Yeah, I'm sure it's a piece of cake tracking down the precise identity of some random abused youth locked in a completely generic concrete basement. There are only millions upon millions of generic concrete basements out there in the world.
Sounds like a hard task; we should be putting lots of agents on this one...
Oh wait, most of the arrests made for child sex abuse images are for possession, downloading, or sharing -- not producing -- and most of the police officers working on these cases are going after the low hanging fruit, parading around the occasional producer they manage to find. If the police were focused on catching child abusers, they would devote the bulk of their resources to catching such people, and not get distracted catching people who just like to look at images of child abuse.
Someone always brings this up whenever the issue of child sex abuse imagery is discussed. This argument is wrong and should not be pressed for the following reasons:
Supply is a matter of scarcity, not a matter of demand; in this case, the scarcity only exists for new child abuse images, since the images can be reproduced at no cost once they have been released.
Demand is a matter of the willingness people have to pay for something. Demand in and of itself never creates supply.
In the case of child abuse images, it is not necessarily true that anyone who possesses such images actually did pay for them. Like anything else that can be downloaded, child abuse imagery can be downloaded at no cost online, and people so exactly that. Arresting someone who was never willing to pay for child abuse images does absolutely nothing to the demand for those images.
Child sex abuse images are extremely risky to produce, since the consequences of being caught producing such imagery include lengthy (potentially indefinite) prison sentences. People do not generally produce such images and then send them to others without being paid in some way, either with money or with some sort of barter, including swapping images of child abuse. Only someone who is not bothering to act in their own best interests would send a photo or video of themselves committing a serious crime to someone who is not paying for it.
If you want to combat the economics of child abuse imagery, you need to reserve prosecution for people who actually paid for the images in their possession. Otherwise, you are just going after the low-hanging fruit, while leaving the truly dangerous people -- the people who are abusing children -- untouched.
Even the threat of a quantum computer should make those who transmit kiddie porn think twice.
I seriously doubt that the FBI could store that much information for that long a period of time.
I know for a fact that no ISP stores customer records for that long, and it is unlikely that the FBI will be able to gain access to such records when their only evidence is "so-and-so happened to be using Tor!"
Quantum computing has numerous challenges facing it; betting on a breakthrough to catch child sex abusers is a pretty stupid strategy.
People who consume child abuse imagery do not generally think about police capabilities. According to one computer security research I spoke with, the police have their hands full catching people who do not even bother with cryptography, who download these images in the clear. Most people in general have little familiarity with cryptography or cryptography software; why would people who want child abuse images be an exception to that rule?
People who produce child abuse imagery (i.e. people who abuse children) do not use Tor, because of the low bandwidth and the extreme paranoia amongst such people (at least the ones who manage to evade police for years at a time). Another security researcher I spoke to noted that it is not uncommon for producers of these images to use the postal system, mailing encrypted DVDs to their customers, which is considered to be more secure. I would not be surprised if the vast majority of the images shared through Tor are old images, which have been circulating for years and which are already in the Innocent Images database.
You are correct in your first assessment: that this is not really about protecting children, it is about expanding police and intelligence powers. Yet it is not that they want to help people with copyrights; they want to ensure that their own authority goes unthreatened. We passed a lot of laws under the guise of protecting children, which have served the purpose of inflating arrest and conviction numbers and expanding the power of the police.
The FBI hates the fact that ordinary people have access to cryptography they could not crack even with all their best cryptanalysts working at it. That is why they keep asking for back doors. They bring up child abuse just to scare people into thinking that this is a pressing, urgent issue, one which will determine the safety of their children and grandchildren. The fact that, in practice, Tor is too low-bandwidth to satisfy the demands of many consumers and producers of child sex abuse imagery is irrelevant here -- the FBI is more concerned about monitoring people who do not require high bandwidth, people who may threaten the power of our current set of politicians and of course the power of the FBI itself.
Child sex abuse is just a bogeyman that conjures terror in the population and causes everyone to shut down the cognitive parts of their brains.
I'm all for privacy, but I think they should put a 'backdoor' in the Tor system to allow the FBI to catch pedophiles.
Do you think that the Chinese governments does not have spies in the FBI? Any backdoor would become a tool of the Chinese government, used to hunt down and persecute dissidents.
You could run a bridge node -- these are very helpful to people who live in countries with national firewalls that block official Tor relays. Bridge nodes are unlisted relays, which are included in short lists (three nodes if I remember correctly) of randomly selected that are sent upon request via email. Some countries (I am looking at you, China) have ongoing campaigns to compile lists of all bridges, which is why we need people to run as many bridge nodes as possible. A bridge node is not an exit, so you will not face the wrath of the FBI or other police agencies.
On the other hand, Tor's ability to protect dissidents who live under repressive governments, it's ability to enable free speech in those countries (e.g. discussing the Tienanmen Square incident, criticizing the Ayatollah, etc.) should, in my opinion, take priority over the quest to arrest people who download and share child sex abuse images. We may be revolted by such imagery, but:
There are plenty of other ways the images can be shared. I have even heard from one security researcher that producers of child abuse imagery often choose to send an encrypted DVD through the postal system, since it is considered to be a more secure way to transmit gigabytes of data. Tor is a relatively low-bandwidth network, and so the scale of such activity on Tor is inherently limited.
Anything that can be done to catch people who share child abuse images on Tor could be used by a repressive government to persecute dissidents. I doubt that the FBI will really be able to keep any hypothetical Tor-breaking technique out of Chinese hands, and I have no doubt whatsoever that the Chinese government would hesitate to use its intelligence capabilities to obtain such techniques. The fact that the FBI is unable to break Tor is a hopeful sign for the people who use Tor to protect themselves from persecution over political statements, religion, or human rights work.
So while freedom may not be absolute, we are not really talking about an edge case where free speech does not apply. We are talking about an important technology that enables free speech in places where there are few protections, which happens to see some use among child abusers (and the free speech issues relating to sharing child abuse imagery are not really settled -- not all the people who possess or share such imagery are producing it, and it is even less likely that someone who uses Tor to download such images has in any way paid for or encouraged its production).
Tor has two equally important goals that have motivated its design:
Anonymous communication
Defeating censorship
Both of these goals make it impossible for Tor as a system to prevent people from sharing child sex abuse images. Anything that could be done to prevent such sharing could just as easily be used by the Chinese to prevent dissidents from disseminating their information. Anything that could be done to track down people who share child sex abuse images could be used by China to track down dissidents and persecute them.
That is the trade-off: protecting free speech and dissidents who live under repressive governments necessarily thwarts the FBI's attempt to track down people who share child sex abuse imagery. This is a matter of priorities -- do we want to protect dissidents, or do we want to prevent child abuse images from being shared?
Exactly what I thought -- as soon as I saw the phrase, "unauthorized access to textbooks," I knew something was wrong. Of course, from the publisher's perspective, and unfortunately from too many schools' perspective, the purpose of textbooks is to make money for publishing companies.
We need a better way to distribute knowledge, one that is not based on maximizing the profit of people who have every incentive to restrict the flow of knowledge.
A cloud model is heavily relying on network resources for your computing needs, no?
I guess that's the meaning today. Yesterday, it meant outsourcing your computation, which is the more typical context, but even then it refers to anything that involves outsourcing computation (storage included).
Besides, in the "traditional" enterprise network server-client model, we already rely heavily on networked printing and networked file systems.
Which is one of the reasons "cloud computing" is a pointless and meaningless term. It is nothing more than marketing, designed to convey a sense that there is something new under the sun when it comes to networked computers, when in fact people have been outsourcing computation and relying on networks since the 1960s.
Except that the post I was replying to referred to a "private cloud," i.e. hosting things internally. If "cloud" no longer refers to outsourcing your computation, then it pretty much lost whatever semblance of meaning it might have had.
A good manager knows how to make use of each person's skills. I do not think anyone is saying that you should have nothing but hackers in your IT department, but rather to have one or two hackers whose unique skills can be used when needed. You know, those situations where it is more important to get something working or to fix something that is broken than it is to make sure proper procedures were followed.
What term would you use, then? How do you distinguish someone who considers programming their day job from someone who loves to program regardless of whether they are being paid to do it (which is not to say that hackers do not care about getting paid)?
What kind of a garden do you have? My garden is generally pesticide-free (except for the pesticides naturally produced by the plants I grow e.g. solanine), I use a rudimentary compost as fertilizer, and do not use peat. The plants I grow are edible or else they produce edible fruits/roots. A garden does not have to be an environmental disaster.
For RMS and the FSF, success is not defined by maximizing the number of users of free software; success is defined by maximizing the freedoms that computer users enjoy. Bringing more proprietary software to GNU/Linux will certainly increase the number of GNU/Linux users, but it will impose bounds on their freedom to use GNU/Linux. Consider this, right from the Steam license:
you are not entitled to...host or provide matchmaking services for the Software or emulate or redirect the communication protocols used by Valve in any network feature of the Software, through protocol emulation, tunneling, modifying or adding components to the Software, use of a utility program or any other techniques now known or hereafter developed, for any purpose including, but not limited to network play over the Internet, network play utilizing commercial or non-commercial gaming networks or as part of content aggregation networks, without the prior written consent of Valve
Do you really want GNU/Linux to become that sort of a platform? One where you are free to use the software as long as you never try to peek under the hook or escape some software vendor's online services? The point of GNU is to be a free OS (this is not necessarily the point of the Linux kernel), one where people do not have to worry about license servers, arbitrary restrictions on use, lawsuits, NDAs, or other unfriendly licenses.
When I was an undergrad, I tried to run Matlab only to discover that there were too many other people on campus using Matlab -- apparently the license our school had only allowed 50 concurrent Matlab users. That, in a nutshell, is why free software matters for non-programmers -- proprietary software almost always comes with arbitrary restrictions, and sometimes those restrictions are enforced by the software itself.
Free software eBook readers do not delete your books when Amazon asks them to. Free software tablet OSes do not prevent you from installing pornography software if you want to do so. Free software movie players do not prevent you from fast-forwarding through commercials. These are things that non-programmers care about; how is free software not relevant to them?
This is how I view Richard Stallman, just a parasite on free software who collected together one of these archives of other peoples free works without contributing to that body of work in any substantial way.
Really, you think RMS has not contributed any software? I guess Emacs, GCC, and all those other GNU programs he either created or helped with do not count in your world...
Actually, there are important difference even for people who have no idea how to write a program. I will never forget the time when I was trying to do homework for an engineering class, and I received a message from Matlab that said that I could not use the program because too many other people on campus were using it. There was an arbitrary limit on the number of concurrent Matlab users; this is not a programming issue, it is an arbitrary and unnecessary restriction. Likewise, when my mother -- someone who has no idea about computers -- tries to fast forward a DVD and discovers that her DVD player will not allow it, she feels the effect of proprietary software, despite having no idea how a DVD player works.
Vanishing features, limits that prevent people from doing what they want to do, limits that are designed to prevent people from learning that there is a better way than what they have -- proprietary software is about more than just your right to modify the program. Who says that a home user should not have an 8 core machine? Who says that a home user should not have pornographic software on their computer? Why should computer users be at the mercy of software makers (this question is increasingly important, as computers have become one of the most important tools in our society)?
That's what THEY think is important - doesn't mean it actually is for most people
Most people have almost no understanding of computers and have never read the software licenses they agree to. People certainly do care about not being able to fast forward past the FBI warnings and commercials on their DVDs, about having books vanish from the Kindles, about not being able to get a particular kind of program on the iPads, and other in-your-face examples of proprietary software restrictions. When people are restricted from doing things they never knew were possible, of course they do not care -- and proprietary software vendors know this and try to focus their restrictions on such things.
Society has not yet settled the policy issues related to software; the decisions that are made about those policies will probably affect people for a long time. Right now, we have a chance to have our say in those policies, and we should not waste that chance.
I do not recall RMS or ESR ever claiming that these issues were the most important issues facing society. Both RMS and ESR have their views on a broad range of topics, and have chosen to focus on issues they are most familiar with -- or do you think RMS might have done a better job reforming the coal mining industry?
But think about the people who spend hours and hours coding. How do they afford coffee to stay up writing software so open-source freeloaders can consume whatever they feel like?
A few ways:
Work for a company that commits patches to open source projects. Red Hat, IBM, and even Microsoft (though they tend to only contribute patches with an obvious benefit to their own business interests) come to mind, and there are many others.
Work as a contractor developing special purpose software; contribute to open source projects on the side or as needed (be careful about this one -- some companies might try to claim that any patch you wrote is their "property").
Work in academia (not necessarily as an academic)
Look, I'm not against open source, but to make a blanket statement and call all closed source software unethical is absolutely stupid.
That is an artifact of the difference between the open source concept and the free software concept. Open source is about developing software; free software is about empowering computer users and giving them the freedom they deserve (well, I guess you can guess where I sit on that issue). Proprietary software is unethical because of the restrictions it places on computer users, which are neither necessary for the software to be developed nor beneficial to society. Proprietary software leaves users at the mercy of developers; the users have no recourse when the developers decide that some feature should be removed (e.g. OtherOS) or that some software will no longer be supported. Free software gives users a say in the matter -- features or packages can be preserved with or without the aid of their authors.
I'm wondering is: if you don't want someone else to know something, then why are you transmitting that information to a stranger?
For a lot of people, that is the only way to get information about a condition without having to make an appointment with a doctor. Not everyone has access to a medical library, nor does everyone know where or how to look for information in such a library.
We make it so that policy is the only thing we have protecting us
That is universally the case. Policy is the only thing that protects you from ex post facto laws, bills of attainder, etc.
Search anonymously. Encrypt things.
The government made a concerted effort to thwart the deployment of such technologies when it mattered most: before the Internet became popular. The government has continued to treat good encryption systems as things that are only relevant for armies, diplomats, and large corporations. If the government is not going to work with us to deploy privacy protecting technologies, then the government had better follow through with what it promised when it was fighting civilian crypto use: privacy protecting laws and policies.
The majority of people are too technically illiterate to install and configure Tor or PGP. This is not something that needs to be the case; within a generation, we could have people who actually knew how to use their computer in a way that protects their privacy, if we simply added Tor and PGP to public school "computer classes" (which already cover spreadsheets, wordprocessors, and ironically, Google usage). Yet instead of working to empower people in this way, the government is continuing to push for back doors and continuing to treat anyone who works to protect their privacy like a suspected criminal. So yes, it is reasonable to demand that privacy be implemented through the law, and that we (i.e. people who are technically skilled) use privacy protecting technologies on top of that and encourage others to do so.
Slashdot Mirror
Yeah, I'm sure it's a piece of cake tracking down the precise identity of some random abused youth locked in a completely generic concrete basement. There are only millions upon millions of generic concrete basements out there in the world.
Sounds like a hard task; we should be putting lots of agents on this one...
Oh wait, most of the arrests made for child sex abuse images are for possession, downloading, or sharing -- not producing -- and most of the police officers working on these cases are going after the low hanging fruit, parading around the occasional producer they manage to find. If the police were focused on catching child abusers, they would devote the bulk of their resources to catching such people, and not get distracted catching people who just like to look at images of child abuse.
In the case of child abuse images, it is not necessarily true that anyone who possesses such images actually did pay for them. Like anything else that can be downloaded, child abuse imagery can be downloaded at no cost online, and people so exactly that. Arresting someone who was never willing to pay for child abuse images does absolutely nothing to the demand for those images.
If you want to combat the economics of child abuse imagery, you need to reserve prosecution for people who actually paid for the images in their possession. Otherwise, you are just going after the low-hanging fruit, while leaving the truly dangerous people -- the people who are abusing children -- untouched.
Even the threat of a quantum computer should make those who transmit kiddie porn think twice.
You are correct in your first assessment: that this is not really about protecting children, it is about expanding police and intelligence powers. Yet it is not that they want to help people with copyrights; they want to ensure that their own authority goes unthreatened. We passed a lot of laws under the guise of protecting children, which have served the purpose of inflating arrest and conviction numbers and expanding the power of the police.
The FBI hates the fact that ordinary people have access to cryptography they could not crack even with all their best cryptanalysts working at it. That is why they keep asking for back doors. They bring up child abuse just to scare people into thinking that this is a pressing, urgent issue, one which will determine the safety of their children and grandchildren. The fact that, in practice, Tor is too low-bandwidth to satisfy the demands of many consumers and producers of child sex abuse imagery is irrelevant here -- the FBI is more concerned about monitoring people who do not require high bandwidth, people who may threaten the power of our current set of politicians and of course the power of the FBI itself.
Child sex abuse is just a bogeyman that conjures terror in the population and causes everyone to shut down the cognitive parts of their brains.
I'm all for privacy, but I think they should put a 'backdoor' in the Tor system to allow the FBI to catch pedophiles.
Do you think that the Chinese governments does not have spies in the FBI? Any backdoor would become a tool of the Chinese government, used to hunt down and persecute dissidents.
You could run a bridge node -- these are very helpful to people who live in countries with national firewalls that block official Tor relays. Bridge nodes are unlisted relays, which are included in short lists (three nodes if I remember correctly) of randomly selected that are sent upon request via email. Some countries (I am looking at you, China) have ongoing campaigns to compile lists of all bridges, which is why we need people to run as many bridge nodes as possible. A bridge node is not an exit, so you will not face the wrath of the FBI or other police agencies.
So while freedom may not be absolute, we are not really talking about an edge case where free speech does not apply. We are talking about an important technology that enables free speech in places where there are few protections, which happens to see some use among child abusers (and the free speech issues relating to sharing child abuse imagery are not really settled -- not all the people who possess or share such imagery are producing it, and it is even less likely that someone who uses Tor to download such images has in any way paid for or encouraged its production).
Both of these goals make it impossible for Tor as a system to prevent people from sharing child sex abuse images. Anything that could be done to prevent such sharing could just as easily be used by the Chinese to prevent dissidents from disseminating their information. Anything that could be done to track down people who share child sex abuse images could be used by China to track down dissidents and persecute them.
That is the trade-off: protecting free speech and dissidents who live under repressive governments necessarily thwarts the FBI's attempt to track down people who share child sex abuse imagery. This is a matter of priorities -- do we want to protect dissidents, or do we want to prevent child abuse images from being shared?
Exactly what I thought -- as soon as I saw the phrase, "unauthorized access to textbooks," I knew something was wrong. Of course, from the publisher's perspective, and unfortunately from too many schools' perspective, the purpose of textbooks is to make money for publishing companies.
We need a better way to distribute knowledge, one that is not based on maximizing the profit of people who have every incentive to restrict the flow of knowledge.
A cloud model is heavily relying on network resources for your computing needs, no?
I guess that's the meaning today. Yesterday, it meant outsourcing your computation, which is the more typical context, but even then it refers to anything that involves outsourcing computation (storage included).
Besides, in the "traditional" enterprise network server-client model, we already rely heavily on networked printing and networked file systems.
Which is one of the reasons "cloud computing" is a pointless and meaningless term. It is nothing more than marketing, designed to convey a sense that there is something new under the sun when it comes to networked computers, when in fact people have been outsourcing computation and relying on networks since the 1960s.
Except that the post I was replying to referred to a "private cloud," i.e. hosting things internally. If "cloud" no longer refers to outsourcing your computation, then it pretty much lost whatever semblance of meaning it might have had.
I guess "cloud" at this point means, "Running your programs on a computer with a network connection."
A good manager knows how to make use of each person's skills. I do not think anyone is saying that you should have nothing but hackers in your IT department, but rather to have one or two hackers whose unique skills can be used when needed. You know, those situations where it is more important to get something working or to fix something that is broken than it is to make sure proper procedures were followed.
The best and brightest people follow the rules - that's why they are the best
I think you are confusing "best and brightest" with "most conservative."
What term would you use, then? How do you distinguish someone who considers programming their day job from someone who loves to program regardless of whether they are being paid to do it (which is not to say that hackers do not care about getting paid)?
What kind of a garden do you have? My garden is generally pesticide-free (except for the pesticides naturally produced by the plants I grow e.g. solanine), I use a rudimentary compost as fertilizer, and do not use peat. The plants I grow are edible or else they produce edible fruits/roots. A garden does not have to be an environmental disaster.
How much could they get for Stallman?
Maybe Microsoft would pay them to keep Stallman captive?
What sort of a license do your users have to agree to? I could not even find it on your website...
you are not entitled to...host or provide matchmaking services for the Software or emulate or redirect the communication protocols used by Valve in any network feature of the Software, through protocol emulation, tunneling, modifying or adding components to the Software, use of a utility program or any other techniques now known or hereafter developed, for any purpose including, but not limited to network play over the Internet, network play utilizing commercial or non-commercial gaming networks or as part of content aggregation networks, without the prior written consent of Valve
http://store.steampowered.com/subscriber_agreement/
Do you really want GNU/Linux to become that sort of a platform? One where you are free to use the software as long as you never try to peek under the hook or escape some software vendor's online services? The point of GNU is to be a free OS (this is not necessarily the point of the Linux kernel), one where people do not have to worry about license servers, arbitrary restrictions on use, lawsuits, NDAs, or other unfriendly licenses.
When I was an undergrad, I tried to run Matlab only to discover that there were too many other people on campus using Matlab -- apparently the license our school had only allowed 50 concurrent Matlab users. That, in a nutshell, is why free software matters for non-programmers -- proprietary software almost always comes with arbitrary restrictions, and sometimes those restrictions are enforced by the software itself.
Free software eBook readers do not delete your books when Amazon asks them to. Free software tablet OSes do not prevent you from installing pornography software if you want to do so. Free software movie players do not prevent you from fast-forwarding through commercials. These are things that non-programmers care about; how is free software not relevant to them?
This is how I view Richard Stallman, just a parasite on free software who collected together one of these archives of other peoples free works without contributing to that body of work in any substantial way.
Really, you think RMS has not contributed any software? I guess Emacs, GCC, and all those other GNU programs he either created or helped with do not count in your world...
Actually, there are important difference even for people who have no idea how to write a program. I will never forget the time when I was trying to do homework for an engineering class, and I received a message from Matlab that said that I could not use the program because too many other people on campus were using it. There was an arbitrary limit on the number of concurrent Matlab users; this is not a programming issue, it is an arbitrary and unnecessary restriction. Likewise, when my mother -- someone who has no idea about computers -- tries to fast forward a DVD and discovers that her DVD player will not allow it, she feels the effect of proprietary software, despite having no idea how a DVD player works.
Vanishing features, limits that prevent people from doing what they want to do, limits that are designed to prevent people from learning that there is a better way than what they have -- proprietary software is about more than just your right to modify the program. Who says that a home user should not have an 8 core machine? Who says that a home user should not have pornographic software on their computer? Why should computer users be at the mercy of software makers (this question is increasingly important, as computers have become one of the most important tools in our society)?
That's what THEY think is important - doesn't mean it actually is for most people
But think about the people who spend hours and hours coding. How do they afford coffee to stay up writing software so open-source freeloaders can consume whatever they feel like?
A few ways:
Look, I'm not against open source, but to make a blanket statement and call all closed source software unethical is absolutely stupid.
That is an artifact of the difference between the open source concept and the free software concept. Open source is about developing software; free software is about empowering computer users and giving them the freedom they deserve (well, I guess you can guess where I sit on that issue). Proprietary software is unethical because of the restrictions it places on computer users, which are neither necessary for the software to be developed nor beneficial to society. Proprietary software leaves users at the mercy of developers; the users have no recourse when the developers decide that some feature should be removed (e.g. OtherOS) or that some software will no longer be supported. Free software gives users a say in the matter -- features or packages can be preserved with or without the aid of their authors.
I'm wondering is: if you don't want someone else to know something, then why are you transmitting that information to a stranger?
For a lot of people, that is the only way to get information about a condition without having to make an appointment with a doctor. Not everyone has access to a medical library, nor does everyone know where or how to look for information in such a library.
We make it so that policy is the only thing we have protecting us
That is universally the case. Policy is the only thing that protects you from ex post facto laws, bills of attainder, etc.
Search anonymously. Encrypt things.
The government made a concerted effort to thwart the deployment of such technologies when it mattered most: before the Internet became popular. The government has continued to treat good encryption systems as things that are only relevant for armies, diplomats, and large corporations. If the government is not going to work with us to deploy privacy protecting technologies, then the government had better follow through with what it promised when it was fighting civilian crypto use: privacy protecting laws and policies.
The majority of people are too technically illiterate to install and configure Tor or PGP. This is not something that needs to be the case; within a generation, we could have people who actually knew how to use their computer in a way that protects their privacy, if we simply added Tor and PGP to public school "computer classes" (which already cover spreadsheets, wordprocessors, and ironically, Google usage). Yet instead of working to empower people in this way, the government is continuing to push for back doors and continuing to treat anyone who works to protect their privacy like a suspected criminal. So yes, it is reasonable to demand that privacy be implemented through the law, and that we (i.e. people who are technically skilled) use privacy protecting technologies on top of that and encourage others to do so.