Slashdot Mirror

I call shenanigans on the parent posting. This is FUD, and mis-informed FUD at that. There's no evidence that Chrome sends anything but the *hash* of the site you type in the address bar, and does not send your browsing history anywhere at all - whether in incognito mode or not.

See Lauren Weinstein's Privacy Forum posting here and here. Quotes:

Yesterday I posted some thoughts on the privacy policy associated with Google's new "Chrome" Web browser, and gave the open-source product -- which has a great deal of potential -- an overall thumbs-up based on current information...

and

I'm afraid that I'm much more concerned about the privacy policy for Microsoft's new "Internet Explorer 8" browser (which of course is not open source). While overall functionality and touted privacy improvements appear to be similar in many ways to Chrome, some of the specific privacy-related decisions in IE8 are very different from Chrome -- and not necessarily in a good way. One in particular is significantly alarming...

This guy does privacy issues and privacy policy for a living. I've been reading his analysis for years, and I give his opinions great weight.

There are a few packages available on the Network Neutrality Squad's website:

• Testing Your Internet Connection for ISP DNS Diversions
• Network Measurement Agent

(These were mentioned on Slashdot a little while back)

how many people are sitting at computers that have mics and cameras trained on them that may be remotely controlled? how many have telephones in their homes and offices with speakerphone mics that may be remotely controlled? how many are using networks where every transaction is logged? how many have tracking systems in their cars? welcome to OnStar. at least when Google takes street view pictures, they publicize them and share them.

it appears they're inserting it into the page.

My question is: what happens when you insert this happy little 'message' and its CSS into a page with more intensive style-sheeting? php? Google's a fine example because it's so blank, but somehwere along the line, this is going to break some webdesigner's coding.

Interestingly, the guy who designed that logo had a thing for blue circles - he did Continental Airlines and Minolta, among many others.

If you are harboring any ideas about making time with Lauren I strongly suspect that you will be assinged the role of the bitch.

http://www.vortex.com/lauren1.jpg

And it's gas, grass or ass, baby, nobody rides for free.

KFG

You may want to see a picture of Lauren before you say that.

Lauren Weinstein is not a chick.

Then maybe you should be removed form Windows support and reassigned or let go. Sorry but if you have these problems "all the time" then you are doing something wrong.

Yeah, right. It's my fault Microsoft patches often cause problems. My fault and the fault of thousands of others who just don't know what they're doing, I suppose. Let's see what a google search turns up:

• August 30, 2006 - IE patch breaks Exchange 2000
• August 16, 2006 - Microsoft patch may crash IE when certain websites are viewed.
• June 16, 2006 - Microsoft patch breaks dial-up networking
• April 18, 2006 - Microsoft patch breaks HP software
• April 16, 2006 - Microsoft patch breaks web pages ON PURPOSE (EOLAS problem passed on to their users)
• April 14, 2006 - IE patch breaks Siebel client
• October 29, 2005 - Another Black Eye for Microsoft Patch Creation Process
• May 13, 2005 - Faulty Microsoft Update Rekindles Patch Quality Concerns

I could go on. That's just the tip of the iceberg. It's a known issue. Has been for years. Many of those links point to articles saying things like "Patches have caused trouble at times, on occasion prompting Microsoft to fix already released updates" and "When we are dealing with Microsoft updates, one thing we always reiterate, then reiterate some more, is to test before deploying. The guidance is always to download, test, then deploy the patches. With Microsoft, the test section of our guidance has gotten larger and larger."

That you haven't experienced problems with ANY Microsoft patches but SP2 is at best an anomoly.

Where I work we've got about 500 windows computers, give or take. Those run on a rather eclectic mix of hardware, some as old as P2s, some as new as Core 2 Duos. Servers, workstations, you name it. We run a pretty eclectic mix of software too. Off the top of my head some examples would be Matlab, HFSS, Photoshop, Office, Vegas, Visual Studio, Metrowerks, Miktek and so on. A fairly diverse Windows environment, in other words.

Wow. I'm happy for you. Your parents must be so proud.

Wanna know how many patches ever came out that broke systems? One: SP2. How many broke? 2, both personal systems loaded to the gills with spyware. We wiped them to get rid of the spyware, they took the update and worked fine. That's a pretty good track record. Comparable to Solaris (which we also run a lot of)

So, is it your policy to automatically patch production servers using AutoUpdate? You've never run a competitor's database or application stack on any of your Windows servers? All the software you mentioned is desktop software. Because if you have, you'll find service packs breaking things aplenty. I'm not talking desktop apps. I'm talking backend. I'm actually fairly comfortable setting desktops (since XP stabilized) to auto update. I would never apply a patch to a production server without full testing on test servers to make sure things like, oh, let's see...the latest SQL Server service pack doesn't cause function FOO of product BAR to stop working...because that happens...frequently.

Now let's compare that to, say, Fedora, which we also run.

I never said anything about Linux. Patch management seems to be an equal

Here's a fairly funny satire about Google Print:

http://www.vortex.com/reality/2005-10-23

It argues that you can copy anything you want-- as long as you promise to index it and put the index on the web. Then you can keep the text around and do what you will. If anyone gives you a hard time, come up with some inane opt-out policy with a real nasty bureaucracy and blame them for being uncool.

I hate to say it, but this satire convinced me that Google is pretty sleezy. The creators are getting nothing and a bunch of guys who happen to build a few automated indexers are multibillionaires. I'm happy to reward innovation, but this is nutty.

Greetings. If you do a search on Google for "iraqi prisoner abuse" you'll find plenty of entries. My own blog comes up just fine with its collection. --Lauren-- Lauren's Blog: http://www.vortex.com/lauren-blog (Search for "prisoner" on the blog to find the items.)

Lauren Weinstein is male: http://www.vortex.com/lauren

As highlighted by slashdot.org, according to a mailing list posting (mirror):

From: Lauren Weinstein

[...] Subject: Warning to IP Readers: When "The Debate Show" Calls -- Hang Up!

[...] They wanted me to debate a known spammer (who they wouldn't identify at the time) regarding the scourge of spam. It would be fun she implied, since the audience would of course be on my side.

[...] Crossballs is a rigged "reality" show, where real guests, who have been kept in the dark about the show's real format, are paired off against actors (playing the debate opponents) for the amusement of the live audience. The stories I read from persons recently on the show included descriptions of crude, sexually-oriented verbal attacks (and worse, like being handed various sexual "apparatus") and concerns that their reputations would be ruined once the shows aired.

The nature of Crossballs is confirmed by a couple of other sources. According to a gopusa.com commentary:

This show is not "The Debate Show," as advertised and the name they use to procure panelists, but "Crossballs" a newly produced show for Comedy Central, owned by Viacom and MTV networks, and is a spoof of political debate shows that seeks to mock conservatives with actors posing as some of the panelists.

One such real panelist, who thought the show was going to be a serious debate show, was a conservative activist from California who prepared to appear on the show to talk about the 2nd amendment. Jim March, whose account we have attached, is a 2nd amendment activist and was mocked and ridiculed by a "psychologist" who said he had sexual issues and offered him a two month supply of penis enlargement pills if he gave up his guns.

Nowhere in the material for "The Debate Show" and the press releases for the upcoming "Crossballs" do they make the connection, or let you in on the joke that the "actor panelists" debate the real panelists, complete with props and "live feed" video designed to mock and make fun of the real panelists and their conservative views.

And according to a June 15, 2004 story from digitalspy.co.uk, an entertainment newsblog:

Debate shows on US cable news channels such as CNN's Crossfire and MSNBC's Hardball are to be "skewered" by a new Comedy Central show, Crossballs.

The new show will feature comedians posing as experts debating real people who don't realise that the show is a sham.

"Shot in front of a live audience, Crossballs is a smart, comedic spoof of programs such as Crossfire, Hardball with Chris Matthews, and the entire Fox News Network," explains Comedy Central.

The show premieres on Tuesday, July 6 at 7:30pm ET and will air for eight consecutive weeks.

In similar display of mockery, according to a Jun 5, 2004 dc.indymedia.org story:

A small but determined group of about 60 demonstrators displayed their anger and disgust in front of the offices of Arlington defense contractor, CACI last week.

CACI is the firm recently implicated in the report by U.S. Maj. Gen. Antonio M. Taguba. CACI employees "were either directly or indirectly responsible for the abuse at Abu Ghraib," according to the report. Taguba strongly reco

That would also have the effect of DDoSing the Secret Service for awhile, since it's reputed that Xerox color copiers, and possibly others, disable themselves until reset by a technician when they detect an apparent attempt to copy currency. See this, which was pointed to by another poster in this story.

Allow me to recommend an article from Annals of Improbable Research, most easily available in one of their "Best Of" collections:

David P. Cann and Phillip Pruna
Xerox Enlargement Microscopy
Annals of Improbable Research (1:2), March/April 1995

Too bad the film-scanner folks missed this: could have saved themselves a lot of work.

This was the thing I read on it.

That was a poor link to the IBM paper, but here is a good link to a fairly reliable source. (editor of the PRIVACY FORUM digest, a cousin to the RISKS FORUM digest which everybody on slashdot OUGHT to read regularly.)

Summary quote pulled from the body of the article:

In fact, rumors about this, often chalked up as an "urban legend," have been
circulating for a long time. This is a bit ironic, given that in the
copier/printer industry it's been well known for years--no secret--that
"invisible" IDs are imprinted on virtually all color xerographic output,
from (apparently) all of the manufacturers. But for persons outside of
"the trade," this hasn't been as widely known (even though the issue goes
back to the early 90's, and the topic has appeared in publications such as
the Wall Street Journal).

PFIR - People For Internet Responsibility
TRIPOLI Project Press Release
May 8, 2003

PFIR Home Page

PFIR Announces the "TRIPOLI" Project

A Call to Arms to the Internet and Open-Source Communities!
It's Time to Secure E-Mail, Control Spam, and Empower E-Mail Users!

People For Internet Responsibility (PFIR) co-founders Lauren Weinstein and Peter G. Neumann today called on the Internet and Open-Source Communities to consider a proposal for the most significant and far-reaching changes to e-mail systems since the creation of the Internet and its ancestor ARPANET more than 30 years ago.

PFIR today released a white paper describing a proposed project to consider the implementation and deployment of widespread encryption, authentication, anti-spam, and other advances directly into the fundamental structure of Internet, intranet, and local e-mail systems.

The "TRIPOLI" project overview paper located at:

http://www.pfir.org/tripoli-overview

describes the proposed new environment which focuses on ensuring that choices and power regarding e-mail are vested directly with e-mail users themselves, rather than with Internet Service Providers (ISPs) or government agencies.

The changes described by the TRIPOLI proposal could be gradually implemented, largely based upon open-source software tools that already exist. Ultimately under TRIPOLI, the volumes of forgeries and spam (both received by users and traversing the Internet) would be drastically reduced, by default all e-mail would be encrypted, and e-mail users would have essentially complete control over how they individually choose to send and receive e-mail.

"Current e-mail systems were not designed to deal with the kind of world we have today -- they've become a hopeless nightmare for users and ISPs alike," said Weinstein. "E-mail users are inundated with spam, forged mail, and other garbage, and unfortunately the actions many ISPs are taking to try control spam and other e-mail are shackling their honest customers with unreasonable restrictions and making matters even worse. Some of the proposed anti-spam laws may also exacerbate these problems without really controlling spam at all. Legitimate e-mail users need to be put back in the driver's seat, and there isn't a moment to lose."

"These problems are getting more severe every day," said Neumann. "Not only are users and networks drowning under spam and other e-mail deficiencies, but basic matters of security and reliability on the Internet are being largely ignored under the current intolerable situation. These critical problems simply cannot be fixed without coordinated and major changes to the way e-mail is handled throughout the Internet. It's going to be a big job, but we have to get going on this right now."

PFIR hopes that the TRIPOLI proposal can act as a starting point for discussion and implementation of systems to solve the many e-mail problems that exist today, in a manner that empowers users rather than unfairly restricting them. PFIR invites the participation of the open-source and Internet communities at large towards these crucial goals.

Persons interested in participating or getting more information about the TRIPOLI project can send e-mail to:

tripoli-info@pfir.org

or use the contacts listed below.

- - -

CONTACTS:

Lauren Weinstein
lauren@pfir.org
Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
http://www.pfir.org/lauren

Peter G. Neumann
neuma

Actually, it's a bit deeper than that. In 1961 Bell Labs programmed an IBM 7094 computer to sing the song, and a record was released. (I rememeber checking it out of the library about 1974.) One rumor is the Kubrick chose that song since this is thought to be the first recording of a computer singing a song. So it's only natural for Bell Labs to reprise their 40-year-old hit song. See this link for a recording. A bit spooky sounding.

See this funny and on-target analysis by Lauren Weinstein.

The unofficial gopher hosted at Point Loma University is still running and actively maintained, and even has a list of new Gophers for 1999 and other still-functioning Gophers. The Privacy Forum Gopher was updated just 2 weeks ago.

This sort of thing has been discussed repeatedly and at length in the Risks Digest. You guys do read the Risks Digest, don't you?

The Risks Digest is more verbosely known as the Forum On Risks To The Public In Computers And Related Systems, ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator. It's a great and fascinating thing to read; it covers almost any topic even tangentially related to the risks of using computers and digital systems, including privacy issues, Y2K issues, software in critical systems, encryption policy, etc., etc. It is known on usenet as comp.risks, and is also available via e-mail. It's an old forum; in the online archives you can read discussions following such famous events as the loss of the Shuttle Challenger and the Robert Morris Internet Worm. Highly recommended reading for anyone making software.

Also recommended are the Privacy Forum and the Computer Privacy Digest.

--Jim

Better yet, here it is in an audio link.

--

I just thought I would point out the review here a few weeks back of Database Nation: The Death of Privacy at the End of the 21st Century. by Simson Garfinkel. He gives some attention to the possible consequences of the increasing coalescing of information about us. I'm about two thirds of the way through it and there are no general ideas that aren't familiar ground for long time readers of the Risks Forum and the Privacy Forum, although there are some frighten examples that were new to me. However, if you need a book to explain to Mom why you are concerned about privacy issues, this is a good one.

The Risks Digest frequently covers issues related to this. The latest issue contains a brief comment on Simson Garfinkel's new book, Database Nation: The Death of Privacy in the 21st Century published by O'Reilly & Associates. The PRIVACY Forum is also an excellent resource on issues of privacy and technology.

Id secretly monitored people because they hadn't really thought about it at all. It just seemed natural and beneficial and, hey, who expects privacy and we're not matching up names...

It's this lax attitude that leads to another company saying "Hey, why not take this to the next level and completely track the user".

I got spammed recently by Barbes & Noble and they had a hidden img tag in the HTML version of their spam. The hidden image contained a unique number so that B&N new exactly when I looked at their crap. (See Privacy Digest for more).

B&N thinks there's nothing wrong with this. Comet thinks there's nothing wrong. Id thinks there's nothing wrong. They all think they haven't crossed the line yet. If we keep allowing them to push this line, you can bet that people will keep pushing this line.

If you weren't mad at id, then where exactly do you draw the line? Comet isn't tracking names (yet). Sure, kids use Comet's Cursors... but kids also play video games. If you accept what id did, then you set yourself up for Comet.