Politics
On the political.
Testing Privacy Tools
I was curious after posting some hints about how to protect your privacy to see how they worked.
Using EFF’s convenient panopticlick browser fingerprinting site. Panopticlick doesn’t use all the tricks available, such as measuring the time delta between your machine and a reference time, but it does a pretty good job. Most of my machines test as “completely unique,” which I find complementary but isn’t really all that good for not being tracked.
Personally I’m not too wound up about targeted marketing style uses of information. If I’m going to see ads I’d rather they be closer to my interests than not. But there are bad actors using the same information for more nefarious purposes and I’d rather see mistargeted ads than give the wrong person useful information.
Testing Panopticlick with scripts blocked (note TACO doesn’t help with browser fingerprinting, just cookie control) I cut my fingerprint to 12.32 bits from 20.29 bits, the additional data comes from fonts and plugins.
Note that EFF reports that 1:4.1 browsers have javascript disabled. Visitors to EFF are, I would assume, more likely to disable javascript than teh norm on teh interwebz, but that implies that javascript-based analytics packages like Google analytics miss about 25% of visitors.
It is also interesting to note that fingerprint scanners (fingerprints as on the ends of fingers) have false reject rates of about 0.5% and false acceptance rates of about 0.001%. Obviously they’re tuned that way to be 50x more likely to reject a legitimate user than to accept the wrong person and the algorithms are intrinsically fallible in both directions, so this is a necessary trade-off. Actual entropy measures in fingerprints are the subject of much debate. An estimate based on Pankanti‘s analysis computes a 5.5×10^59 chance of a collision or 193 bits of entropy but manufacturer published false acceptance rates of 0.001% are equivalent to 16.6 bits, less accurate than browser fingerprinting.
Fight the Combating Online Infringement and Counterfeits Act
I wrote my representatives:
The “Combating Online Infringement and Counterfeits Act” introduced by Senators Leahy and Hatch to shut down internet sites accused of violating copyright is fundamentally unacceptable and must be blocked. It is predicated on three failed precepts.
First:
The law would provide for expedited prior restraint of free speech based on a claim of infringement. This extends the already over-broad powers granted by the DMCA, which has been used to silence political opposition (e.g. John McCain’s DMCA takedown of a critical video on YouTube) and shut down legitimate criticism of corporate and financial interests. This bill will further erode free speech in America and thus further delegitimize democracy itself.
Second:
The bill provides for in rem actions against a web site. In rem actions have become one of the most popular mechanisms which police forces have used to enrich themselves by taking legal action against private property (e.g. USA v. $124,700 (2006)). This has lead to massive corruption and even the murder of innocent people (e.g. Donald P. Scott 1992). In rem cases should be limited to acceptable legal situations where the owner cannot be identified, not as a method of prior restraint or as an extrajudicial shortcut that effectively extorts compliance from the target by creating an excessive cost barrier to seeking real justice.
Third:
The bill promotes the fiction that copyright law is a property law. It is not. Limited monopolies on the fruits of inventions are offered to inventors to promote the progress of science and the useful arts. These monopolies are in the form of copyrights and patents. There is no constitutional basis for creating laws to protect the privilege of copyright beyond what can be proven to promote the progress of science and the useful arts. It is an offense to democracy to privilege profits over basic civil rights. American society would not suffer meaningfully without the copyright industry, but American democracy is meaningless without free speech. Unfortunately, the copyright industry leverages profits into campaign contributions and lobbyists while free speech is, by its nature, free and thus profitless. Free speech can only be defended from profiteers by patriots.
This bill must be blocked. Please stand up for democracy.
ACTA: Alliance for Covert Totalitarian Action
ACTA is apparently going into force this month, implementing still secret rules that will make everyone with an internet connection an international criminal in order to protect people with obsolete business models. Since the cost and value of publication, editorial review, and syndication have dropped to near zero thanks to the invention of broad direct distribution, the “recording” industry is obsolete. Why do we need an industry to make records when nobody buys records any more? The industry has changed business plans to extortion.
But the recording industry has historically made a lot of money and people with money hate giving it up and won’t do so without a fight. If the population won’t buy the recording industry’s products any more, choosing instead to shoulder the incremental cost of self-publication in a collaborative model, then the recording industry, naturally, turns to increasingly draconian efforts to preserve their revenue stream. It is far more cost-effective to co-opt the government and exploit public-funded investigatory and prosecutorial resources than to, say, pay private security to break into people’s houses and businesses: as a bonus working though the courts they can seize children’s college funds: keeping kids out of school means they won’t grow up to found competing industries. If there’s nobody left capable of innovating, there’s no point in the government enforcing that obsolete constitutional thing about “promoting the progress of science and the useful arts.”
Peer-to-peer communications and especially self-publication technologies have always been a threat to the copyright industry. The DMCA was a huge victory for a dead industry and helped preserve it well beyond any economic utility at a tremendous cost to innovation and progress. But the copyright industry may still win a losing battle by shifting the cost of prosecuting civil infringement to the public and other industries by creating a new class of crime: not optimizing copyright industry profits.
Fight ACTA
https://www.eff.org/issues/acta
the Cloud
On the Media is an excellent resource always, but the second segment of the Apr. 23, 2010 goes over the lack of protection afforded data in the cloud due to the Stored Communications Act, an increasingly important topic.
Current law allows a very low standard for access to “Stored Communication” such as Gmail or Google Docs or any other “cloud service.” It turns out that Google gets about 20 requests for data a day and if an investigator asks for your email they do not need a warrant to get it.
If you don’t own the hardware, you don’t own the data.
Even if the Stored Communications Act is overturned, any data you store on a remote server such as Google’s, is Google’s and not yours. You have no right to get it back, no rights controlling Google’s dissemination of your data or resale thereof. In many cases there is a click through agreement with the service provider which may, for example, state that certain information will be kept private or not sold, but such clauses are typically superseded by statements claiming the right to rewrite the agreement without notification.
For example, FaceBook might change default privacy settings such that information you stored on their server with the understanding that it would be kept private is later exposed to search engines and indexed and thus made public, thereby increasing search traffic to their site, and thus to their advertisers.
FaceBook did not give, and was not required to give any particular notice. The data you put on their servers is theirs, not yours.
Don’t put data in the “cloud” you don’t want to be public. Google Docs is not a replacement for Open Office on your own hardware. Companies don’t make any money offering you free, private compute resources and storage; these services are profitable by exploiting the value of your information. In the long run it is probably cheaper to buy your own hardware.
Side note: in this excellent episode of OTM, they also cover the GAO’s pooping all over the MPAA/RIAA linkage between guerrilla antitrust (unauthorized copying) and economic problems. OTM also points out the linkage between the asinine ruling against the FCC and Net Neutrality, which is a free speech disaster, and worse still the MPAA/RIAA efforts to create a world-wide three-strikes rule to extort money to replace the money they used to be able to generate with their obsolete business model.
Retarding Progress for Contributions, Again.
Hey, wow… sure, techdirt isn’t the WSJ, but for a blog it is somewhat authoritative and they’re actually noting that fact that we grant temporary monopolies to creators not as property (or to preserve jobs or to fund private jets for industry execs) but solely to promote the progress of science and the useful arts. Any IP law that retards the progress of science and the useful arts, no matter how many jobs or corporate jets it saves, is unconstitutional. Tell Victoria Espinel that she should be sworn to upholding the constitution, not the corporate profits.
This is relevant now because the press was just kicked out of the anti-“piracy” summit at the white house (by “piracy,” they of course mean vigilante trust busting, not the corporate pirates of the public domain).
Verisign Cold Calls to Push Pay Certs
I got an interesting call from 305-800-1000 claiming to represent Verisign. Whoever was calling (“they,” not necessarily Verisign, but I don’t have any reason to doubt that) had reviewed my site and found I was using a CACert certificate, which the caller accurately pointed out generates a warning in most browsers, and accurately pointed out might turn users away for no valid reason whatsoever except that I didn’t pay Verisign for the privelege of using encyrption and FireFox penalizes me for not having done so.
They thought I should “upgrade” to a Verisign cert.
I politely explained that I understood that CACert isn’t included in most default browsers and that it should be and that charging for certificates was a scam and that I absolutely would not be switching and I was doing my part to make the web a better place. Amazingly, the caller actually seemed to understand my off-script rant and thanked me for my time.
I hate the current cert model. It is totally broken. People seem to think that certs work as a trust tool and if only you give people big enough, annoying enough warnings they’ll not trust a free, expired (or perhaps even illegitimate) cert. The problem is that certs are a pain in the ass. Recently my BlackBerry started telling me Google Maps’ cert had expired. Did I not use maps until they fixed it? Would you? No, of course not. You just pick through an extra stupid dialog. The worst thing about the new FireFox update is the real estate wasted on cert validity and the astonishingly annoying “are you absolutely sure you trust this cert?” dialogs.
The only valid reason for SSL is so that when you’re at a coffee shop or on an untrusted networks, it is harder for people to sniff your passwords. That’s it. It completely fails as a validity check, no matter how big and red the policeman warning logo is. It always fails for a number of reasons:
- A bad cert doesn’t mean anything. “Green” certs are absurdly expensive (they should be free), expire, and are hard to manage so one frequently finds bad certs on known good sites.
- A good cert doesn’t mean anything. All it means is that the site paid and the URL matches. But even a place like a bank might have dozens of URLs for different parts of their service and so getting a green cert for www.my-bank.com is just as good as www.mybank.com. If the site looks the same, most people will log right in to either.
- Nobody pays any attention anyway. And they really shouldn’t.
In the end this is a disaster for net neutrality. There are some interesting debates about FireFox’s new, intrustive dialog boxes. The cold call I just got is a natural consequence of a FUD policy which in effect reduces interent security to the benefit of people selling certificates FireFox approves. If it turns out there is financial benefit flowing from the vendors of “approved” certificates to FireFox, I’ll never use it again. Even without impropriety, I think Mozilla has done a grave disservice to the internet.
Where’d Worldbeat Go?
This is an important question: where did Worldbeat go? Worldbeat is the essential reference for news about both Penii and angry robots. Without my weekly does of worldbeat, the world seems colder, as if the sun is hidden behind a permanent haze that just won’t clear.
Even if you don’t know Chris Watson’s worldbeat, you want it back because until you get the chance to experience Worldbeat you will never know how bright the sun shines on absurdity. Where else will you learn:
In March, a 13-year-old girl sent a letter to her mother. There were, however, some problems this letter. First of all, she didn’t put a stamp on it. Secondly, her mother is dead. And third, the letter was addressed to “Paradise Street, Heaven.” Two days after she mailed the letter, it was returned to her. It came marked “unknown at this address” and with a 1.35 euro fine for the missing stamp. Everyone got all pissy at the French post office, for what was seen as its callous treatment of the girl. Nobody got all pissy at a world that tricks kids into thinking there’s a magical fantasyland where their dead parents are waiting to get mail. Nobody except Worldbeat. Because that’s what we do here.
Michael Cahill of Cambridge Beat wants to know where Chris has gone too. Where is our worldbeat? I stopped by the offices of the Echo Weekly personally and asked, but nobody there knew.
It is time to demand answers! Write the Echo and demand Worldbeat!
Scientific Method, why not?
Faith in pseudo-science annoys me. As I get older I find myself caring less and less what other people believe and have learned, mostly, to just walk away when people espouse anti-scientific ideas. But every now and then I find myself typing something like:
“While I disagree that there’s anything less than an unprecedented flowering of innovation at an ever increasing pace, there is a risk to further progress in weakened academic structure that has led to an increase in credulity as evidenced by growing embrace of faith in psuedo-science and outright anti-scientific religion. It is not so much that fanciful flights of faith pose any meaningful challenge to good science, rather the pointless waste of resources that ultimately harm the ignorant and drain overall productivity .
“As those who fail to learn from history are doomed to repeat it, so too the directionless flailing of the uneducated repeat past failures and charge enthusiastically into dead ends long ago discovered and mapped in formal curricula. Those who bemoan the exclusion of the uneducated in scientific discourse deserve no more sympathy than obese couch potatoes whining over being excluded from consideration as contenders in marathons. Merely being qualified to appreciate progress requires a modicum of technical literacy, at the least a thorough understanding of scientific method, evidentiary proof, and basic mathematics; an understanding of which is a civic obligation regardless of profession.”
(The comment was not particularly anti-scientific and in true web2.0 abbreviated “update” form, ambiguous and without context. While it is likely a diatribe more in agreement with the original post than contrary to it, so much inspired consonance seems worthy of elevation from throw away comment against an abbreviated status post to the exulted position of “blog post,” in all vanity published glory, untarnished by critical review or editorial attention.)