Strategy Page on the less-than-perfect result of Russia’s attempt to get hackers to crack The Onion Router for a medium-sized monetary prize:
Back in mid-2014 Russia offered a prize of $111,000 for whoever could deliver, by August 20th 2014, software that would allow Russian security services to identify people on the Internet using Tor (The Onion Router), a system that enables users to access the Internet anonymously. On August 22nd Russia announced that an unnamed Russian contractor, with a top security clearance, had received the $111,000 prize. No other details were provided at the time. A year later is was revealed that the winner of the Tor prize is now spending even more on lawyers to try and get out of the contract to crack Tor’s security. It seems the winners found that their theoretical solution was too difficult to implement effectively. In part this was because the worldwide community of programmers and software engineers that developed Tor is constantly upgrading it. Cracking Tor security is firing at a moving target and one that constantly changes shape and is quite resistant to damage. Tor is not perfect but it has proved very resistant to attack. A lot of people are trying to crack Tor, which is also used by criminals and Islamic terrorists was well as people trying to avoid government surveillance. This is a matter of life and death in many countries, including Russia.
Similar to anonymizer software, Tor was even more untraceable. Unlike anonymizer software, Tor relies on thousands of people running the Tor software, and acting as nodes for email (and attachments) to be sent through so many Tor nodes that it was believed virtually impossible to track down the identity of the sender. Tor was developed as part of an American government program to create software that people living in dictatorships could use to avoid arrest for saying things on the Internet that their government did not like. Tor also enabled Internet users in dictatorships to communicate safely with the outside world. Tor first appeared in 2002 and has since then defied most attempts to defeat it. The Tor developers were also quick to modify their software when a vulnerability was detected.
But by 2014 it was believed that NSA had cracked TOR and others may have done so as well but were keeping quiet about it so that the Tor support community did not fix whatever aspect of the software that made it vulnerable. At the same time there were alternatives to Tor, as well as supplemental software that were apparently uncracked by anyone.
The Internet has been saturated for years with videos and photos of cats. This summer, it is also filled with snake people.
For the thousands of Internet users who have downloaded a browser extension called “Millennials to Snake People,” any online use of the word “millennial,” a common term for people born in the 1980s and 1990s, is automatically changed to “snake person.” An extension is a small software program that modifies an Internet browser such as Google ’s Chrome or Mozilla’s Firefox. Related terms are also altered: “Great recession” becomes “time of shedding and cold rocks,” and “Occupy Wall Street” turns into “Great Ape-Snake War.”
Web designer Eric Bailey, 33 years old, said he created the extension to amuse himself. “I saw one crazy-titled headline too many,” he said. “A lot of these articles speak of [millennials] in terms of this weird, dehumanized, alien phenomenon.”
The joke caught on quickly. Mr. Bailey launched the extension for Chrome in April, and others later adapted it for download in Firefox and Apple’s Safari. The Chrome extension has nearly 12,000 users, while a competing extension that turns “millennial” into “pesky whipper-snapper” has about 2,000.
Jerry Pournelle talks about his differing browser experiences on the Microsoft Surface:
Apple had their announcements today, but I had story conferences so I could not watch them live. I finished my fiction work about lunch time, so I thought to view some reports, and it is time I learned more about the new Windows and get more use to my Surface 3 Pro; a fitting machine to view new Apple products, particularly their new iPad Pro which is I expect their answer to the Surface Pro and Windows 10.
My usual browser is Firefox, which has features I don’t love but by and large I get along with it; but with the Surface it seemed appropriate to make a serious effort to use Edge, the new Microsoft Browser. Of course it has Microsoft Bing the default search engine. It also doesn’t really understand the size of the Pro. It gave me horizontal scrolling, even though I had Edge full screen. I looked up Apple announcements, and Bing gave me a nice list. Right click on the nice bent Microsoft pocket wireless mouse, and open a repost in a new screen. Lo, I have to do horizontal scrolling; Edge makes sure there are ads on screen at all times, so you have to horizontal screen the text to see all of it. Line by line. But I can always see some ads. Edge makes sure I don’t miss ads. It doesn’t care whether I can read the text I was looking for, but it is more careful about the ads. I’m sure that makes the advertisers happy, but I’m not so sure about the users. I thought I went looking for an article, not for ads.
Edge also kept doing things I hadn’t asked it to, and I’d lose the text. Eventually I found if I closed the window and went back to the Bing screen and right clicked to open that same window in a new tab, I was able to – carefully – screen through the text, and adjust the screen so all the text was on screen even though there was still horizontal scrolling possible. This is probably a function of inexperience, but using a touch screen and Edge is a new experience.
Even so it was a rough read. I gave up and went to Firefox on the Surface Pro. Firefox has Google as its default browser, and the top selections it offered me – all I could see on one screen – were different from the ones I saw with Bing. I had to do a bit of scrolling to find the article I had been trying to read, but eventually I found it. Right click to open it in a new Tab. Voila. All my text in the center. I could read it. Much easier. For the record: same site, adjusted to width in Firefox on the Surface Pro, horizontal scrolling of the same article viewed in Edge. Probably my fault, but I don’t know what I did wrong.
Now in Microsoft’s defense, I don’t know Edge very well; but if you are going to a Surface Pro, you may well find Firefox easier to use than Edge. A lot easier to use.
As to Google vs. Bing, in this one case I found Bing superior; what it offered me had more content. But Edge is advertiser friendly, not User friendly.
Brewster Kahle on the need to blow upchange the current web and recreate it with true open characteristics built-in from the start:
Over the last 25 years, millions of people have poured creativity and knowledge into the World Wide Web. New features have been added and dramatic flaws have emerged based on the original simple design. I would like to suggest we could now build a new Web on top of the existing Web that secures what we want most out of an expressive communication tool without giving up its inclusiveness. I believe we can do something quite counter-intuitive: We can lock the Web open.
One of my heroes, Larry Lessig, famously said “Code is Law.” The way we code the web will determine the way we live online. So we need to bake our values into our code. Freedom of expression needs to be baked into our code. Privacy should be baked into our code. Universal access to all knowledge. But right now, those values are not embedded in the Web.
It turns out that the World Wide Web is quite fragile. But it is huge. At the Internet Archive we collect one billion pages a week. We now know that Web pages only last about 100 days on average before they change or disappear. They blink on and off in their servers.
And the Web is massively accessible – unless you live in China. The Chinese government has blocked the Internet Archive, the New York Times, and other sites from its citizens. And other countries block their citizens’ access as well every once in a while. So the Web is not reliably accessible.
And the Web isn’t private. People, corporations, countries can spy on what you are reading. And they do. We now know, thanks to Edward Snowden, that Wikileaks readers were selected for targeting by the National Security Agency and the UK’s equivalent just because those organizations could identify those Web browsers that visited the site and identify the people likely to be using those browsers. In the library world, we know how important it is to protect reader privacy. Rounding people up for the things that they’ve read has a long and dreadful history. So we need a Web that is better than it is now in order to protect reader privacy.
Megan McArdle explains that while it’s quite understandable why governments want to maintain their technological ability to read private, personal communications … but that’s not sufficient justification to just give in and allow them the full access they claim that they “need”:
Imagine, if you will, a law that said all doors had to be left unlocked so that the police could get in whenever they needed to. Or at the very least, a law mandating that the government have a master key.
That’s essentially what some in the government want for your technology. As companies like Apple and Google have embraced stronger encryption, they’re making it harder for the government to do the kind of easy instant collection that companies were forced into as the government chased terrorists after 9/11.
And how could you oppose that government access? After all, the government keeps us safe from criminals. Do you really want to make it easier for criminals to evade the law?
The analogy with your home doors suggests the flaw in this thinking: The U.S. government is not the only entity capable of using a master key. Criminals can use them too. If you create an easy way to bypass security, criminals — or other governments — are going to start looking for ways to reproduce the keys.
Law enforcement is going to pursue strategies that maximize the ability to catch criminals or terrorists. These are noble goals. But we have to take care that in the pursuit of these goals, the population they’re trying to protect is not forgotten. Every time we open more doors for our own government, we’re inviting other unwelcome guests to join them inside.
I don’t really blame law enforcement for pushing as hard as possible; rare is the organization in history that has said, “You know, the world would be a better place if I had less power to do my job.” But that makes it more imperative that the rest of us keep an eye on what they’re doing, and force the law to account for tradeoffs, rather than the single-minded pursuit of one goal.
Network effects are wonderful for a technology firm when it’s growing. Early movers can gain an advantage that is very hard to displace, because once everyone else is using Microsoft Word or a Playstation, there’s a cost to switching away. On the other hand, investors (and antitrust lawyers) often assume that network effects are more durable than they actually are. In fact, they can be quite fickle. Once your network starts shrinking, the collapse can be sudden, because every node that gets subtracted from your network makes it less valuable to the people who remain. Networks that start growing often start shrinking — and a modest decline can quickly prompt a stampede for the exits. Anyone remember MySpace?
And so the problem that Reddit has is this: Having attracted a bunch of people on the promise that they could say anything they wanted, the company risks alienating those people, shrinking the network and shrinking itself right out of existence. Reddit would probably be a better place if the fat-shaming hobbyists and racist trolls were surgically excised. But they won’t be; they’ll be forced out bluntly, along with others, and that will drive away many of the users Reddit would like to keep.
Deciding what is offensive is inherently a political act, because one man’s deep truth is often another person’s deep offense. To take one obvious example, do you treat conservative Christians who say terrible things about gay rights activists the same as gay rights activists who say terrible things about conservative Christians? Men’s rights activists the same as feminists?
We are all more attuned to the offenses against our own beliefs than we are to what may seem terribly offensive to others. And with the culture war raging hot, it is going to be very hard to make choices that don’t look as if you’re taking sides. Even if you try to be scrupulously fair, chances are that you will miss something, causing one side to understandably point out: “See, they crack down on us, but not on those equally offensive other people!”
Reddit is trying to avoid this by splitting the baby in half: designating much of the worst content as questionable, and then segregating it, but not banning it. It’s far from clear, however, that this compromise will work. I don’t think a lot of people are going to mourn when the racist subreddits are segregated. But those are among the most notorious cases precisely because most people can agree that racist epithets are not okay. The border cases are likely to be more numerous, and the decisions will convince some users that Reddit is not for them.
A video game journalist from Vancouver recently took to Twitter to draw attention to a Tweet sent by a gamer: The gamer had tweeted: “I fucking swear — they get rid of Huge Boobs, I’m gone.” For this journalist those 11 words captured the essence of the gamer crusade. The hypermasculine dudebro attitude –— the crude objectification of women. It’s all there. Or so it seemed to him. As he put it: “#Gamergate summarized in one impossibly perfect tweet.”
But as is often the case with media accounts of GamerGate – the facts don’t really fit the narrative. First of all, the author was not talking about video games, but rather efforts to censor images of buxom ladies on Reddit. But more importantly — the author of the tweet is a young woman named Alison. Alison is a lesbian gamer who apparently enjoys gazing at images of busty women. For me, it is the game journalist’s tweet, not Alison’s, that is emblematic. It is an impossibly perfect illustration of a serious flaw in contemporary journalism: the narrative matters more than truth. The Rolling Stone’s apocryphal story about a gang rape at UVA is frequently cited as the classic example of narrative over-reach. But the press literature on GamerGate is strikingly similar.
According to dozens of media stories, #Gamergate is a nightmarish cabal of right wing males who will stop at nothing to keep women out of gaming. Comparisons with hate groups, lynch mobs and terrorists are not uncommon. In reality Gamergate has support from hundreds of thousands of rank and file video game enthusiasts from all over the world and across the political spectrum. Gamers identify with GamerGate for different reasons. A recurrent theme is consumerist – gamer journals are toadies for the game companies and need to be replaced by authentic critics, they say. Another — and the one that drew me into the world of gamers — is impatience with cultural scolds who evaluate games through the lens of political correctness. Are there some bullies and lunatics on the fringes of GamerGate? Yes there are. It’s the internet.
Media stories have focused on the female critics who have received hateful messages and even death threats. Those messages and threats are deplorable, but what the journalists typically fail to mention is that no one knows who sent them. Furthermore, those who defend Gamergate (males and females) have received hate mail and death threats as well. Too many in the media are addicted to a simplistic damsel in distress storyline — but inconveniently there are distressed damsels on both sides of the GamerGate controversy. The best data we have on on-line threats, a 2012 Pew Study for example, suggest that men, not women, are the primary targets.
Michael Geist looks at the major federal party leaders’ reactions to discussion of a “Netflix tax”:
As part of the digital strategy discussion, I stated that questions abound, including “are new regulations over services such as Netflix on the horizon?”
Prime Minister Stephen Harper addressed that question yesterday with a video and tweet in which he pledged that the Conservatives will never tax digital streaming services like Netflix and Youtube. Harper added that the Liberals and NDP have left the door open to a Netflix tax, but that he is 100% opposed, “always has been, always will be.” Both opposition parties quickly responded with the NDP saying they have not proposed a Netflix tax and the Liberals saying they have never supported a Netflix tax and do not support a Netflix tax.
So is this much ado about nothing?
Not exactly. First, there are groups and provincial governments that support a Netflix tax or mandated contribution to fund the creation of Canadian content. These include the Ontario and Quebec governments along with many creator groups. Earlier this year, I obtained documents under the Ontario Freedom of Information and Protection of Privacy Act that showed that the Ontario government spent months working toward a recommendation to expand the regulation of new media, including Canadian content requirements and increased regulation of foreign online video providers.
Second, while the Liberals and NDP have not proposed a Netflix tax, they have called for requirements that online video providers disclose revenues, Canadian content availability, and subscriber numbers to Canadian regulators. This is a very soft form of regulation that Netflix and Google have rejected as beyond the power of the Broadcasting Act. Providing information to allow for more informed regulatory analysis does not seem particularly unreasonable, but the companies unsurprisingly fear that that analysis could ultimately lead to calls for more regulation or payments.
Third, the real Netflix tax is the prospect of a levying sales taxes on digital products such as music downloads or online video services. It was the Conservatives that raised this possibility in the 2014 budget, launching a consultation on the issue that garnered supportive comments from companies such as Rogers, which noted that Canadian-based online video services such as Shomi operate at a disadvantage since they collect GST/HST, but Netflix does not. With many countries moving toward some form of digital taxation (as I noted in a January 2015 column on the issue, the real challenge lies in the cost of implementation), it seems inevitable that Canada will do the same in order to level the playing field and recoup a growing source of revenue. The Conservatives would presumably seek to differentiate between a generally applicable sales tax and a tax or fee targeting online streaming services, though many may feel it is a distinction without a difference.
KEI this morning released the May 2015 draft of the copyright provisions in the Trans Pacific Partnership (copyright, ISP annex, enforcement). The leak appears to be the same version that was covered by the EFF and other media outlets earlier this summer. As such, the concerns remain the same: anti-circumvention rules that extend beyond the WIPO Internet treaties, additional criminal rules, the extension of copyright term, increased border measures, mandatory statutory damages, and expanding ISP liability rules, including the prospect of website blocking for Canada.
Beyond the substantive concerns highlighted below, there are two key takeaways. First, the amount of disagreement within the chapter is striking. As of just a few months ago, there were still many critical unresolved issues with widespread opposition to (predominantly) U.S. proposals. Government ministers may continue to claim that the TPP is nearly done, but the parties still have not resolved longstanding copyright issues.
Second, from a Canadian perspective, the TPP could require a significant overhaul of current Canadian law. If Canada caves on copyright, changes would include extending the term of copyright, implementing new criminal provisions, creating new restrictions on Internet retransmission, and adding the prospect of website blocking for Internet providers. There is also the possibility of further border measures requirements just months after Bill C-8 (the anti-counterfeiting bill) received royal assent.
Given the extensive debate on copyright during the 2012 reforms, the TPP upsets the balance the Canadian government struck, mandating reforms without public consultation or debate. The government has granted itself the power to continue to negotiate the TPP during the election period, but all the major parties should publicly declare where they stand on these issues.
The Economist looks at the apparently unstoppable rush to internet-connect everything and why we should worry about security now:
Unfortunately, computer security is about to get trickier. Computers have already spread from people’s desktops into their pockets. Now they are embedding themselves in all sorts of gadgets, from cars and televisions to children’s toys, refrigerators and industrial kit. Cisco, a maker of networking equipment, reckons that there are 15 billion connected devices out there today. By 2020, it thinks, that number could climb to 50 billion. Boosters promise that a world of networked computers and sensors will be a place of unparalleled convenience and efficiency. They call it the “internet of things”.
Computer-security people call it a disaster in the making. They worry that, in their rush to bring cyber-widgets to market, the companies that produce them have not learned the lessons of the early years of the internet. The big computing firms of the 1980s and 1990s treated security as an afterthought. Only once the threats—in the forms of viruses, hacking attacks and so on—became apparent, did Microsoft, Apple and the rest start trying to fix things. But bolting on security after the fact is much harder than building it in from the start.
Of course, governments are desperate to prevent us from hiding our activities from them by way of cryptography or even moderately secure connections, so there’s the risk that any pre-rolled security option offered by a major corporation has already been riddled with convenient holes for government spooks … which makes it even more likely that others can also find and exploit those security holes.
… companies in all industries must heed the lessons that computing firms learned long ago. Writing completely secure code is almost impossible. As a consequence, a culture of openness is the best defence, because it helps spread fixes. When academic researchers contacted a chipmaker working for Volkswagen to tell it that they had found a vulnerability in a remote-car-key system, Volkswagen’s response included a court injunction. Shooting the messenger does not work. Indeed, firms such as Google now offer monetary rewards, or “bug bounties”, to hackers who contact them with details of flaws they have unearthed.
Thirty years ago, computer-makers that failed to take security seriously could claim ignorance as a defence. No longer. The internet of things will bring many benefits. The time to plan for its inevitable flaws is now.
One of the biggest news stories this Christmas was the (un-)cancelled release of Sony Pictures’ movie The Interview. In the movie, Seth Rogan and James Franco try to assassinate North Korean dictator Kim Jong-Un. After terror threats against movie theatres showing the film, Sony cancelled the release of the movie. This ultimately increased the movies attention and made the later online release the most successful one this year. Actually, there is a name for this kind of phenomenon: the Streisand Effect. In this episode of INTO CONTEXT, Indy explains why it’s not always smart to try to hide things on the internet.
Alright, people, strap in and keep the laughter to a minimum because we’re going to talk dildos here. Specifically, remotely operated dildos, and other sex apparatuses, including those operated by Bluetooth connections or over the internet. It seems that in 1998, a Texan by the name of Warren Sandvick applied for a patent that casts an awfully wide net over remotely controlled sexual stimulation, specifically any of the sort that involves a user interface in a location different from the person being stimulated. You can find the patent at the link, but here’s the abstract:
An interactive virtual sexual stimulation system has one or more user interfaces. Each user interface generally comprises a computer having an input device, video camera, and transmitter. The transmitter is used to interface the computer with one or more sexual stimulation devices, which are also located at the user interface. In accordance with the preferred embodiment, a person at a first user interface controls the stimulation device(s) located at a second user interface. The first and second user interfaces may be connected, for instance, through a web site on the Internet. In another embodiment, a person at a user interface may interact with a prerecorded video feed. The invention is implemented by software that is stored at the computer of the user interface, or at a web site accessed through the Internet.
Great, except that nothing in the above is an actual invention; it’s essentially an acknowledgement that a dildo could be controlled remotely and an attempt to lay claim to that function exclusively. The description of the art outlaid in the patent rests solely on the claim that sexual stimulation devices have always been either self-stimulation devices or that any remotely operated stimulation devices still required close proximity. But it all rests on what you consider a stimulation device.
Even before this patent was filed, there was a term for this kind of thing in use: teledildonics.
Megan McArdle warns that “cleaning up” Reddit might end up killing the patient:
On Monday, when I wrote about the travails of Ellen Pao at Reddit, I noted that cleaning up the troll-infested caves of its vast ecosystem will not be an easy task for anyone. Its freewheeling, “anything goes” culture is a big part of its appeal to users, and the large number of users is a big part of Reddit‘s appeal to investors. It’s also worth noting that this approach is substantially cheaper than trying to keep a close eye on Reddit‘s ever-expanding universe of subreddits.
But Reddit really seems to want to tidy things up a bit, or at least force the trolls down to the basement where they won’t frighten the visitors. Steve Huffman, a Reddit co-founder who is returning as Pao’s successor, has announced that the company will continue to take steps to curtail undesirable content. Potentially offensive forums will require users to opt in, and anything that “harasses, bullies, or abuses” will be entirely off limits. So a forum whose title is a vile racist slur will be reclassified for opt-in status. But the “Raping Women” forum will be banned outright.
Huffman is laying out some much clearer guidelines than Pao did, which is a good first step (and exactly what I said Pao should have done). On the other hand, that’s no guarantee that this will prevent users from staging a mass exodus.
Yuxin Zhang looks at China’s misunderstood history of tolerance for gay culture:
The Chinese LGBT community and culture have attracted interest among Chinese youth in recent years. Evidence of this is the use of the Internet slang term gao-ji, indicating two men of the same sex having an affair, which has become well-accepted and entered daily use (including among straight people, as a way of teasing each other). The prevalence of the Internet has contributed to gay activism in contemporary China. Gay parades and campaigns have emerged, as young and sometimes middle-aged Chinese are inspired by the LGBT activism overseas that they learn about online, and by events such as the coming-out of celebrities such as Tim Cook and Anderson Cooper, the legalization of same-sex marriage in Western countries, and the discussion of a same-sex marriage bill in Taiwan, with its linguistic and cultural similarities with the Mainland. Some have taken bold actions. In 2010, two Chinese men, Wenjie Pan and Anquan Zeng, hosted the first public same-sex wedding ceremony in Sichuang, a city in China’s southwest.
The Wall Street Journal reported that the Chinese gay dating application Blued has scored a $30 million round of investment co-led by DCM Ventures, as its users reached 15 million at the end of last year. This number is likely to grow, as China has both the world’s largest population and the most Internet users. A concomitant outcome, however, is worrisome. Most gay Chinese men who use online dating applications do so to have casual sex, and this has fueled a spike in sexually transmitted diseases (STDs), including HIV/AIDS. Thus, some middle-aged and older Chinese associate homosexuality with infection by HIV/AIDS and other STDs, and this has contributed to discrimination against the gay community.
One main reason why many people in China oppose homosexuality is because it clashes with their notions of traditional Chinese values. Some even think that homosexuality does not exist in China, and must just be something from the West.