|
|
|||||||
| Peer to Peer The 3rd millenium technology! |
 |
|
|
Thread Tools | Search this Thread | Display Modes |
22-06-11, 06:18 AM
|
#1 | |||||||
Join Date: May 2001
Location: New England
Posts: 10,017
|
Peer-To-Peer News - The Week In Review - June 25th, '11
Since 2002
  "AT&T does not need to acquire T-Mobile to solve its claimed network capacity challenges. Instead, AT&T can implement common industry best practices to gain the capacity it asserts is necessary to serve the growing demands of its network." – Steven Starvitz "For us, this is really a basic right. We consider network neutrality to be as important as freedom of the press, freedom of speech." – Bruno Braakhuis, Dutch Green Left Party "Every week we plan on releasing more classified documents and embarrassing personal details of military and law enforcement in an effort not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities fighting an unjust ‘war on drugs." – LulzSec "You realise we smacked the FBI today. This means everyone in here must remain extremely secure." – Sabu June 25th, 2011  Dutch Lawmakers Adopt Net Neutrality Law Kevin O'Brien The Netherlands on Wednesday became the first country in Europe, and only the second in the world, to enshrine the concept of network neutrality into national law by banning its mobile operators from blocking or charging consumers extra for using rival Internet-based communications services like Skype or WhatsApp, a free text service. The measure, which was adopted with a broad majority by the lower house of the Dutch parliament, the Tweede Kamer, will prevent mobile network operators; the Dutch market leader, KPN; and Vodafone and T-Mobile, from blocking or charging for Internet services. Its sponsors said that the measure would pass a pro forma legal review in the Dutch Senate. Analysts said that the legal restrictions imposed in the Netherlands could shape Europe’s broader, evolving debate over network neutrality, pushing more countries on the Continent to limit operators from acting as self-appointed toll collectors of the mobile Internet. “I could also see some countries following the Dutch example,” said Jacques de Greling, an analyst at Natixis, a Paris bank. “I believe there will be pressure from consumers to make it clear what they are buying, whether it is the full Internet or Internet-light.” Advocates hailed the move as a victory for consumers, while industry officials predicted that mobile broadband charges could rise in the Netherlands to compensate for the new restrictions. “We support network neutrality,” said Sandra de Jong, a spokeswoman for Consumentenbond, the largest Dutch consumer organization, based in Den Haag. “We don’t think operators should be able to restrict the Internet. That would be a bad precedent.” Luigi Gambardella, the executive board chairman of the Brussels-based industry group, the European Telecommunications Network Operators’ Association, warned that the Dutch legislation could deter operators from making needed investments in high-speed networks for fear of building expensive but unprofitable infrastructure. “Any additional regulation should avoid deterring investment or innovative business models, leading to a more efficient use of the networks and to creating new business opportunities,” Mr. Gambardella said. He said operators needed the ability to charge different tariffs for different levels of service, to recoup the costs of data-intensive applications. Operators could still offer a range of mobile data tariffs with different download speeds and levels of service, but they would not be able to tie specific rates to the use of specific free Internet services. Under the law, Dutch operators could be fined up to 10 percent of their annual sales for violations by the national telecom regulator, OPTA. Patrick Nickolson, a spokesman for KPN, said that the legal change could lead to higher broadband prices in the Netherlands because operators would be limited in their ability to structure differentiated data packages based on consumption. “We regret that the Dutch parliament didn’t take more time to consider this,” Mr. Nickolson said. “This will limit our ability to develop a new portfolio of tariffs and there is at least the risk of higher prices, because our options to differentiate will now be more limited.” Stephen Collins, the head of government and regulatory affairs at Skype in London, applauded the move by the Dutch lawmakers. “Skype welcomes the sensible and fair approach the Dutch parliament has adopted today,” Mr. Collins said. “It sets an example for other countries in Europe and elsewhere to follow.” Bruno Braakhuis, a Dutch legislator from Haarlem who was the original sponsor of the legislation, called the adoption a victory for Dutch consumers. “For us, this is really a basic right. We consider network neutrality to be as important as freedom of the press, freedom of speech,” Mr. Braakhuis, a member of the Dutch Green Left Party, said. https://www.nytimes.com/2011/06/23/t...23neutral.html  How “Dirty” MP3 Files Are A Back Door Into Cloud DRM Michael Arrington All the big music sellers may have moved to non-DRM MP3 files long ago, but the watermarking of files with your personal information continues. Most users who buy music don’t know about the marking of files, or don’t care. Unless those files are uploaded to BitTorrent or other P2P networks, there isn’t much to worry about. A list of which music services are selling clean MP3 files without embedded personal information, and which aren’t, is here. Apple, LaLa (owned by Apple) and Walmart embed personal information. Amazon, Napster and the rest have resisted label pressure to do so. A music industry insider who’s asked to remain anonymous writes to us: Quote:
Apple, Google and Amazon are all reportedly in discussions with big labels to provide a cloud music service. These services will allow users to purchase rights to stream music, and they will also allow syncing of songs on your hard drive already so you can play those without repurchasing them (this was the original LaLa model). The labels, say our source, are demanding that a user can only stream music that is watermarked to their username. Change the username, or try to stream music that you’ve ripped from a CD, and those songs won’t play. In other words, it’s DRM déjà vu all over again. http://techcrunch.com/2010/04/06/how...nto-cloud-drm/ Edit & Record Compressed MP3 Files Without Decompressing With MP3DirectCut Tina Sieber MP3 is a digital audio encoding format, in which audio files are compressed to reduce the amount of data (i.e. shrink the file size), without losing sound quality in the ears of most listeners. The standard procedure of editing an MP3 file involves several steps: decompression of the file, editing, and re-encoding to MP3. The decompression and re-encoding process typically results in a significant loss of quality. mp3DirectCut is a freeware audio editor and recorder that can work with compressed MP3 files. It allows you to cut, copy, and paste audio bits or change the volume without decompressing the audio file. In other words, you can edit your MP3 files without a loss of quality. Moreover, you can record MP3s and auto-detect pauses to cut and ID3 tag a file. The Interface mp3DirectCut has a clear interface, which provides easy access to all key features. Editing and playback buttons sit at the bottom of the window, navigation in the middle, topped by the MPEG audio data waveform. Just underneath the menubar sits a list of smaller buttons that provide one-click access to further editing features, including ID3 tag editing or moving selection by frame. If you’re unsure what a button will do, hover with the mouse over it for a tooltip clue. A Closer Look When you open, edit, or save files mp3DirectCut may show a note, such as the one below. Similar tips can be found throughout the program. This is a great feature for new users, as the notes highlight important points and guide the user. mp3DirectCut is very intuitive to use. You can edit mp3 files using the mouse, menu, buttons, or keyboard shortcuts. For several actions there is more than one way to get to the same result, making it easier to find it right away. As mentioned above, if you’re unsure what a button does, just have a peek at the tooltip. For example you can change the volume of an MP3 file or only a section by dragging the grey grips of a cue up or down or click the keyboard shortcut [CTRL] + [UP] or [DOWN]. The brown color indicates that the volume was adjusted. You can then jump to the next cue to the left or right using the respective key in the navigation window or by clicking the keyboard shortcut [CTRL] + [left] or [right]. To summarize, the program is straightforward and easy to learn using trial and error. If you’re stuck, there is always the user manual that you can consult. You can also find the link under > ? > Manual. So to conclude, let me just highlight the… 3 Best Features These are the best features as I see them. Editing Several Files In Parallel File > New program window will open an additional instance of mp3DirectCut, allowing you to edit several audio files in parallel. High Speed Recording With > Special > “High speed” recording you can record 33 rpm longplay records with 45 rpm playback and also set other grabbing speeds as needed. Pause Detection… & Saving Split File So you recorded an entire LP and now you want to split it up into single MP3 files? Go to > Special > Pause detection, and adjust the settings. When the tool is done adding the cues, close the Pause detection window. You now need to change the cues to mark the end of a file. One after another, click each cue and go to > Edit > Names and part properties (or click the respective button), where you need to check > Cue. When you have done all cues, go to > File > Save split to save every region beginning with a cue to a new file. If you need more help figuring out this program, know that mp3DirectCut comes with a good user manual, which also features a list of keyboard shortcuts and command line options. http://www.makeuseof.com/tag/edit-re...-mp3directcut/ Is Apple’s iCloud Music Match a Possible Honeypot? Daniel Nolte Honeypot - noun (from Encarta) 1. something that is inviting: anything that attracts or appeals to large numbers of people ( informal ) 2. Internet server used to entice hackers: a server connected to the Internet that is used as a decoy to attract potential hackers in order to study their activities and techniques Apple recently at their WWDC11 keynote announced a new service called iCloud Music Match. For $24.99 per year, it will scan the user’s machine and mimic all of the user’s music files onto Apple’s new data center for streaming anywhere. In cases where it finds a match with one of the songs in its data files, even if not purchased from Apple, it will make a record of the song and then stream to the user Apple’s 256kb AAC version. Apple presented this as a convenience to the users, saying that the setup will take ‘minutes, not weeks’ in a jab at competitors like Amazon and Google that offer cloud based storage lockers. The unspoken flip side of this is: The users are voluntarily granting Apple the right to scan their system and store the personally identifiable results on Apple’s servers. Presuming that Apple restricts its scan strictly to the information that is absolutely necessary for Music Match to work, what will that be? Quite obviously Music Match cannot work without scanning your files. For example, assume I take any old file and rename it LadyGaga:BornThisWay.mp3 and add it to my library. Obviously, Apple is not going to send me the music just because of the file name. I also doubt that there is going to be any process that is going to ‘listen to’ the music to see if it sounds like a recognized song. Instead, chances are the Music Match feature will, at a minimum, examine the header information on the MP3 file and run a hash calculation on the entire contents of the file. Although the ‘DRM free’ MP3 now being provided from many of the the major music download companies can be played anywhere, each download is watermarked with header information specific to the exact purchase and purchaser. This article from Techcrunch gives more details on ‘dirty’ MP3s. Consequently, if you purchase a ‘DRM free’ MP3 file from iTunes and then share it, and the person(s) who received it saves it to their iCloud, then Apple will know both (i) who shared their copy and (ii) whose copy is illegal. For files from other watermarked retailers, the same information would only require coordination with the other site. Next consider music pruchased from sites that sell legal but ’clean’ MP3s without watermarks. These files will have unique MD5 or SHA-2 signatures that can distinguish them to a particular company. They will certainly have different signatures than the watermarked versions (because the addition of the watermark) and they will be unique from versions of the same song encoded by others. When Apple’s servers detect a number of copies far in excess of the ‘clean’ mp3 company’s reported sales, they will know where to suspect illegal copying. Then there will be MP3s that individuals created themselves from, for example, ‘ripping’ their CD collections. While these are not watermarked to the individual, they appear to be unique for each ‘rip’. To confirm this, I ran a test with fresh installations of the exact same CD ripping software on two different computers. I then had them rip the same track from the exact same CD using the unchanged system default settings on both computers. The MD5 hashes did not match. Small differences between the two reads, the internal timestamps, the system metadata, etc. likely resulted in the mismatch. It will almost certainly also be different from the file hashes from legal download sites, both those that watermark and those that do not. In short, if you and thousands other people have MP3s of the same song with the same file hash value, you will not be able to credibly claim it occurred because all of you ripped it from your CD collections. MD5 hash values are a cornerstone of computer forensics and fully accepted as evidence that two files are identical copies of each other. You could claim that you didn’t download the song from the file sharing network because you were the one who uploaded it, but I doubt that will help your legal predicament. Some people I have mentioned this concern to have essentially accused me of heresy and paranoia because “there is no way Apple would do that to their users”. Apple would not have to. They would simply have to comply with an information demand from the RIAA, who has had no problem with being seen as the bad guy in hardball enforcement against file sharing. Moreover consider this: 1. Apple is the largest music retailer on the planet. 2. Apple believes, possibly justifiably, that it loses billions of dollars annually to illegal music file sharing. 3. The easiest way out of the legal jam over challenged content in your iCloud storage would be to convert the suspected iCloud music by buying it from Apple. Apple becomes almost like a white knight in the process. Several notable commentators, such as Berklee Music chief David Kusek and publisher rights lawyer Micheal Speck, have either in favor or against, called the iTunes Music Match service ‘amnesty for pirates’. I think they may be surprized at how this really plays out. http://betweenthenumbers.net/2011/06...ible-honeypot/ Turntable.fm Really Is Awesome. Is It Legal? Peter Kafka Turntable.fm is a little miracle that does something simple and essential: It lets you play your favorite songs for your friends and strangers on the Web, in real time, for free. I’d say it’s astonishing no one has done it before, but it’s not: The music business has a long tradition of resisting good ideas. So how did the Turntable.fm guys finally get the industry on board? They haven’t. The start-up doesn’t have deals in place with any labels or publishers. [Record-scratch sound here.] This doesn’t mean that Turntable.fm is illegal. The company believes it’s obeying the law, and it might be right. But this thing has gotten so buzzy, so fast, that it’s going to be hard for the label lawyers to stay away. Here’s how Turntable got started, how it works, and why it might be able to stick around. But if you haven’t already, go play with it now, just in case. The backstory: Turntable started as Stickybits, which did something hard to explain involving barcodes and geotagging, and seemed more like an art project than a business. Last year it raised nearly $2 million. This spring, CEO Billy Chasen abandoned that idea and used his remaining money to build Turntable. This one is easy to describe. Here goes: You and up to four other people take turns streaming just about any song you want for anyone who wants to listen, for free, in one of the site’s “rooms.” A deal with MediaNet, a digital content provider, gives Turntable access to millions of songs, and if the song you want to play isn’t there, you can upload your own MP3 to the site and play that. There’s a chat feature so you can compare notes, and you can “follow” your pals. That’s about it. There’s a “gamification” element where you can collect points and rewards for playing music people like, but that’s definitely secondary. The real thrill is sharing music, and discovering music. The law: So how can any of that be legal without label deals? In short, Chasen believes he’s able to run the service under the protection of the Digital Millenium Copyright Act (DMCA) — the same law that lets Pandora operate without label deals — as a “non-interactive” Web radio service. That description will seem odd to most people who’ve used Turntable. Because the service doesn’t seem like radio at all, and it is most definitely interactive. You pick the songs you want to play, and the order you want to play them. And if you’re really into it, you’ll change that on the fly, based on the song the person before you just played. But if you spend enough time mucking around with Turntable, you’ll start to run into small constraints here and there. You can’t play music in a room by yourself, for instance. And there’s a limit on the number of times you can play a song by a single artist per hour. And you can’t see the next song another user has cued up. None of these limits seem like real limits, because they don’t detract from the service’s core appeal. But these are all rules that “DMCA-compliant” Webcasters work under, and they’re evidence that Chasen is trying to do the same thing. If it works, he’ll simply pay music owners a flat fee for each song he streams every month, just like Pandora does. The precedent: In addition to Pandora, Chasen has another model to work with here: 8tracks, a three-year-old service that also lets you play any music you want, and listen to other people’s music, for free, using a DMCA license. The main difference is that instead of playing the songs live, you create “mixtapes,” which other users play back on their own time. 8tracks never got the same kind of buzz that Turntable is getting, but it has diligently built up a fan base, and now draws more than two million users a month. Just as important, it’s been able to stay out of legal trouble. I think it’s a pretty great story. There’s a technical difference between 8tracks and Turntable, too: 8tracks relies on songs its users own and upload, while it seems like most people on Turntable are using the tracks Chasen and Medianet provide. That distinction seems like a small one, but some music biz folks I’ve talked to have pointed to that as a red flag.* The problems: The risk for Turntable is the same one every music start-up without label deals faces: Not that a court will find them guilty of something, but that they’ll have to spend a lot of time and money on lawyers. And while it seems blindingly obvious that Turntable.fm is a great thing for the music business — it lets music fans tell other music fans about music they like, the best possible advertising — I wouldn’t put it past a label or two to gripe about the service. Particularly if it makes the leap from the digerati into the mainstream. (It’s important to note here that there are lots of traditional music business folks who are resentful of Pandora’s success, even though the company pays out more than half its revenue to copyright owners.) If Turntable does sidestep legal challenges, it will have to make money one day, too. This is also an issue, since no one’s actually proved that free, ad-supported Web music can be profitable. But I’m much less worried about this one. If it gets to that point, the Turntable guys should at least be able to tell advertisers that their ads will be much more effective, since Turntable users spend a whole lot of time looking at their screens. Does any of this matter? I’m an unlikely candidate to get swept up in the buzz around a hot Web site. I’m reflexively cautious about that kind of behavior, and it’s easy to point to buzzy start-ups that shot up, then cratered (Myspace), or never got above the buzz stage to begin with (Chatroulette). And even if Turntable does stick around, it’s possible that it’s just a feature and not a business. But this one feel pretty special. We’ve had plenty of music sites, and plenty of social sites, but none that mixed them well together. I hope they make it work. —————————— *Don’t want to bog this down in legalese, but note that Google and Amazon’s music locker service, which doesn’t have the labels’ blessing, relies on music its users provide. But Apple got the labels’ blessing to provide a “scan and match” service, where a single master track could be used by multiple listeners. I wouldn’t be shocked to hear a music label lawyer tell Turntable its model is closer to Apple’s, and requires a separate deal. http://allthingsd.com/20110621/turnt...e-is-it-legal/ Grooveshark Adds Channel for Emerging Artists Brenna Ehrlich Are you an on-the-cusp band hoping to get in on that music subscription craze? Well, Grooveshark has just launched a radio channel called “Breakthrough Radio,” packed with tunes courtesy of Indaba Music. Indaba, a music creation/collaboration platform, is open to any band with the capital to join. The service already has 600,000 registered users, and now Grooveshark is tapping into those indie bands to provide entertainment for its 30 million monthly unique visitors. Indaba members need only to submit music via the site to be considered for inclusion in Breakthrough Radio. Yes, musicians can submit their music to other streaming/subscription services, like Pandora and MOG (which pulls in music via distributors). But the fact that Grooveshark is working with Indaba will likely make this a much more straightforward experience for bands — and will likely bring more bands into the Indaba fold. This isn’t the first time a music service has focused on up-and-coming bands — startup EarBits draws solely from that well. But Grooveshark is an extremely popular service, so this is a good move for musicians. Keep in mind, however, that Grooveshark’s iPhone and Android apps have been booted from their respective stores due to record label complaints, which does significantly limit the potential number of listeners. http://mashable.com/2011/06/21/grooveshark-indaba/ Radio and Records: Can’t We All Just Get Along? Mike Agovino Not long ago the music Industry was raking in $40 billion a year in sales. Today it sits at around $15 billion. Radio, once a $20 billion industry, is hanging on at a respectable $17 billion but faces significant challenges from a combination of new competitors pursuing its audience and advertising revenue while the overall trend toward digital advertising continues to divert budgets away from traditional media. No matter what you believe, one thing is for certain; radio faces more competition for audience than ever before. Just the number of phone conversations occurring in the car each day would logically have to put a dent in time spent with radio. As we move forward the challenges will only intensify as marketplace disruptors make their presence felt. Personalized music services like Slacker and Pandora have been aggressively building audiences online over the past eighteen months. With Pandora’s IPO this week, it now has a fresh influx of cash to keep investing in expanding its service. In just the past few weeks Amazon, Apple and Google have entered the equation announcing cloud based music services. They join a crowd that already includes the likes of Rhapsody, Rdio and Spotify, which is rumored to be announcing a big deal with Facebook. Business plans for these companies clearly identify the battlefield as the mobile device and automobile. For years those of us in radio have referred to the car as a “radio with wheels”. Some in the radio business don’t see these “pure” players as competition because they are based upon computer algorithms rather than professional curators. However, seeing these companies as anything other than competition is short sighted. Over time these companies will add more sports and talk programming and probably use some of these same technologies to build recommendations and playlists of spoken word content. Slacker recently announced deals with ESPN and ABC News while Pandora launched a new comedy service. Online companies are building audience and a portion of that audience is coming from terrestrial stations. Soon, if not already, the online players will reach scale where they can sell the value of their audience to the same local advertisers to which radio sells ad inventory—that’s a competitor in my book! So, what next for these two long time allies, radio and record labels? The record industry’s solution has been to re-think free access to music performances by radio stations and lobby congress to institute a first ever over-the-air royalty. Over the air radio has been exempt from a performance royalty by a decades old understanding, but its online offerings are not. Terrestrial stations must pay a hefty royalty for performances that are streamed over the Internet. Pure plays, or internet-only stations, pay lower royalties than over the air broadcasters do—in some cases the difference is very large. I’ll skip the history lesson and just tell you that broadcasters who stream music content pay nearly $2.00 for every thousand listeners who hear a song. Those fees are scheduled to increase over the next few years to around $2.40 for the same thousand listeners. The average music station that streams is playing around 13 songs an hour. Those same stations are selling about six ads per hour and filling the rest of their break with PSAs and filler music (In the long term radio will come to find that they can’t serve more than 6 or 8 ads an hour online so today’s sellout rate is not the issue). With twice as many songs played as ads sold the impact of the royalty is a double-whammy, costing the broadcaster about $4.00 per thousand exposures to an ad. There are other costs to streaming as well. You’ve got to pay ad agency fees and sales commissions as well as hosting, ad serving and measurement fees. All of this has an additional $2.00-$3.00 impact. Depending on the size of the broadcaster, total costs are somewhere around $7.00 CPM. My firm provides services to both pure plays and broadcasters, so we have some visibility into the current advertising economics in the space and present day monetization levels are around $5.00 CPM. In other words, broadcasters who stream their content are not turning a profit doing it. The audience will continue to migrate online and radio brands need to make sure they exist where and how the audience wants them. Radio and record labels need to find business models that build value for both industries in this new world. Negotiations between the two have been on and off for years now with no resolution in sight. The music industry, broadcasters, artists and consumers are going to continue to take it on the chin if we can’t get these problems resolved. The future for both is better together than apart. There’s an old saying that “you can’t stand in the way of technology” and it’s true. As much as many in radio and records would love to turn the clock back and protect their existing way of life . . . it’s not going to happen. Here’s my suggestion, institute an over the air royalty that starts at one percent of revenue and escalates to five percent of revenue over the next 10 years, then remains at that number in perpetuity. At the same time, institute a new set of streaming fees that start at twenty five percent of revenue and decline to five percent over the next 10 years and remain there. An all-in, five percent revenue share across the board in 2021 would allow broadcasters to anticipate and structure accordingly while also allowing the labels to bring in hundreds of millions of dollars today and billions in revenue over time. On the flip side it would let the labels participate in a meaningful way while not preventing broadcasters from building a profitable online business. I believe in radio’s future but only if radio makes an aggressive online play and that play can not be made without the music industry helping to build that future instead of holding onto the past. http://techcrunch.com/2011/06/18/rad...rds-get-along/ Wheels of Steel DJ App Puts HTML5 Decks in Your Browser Duncan Geere A coder named Scott Schiller has built a pair of HTML5 decks that lets you DJ in your browser using music from Soundcloud. It’s called “Wheels of Steel.” The web app, which you can play with in your browser at wheelsofsteel.net, puts a pair of Technics SL-1200s in front of you, along with a simple mixer. You can load songs onto either turntable, and then mix between the two. With a bit of practice, it’s even possible to beat-match, as you can see in the video above. Flash-based turntables have been around for some time, as Schiller notes on his blog, but with very limited functionality. “Animations were simplistic, and there was no real scratching aside from prerecorded loops and samples that could be triggered. Without pitch-bending, mixing tracks was not really possible,” he says. Schiller’s turntable has scratching, pitch-bending, simulations of power-down and electronic brakes, tone-arm drift, a sample for the “end of record” sound and even careful calculations for the physics of the interaction between the record and the turntable itself. You can read all the gory details, if you’re that way inclined, at Schiller’s blog. Despite all that, Schiller isn’t happy. “CPU and audio latency are the primary issues with the prototype,” he says, calling it “an experimental bit of web audio fun, stamped with a number of warning labels.” It goes without saying that you’ll need a modern browser to get the best of it, ideally with support for GPU acceleration. But it’s still impressively usable. “In theory, an accelerated MacBook Pro and Safari setup should suffice for DJing a small gathering, house party,” says Schiller. “It’s not intended for pro or ’skratch’ DJs as frankly, it will quickly disappoint — and what DJ really wants to scratch records with a mouse, anyway?” http://www.wired.com/underwire/2011/...-html5-dj-app/ uTorrent / BitTorrent Sued For Patent Infringement Ernesto BitTorrent Inc., the makers of uTorrent and the BitTorrent Mainline client, have been sued for infringement of a file-sharing related patent. According to the complaint, the BitTorrent clients infringe on the rights of San Francisco-based company Tranz-Send Broadcasting Network. The company demands compensation and if the court agrees, this case could have a disastrous impact on the BitTorrent landscape. By now we’ve become accustomed to copyright infringement lawsuits, where people are suspected of illegally distributing movies and music using BitTorrent. However, according to a lawsuit filed at a U.S. District Court this week, BitTorrent is also an infringement in its own right. Tranz-Send Broadcasting Network filed a complaint at the court this week where it alleges that BitTorrent is infringing on a patent originally filed in April 1999. The company claims to have suffered significant losses and wants to be compensated for the ongoing patent infringement. “By making, operating, using and/or selling [uTorrent and BitTorrent Mainline] and or other software, BitTorrent has infringed and continues to infringe, contribute to the infringement, or induce the infringement of at least claim 1 of the ’944 patent,” the complaint reads. The patent in question is titled “Media file distribution with adaptive transmission protocols” and was granted in November 2007. It describes a file-sharing system consisting of a file database, a transfer client and a distribution server. “A server/client media file distribution system is provided in which the server system is adapted to receive transmission requests from clients, status information from a network, and protocol information from each client,” company writes in the patent abstract. “The server, based upon this information, adaptively transmits a given media file stored therein to one or more clients using the optimal transmission speed and/or network protocol based on the network status information and protocol information,” the abstract adds. The above is certainly not how most people would describe BitTorrent, but its is up to the District Court Judge to assess the validity of the patent infringement claim. Aside from BitTorrent Inc., Tranz-Send Broadcasting Network have also sued Kontiki Inc. on similar grounds. Kontiki offers a media content delivery technology that is hybrid of central servers and P2P transfers. Unlike BitTorrent Inc, Kontiki’s user base mostly consists of businesses who can use the software to stream and distribute video. According to the complaint, this software also infringes on the aforementioned patent. Although it’s not easy for an outsider to assess whether the case holds water or whether it’s classic patent trolling, the fall-out could spread far and wide. Together, the two BitTorrent clients mentioned in the lawsuit have a user-base of more than 100 million users worldwide. If BitTorrent Inc. is suddenly required to pay royalties for each and every download, this will drastically impact the company’s operations. Not to mention the spill-over effect it may have on other BitTorrent software companies. BitTorrent Inc. was asked for a comment on the lawsuit, but TorrentFreak was told that the company currently has nothing to add. http://torrentfreak.com/utorrent-bit...gement-110619/ BitTorrent - It's Not Just About Copyright Any More Groklaw Peer-to-peer provider BitTorrent is somewhat familiar with being at the center of copyright controversies, but last Tuesday, June 14, it entered the realm of patent disputes when it was sued by Tranz-Send Broadcasting Network, Inc., a Delaware corporation, for infringement of Tranz-Send's U.S. patent number 7,301,944 (the '944 patent). The '944 patent, entitled "Media File Distribution With Adaptive Transmission Protocols," was filed on April 16, 1999, and issued November 27, 2007. This patent claims priority back to an application filed on October 24, 1997, so that is the relevant priority date for any prior art. The abstract for the patent describes the invention as follows: Quote:
By the way, Bittorrent is not the only defendant; Tranz-Send has also asserted the '944 patent against Kontiki, Inc. in this same suit. Tranz-Send is not your stereotypical patent troll. It is a start-up company in the Bay Area focused on "developing the BlockBuster of the Internet, by electronic transfer to computers which are conected to the TV, for the same cost of rental plus a dime." It's CEO is a fellow named Scott Redmond, who, if he is the same Scott Redmond who started Peep Telephony, comes with some baggage. He certainly thinks highly of himself. Given all of that, one has to wonder whether Tranz-Send isn't just a fiction to hide the troll activity. Our interest in this case arises from the important role that peer-to-peer transmissions play in the development of free and open source software, so it will be interesting to follow. http://www.groklaw.net/article.php?s...10620131823846 Five Best BitTorrent Applications Alan Henry We're big fans of BitTorrent. It's the fastest way to download files quickly without lining up for an HTTP download or opening an FTP client, and it's a great way to host large files without having to provide all of the bandwidth on your own. Here's a look at five of the most popular BitTorrent applications. Most of you are already familiar with BitTorrent, but if you're not sure what all the fuss is about, check out our beginners guide to BitTorrent. Once you're through that, head on to our intermediate guide, which can speed up your downloads and improve security. Those of you who already have a favorite client responded en masse when we asked you which you preferred, and now we're back to feature the ones you suggested. Deluge (Windows/Mac/Linux) Deluge is one of the most lightweight BitTorrent clients available. Part of the reason it's so light on system resources is because of its robust plug-in catalog, where most of the real power comes from. The bulk of its features come from available plugins, and those plugins are just as cross platform as the core application is. Deluge supports private torrents, encrypted transfers, password protection, and bandwidth scheduling, so you can let the app eat your available bandwidth when you're asleep or at work, but throttle it back when you're home. Deluge is completely free. Transmission (Mac/Linux) For a long time, Transmission was the only feature-rich BitTorrent client available for the Mac, and even today, it's the go-to client for many. Transmission is free, open-source, and runs just as well in Linux as it does in Mac OS X, and the developers provide distro-specific packages of the application for your downloading needs. The app is also designed to run quietly in the background without eating too much bandwidth or memory, but doesn't skimp on the features. Transmission sports robust system notifications, download scheduling, magnet links, port forwarding, remote management, encryption, and more. µTorrent (Windows/Mac/Linux) µTorrent was one of the first solid, lightweight BitTorrent clients to hit the Web, and since then it's soared to massive popularity. It doesn't hurt that µTorrent is a tiny installation, easy to use and understand, but has enough advanced features to keep the pro users hooked on the app. For example, µTorrent supports remote control, scheduling, port forwarding, and smart bandwidth throttling – it'll give up bandwidth as you start to use bandwidth-intensive applications without you forcing it to. Plus, it's developed and owned by the same people who invented the BitTorrent protocol. There was a time when µTorrent was Windows only, but that's clearly no longer the case. Best of all, it's free. rTorrent/ruTorrent (Linux) Who needs GUIs? rTorrent and ruTorrent are free, designed for Linux and Unix-based systems, and will handle your downloads entirely by command line. When we say "entirely," we mean it –it's not like rTorrent or ruTorrent have some web interface you just have to toggle, it's not there. If you want it, you'll have to download a plug-in. Still, if you're managing your torrents remotely on a Linux box on your network, rTorrent lets you log in and manage them easily without firing up an app to do it. Plus, both apps support SSH remote control, so you don't even have to be home to manage your downloads. Vuze (Windows/Mac/Linux) Where all of the other applications focus on being as lightweight as possible, Vuze takes a different approach. The app goes above and beyond to include as many features as it can. Vuze will download and manage torrents, and it also supports remote management, mobile devices, and bandwidth throttling. Vuze is also a video player, and can play HD video, or push it to your mobile device. The app automatically detects iTunes and iOS devices like the iPhone, iPad, and Apple TV. It also supports streaming audio and video to Android phones, BlackBerry devices, and game consoles like the XBox 360 and PS3. It's not the lightest of the group, but it tries to manage all of your downloads and help you enjoy them at the same time. Vuze comes in two flavors – a scaled back free version, and a "plus" version with all features unlocked, for $24.99 per year. http://lifehacker.com/5813348/five-b...t-applications uTorrent 3.0 Arrives with Streaming and Web UI Christopher MacManus Release the hounds! uTorrent 3.0 was released yesterday for seeders and leechers everywhere. Four million users tested various alpha, beta, and release candidate versions of the anticipated v3 of the popular BitTorrent software, which is a darling of the download scene owing to its simple interface and lightweight footprint (for example, the installer is only 624KB). A slew of new features are embedded in the upgraded client, including streaming video; uTorrent remote; ratings and comments; and drag and drop sending. There's also mention of an exciting new encrypted Web-based UI, dubbed uTorrent Web, which enables access to µTorrent from anywhere on the Internet (you can also control the software using Android Remote for uTorrent). BitTorrent also detailed a new app called uChat, which allows users of uTorrent 3.0 and BitTorrent Chrysalis clients to communicate with each other. Now all of those flame wars going on in torrent comment threads can happen in real time! The company hopes that the chat add-on will be a place for all users to help one another, share tips, and possibly pose as "an interesting marketing/social engagement opportunity for independent artists and creators to directly communicate with their fans." Here is a breakdown of the new features in uTorrent 3.0, according to the official press release: • Streaming: Watch videos within seconds with progressive downloading--no need to wait for the entire file to download. This feature is especially useful for previewing a file before committing to the full download. • uTorrent Remote: Start, stop, and monitor torrent downloads on the go. Access the uTorrent client from any Web browser (visit https://remote.utorrent.com to sign up), or download the beta of our Android app. • Ratings and Comments: Ratings enables the collective wisdom of the community to ensure the quality and security of downloaded torrents. Join in and contribute by simply clicking on the ratings or comment buttons in the torrent manager. • Drag and Drop Sending: Easily send massive personal files--e.g., home movies, smartphone videos, and hi-res photos--directly from uTorrent. Select a file on your computer, drag it into the uTorrent "Drop files to send" box, and uTorrent will create a Web link. Send the link via e-mail, social-media post, or similar means to share your content. • Simplified UI: Minimize parts of the uTorrent interface with a click. Perfect for anybody who wants a minimal interface, this feature cuts out distractions and focuses on the business of finding and playing content. • Portable Mode: Run the uTorrent client directly from a USB key and take it anywhere. • Stability, etc.: Under-the-hood improvements including a focus on stability as well as improved Web seeding to add speed and reliability to the process of finding the original source of a single-source file. • uChat app (beta): Chat with other uTorrent users around the world in real-time by installing this optional app. Some other interesting facts mentioned by the BitTorrent group about uTorrent: the software is available in 30 languages, usually supports 100 million active monthly users, and is downloaded on average more than 400,000 times a day. http://news.cnet.com/8301-17939_109-...ng-and-web-ui/ Righthaven Says It Owns News Articles It’s Suing Over — for Real This Time David Kravets Copyright troll Righthaven told a federal judge Thursday that it has revised its contract with the Las Vegas Review-Journal to give it full copyright ownership over some of the newspapers’ content, in a bid to squelch a legal controversy over whether it has the right to sue bloggers who’ve quoted from the articles without permission. Three decisions the past week found that Righthaven, which has lodged more than 200 suits, never had standing to sue over content produced by Stephens Media publications, including the Review-Journal. In one ruling, U.S. District Judge Roger Hunt dismissed Righthaven’s well-publicized case against the Democratic Underground blog, finding that Righthaven attempted to “manufacture” standing to sue. In that case, Democratic Underground was targeted for posting four paragraphs from a 34-paragraph story published by the paper. Hunt noted that Righthaven and Stephens Media had agreed to share the proceeds of any damages awards or settlements — but Stephens Media kept ownership of the copyrights in the articles, which meant Righthave had no right to sue over the work. Two other Righthaven cases met the same fate this week. With its entire business model at risk,Righthaven countered this week, asking Judge Hunt to reopen the case and allow Democratic Underground to be held liable again for last August’s alleged infringement. Righthaven said the 1-year-old agreement between Stephens Media and Righthaven has been altered, and now gives Righthaven standing to sue. “… Under the amendment, Righthaven is the assignee and sole owner of the copyrighted work at issue in this case,” Righthaven told Judge Hunt in a filing (.pdf) Thursday. Whether Hunt will reopen the matter is unclear. Last week, he called the amended agreement “cosmetic,” but did not rule on its validity. Righthaven, which received a $500,000 investment from Stephens Media, still hopes it can make a scalable business out of suing people for clipping newspaper articles online. Righthaven chief Steve Gibson said in an interview last week that he was unfazed by the recent rulings against him. Because the statute of limitations for copyright infringement is three years, that gives him plenty of time to build a paper trail with Stephens Media that can withstand the court challenges. The Copyright Act allows for damages of up to $150,000 per infringement. More than 100 bloggers and websites settled with Righthaven before the issue of Righthaven’s standing to sue was brought to light. They are now mulling potential legal recourse. http://www.wired.com/threatlevel/201...-survival-bid/ The Return Of The Broadcast Treaty Mike Masnick Not this again. For the better part of a decade, broadcasters have made efforts to create a "broadcast treaty" which would grant broadcasters extra special rights above and beyond copyright. Under such a rule, a broadcaster who put on public domain material could then claim a "broadcast right" to the content and lock it up. It doesn't make any sense, and thankfully, every time it's been introduced it's ended up not getting approval. Honestly, I'd thought this was one issue that had finally died... but I should never underestimate those who seek greater intellectual property rights. Apparently, folks at WIPO are once again trying for a Broadcast Treaty. Thankfully, opposition is already organizing: The advocates of a broadcasting treaty have not shown that there is an problem in the area of piracy that cannot be addressed by existing laws on copyright or theft of service. The treaty is in essence an attempt by corporate broadcasting entities to change outcomes of licensing negotiations, by giving the broadcasters a right that they would otherwise have to acquire by contract, in return for something they would give the copyright holders. [....] In its most aggressive formulations in terms of rights of casting entities, the treaty would provide up to 50 years or even perpetual exclusive rights in content for which the broadcaster did not create and does not own the copyright. This creates a thicket of permissions that makes it much more difficult to redistribute and reuse content. http://www.techdirt.com/articles/201...t-treaty.shtml Why Is The Justice Department Pretending US Copyright Laws Apply In The UK? Mike Masnick We already mentioned the attempt by the US to extradite Richard O'Dwyer, a UK student who ran TVShack.net and TVShack.cc, both of which were seized by ICE. Unfortunately, most of the press reports out of the UK lacked details, and I wasn't even entirely sure that an actual attempt at extradition had been made, or if there was just fear on the part of the O'Dwyer family. After some digging, however, it appears that this is absolutely the case. The Justice Department, out of the Southern District of NY -- the same DOJ offices that have been involved in the ICE seizures -- and ICE, via the US embassy in London, made the request to extradite O'Dwyer. I've now heard that from three separate sources. I also called the folks in the press office at the US Attorneys' office in SDNY to see if they were willing to respond to questions about the attempted extradition, and the answer is they don't want to talk about it at all. I believe the two quotes were "there is nothing in the public record we can comment on" and "there is no additional guidance we can give you," though they did offer to send me the press release they sent out when they helped seize the TVShack domains. Helpful. Now, let's be entirely clear here. Dwyer has not violated UK law. Pretty much everyone agrees on this. In our initial post, we discussed a few similar cases in the UK that showed such site administrators were not liable. UK legal experts have been saying that what O'Dwyer did is legal in the UK as it matches up almost entirely with previous cases where people doing nearly identical things were found to have not violated the law. So this is a massive jurisdictional and sovereign disaster waiting to happen. Basically, the US appears to be claiming that if you do anything on the internet, you're subject to US laws. That's crazy and is going to come back to haunt US law enforcement. Do they not realize that this is the same thing that other countries have tried to do to US citizens? The US even passed a law, the SPEECH Act, to make it clear that US citizens were not subject to the liability of other national laws, just because such things happen on the internet. To then turn around and pretend the opposite is true for everyone else is just massive hypocrisy. Separate from all that, it's highly questionable if O'Dwyer is even violating US criminal copyright law, because there is no such thing as contributory criminal infringement (there is for civil copyright law, but it's nowhere to be found in criminal law). Effectively, it appears that the US government wants to seize someone and drag them across the ocean to face federal charges for doing something that was (a) perfectly legal in his home country and (b) probably legal in the US. Do they not see how that might create some issues? Honestly, this seems like the latest in a long series of massive screwups by ICE and the DOJ in the Southern District of NY, who appear to have rushed into the whole "copyright enforcement online" arena without bothering to understand the technical, legal and political issues involved. What they've done here is create an international incident, for which there will undoubtedly be ramifications. I've heard that while O'Dwyer is fighting the extradition, many suggest that it's effectively a done deal, that the UK government has agreed to the extradition without any scrutiny of the actual charges. I'm embarrassed that my country would make such a request in the first place, and shocked that the UK would merrily go along with it, sans scrutiny. It's gone beyond exporting our IP laws through treaties and diplomatic pressure to the absolutely ridiculous stance that the US government can (1) make up their version of copyright law and then (2) automatically apply those made up laws around the globe. http://www.techdirt.com/articles/201...apply-uk.shtml F.B.I. Seizes Web Servers, Knocking Sites Offline Verne G. Kopytoff 9:22 p.m. | Updated Adding additional comments from DigitalOne. 6:16 p.m. | Updated Adding that the F.B.I. did not comment. 6:55 p.m. | Updated Adding comments from Curbed Network and Instapaper. 7:35 p.m. | Updated Adding comment from DigitalOne. The F.B.I. seized Web servers in a raid on a data center early Tuesday, causing several Web sites, including those run by the New York publisher Curbed Network, to go offline. The raid happened at 1:15 a.m. at a hosting facility in Reston, Va., used by DigitalOne, which is based in Switzerland, the company said. The F.B.I. did not immediately respond to a request for comment on the raid. In an e-mail to one of its clients on Tuesday afternoon, DigitalOne’s chief executive, Sergej Ostroumow, said: “This problem is caused by the F.B.I., not our company. In the night F.B.I. has taken 3 enclosures with equipment plugged into them, possibly including your server — we cannot check it.” Mr. Ostroumow said that the F.B.I. was only interested in one of the company’s clients but had taken servers used by “tens of clients.” He wrote: “After F.B.I.’s unprofessional ‘work’ we can not restart our own servers, that’s why our Web site is offline and support doesn’t work.” The company’s staff had been working to solve the problem for the previous 15 hours, he said. Mr. Ostroumow said in response to e-mailed questions that it was not clear if the issues would be resolved by Wednesday. A government official who declined to be named said earlier in the day that the F.B.I. was actively investigating the Lulz Security group and any affiliated hackers. The official said the F.B.I. had teamed up with other agencies in this effort, including the Central Intelligence Agency and cybercrime bureaus in Europe. Mr. Ostroumow declined to name the company targeted by the F.B.I. and said that he did not know why it had drawn their interest. It was also unclear why the agents took more servers with them than they sought, he said. The sites of the Curbed Network, including popular blogs covering real estate, restaurants and other topics, were all unavailable Tuesday evening. Lockhart Steele, Curbed’s president, said his team realized that the company’s sites were down at around 3 a.m. and contacted DigitalOne. After initially declining to say what had happened, DigitalOne explained that the F.B.I. had raided the data center, Mr. Steele said. “Our servers happened to be in with some naughty servers,” he said, adding that his sites were not the target of the raid. Curbed is working to get its sites back online, probably by Wednesday. The raid also affected a server used by Instapaper, a popular service that saves articles for later reading. Marco Arment, Instapaper’s founder, said he lost contact with a server hosted by DigitalOne early on Tuesday. Instapaper’s Web site is still operating but has slowed somewhat. Mr. Arment said he had not heard from DigitalOne or law enforcement, and had no reason to believe that Instapaper was a target of the raid. Pinboard, a bookmarking site, was operating on a backup server and some of its features were turned off, a post on its site said. DigitalOne provided all necessary information to pinpoint the servers for a specific I.P. address, Mr. Ostroumow said. However, the agents took entire server racks, perhaps because they mistakenly thought that “one enclosure is = to one server,” he said in an e-mail. DigitalOne had no employees on-site when the raid took place. The data center operator, from which DigitalOne leases space, passed along the information about the raid three hours after it started with the name of the agent and a phone number to call. Before learning of the raid, Mr. Ostroumow, who is in Switzerland with the rest of his team, thought the problem was a technical glitch. Nick Bilton contributed reporting. http://bits.blogs.nytimes.com/2011/0...es-offline/?hp Instapaper Server, Including Data and Codebase, Seized by FBI in an Unrelated Raid Audrey Watters Early Tuesday morning, the FBI raided a datacenter run by the Swiss hosting company DigitalOne in what it claimed was a move to thwart "international cyber crime rings distributing scareware." But it appears as though the Feds seized a lot more than just those "scareware" servers, as, according to Marco Arment, creator of Instapaper, one of the servers that the startup leased from DigitalOne was also taken. The FBI raid on Tuesday caused outages to several services unrelated to the alleged criminal activities, including that of the bookmarking tool Pinboard. While Instapaper itself wasn't knocked offline, Arment says that the server it leases from DigitalOne remains offline. "As far as I know," says Arment, "my single DigitalOne server was among those taken by the FBI (which I'm now calling "stolen" since I assume it was not included in the warrant). I'm assuming this because it became unreachable and stopped sending updates to my internal monitoring system at approximately the time that the FBI raided the datacenter, and has not come online again since then." Arment was using this server as a MySQL replication slave to help improve the site's performance. Without this server, says Arment, Instapaper has been slower. While, yes, Instapaper did remain online, the results of the seizure are still incredibly troubling. Arment says that the FBI now presumably is in possession of a complete copy of the Instapaper database, including a full list of users and any non-deleted bookmarks. While passwords for Instapaper are stored only as hashes, the email addresses associated with users are stored in the clear as are the contents of the bookmarks. The server also contained a complete copy of the Instapaper website codebase. Arment laments that, "due to the police culture in the United States, especially at the federal level, I don't expect to ever get an explanation for this, have the server or its data returned, or be reimbursed for the damage they have illegally caused." The FBI has been actively seizing domains lately, something that the EFF among others are challenging as First Amendment violations. The seizure of the DigitalOne servers certainly points to other problems that are being caused by the U.S. government's efforts to crack down on "cybercrime." As an avid Instapaper and Pinboard user, I certainly don't feel safer now. Do you? http://www.readwriteweb.com/archives...ebase_seiz.php Server Update About 40 minutes ago, at 11:45 PM EST on June 23, the server that I believe the FBI took during the DigitalOne raid came back online for the first time. The logs indicate that it was not booted into its OS during the time it was missing. DigitalOne has still said nothing about the raid to me, but my best guess is that the FBI did have physical possession of the server for this period. If so, they could have copied the data from the drives without booting from them and without leaving evidence of the copy. Since it was returned so quickly, it’s likely that they determined that it wasn’t part of their target group and wanted to avoid any problems that could have resulted from its continued seizure. While they could have copied the data for future analysis, I believe it’s unlikely that they would have reason to do so. Regardless, I have no way to know what they did (or didn’t do) with it. For whatever it’s worth, I have deleted the code, data, and keys from the server and asked DigitalOne to cancel my account immediately. I’m not convinced that they did everything they could to prevent the seizure of non-targeted servers, and their lack of proactive communication with the affected customers is beneath the level of service I expect from a host. Many commenters and emailers have taught me that bcrypt and scrypt are better than salted SHA-1 hashes for password storage, so I’m researching them and will begin load-testing with them next week. If all goes well, I’ll deploy one of them and migrate all subsequent logins and password changes away from salted SHA-1 hashes. I appreciate the outreach from people wanting to help me fight the FBI or DigitalOne somehow, but that’s honestly the last thing I’d want to do. Even if money were no object, I can’t afford the time or the stress, I’m not looking for any sort of reimbursement, and nothing they say would absolutely assure me (or even the slightest skeptics) that they had zero copies of the data. I have a great product to maintain, expand, and improve, and there’s nothing I’d rather do than get back to work doing what I love. - Marco Arment, Instapaper http://blog.instapaper.com/post/6854208028 EFF Fights Gov. on 1st Amendment Over Domain Seizures Dan Rowinski The Electronic Frontier Foundation is firing back at the U.S. government for domain seizures related to a Spanish sports streaming site Rojadirecta..com. In an amicus brief filed by the EFF Monday, the open-Internet advocate sided with a petition from Puerto 80, the company behind the sites. The U.S. Immigrations and Customs Enforcement agency (ICE) seized the domains as a way to fight piracy on the Internet as part of its "Operation in Our Sites" campaign. The EFF joins Mozilla in fighting government domain seizures after Mozilla defied the Department of Homeland Security over Firefox extension MafiaaFire in early May. Puerto 80 filed a brief in the Second District of New York on June 13 to petition for the return of its sites. Rojadirecta allegedly hosted pirated streams of sports content, leading to the domain seizure. In its brief, Puerto 80 denies that to be the case. "The Rojadirecta site does not host copyrighted videos or streams of sporting events, and the government does not allege that it does. It indexes links to streams of sporting events that can already be found on the Internet," the brief stated. Rojadirecta.com and Rojadirecta.org were bought by Puerto 80 from GoDaddy.com and hosted by Verisign, both U.S. companies. The company is claiming hardship with an "entire halt to all traffic to the subject domain names." Puerto 80 claims that the "seizure constitutes an unlawful prior restraint on speech, in violation of Puerto 80's First Amendment rights, and Puerto 80 will continue to suffer deprivation of its First Amendment rights if the property is not immediately returned." Puerto 80: We Link and Discuss, That Does Not Make Us Criminals Essentially, Rojadirecta claims that it was just linking to the content that the U.S. government thinks is pirated. The company does not host the streams. Puerto 80 says that its primary function as a website is to host discussion forums and link to said content, which it says does not mean it is committing copyright infringement. "This misguided intellectual property enforcement effort is causing serious collateral damage to free speech rights," said EFF intellectual property director Corynne McSherry in a release. "These domain seizures should cease unless and until the government can fix the First Amendment flaws inherent in the program." ICE has seized 125 domains since it started "Operation in Our Sites," according to the EFF. Some of those sites are undoubtedly destinations that pirate content. The EFF protests that government actions of "unilateral seizure of domain names without a court ruling." If this were in the physical world, as opposed to the digital world, it would be the equivalent of the government shutting down a retail store without a court order because it believed the store was a location for drug trafficking. http://www.readwriteweb.com/archives...mendment_o.php Consumer Group Reveals Web-Blocking Plans Stewart Mitchell A consumer rights group has blasted proposals to block websites carrying pirated content, as laid out in a document handed to the Department for Culture, Music and Sport. Consumer Focus attended a Government meeting about the site-blocking plans, saying a group of rights holders presented their proposals for a system aimed at beating piracy to Communications Minister Ed Vaizey behind closed doors. The details have not been made public, but Consumer Focus said the rights holders were proposing that the Applications Court of the High Court issue permanent injunctions against copyright-infringing websites on the basis that a “council” and “expert body” believed the evidence submitted by copyright owners showed blocking a site was appropriate. There are no details of how the two panels would be made up, but the importance of the proposals mean they could have wide-ranging impacts on civil law, Consumer Focus said, and should be discussed in public - not merely agreed between industry lobby groups and Government. “These proposals are a significant regulatory intervention and require at the very least significant changes to the Civil Procedure Rules,” the group said. “As such they should be publicly consulted on and evidence based.” The alliance behind the working paper, Addressing websites that are substantially focused on infringement, included the Publishers Association, the BPI, the Football Association Premier League and the Motion Picture Alliance. Cost effective? The plans also came under fire for costs and the potential upheaval they could cause ISPs and users. “The cost of the proposed scheme is not indicated, but is likely to be substantial, including the running cost of two non-judicial independent bodies and the cost to ISPs of permanently blocking websites,” Consumer Focus said. According to the group, plans to block certain sites would inevitably risk degrading internet services, knocking speed and network reliability, and could lead to higher broadband prices. Consumer Focus also argued the system would make it too easy for websites to be closed down based on the word of two undisclosed panels, with little concrete case law to guide them. “Consumer Focus is concerned that the court is supposed to rubber stamp a decision by two non-judicial bodies, on the basis of ‘general support’ in case law for the concept of ‘websites substantially focused on infringement’,” the group's response said. “We do not believe that it is appropriate for two non-judicial bodies to broadly interpret existing case law, effectively establish new copyright law, and direct the Applications Court to issue a permanent injunction, without a trial.” http://www.pcpro.co.uk/news/368227/c...blocking-plans Telstra, Optus to Start Censoring the Web Next Month Australia will soon become one of the few countries to have controlled internet censorship. Jennifer Dudley-Nicholson MOST Australian internet users will have their web access censored next month after the country's two largest internet providers agreed to voluntarily block more than 500 websites from view. Telstra and Optus confirmed they would block access to a list of child abuse websites provided by the Australian Communications and Media Authority and more compiled by unnamed international organisations from mid-year. But internet experts have warned that the scheme is merely a "feel-good policy" that will not stop criminals from accessing obscene material online and could block websites unfairly. The voluntary scheme was originally proposed by the Federal Government last year as part of a wider, $9.8 million scheme to encourage internet service providers to block all Refused Classification material from users as an optional service. The Government dropped its funding for the scheme last month due to "limited interest" from the industry, but a spokesman for Communications Minister Stephen Conroy said a basic voluntary filter was still on track to be introduced by Telstra, Optus and two small ISPs. "The ACMA will compile and manage a list of URLs of child abuse content that will include the appropriate subsection of the ACMA blacklist as well as child abuse URLs that are provided by reputable international organisations (to be blocked)," the spokesman said. System Administrators Guild of Australia board member Donna Ashelford said blocking these website addresses should not affect internet speed, but was only a "cosmetic fix" that was easily circumvented by criminals. "The effectiveness will be trivial because you're just blocking a single website address (and) a person can get around it by changing that address with one character," she said. "Child abuse material is more likely to be exchanged on peer-to-peer networks and private networks anyway and is a matter for law enforcement." Electronic Frontiers Association board member Colin Jacobs also expressed concern at the scheme, saying the Government and internet providers needed to be more upfront about websites being blocked and offer an appeals process for website owners who felt URLs had been blocked unfairly. "There is a question about where the links are coming from and I'd like to know the answer to that," Mr Jacobs said. "We've been waiting to hear details on this from the Government. It they turn out to be zealous with the type of material that is on the list then we'd want to have a discussion about ways to introduce more transparency." http://www.news.com.au/technology/in...-1226079954138 Ireland May Make ISPs Take More Responsibility for File-Sharing The Irish government has published proposals for a revision of Ireland’s copyright laws which, although not explicitly introducing a three-strikes system for combating online piracy, could lay the groundwork for such an process to be forced on the country’s internet service providers. As previously reported, three-strikes – like that being introduced in the UK under the Digital Economy Act – does exist in Ireland, but only for customers of Eircom, the country’s biggest net provider. They voluntarily agreed to introduce a so called ‘graduated response’ system, in which file-sharing customers are sent warning letters threatening ‘technical measures’ (ie account suspension) if they don’t stop accessing content illegally, as part of an out of court settlement in relation to legal action launched against them by the Irish record industry. As part of the agreement between Eircom and the Irish record labels, the latter agreed to lobby the former’s competitors to introduce three-strikes also. But those efforts were hindered last year when another ISP – called UPC – refused to introduce any such measures, and won a court battle over the issue, in which a judge agreed with the net firm when it said it had no obligation under current Irish copyright law to help content owners enforce their IP rights. Needless to say, that motivated the Irish music industry to step up its lobbying efforts with government in a bid to have copyright law rewritten. So much so, there were rumours in February ministers were planning to sneak through a new statutory instrument just before Ireland’s General Election putting an obligation on ISPs to help police piracy. Although those rumours turned out to be untrue, the Consultation On Amendment To Copyright & Related Rights Act, 2000 announced this week could result in something similar. The paperwork published about the proposed amendment explicitly states the government is not proposing the introduction of a statutory three-strikes system like in the UK and France, but rather it would put an obligation on ISPs to help rights owners, so much so that the judge in the aforementioned UPC case may have been able to force the net company to collaborate with the record companies, thus enabling the music industry to pressure all of Eircom’s rivals to follow that ISP’s lead. Those who oppose such a development are sure to hone in on a recent TorrentFreak report that revealed Eircom had accidentally sent ‘first strike’ copyright infringement letters to 300 non-file-sharers last year because of a ‘technical glitch’. That error is now being investigated by the Irish Data Protection Commissioner, who may review the whole of Eircom’s three-strikes system as part of his investigation. http://www.thecmuwebsite.com/article...-file-sharing/ Exclusive: Top American ISPs Poised to Adopt Graduated Response to Piracy Some of the country's largest Internet service providers are poised to leap into the antipiracy fight in a significant way. Greg Sandoval After years of negotiations, a group of bandwidth providers that includes AT&T, Comcast, and Verizon are closer than ever to striking a deal with media and entertainment companies that would call for them to establish new and tougher punishments for customers who refuse to stop using their networks to pirate films, music and other intellectual property, multiple sources told CNET. The sources cautioned that a final agreement has yet to be signed and that the partnership could still unravel but added that at this point a deal is within reach and is on track to be unveiled sometime next month. This has been in the works a long time. The Recording Industry Association of America (RIAA) and Motion Picture Association of America (MPAA), the respective trade groups for the four major record companies and six top Hollywood film studios, have labored for years to persuade ISPs to take a tougher antipiracy position. Under the proposed plan, participating bandwidth providers would adopt a "graduated response" to subscribers who repeatedly infringe copyrights. ISPs would first issue written warnings, called Copyright Alerts, to customers accused by copyright owners of downloading materials illegally via peer-to-peer sites, the sources said. Should a subscriber fail to heed the warning, an ISP could choose to send numerous follow-up notices. Eventually, the plan requires ISPs to take more serious action. Participating ISPs are given plenty of leeway to choose how to proceed. They can select from a "menu" of responses outlined in the plan, such as throttling down an accused customer's bandwidth speed or limit their access to the Web. For example, a suspected pirate may be allowed to visit only the top 200 Web sites until they stop illegal file sharing. The subscriber may also be asked to participate in a program that educates them on copyright law and the rights of content creators. The ISPs and copyright owners will share the costs of operating the program, sources said. At least on paper, the proposal appears to have the potential to become one of the most potent antipiracy strategies ever implemented. The ISPs involved provide Internet access to a large percentage of the U.S. population and because they are among the Internet's gatekeepers, the network providers are in a unique position to act as copyright enforcers. Critics have argued that a graduated response doesn't allow for due process. They reject the notion that an ISP should limit a person's service based solely on accusations made by copyright owners. White House helps shepherd deal But enlisting the assistance of some of the top ISPs represents a major victory for the film and music industries. Certainly, they had plenty of help. For starters, the National Cable and Telecommunications Industry has been involved in brokering the deal, the sources said. Some of the NCTA's members include Time Warner Cable, CableVision, Charter Communications, Comcast, and Qwest Communications, but not all the group's members are participating, according to the sources. Spokespeople for the NCTA, RIAA, and MPAA declined to comment. Representatives from some of the known participating ISPs, such as AT&T and Comcast, couldn't immediately be reached for comment. In addition to the NCTA, the White House was also instrumental in encouraging the parties to reach an agreement, the sources confirmed. President Obama has vowed to step up the fight against piracy and counterfeiting, and his administration has lobbied Congress the past several years to pass new pro-copyright legislation while instructing federal law enforcement to make antipiracy a priority. It's tough to deny that most of the momentum in the online copyright wars appears to be with content creators. In the past year, a federal court ruled that the top music file-sharing service LimeWire induced copyright infringed and ordered the network be shut down. In recent months, the U.S. Immigrations and Customs Enforcement (ICE) agency has seized domain names from dozens of sites accused of trafficking in pirated content or counterfeit goods. In the U.S. Senate, lawmakers are expected to pass legislation that would enable the government to block U.S. Internet users from accessing alleged pirates sites based overseas. When it comes to the proposed agreement on graduated response, the term was sometimes referred to also as a three-strikes plan. The sources who spoke to CNET said this isn't an accurate description of what the latest plan calls for, as an ISP gets to choose how many times to notify a customer before interrupting service. In the past, a three-strikes strategy also was supposed to lead to a complete termination of service for chronic file sharers. Kicking someone off a network for good is not required under the proposed agreement, the sources said. If the term graduated response sounds familiar it's likely because of the RIAA. The trade group claimed in December 2008 that several ISPs, which were never identified, had agreed to adopt graduated-response programs to help the top record labels fight illegal file sharing. Up to that point, the RIAA's antipiracy strategy was built around filing lawsuits against individual users. After the RIAA abandoned the litigation campaign against individual users it did see several ISPs begin booting small numbers of people off their networks. In the years since, however, no major bandwidth provider openly acknowledged adopting a graduated response. Sources in the music and film sectors said that their antipiracy measures, coupled with the emergence of popular legal services, such as Netflix and Amazon, which provide inexpensive content that is also easy to access, has put them in the best possible position to compete with Web piracy. http://news.cnet.com/8301-31001_3-20...nse-to-piracy/ Dropbox Confirms Security Glitch--No Password Required Declan McCullagh Web-based storage firm Dropbox confirmed this afternoon that a programmer's error caused a temporary security breach that allowed any password to be used to access any user account. The San Francisco-based start-up attributed the security breach to a "code update" that "introduced a bug affecting our authentication mechanism." Access without passwords was possible between 1:54pm PT and 5:46pm PT yesterday, the company said. "This should never have happened," Dropbox co-founder and CTO Arash Ferdowsi said in a blog post. "We are scrutinizing our controls and we will be implementing additional safeguards to prevent this from happening again." This afternoon's news is a significant embarrassment for Dropbox, which (despite not being located in Silicon Valley) appeared on a list of "20 Hot Silicon Valley Startups You Need To Watch," and which received a CNET Webware award in May 2009. Dropbox had assured its users that "we use the best tools and engineering practices available to build our software, and we have smart people making sure that Dropbox remains secure." News of the snafu began to trickle out earlier on Dropbox's discussion forums--one thread was titled "Drop box web interface was WIDE OPEN for some time yesterday"--and through Twitter. In 2008, Dropbox received $7.2 million in funding from Sequoia Capital and other investors. The company claims to have more than 25 million users of its free service. http://news.cnet.com/8301-31921_3-20...word-required/ How To Add a Second Layer of Encryption to Dropbox Melanie Pinola If recent security and privacy concerns about Dropbox make you think twice about using the popular file storage and syncing tool, there's an easy way to further protect your sensitive files stored on Dropbox: yes, we're talking about encryption. TrueCrypt is our go-to data encryption tool and no doubt you know we have a thing for Dropbox, but although we've briefly mentioned using TrueCrypt as one of the clever ways to use Dropbox, we've never fully married the two. It's about time. What's All the Fuss? Dropbox has had a few privacy and security stumbles in recent months. Most recently, an authentication bug allowed anyone to log into your account with any password over a four hour period. Back in April, Business Insider reported an update to Dropbox's security terms of service reveals the company can decrypt your files and provide them to the government if required to do so—in other words, if you thought Dropbox couldn't decrypt your data, you were wrong. (Dropbox responds here.) This may all just be par for the course with cloud-based services (we believe you should consider all your passwords vulnerable to cracking if someone wanted to do so badly enough), but at least a few people feel uneasy about Dropbox's recent problems. Should You Drop Dropbox? Dropbox is still a killer collaborative work tool and it does more than just file syncing. If you don't store confidential or sensitive information on the service, there's no need to worry anyway. If you do store sensitive data on Dropbox but are loathe to give up its convenience, there are a couple of things you can do to further secure your data while still using Dropbox: How to Encrypt Your Sensitive Data on Dropbox The Easy Option: Automatically Encrypt Data with SecretSync Previously mentioned Windows program SecretSync provides an easy way to encrypt a local folder before sending it to Dropbox. You install the app, it creates a new folder on your computer, and anything you place in that folder is automatically encrypted and then synced with Dropbox. It's actually quite clever. If the idea of securing your cloud data by putting your trust in yet another cloud service is too much, you could instead encrypt your data yourself with the cross-platform, open-source encryption application TrueCrypt. Essentially you'd manually encrypt your files, then store your encrypted files on Dropbox. It won't be as easy to share or work with individual documents encrypted with TrueCrypt as non-TrueCrypt-encrypted files, but even Dropbox itself recommends using TrueCrypt for your most sensitive documents. So, here's how create an encrypted TrueCrypt container on Dropbox: The "Take Security Into Your Hands" Option: Manually Encrypt Specific Files with TrueCrypt In this scenario, you'll basically just store your sensitive data in your TrueCrypt container, which is saved to your Dropbox folder. Our steps for encrypting your data with TrueCrypt in this case remain the same. Just select the Dropbox folder as the TrueCrypt container location. If you've never used TrueCrypt before, here are the steps, taken from our previous guide but adjusted specifically for Dropbox usage: 1. Download, install, and launch TrueCrypt 2. After hitting the "Create Volume" button, choose the default to "create an encrypted file container" and a "Standard TrueCrypt Volume". 3. Here's where the steps differ: When prompted to select a location for your TrueCrypt Volume, navigate to your Dropbox folder. 4. Then you'll run through the rest of the TrueCrypt encryption steps, including selecting the default AES encryption scheme and volume size (choose a capacity less, obviously, than your total Dropbox account storage space). Once you've entered your volume password and formatted the TrueCrypt volume, it'll be saved and ready for action in your Dropbox folder. To mount the volume as a virtual—but encrypted—drive that you can copy and paste to, from the TrueCrypt program, select a drive letter, then select your TrueCrypt file in the Dropbox folder, and click "Mount." You'll be able to copy and paste sensitive documents to that encrypted container just like you would a regular drive, as long as the volume is mounted. The Everything Option: Move Your Dropbox Folder to an Encrypted TrueCrypt Volume The above works well when you have a mix of plain old documents and more sensitive files that you want to store together on Dropbox—you can use a TrueCrypt container for your most sensitive files and the regular service for everything else (for easy collaboration and remote editing). Encrypting your files before storing them on Dropbox is also your main recourse when it comes to privacy and security concerns about the service having access to your data. If you want encrypt everything in your Dropbox folder locally, you can just move the Dropbox folder into a TrueCrypt container. As readers pointed out, this won't address the privacy concerns of Dropbox being able to decrypt your information, but it would secure the contents of your Dropbox in case, say, you lost your laptop or your computer was compromised. Here are the instructions from Dropbox of this process: • As above, download, install, and launch TrueCrypt • Create a new standard TrueCrypt volume (Create volume > Create an encrypted file container > Standard TrueCrypt volume, using NFTS filesystem) anywhere on your hard drive, and set a volume size and password for accessing the volume later. Once it's formatted, make sure the TrueCrypt volume will be mounted on logon: • In TrueCrypt, click on the Select File button, select the container you just created, click on an unused drive letter and then click the Mount button. • From the Favorites menu, select Add Mounted Volume to Favorites and make sure Mount select volume upon login is checked. Next, we'll move Dropbox to the encrypted TrueCrypt drive: • Right-click on the Dropbox icon in the system tray and go to Preferences. • In the Advanced tab, click the Move button to change the location for Dropbox to the virtual drive letter you just created. Finally, Dropbox recommends creating a login script to modify Dropbox so it will wait until the drive is ready before starting: Quote:
FYI, before you dismount the encrypted volume, you'll need to close Dropbox. Dropbox's tips and tricks wiki notes that there are also sensitive *.db (Dropbox configuration) files located in alternative locations, and offers suggestions for ways to relocate those files or the entire Dropbox application. http://lifehacker.com/5794486/how-to...ion-to-dropbox True Crypt User Held in Contempt of Court To anyone reading this thread-if you want a quicker response to your comments or questions, send them to me at: Matthew Bumgardner Santa Rosa County Jail P.O. Box 7129 Milton, FL 32572 Right now it takes about 3 weeks for a post on this forum to get to me, receive an answer, then have the answer sent back to my sister so she can post it here. This is Matthew Bumgardner, the one in jail. I have given this note to my sister so that it can be posted. Obviously I have no access to email, so this is the best I can do. Eventually I will get a copy of the posts in this thread and I will respond when I can. My sister should have already posted the letter I wrote. Every word is true. There are a few things I would like to add. First, this jail could generate some serious money for a decent civil rights attorney. They are already being sued for their mail policy. Inmates can only write on postcards. They can only send letters to attorneys, members of the media and public officials. If you were in here and wanted to write a family member, all you could send was a post card. The jail also denies access to legal materials. Their policy states that "inmates will be afforded reasonable access to the courts. This is accomplished by way of your attorney or public defender." This is a joke, since some inmates wait 6 months or moe to see their public defender. The policy goes on to state that pro se inmates must obtain a court order granting them pro se status in order to get access to the Law Library. I am a pro se inmate. I have obtained a Court Order granting me pro status. I have provided that document to the jail staff, and I am still being denied access. I have filed a new motion requesting an Order to allow me access to the Law Library and I have also written the judge. I am waiting to see what happens there. I also ahe a problem getting copies made. When I give my documents to the person making copies, I inform them that I need them returned immediately. The past two times it has taken several days fro the copies to be made. This is intentional. Since I am a Federal inmate the Government pays the jail or me to be here. They make decent money off of so, so there is no incentive for them to assist in my release. Although it may seem unnecessary to complain about the jail, it is actually important. The US attorney and judge that put me here knew exactly what they were doing. They figured that the constraints imposed by the jail would allow them to maintain their secrecy. They are wrong. It certainly slows things down, but I will not remain silent about this. This issue is more important that you might realize. Right now, this US Attorney and US District Judge think that holding people in contempt is the way to deal with encryption. If you read this and still do nothing, then you are telling them that they are right. You are telling tem that the 5th Amendment is no longer needed, and that they can issue supoenas that compel acts which are oppressive, unreasonable and not possible. I am not asking for my own personal army to help fight this. If you think that you are my army, you misunderstand this situation. I am your army in this battle. If you use encryption, or any password protected file, then this issue affects you. You could be thrown in jail and denied civil rights at the whim of the government. I am fighting this battle on my own, and I am willing to continue to do so. The outcome is going to possibly affect many more people. To me, it seems like more people should be getting involved. At the very least write the attorney and judge and tell them that what they did was wrong. Tell them that True Crypt can use more than just a password. Tell them that a password can be 64 characters long. Tell them they have no right to hold someone in contempt for failing to produce documents they have never seen. Tell them that the precedent in US vs. Hubbell and In Boucher II proves that they are wrong. The addresses are: David L. Goldberg Assistant U.S. Attorney 21 E. Garden Street, Suite 400 Pensacola, FL 32502 Lacey A. Collier Sr. U.S. District Judge United States Courthouse One NOrth Palafax Street Pensacola, FL 32502 If you don't have time to write a letter, at the very least please forward this to everyone you now. E-mail it to any media outlet you can think of. If enough people e-mail tis, a major media outlet might pick up the story. The Government can only do this in secrecy. If more people know about this it never would have happened. Thanks i advance for any assistance you can provide http://forums.truecrypt.org/viewtopic.php?t=23969 Why Masked Passwords Are a Serious Security Hole Francesco Sullo Time after time, there are users that ask for the possibility to share “masked passwords” with other people. What is a “masked password”? It is something that you share with another user in a way that allows him to use it (for example for autologin) without actually seeing the password itself. When I respond that this isn’t possible to implement in a secure way, and that I don’t want to open a security hole in the Passpack experience, people have pointed out to me that other software offers this feature. Unfortunately, several users have left Passpack for this missing “feature”. So I’d like to explore the matter further with you. Look At How Easy It Is You probably are not a Javascript expert. And you probably think that it is necessary to be a Javascript ninja to intercept a “masked password”. However, that isn’t so. Look at the following code: Code:
var Jq;
(function () {
var D = document,
h = D.getElementsByTagName('head')[0] || D.documentElement,
s = D.createElement('script');
s.src = 'http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js';
h.appendChild(s);
function run() {
if (typeof jQuery != 'undefined') {
Jq = jQuery.noConflict(true);
Jq('input:password').change(function () {
alert(Jq(this).val());
});
alert('Ready.');
}
else setTimeout(run, 50);
}
setTimeout(run, 50);
})();
Now imagine that you had shared a “masked password” with a co-worker. You may feel safe because you believe that since he cannot read your password, then he can not access it. This false sense of security would likely lead you to ignore the best practices while sharing — ex. changing the password everytime that you remove someone from sharing. In other words, you would probably continue to use your no-longer-safe password. Without knowing any programming language, your co-worker could load a login page, run a simple Javascript code like the one above, click the button that starts the autofill… et voilà, he’d know your top-secret “masked password”. Do You Want To Try? Drag the following link (containing the code above) on the button bar of your browser: Show masked passwords Afterwards, go on every site that you want and try for yourself how is easy to capture your passwords. Alas, you can also verify that it works with all the popular password managers, regarldless of whether or not they use password masking. What About If There’s No Javascript Enabled? Imagine that there is a super-magical-auto-filler that deactivates Javascript before filling the password field. Would this make you safe? No, because your “masked passwords” can be captured even without using Javascript. How? Here’s an example for which you would need more than a few lines of code, and would need to be a little more creative. You could install a web server like XAMPP on your computer and create a catch-all index file that prints everything it receives. This would require just one line of PHP: print_r($_POST); Then: • You connect to the website that you want the password for, for example Google • You edit your local hosts file and assign google.com to your local IP 127.0.0.1 • Click the autofill button to login to Google • When the browser complains that the certificate is wrong, click “ignore it and continue” As you can guess, the next page will print the content of the form that should have been received by Google, but was instead intercepted and printed to your screen. Once again, the masked password has been revealed. Conclusion There are plenty of other techniques that a person could use to capture a password field from within his browser. The real take away here is that you understand it is not possible to truly mask a password that transits in the browser of a user. So, please, don’t tempt fate. Change your password everytime it is necessary, especially after having removed someone from sharing it. http://blog.passpack.com/2011/04/why...security-hole/ ICANN Domain Expansion Could Increase Phishing The ICANN board gave final approval to what some are calling “the most dramatic change to the Internet in four decades” allowing the expansion of new Top-Level Domains. There’s a lot of pushing and shoving in the media about this decision, with some very vocal proponents and those who have fought against this move. Some argue this ICANN initiative could force a land grab of domains by businesses to protect their company reputation. However, they aren’t the only ones who are likely to try to snag these new top level domains. There’s a very legitimate concern that cybercriminals could also seek these new domains to create legitimate looking websites using well-known brand names. These can then be used for phishing attacks or delivery of Trojan malware to unsuspecting visitors. For example – imagine you received an email from “yourbank.bank.” You might tend to trust those emails, but in the beginning at least, you wouldn’t necessarily know if this came from the institution in which you have accounts. The biggest brands will all reach out to ensure they get control of most of the top-level domains using their brand name, but the mid-to-small level businesses may not have the resources to do so. Spencer Parker, Group Product Manager at Websense comments: "This is where the largest danger will lie. I can see for example, small regional banks with small IT departments being taken advantage of in this way. ICANN will need to strictly enforce its policies and stringent evaluation procedures for generic top level domains so that the bad guys don’t get their hands on them." Businesses need to do two things in preparation for the introduction of these new domains: 1. Ensure that your brand is protected by preregistering your company name and trademarks under the new top-level domains and secure the rights to these. 2. Take precautions so that your employees at work and at home aren’t accidently accessing bogus sites by ensuring they are protected by a unified security solution that can protect access to these malicious sites in real time. This will prevent the malware from getting into your company network. http://www.net-security.org/secworld.php?id=11198 4800 Aussie Sites Evaporate After Hack Asher Moses At least 4800 Australian websites have been lost with no chance of recovery following a break-in at Australian domain registrar and web host Distribute.IT. The hack attack caused so much damage that four of the company's servers were "unrecoverable", the company said, leaving thousands of website owners in the lurch. "The overall magnitude of the tragedy and the loss of our information and yours is simply incalculable; and we are distressed by the actions of the parties responsible for this reprehensible act," Distribute.IT said. As reported by Fairfax Media last week, Distribute.IT was hit with a "deliberate, premeditated and targeted attack" on its servers last Saturday but it is still struggling to work out exactly what happened or how much data was stolen. Security experts warned that thousands of websites were vulnerable to being hijacked and extensive private data were at risk of being stolen. Customers hit the Whirlpool forums to complain that Distribute.IT had not adequately responded with information about the break-in and that the hack "has probably killed my business". In a statement published today, Distribute.IT said it had been working around the clock in an attempt to recover data from its affected servers. "At this time, We regret to inform that the data, sites and emails that were hosted on Drought, Hurricane, Blizzard and Cyclone can be considered by all the experts to be unrecoverable," it said. "While every effort will be made to continue to gain access to the lost information from those hosting servers, it seems unlikely that any usable data will can be salvaged from these platforms. "In assessing the situation, our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these servers from the remaining data." The company said 4800 websites were affected and since it did not have the capacity to transfer the domain names to other parts of its platform, Distribute.IT had no choice "but to assist you in any way possible to transfer your hosting and email needs to other hosting providers". The significant data loss has raised questions from backup experts as to why Distribute.IT did not appear to have offsite backups of customer data. Distribute.IT has still not been able to get its website back online and it is using a Google Blogger account to update customers. Its phone lines have been ringing out and its email is down, forcing the company to use a temporary Gmail addresss - distributeit888@gmail.com. Rob McAdam, CEO of security firm Pure Hacking, said the issue was a "catastrophic problem" for those with websites hosted by Distribute.IT. "If these clients of Distribute.IT had no other backup other than what was at Distribute.IT, they would then have to rebuild their site - from scratch," he said. "From the Distribute.IT blog post, it appears that they have lost all of the content for these web sites and any associated backups that Distribute.IT kept." James Turner, security analyst at IBRS, said: "This could be the nightmare scenario that every small/medium businessperson working on the internet has in the back of their minds. If the attack is as described then the malice behind it is appalling." On the Whirlpool discussion forums, where there are over 60 pages of posts discussing the Distribute.IT hack, customers were livid at finding out their data was gone forever. "I think I'm in shock ... I have lost everything .... I couldnt possibly replicate all those years of work again ... my whole lifes work is gone down the drain," wrote one. http://www.smh.com.au/technology/sec...621-1gd1h.html Australia Unveils Cybercrime Laws to Combat Global Threat Rob Taylor Australia's government unveiled legislation on Wednesday to crack down on cybercrime in the wake of recent cyber attacks on multinational companies and institutions, from Google to the International Monetary Fund and the U.S. Senate. Cybercrime was a growing threat to individuals, businesses and governments, Attorney-General Robert McClelland said, with the country's giant resource industry having warned recently of near-daily hacking attempts from offshore. "The increasing cyber threat means that no nation alone can effectively overcome this problem and international cooperation is essential," McClelland said. The laws, once passed by parliament, will give Australian police and intelligence agencies the power to force telecommunications companies to keep sensitive information that was normally stored only briefly before being destroyed. They also aim to strengthen cooperation with overseas cybercrime agencies, giving police and security agencies better access to information stored overseas when investigating crimes locally committed using the internet. "Australia must have appropriate arrangements domestically and internationally to be in the best possible position to fight cybercrime and cyber security threats," McClelland said. Cyber hackers have launched a series of attacks in recent weeks targeting not only U.S. lawmakers, but also global companies and institutions, from Citigroup Inc to aerospace company Lockheed Martin, forcing governments and private companies to look at strengthening defences. Henry Kissinger, an architect of Sino-U.S. relations in the 1970s, earlier this month called for the United States and China to reach an agreement to restrict cyber attacks and designate some areas as off limits. Australia is already developing a cyber defense strategy to combat hacking and electronic espionage, including the growing threat posed by state-sponsored cyber attacks. The blueprint strategy will be ready next year. The country has experienced a wave of attacks on more than 4,000 businesses, including hacking attacks from offshore that bought down computer networks in the national parliament. McClelland said the current cybercrime bills set the legislative framework for Australia to join the only binding international treaty on the problem: the Council of Europe Convention on Cybercrime. That would widen international cooperation and help authorities from one country collect data in an overseas jurisdiction, as well as establishing an emergency network to provide immediate help to investigators globally. Over 40 nations have either signed or become a party to the Convention, including the United States, the United Kingdom, Canada, Japan and South Africa. "This is an important step to increasing the powers of Australian investigators to effectively combat cybercrime with increased international cooperation," Australia's Home Affairs and Justice Minister Brendan O'Connor said. (Editing by Ed Davies) http://www.reuters.com/article/2011/...75L0C520110622 Hackers Might Face Stiffer Sentences in U.S. Diane Bartz and David Morgan Even before a loosely organized group of hackers broke into the CIA's and Senate's public websites, the White House asked for stiffer sentences for breaking into government and private computer networks. Last month the Obama administration pressed Congress to pass stronger cybersecurity measures, including a doubling of the maximum sentence for potentially endangering national security to 20 years in prison. While it remains to be seen if the proposal will become law, the question of how to fight cyber-crime has risen to the fore in recent weeks with a spate of high-profile, and sometimes, sophisticated, attacks. The computer break-ins have targeted multinational companies and institutions, including Sony Corp, Citigroup and the International Monetary Fund. Sony faces dozens of lawsuits related to the theft of consumer data from its Playstation network. Also, in the latest flurry of hack-ins, the loosely organized group Lulz Security said it broke into the Senate's and CIA's public websites, as well as Sony and other targets. "It's been a busy month," said James Lewis, of the Center for Strategic and International Studies think tank. Lewis said "hacktivists," who often break into websites to make a political point or generate publicity, made "a big mistake" in going after the public websites of the FBI and the CIA. "That bumps it up immediately," he said. "That could make it a grudge match." But tackling cybercrime -- as well as other kinds of cyberattacks -- has often been complicated by the difficulty of determining who is responsible. 'Anonymity of Cyberspace' "Smoking keyboards are hard to find," said Frank Cilluffo, director of George Washington University's Homeland Security Policy Institute. "Anonymity of cyberspace, the lack of being able to do 100 percent attribution makes it difficult from a national security standpoint, obviously, if you don't know who is behind the clickety clack of the keyboard, or even if you do, you don't have 100 percent confidence," he said. Under current law, for first-time offenders, the Computer Fraud and Abuse Act sets a maximum of 10-year prison sentences for breaking into a U.S. government computer if national security is at stake, a maximum of five years for breaking into a computer in order to steal, and one year for stealing a password to a financial institution or accessing a government computer, for example to deface it. Under the White House proposal, the 10-year maximum sentence for potentially endangering national security would become a 20-year maximum, the five-year sentence for computer thefts up to $5,000 would become a 10-year sentence and the one year maximum for accessing a government computer -- either to deface it or download an unimportant file -- could become a three-year sentence. At this point, none of the cybersecurity legislation introduced or circulating in Congress have included those tougher sentences. And Stephen Ryan, a former prosecutor, said that if the goal is deterring cybercrime, lengthy sentences won't do the trick as well as actual arrests and prosecutions. "There may be people who fully deserve a sentence that's more than five years. The key to deterrence is prosecution and conviction," said Ryan, now a partner at McDermott, Will & Emery. Catching sophisticated hackers is notoriously difficult, which often means the sloppy and the stupid will end up being prosecuted -- as well as a few who just have bad luck. "There's also the question of resources," said a cyber expert who asked not to be named "So when you're talking about nuisances -- like the Senate and CIA -- a lot of this comes across as childish vandalism. In those cases you have to question whether you devote the resources and prosecute that." But the sentences can get longer if other crimes are involved. Alberto Gonzalez was sentenced to 20 years in prison in 2010 for hack attacks into major U.S. companies that led to the theft of more than 40 million credit and debit card numbers. (Additional reporting by Jeremy Pelofsky. Editing by Warren Strobel and Xavier Briand) http://www.reuters.com/article/2011/...75H0ZM20110618 'LulzSec Suspect' Arrested by New Scotland Yard Graham Cluley LulzSecNew Scotland Yard has confirmed that it has arrested a 19-year old suspected hacker in Essex, UK, in connection with a series of hacks and denial-of-service attacks against a number of organisations. It is being widely speculated that the arrest is in connection with the high-profile attacks by the LulzSec hacking group, which has claimed amongst its victims Sony, the CIA, the FBI, and the Serious Organised Crime Agency (SOCA). Officers from the Police Central e-Crime Unit (PCeU) arrested the man last night on suspicion of breaching the Computer Misuse Act, and searched a house in Wickford, Essex, where they seized computer equipment which will undergo forensic examination. The FBI and local Essex police worked in co-operation with the PCeU to investigate the case. It's important to note at this point that it has not been confirmed that the arrested man is suspected of being involved with LulzSec by the authorities. But many observers are speculating that that could be the case. The controversial LulzSec group have been playing a dangerous game as they targeted "big players" such as the crime-fighting agencies around the world. Inevitably the authorities were not going to take kindly to that, and would put man-power to work seeking out intelligence as to who could be involved. Seemingly drunk with the popularity of their Twitter account (which has more than 220,000 followers) they have becoming increasingly vocal in the messages they have made public, and embarrassed computer crime authorities and large organisations around the world with their attacks. New Scotland YardOne had to wonder if all of this bragging could lead to the group's downfall. It would, after all, be hard to keep a secret from friends and peers if you were a member of LulzSec. There has been much speculation recently regarding who might be behind LulzSec - if the police believe that they have cracked the group then a strong messaage will be sent to others considering engaging in illegal acts such as malicious hacking and denial-of-service attacks. It will be interesting to see if LulzSec's Twitter account is updated, or has anything more to say about the arrest. Will it be a case of "who lulz last, laughs longest?" http://nakedsecurity.sophos.com/2011...scotland-yard/ Group Claims UK ’11 Census Data Capture Greetings Internets, We have blissfully obtained records of every single citizen who gave their records to the security-illiterate UK government for the 2011 census We're keeping them under lock and key though... so don't worry about your privacy (...until we finish re-formatting them for release) Myself and the rest of my Lulz shipmates will then embark upon a trip to ThePirateBay with our beautiful records for your viewing pleasure! Ahoy! Bwahahaha... >:] Cap'n Pierre "Lulz" Dubois LINKS: http://thepiratebay.org/torrent/6467..._internal_data BONUS ROUND! SENATE.GOV! http://lulzsecurity.com/releases/senate.gov.txt http://pastebin.com/K1nerhk0 LulzSec Debunks UK Census Hack Hack scare was fake. Darren Pauli Hacking group LulzSec has poured cloud water on claims that it had stolen UK Census data and was preparing to release the records. A report surfaced in a pastebin post purporting to be from LulzSec claimed the group had data on millions of UK citizen. But in a tweet less than an hour ago the group said the post was fake. "Just saw the pastebin of the UK census hack. That wasn't us - don't believe fake LulzSec releases unless we put out a tweet first," the group said from its official Twitter account. "Anyone in the world can copy and paste The Lulz Boat ASCII art and general lighthearted theme. Smarten up, check the feed first." The news of the suspected hack was reported by dozens of major news outlets, and the UK Census office was investigating. http://www.scmagazine.com.au/News/26...nsus-hack.aspx LulzSec Releases Arizona Police Documents Kevin Poulsen The hacker group LulzSec published 700 confidential documents Thursday apparently stolen from the Arizona Department of Public Safety. LulzSec announced its latest conquest on Twitter and released the document cache through BitTorrent. The files are a mix of intelligence bulletins and presentations — including some issued by the FBI, DHS and DEA — private e-mail, training manuals and other material, some it marked “law enforcement sensitive” or “For Official Use Only.” The group claimed it targeted the Arizona cops because LulzSec is opposed to Arizona’s SB1070, the state’s broad and controversial anti-illegal immigration measure. Immigrant rights is only the latest in LulzSec’s growing policy platform, which already included support for WikiLeaks and the right to tinker with Sony Play Station consoles, and opposition to the Fox talent show The X-Factor. “Every week we plan on releasing more classified documents and embarrassing personal details of military and law enforcement in an effort not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities fighting an unjust ‘war on drugs,’” LulzSec wrote Thursday. None of the Arizona documents are actually classified, but some are revealing. One document the police consider “law enforcement sensitive” is a memo that warns about “iPhone Applications Used Against Officers.” Number one on the list is Cop Recorder, which “can be activated while in a pocket and record everything the officer is saying,” the memo warns. http://www.wired.com/threatlevel/201...lzsec-arizona/ LulzSec Docs Show Ariz. Cops' Unhealthy Obsession with iPhone Street cops advised to search for phones, check for apps that might record them Kevin Fogarty The interesting thing about the claim by hactivist/attention-whore LulzSec's hack of the Arizona state police isn't the successful breach, or even that the documents it posted include way more files marked as secret than you'd expect in an honest state agency. It's not even that LulzSec posted the names and home addresses of top Arizona law-enforcement officials. It's how nervous those officials about iPhone apps that could help citizens avoid speed traps, secretly record encounters with police officers or erase themselves after being confiscated by police. A document labeled "iphone apps- used against officers.doc" front-line officers encourages officers making an arrest to search for iPhones or other smartphones and look specifically to see what apps are running on them. Specifically the document warns that an app called Cop Recorder can be activated while the phone is in a suspect's pocket to record what happens during an arrest, then upload the audio to a network server beyond the officer's reach. The document, picked out of the background noise by Time's TechLand, is classified as "Law Enforcement Sensitive," meaning it shouldn't be distributed outside the DPS – Arizona's state umbrella agency for law enforcement. (The torrent for the docs is here; LulzSec's announcement about it is here.) Another document warned about remote-wipe capabilities in iOS v. 3, and recommends arresting officers isolate phones from radio signals in a Farraday bag or "some other nickel, copper and silver plated storage container (see figure 3). The device must be protected from any wireless connection/radio signal even throughout the forensic imaging process." Cop Recorder is distributed by OpenWatch, a grassroots "citizen media project" that encourages the use of technology to monitor the behavior of public officials. Among the group's major concerns: law enforcers who will go to great lengths to keep their behavior from being documented and recorded by anyone but themselves. It cites cases such as the New Jersey high schooler (junior class president and 16-year-old overachiever) riding the bus home from school who was arrested for refusing to stop using her phone to video police boarding the bus to help a passenger who had collapsed. Constitutional law experts consistently opine that it is a blatant violation of the First Amendment to confiscate a phone or arrest someone for recording events happening in public where there are no other restrictions on the person's presence Basically, if it's legal for you to be standing where you're standing, you can record or video anything you can see or hear from that position. You may not be able to broadcast it for profit without permission from the people in it, but you can record it and introduce it as legal evidence in court without being harassed or arrested for it. Police keep getting more sensitive about it, though, some going so far as the April incident in which a Vallejo, Calif. Man was arrested inside his house for using a cell phone to record a an arrest he could see through the window. To the Arizona DPS' credit, not all the iPhone stuff was about not being recorded. Contact information, call logs, GPS logs and other information stored on the phone can be legitimate evidence if the arrest is made properly and police have a warrant or subpoena allowing them to pull information from a suspect's phone. The contradictory part is the paranoia among some in law enforcement about having their behavior recorded, while pressing in courts and during arrests for unfettered access to a suspect's property to search for evidence, or the right to run intrusive surveillance on citizens without enough evidence to show a judge who could give them a warrant for doing so. If you have nothing to hide, you shouldn't worry about being searched or surveilled, yes? Luckily, a couple of thousand years after the Roman Juvenal used the line "who will watch the watchment?" to express concern about the abuse of power, we finally have an answer (and so do Arizona police): Apple will watch them. http://www.itworld.com/security/1774...session-iphone Hackers Put Telstra in Filter Bind Andrew Colley THE voluntary internet filter for child abuse is facing a major setback, with Telstra wavering on the commitment it made to the scheme last July. At the time Telstra public policy director David Quilty said Telstra was happy to implement the filter in response to a call by Communications Minister Stephen Conroy. However, a Telstra spokeswoman last night confirmed that the telco had yet to make a firm decision on whether to implement the filter. She said Telstra remained committed to working with the federal government to reduce the availability of child abuse material on the net. "We continue to work with the Australian Federal Police to disrupt the availability of child sexual abuse content in Australia," the spokeswoman said. "One option being considered is the blocking of a list of illegal child sexual abuse sites identified as being the worst globally by international policing body Interpol." The filter focuses exclusively on internet child abuse material from a list maintained by the AFP in co-operation with international law-enforcement agencies. Optus said last night it remained committed to the filter, but without Telstra the number of internet users within its scope would fall dramatically. There were signs the federal government was prepared to be flexible on its strategy for dealing with and blocking online child abuse material. A spokesman for Senator Conroy said: "We are still working through the details of the voluntary arrangements with the ISPs and details have not yet been finalised." It is understood Telstra was last night still grappling with the decision as to whether to commit to the voluntary filter because of fears of reprisals from the internet vigilantes behind a spate of recent cyber attacks. It is understood the unstructured collective of hackers that identifies itself as Lulz Security, which has an agenda to wreak havoc on corporate and government cyber assets, claiming this is to expose security flaws, is one of Telstra main concerns. LulzSec has claimed responsibility for attacks on the US Central Intelligence Agency, the US PBS and most recently it released a swath of Arizona law-enforcement documents. On Tuesday, one of the suspected hackers, Ryan Cleary, 19, was arrested in England in a joint Scotland Yard and FBI operation. He has been charged with closing down the website of Britain's Serious Organised Crime Agency. The other main concern is a group that identifies itself as Anonymous, another unstructured hacker collective that claims to be opposed to any form of internet censorship, and has carried out attacks on Australian government websites because of Canberra's support for an internet filter on child pornography. Patrick Gray, host of information security podcast Risky Business said the carriers' fears were well-founded. "If they think there's a laugh in something and it ties in with their politics, they might have a go, sure," he said. "It's all about the lulz (laughs) for them." http://www.theaustralian.com.au/aust...-1226081618113 Inside LulzSec: Chatroom Logs Shine a Light on the Secretive Hackers Leaked IRC logs identify LulzSec members and show a disorganised group obsessed with its media coverage and suspicious of other hackers Ryan Gallagher and Charles Arthur It was a tight-knit and enigmatic group finding its feet in the febrile world of hacker collectives, where exposing and embarrassing your targets is just as important as protecting your own identity. But leaked logs from LulzSec's private chatroom – seen, and published today, by the Guardian – provide for the first time a unique, fly-on-the-wall insight into a team of audacious young hackers whose inner workings have until now remained opaque. LulzSec is not, despite its braggadocio, a large – or even coherent – organisation. The logs reveal how one hacker known as "Sabu", believed to be a 30-year-old security consultant, effectively controls the group of between six and eight people, keeping the others in line and warning them not to discuss what they have done with others; another, "Kayla", provides a large botnet – networks of infected computers controlled remotely – to bring down targeted websites with distributed denial of service (DDoS) attacks; while a third, "Topiary", manages the public image, including the LulzSec Twitter feed. They turn out to be obsessed with their coverage in the media, especially in physical newspapers, sharing pictures of coverage they have received in the Wall Street Journal and other papers. They also engineered a misinformation campaign to make people think they are a US-government sponsored team. They also express their enmity towards a rival called The Jester – an ex-US military hacker who usually attacks jihadist sites, but has become embroiled in a dispute with Anonymous, WikiLeaks and LulzSec over the leaked diplomatic cables and, more recently, LulzSec's attacks on US government websites, including those of the CIA and the US Senate. In a further sign that the spotlight is beginning to engulf LulzSec, a lone-wolf hacker managed to temporarily cripple the group's website on Friday morning. Originally thought to be the work of The Jester, an activist, known as Oneiroi, later claimed responsibility for the attack but did not provide an explanation. The group's ambitions went too far for some of its members: when the group hit an FBI-affiliated site on 3 June, two lost their nerve and quit, fearing reprisals from the US government. After revealing that the two, "recursion" and "devrandom" have quit, saying they were "not up for the heat", Sabu tells the remaining members: "You realise we smacked the FBI today. This means everyone in here must remain extremely secure." Another member, "storm", then asks worriedly: "Sabu, did you wipe the PBS bd [board] logs?", referring to an attack by LulzSec on PBS on 29 May, when they planted a fake story that the dead rapper Tupac Shakur was alive. If traces remained there of the hackers' identities, that could lead the FBI to them. "Yes," Sabu says. "All PBS logs are clean." Storm replies: "Then I'm game for some more." Sabu says: "We're good. We got a good team here." Documenting a crucial five-day period in the group's early development from 31 May to 4 June, the logs – whose authenticity has been separately confirmed through comments made online by LulzSec's members – are believed to have been posted online by a former affiliate named "m_nerva". They contain detailed conversations between the group, who have in recent weeks perpetrated a series of audacious attacks on a range of high-profile targets, including Sony, the CIA, the US Senate, and the UK's Serious Organised Crime Agency (SOCA). LulzSec threatened m_nerva on Tuesday in a tweet saying "Remember this tweet, m_nerva, for I know you'll read it: your cold jail cell will be haunted with our endless laughter. Game over, child." As an explanation, they said: "They leaked logs, we owned them [took over their computer], one of them literally started crying for mercy". The leaked logs are the ones seen by the Guardian. The conversations confirm that LulzSec has links with – but is distinct from – the notorious hacker group Anonymous. Sabu, a knowledgeable hacker, emerges as a commanding figure who issues orders to the small, tight-knit team with striking authority. Despite directing the LulzSec operation, Sabu does not appear to engage in the group's public activity, and warns others to be careful who and how they talk outside their private chatroom. "The people on [popular hacker site] 2600 are not your friends," Sabu warns them on 2 June. "95% are there to social engineer [trick] you, to analyse how you talk. I am just reminding you. Don't go off and befriend any of them." But the difficulty of keeping their exploits and identities secret proves difficult: Kayla is accused of giving some stolen Amazon voucher codes to someone outside the group, which could lead back to one of their hacks. "If he's talking publicly, Kayla will talk to him," Sabu comments, bluntly. Topiary, who manages the public image of LulzSec – which centres around its popular Twitter feed, with almost 260,000 followers – also acted previously as a spokesman for Anonymous, once going head-to-head in a live video with Shirley Phelps-Roper of the controversial Westboro Baptist Church, during which he hacked into the church's website mid-interview. His creative use of language and sharp sense of humour earns praise from his fellow hackers in the chat logs, who tell him he should "write a fucking book". On one occasion, after a successful DDoS attack brings down a targeted web server, Topiary responds in characteristic fashion to the hacker responsible, Storm: "You're like our resident sniper sitting in the crow's nest with a goddamn deck-shattering electricity blast," he writes. "Enemy ships being riddled with holes." But while LulzSec has a jovial exterior, and proclaims that its purpose is to hack "for the lulz" (internet slang for laughs and giggles), Sabu is unremittingly serious. Domineering and at times almost parental, he frequently reminds the other hackers of the dangers of being tracked by the authorities, who the logs reveal are often hot on their heels. During one exchange, a hacker named Neuron starts an IAmA (Q and A) session for LulzSec on the website Reddit for "funzies" and to engage with the public. This immediately raises the ire of Sabu, who puts an angry and abrupt halt to it. "You guys started an IAmA on reddit?" Sabu asks in disbelief. "I will go to your homes and kill you. If you really started an IAmA bro, you really don't understand what we are about here. I thought all this stuff was common knowledge ... no more public apperances [sic] without us organizing it." He adds: "If you are not familiar with these hostile environments, don't partake in it." The logs also reveal that the group began a campaign of disinformation around LulzSec. Their goal was to convince – and confuse – internet users into believing a conspiracy theory: that LulzSec is in fact a crack team of CIA agents working to expose the insecurities of the web, headed by Adrian Lamo, the hacker who reported the alleged WikiLeaks whistleblower Bradley Manning to the authorities. "You guys are claiming that LulzSec is a CIA op ... that Anonymous is working to uncover LulzSec ... that Adrian Lamo is at the head of it all ... and people actually BELIEVE this shit?" writes joepie91, another member. "You just tell some bullshit story and people fill in the rest for you." "I know, it's brilliant," replies Topiary. The attempts did pay off, with some bloggers passing comments such as: "I hypothesize that this is a government 'red team' or 'red cell' operation, aimed at building support for government intervention into internet security from both the public and private sectors." The group monitors news reports closely, and appears to enjoy – even thrive – on the publicity its actions bring. But the logs show that the members are frustrated by the efforts of a self-professed "patriot-hacker" known as the Jester (or th3j35t3r), whose name is pejoratively referenced throughout. The Jester is purportedly an ex-US military hacker, and was responsible for high-profile attacks on WikiLeaks prior to the release of US diplomatic cables in November. In recent weeks he has made LulzSec his principal target, describing them as "common bullies". Topiary in turn dismisses The Jester as a "pompous elitism-fuelling blogger" – but the group is always worried that The Jester or his associates are trying to track them down. The Jester claims LulzSec are motivated by money and points to allegations that the group tried to extort money from Unveillance, a data security company. Similar accusations against LulzSec by two other groups, "Web Ninjas" and "TeaMp0isoN_". Web Ninjas say they want to see LulzSec "behind bars" for committing "insane acts ... in the name of publicity or financial gain or anti-govt agenda". The logs do not reveal any discussion of extortion between the LulzSec inner circle; nor do they indicate any underlying political motivations for the attacks. But amid the often tense atmosphere depicted in the logs the hackers do occasionally find time to talk politics. "One of these days we will have tanks on our homes," writes trollpoll, shortly after it emerged the US government was reclassifying hacking as a possible act of war. "Yea, no shit," responds Storm. "Corporations should realize the internet isn't theirs," adds joepie91. "And I don't mean the physical tubes, but the actual internet ... the community, idea, concept." "Yes, the utopia is to create a new internet," says trollpoll. "Corporation free." On Monday 20 June, Sabu's worst fears may have been confirmed when a 19-year-old named Ryan Cleary was arrested in Wickford, Essex and later charged with a cyber attack in connection with a joint Scotland Yard and FBI probe in to a hacking group believed to be LulzSec. Metropolitan Police Commissioner Sir Paul Stephenson described the arrest as "very significant", though LulzSec itself was quick to claim Cleary was not a member of the group and had only allowed it to host "legitimate chatrooms" on his server. "Clearly the UK police are so desperate to catch us that they've gone and arrested someone who is, at best, mildly associated with us," the group tweeted. An individual named "Ryan" is occasionally referenced by the hackers in the logs, though he himself does not feature and appears to have only a loose association with the group. Scotland Yard confirmed on Thursday that it was continuing to work with "a range of agencies" as part of an "ongoing investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group". In response to the leaked logs, LulzSec posted a statement on the website pastebin, claiming users named joepie91, Neuron, Storm and trollpoll were "not involved with LulzSec" and rather "just hang out with us". They added: "Those logs are primarily from a channel called #pure-elite, which is /not/ the LulzSec core chatting channel. #pure-elite is where we gather potential backup/subcrew research and development battle fleet members – ie, we were using that channel only to recruit talent for side-operations." The group has vowed to continue its actions undeterred. But they now face a determined pincer movement from the FBI, UK police, and other hackers – including The Jester, who has been relentless in his pursuit of them for more than a fortnight. If its members' real identities are revealed, LulzSec may vanish as quickly as it rose to prominence. http://www.guardian.co.uk/technology...m-logs-hackers Sega Says 1.3 Million Users Affected by Cyber Attack Japanese video game developer Sega Corp said on Sunday that information belonging to 1.3 million customers has been stolen from its database, the latest in a rash of global cyber attacks against video game companies. Names, birth dates, e-mail addresses and encrypted passwords of users of Sega Pass online network members had been compromised, Sega said in a statement, though payment data such as credit card numbers was safe. Sega Pass had been shut down. "We are deeply sorry for causing trouble to our customers. We want to work on strengthening security," said Yoko Nagasawa, a Sega spokeswoman, adding it is unclear when the firm would restart Sega Pass. The attack against Sega, a division of Sega Sammy Holdings that makes game software such as Sonic the Hedgehog as well as slot machines, follows other recent significant breaches including Citigroup, which said over 360,000 accounts were hit in May, and the International Monetary Fund. The drama surrounding the recent round of video game breaches paled compared to what PlayStation maker Sony Corp experienced following two high-profile attacks that surfaced in April. Those breaches led to the theft of account data for more than 100 million customers, making it the largest ever hacking of data outside the financial services industry. Sega Europe, a division of Sega that runs the Sega Pass network, immediately notified Sega and the network customers after it found out about the breach on Thursday, Nagasawa said. Lulz Security, a group of hackers that has launched cyber attacks against other video game companies including Nintendo, has unexpectedly offered to track down and punish the hackers who broke into Sega's database. (Reporting by Yoko Kubota; Editing by Nick Macfie) http://www.reuters.com/article/2011/...7HJ01520110619 Hackers Attack Electronic Arts Website Cyber hackers have breached an Electronic Arts Inc website and may have taken user information such as birth dates, phone numbers and mailing addresses, the company said on its website on Friday. Electronic Arts is the latest victim in a spate of global cyber attacks waged against video game companies. Last week, Sega Sammy Holdings Inc reported that user information had been stolen from 1.3 million customers, while Sony Corp is still grappling with the massive breach that compromised the data of more than 100 million of its video game users in April. Electronic Arts was not immediately available for comment on Friday. No hacker group immediately claimed responsibility for the attack. The video game publisher posted a set of questions and answers on its website addressing the attack, which hit a server for EA's Bioware studio in Edmonton, Canada. The hacked website was associated with the fantasy game "Neverwinter Nights." The company said no credit card data or social security numbers were taken but other sensitive information may have been breached by hackers. "Our investigation shows that information such as user names, encrypted passwords, email addresses, mailing addresses, names, phone numbers, CD keys and birth dates from accounts on the server system associated with Neverwinter Nights may have been compromised," the company said on its website. EA offered tips to consumers to avoid identity theft and directed users to the U.S. Federal Trade Commission's Internet fraud website. EA shares were trading 0.3 percent lower at $21.84 on the Nasdaq on Friday. (Reporting by Liana B. Baker, editing by Gerald E. McCormick) http://www.reuters.com/article/2011/...75N58J20110624 Security Professionals Say Network Breaches Are Rampant Riva Richmond There has been a flood of news about hacker break-ins at companies. But how bad is the situation really? Significantly worse than the headlines suggest, and getting worse still, a new study from the research firm Ponemon Institute suggests. The study says breaches are rampant and occurring much more often than is publicized. The firm’s survey of 581 security professionals at large companies in the United States, Britain, France and Germany found that 90 percent of them had at least one breach in the last year and 59 percent had two or more. And the costs are mounting; 41 percent of break-ins cost more than half a million dollars. Study participants broadly agreed that cyberattacks were getting more frequent, more severe, and harder to detect and stop. Indeed, hackers are increasingly staging targeted attacks aimed at stealing something specific, said Larry Ponemon, founder of the institute. They study the target, find an opening and then quietly get in and out. Most are mercenaries, members of criminal syndicates or representatives of unfriendly countries, he said, and their attacks “are much more stealthy and much more difficult to identify.” About 60 percent of respondents said they were able to identify the source of at least some of the attacks suffered by their organizations. They traced 34 percent of them to China and 19 percent to the Russian Federation. Both countries are known hotbeds of hacking for profit and economic advantage. “China is prolific and noisy,” said the former National Security Agency director Mike McConnell, speaking at an event at the 92nd Street Y in New York last week. “They are literally taking terabytes of data” and focusing on virtually every sector of the economy. Russian hackers are considered especially skilled and known for taking things undetected, he said. Nearly half of the breached companies surveyed by Ponemon suffered a damaging loss of data, which “speaks volumes about the mindset of the attacker community,” said Karim Toubba, vice president of security strategy at Juniper, which sponsored the survey. The large majority are in it for financial gain and don’t talk about what they do — unlike LulzSec and Anonymous, who are hacking for fun and politics and have been loudly bragging about their activities. Victimized companies overwhelmingly prefer to keep quiet, too. When they do talk, it’s usually after a loss of consumer information, which is subject to laws requiring disclosure. But most of what is being stolen is corporate information that doesn’t have to be disclosed, Mr. Ponemon said, whether it is intellectual property like design documents or financial information. There’s certainly little reason to talk when, as the Sony case has shown, news of your vulnerability might make hackers hit you harder, customers lose confidence in you and your stock price drop. As attackers step up their games, defenders are struggling to cope. Security professionals are pessimistic about their ability to prevent hacks; 57 percent said they had little or no confidence in their organizations’ ability to prevent a breach. They’re coming to believe that “maybe the bad guys are getting so good — or so bad — that maybe it is impossible to meet the security needs of the organization,” Mr. Ponemon said. Respondents are also concerned about insufficient security budgets and say the complexity of modern networks is a major challenge. Corporate networks are growing more unruly and harder to control as employees use more mobile devices like smartphones and tablets, adopt cloud services and log onto social networks, all of which carry security threats. Meanwhile, I.T. departments must manage a growing array of specialized security technologies that may or may not work together to help security departments detect and halt attacks. “When you put all of this into one big stew, it’s not very tasty,” Mr. Ponemon said. http://bits.blogs.nytimes.com/2011/0...s-are-rampant/ How to Know if You’ve Been Hacked Riva Richmond The news just keeps coming of hackers breaking into company databases and making off with sensitive customer information — and crowing about it online. You may reasonably wonder if they got yours. A definitive answer is elusive, unfortunately. In many cases, like that of Epsilon or the recent hack at Sega, people who were affected will probably only find out if the companies come clean and send out a notification — or they become identity-theft victims. But now there is an easy way to find out if you’ve been caught up in recent hacks by the likes of LulzSec and Anonymous, who claim to be in it for the “lulz” (fun) or are trying to make a political statement and have published their data hauls online for dramatic effect. An Australian technology professional and former security consultant, Daniel Grzelak, has built a Web site, “Should I Change My Password?,” where you can check whether your information is in 13 publicly available stashes containing more than 800,000 stolen records. To see if you’re info is there, simply visit the site and type in your e-mail address — he promises that he will not capture or store it. If it’s found, you will be told how many times and get tips for creating strong passwords and using them safely. Mr. Grzelak said in an e-mail that he created the tool for family and friends who had heard about the “LulzSec shenanigans” and were concerned about what it meant for them. “I wanted to give them A, an easy way to check if they were affected and B, some simple advice on what to do if they were.” LulzSec and others who have taken and exposed data may not use it maliciously themselves. But more criminally minded “underground folks either already have the databases or quickly download them, while the average person just keeps going on about their business, oblivious to the carnage; unless of course their Facebook or Twitter accounts get violated,” he said. Mr. Grzelak intends to update his site should more databases be published. He also said he was working on a one-click mechanism to check whether company e-mail accounts were affected, at the request of organizations he didn’t name. And he’s looking into how to create a safe and private way to alert victims. http://gadgetwise.blogs.nytimes.com/...e-been-hacked/ A Stronger Net Security System Is Deployed John Markoff A small group of Internet security specialists gathered in Singapore this week to start up a global system to make e-mail and e-commerce more secure, end the proliferation of passwords and raise the bar significantly for Internet scam artists, spies and troublemakers. “It won’t matter where you are in the world or who you are in the world, you’re going to be able to authenticate everyone and everything,” said Dan Kaminsky, an independent network security researcher who is one of the engineers involved in the project. The Singapore event included an elaborate technical ceremony to create and then securely store numerical keys that will be kept in three hardened data centers there, in Zurich and in San Jose, Calif. The keys and data centers are working parts of a technology known as Secure DNS, or DNSSEC. DNS refers to the Domain Name System, which is a directory that connects names to numerical Internet addresses. Preliminary work on the security system had been going on for more than a year, but this was the first time the system went into operation, even though it is not quite complete. The three centers are fortresses made up of five layers of physical, electronic and cryptographic security, making it virtually impossible to tamper with the system. Four layers are active now. The fifth, a physical barrier, is being built inside the data center. The technology is viewed by many computer security specialists as a ray of hope amid the recent cascade of data thefts, attacks, disruptions and scandals, including break-ins at Citibank, Sony, Lockheed Martin, RSA Security and elsewhere. It allows users to communicate via the Internet with high confidence that the identity of the person or organization they are communicating with is not being spoofed or forged. Internet engineers like Mr. Kaminsky want to counteract three major deficiencies in today’s Internet. There is no mechanism for ensuring trust, the quality of software is uneven, and it is difficult to track down bad actors. One reason for these flaws is that from the 1960s through the 1980s the engineers who designed the network’s underlying technology were concerned about reliable, rather than secure, communications. That is starting to change with the introduction of Secure DNS by governments and other organizations. The event in Singapore capped a process that began more than a year ago and is expected to be complete after 300 so-called top-level domains have been digitally signed, around the end of the year. Before the Singapore event, 70 countries had adopted the technology, and 14 more were added as part of the event. While large countries are generally doing the technical work to include their own domains in the system, the consortium of Internet security specialists is helping smaller countries and organizations with the process. The United States government was initially divided over the technology. The Department of Homeland Security included the .gov domain early in 2009, while the Department of Commerce initially resisted including the .us domain because some large Internet corporations opposed the deployment of the technology, which is incompatible with some older security protocols. Internet security specialists said the new security protocol would initially affect Web traffic and e-mail. Most users should be mostly protected by the end of the year, but the effectiveness for a user depends on the participation of the government, Internet providers and organizations and businesses visited online. Eventually the system is expected to have a broad effect on all kinds of communications, including voice calls that travel over the Internet, known as voice-over-Internet protocol. “In the very long term it will be voice-over-I.P. that will benefit the most,” said Bill Woodcock, research director at the Packet Clearing House, a group based in Berkeley, Calif., that is assisting Icann, the Internet governance organization, in deploying Secure DNS. Secure DNS makes it possible to make phone calls over the Internet secure from eavesdropping and other kinds of snooping, he said. Security specialists are hopeful that the new Secure DNS system will enable a global authentication scheme that will be more impenetrable and less expensive than an earlier system of commercial digital certificates that proved vulnerable in a series of prominent compromises. The first notable case of a compromise of the digital certificates — electronic documents that establish a user’s credentials in business or other transactions on the Web — occurred a decade ago when VeriSign, a prominent vendor of the certificates, mistakenly issued two of them to a person who falsely claimed to represent Microsoft. Last year, the authors of the Stuxnet computer worm that was used to attack the Iranian uranium processing facility at Natanz were able to steal authentic digital certificates from Taiwanese technology companies. The certificates were used to help the worm evade digital defenses intended to block malware. In March, Comodo, a firm that markets digital certificates, said it had been attacked by a hacker based in Iran who was trying to use the stolen documents to masquerade as companies like Google, Microsoft, Skype and Yahoo. “At some point the trust gets diluted, and it’s just not as good as it used to be,” said Rick Lamb, the manager of Icann’s Secure DNS program. The deployment of Secure DNS will significantly lower the cost of adding a layer of security, making it more likely that services built on the technology will be widely available, according to computer network security specialists. It will also potentially serve as a foundation technology for an ambitious United States government effort begun this spring to create a system to ensure “trusted identities” in cyberspace. https://www.nytimes.com/2011/06/25/science/25trust.html Hacking Group Says It Is Ending Spree Nick Bilton Lulz Security, a group of hackers who have tormented corporations and government agencies, said Saturday that it would stop its spree, 50 days after it first started its attacks. In a press release posted on The Pirate Bay, a file-sharing Web site, the group said its six members had decided to “say bon voyage” as Lulz Security but did not cite a reason. In addition, the group shared a number of files and documents it said were breached in the course of its attacks. These files, which were available for download, included sensitive documents about AT&T internal server files, Federal Bureau of Investigation documents and user names and passwords of a number of other Web sites. On its Twitter feed, the group’s members encouraged other hackers to continue attacking Web sites and government agencies and said it planned to stay involved in the efforts through Anonymous, another collective of rogue hackers. Even assuming the statement speaks for what is a loose and anarchic group, the claim that it does not plan any more data breaches or other hacking efforts is open to question. Lulz Security has become known online for its sarcastic and snide commentary, and the group has continually promised to carry on. It is unclear why the group decided to stop hacking under its current name. In a recent interview with Adrian Chen of Gawker, one the group’s members, who goes by the name “Topiary” online, said Lulz Security planned to continue its campaign for some time and said he had no fears of being apprehended by the authorities. “Worrying is for fools!” Topiary told Mr. Chen when asked if he feared being caught. Lulz Security has come under attack from government agencies around the world, including the Federal Bureau of Investigation and Central Intelligence Agency. Other hackers were also taking aim at the group’s members, saying they had gone too far with their activities. E-mail and phone messages seeking comment from F.B.I. officials drew no immediate response. Earlier this week the British police arrested Ryan Cleary, a 19-year-old who they say is a member of Lulz Security. The authorities charged Mr. Cleary with illegally using a computer to perform denial-of-service attacks — bombarding Web sites with so many automated messages that they shut down. One of Mr. Cleary’s targets was said to have been the British Serious Organized Crime Agency. Lulz Security has claimed responsibility for hacking a number of sites over the past two months, including PBS.org, the United States Senate, the Arizona Department of Public Safety and an Web site associated with the Federal Bureau of Investigation. Here is the full press release attributed to Lulz Security: Friends around the globe, We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us. For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others — vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself. While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn’t that interesting to know? The mediocre painter turned supervillain liked cats more than we did. Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we’ve gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve. So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind — we hope — inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere. Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon. Let it flow… Lulz Security — our crew of six wishes you a happy 2011, and a shout-out to all of our battlefleet members and supporters across the globe http://bits.blogs.nytimes.com/2011/0...-ending-spree/ Internet Activists Crash White House Phone Lines Calling for an End to the War on Drugs W. E. Messamore On Friday June 17th, exactly 40 years after President Richard Nixon declared a "War on Drugs," Internet activists organizing from the social news and activism website, Reddit.com, called the White House en masse to demand an end to the War on Drugs, calling it a "trillion dollar incarceration machine" with a measurable failure to reduce drug use, or harm from drug use. The original posting on Reddit came earlier this week and quickly rocketed to the website's front page, receiving nearly 2000 votes from the social media website's users. Referred to affectionately by its users as "the hive mind," Reddit allows its community to vote on content in order to determine which news and stories-- ranging from the offbeat and not safe for work, to this week's serious political activism-- are most important, featuring these on its front page. While only the White House knows exactly how many people called in Friday to demand an end to the War on Drugs, there's one strong clue as to the numeric power of Internet activists working from Reddit to send a message to the White House about the War on Drugs. Just last month, a similar posting on Reddit, which garnered 1300 votes from the community, launched a campaign of letter writing on WhiteHouse.gov's contact page that may have shut down the site for "temporary maintenance." The user who made that posting is a marijuana legalization activist based in Washington DC, and he published an article last month claiming that during his viral, Reddit-based, letter-writing campaign, the White House's website was displaying error messages to visitors, saying: "We are performing system maintenance and upgrading our website. Unfortunately, this requires this page to be offline for a short period. Please check back later to submit your message." It could have been a coincidence, but it's certainly possible that Reddit's thousands of readers unintentionally hit the White House with a distributed denial of service attack. This Friday, the Internet activists calling in to the White House were counseled by their fellow users to be polite and courteous, and to stick to facts like America's startling incarceration rate, the enormous cost of the War on Drugs, and the percentage of Americans who favor liberalizing drug policy. Their act of political engagement comes at a time when many of the world's leaders and former leaders are beginning to voice concern over the failures of the War on Drugs. Just this Thursday, former President Jimmy Carter published an op ed in The New York Times calling for an end to the global drug war, indicating that persuading an occupant of the White House as to the harms and unintended consequences of the War on Drugs may not be so far-fetched. http://caivn.org/article/2011/06/18/...-end-war-drugs Anonymity Has Real Value, Both in Comments and Elsewhere Mathew Ingram The old joke about being online is that “no one knows you’re a dog.” But the idea of online anonymity has been taking a beating recently, in part because of celebrated cases of fraud such as the Gay Girl in Damascus blog — which turned out to be written by a 40-year-old Scottish man. And the former ombudsman for National Public Radio has also come out swinging against the anonymity of commenters, which she calls “an exercise in faux democracy.” But allowing people to be anonymous isn’t the problem — plus, it has real value for society that shouldn’t be dismissed so quickly. The fact that someone might want to set up a blog and pretend to be a lesbian in Damascus (as Bobbie Johnson described in his recent post on the issue) is definitely somewhat disturbing — in part because it was revealed that the creator of the blog had been carrying on this facade for several years, and had taken in several knowledgeable writers on the Middle East, including Global Voices Online staffer Jillian York, who wrote about her experiences in a blog post. But as online media veteran Dan Gillmor pointed out in a piece for The Guardian on the “Amina” affair, the fact that someone can pretend to be a gay blogger in the Middle East without being discovered also means that real lesbians and other persecuted people in Damascus or anywhere else can also post their thoughts online, and that can be a very powerful force for democracy and human rights. Should anonymity (or what is actually pseudonymity) only be allowed for those who can prove that they really are political dissidents? And if so, who would do the proving? Says Gillmor: Quote:
This is something we feel pretty strongly about at GigaOM, and something I also felt strongly about during my previous job managing online community for a major national newspaper that got tens of thousands of comments a day. Did we get a lot of hateful comments? Yes, we sure did — and we used a Winnipeg-based company called ICUC Moderation Services to handle the worst, which NPR also uses. But the ability for people to speak their minds about important topics without having that attached to their real names is also important, I think — and one of the main reasons media sites have such terrible comments is that their writers rarely if ever engage with readers. One of the solutions that Alicia Shepard and others have reached for when it comes to blocking anonymous comments is to hand over commenting functions to Facebook and only allow those who log in with their real identities to comment. But as we’ve noted before, this restricts the conversation by default to only those who want to attach comments to their real names — and those who want to log in via Facebook. That might reduce spam or trolling, but what about those who have something worthwhile to say who prefer to remain anonymous? They are effectively excluded. Dissidents in the Middle East who want to try to make themselves heard about the conditions in their countries (a group that Jillian York has argued is ill-served by Facebook’s rules requiring real names) aren’t the only ones who might want to remain anonymous. As the ombudsman at the Washington Post noted in a recent post about the benefit of allowing anonymity in comments, there are plenty of issues that people in the U.S. and elsewhere might want to speak freely about without having that attached to their names whenever someone does a Google search, and they deserve to be able to do that. In the end, the ability to speak anonymously isn’t just an attribute of what Alicia Shepard calls “faux democracies” — it’s something that has also played a key role in the rise of real democracies in countries like the United States, by allowing people to speak to the powerful without fear of persecution. We shouldn’t toss that kind of principle aside so lightly just because we want to cut down on irritating comments from readers, or stop the occasional blogger from pretending to be someone they are not. http://gigaom.com/2011/06/20/anonymi...and-elsewhere/ Upending Anonymity, These Days the Web Unmasks Everyone Brian Stelter Not too long ago, theorists fretted that the Internet was a place where anonymity thrived. Now, it seems, it is the place where anonymity dies. A commuter in the New York area who verbally tangled with a conductor last Tuesday — and defended herself by asking “Do you know what schools I’ve been to and how well-educated I am?” — was publicly identified after a fellow rider posted a cellphone video of the encounter on YouTube. The woman, who had gone to N.Y.U., was ridiculed by a cadre of bloggers, one of whom termed it the latest episode of “Name and Shame on the Web.” Women who were online pen pals of former Representative Anthony D. Weiner similarly learned how quickly Internet users can sniff out all the details of a person’s online life. So did the men who set fire to cars and looted stores in the wake of Vancouver’s Stanley Cup defeat last week when they were identified, tagged by acquaintances online. The collective intelligence of the Internet’s two billion users, and the digital fingerprints that so many users leave on Web sites, combine to make it more and more likely that every embarrassing video, every intimate photo, and every indelicate e-mail is attributed to its source, whether that source wants it to be or not. This intelligence makes the public sphere more public than ever before and sometimes forces personal lives into public view. To some, this could conjure up comparisons to the agents of repressive governments in the Middle East who monitor online protests and exact retribution offline. But the positive effects can be numerous: criminality can be ferreted out, falsehoods can be disproved and individuals can become Internet icons. When a freelance photographer, Rich Lam, digested his pictures of the riots in Vancouver, he spotted several shots of a man and a woman, surrounded by police officers in riot gear, in the middle of a like-nobody’s-watching kiss. When the photos were published, a worldwide dragnet of sorts ensued to identify the “kissing couple.” Within a day, the couple’s relatives had tipped off news Web sites to their identities, and there they were, Monday, on the “Today” show: Scott Jones and Alex Thomas, the latest proof that thanks to the Internet, every day could be a day that will be remembered around the world. “It’s kind of amazing that there was someone there to take a photo,” Ms. Thomas said on “Today.” The “kissing couple” will most likely enjoy just a tweet’s worth of fame, but it is noteworthy that they were tracked down at all. This erosion of anonymity is a product of pervasive social media services, cheap cellphone cameras, free photo and video Web hosts, and perhaps most important of all, a change in people’s views about what ought to be public and what ought to be private. Experts say that Web sites like Facebook, which require real identities and encourage the sharing of photographs and videos, have hastened this change. “Humans want nothing more than to connect, and the companies that are connecting us electronically want to know who’s saying what, where,” said Susan Crawford, a professor at the Benjamin N. Cardozo School of Law. “As a result, we’re more known than ever before.” This growing “publicness,” as it is sometimes called, comes with significant consequences for commerce, for political speech and for ordinary people’s right to privacy. There are efforts by governments and corporations to set up online identity systems. Technology will play an even greater role in the identification of once-anonymous individuals: Facebook, for instance, is already using facial recognition technology in ways that are alarming to European regulators. After the riots in Vancouver, locals needed no such facial recognition technology — they simply combed through social media sites to try to identify some of the people involved, like Nathan Kotylak, 17, a star on Canada’s junior water polo team. On Facebook, Mr. Kotylak apologized for the damage he had caused. The finger-pointing affected not only him, it affected his family: local news media reported that his father, a doctor, had seen his ranking on a medical practice review site, RateMDs.com, drop after people posted comments about his son’s involvement in the riots. Other people subsequently went to the Web site to defend the doctor and improve his ranking. Predictably, there was a backlash to the Internet-assisted identification of the people involved in the alcohol-fueled riot. Camille Cacnio, a student in Vancouver who was photographed during the riot and who admitted to theft, wrote on her blog that the “21st-century witch hunt” on the Internet was “another form of mobbing.” In the New York area, the commuter who was the subject of online scorn last week shut down both her Twitter and LinkedIn accounts once her name bubbled up on blogs. Though the person who originally posted the cellphone video took it down, other people quickly reposted it, giving the story new life. The original video poster remains anonymous because his or her YouTube account has been shut down. Half a world away, in Middle Eastern countries like Iran and Syria, activists have sometimes succeeded in identifying victims of dictatorial violence through anonymously uploaded YouTube videos. They have also succeeded in identifying fakes: In a widely publicized case this month, a blogger who claimed to be a Syrian-American lesbian and called herself “A Gay Girl in Damascus” was revealed to be an American man, Tom MacMaster. The sleuthing was led by Andy Carvin, a strategist for NPR who has exhaustively covered the Middle Eastern protests on Twitter. When sources of his said they were skeptical of the blogger’s identity, “I just started asking questions on Twitter and Facebook,” Mr. Carvin recalled on CNN. “Have any of you met her in person? Do you know her at all? The more I asked, the less I learned, because no one had met her, not even the reporters who had supposedly interviewed her in person.” Mr. Carvin, his online followers and others used photos and server log data to connect the blog to Mr. MacMaster’s wife. “Publicity” — something normally associated with celebrities — “is no longer scarce,” Dave Morgan, the chief executive of Simulmedia, wrote in an essay this month. He posited that because the Internet “can’t be made to forget” images and moments from the past, like an outburst on a train or a kiss during a riot, “the reality of an inescapable public world is an issue we are all going to hear a lot more about.” https://www.nytimes.com/2011/06/21/us/21anonymity.html Rhode Island Says Police Can Decloak Anonymous People Online If They Find Them Offensive Mike Masnick We've been noticing a trend of various states attempting to pass laws against being a jerk online -- with a particular distaste for anonymous jerks. But it seems that Rhode Island is taking it to new levels. Via Copycense, we learn that Rhode Island is pushing forward with a broadly written law (for the children, of course!), which would let police get names and other identifying information from service providers for online speech that they find to be "offensive" or harassing, without requiring that it go through a judge for a warrant first. Technically, the bill allows for law enforcement to issue an "administrative subpoena" on such issues, rather than having to get a judge-approved warrant. While much of the bill is targeted at uncovering those involved in child porn, it uses that fact to mask the broad powers this gives to law enforcement to uncover who's behind all kinds of anonymous speech, without any consideration for the First Amendment protections for anonymous speech. This kind of law seems ripe for abuse by law enforcement, and the ACLU notes that Rhode Island law enforcement has already been known to seek this kind of info under questionable reasons: Fears about the scope of this bill are not exaggerated. In the past year, there have been two highly publicized incidents of police seeking to track down the posters of comments posted online about political figures. Last fall, the Rhode Island ACLU called on Narragansett's Police Chief to drop criminal “cyberstalking” charges lodged against two town residents in separate incidents. Under this bill, police could unilaterally issue subpoenas to obtain the information. http://www.techdirt.com/articles/201...ffensive.shtml Why Some Dissatisfied Users are Shunning Facebook Blake Snow There's no denying the cultural impact of Facebook. It has united almost 700 million people, including most of you reading this, becoming the greatest social introduction platform the world has ever seen. But there are also some recent signs of "Facebook fatigue." There is only so much you can do to socialize online, especially after you've exhausted your friend list. Some people also complain they're spending so much time on Facebook that they're short-changing the rest of their lives. Evidence suggests a small but increasing number of users -- at least in North America, where Facebook use is especially saturated -- may be shunning the site. The site lost more than 7 million active users in the United States and Canada last month, according to data from the blog Inside Facebook, although Facebook disputes those figures. Others are consciously reducing the time they spend on the site. "I figured out that I wouldn't look back as an old man and wish I had spent more time on Facebook," says David Cole, an IT manager from Boston. Cole said he believes the popular social-networking site is a useful tool, but not a replacement for what he calls "realbook" experiences. "Instead of working on an essay, I would waste time browsing people's walls," says Kip Krieger, a college student from Virginia, who like Cole has consciously reduced how much time he spends on Facebook. On top of that, Facebook has become predictable, Krieger says. "It's really gotten to a point where I know pretty much what my friends are going to post. They usually just write the same thing over and over again, and I am getting sick of that." Joshua DeRosa, a Salt Lake City graphic artist and former Facebook user, agrees. "I don't need to see pics or hear updates about people's babies," he says. "I know what babies look like, and while you might think what Junior did was the cutest thing ever, I couldn't care less." Others contacted for this story say constant status updates may inadvertently discourage more meaningful and sensory interactions that can only take place offline. "My mom quit Facebook because she wanted us to call her on the phone and see her in person more," says a 29-year-old Provo, Utah, man who wishes to remain anonymous. Maybe mother knows best. "It's working," he says. Obviously, there are a lot more satisfied customers of Facebook than disgruntled ones. You don't get to half a billion users by upsetting people. So are these outspoken Facebook shunners a tiny minority or part of a growing trend (or both)? Facebook won't say how many users have deleted their accounts, so the trend is difficult to quantify. But if you type "d-e-l-e" into a Google search query, "delete Facebook" is the No. 1 predictive result, meaning it's a popular search among Google users. Never mind the numerous pages of related articles on "how to" and "why you should delete" your Facebook account. Facebook spokesman Barry Schnitt, however, maintains that any such withdrawal is minor and short-lived. "More often than not, people who deactivate do so temporarily and come back after a break," he says, "like students pausing to focus on finals or people going camping and not wanting their profile to be untended for a weekend." Entrepreneur Max Salzberg, on the other hand, says the exodus is real. "Thinking that Facebook is forever is like thinking that AOL was the be-all-end-all of the Internet," he says. "Eventually, everyone will use something else." Salzberg hopes you'll use his upcoming Facebook alternative: a rival site called Diaspora that promises to help keep users' worlds from colliding. Diaspora lets users sort friends into groups so updates and photos are shared only with certain people, not everyone on one's friend list. The idea is that mom, for example, will no longer be privy to the more intimate details of your life. Still in its alpha, or by-invitation-only phase, Diaspora also has settings that are by default private. "Since Diaspora is actually made up of a bunch of sites across the Web, it is about sharing in the way you want and letting that drive how you express yourself," he says. "Giant monolithic social networks don't make much sense." Another Facebook alternative called Path limits users to 50 friends. The goal, says founder (and ex-Facebook exec) Dave Morin, is to promote intimate and memorable sharing. Still, it's hard to ignore the social behemoth that Facebook has become, especially since more than half of all Americans now have an account. "I do feel pressured to participate," says DeRosa. "People act like you are an alien when you tell them you aren't on it." Toby Bushman, 27, of Southern California, felt so much pressure that she decided to rejoin Facebook, and is glad she did. "Having that connection with others is a very powerful thing," she says. "It makes me feel like I'm a part of something bigger and more grand than just my life as a stay-at-home mother." Even some of those who grumble about Facebook admit they'll never completely dump the site. "There are too many people I want to keep in contact with," says Krieger. Facebook officials say their service is good for people. "Facebook can be like broccoli," Schnitt says. "Everyone can benefit from it but not everyone will want to. "But you won't know until you try," he adds. "Thus, we'd encourage you to sign up and share as little or as much as you want. If you have a good experience, we hope you'll stay. If not, come back and see us again, because we're constantly working to improve the service and delight people in ways that aren't possible offline." http://edition.cnn.com/2011/TECH/soc...ning.facebook/ Self-Published Author Sells a Million E-Books on Amazon Audrey Watters Since the Kindle's launch, Amazon has heralded each new arrival into what it calls the "Kindle Million Club," the group of authors who have sold over 1 million Kindle e-books. There have been seven authors in this club up 'til now - some of the big names in publishing: Stieg Larsson, James Patterson, and Nora Roberts for example. But the admission today of the eighth member of this club is really quite extraordinary. Not because John Locke is a 60 year old former insurance salesman from Kentucky with no writing or publishing background. But because John Locke has accomplished the feat of selling one million e-books as a completely self-published author. Rather than being published by major publishing house - and all the perks that have long been associated with that (marketing, book tours, prime shelf space in retail stores) - Locke has sold 1,010,370 Kindle books (as of yesterday) having used Kindle Direct Publishing to get his e-books into the Amazon store. No major publisher. No major marketing. Locke writes primarily crime and adventure stories, including Vegas Moon, Wish List, and the New York Times E-Book Bestseller, Saving Rachel. Most of the e-books sell for $.99, and he says he makes 35 cents on every sale. That sort of per book profit is something that authors would never get from a traditional book deal. Locke is also the author of now bound-to-be classic How I Sold 1 Million E-Books in 5 Months. Of course, rags-to-riches, unpublished-to-bestselling author isn't a particularly new phenomenon. But to have this occur outside a major publishing house certainly is. One million e-books in just 5 months is a testament to the incredible popularity of e-books - particularly at this low price point. And it is yet another reminder of the shifting publishing - not just reading - landscape. Pointing to the success of another self-published author Amanda Hocking, GigaOm's Mathew Ingram suggests that the successes of Locke and Hocking are "another sign of the ongoing disruption of the traditional publishing industry." Indeed, self-publishing was once viewed as the last resort for frustrated authors. In the future, should such successes be repeated, it may be the publishing industry that gets more rejection notices. http://www.readwriteweb.com/archives...books_on_a.php J.K. Rowling's Next Chapter: A Transfiguration Spell on the Publishing Industry Audrey Watters Author J.K. Rowling unveiled the plans behind the mysterious Pottermore website this morning, and fans that were hoping for a new installment in the beloved Harry Potter series or for a wizarding MMORG may be disappointed. But for those who've been waiting to read the novels on their e-readers, good news: Pottermore will involve, in part, the release for the very first time of the Harry Potter series in a digital format. In what's an uncommon occurrence, Rowling retained all the rights to digital copies of her books. And until now, she had not struck any deals with publishers or distributors to make the series available digitally. All that will change when Pottermore officially launches this fall. That's big news for e-books as the bestselling series will undoubtedly be wildly successful in its new e-format. (It's as good an excuse as any to reread all the novels, right?) But the announcement is significant in a number of other key ways, not just because of Rowling's decision to release the e-books now, but because of the way in which she has chosen to do it. Self-Publishing's Defining Moment The books will be available exclusively through the Pottermore site, meaning that Rowling is self-e-publishing the novels. While self-publishing is, of course, nothing new, digital publishing and digital readership has helped self-publishing become more popular and, for authors, more lucrative. As we reported earlier this week, Amazon recently announced that self-published author John Locke had joined its "Kindle Million Club" after selling over one million copies of his e-books on the Kindle platform. But Rowling's decision here isn't just another mark of legitimacy for self-publishing, nor is it simply yet another blow to the traditional publishing industry - although no doubt, both of those are true. Rowling's announcement has several other ramifications here for the publishing industry. DRM-Free Content Digital rights management (DRM) technology is often placed on digital content, so the argument goes, to help prevent piracy. And indeed, the Harry Potter series may already be among the most pirated books in history, no doubt because of fans' desire to read the books in a digital format. But rather than viewing that desire with suspicion about sharing, Rowling is trusting they'll do the right thing. The Harry Potter e-books will reportedly be DRM-free, although they will be digitally watermarked with purchasers' information. Wired calls this the publishing industry's "Radiohead moment" and likens this to the band's release of its albums on its own site. "The crucial parallel between Radiohead and Rowling is the fact that they both put their faith in the fans rather than any intermediary. For Radiohead, this meant self-releasing their album In Rainbows after the end of their contract with EMI with an honesty-box pricing strategy." E-Book Standards DRM-free content also means that consumers won't be locked in to one particular format. As it currently stands, DRM is one mechanism that prevents users from sharing e-books; but it also means that Kindle owners can't read Nook content, and Nook owners can't load their iBooks onto their devices. But DRM is only part of the problem here; file formats are another. Rowling says that the books will be made available for all formats - to Kindle, iPad, Nook owners alike. It's not yet clear how that will be accomplished, but the most obvious way to do that would be via ePUB, the open e-book standard. However, Kindle does not currently support ePUB. But as paidContent's Laura Hazard Owen posits, "if any author could get Amazon to change its policy, it's J. K. Rowling." There have been rumors recently that the Kindle will begin supporting ePUB, and that may come as part of Amazon's new library lending program this summer. (Another) Tipping Point for E-Books The tipping point for e-books could have been when Amazon announced that Kindle versions were outselling print bestsellers two-to-one or when it said that e-books were outselling all print copies. The tipping point could have been when the company announced that a self-published author had managed to sell one million copies of his e-books. But it seems likely that with the excitement and passion that Harry Potter fans have for anything associated with the series, that the release of the digital Pottermore will unleash yet another milestone in what is a quickly changing landscape for publishing. http://www.readwriteweb.com/archives...on_spell_o.php Barnes & Noble: Nook Market Share, Sales Surge, But so do Losses Larry Dignan Barnes & Noble CEO William Lynch said that the company’s e-book market share is now 26 percent to 27 percent in the U.S. with Nook-related revenue topping $250 million in its fiscal fourth quarter. Lynch, speaking on a conference call with analysts following the company’s earnings report, said: Quote:
Lynch added that the company’s digital business model is coming into view and should grow revenue and gross margins going forward. For the fiscal fourth quarter, Barnes & Noble reported a net loss of $59 million, or $1.09 a share, on revenue of $1.37 billion. For fiscal 2011, Barnes & Noble reported a net loss of $74 million on revenue of $7 billion. Those results missed Wall Street estimates. Barnesandnoble.com reported fiscal 2011 sales of $572.7 million, but has negative earnings before interest, depreciation, amortization and interest of $204.5 million. No outlook was given for fiscal 2012 given that Barnes & Noble is in takeover talks with Liberty Media. http://www.zdnet.com/blog/btl/barnes...o-losses/51092 When Hard Books Disappear Hard books are on their way to extinction. Kevin Kelly Biologists maintain a concept call a "type specimen." Every species of living organism has many individuals of noticeable variety. There are millions of Robins in America, for instance, all of them each express the Robin-ness found in the type of bird we have named Turdus migratorius. But if we need to scientifically describe another bird as being "like a Robin" or maybe "just a Robin" which of those millions of Robins should we compare it to? Biologists solve this problem by arbitrarily designating one found individual to be representative and archetypical of the entire species. It is the archetype, or the "type specimen," of that form. There is nothing special about that chosen specimen; in fact that's the whole idea: it should be typical. But once chosen this average specimen becomes the canonical example that is used to compare other forms. Every species in botany and zoology has a physical type specimen preserved in a museum somewhere. Books and other media creations are now getting their type specimen archive. The same guy who has been backing up the internet (yes the entire web!), and is racing Google to scan all books into digital files, has recently become concerned about the lack of a physical archive for all these digitized books. That guy is Brewster Kahle, the founder of the Internet Archive. Brewster noticed that Google and Amazon and other countries scanning books would cut non-rare books open to scan them, or toss them out after scanning. He felt this destruction was dangerous for the culture. We are in a special moment that will not last beyond the end of this century: Paper books are plentiful. They are cheap and everywhere, from airports to drug stores to libraries to bookstores to the shelves of millions of homes. There has never been a better time to be a lover of paper books. But very rapidly the production of paper books will essentially cease, and the collections in homes will dwindle, and even local libraries will not be supported to house books -- particularly popular titles. Rare books will collect in a few rare book libraries, and for the most part common paper books archives will become uncommon. It seems hard to believe now, but within a few generations, seeing a actual paper book will be as rare for most people as seeing an actual lion. Brewster decided that he should keep a copy of every book they scan so that somewhere in the world there was at least one physical copy to represent the millions of digital copies. That safeguarded random book would become the type specimen of that work. If anyone ever wondered if the digital book's text had become corrupted or altered, they could refer back to the physical type that was archived somewhere safe. But where? The immediate answer is: in cardboard boxes, stacked five high on a pallet wrapped in plastic, stored 40,000 strong in a shipping container, inside a metal warehouse on a dead-end industrial street near the railroad tracks in Richmond California. In this nondescript and "nothing valuable here" building, Brewster hopes to house 10 million books -- about the contents of a world-class university library. The containers are stacked two high and are plumbed to remain at 30% humidity. Together with their triple waterproofing (plastic, steel container, steel roof), they will remain dry even in short periods of neglect. Archive2 But he is archiving more than just the paper books. Even digital versions are physical in some way. So the Internet Archive is also storing in these interior shipping containers the tapes of the previous versions of digital scans, and the hard discs of today's scans, leaving room for the physical form of whatever media platform is next. There will be a next, Brewster says: "When they were making microfilm of books, they thought they would never have to rescan them. When they were being scanned at 300 dpi, they thought they would never have to scan them again. We know someday these books will be rescanned. They will be waiting here in boxes." The big idea that EVERY digital form ultimately rests in a physical form is a deep truth that needs to be understood more widely. From Brewster's summary of the project: Quote:
The specs of this multilayered system: Quote:
This past Sunday this long-term archive for paper books was opened to visitors. The current capacity is about half a million books. Many of the books were bought for almost nothing on the used book market, and others were collections of books donated by book lovers. The Archive is looking for more collections to scan and store. It costs about ten cents per page to track, catalog and scan a book. One advantage owning the books they scan is that it gives them a small edge in claiming the right of fair use for the digital copy they make. They try to have scans of only books they own. A prudent society keeps at least one specimen of all it makes, forever. It still amazes me that after 20 years the only publicly available back up of the internet is the privately funded Internet Archive. The only broad archive of television and radio broadcasts is the same organization. They are now backing up the backups of books. Someday we'l realize the precocious wisdom of it all and Brewster Kahle will be seen as a hero. http://www.kk.org/thetechnium/archiv...hard_books.php Movie Discovery Engine Uses Music to Find Flicks You Might Like Jennifer Van Grove Name: MyZeus Quick Pitch: MyZeus looks at your friends, the music you like and the world around you to help you discover movies in brand new ways. Genius Idea: Using social context to change the way people discover movies. Listening to music can be an emotional experience. So too can watching a movie with a soundtrack that includes song you love. Now, private beta startup MyZeus seeks to be the conduit for making the connection between the music you love and the movies you might like. Founded eight months ago, MyZeus came to be after co-founders Patrick Algrim and Brandon Weiss started thinking about how they could make movie discovery as much fun as the actual movie-watching experience. “Our goal,” says Algrim, “is too use the world around you to make up movie discovery.” An early release of the product allows users to connect their Last.fm and Rdio accounts to happen upon all the movies with music you like — as indicated via the third-party music services — in them. In Algrim’s mind, MyZeus can reinvent how people watch and experience movies. “If you say you like Dave Matthews Band, and this movie has Dave Matthews Band in it, and you discovered it through MyZeus, throughout the whole movie you’re actually listening for that Dave Matthews song,” Algrim says. “It becomes a lot of fun.” But MyZeus is also designed to encourage and support all three steps in the movie-watching experience. “We want you to find something to watch. We want you to watch that right now. And when you’re finished, we want you to share that with your friends,” Algrim explains. Soon, the site will move beyond on music-to-movie discovery and use places by connecting to your Gowalla and Foursquare accounts to help you discover movies filmed at venues in your location history. As is, the MyZeus dashboard highlights movies based on your music preferences. You can filter movies by artists, watch movie trailers and see if your movie selection is streaming on Netflix or available at iTunes, Amazon or Blockbuster. There’s also a social component to the site, so you can find and follow friends and make your own movie suggestions. You can also see, save and comment on the movie suggestions of your friends or everyone on the site. Algrim reports that private beta members are showing an early propensity for not only discovering movies via music, but also sharing and discussing movies. “We’ve had quite a few movies shared since we opened the doors, and there’s been an equal about of comments on the movies as there has been shared movies,” he says. MyZeus needs to mature a bit before it lives up to its stated purpose — we’d like more ways to discover and add friends, and more music service integrations — but there seems to be a lot of promise here. If you’d like to get an early peek at the service, 250 Mashable readers can check out MyZeus before it launches to the public by signing up here. http://mashable.com/2011/06/20/myzeus/ First Look at Samsung’s Solar-Powered NC215S Netbook Samsung announced plans to launch a solar-powered netbook last month at the company’s Africa Forum. Now the folks at Samsung Hub report that the Samsung NC215S solar netbook will also make an appearance in Russia — and they dug up some of the first pictures of the new netbook. The new netbook features a solar panel on the lid which Samsung says will give you an hour of run time for every two hours of charging time. Fully charged, the netbook is supposed to run for up to 14 hours. Aside from the solar panel, the netbook looks almost identical to the Samsung NC210 mini-laptop. It has a 10.1 inch, 1024 x 600 pixel matte display, 1GB of RAM, and a choice of an Intel Atom N455 single core of Atom N570 dual core processor. The Samsung NC215S is due out in August in Russia and it’s expected to sell for 13,999 rubles, or just under $500 US. There’s no word on if or when the netbook will be sold in the US. You can find more pictures after the break. Update: Samsung has confirmed that the netbook is coming to the US the week of July 3rd for $399. http://liliputing.com/2011/06/first-...s-netbook.html Sprint Counters AT&T's Spectrum Claims Kent German In its latest filing with the FCC today, Sprint further pressed its case against AT&T's proposed acquisition of T-Mobile. Though Sprint led the redacted document with the now familiar arguments that the $39 billion transaction would hurt consumers by eliminating competition, raising prices, and harming innovation, the carrier also devoted significant space to countering AT&T's controversial claims that the deal is its only solution for solving an impending spectrum crisis. "Sprint's filing demonstrates, once again, that AT&T's purported rationale for the proposed merger--that there is no other way to meet its projected data service demand growth--is simply unfounded," Sprint said in a statement. "AT&T could increase its capacity by developing its warehoused spectrum, accelerating its 4G network buildout, and implementing a more efficient network architecture, just as other wireless carriers around the world are doing today." In an attachment to the filing, Steven Starvitz, the CEO and managing director of Spectrum Management Consulting, wrote that AT&T is not alone among wireless carrier to see a huge boost in wireless data use and that its spectrum needs are not as acute as its rivals. "AT&T does not need to acquire T-Mobile to solve its claimed network capacity challenges," Starvitz said. "Instead, AT&T can implement common industry best practices to gain the capacity it asserts is necessary to serve the growing demands of its network" http://www.cnet.com/8301-17918_1-200...pectrum-claims Apple's Infrared 'Camera Kill Switch' Patent Application Hits a Nerve Michael Rose Picture this: You're out for a stroll on the streets of Vancouver when suddenly you find yourself caught up in a depressed mob of hockey fans. Riot police are striking a young man with their batons near a squad car. You pull out your iPhone to capture a video of this seeming abuse of force -- only to see a flashing message on the screen that says 'Recording Disabled.' Earlier this month, Patently Apple analyzed a patent application filing that Apple originally submitted in December of 2009. The patent application covered several ways to communicate with a cellphone through its camera using a coded infrared light transmission. Simply pointing your phone's camera at a properly equipped museum exhibit, for example, could load a webpage about the artifact on display or offer additional details about its origins. An auction house or fashion show could easily provide pricing, availability or 'click to bid' buttons. The technology would work like a giant, invisible QR code -- although it couldn't do the bidirectional sharing that Google's demo showed earlier. You also couldn't block it with a bit of masking tape, since the infrared data stream is captured by the phone's camera itself, not by a separate sensor. That's the user-affirming side of the patent. The other big use case, however, is for the infrared transmission to tell the phone "Hey, no pictures here!" The suggested applications are for concert halls, movie theaters or even sensitive corporate/government facilities -- giving those venue owners an easy way to block photography or videotaping of copyrighted or classified materials. Whether you think that's a terrible idea or an awesome idea may rest on whether or not you own a concert hall or a movie theater. Of course, Apple patents or patent applications often don't evolve into actual, shipping Apple products. (Remember the 'undead ads for content time' patent? Ick.) Nevertheless, even in the hypothetical case, the spectre of a 'kill switch' for the iPhone camera is not sitting all that well in certain circles. The Save the Internet coalition has published a suggested open letter to Steve Jobs that suggests this patent application is deeply repugnant to the ideals of freedom: "[T]housands of people across the Middle East have used cellphone cameras to document violent government abuses. This technology would also give tyrants the power to stem the flow of protest videos and crack down on their citizens with impunity." The petition continues, "If this tool fell into the hands of repressive regimes or malicious corporations, it would give tyrants and companies the power to silence one of the most critical forms of free expression." Now, there's a wide gulf between blocking cameras at concerts and quashing dissent by democratic activists -- at least in theory. First of all, would-be repressive regimes would have to set up expensive equipment in advance, which would work only at short range -- and even if they did that there'd be no guarantee that all the phones in the area would comply with the invisible orders, so the requisite shakedown of all camera-enabled devices by armed enforcers would still have to be done. In the chaos and commotion of the kind of situations that would tend to motivate large-scale iPhone videography, it's by no means clear that this 'kill switch' would even work. As my colleague Chris Rawson points out, your average infrared TV remote control is thoroughly flummoxed by simple sunlight. None of this, however, means that it's prudent to stand atop the slippery slope of external device controls and say "Looks like a nice ride down." It's easy to think, as I did when first reading the admittedly hyperbolic language of the petition, "Look, the iPhone is not the only camera in the world; professional bootleg videographers don't use crappy cameraphones at all, protesters have many different kinds of phones and cameras at their disposal, and as soon as this capability gets rolled out people will simply jump to another platform to work around it." [Never mind the fact that Flickr now shows the iPhone 4 as the most popular camera on the site, bar none. –Ed.] The problem is that market reaction takes time, and in the thought experiment I played out at the beginning of this post there's no time to react. If you were in a traffic stop that went wrong, a political rally with a bad outcome, a movie theater where someone was being assaulted -- there's no chance to go back in time and say "You know, that iPhone camera kill switch may not have been such a good idea after all." It's impossible to say, without access to Apple's labs, whether this technology is truly viable, whether it would work in daylight, and whether it could really be used in the situations envisioned by the petition writers. It's equally impossible to say whether Apple intends to implement and commercialize this invention, or even if the company's patent application would be granted. Maybe Apple's secret objective in pursuing this patent is not to implement it in products -- to keep the concept off the market in perpetuity, or at least for the life of the patent. But that doesn't seem likely, and in the absence of comment from Apple about whether and how the capability would be implemented in future iPhones (a comment that is undoubtedly not coming anytime soon), all we have is our questions. http://i.tuaw.com/2011/06/20/apples-...cation-hits-a/ Until next week, - js. Current Week In Review  Recent WiRs - June 18th, June 11th, June 4th, May 28th Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved. "The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black |
|||||||
|
|
|
26-06-11, 07:34 PM
|
#2 |
|
my name is Ranking Fullstop
Join Date: Dec 2001
Location: Promontorium Tremendum
Posts: 4,391
|
nice, as always, js
 |
|
|
|
|
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Peer-To-Peer News - The Week In Review - February 13th, '10 | JackSpratts | Peer to Peer | 0 | 10-02-10 07:55 AM |
| Peer-To-Peer News - The Week In Review - January 30th, '10 | JackSpratts | Peer to Peer | 0 | 27-01-10 07:49 AM |
| Peer-To-Peer News - The Week In Review - January 23rd, '10 | JackSpratts | Peer to Peer | 0 | 20-01-10 09:04 AM |
| Peer-To-Peer News - The Week In Review - January 16th, '10 | JackSpratts | Peer to Peer | 0 | 13-01-10 09:02 AM |
| Peer-To-Peer News - The Week In Review - December 5th, '09 | JackSpratts | Peer to Peer | 0 | 02-12-09 08:32 AM |
Linear Mode
