Slashdot Mirror
Mattel Dislikes Being Embarrassed (UPDATED)
Update: 03/16 6:50 PM EDT by J : The problems started with the AP story (cited above). The decryption software posted by the activists was described as "a method for kids to deduce their parents' password and access [pornographic] Web sites."
This was the spin that Mattel's PR people put on the story. They surely didn't want the news media reporting that activists had posted software that exposes their secret, hidden blacklist to the light of day. That wouldn't sound so good - it might get people to ask "why are these blacklists encrypted at all?"
Instead, Mattel's PR decided to say that the decryption software allows kids to view pornography. Predictable - this is the same smear that's always dragged out - but the media swallowed it uncritically. (The AP story was repeated on cnet, and everywhere else that uses the AP feed.)
Even the normally-critical Declan McCullagh wrote a story for Wired whose opening sentence was corporate propaganda. "Toy-maker Mattel has sued two programmers who revealed how to circumvent its CyberPatrol blocking software." Thankfully, the rest of his article gave the full story.
Mattel is not upset about CPHack's minor feature of circumventing the program when installed. Peacefire has been distributing their own instructions to disable Cyber Patrol for months now, and hasn't been sued. (They're pretty simple instructions, too.)
Mattel is upset that people can see the flaws in their software which were previously hidden by encryption. They want to continue selling bad software and will use the full force of law to prevent you from learning how bad it is. Legal papers have already been served and the proceedings will presumably begin shortly. Stay tuned - and don't trust press releases.
Hence, "by clicking OK you agree" would fall back to "by using this software you agree," and the latter's perfectly fine, since plenty of reverse engineering can be done without ever running a piece of software.
DCMA is AFIK a USA thing... We can do anything we want in whatever country we live in, provided we don't break the law where we live.
Tell that to the US courts who feel no compunction whatsoever is handing down injunctions against people in other countries for activities which, obviously to any casual observer, do not concern the aforementioned courts in the least (c.f. DeCSS, etoy.com).
Tell that to the US special agents who routinely kidnap people abroad, bringing them over to the United States to stand trial under US laws, often for activities or behavior which was committed outside of the US and therefor outside of US jurisdiction.
Tell that to the US Army, which on more than one occasion has invaded a country for violation of US Law (remember Panama and Noriega?), completely at odds with both international law and international norms.
Tell that to the IMF, the World Bank, and the WTO, who can coerce with extreme economic threats any government (including, ironically, the US) legislation of nearly any kind under the argument that trade is "unfairly restricted" otherwise. Definitions are deliberately vague, changing to fit the political agenda of the moment.
Most of all, tell that to the Politicians whose hubris in ordering such actions threatens to destroy not just the external victims of their intoxication with power, but the US itself.
Not that they'll listen. After all, if they won't even listen to their own people (and from personal experience I can assure you they don't), they certainly won't listen to a bunch of durn' pinko commie bedwettin' ferrener's anyway. Still, the more voices added to the chorus, the more difficulty they'll have in ignoring it, over time.
Much more importantly, tell your governments to start standing up to the US and stop being our lapdogs! After all, if we lose the battle to stop and reverse the hemorrage of civil liberties here, it would be nice to have somewhere to escape to, in order to fight again another day. If your governments continue to behave as an extention of our own, this option won't exist and the downward spiral and attrition of civil rights and liberties may well reach an irreversable point.
The Future of Human Evolution: Autonomy
You will have to get one of the freely available test versions of Cyber Patrol (try www.cyberpatrol.com) and install it. The package includes an old list, so you'll have to run the 'update CyberNOT' procedure to get the latest. After that, you can save it away and uninstall CP, keeping the 'cyber.not' file.
Belief is the currency of delusion.
Simple solution for the log files... Encrypt them. Give Mattel a taste of their own medicine.
I would like to suggest ROT-13 as an appropriate method. That's probably enough to keep them busy for years.
-BW
> Please keep the source code small on these decoders people; the court might wants to save on paper when printing it as "exhibit A" for our attention.
Yeah, and it needs to fit on a T-shirt, too!
--
Sheesh, evil *and* a jerk. -- Jade
I was talking with my wife earlier today about issues like DeCSS and DMCA adn she was shocked that she did not know any of this stuff was going on. I said that I did not expect her and other non-geek population at large to be very informed about such a narrow (albeit important) topic. She then said then we get just what we deserve. She suggested htat we email everybody we know and educate them about these topics. Having thought about this for a while I agree with her. We tend to look down on the "ordinary" american and dismiss them but as long as we don't get them involved we are powerless. I suppose it would help if the geek community was a little more political too but we seem all too happy to bury our noses in our monitors and pretend this is all going to get better on it's own.
Step 1. Get organized
Step 2. Recruit your neighbor.
Step 3. Get involved
Or else forget about it.
War is necrophilia.
Comment removed based on user account deletion
Because there's a sizable (if misguided) market for censorware, there are quite a few companies vying for that market all of whom consider their prime asset to be their blocked site list, and if there were a plain text copy of one company's list, it would be very easy for every other censorware company to add every site in that list to their own, this negating the original company's advantage.
Now why a company wouldn't think that a list with 75% false positives (assuming that's typical - it might or might not be) isn't considered a liability is very interesting: They get less shit for a false positive than for a false negative. Virtually all censorware products have ways of overriding both. So imagine the two scenarios:
Because of this, censorware companies feel that the larger list they have, the better, no matter where that list comes from. And therefore they try to protect their list from being stolen by encrypting it. Badly.
So that's why. I know it doesn't make any sense, but that's the rationale.
[TMB]
Look at this opening statement:
A company that makes popular software to block children from pornographic Internet sites filed an unusual lawsuit late Wednesday against two computer experts who developed a method for kids to deduce their parents' password and access those Web sites.
Anyone else notice the disinformation in this? The censorware doesn't just block children, it blocks everyone. They're making it sound like the people who cracked the encryption are promoting children seeing porn instead of promoting the anti-censorship movement. Way to keep neutral, Yahoo.
But then see this:
Microsystems also asked the judge to order the Swedish Internet company where the bypass utility is published to turn over records identifying everyone who visited the Web site or downloaded the program.
Um, why? The only reason I can possibly think of, which is pretty paranoid, is that Microsystems plans on using this as data, to say "hey, look how many people can now see porn whenever they want to, instead of letting us decide what is decent for them!" If you want to get really paranoid, you can say Microsystems wants to track who downloaded it and say "sorry, you've gotta get rid of that program", but I'm not sure how far you can trace IP addresses...
And the common "their encryption sucks, it's their fault" argument is trash. If someone breaks into your house because they could smash down your door, is it your fault that you didn't have steel bars? It's a question of whether or not reverse engineering like this is legal, not a "you suck, get better" situation.
------------
"Okay, who taught the cat how to type ctrl alt delete?"
What has happened here is that someone did an expert(at least compared to the people that did the programming) analysis of a cryptographic aproach. Something that is specifically allowed under US law.
Save your breaking and entering analogies for piracy. This was an act of free speech consumers have a right to know what they are paying for. The list of blocked sites should not be encrypted with anything more powerfull then a simple shift cipher to keep children from looking at the list in a text browser. The person that bought the program has the *RIGHT* to know what sites are being blocked.
This encryption scheme is not a method to stop piracy or digital theft. It has one reason for existance, which is to keep people from knowing what sites and what rules are used to block sites. Reverse engineering is completely legal. Therefor if they don't want to see their precious list fall into the wrong hands they should use a decent encryption algorithm.
Environmentalists are their own worst enemy. ~tricklenews.com
Already done.
---- Sig? What sig? Who needs one, anyway?
A couple of points that may be relevant (I'm Matthew Skala, one of the defendants, but this information should speak for itself):
1. We didn't post the Cyber Patrol block list. We posted a utility that can cryptographically attack the block list. In order to read the decrypted block list, a user would have to already have a copy of Cyber Patrol, which they can't get from us. Our posting does not contain material from Cyber Patrol, except for a few lines of hex dump and assembly code embedded in the essay we wrote explaining the break.
2. Although we sympathise with Peacefire and think they are fine people, we are not Peacefire. Peacefire deserves credit and blame for many things, but not for this particular project. We did this independently of them. It wasn't a Peacefire project.
I was cusious and downloaded a tool to decrypt blockfiles from peacefire. I was able to decrypt a 4 mb blocklist which resulted in a >10mb plaintext file full of URLS.
Just for the fun, I tried grep'ping for the most known porn site and they were all there.
Strangely enough, I looked for known URLS of the Ku Kluxx Klan, none showed up.
Yeah! Porn is bad, kids should not know about sex!
Lets inculcate them racism and hate instead.
I just read this, and am enraged at the very thought of this litigation. I am a parent, and thought for a while about using some of this software because my time to surf with my kids is limited. I never did it though because it goes against everything that I believe about parenting. Those that hide things from their kids only ensure that their kids will hear it from somebody else, and that their values are not the same. Why even go there? Any smart parent will deal with the issue and give their kids the support that they need to make smart decisions. The software is nothing more than a cop out.
Given that I would not use this sort of software, I still have to say that parents that do choose this (lazy!) path have a clear right to understand what it is they are getting for their money. How else are they going to know? Type in a bunch of URLs and see if they are blocked? Maybe if they typed in a lot of them they would understand what was being done. Heck if they thought about it for a while, they probably could just deduce the rule sets based on the content of the blocked sites! Would this then be reverse engineering? I hardly see that as being illegal. I think the DMCA only serves to empower the corporations with the ability to keep their customers stupid. The chances of any group of parents doing this is almost none. Who's interest is best represented here? Not mine!
This decryption is a service to me and reinforces my decision not to use this type of software. There are many ways around this sort of thing anyway. Some of the easier ones that I can think of are easily within the abilities of smart children that I know. Information like this flies through the kid network faster than you think. If one of them really wants to know, I don't think that this sort of software will stop them for long. Just one kid wanting to be popular or cool with a printer could print the content, and the methods of getting it and show it off at school. Give that a few weeks and pretty soon almost all of them who want to see will. Simple. The only ones that can have an effect on this are the parents.
We deserve the right of full-disclosure on any technology that can have this much impact on our lives. How will this happen if it can't be verified. Trust our goverment to handle it? Not bloody likely.
Who can we write to? I am beginning to realize that this is going to be a long battle. Fight it or become just another dumb computer USER.Blogging because I can...
If Mattel is so keen on keeping children ignorant about their sexual destiny, why does their famous doll scale up to have a Vegas showgirl's legs and doubly implanted breasts? And a wardrobe to show it.
That's the drill, Mattel! Teach little girls to want to grow up to be sex objects, but make sure they don't know what the "sex" part is about until they do grow up.
--
Sheesh, evil *and* a jerk. -- Jade
If your child is bright enough to find the crack to cyber patrol on the web, download/run it, and beat your pathetic attempt at stopping that child from seeing whats really out there then you have little to worry about. You kid is smart, able to think for themself, aware of political censorship (you) and somewhat rebellious. All are admirable qualities!!
Congratulate your child for seeing through your silly attempt, and having graduated to the level of being able to view the real world for themselves.
Your kid will trust you so much more when you trust them. (vice versa works too)
no sig.