Slashdot Mirror

quakeaddict writes "LinuxQuake is now reporting that ID Software has indeed embedded some code to send, among other things, information about our PC's to ID Software. They should ASK before they start gleening information from my system." John Carmack's explanation on the page is unconvincing - video card data is sent independent of support requests and would be impossible to link to some user's email address, so it's useless for support purposes. (more) (update:This isn't as big of a deal as it sounds. read the update)

No, the second writer on LinuxQuake has it right when he says "It's market research." id doesn't care about current support, they want to know what cards to support in their next software release.

But the reason doesn't matter. The important part is that the software is doing something that it doesn't advertise and that isn't necessary for the operation of the software - sending information about your computer back to id software, which is mentioned nowhere in documentation, readme, EULA, website or installation. id calls it research - I call it a trojan horse program, and if I went into id's offices and installed a similar program that reported back to me on their machines, I would go to jail for it. If I convinced id to download and run it, by disguising it as, say, a video game, I'd go to jail for plain old fraud as well as the computer crime. That's 18 USC 47 section 1030, for the curious. It's been used against a number of 1337 d00dz who weren't quite 1337 enough.

So why does id think this is fine and dandy for them to do?

I like id's games, but this is not a joking matter. Software which performs functions beyond its stated activities is uncool (read: illegal), especially when those functions are spying on their users. Any sort of collection of data from user's machines, even relatively mundane data like the type of their video card, should be announced by the software and in the docs, and users should be able to opt out of it. How much bad press is it going to take before softwre companies get a clue? Or will the first hint they get be when an ambitious prosecutor serves a search warrant on them one day?

Update: 11/28 10:41 by michael : From various posts below and email received by yours truly, it looks as though id did have notification of the data-collecting activity in previous releases of the demo test; but not in the most recent one, for whatever reason. Perhaps the story should be about quality control on readme files. The basic point - companies need to be very open and upfront about things like this, even for benign purposes, and give people the option to opt-out - still stands, but it seems that id just made an error rather than tried to hide anything.

Bogatyr writes "Robert Cailliau, who designed the Web with Briton Tim Berners-Lee in late 1990, says all Internet users should be licensed so surfers on the information highway are as accountable as drivers on the road. " W3C has been working on such systems for years - unforgeable certificates which users must present to gain access to content, and which incidentally identify them uniquely and provide assorted marketing information. The end of anonymity, coming soon to a Web near you.

malacai pointed out a story on biz.yahoo.com about all the awards that Red Hat has been getting. Plus, their recent (pending) acquisition, Cygnus, also seems to be getting a wall's worth of plaques. Maybe we should think about giving Red Hat some kind of special award for "Most Awards Won by a Linux Company in 1999." One thing's for sure: Red Hat has done lots to promote Linux in general, and deserves strong applause for their efforts no matter which Linux distribution you personally prefer.

malacai pointed out a story on biz.yahoo.com about all the awards that Red Hat has been getting. Plus, their recent (pending) acquisition, Cygnus, also seems to be getting a wall's worth of plaques. Maybe we should think about giving Red Hat some kind of special award for "Most Awards Won by a Linux Company in 1999." One thing's for sure: Red Hat has done lots to promote Linux in general, and deserves strong applause for their efforts no matter which Linux distribution you personally prefer.

hajmola writes "a recent study has shown that AM radio may be causing problems for ADSL. According to this story at Network World, interference from AM stations can slash high-speed bandwidth by 40% on approximately 15% of ADSL connections. While AM interferes with download speeds, it does not affect upload speeds. AM frequency only affects ADSL and its subsets (not SDSL), including rate adaptive DSL and G.lite. "

NullGrey writes "Salon.com has a hilarious article that is supposedly a letter to George Lucas by a young actor who would like to play Anakin in SW2. " This is one of the funniest things I've read in a long time (or maybe its just because my fever broke and I'm in a great mood)

Aviast writes "SGI is in talks with the Gores Technology Group to sell the Cray Research unit of SGI. Read the [Yahoo News] story here. SGI bought Cray three-and-a-half years ago for $700 million. According to this story Gores originally offered $100 million for Cray, but has since lowered its offer." Rumors about this have been floating around for weeks. Looks like they *may* become reality, but the deal is apparently still a long way from done.

devphil writes "Variety is reporting that the Sci-Fi channel is producing a six-hour, three-part Dune miniseries to air next October. The Yahoo article is here." Mmmmm. Sure hope it's better than the Dune movie was.

fremen writes "CNN is reporting that Judge Thomas Penfield Jackson has appointed a mediator in the Microsoft case. The mediator is Richard Posner, chief Judge of the 7th Circuit U.S. Court of Appeals. Yahoo has a similar story indicating that he'll be acting in a 'private capacity.'"

fremen writes "CNN is reporting that Judge Thomas Penfield Jackson has appointed a mediator in the Microsoft case. The mediator is Richard Posner, chief Judge of the 7th Circuit U.S. Court of Appeals. Yahoo has a similar story indicating that he'll be acting in a 'private capacity.'"

fremen writes "CNN is reporting that Judge Thomas Penfield Jackson has appointed a mediator in the Microsoft case. The mediator is Richard Posner, chief Judge of the 7th Circuit U.S. Court of Appeals. Yahoo has a similar story indicating that he'll be acting in a 'private capacity.'"

Packetbasher writes "Yahoo News is reporting that Mary Kay Bergman has committed suicide. Mary Kay was responsible for 'many of South Park's female denizens--from the prickly Ms. Cartman to Stan's beloved Wendy.'"

Packetbasher writes "Yahoo News is reporting that Mary Kay Bergman has committed suicide. Mary Kay was responsible for 'many of South Park's female denizens--from the prickly Ms. Cartman to Stan's beloved Wendy.'"

Neil99 wrote to us with the news that Mandrake has announced Jean-Loup Gailly will be joining them as CTO. He's the author of gzip, and co-author Zlib. Very interesting - makes you wonder where they will be going next.

coldfusion writes "The American Civil Liberties Union in conjunction with EPIC and others has just launched Echelon Watch, a site which tracks developments about the intelligence gathering organization. The site does a good job of collating all of the information that has spread in the last few months. It also contains a 'write to Congress' component." Update: 11/17 09:30 by J : Baccus just informed us that the NSA has applied for a patent on Echelon-related (tapping) technology.

jfinke sent in a link - as did many others - to a brief Yahoo News story about SGI's plans to move into the parallel processing supercomputer marketplace with Linux as their base OS. "We're really pumped up about it," said Beau Vrolyk, senior vice president of SGI's product group. "It represents the beginning of a whole new generation of supercomputer."

jfinke sent in a link - as did many others - to a brief Yahoo News story about SGI's plans to move into the parallel processing supercomputer marketplace with Linux as their base OS. "We're really pumped up about it," said Beau Vrolyk, senior vice president of SGI's product group. "It represents the beginning of a whole new generation of supercomputer."

After last week's TRUSTe story, I spoke with TRUSTe's Dave Steer about my concerns with the organization. A slightly clearer picture of TRUSTe's role emerged, but few of my concerns were allayed. Click for more.

First, the week's news in brief. There has been a class-action lawsuit filed against RealNetworks. Then there were two lawsuits - no, make that three lawsuits. Their stock faltered, then rallied, and is now about 40% above the day the privacy news broke.

Strangely, TRUSTe removed its press release "TRUSTe and Real Networks Announce A Pilot Software Privacy Program" from its News page on Saturday, along with one other, replacing them with an older one. There's no indication this has anything to do with the bad press of the last week.

Dave Steer had written a rebuttal to last week's story, but it is unfortunately still not available. If and when the rebuttal is published, we'll update this story with a link to it.

Now for the issues at hand. In our conversation, Dave wanted to make two key points. The first is that TRUSTe is not a "consumer advocacy group," the phrase I've been using. The second is that their press release regarding RealNetworks was a landmark decision, a culmination of six months' worth of their realizing that they have to move in a new direction.

If TRUSTe is not a consumer advocacy group, that raises the question of what it is. I didn't get a very clear answer from Dave on this. Its website says:

"The TRUSTe program was designed expressly to ensure that your privacy is protected through open disclosure and to empower you to make informed choices."

The "you" and "your" means you - the consumer. TRUSTe claims it was designed to empower and protect you.

But it's not going to do this by punishing corporations for privacy transgressions. TRUSTe is all carrot and no stick. The carrot is that, after a corporation has been caught breaking the rules, it can restore its damaged reputation by cooperating with TRUSTe: issuing a press release, taking some simple steps to improve the situation, etc.

This is a fault that's built into the way TRUSTe was set up: a design problem. There are some questions of poor implementation as well. After the March 1999 revelation of Microsoft's secret GUIDs (user-tracking technology that can lead the cops to your door), TRUSTe went to them and asked for action. Not punishment of any kind - all they asked for was an audit.

And according to Dave, "Microsoft said no."

How could Microsoft make TRUSTe back down? The poor implementation is that TRUSTe's contract with Microsoft, and with RealNetworks, and presumably with all its 750+ licensees, makes a distinction between privacy violations that take place over the web, and others. Companies that steal consumers' privacy through non-web-related technology are not covered under paragraph 5A of the TRUSTe License Agreement.

Paragraph 5C, however, allows TRUSTe to break the agreement and void the trustmark, for any reason. If it had wanted to pressure Microsoft, this would have been the threat to make: terminating the contract, and going public with a condemnation.

But that wasn't TRUSTe's goal. Although it claims:

"...licensees agree to cooperate with all TRUSTe reviews and inquiries. If we cannot reach a satisfactory resolution ... [this] could result in a Web site compliance review by a CPA firm, revocation of the trustmark, termination from the TRUSTe program, breach of contract proceedings, or referral to the appropriate federal authority."

...it will never take these steps. Microsoft refused to cooperate because the carrot wasn't big enough - so TRUSTe offered them a bigger carrot. RealNetworks scanned its users' hard drives for private personal data, uploaded it to their servers, and blatantly lied about it. Short of actually stealing our credit card numbers and running up a tab at the Sharper Image, it is hard to imagine a more serious violation of privacy. Yet TRUSTe went to them hat in hand, asking to be allowed to collaborate.

Those contracts that give TRUSTe no authority over non-web privacy violations? That's not a bug - that's a feature. Even when it has the right to take serious action, a right TRUSTe grants itself in paragraph 5C, it chooses not to use it. Design problem.

Corporate invasion of personal privacy is not a win-win situation. This is a war in which TRUSTe will often have to take sides. Learning that it backed down from Microsoft and had to haggle over even the audit it wanted to impose was an eye-opener. Chris Larsen, the CEO of E-Loan who revealed the behind-the-scenes haggling, described his company as "very concerned" about TRUSTe's inability to address the issue.

In fact, I never would have heard about that if not for the Slashdot comment where Seth Finkelstein called attention to it. It's not confidence-inspiring that TRUSTe has refused to allow any negative information on its homepage, in its press releases, or in its statements of findings. The constant comforting message leaves me uncomfortable.

Dave's second point was that this collaboration - on a new program which will cover non-web as well as web violations of privacy - heralds an important new direction in TRUSTe's history. Now that they have enough licensees to pay the bills, they are not beholden to any of their sponsors, and can start to take a harder line. And they can renegotiate their contracts to fix the web/non-web distinction.

I'd like to believe that's true. But the heads of TRUSTe surely know that, if they ever started condemning corporations' privacy violations instead of collaborating with them, renewals on their contracts would dry up. Corporations love to enter agreements with organizations which give them good press. Organizations that give bad press get ignored at best.

TRUSTe's reputation for lax enforcement is surely part of the reason they now have 750 licensees. It would be a very different story if the carrot ever got replaced by the stick.

I could be wrong. But TRUSTe's actions support this view even if its words don't. RealNetworks needed to be slapped, hard - but now it's up to the lawsuits to give the company a reality check.

Sure, TRUSTe may have helped RealNetworks figure out the proper reaction in this case. But it has 750 other licensees that all got the message loud and clear: whatever you do, TRUSTe will not chastise you. There is no incentive to do the right thing. By its actions, TRUSTe encourages corporations to violate privacy when they think they can get away with it. This will happen again - and it will be the same story each time.

And it may happen sooner rather than later. The most frightening thing I've heard all week was Dave Steer's offhand comment that programs like RealJukebox are probably more common than we think. That makes it all the more ironic that TRUSTe is unwilling to put consumers' interests first.

Jsutin asks: "Does anyone have a working FreeS/WAN implementation talking to Checkpoint Firewall1? I've searched through a lot of Linux archives, FreeS/WAN archives, sent people email, and last but not least asked God to help me. And unfortunately all has fallen through! I've run across a few threads here and there that say it can be done but no documents explaining how to do it. I'm trying to push Linux as a VPN gateway for remote offices and would be greatly appreciative if anyone reading this has any suggestions?" "

Drog writes "Corel Corporation is officially launching their Corel Linux OS at Fall COMDEX in Las Vegas today via webcast at 1:15 PM PST (4:15 PM EST). Corel Linux Beta 2 has garnered a fair amount of praise thus far. A lengthy review written on Oct. 28 can be found at over at TechRepublic. " The TechRepublic story does require a free login, yadda-yadda.

El Volio writes "Yahoo is running a story about Miguel de Icaza's new company, focusing on GNOME software development." The new company's called "Helix Code", although that name's temporary. The plan is for all the products to be given away for free, and then charge for support, a common revenue model.

Pig Hogger writes "A meeting of World Trade Ministers would seem to propose an 18 month extension of the duty break that currently applies to cyberspace. But the fact is, the duty break only applies to what is transmitted electronically, so therefore imposing duties on such would essentially be unenforcable by customs officials... However, it is being proposed by the US that such a duty exemption be extended to the 'physical equivalent' of goods such as digital music and software. Can you spell MEDIA?" The story's from Fox News.

Xiong Jiang sent this to us from Beijing. We're running it exactly as he wrote it, without a single word changed: The curiosity from the world on Linux and China is so high these days. :) Yes, I am a Chinese and I am curious on other parts of the world, particularly, the Linux world, as you are never the less curious on China. :) These days the business of Graphon Corp. with some China companies makes a tremendous fuss on slashdot and LinuxToday." (More --->)

Warning from RM: be careful following the links in this story. They all seem valid (tested) but some of them are extremely slow and others are "China only." Netscape in Linux may either crash or hang on many of them.

Linux in China
-by Xiong Jiang

I just read the GraphOn press release on yahoo and found out it is still a very early step into China market. The "initial use of GraphOn Bridges is expected to begin in November 1999 at the Beijing Concord College of Sino-Canada, a 1500-student Beijing-based private school serving grades 10 through college". And "if successful, Chinese private enterprise and government sectors may be expected to follow..." So, it is obviously a PR from GraphOn, instead of a substantial explanation of fact. Not to mention that the China cooperators with GraphOn mentioned in the PR are even unheard to me. Maybe their English names are too different from their Chinese names ? :) OK, I just read the web of Sundiro, maybe it is a great start-up, but I really didn't hear any former success business case, and the counter on its web is 4690 this moment.

Leaving further investigation of this event to other more professional guys (I have some friends more deeply engaged in China IT industry but I am not), I would share my Linux experience as a Chinese graduate students with you, and hope you could have a better vision of Linux in China, and China itself. :)

My first touch of Linux dates back to April, 1996, when I was a graduate student in the EE department at University of Science and Technology of China (USTC), one of the top five universities in China. At that time, our campus network has just been built up, and the campus network center was helping every department set up Linux email servers. I had an account on our department email server, so, I began to use it. :) Soon, there was a campus BBS. From BBS, I got to know there was already Linux on our campus network, downloaded by our network center staff through the new-born CERnet (China Education and Research network) from the Internet. Just as most of you in the beginning era of the Internet, I am very curious about Linux, and Internet, and even email. I had never heard it before. We only had Windows, 3.1 mostly, and a few very old VAX, Sun3, and Sun4, in a lab not always open to all.

So I began to look at it. From BBS, I got to know the ftp site on campus where I can get it. We have 100M FDDI campus backbone and 10M LAN for each department, so I easily download the necessary files: INSTALLATION documents and image files. After sitting in front of a 486 66 (16M RAM) for nearly a half day diving into the document, I installed my first Linux system with slackware, kernel 1.2.13.

The learning process was very pleasant. I found out that I can almost find anything I want to know about Linux, from README, man pages, and BBS. As most of the programmers of you, "Undocumented DOS Interrupts" and "Undocumented Windows" had been my top-secret reference books in DOS/Windows era. But on Linux, everything is open. Terrific! I've got to use it. :)

Few months later, I set up a Linux masquerading gateway on a 486 100 (32M RAM) for our lab colleagues, so we only need one IP to connect the lab LAN to the campus network. We have tens of PCs but my advisor didn't have so much money for so many IPs, though it was very cheap, maybe $20 per year for each IP. Linux desktop was quite ugly at that time, no KDE or GNOME still, but we saw its power ! Many campus email servers are set up with Linux on PC. In our network center, even Sun Sparc is running Linux.

I should talk about more country-wide Linux activities instead of my own experiense. Addition to our USTC BBS, we have several other hot Linux BBS or forums. The most prestigious are freesoft newsgroup (if you can't access it, here is the mirror on linux.net.cn, the SMTH BBS (domestic access only) at Tsinghua University (top 1 in China), and ihep BBS, where the main developers of TurboLinux (China) took off.

There are several GNU software archive: freesoft, wormwang's new silk road, and Tucows Linuxberg mirror at Quanzhou, Fujian Province.

There are three main Chinese Linux distributions now: TurboLinux, XteamLinux (with win98-alike GUI installation), and BluePoint Linux (with console Chinese support employing framebuffer in kernel). They are all real free software programmers that respect GPL. They are making more and more efforts to merge their work into global Linux developemnt.

There are several individual projects that cooperate tightly with the global developers, such as KDE i18n by Lark Wang, Linux Virtual Server project by Wensong Zhang(English page). There are also some GNU/Linux related web forum, such as China Linux Forum, China DigiTribe, and our LinuxNet Forum. We have a fascinating report on Richard Stallman's recent visit to China (English page) with photos taken by myself. You may have read it on LinuxToday.

Inevitably, most of the above mentioned web pages are in Chinese. As more and more Chinese now can read English on web, either via some dictionary tools or they could speak English themselves, I hope in the coming 21th century, more and more Chinese web can be read by English-speaking people, via some dictionary tools (for example, KingSoft PowerWord) or not. :)

And thanks Robin "roblimo" Miller for give me this chance of writing on Slashdot. Though he told me to write on SOFTWARE, but not politics, I still want to point out only one thing: as American people don't necessarily think in the same way with their governments, Chinese people also enjoy this freedom. Please update your vision of China from the horrible "10 Red Years", on which we have also introspected with great regret and overcome it more open-minded since the reformation brought by Mr. Xiaoping Deng. (I speak for myself, not the government, though you may feel there is some similarity. :)

bgarcia writes "There is a PR Newswire story stating that Red Hat and RSA Security have signed an agreement to include RSA's BSAFE SSL software in Red Hat Linux Professional Edition." And Wired tells us Red Hat is coming out with with a new version that improves large system performance and speeds crash recovery. (Click below for more)

Plus, earlier this week we read about the e-commerce product they're working on with Oracle and their rumored Cygnus acquisition. Hot stuff, especially for corporate Linux users.

It looks like Red Hat is back on track, doing great Linux stuff, instead of fooling around with peripheral things like their Linux version of MSNBC (with Salon, The Industry Standard, and The Register jointly playing NBC).

According to a friend of mine who dabbles in the stock market, Red Hat's stock is up nicely as a result of their decision to go back to doing more of what they do best: improving Linux and extending its marketability.

Mazeltov!

OctaneZ asks "I am not trying to start a flame war here, but I would personally be very interested in seeing an analysis, both pros and cons, of all of the common shells: bourne, bash, csh, tcsh, and korn. I understand that a lot of linux users swear by bash because it is the default, but they all have there own "personalities" what does everyone think?" Interesting question. I'd be interested in hearing why some folks prefer csh over bash.

logictype asks: "How would you configure a FreeBSD NAT box so it will work with netmeeting or my webcam? Here is a page thatdescribes the ports needed. I am not familiar with FreeBSD so all help is appreciated."

starman97 writes "IBM will show a new 20.8 inch LCD active matrix display that boasts 2048x1536 pixels at Comdex this fall in Las Vegas " One word: Yum. A slightly related question: what is the maximum size for a portable computer screen? I would say 20" is a bit out there, but there are 15 and 16 inch laptop screens. Larger LCDs with larger production volumes will mean someone is gonna test the waters sooner or later.

Cy Guy writes "YAHOO UK is reporting that the People's Republic of China will be naming Linux as its "Official Operating System". The story is repeated with more details and notes that government officials are "enthusiastic about the community ethos behind the open source community." The story also links the announcement to the recent deal with Graphon Corp for Linux Server-based computing software. " I dunno how I feel about this. I think having a state bird is silly enough.

Cy Guy writes "YAHOO UK is reporting that the People's Republic of China will be naming Linux as its "Official Operating System". The story is repeated with more details and notes that government officials are "enthusiastic about the community ethos behind the open source community." The story also links the announcement to the recent deal with Graphon Corp for Linux Server-based computing software. " I dunno how I feel about this. I think having a state bird is silly enough.

Cy Guy writes "YAHOO UK is reporting that the People's Republic of China will be naming Linux as its "Official Operating System". The story is repeated with more details and notes that government officials are "enthusiastic about the community ethos behind the open source community." The story also links the announcement to the recent deal with Graphon Corp for Linux Server-based computing software. " I dunno how I feel about this. I think having a state bird is silly enough.

Cy Guy writes "YAHOO UK is reporting that the People's Republic of China will be naming Linux as its "Official Operating System". The story is repeated with more details and notes that government officials are "enthusiastic about the community ethos behind the open source community." The story also links the announcement to the recent deal with Graphon Corp for Linux Server-based computing software. " I dunno how I feel about this. I think having a state bird is silly enough.

As you might expect, the whole freakin' internet is abuzz with news about Microsoft. Now personally I'm pretty sick of reading about it, so I've decided to combine a bunch of relevant stories and post 'em quickie style now: Yahoo is running a story about the Wave of Lawsuits following Jacksons ruling. The Drudge Report is saying the prosecution won't settle unless Microsoft is broken up. Byte has Jerry Pournelle's take (he's against it). The NY Times has story talking about a breakup, as well as a forced source code release.

DrewMIT writes "Finally," electronic signatures" will have the same validity legislatively as ink signatures." It still needs to go through the senate, and the White House has said it will veto it. The article is quite negative, it talks about how this will violate consumer rights, but all I can think is "Its about time." What do you think?

sharv writes "Fans of Neal Stephenson's "Cryptonomicon" might be interested in tonight's (9 Nov) episode of Nova on PBS. The episode is entitled Decoding Nazi Secrets and will feature the Enigma, Dr. Turing, and "meticulous period reenactments shot inside the original buildings at Station X, including recreations of the world's first computing devices that aided codebreakers". Sounds like a popcorn event to me! " Of course, for those in the States, check your PBS listing for showtimes.

maladroit wrote to us with an interesting press release from Lucent Technologies. The former Bell company has made a breakthru using microscopic mirrors in fiber that will allow data to be carried at upwards of ten times current speeds. Supposedly, a ten terabit router has already been created, and it will be rolled out to the public towards the end of next year.

maladroit wrote to us with an interesting press release from Lucent Technologies. The former Bell company has made a breakthru using microscopic mirrors in fiber that will allow data to be carried at upwards of ten times current speeds. Supposedly, a ten terabit router has already been created, and it will be rolled out to the public towards the end of next year.

gjt writes "Finally. The death of of the ISA slot is near. Red Herring is running a story on the Legacy Free PC. Plug all of your mice, keyboards, joysticks, modems, etc. into the Universal Serial Bus. Compaq is releasing a computer called the Vista which will do just that. Yes, Apple did that over a year ago with the iMac and PCI based G3 and G4. Of course, if you're like me, you'd want to build your own box. Asus makes legacy free "PC 99" compliant motherboards. I wonder if this means more IRQ numbers. And what's the state of USB and Firewire support in Linux?" Suddenly USB is everywhere. Will it take hold? A lot of PC manufacturers sure seem to think so.

TRUSTe, the steward of the most visible symbol on the internet, is making a tough decision today. Today, it reveals what it intends to do about its client Real Networks. At stake is whatever's left of its credibility. (Update: 11/08 02:55: Real got off on a technicality: "because the transmission of user data ... did not involve collection of data on the RealNetworks Web site, the privacy incident was outside of the scope of TRUSTe's current privacy seal program.")

Unquestionably TRUSTe is the leader in third-party privacy assurance. Its only alternative is BBBOnline, which can boast only 100 members to TRUSTe's 750. But it's having a hard time living up to its motto, "Building a web you can believe in": sometimes it's hard to know what to believe.

TRUSTe's original idea was to allow a website to display one of three icons, indicating whether its privacy policy was good, ok, or bad. There turned out to be problems with this - strangely enough, no site wanted to post an icon saying that their privacy sucked - and the icons looked too similar anyway. So they went with one icon, a "badge" that every member site posts.

All the badge means is that the site has a privacy policy, and that, as far as TRUSTe knows, they haven't violated it.

If you think this is a questionable basis for a consumer advocacy group, you're right. But the real question is how it plays out in practice. Let's take a look at TRUSTe's track record.

Round I: TRUSTe and GeoCities. In June 1998, the FTC announced - to everyone's surprise - that it and GeoCities had come to a settlement regarding violations of consumer privacy.

Everyone was surprised because this was the first anyone had heard of it. Where was TRUSTe?

Caught flat-footed, TRUSTe scrambled for a few days, then made its own announcement. It pointed out that GeoCities had begun the alleged privacy violations before applying to become a member (in April) and being accepted (in May). Therefore, TRUSTe claimed, the violations were technically not under the scope of their investigation.

But turn that around and put it another way - it was able to become a TRUSTe member even while under investigation by the FTC, and TRUSTe said nothing.

It gets worse. The FTC and GeoCities issued conflicting releases about what the settlement actually meant. The FTC said that GeoCities had "misrepresented the purposes for which it was collecting personal identifying information" (including children's). GeoCities denied the charges.

So who was right? We still don't know. Despite this being precisely the issue that TRUSTe was set up to resolve, TRUSTe refused to confirm or deny the FTC's allegations.

In a 1998 open letter, I asked whether TRUSTe's initial review of GeoCities had included any really tough questions such as "are you currently under investigation by the Federal Trade Commission?" No answer. In fact, mention of the GeoCities incident seems to have been removed from TRUSTe's website.

The organization that wanted to make the FTC obsolete was not off to a good start.

Round II: TRUSTe and Microsoft. March 1999. This was the "Global User ID" case. It turned out Microsoft had been embedding a user ID into every document you created with their software. Since they put that ID on file when you registered their software, they have been capable for years of tracking authorship of even supposedly-anonymous documents.

And don't think it's just a theoretical concern. Just weeks later, the Melissa macro virus was unleashed, and its author was tracked down using this same ID. Any technology that can lead the cops to your door is potentially dangerous technology.

TRUSTe announced that this "compromises consumer trust and privacy" (duh), but said that since the Global User ID does not, strictly speaking, involve the Microsoft.com website, it had no jurisdiction. Their conclusion: "TRUSTe has determined that Microsoft.com was in compliance with all TRUSTe principles."

In reality, Microsoft's privacy page (prominently labeled with the TRUSTe seal) also discusses online registration of software products, and notes that the "personal profile" from their software registration appears on the website and is editable from the website. And that page claims that registration is covered by the TRUSTe guidelines. For TRUSTe to claim it's not requires some Clintonesque redefinitions.

CNET's headline was exactly right: "TRUSTe Clears Microsoft on Technicality."

Round III: TRUSTe and Deja News. April 1999. Again TRUSTe is taken by surprise when a computer sleuth discovers that Deja News has been collecting data on email sent by its users. When a reader clicked on an email link in a discussion posting, the destination email address was recorded, along with the presumable topic of discussion, the sender's IP number, and if registered, the sender's personal data.

This is not what one expects when sending private email! And this clearly involved Deja's website, so there was no question of another technicality.

TRUSTe's analysis of this situation was only two paragraphs long; here's all that happened:

"TRUSTe specified certain clarifying language to be included in the privacy statement. Deja News, independent of TRUSTe, then decided to discontinue the practice of tracking IP addresses in conjunction with the mail-to feature."

In fact, the situation was resolved long before TRUSTe even bothered to issue that statement. TRUSTe's suggestion of "clarifying language" had been obviated long before by Deja's indepedent action. See ZDNet's story of May 4th, which hopes that TRUSTe "will likely issue some sort of statement...this week." But TRUSTe stayed silent for four weeks.

Round IV: TRUSTe and Microsoft (again). A wide-open security hole in Microsoft's Hotmail is breached, and for a few hours everyone's inboxes are public domain. (If you don't think this is a serious privacy violation, read the stunning anonymous tale of cracking into an enemy's email, published on Salon.com the next day.)

TRUSTe's response is to call in an independent accounting firm to talk with Hotmail's programmers and security people, look over the source code, and generally try to make sure such a problem won't happen again. This isn't a bad idea - it just wasn't much of anything that Microsoft wouldn't have done on its own. Locking the barn door after the horse is gone doesn't help the people whose privacy has been lost. Microsoft is out of pocket a few bucks for the audit, and gets more than its money's worth by being able to say that TRUSTe still gives them a clean bill of health.

How can all these incidents have passed by without punishment of any kind? It's because of what TRUSTe is actually guaranteeing. Not that any company will actually keep its data private - but that the company is not lying in its privacy assurance.

That's right. You know those privacy promises you never read, the ones that are different on every website and all seem ten pages long? What TRUSTe does is promise you that, if you had read them, you'd know your rights.

If it wanted, a company could have its lawyers dress up "we will spam your email every day and sell your name and address to anyone who asks for them" in legalese, and get a TRUSTe badge on their homepage. Would you know you were being screwed? Not unless you speak fluent lawyer.

Is the FTC such a bogeyman that we really need to sell our privacy so cheap?

When Ralph Nader was pressing the government to impose strict safety standards on the auto industry, Henry Ford II complained that they were "unreasonable, arbitrary and technically unfeasible." After the laws were enacted anyway, a decade later he conceded: "We wouldn't have [these] kinds of safety ... unless there had been a federal law."

Imagine if our only automotive safety regulations were that Detroit must abide by its lawyers' fine print!

The usual argument is that requiring an actual guarantee of privacy would stifle business. The purpose in forming TRUSTe was to keep the internet corporation-friendly, by keeping the government out. TRUSTe was well-intentioned, no question. It was a noble experiment.

But, according to some influential people and groups, it has failed.

Forrester Research studies topics related to the internet and made privacy its concern in its September 1999 report, "Privacy Wake-Up Call." Its conclusions should not be surprising:

"Most privacy policies are a joke." Forrester says corporate privacy policies are legalese set up mostly to protect the corporations.

"Few companies meet key privacy protection principles." About 10%.

"Third-party programs show little traction." Hundreds of TRUSTe licensees don't amount to much on the billion-page net.

And, "third-party privacy firms...like TRUSTe...become more of a privacy advocate for industry rather than for consumers."

(Slashdot has more on this study.)

Even the Electronic Frontier Foundation, after years of straddling the fence on the issue, has finally recognized that self-policing just doesn't work. The EFF is not just the best-recognized internet rights advocacy group; it created TRUSTe.

Yet, in an October letter to the FTC, the EFF laid down its cards:

"Creation of TRUSTe and its seal program was one such early innovation of EFF. TRUSTe was successful in several areas. ... We now must move out of this awareness-raising mode and into an action mode where real protection can be achieved. Legislation is needed in order to achieve that goal. ... we think it is time to move away from a strict self-regulation approach to protecting privacy online."

The latest nail in the coffin came on November 1, when EFF Program Director Stanton McCandlish laid out the facts on the fight-censorship mailing list:

"Our stance has basically been that industry self-reg would be worth trying, but might or might not be enough. We did the 'proof of concept' ourselves, by launching and spinning off TRUSTe. But TRUSTe was intended to be and is a separate, independent entity, and was created as an experiment. The experiment is in many ways a failure..."

(McCandlish's personal opinion is even more scathing. Follow the link to read it.)

You wouldn't know this if you read the TRUSTe website. Their homepage proudly tells you about the six-month-old Georgetown study, but makes no mention of the Forrester Research report. It tells you that the FTC supports self-regulation (based on Georgetown), but won't tell you that its own parent, the EFF, thinks the ride is over.

If TRUSTe is a consumer rights and advocacy group, why are they only feeding us the feel-good stories? Aren't consumer groups supposed to be the ones that dig up dirt and tell us about potential problems?

The money trail leads to the answer. TRUSTe isn't a consumer advocacy group. TRUSTe doesn't get its money from consumers. Its money comes from corporate sponsors, and nobody wants to bite the hand that feeds them. Besides, those corporations want the message to be one of constant calm. Concerned customers are not good for sales.

Remember the GeoCities FTC findings that TRUSTe wouldn't comment on? GeoCities had just done an IPO and millions of dollars were at stake. GeoCities' sister corporation Engage Technologies (they are both subsidiaries of CMG Industries) was a Contributing Corporate Sponsor of TRUSTe. That conflict of interest was never mentioned.

(GeoCities has since been purchased by Yahoo.)

Remember the Microsoft incidents that TRUSTe waffled on? Microsoft is not just a member, but also a Premier Corporate Sponsor of TRUSTe. That conflict of interest totals $100,000 per year.

Round V. By now you've guessed that this is leading up to the current furor over Real Networks. Real is a TRUSTe member. Do I need to mention that it's also a Contributing Corporate Sponsor?

TRUSTe said that it would render judgement on Real Networks by the end of last week. Now it's saying today.

And it's making noises like they're actually going to do something this time:

"We could take the company to court for breach of contract, since they do have an agreement with us. Or, we can forward the case to the FTC... I guarantee that the damage to the reputation of the first company that we do that to will be big."

For its own sake, it had better. We're talking about a company whose product is a Trojan Horse that secretly scans your hard drive for valuable personal data. If TRUSTe doesn't unload with both barrels, its credibility will be negative zero.

Anything TRUSTe does may have a negligable effect in any case. Corporations only understand the bottom line, and RealNetworks stock shot up 25% in the five days following the privacy debacle. With the company's market cap $1.9 billion higher than it was a week ago, how much are they really going to care about some nonprofit gnat?

We can hope. Real.com today unveiled its new website, a music portal, which investors will be watching carefully. Also happening today is a conference held by the FTC and Commerce Department for data-profilers to announce what they're going to do to protect privacy. So if TRUSTe were trying to maximize the effect of their announcement, today would be the day they'd pick. It could be that the gnat will have a nasty bite that surprises everyone.

Still - you can dress an organization up in not-for-profit clothes, but that doesn't change that it's beholden to its revenue stream. TRUSTe says we can trust them to be objective, on the theory that their revenue stream will dry up if they don't do right by consumers. So far, there doesn't seem to be much truth to that. They haven't been doing us right, but their number of contributors and members just keeps growing.

I enjoy reading about the future envisioned by people like Gibson and Stephenson, where the net is totally unregulated and a "right to privacy" is a dim memory, or a joke. That doesn't mean I want to live in that future. Europe has consumer protection laws that are, from an American perspective, astonishingly strong. Maybe we should take a look at other countries' solutions, to see if there's something we could learn.

So far, all we've learned is what fails.

- Jamie McCarthy

A number of readers have written to us with a report from Reuters regarding the US Military and cyber-warfare. The context is that the reason the US military did not crack into any of the Serbian boxes because the rules of war are still so murky in that area. What do you folks think? Anything goes? Or should we have a special section added to the Geneva Conventions?Update: 11/08 09:33 by H :Thanks to spartan for a better story on the subject.

2sheds wrote to us with an update from Lotus saying that Domino Server Release 5 will be out for Linux within 30 days.

GrenDel Fuego was the first to write with the news of Cobalt's rather succesful IPO. It's gone from 22$ opening shares to a now current of 146$ per share. You can check where it's currently at as well.

BJH writes "Saw this on Ars Technica - NVidia have announced their new workstation-class graphics board, and say that it's going to have OpenGL drivers for Linux. Check it out their press release for more information. " The hardware looks really, really nice too.

Mowser X writes "IGN.com has some more interesting news on the status of the sequels to The Matrix. Apparently, the next two movies will pick up right where the first one ended, with part of the movie taking place in Zion. " Neo, Morpheus and Trinity have also been signed, or are just about finished signing as well - and it still sounds like the brothers want to release back to back.

BigJocker asks: "Im developing a program under Linux which connects to PostgreSQL. I want to port the software to WinNT, but i have read in the documentation that to make Postgres run on WinNT you have to use CygWin, which has a very particular license, is free if you distribute your code. If i want to sell my software (which is code-independant with PostgreSQL) for the WinNT OS, i have to compile Postgres with CygWin, and distribute the binaries along with the source code, so i keep the GPL license, but my software is distributed in binary form with a license from myself. Then, how do i distribute it? is there a way to do this? has anyone tried it? is it even legal? "

lost_packet writes "Today's Boston Globe has an article about yahoo removing posts from their chat boards. quote:"The truthfulness of these messages wasn't in dispute, said Yahoo chief executive Jeff Mallett. But the company took down the material to reduce its impact. Yahoo has to ''be careful'' because ''what we publish can influence a lot of people's lives,'' Mallett said in an recent interview." " The scary thing about this is that if you remove messages, you are supposedly liable for the rest of them. Its definitely a sticky situation.

The Dakota Kidd writes "Just saw this on Linuxgames today - Creative has released the drivers for their dxr2 DVD decoder card. It isn't listed yet on Creative's Open Source page but it is in the CVS repository. " Kinda lost in the excitment of their open sourcing the drivers for SB Live!, but yet more good news on the hardware support front.Credit where it's due: Andrew deQuincey and Lucien Murray-Pitts actually wrote the code - it's nice to be able to get it now.

Quite a number of people have sent us the word that RealNetworks' has apologized for not being clear about what data RealJukeBox was collecting and has updated their privacy statement. Additionally, they are making available a patch for RealJukeBox that will disable the data-collection.

hajmola writes "according to this article, a study was carried out by researchers at the University of Rochester Medical Center using a particular HIV gene to fight cancerous tumors."

Hos writes "According to this story, PC Chips is going to ship Corel Linux with all of their motherboards. " Basically, from what it sounds like, PC Chips is going to put a copy of Corel Linux, WordPerfect 8 for Linux, and WordPerfect Suite with the motherboards. PC Chips estimates that they will ship over 20 million motherboards over in 2000. Corel will also be doing more on their web site, as well as a "joint marketing campaign." I guess that's one way to get jump start a large user base.

shaar writes "Motorola has introduced another neat wireless chip. It seems this new chip would get us all closer to the all-in-one gadget no matter where you are. From the press release blurb: 'The chip conforms to the Code-Division Multiple Access (CDMA), Global System for Mobile Communications (GSM), Integrated Digital Enhanced Network (iDEN), and Time Division Multiple Access (TDMA) standards and also supports satellite-based products.' "