so here's my attempt at bringing that number down. First off, Dawn Endico wrote in to tell us that the last batch of the Mozilla Mail & News client has made it into the CVS repository. Next, Bill Rugolsky wrote in to let us know that SENSES and Mitsubishi have released the source code to Indy3D, their OpenGL benchmark test. Send them feedback, guys! Next, for the funny link of the day, Garrett Rooney sent us a link to this story about Steve Jobs meeting an over-eager security guard at MacWorld. Definitley funny =) Finally, on a related note, unity wrote in to tell us that Apple made a profit of US$101 million dollars this quarter ($.65/dilitued share). Wow, things are looking up for Apple!

Allright we've got a new mysql running. Hopefully things will be stable. Ooo, and older articles will be 'archived' soon (comments remaining intact). It's the last major code change before the Test Site. OK first off steven sent us a link to a Fortune 500 open source stuff Dr.Claw wrote in to tell us that Debian has gone into deep freeze on 2.0. Oh, and we were mentioned in wired yesterday as part of the whole J*va invaders thing. I didn't intend to make a big deal about it, I just wanted to tell everyone why they can't play Invaders anymore, but 2 hours after I post it I've got a phone call from 'em. Oh well.

Michael Plump writes "Hank has 10x the votes of his nearest competitor in the annual people magazine most beautiful people poll After claiming the ballots were being stuffed by robots on the message boards, the administrator finally decided to add his name to the list of contenders (you can now vote for him just by picking his name from the list). Also, he made it on ZDNews They claim that the ballots are being won by Stern fans, but I think it is just people like us, voting against People's attitude."

Once again, an anonymous reader got this one first. People magazine is running a "Most Beautiful People" poll. I find this sorta drivel offensive honestly, and was amazed to see that a write-in campaign for "Hank the Angry, Drunken Dwarf" (I believe he is an occasional Howard Stern guest) has landed him second place, to Leo DiCaprio. You can vote here, and even if you don't vote for Hank, at least vote for Gillian Anderson. Mmmmm.