P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 01-08-12, 08:21 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - August 4th, '12

Since 2002


































"To be honest with you, the guys enjoy it. They try so hard all day not to scratch anything. And all of a sudden they get to throw it off the back of a truck." – Brian Goodwin



































August 4th, 2012




Music Labels Won’t Share Pirate Bay Loot With Artists
Ernesto

Earlier this year the sentences against the Pirate Bay defendants were made final. Aside from prison sentences, they will have to pay damages to the entertainment industries, including €550,000 to several major music labels. The court awarded the damages to compensate artists and rightsholders for their losses. However, it now turns out that artists won’t see a penny of the money, as the labels have allocated it to IFPI to fund new anti-piracy campaigns.

February this year, Sweden’s Supreme Court announced its decision not to grant leave to appeal in the long-running criminal case against the founders of The Pirate Bay.

This meant that the previously determined sentences handed out to Peter Sunde, Fredrik Neij, Gottfrid Svartholm and Carl Lundström will stand.

Part of the sentence are damages that have to be paid to various entertainment industry companies. EMI Music, Universal Music, Sony Music and other labels, for example, were awarded around €550,000 to compensate artists and rightsholders for the losses they suffered.

During the trial the court carefully weighed all the individual albums that were brought in as evidence. The resulting damages were eventually based on the fees The Pirate Bay would have paid if they had bought licenses for that content.

The music labels were satisfied with this outcome, but have since had trouble collecting the damages. TorrentFreak got a peek at an unpublished document from the legal department of anti-piracy outfit IFPI, which documents the issue in more detail.

“We have filed applications with Sweden’s Enforcement Agency to secure assets to satisfy these funds. So far very little has been recovered as the individuals have no traceable assets in Sweden and the Enforcement Agency has no powers to investigate outside Sweden. There seems little realistic prospect of recovering funds,” the document reads.

While it may come as no surprise that the music industry has a hard time getting money from The Pirate Bay defendants, what comes next may raise a few eyebrows.

“There is an agreement that any recovered funds will be paid to IFPI Sweden and IFPI London for use in future anti-piracy activities,” IFPI writes.

In other words, the money that the Court awarded to compensate artists and rightsholders for their losses is not going to the artists at all. Instead, the labels will simply hand it over to IFPI for their ongoing anti-piracy efforts, which we documented in detail earlier this week.

According to former Pirate Bay spokesman Peter Sunde, one of the people convicted in the case, this shows who the real “thieves” are.

“Regarding the issue that they’ve already divvied up the loot, it’s always fun to see that they call it ‘recovered money’ (i.e. money they’ve lost) but that they’re not going to give the artists in question any of it,” Sunde told TorrentFreak.

“They say that people who download give money to thieves – but if someone actually ends up paying (in this case: three individuals) then it’s been paid for. So who’s the thief when they don’t give the money to the artists?”

According to Sunde the news doesn’t come as a surprise.

“As far as I know, no money ever won in a lawsuit by IFPI or the RIAA has even gone to any actual artist,” Sunde says. “It’s more likely the money will be spent on cocaine than the artists that they’re ‘defending’.”

This is not the first time that artists have been left out when damages have been awarded in a copyright infringement case.

The RIAA previously told TorrentFreak that the ‘damages’ accrued from piracy-related lawsuits will not go to any of the artists, but towards funding more anti-piracy campaigns. “Any funds recouped are re-invested into our ongoing education and anti-piracy programs,” we heard.
https://torrentfreak.com/pirate-bay-...rtists-120728/





DEA's File-Sharing Rules Challenged on Technical Grounds
Gareth Morgan

Campaign group Consumer Focus has published its technical report in to practicalities of online traceability, which it believes show why the controversial Digital Economy Act cannot work in its current form.

The Consumer Focus report [pdf] is based on analysis undertaken earlier this year by Richard Clayton, of the University of Cambridge's Computer Laboratory.

The report highlights the difficulties internet service providers face in correctly identifying IP addresses that may have been used to download copyrighted material – as well as the problem of then linking an individual to that IP address.

Commenting on the report's publication, Clayton noted that while the traceability part of the DEA could be made to work in a robust manner, it could only work effectively if ISPs put in a number of checks.

“History shows that mistakes are often made,” wrote Clayton.

“I have some first-hand experience of this, my report refers to how I helped the police track down a series of traceability mistakes that were made in a 2006 murder case.”

In the report, Clayton details his work with the Crown Prosecution Service and ISPs to identify eight IP as part of a 2009 murder investigation. Errors in the way the ISP recorded IP addresses initially meant that only four of the eight could be identified.

“It is my view that the types of errors... are widespread,” the report stated.

Last month, the government revealed plans to make consumers charged with breaching copyright through online file-sharing pay Ł20 upfront to appeal under the DEA.

“My report also explains the difficulties – in many cases the insuperable difficulties – that the account holder will have in determining the individual who was responsible to the P2P activity,” said Clayton.

“Sadly, there’s been no sign so far that this sort of criticism will derail the DEA juggernaut.”
http://www.v3.co.uk/v3-uk/news/21952...hnical-grounds





France Will Cut Funding to its Piracy Police
Robert Andrews

France’s new culture minister is not yet promising to disband the country’s internet piracy enforcement agency, Hadopi. But she already is already planning to cut its budget and to dissuade it from kicking people off the internet.

Aurélie Filippetti has commissioned former Canal+ pay-TV CEO Pierre Lescure to lead a wide-ranging and overdue review to update Act II of France’s so-called “cultural exception” – a set of rules for protecting Francophone culture – for the digital age, including the role of Hadopi.

Geeks are reading indications by the new Francois Hollande government as suggesting an axe for the agency, which was formed in October 2012 to send warning letters to ISP subscribers deemed to by rightsholders to be downloading content without authorisation.

Filipetti, in an interview with La Nouvelle Observateur, only goes as far as promising to underfund Hadopi:

“I do not know what will become of this institution, but one thing is clear: Hadopi has not fulfilled its mission of developing legal content offerings.

“In financial terms, €12 million a year and 60 officers, it’s expensive to send a million e-mails.

“Finally, the suspension of internet access seems a disproportionate sanction against the goal. But all this will be considered by the Lescure mission.

“Meanwhile, as part of budgetary efforts, I will ask that Hadopi’s costs are greatly reduced for 2012. I prefer to cut funding for things whose utility is not proven. I will announce in September the details of these budget decisions.

“I cannot decide on the findings of a mission that just started. All stakeholders will be met and will share their views. It is essential to go beyond the framework of Hadopi and consider all mechanisms to adapt to the digital age.”

Filipetti’s views put her in line with Europe’s digital agenda commissioner Neelie Kroes, who is trying to smoothe content licensing regimes to create more legal digital content offerings across the continent and who recently urged French citizens to submit to Lescure’s consultation:

“Combating piracy is not done only by coercive measures. You are all, in fact, aware that I am not a fan of measures that punish individuals or families by cutting off internet access.

“The best way to combat piracy is to encourage the legal supply to satisfy the legitimate expectations of users. . So we must be very ambitious when it comes to creating a regulatory framework that promotes the development of legal offers online.”

Beside Kroes’ efforts, France’s cultural exception update is likely to reduce VAT on digital goods in line with the favourable rates applied to physical cultural products.

France’s Hadopi public agency, created to administer sending of warnings to alleged freeloaders, sent 755,015 first warnings to ISP subscribers in its first 14 months of operation.

Lescure’s review mimics a 2011 report that recommended updating the UK’s intellectual property laws for the digital age.
http://paidcontent.org/2012/08/03/fr...piracy-police/





New 'Chirp' App: Super Fast File-Sharing Service
Carlo Orlando

A new Apple iOS app that transmits data via "virtual birdsong" is making file sharing between smart devices easier than ever. "Chirp" is the brainchild of Animal Systems, a company started by researchers in the Computer Science Department at the University College of London.

Essentially, the app emits a two-second noise that sounds as if it were made by a robotic bird. The noise indicates that an instant download is being received from a trusted source.

App Uses Sound to Transfer Data

To send a chirp, an individual simply activates the app from their smartphone and selects the desired recipients.

Next, the user chooses a file to send (a stored file or even a newly-taken photograph taken) and pushes a big yellow button. The chirp is instantly sent out to a worldwide audience.

The ability of the recipient to push his or her own big yellow button and forward the received file to a new list of contacts makes Chirp the fastest way possible for a file to go viral.

The data itself does not travel via the sound. Rather, the chirp contains two proprietary protocols (an audio protocol and a network protocol).

Basically, the app first uploads the content to the cloud, then creates a unique code for the content and converts that code into sound. The sound is received by the recipient's app, which decodes it. (Source: computerworld.com)

Another feature: users can start a chirp offline. The next time the device connects to the Internet, the content begins to download automatically.
Blacklist Keeps Trouble Away

Some observers have compared Chirp to a similar app called Color, which enabled strangers to share photos. By simply activating the app, pictures taken by User # 1 could simply appear on User # 2's screen, along with nearly every other picture User # 1 had ever taken using Color.

Criticisms quickly flooded in, citing fears of privacy violations and snooping.

But Chirp is different than Color because Animal Systems subscribes to a "blacklist" service that prevents transmittal of known illicit or illegal websites. As a result, all files sent with Chirp come from reputable sources.

Currently, Chirp is available for iOS only, but observers expect an Android version in the near future.
http://www.infopackets.com/news/busi...ng_service.htm





Demonoid Starts Redirecting to Ads and Malware
enigmax

It’s been nearly a week since Demonoid went down following a huge DDoS attack and still there is no sign that the site will return. If anything, the situation has worsened somewhat. The site’s main domain is now redirecting straight to an ad network serving up malware to unsuspecting visitors.

Demonoid is one of the world’s largest and longest standing sites that not only indexes torrents, but also operates its own tracker.

Although the site has a reasonable uptime record, there have been a few occasions where it has not only gone down, but has disappeared completely. We are currently in one of those periods.

Last week the latest of Demonoid’s difficulties turned out to be caused by a massive DDoS attack which initially crippled the site and then took it completely offine. But while DDoS attacks usually stop after a point has been made or the attackers get bored, the Demonoid admin explained that he had more on his mind.

“There might have been an attack from another angle, an exploit of sorts, but it’s hard to tell right now without a full check of everything,” he told TorrentFreak.

What that attack is, or was, remains unclear, but today even more problems are becoming apparent. On July 1 and then again today Aug 2, the domain entries for Demonoid.me were updated and now the URL is redirecting to straight to adverts. Unfortunately – and we presume this is something Demonoid’s admin would be completely against – some of those adverts contain a virus and other malware.

This particular one is redirecting to a variation of the 52664.bestfastget.com domain, a site with a particularly low trust rating.

Today, TorrentFreak contacted Demonoid’s admin to ask about the current situation but we are yet to receive a response. That said, we are not overly optimistic about the site’s health and future prospects.

To begin, while Demonoid’s admin told us that he would eventually bring the site back online, he clearly has other things on his mind. A really important family event puts a torrent site nowhere near the top of his priorities.

Also, the site redirecting to ads, without so much as a “Demonoid is down for maintenance” homepage, is not a good sign either – particularly when those ads serve up malware.

Next, Demonoid has been experiencing staffing issues this year. As we mentioned in an earlier article, there were rumors that one or maybe more Demonoid staffers had been questioned by authorities about their involvement in the site. Details are scarce, but according to sources pressure may have been mounting for some time.

Readers of our earlier article detailing IFPI’s anti-piracy strategy will recall that the music industry group said it had taken “strategic action” against Demonoid. Although its exact nature is unknown (and presumably wouldn’t extend to a DDoS), legal and/or political pressure is almost guaranteed.

It is also worth noting that pressure on file-sharing sites ratcheted up several levels in January and February this year following the raids on Megaupload. BTjunkie decided to throw in the towel and the uncertainty spread to several other sites, including Demonoid.

For now we’ll just have to wait, but it wouldn’t come as a shock if Demonoid remained down for months. Equally, and this is a distinct possibility given all the variables, don’t be surprised if its doors stay closed for good.

Update: Demonoid’s admin just told us that the redirection was put in place to avoid mounting bandwidth bills caused by the DDoS.
https://torrentfreak.com/demonoid-st...alware-120802/





GameStop Looking Into Reselling Digital Content
Eddie Makuch

CEO Paul Raines says specialty retailer has talked with startups about secondhand downloadable goods, describes market as "not a meaningful business yet."

GameStop already has a solid footing in the boxed used games business, but as the industry trends toward digital, the chain is considering ways it could resell downloadable games. Speaking to GameSpot from the retailer's refurbishment center in Grapevine, Texas, this week, GameStop CEO Paul Raines said the firm is looking into digital secondhand sales.

"It’s very interesting," he said. "There are some technologies out there in Europe, and we’ve looked at a couple that are involved. We’re interested; it’s not a meaningful business yet. Right now we’re not seeing that as a huge market, but I think we’re on the leading edge. There are a few companies, a few startups, out there that we’ve talked to that are doing this."

Raines declined to identify those outfits, saying, "No, we wouldn’t want to disclose that and have our competitors rushing in."

Earlier this month, a European court ruled that the secondhand sale of software was protected, making it so producers can no longer prevent users from reselling licenses.

GameStop's boxed secondhand game business is a major unit for the company. For fiscal 2011, GameStop recorded $2.62 billion in revenue from this sector, 27.4 percent of its total revenues.
http://au.gamespot.com/news/gamestop...ontent-6388559





Anonymous Dumps Australian Telco Data Online
Luke Hopewell

After the threats, admissions and delays, hacktivists protesting the data retention scheme proposed by the Federal Government’s National Security Inquiry have begun dumping data gleaned from an Australian telco — presumably AAPT.

So far, the dump looks to be as large as we were promised: 40GB of customer data. Sources leaking the data say that there are over 600 tables of customer information set to be published, and after looking at the first few, it looks to be all business account information.

Update: Looks like this leak isn’t going to be the full 40GB we were promised. Sources are reporting that this is only a partial leak. So far we’ve seen the records of government and business customers leaked.

The drama began when hackers claiming to represent Anonymous began acting out on the Twitter hashtag intended for questions for Prime Minister Julia Gillard to answer during her first Google Plus Hangout.

The hackers wanted the Prime Minister to address their concerns regarding a plan proposed by Attorney-General Nicola Roxon floated two years ago that would force ISPs to retain customer browsing data for a period of two years. The data would presumably be used in law enforcement and cyber-security cases should they ever arise.

Roxon was only in initial talks with ISPs over the scheme when the story broke in 2010, but the plan reared its head once again last month when the Parliamentary Joint Committee on Intelligence and Security announced it would be investigating proposed changes to several key pieces of intelligence gathering legislation. Part of these proposed changes included the now-notorious data retention scheme.

Concerned members of the public were asked to contribute to the inquiry, but Anonymous instead decided to protest the proposed changes, rather than sit down for a chat.

Hackers representing Anonymous under the guise of Operation Australia hacked 10 Queensland government websites as a warm-up, saying that it was in protest of the state government tracking its citizens. Following the initial attack and defacement of the state’s online government property, we brought you the news that the hackers had put the local telco scene on notice.

A representative of the group said that it would soon hack and expose the customer records of a national telecommunications provider or ISP to demonstrate that data held by a telco as it would be under the data retention scheme can be breached and exposed online.

A day passed with no word, before the group hinted that the organisation it had breached was in fact AAPT.

Hours later, AAPT’s CEO David Yuile came forward with a statement, saying that one of its servers housed at Melbourne IT had been breached, and the loss of historic customer records had occurred. An investigation kicked off into the breach, but at no time did the telco say that the breach was the work of Anonymous.

Skip ahead to now, and Anonymous is in the process of dumping government and business customer data onto Pastebin for the world to see. This episode is far from over, however. We’re likely to see more data trickle out over the coming days.
http://www.gizmodo.com.au/2012/07/an...o-data-online/





Windows 8 Leaked Onto Various File Sharing Sites
Zach Walton

Windows 8 has gone gold and that means OEMs are starting to get the final version of the operating system. It won’t be going out to consumers until October 26 so manufacturers and developers have a few months to get everything in order and up to speed with the launch version. If you don’t feel like waiting though, a new avenue has been made available thanks to a leak.

The full version of Windows 8 that was shipped to OEMs on Wednesday has already been leaked onto various file sharing sites. If you’re thinking, “That didn’t take long,” you’re not alone. On the other hand, I’m surprised it took even a day for it to leak. New operating systems and software can sometimes show up days before they even go gold.

As for the leak itself, it’s obvious that one of the OEM partners who received the OS leaked it. I’m sure Microsoft is conducting their own internal investigation. I would hate to be the OEM partner who hired the guy responsible for the leak.

So if you decide to track down a copy of this illegal copy of Windows 8, know that you are getting the “N” version of the OS. Thanks to a ruling from the European Union, Microsoft must offer a version of Windows that does not come with Windows Media Player. So if you want to try out the full version of Windows 8, you’re going to have to do so without Windows Media Player.

If you’re a developer just itching to get into Windows 8, you only have to wait a few more days to get your hands on it legally. Microsoft announced that MSDN developers will be getting their hands on the OS starting August 15. Everybody else is going to have to wait until the actual launch date or however long it takes them to download it via their favorite torrent tracker.

Since this is a leak and is looked on as being illegal, expect no official support from Microsoft if things go awry. You should also expect Microsoft to do some terrible things to your installation if they find that you’re using a leaked copy. The company is pretty strict when it comes to piracy and shutting down your Microsoft account, which is required for much of Windows 8, would not be beyond their means.
http://www.webpronews.com/windows-8-...-sites-2012-08





How To: Make Leaked Windows 8 Enterprise N Bootable ISO Media And Working. Easy Steps! #TPB #Anonymous

Get Leaked Windows 8 Enterprise : http://tinyurl.com/d5vgrsp
Get UltraISO : http://tinyurl.com/cupv4ud
Take a 8102/8250/8400 ISO
Open it in UltraISO
Delete all content
Add whole Enterprise N folder
Click save
Have fun!!!

NOTE: This is original files NON-boot DVD M$ distributive.
"ENTERPRISE-N" version Windows 8 not include Windows Media Player.

With love Yarrr!
@57UN

http://www.twitlonger.com/show/ilg0hq





Windows 8 Leaked to File-Sharing Sites - Does It Matter?
Mark Hachman

A version of Microsoft’s upcoming Windows 8 operating system has been published to the Web, but there are several reasons that potential pirates may not be able take full advantage of the leak.

A “non-boot” version of Windows 8 Enterprise-N appeared on The Pirate Bay, a notorious site for sharing copyrighted software and other works, as well as other sites on the Web.

Members or supporters of The Pirate Bay also posted instructions on how to get the uploaded software into an .ISO format, which could be burned to optical media.

Windows 8 - Two Weeks Early

Microsoft representatives didn’t immediately confirm the leak, which occurred a day after Windows 8 was released to manufacturing (RTM). The first day that users - in this case, developers - should have had access to it was Aug. 15, when the final “RTM” builds become available to Microsoft Developer Network (MSDN) or Technet subscribers. The Enterprise-N version lacks Windows Media Player, a concession to the European Union which ordered Microsoft to strip out the utility to allow other media player vendors to compete fairly.

Commenters to The Pirate Bay confirmed that they could get the software up and running, although various error messages were reported and the software was reportedly “slow as hell to download,” in the words of one.

A Semi-Legitimate Use?

Although the version of Windows 8 on the file-sharing seems clearly intended for software pirates, there might be one semi-legitimate use for it: as “backup media” in case of a problem with a user’s machine. Although Microsoft provides the option for users to buy Windows 8 on a physical disc, the days of “recovery discs” are long gone. So far, Microsoft hasn’t published (or widely published, at least) the locations for .ISO versions of Windows 8. With Windows 7, those files and how to find legitimate copies of them are more widely known.

But the Windows 8 (and Windows 7) .ISO file is just one piece of the puzzle. Without a corresponding license key, Windows 8 may just run in trial mode. Eventually - exactly how long isn’t yet clear - that trial mode should expire, and the pirate will likely be back to square one.

With Windows 7, Microsoft allowed users of the Windows 7 consumer versions 30 days to enter a valid license key. But enterprise users were offered a < href=“http://technet.microsoft.com/en-us/evalcenter/cc442495.aspx”>90-day trial. However, enterprise users still were forced to enter a valid license key before a 10-day period had expired. At the end of the 10 days, Windows 7 would automatically reboot every hour. The same thing would happen at the end of the 90-day trial.

Microsoft hasn’t said how long the RTM version of Windows 8 will operate without a valid license key, however.

Microsoft Fights Piracy

Microsoft has worked diligently to cut back on piracy, including suing Chinese resellers and engaging in various technical methods to block pirates. For example, ExtremeTech noted last year that generic volume license keys that pirates exploited wouldn’t be so easily accessible; instead, the installer will ping a Microsoft Web page for the unique key. (The preview version of Windows 8 used a standard, published key, but that’s different.)

The bottom line? Owning a valid copy of the software is one thing, but holding a valid license is quite another. That’s not to say a working “keygen” license key generator to create those licenses won’t be eventually be developed and released; a Google search of The Pirate Bay site finds several files that at least claim to be working Windows 7 keygens. But until then, all a potential Windows 8 pirate can claim is access to a potentially dodgy piece of software. They’d probably be better off running the free preview version.
http://www.readwriteweb.com/enterpri...-it-matter.php





German Student Defies Google Cease-and-Desist with 1 Million Signatures
Fruzsina Eördögh

Google is determined to take down Youtube-mp3.org, a site that rips downloadable mp3 files from streaming YouTube videos. Philip Matesanz, the site's 21-year-old owner, has collected 1.2 million signatures in protest against the action. Will his petition move the search giant?

Matesanz, a German citizen, lodged the petition through Change.org last month after Google sent him a cease-and-desist order claiming that Youtube-mp3.org violated YouTube's terms of service. Since then, Matesanz has collected 1.2 million signatures from all over the world, making his petition one of Change.org's five most-signed petitions. (The speed with which Matesanz gathered the signatures isn't so surprising, considering that his site gets 1.3 million visits a day on average.) Matesanz plans to deliver the signatures in person.

Matesanz and his lawyers argue that, since Youtube-mp3.org does not use YouTube’s application programming interface, it does not violate YouTube’s terms of service. In addition, the petition cites a legal precedent for the kinds of copies Youtube-mp3.org makes and distributes. YouTube is like a broadcaster, it maintains, and “for decades people were allowed to take a private copy of a public broadcast,” recording songs off the air for their own use.

Will Google listen to Matesanz and his million supporters? Not likely. Google has to answer to major corporations such as Viacom, which do not appreciate unauthorized copying of their material, especially through the Internet.
http://www.readwriteweb.com/archives...signatures.php





Craigslist Lurches to Defend its Decrepit Empire
Taylor Hatmaker

Craigslist, often portrayed as sleeping giant among the Web's most trafficked sites, has stirred in recent weeks - and it isn't happy. Everyone's favorite place to hunt down an apartment or unload a musty sofa hasn't been left in the dust. Rather, it has set up camp there with a coterie of lawyers and a stubborn streak that punishes the users it claims to have at heart.

First the online listings king began slinging legal threats at third-party developers building onto its data. Then it quietly slid out a job posting looking for UI developers. And now Craigslist has radically redrafted its terms of use, claiming exclusive rights to any content posted on the site. So what the heck is going on, exactly?

First, a brief history lesson, made all the more brief by the fact that Craigslist has hardly changed over the past 17 years. Craig Newmark founded the online listings directory back in 1995. There you have it! Craigslist is the ninth most visited website in the United States, according to Web ranking site Alexa, and the only one in the top 10 with a load time classified as “very fast” (.537 seconds) thanks to its skeletal design. In a Web chock full of widgets, social buttons, popover ads, and other browser confetti, is it such a bad thing that Craigslist refuses to evolve?

Padmapper's Craigslist Update

Craigslist issued a cease-and-desist order to a small company called Padmapper in June. An MIT grad named Eric DeMenthon had hacked together a service in 2008 to make apartment hunting easier for himself and his friends. “A lot of times, we'd get to the bottom of a listing and see that it was in the wrong place, and we'd have to give up," he says. "What became Padmapper was to help us sift through things" by scooping up listings from Craigslist’s considerable database and draping them over Google Maps.

"I think [Craigslist] is really good for a lot of things. I think they made a lot of good decisions in terms of finding other stuff, when location is not the most important thing. By keeping it so simple, they've made it easy to make it extremely fast - it's one of the fastest sites on the Web, probably, " DeMenthon says. "It's just a trade-off. But for certain things like apartments, it's not so good.”

Padmapper is how Craigslist housing listings should work. But as it stands, Craigslist's housing listings are just like its other painful-to-navigate sections: a bare wall of links with a general location in parentheses on the index page. if you’re lucky, the listings are accompanied by images, but you have to click through to see them. There's no Ajax or Javascript magic - this is the vestigial Web circa 1995. Padmapper effectively wrestles Craigslist into a time machine, adding the kind of UI features, like filters and bookmarking, that Web users have come to expect. In doing so, DeMenthon's service makes Craigslist practical for millions of users, who are driven back to Craigslist through Padmapper's geo-search interface.

Padmapper Rises Again, Thanks to 3taps

Padmapper is a high-profile target of Craigslist’s curmudgeonly ire, but it isn’t the first to suffer such a fate. Over the years, the creaky classified-ad elder has crushed a number of would-be innovators hoping to improve on its interface or put its vast trove of data to better, more user-friendly use. Craigslist claims that its defensive action prevents third parties from putting a strain on its servers.

After the cease-and-desist, in a June 22 blog post, DeMenthon announced that he would yank all Craigslist data from Padmapper - and effectively cripple his own service - until he could cook up a workaround. Then, on July 9, he announced that Craigslist data would trickle back into Padmapper, this time powered by 3taps, a service that accesses Craigslist data indirectly through search and therefore dodges Craigslist’s terms of use.

Craigslist's Radical New Terms of Use

The center of 3taps' loophole is that Craigslist can’t copyright the details found in an apartment listing, such as the price, location and specifics of a property. But Craigslist is back on the attack, tweaking its terms of use to head off this strategy at the pass - though it remains to be seen if such an all-encompassing copyright claim can stand. Now, before posting any listing, users must agree to the following:

“Clicking “Continue” confirms that craigslist is the exclusive licensee of this content, with the exclusive right to enforce copyrights against anyone copying, republishing, distributing or preparing derivative works without its consent.”

3taps founder Greg Kidd stands by his guns in the face of Craigslist’s parry. “No Terms of Use can ride roughshod over the fact that there is no copyright in facts,” Kidd says. “Padmapper's use of exchange posting is not infringing use. It is fair use or free use... of public facts."

Kidd finds the implications of Craigslist's claim as disturbing as they are far-reaching. “We think PadMapper is just one (obviously very visible case) of a whole class of use case conflicts if this stands,” he says. “As we read it, a posting retweeted via Twitter is going to be just as problematic as one through PadMapper.”

The Future of Craigslist: Reading the Tea Leaves

"Innovate or die" is the rule for businesses on the Web - well, for businesses that aren’t Craigslist. The site has a fierce commitment to what it describes as an “unusually philanthropic company mission and philosophy,” but its users pay the price of its resistance to change. Craigslist provides a free service to people the world over, but if the site truly had users at heart, it would focus on improving the experience, not just maintaining a stagnant monopoly. A 2009 profile on Newmark in Wired paints Craigslist as a stubborn thought experiment that "scorns advertising, refuses investment, ignores design, and does not innovate," in which the "ambiance of neglect is not a way to extract more profit but the expression of a worldview." Three years later, that portrayal still resonates.

Craigslist may have the sparse, mid-1990s look of a wiki or a forum, but its attitude is exactly counter to the spirit of the open Web. Just agreeing to open a dialogue with comparatively microscopic third parties like Padmapper would be a step forward. As it stands, stonewalling small developers and flinging legal threats makes it clearer than ever that Craigslist needs to evolve. The site's intentions might be pure, but inferring that is getting harder than ever.

Craigslist is tight-lipped when it comes to commenting on its recent legal action. (The company refused our request for comment.) But a help-wanted listing for programmers and front-end/UI/UX developers that Craigslist posted on its own site might offer clues to the company's plans - and maybe even a glimmer of hope. According to the call out, posted July 10, the company is seeking new talent to "imagine, design, code, and release next generation features," "integrate new technologies wherever appropriate" and - can I hear an amen? - "improve the craigslist user experience." The effort might be too little, too late, but it sounds like the Web's best-trafficked separatist community might be ready to lay down arms and join the 21st century.
http://www.readwriteweb.com/archives...pit-empire.php





Olympics Fans Find Ways to Circumvent NBC's Online Control
Liana B. Baker and Yinka Adegoke

It took Jason Legate, a Walnut Creek, California-resident, all of 10 minutes to connect his computer to a London-based server and access BBC's coverage of the Olympics Saturday, thereby circumventing NBC's lock on coverage in the United States.

The 31-year-old system administrator said he has watched at least 12 hours of live BBC coverage (his favorite sport so far - judo) since he set up a virtual private network (VPN) connection to send all his Internet traffic to a server in London.

Legate is one of many viewers who, turned off by NBC's ironclad control of access to Olympics coverage in the United States and spotty online streaming, has resorted to a workaround--sometimes legal, sometimes not--to watch the Games when and how they want on feeds from countries such as the UK and Canada.

NBC, which spent $1.18 billion for the rights to broadcast the Olympics on the Internet and on television in the United States, has made it impossible for people without a pricey cable or satellite subscription to watch the Olympics live in the United States. Viewers can receive a complimentary four hours of live content with a temporary pass.

Only those customers who are first "authenticated" as paying cable or satellite subscribers have access to live streaming of every Olympic event, a move that has led to a explosion of anger at the network on Twitter under the unofficial "#NBCfail" hashtag.

Other complaints included NBC streaming that didn't work and the network bombarded viewers had too much advertising.

For its regular network coverage, NBC, which is owned by cable giant Comcast Corp, has tape-delayed some of the most popular sports for the U.S. prime-time audience, meaning they air nearly five to six hours after they have happened.

This helps NBC maximize its return-on-investment by saving the top events for the largest audience and thereby the biggest advertising pay-off. But it has also led to event spoilers and criticism that the network was putting the interests of its business over those of its viewers.

The tape delay and some glitches in the coverage fueled wider criticism of NBC. But NBC spokesman Chris McCloskey, who declined to comment on the matter, pointed to the 7 million live streams, which was a record on the first day of competition. The company is making every event available live online -- except the opening and closing ceremonies.

Enter a small but vocal group of tech savvy Olympics fans who are finding new ways to watch the world's biggest sports event away from their TV sets.

These fans use techniques that make it seem like their computers are located outside the United States, giving them access to streaming access to the Games held by companies other than NBC in countries such as Canada or the UK. Think of it as a sporting version of how Internet users in China access banned websites by routing traffic through servers in Hong Kong in order to fool government censors.

"Because all of my Internet traffic looks like it's coming from that box in England, the BBC thinks I'm located in England," Legate said of the workaround he utilizes.

Like NBC in the United States, the BBC's Olympic rights only allow it to show the games to users in the UK. For example, when from the United States to watch a BBC or CTV stream for example they are greeted with various messages telling them that they don't have access.

Legate still pays for cable service through his local provider Astound, but said he decided to boycott NBC after he was unable to find a live broadcast of the opening ceremonies last Friday. He was also miffed by comments made by an NBC spokesman to the LA Times on Friday about the opening ceremony not translating well online because it is "complex" and requires context for a U.S. audience.

"To me, it just felt like they were insulting everyone so I basically decided to boycott NBC for the duration of the games, which meant I had to find an alternative," he said.

Legate said he has set up the same connection for a friend who wanted to watch dressage, an equestrian event that she could not find on NBC.

People who are finding ways to circumvent NBC's restrictions seem to be spreading the word to friends, like New York City journalist Kate Gardiner, who sent out a public service announcement message on Twitter last weekend to urge her followers to use a service called TunnelBear.

The 26-year-old has been using the service to keep up with live swimming broadcasts even though she does not own a television.

TunnelBear is a VPN service that sends a user's Internet connection to different countries, so in Gardiner's case it appears her computer is based in London. The decision to avoid NBC was easy for her since she's one of the millions of U.S. residents without a cable subscription.

"I'm not going to buy a cable subscription to spend three weeks watching Olympics coverage. It's not going to happen," she said.

So far it is unclear whether NBC would take on the task of blocking or suing services like TunnelBear or StreamVia, a similar workaround. Typically, NBC has left it to the International Olympic Committee (IOC)to police the piracy of the games' TV rights.

NBC Sports spokesman McCloskey said the company never comments on issues involving security.

The workarounds--as well as the outrage--so far seem to be having no effect on TV rating for the Olympics. NBC has pointed to record-breaking success through the first three days of the games, with more than 36 million average viewers, including more than 40 million people watching the opening ceremony.

But while these fledgling services may seem popular on Twitter and blogs, many people could be turned off by them because they involve several steps that may be too advanced for a casual Internet user and can cost money, said City University of New York journalism professor Jeff Jarvis, who has tested them out. After 500 megabytes of streaming video, users need pay for a $5 subscription on TunnelBear, for example.

"While TunnelBear is easier than some services, you've got to geek out and you've got pay," Jarvis said, adding that the number of people using these services is a fraction of those tuning into NBC.

Jarvis said people circumventing NBC don't pose a threat and they are just consumers trying to make a point.

"It says 'Hey, we can go around you,' and the lesson there is, if you think you can control communication, content and culture around borders, it is going to be become increasingly difficult," he said.

(Reporting By Liana B. Baker in New York; Editing by Peter Lauria and Leslie Gevirtz)
http://www.reuters.com/article/2012/...86U02R20120731





How to Watch the Olympics, Live, from the United States

There has been a lot of frustration about NBC’s questionable coverage of the Olympics.

John Gilmore once said, “The Net interprets censorship as damage and routes around it.” If you’d like to watch the Olympics live from the United States, you can easily proxy through to a server in London and watch the games.

1. Signup up for a Linode account. After you enter your credit card information and select a Linode server, you’ll be asked where you’d like to boot the server. Its important that you select London, UK during this step so that you get an IP address from inside of London. You’ll need this to access the BBC streaming website, otherwise you’ll be blocked.

2. Once the server is setup and running in Linode, you’ll create an SSH tunnel to the box. From Terminal on your local machine, run ssh -C -D 8080 root@<your-linode-ip-address>

3. Finally, you’ll configure a SOCKS proxy on your browser to point to 127.0.0.1 8080, which is where the SSH tunnel that you just opened is listening.

SOCKS configuration from the Mac Network Preferences dialog

On a Mac, this menu is accessible if you click on “System Preferences”, “Network”, “Advanced”, “Proxy”

4. Finally, head to http://www.bbc.co.uk/iplayer/tv/bbc_...ndon/watchlive and you should be able to watch a live stream of the games!

The stream is pretty reliable, smooth, and looks great when I stream in from my OS X 10.8 MacBook Air to my 720i Apple TV! Enjoy!

Full disclosure - The “Signup up for a Linode account” link includes my referral code. Does anybody know how I can turn this into a donation towards the EFF or some other organization against censorship?
http://bearsfightingbears.com/how-to...-united-states





Don't Tweet if You Want TV, London Fans Told
Avril Ormsby and Paul Sandle

Sports fans attending the London Olympics were told on Sunday to avoid non-urgent text messages and tweets during events because overloading of data networks was affecting television coverage.

Commentators on Saturday's men's cycling road race were unable to tell viewers how far the leaders were ahead of the chasing pack because data could not get through from the GPS satellite navigation system travelling with the cyclists.

It was particularly annoying for British viewers, who had tuned in hoping to see a medal for sprint king Mark Cavendish.

Many inadvertently made matters worse by venting their anger on Twitter at the lack of information.

An International Olympic Committee spokesman said the network problem had been caused by the messages sent by the hundreds of thousands of fans who lined the streets to cheer on the British team.

"Of course, if you want to send something, we are not going to say 'Don't, you can't do it', and we would certainly never prevent people," he said. "It's just - if it's not an urgent, urgent one, please kind of take it easy."

Other events due to take place on London's roads include the men's and women's marathon and triathlon.

An explosion in the use of mobile phones to access the Internet and take and send photos and video has made London 2012 the first true "social media Games", but also put pressure on the networks. The host broadcaster, the BBC, is enabling fans to see many events live on their smartphones.

Mobile operators and infrastructure companies had said they expected to be able to meet the extra demand.

The IOC spokesman said it appeared the problem lay with oversubscription on one particular network, and talks had taken place in an attempt to share more of the data. "It's a network issue, and it is that which we are working on," he said.

Official 2012 Olympic communications services provider BT, Vodafone and O2, owned by Spain's Telefonica, said they had not seen any network problems.

BT says it has provided four times the network capacity of the 2008 Beijing Games to meet the increased demand, laying enough cable to stretch between London and New York.

O2, subcontracted by BT to provide mobile services within the Olympic Village, suffered a glitch this month when a third of its customers were hit by a 24-hour network failure.

Steven Hartley at Ovum Telecoms Strategy said at the time that, while mobile capacity was being upgraded at transport and crowd hotspots, spikes in demand at peripheral sites could prove disastrous.

Television coverage is in the hands of the Olympic Broadcasting Services, created by the IOC to ensure uniform coverage at all Games.

The IOC spokesman conceded that asking people not to send messages at key moments "may not have an awful lot of effect".

(This version of the story makes it clear that BT, not Vodafone, is official Olympic provider in paragraph 11)

(Editing by Kevin Liffey)
http://www.reuters.com/article/2012/...86S0OB20120729





What’s Trending on Twitter? Itself, After an Ill-Thought-Out Suspension
Christine Haughney

Guy Adams the Los Angeles correspondent for The Independent, shown at the 2010 Oscars. He posted the work e-mail address Gary Zenkel, an NBC executive.Guy Adams the Los Angeles correspondent for The Independent, shown at the 2010 Oscars. He posted the work e-mail address Gary Zenkel, an NBC executive.

Twitter has become the default forum for people when they have a complaint. Even when that complaint is about Twitter.

The company found itself at the center of a firestorm when on Sunday it suspended the account of Guy Adams, a British newspaper reporter for The Independent, after he posted complaints about NBC’s tape-delayed Olympics coverage. His posts included the e-mail address of Gary Zenkel, the head of NBC Olympics.

On Tuesday, both Twitter and NBC backpedaled. While Twitter officials stress that the company generally does not monitor content, Alexander Macgillivray, Twitter’s general counsel, said in a statement on Tuesday that Twitter “did proactively identify a Tweet that was in violation of the Twitter rules and encouraged them” — NBC — “to file a support ticket with our Trust and Safety team to report the violation.”

Chloe Sladden, vice president for media at Twitter, personally apologized on her Twitter feed for “the oversight.” NBC also issued a statement apologizing for having the reporter’s account suspended. Twitter then reactivated the reporter’s account.

“Our interest was in protecting our executive, not suspending the user from Twitter,” an NBC spokesman said in a statement. “We didn’t initially understand the repercussions of our complaint, but now that we do, we have rescinded it.”

But the initial suspension already put both companies out of favor with many Twitter faithful. Out of solidarity for Mr. Adams, supporters also started posting the e-mail address of Mr. Zenkel, the NBC executive. They paired the hashtags #guyadams with #NBCFail, which has become an all-purpose tag for criticisms of NBC’s coverage.

Some posters called the incident a “watershed moment” for social media and accused Twitter executives of censoring Mr. Adams’s account “to cater to corporate whim.” Others threatened to boycott NBC’s Olympics coverage.

“Thanks to @NBCOlympics behavior wrt @GuyAdams I won’t be watching any more Olympics. Sorry, London,” wrote one follower.

According to Topsy, an analytics and research company that tracks Twitter activity, over the last 24-hour period, there were more than 32,000 mentions of #NBCFail and more than 14,000 mentions of @guyadams.

Twitter has always enjoyed an extraordinary amount of good will from its users in part because it does not require them to sign in under their own names (unlike Facebook) and it allows almost unlimited free speech. The suspension of Mr. Adams’s account seemed like an exception to Twitter rules based on a corporate relationship.

In July, Twitter and NBC announced a partnership to share their Olympics coverage across both of their platforms. NBC would promote Twitter’s Olympic event page through on-air graphics and Twitter would include NBC commentators on its Olympic events page.

Jillian C. York, director for international freedom of expression at the Electronic Frontier Foundation, a civil liberties group, said that the incident was a departure from Twitter’s generally strong reputation as a supporter of free speech.

“Twitter has a pretty strong history in defending free speech. They’ve stood up for users in court. They’ve publicly written about their dedication to free expression,” said Ms. York. “Twitter needs to do more work this time around to make people trust them again.”

The problems started on Friday evening when Mr. Adams, who is based in Los Angeles, started posting on Twitter how frustrated he was that NBC was delaying television coverage until prime time. He wrote, “Am I alone in wondering why NBColympics think its acceptable to pretend this road race is being broadcast live?” As his frustration grew, he filed a post to Twitter that was heard throughout social media.

“The man responsible for NBC pretending the Olympics haven’t started yet is Gary Zenkel. Tell him what u think!” He ended his post with the work e-mail address of Mr. Zenkel. Soon he was retweeted and some angry followers added the hashtag #NBCFAIL.

That’s when Twitter officials abandoned their usual stance and contacted NBC employees they knew through their Olympics partnership. They told them about the post and advised them on how to suspend Mr. Adams’s account. Writing in The Independent, Mr. Adams said he discovered that his account had been suspended “for posting an individual’s private information such as private e-mail address.” But he stressed, “I do not wish Mr. Zenkel any harm.”

In a telephone interview, Mr. Adams said he had about 4,500 followers before he was kicked off Twitter. By Tuesday night, after Twitter reinstated his account, he had 16,300 followers. The attention he gained from being blocked has left his phone ringing nonstop. He has had to disconnect it so his wife, who is due with their second child next week, and his two-year-old can sleep.

He said he will continue to use Twitter for his work.

“Doing a journalist’s job without Twitter these days is nigh impossible. It is an essential tool of my trade,” said Mr. Adams. “I’m now freed. So I can get on with my job, which is far more interesting.”

Nick Bilton contributed reporting from San Francisco.
http://mediadecoder.blogs.nytimes.co...ms-suspension/





Analysis: Why Twitter Apologized Over NBC Olympics Flap
Erin Geiger Smith

The microblogging site Twitter has been so abuzz about NBC's tape-delayed coverage of the Olympics that the #nbcfail hashtag was created last week as a way to consolidate criticism of the network.

This week, when Twitter executives suspended the account of one of NBC's most ardent critics, a Los Angeles-based reporter for The Independent, the twitterverse turned its ire on Twitter, which was quickly forced to apologize for its action.

But Twitter's crisis raised a critical question: Was the public relations nightmare just a problem of street cred with the twitterati or was Twitter's quick apology an attempt to ward off future liability for offensive tweets?

The scandal, such as it was, went like this: On Friday, Guy Adams of The Independent included the corporate email address of an NBC executive in a tweet critical of the network's Olympics coverage. By Monday, Twitter had suspended Adams's account. Twitter said NBC had lodged a complaint about disclosure of the email address and informed Adams he had violated the site's prohibition on publishing private information about someone else. The suspension got so much attention that "Guy Adams" became a worldwide trending topic on, you guessed it, Twitter.

Twitter's real crisis began, though, when NBC disclosed that Twitter actually told NBC about Adams' tweet and suggested the network file a complaint. (Twitter and NBC have a non-financial partnership to curate online content during the Olympics.) By Tuesday, NBC had rescinded its complaint, saying it hadn't understood the repercussions. And Adams was back on Twitter, asking what he'd missed.

Twitter issued a public mea culpa in the form of a blog post by its general counsel, Alex Macgillivray (link.reuters.com/mux79s).

Although Macgillivray defended the company's privacy guidelines, he apologized "for the part of this story that we did mess up."

The Twitter team that tipped off NBC and encouraged the network to file a complaint had acted out of the norm, the post said. Twitter does not "proactively report or remove content on behalf of other users no matter who they are," he wrote, and such behavior "is not acceptable and undermines the trust our users have in us."

As others have noted, Twitter is a private company and can make whatever rules it wants. But to avoid liability for offensive posts, social media companies such as Twitter, as well as blogs and news websites, have to be sure their policies and actions keep them under the big umbrella of protection provided by Section 230 of the Communications Decency Act.

Section 230 says that operators of interactive computer services will not be treated as a publisher of information provided by third parties, such as individual Twitter users.

The law permits sites to monitor, censor or take down content posted by third-party users, said Jeffrey Hermes, a fellow at the Berkman Center for Internet & Society at Harvard University.

But according to Hermes, when the site becomes so involved in the process of third-party posts that it is considered to be "contributing to what is unlawful about the content," it can face liability.

In other words, Section 230 protects Twitter if it merely corrects users' spelling or cuts all tweets down to 120 characters. But if it changes the meaning of a post or compromises its contract with users, the Section 230 shield may not apply.

That is why Macgillivray's post on the Guy Adams/NBC controversy is careful to outline Twitter's policy against meddling with posts, according to both Hermes and Jonathan Sherman, a partner at Boies, Schiller & Flexner.

Sherman said Twitter may have wanted to restate its policy of not actively monitoring tweets or favoring certain users over others to avoid future claims the site promotes a particular viewpoint or permits defamatory speech to be published on the site. He said the NBC-related suspension "is the sort of incident that a litigator will use to say ‘Twitter does this.'"

Hermes pointed to a 2009 decision by the 9th Circuit Court of Appeals, Barnes v. Yahoo, to illustrate the limits of Section 230 protection. In Barnes, the court found that, if Yahoo Inc promised to take down a fake profile created by a woman's former boyfriend, the site could be liable to her for damages.

Twitter General Counsel Macgillivray was on vacation and not immediately available to comment. A Twitter spokeswoman confirmed the events and timeline of the Adams suspension, but said Macgillivray's blog post was the company's only additional comment.

NBC, which is owned by Comcast Corp, declined to comment further.

(Reporting by Erin Geiger Smith; editing by Eddie Evans and Andre Grenon)
http://www.reuters.com/article/2012/...87219M20120803





Americans Drop Pay-TV; Business Matures in Weak Economy
Yinka Adegoke

Stubbornly high U.S. unemployment, a weak housing market combined with a mature business prone to regular programming blackouts has seen more than 400,000 American homes drop their pay-TV service since the start of the year.

DirecTV Group, the No.1 U.S. satellite TV provider, revealed its first ever quarterly customer losses on Thursday, with some 52,000 homes dropping the service in the second quarter. That was more than analysts expected from a company long seen as the best run video provider in the industry.

Also on Thursday, Time Warner Cable Inc, the No.2 cable provider said it lost more subscribers than analysts expected with 169,000 customers leaving the service. While a small per centage of Time Warner Cable company's 12.3 million total customers, this is a 10th straight quarter of customer losses. [ID: n L4E8J22FP]

"Basic video subscriber losses aren't getting better," said Bernstein Research analyst Craig Moffett of Time Warner Cable. He said in a client note that the company had done alright overall but "it is hard to shake the perception of an opportunity lost."

The biggest U.S. TV distributor, Comcast Corp, lost 176,000 video subscribers, which was considered an improvement as the rate of losses was better than recent quarters. Of the big four distributors Dish Network Corp , the other major satellite provider, said it lost just 10,000 subscribers, also considered an improvement.

To be sure the second quarter is traditionally the weakest quarter for customer additions in the pay-TV business as people move homes ahead of the summer and students leave college campuses. Also the newer entrants to the TV market -- Verizon Communications' FiOS TV and AT&T Inc's U-verse -- added 275,000 customers during the quarter.

The numbers usually improve somewhat in the third quarter but the overall trends are ominous for traditional pay-TV distributors.

The maturity of the nearly fifty-year-old cable TV market has raised the stakes leading to more bitter and prolonged battles between distributors and their program maker partners. These disputes now typically end up with customers losing some of their favorite programming for days on end and adds to customer weariness with pay-TV.

DirecTV for example lost 17 channels from MTV and Nickelodeon parent Viacom for 10 days last month. The loss of that many high profile networks for such a long period is bound to have an impact on DirecTV's third quarter results due three months from now.
The steady parade of customer losses has led to speculation that customers are 'cutting the cord' and dropping the expense of paying for TV altogether.

Time Warner Cable Chief Executive Glenn Britt disputed this suggestion saying the numbers "are still quite small."

"We actually think a bigger issue in the market is that there is a group of customers that are in really serious financial shape, they have been out of work for a long time," said Britt.

Time Warner Cable, which added 59,000 Internet subscribers during the quarter, has been emphasizing its growth ambitions with the Internet.

"Our real opportunity for residential growth rests with our high-speed data product," said Time Warner Cable President Rob Marcus. "We have been postulating that that's the case for some time now."

The idea of cord-cutting has gathered steam as several major technology companies have held talks with program makers about putting together TV packages that will be delivered via the Internet. The idea would be to use cheaper, smaller TV packages to attract customers to buy or use their services. So far Google Inc, Intel Corp and Amazon are among those known to have held talks.

Netflix Inc is an example of one company that is already offering such services for streaming to customers on demand. Rather than see Netflix as a rival, Time Warner Cable has been promoting its Internet service as being robust enough to deliver Netflix to customers.

"That is the mindset that informs our marketing efforts," Marcus said.
http://www.reuters.com/article/2012/...8J29MJ20120802





Senator Leahy's Anti-Privacy Gift to Netflix
Nancy Scola

Senator Patrick Leahy is offering a new amendment that would allow Facebook users to automatically share the titles of movies they rent through Netflix. His proposal would weaken a decades-old bill that keeps video rental record private. Guess what? The Vermont Democrat also wrote the old privacy bill, and he seemed to think it was smart public policy as late as the start of this year. Why the flip-flop? It may not be so mysterious in light of Congress' conflicting priorities.

The old Video Privacy Protection Act may have reflected Congress' instinct to protect itself as much as the public. It was 1987, and Washington was consumed with debate over U.S. Supreme Court nominee Robert Bork’s thinking on a Constitutional right to privacy. Bork’s hand-written records from his local Washington, DC, video store were leaked to Michael Dolan, who published a fairly goofy piece in the Washington City Paper on them. “The Bork Tapes,” as the ensuing kerfuffle was called, was in many ways a small-town affair, but the case set Washington on fire. A panicked Congress set out in the special way that it has to solve its own problems.

“If we’re going to tell people, especially people who want to be in any form of public life,” said Leahy 24 years ago this week, “well, if you do, we are going to go all the way back and find out what you checked out at your public library, what you took out on videos or what you watch at night on television programs, then we are in a sorry state.”

The issue wasn’t what Bork had popped into his VCR. Recapping the incident at a hearing this past January, Senator Al Franken described the judge’s predilection for “mysteries and caper films.” It was that no one from Joe Average to high-ranking public officials seemed to be safe from snoops. The Judiciary Committee was split on Bork, but it was “unanimous in its outrage,” the Minnesota Democrat recalled, over the revelation of Bork’s rental records. “The point was that the movies we choose to watch are our business and not anyone else’s,” said Franken.

The problem is that, two dozen years after the Bork Tapes, the movies we chose to watch are exactly someone else’s business. Data on our personal habits drive the digital economy, from Facebook to Google to countless other social-enabled sites. Netflix wants its own targeted fix specifically so it can integrate with Facebook. Never mind the argument made by some that the Video Privacy Protection Act (VPPA) doesn’t apply to streaming video or that Netflix could satisfy the law by giving users a "play-and-share" option. That ambiguity, Netflix’s general counsel has said, creates “a drag on social video innovation that is not present in any other medium.” User accounts for music or books stores didn't exist in pre-iTunes era, but in 2012 what sense does it make that I can tell my Facebook friends what’s on my Spotify or Hulu or Social Reader playlist but can’t easily share what movies that I watched this weekend?

In December, the U.S. House of Representative agreed. The way things stand now, video tape providers can disclose rental records only when the customer gives written disclosure, which must happen each time they’re sought. But under H.R. 2471, consent can be given online and ahead of time, and is considered binding until the user says stop.

“Durable sharing,” as advocates have called it, would be a boon for Netflix. For one thing, it increases the possibility of targeted ads like the ones Spotify displays, which are tailored to the information Facebook knows about the user. For another, there’s simple word of mouth. Netflix is betting on its streaming business, and Facebook is a high-profile venue for promoting its wares, including in places like Latin America and Europe where it is hoping to grow its business.

To opponents, moves to modernize VPPA put privacy at risk. There’s nothing in the bill, for one thing, that limits Netflix to sharing my watching habits with Facebook—or to any other social network, for that matter. For another, our viewing histories might reveal more about us than we’d like others to know. It might be fine for the world to know you just rented The Godfather, Franken said at the hearing. Less comfortable might be sharing the fact that checked out Yoga for Health, Depression, and Gastrointestinal Problems. “Why else,” testified William McGeveren, an associate professor at the University of Minnesota Law School, “did a newspaper reporter think Judge Bork’s rental history might be interesting in the first place?”

But there’s a bigger critique with this bit of lawmaking. It's that Congress is modernizing the country’s video privacy laws in one direction only: Netflix’s. Legislators are not otherwise coping with the new digital economy by, say, clarifying that privacy protections written for the video tape era apply to modern video streaming. And they’re not redefining the personal account information covered by VPPA to cover things like IP addresses.

In fact, some have argued that VPPA’s protections should be expanded, not reduced. Let’s go the other way and cover listening and reading habits, too, McGeveren argued, like California did in October with its Amazon-targeting Reader Privacy Act.

Not long ago, Patrick Leahy seemed to agree with that way of thinking. He opened that January hearing by telling a joke about how privacy comes naturally to Vermonters like him. It’s also perfectly natural, he explained, for companies like Netflix and Facebook to want to increase the flow of user data online. But that doesn’t make it right. Waving his hands in seeming consternation, Leahy raised the idea that “a one-time check off has the effect of an all-time surrender of privacy.”

So what changed in the last seven months? One possibility: Leahy is eager to get tech company support on the much-contested cybersecurity bill he and others have been working on for years. Netflix has been a high-profile backer of VPPA modernization, but there are others: Facebook, Google, Barry Diller’s IAC. The bill stands to benefit any tech company that wants to mine the streaming-plus-social space. Throwing an otherwise non-germane amendment into the cybersecurity mix might be a nice inducement to tech companies to help push the cybersecurity bill through the Senate.

But the video privacy bill is also a test case in Washington’s effort to grapple with digital privacy and consumer choice. Lawmakers, generally, can’t seem to bring themselves to imagine that people are willing to share as much of themselves on Facebook as we regularly demonstrate we’re perfectly willing to do. Congress might not understand social media, but it doesn’t want to kill it. It only wants to figure out the artful public policy that lets the digital economy flourish while upholding very high personal privacy standards. It's not ready to face the possibility that that might not be possible. So, instead, it tweaks laws, responding to its own needs here, responding to the needs of the increasingly vocal tech industry there.

An open question is what actual consumers in the digital age “like” when it comes to privacy. And that’s something that Congress and tech companies would, for now, rather not know.
http://www.readwriteweb.com/archives...to-netflix.php





Google Fiber Is The Most Disruptive Thing The Company's Done Since Gmail
Matt Rosoff

Remember how blown away people were when Gmail launched in 2004?

Google Fiber feels like the same leap of innovation. It's been a long time since we saw anything like this from the search and advertising giant.

Back when Gmail launched, the other free email providers like Hotmail and Yahoo Mail were offering less than 5MB of storage -- that's five megabytes. Google trumped them all with 1GB of free storage. With so much storage, there was no need to trash anything. You could archive it and keep it forever.

Better yet, Gmail's search meant you could easily find any email you wanted, even from years ago. There was no reason to put things into different folders, use flags, or any of the other tricks we used to keep track of mail on other platforms. Threaded conversations, while hated by some, were nonetheless a new and innovative way of keeping track of email chains with multiple parties.

Gmail also paved the way for Google's gradual move into business apps -- most Google enterprise sales still lead with Gmail. Apps is more of a nice but not entirely necessary add-on.

Google Fiber is like Gmail on many levels:

• It exposes how slow the incumbents have been to innovate. Google Fiber makes the cable-based ISPs look pathetic. It promises to offer speeds up to 1,000Mbps downstream and upstream, for only $70 a month. That's theoretically fast enough to download a high-definition movie in under a minute, although speeds could still be constrained by bottlenecks on the distribution servers or elsewhere in the network. Comcast's best home package offers 50Mbps downstream and 10Mbps downstream. All Google Fiber customers also get 1TB of free storage. If they buy TV service for an extra $50 a month, Google will throw in a $200 Nexus 7 tablet to be used as a remote control. Google is also giving away -- for free -- a package that offers 5Mbps downstream and 1Mbps upstream. Google even thumbed its nose at the incumbents with a slide showing how slowly Internet access speed has been growing compared with compute power and storage (see above) -- which is exactly what one would expect to happen given the lack of competition most broadband ISPs face in most parts of the country.

• Google used its hardware expertise. Google was able to get prices so low, in part, because it designed and built all the hardware for the system itself. This is a good reminder that although Google wasn't a consumer electronics company until recently, Google has actually been designing hardware for its data centers for more than a decade. It was this data center efficiency that allowed Gmail to offer way more free storage than competitors back in 2004.

• It paves the way for new business areas. For Google, the main business purpose of Fiber is to give people faster Internet access, so they'll spend more time online -- where they're more likely to use a Google product and click a Google-sold ad. But just like Gmail unlocked an enterprise business, Fiber could unlock a whole new business as an ISP and TV provider. This isn't a loss leader -- Google CFO Patrick Pichette said yesterday that Google intends to make money on it.

This is what Google products used to be like before they started chasing Facebook with one social experiment after another.

It had been a long time since Google blew me away with any of their new. Yesterday, they did.

Now, we just need Google to roll out Fiber to the rest of the country.
http://www.businessinsider.com/googl...e-gmail-2012-7





Prepaid Cellphones Are Cheaper. Why Aren’t They Popular?
Brian X. Chen

Prepaid phone plans, where you pay the full price for a cellphone and then pay lower monthly rates without a contract, seem to offer what most budget-conscious people want. So why haven’t they really caught on?

Contract-free phone plans account for only 23 percent of the wireless customers in the United States phone market, according to the research firm Ovum. The rest are subscribers locked into contracts and paying higher monthly fees.

That’s despite the fact that prepaid phone plans are generally a better deal for most people, who can save hundreds of dollars over the course of two years compared to a contract plan.

The iPhone with a two-year contract on AT&T, for example, costs $200 for the handset and then upward of $90 a month for the plan; over two years, including the cost of the phone, customers pay at least $2,360. With a prepaid plan on Virgin Mobile, which is owned by Sprint, the iPhone costs $650 for the handset, and then $30 a month, including unlimited data (the type of data plan that people are happier with, according to J.D. Power). Over two years, that would cost about $1,370.

So why aren’t more people going prepaid?

The bait that reels most people into more expensive contracts is the subsidized price of a phone, said Tero Kuittinen, an independent analyst and a vice president of Alekstra, a company that helps customers manage their cellphone bills.

“Right now, consumers don’t do the math, and they have a lot of resistance to paying $500 to $600 upfront, and they’d rather pay $100 upfront and then overspend,” he said. “That psychology has worked for hundreds of years, and it’s still working.”

There are less obvious reasons, too. Another factor is that carriers aren’t marketing prepaid plans as heavily because they want more customers on contract plans.

“They deliberately don’t market their prepaid plans,” said Jan Dawson, an Ovum analyst. “They want you on postpaid plans that deliver higher revenue per user, on contracts that are going to lock you in.”

Sprint, for instance, hasn’t begun marketing the iPhone on Virgin Mobile’s prepaid plans, even though that offering was introduced in June, (though it says it does plan to eventually).

Mr. Dawson added that smaller carriers that offer prepaid plans, like Leap Wireless or MetroPCS, have tiny marketing budgets compared to the big carriers like AT&T and Verizon Wireless, so their cheaper phone plans simply aren’t as well known.

Finally, until recently, prepaid phone companies haven’t offered handsets that are as compelling as the ones you can get with a contract. Only in the last few months did the iPhone and some big Android phones become available through prepaid phone companies.

Prepaid plans don’t seem as cool now, but because phones on prepaid plans are generally getting better, and because people are always looking for ways to cut costs in a bad economy, Ovum says it expects American prepaid customers to increase to 29 percent of overall wireless subscribers by the year 2016.
http://bits.blogs.nytimes.com/2012/0...d-phone-plans/





F.C.C. Forces Verizon to Allow Android Tethering Apps
Brian X. Chen

Thanks to a government investigation, a large number of Verizon Wireless customers will be able to download apps that share a smartphone’s Internet connection with other devices, a feature known as tethering. And they won’t have to pay monthly fees to the carrier for the privilege.

The Federal Communications Commission said on Tuesday that it started the investigation after seeing reports that Verizon had pressured Google to block apps from the Android app store that gave customers tethering abilities without having to pay $20 a month for Verizon’s official tethering plan.

In a statement, the F.C.C. said that Verizon could not block third-party tethering apps from the Android market because of rules attached to some spectrum it had purchased, which required it to offer open access to applications and services. Blocking the tethering apps violated that rule.

“The steps taken today will not only protect consumer choice, but defend certainty for innovators to continue to deliver new services and apps without fear of being blocked,” Julius Genachowski, the F.C.C. chairman, said in the statement. GigaOm reported the news earlier.

The F.C.C. said it had reached a settlement with Verizon, requiring the carrier to pay $1.25 million to the Treasury (a tiny amount relative to the $6.9 billion in revenue it took in from mobile data last quarter), and to notify Google that it no longer objects to the tethering apps in its app store, now called Google Play.

That means that once third-party tethering apps become available again, Android customers can download them to circumvent Verizon’s monthly fee for tethering. However, for those with limited data plans, tethering will still count toward overall data use. Those customers who still have unlimited data plans are the big winner here.
http://bits.blogs.nytimes.com/2012/0...zon-tethering/





The Known Unknowns of Skype Interception
Christopher Soghoian

Over the past few weeks, the technical blogosphere, and most recently, the mainstread media have tried to answer the question: What kind of assistance can Skype provide to law enforcement agencies?

Most of the stories have been filled with speculation, sometimes informed, but mostly not. In an attempt to paint as clear a picture as possible, I want to explain what we do and don't know about Skype and surveillance.

Skype has long provided assistance to governments

The Washington Post reported yesterday that:

Skype, the online phone service long favored by political dissidents, criminals and others eager to communicate beyond the reach of governments, has expanded its cooperation with law enforcement authorities to make online chats and other user information available to police

The changes, which give the authorities access to addresses and credit card numbers, have drawn quiet applause in law enforcement circles but hostility from many activists and analysts.


To back up its claim, the post cites interviews with "industry and government officials familiar with the changes" who "poke on the condition of anonymity because they weren’t authorized to discuss the issue publicly." Ugh.

However, a quick Google search for "Skype law enforcement handbook" quickly turns up an official looking document on the whistleblower website cryptome.org, dated October 2007, which makes it clear that Skype has long been providing the assistance that the Post claims is new.

From Skype's 2007 law enforcement handbook:

In response to a subpoena or other court order, Skype will provide:

• Registration information provided at time of account registration
• E-mail address
• IP address at the time of registration
• Financial transactions conducted with Skype in the past year, although details of the credit cards used are stored only by the billing provider used (for instance, Bibit, RBS or PayPal)
• Destination telephone numbers for any calls placed to the public switched telephone network (PSTN)
• All service and account information, including any billing address(es) provided, IP address (at each transaction), and complete transactional information

While Skype's law enforcement handbook suggests that the company does not have access to IP address session logs, high-profile criminal case from 2006 suggests that the company does.

Kobi Alexander, the founder of Comverse, was nabbed in Negombo, Sri Lanka yesterday by a private investigator. He is wanted by the US government in connection with financial fraud charges. He is accused of profiting from some very shady stock-option deals, to the detriment of Comverse shareholders. Once the deals became public and he was indicted, he resigned as CEO and fled the US.

Alexander was traced to the Sri Lankan capital of Colombo after he placed a one-minute call using Skype. That was enough to alert authorities to his presence and hunt him down.


This makes sense. Skype clients connect to Skype's central servers (so that users can make calls to non Skype users, and learn which of their friends are online and offline), and so the servers naturally learn the IP address that the user is connecting from. This is not surprising.

Skype voice call encryption

So while it is clear that Skype can provide government agencies with basic subscriber information and IP login info, what remains unclear is the extent to which governments can intercept the contents of Skype voice calls.

Skype has always been rather evasive when it comes to discussing this issue. Whenever questions come up, the company makes it a point to mention that it provides end to end encryption, but then dodges all questions about how it handles encryption keys.

Skype's strategy is genius - most journalists, even those that cover tech, know very little about the more granular aspects of cryptography. When Skype says it provides end to end call encryption, journalists then tell their readers that Skype is wiretapping proof, even though Skype never made that specific claim. Conveniently enough, Skype never bothers to correct the many people who have read a tad bit too much into the company's statements about security.

As Seth Schoen from EFF told Forbes recently, "my view is that Skype has gotten a reputation for impregnable security that it has never deserved." Exactly. Consumers think the service is secure, and Skype has absolutely no incentive to correct this false, yet positive impression.

The mud puddle test

Last year, I directed a bit of a media firestorm at Dropbox, after I filed an FTC complaint alleging that the company had been misleading its customers about the "military grade" security it used to protect the files uploaded by users. Earlier this year, the tech press started to ask similar questions about the cryptography and key management used by Apple's iCloud service.

Soon after, crytographer Matt Green proposed the 'mud puddle test' for easily determining if a cloud based storage solution has unencrypted access to your data.

1. First, drop your device(s) in a mud puddle.
2. Next, slip in said puddle and crack yourself on the head. When you regain consciousness you'll be perfectly fine, but won't for the life of you be able to recall your device passwords or keys.
3. Now try to get your cloud data back.
Did you succeed? If so, you're screwed. Or to be a bit less dramatic, I should say: your cloud provider has access to your 'encrypted' data, as does the government if they want it, as does any rogue employee who knows their way around your provider's internal policy checks.

Both Dropbox and iCloud fail the mud puddle test. If a user's laptop is destroyed and they forget their password, both services permit a user to reset the password and then download all of their data that was stored with the service. Both of these companies have access to your data, and can be forced to hand it over to the government. In contrast, SpiderOak, a competing online backup service (which I use) passes the test. If a SpiderOak user forgets their password, they lose their data.

What about Skype? After all, the company isn't an online backup service, but rather a communications service, right?

Well, as an initial matter, if you forget your password, Skype sends you a reset link by email, which lets you into your account, maintaining the same account balance and restoring your full contact list. Likewise, if you install Skype on a new computer, your contact list is downloaded, and you can conduct conversations that, to the other caller, will not in any way reveal that you recently installed Skype on a new device, or reset your password. It just works.

Encrypted communications require encryption keys.

Some protocols, like Off The Record (built into several Instant Messaging clients, but not to be confused with Google's fake, unencrypted Off The Record), random keys are created by the IM client, and then users are expected to exchange and verify them out of band (usually, by phone, or in person).

The OTR developers realized that users don't like manually verifying random alpha-numeric crypto fingerprints, and so the developers introduced a slightly easier method of verifying OTR keys in recent versions that uses secret questions or shared secrets selected by users (obviously, this is less secure, but more likely to be actually followed by users).

Another scheme, the ZRTP encrypted VOIP protocol, created by Phil Zimmermann of PGP fame avoids the static fingerprint method, and instead requires users to verify a random phrase at the beginning of each conversation. ZRTP (which is also used by Whisper Systems' RedPhone and the open source Jitsi chat tool) can rely on these pass phrase exchanges, because users presumably know each others' voices. Text based IM schemes don't have this voice recognition property, and so slightly heavier weight verification schemes are required there.

While these key/identity verification methods are a pain for users, they are important. Encryption is great, but without some method of authentication, it is not very helpful. That is, without authentication, you can be sure you have encrypted session, but you have no idea who is at the other end (someone pretending to be your friend, a government device engaging in a man in the middle interception attack, etc). The key verification/exchange methods used by OTR and ZRTP provide a strong degree of authentication, so that users can be sure that no one else is snooping on their communications.

Thanks for the crypto lesson

In contrast to the complex, user-visible fingerprint exchange and verification methods employed by OTR and ZRTP, Skype does nothing at all. Skype handles all the crypto and key exchange behind the scenes. When a Skype user installs the software on a brand new device and initiates a conversation with a friend already in their contact list, that friend is not told that the caller's device/software has a new crypto key and that it should be verified. Instead, the call just connects.

While we don't know the full details of how Skype handles its key exchange, what is clear is that Skype is in a position to impersonate its customers, or, should it be forced, to give a government agency the ability to impersonate its customers. As Skype acts as the gatekeeper of conversations, and the only entity providing any authentication of callers, users have no way of knowing if they're directly communicating with a friend they frequently chat with, or if their connection is being intercepted using a man in the middle attack, made possible due to the disclosure of cryptographic keys by Skype to the government.

I suspect that Skype does not create a new private encryption key for each device running Skype. Instead, my guess is that it creates a key once, when the user sets up their account, and then stores this online, along with the user's contact list. When the user installs Skype on a new device, the key is downloaded, along with all of their other account data. The user's public/private key pair would then be used to authenticate a session key exchange. If this is the design that Skype uses, the company can be compelled to disclose the private crypto keys it holds, allowing the government to impersonate users, and perform active man in the middle interception attacks against their communications.

One alternate, but equally insecure approach would be for the Skype clients to create a new public/private keypair each time the a user installs Skype on their computer and for Skype to digitally sign the user's public key using a certificate pre-installed in all Skype clients. In that scenario, while Skype the company won't have access to your private key, it will be able to sign public keys in your name for other people (including the government) that other Skype clients will accept without complaint. Such impersonation methods can then be used to perform man in the middle attacks.

Whatever the key exchange method that Skype uses, as long as users rely on Skype for all caller authentication, and as long as the company provides account access after a forgotten password, and seamless communications after the installation of Skype on a new computer, the company will fail the mud puddle test. Under such circumstances, Skype is in a position to give the government sufficient data to perform a man in the middle attack against Skype users.

Government agencies and encryption keys

Ok, so Skype has access to users' communications encryption keys (or can enable others to impersonate as Skype users). What does this mean for the confidentiality of Skype calls? Skype may in fact be telling the truth when it tells journalists that it does not provide CALEA-style wiretap capabilities to governments. It may not need to. If governments can can impersonate Skype users and perform man in the middle attacks on their conversations (with the assistance of broadband ISPs or wireless carriers), then they can decrypt the voice communications without any further assistance from Skype.

Do we know if this is happening? No. But that is largely because Skype really won't comment on the specifics of its interactions with governments, or the assistance it can provide. However, privacy researchers have for many years speculated about governments compelling companies to hand over their own encryption keys or provide false certificates for use in MiTM attacks. In such cases, when the requests come, there isn't really anything that companies can do to resist.

We need transparency

I suspect that 99% of Skype's customers have never given a moment's thought to the ease or difficulty with which government agencies can listen to their calls. Most likely use the service because it is free/cheap, easy, and enables them to talk to their loved ones with a minimum of hassle. There are, however, journalists, human rights activists and other at-risk groups who use Skype because they think it is more secure. In terms of Skype's hundreds of millions of users, these thousands of privacy-sensitive users are a tiny rounding error, a drop in the bucket.

Skype is not transparent about its surveillance capabilities. It will not tell us how it handles keys, what kind of assistance it provides governments, under what circumstances, or which governments it will and won't assist. Until it is more transparent, Skype should be assumed to be insecure, and not safe for those whose physical safety depends upon confidentiality of their calls.

Skype of course can't talk about the requests for assistance it has received from intelligence agencies, since such requests are almost certainly classified. However, Skype could, if it wished to, tell users about its surveillance capabilities. It doesn't.

I personally don't really care if Skype is resistant to government surveillance or not. There are other schemes, such as ZRTP, which are peer reviewed, open, documented protocols which activists can and should use. What I would like though, is for Skype to be honest. If it is providing encryption keys to governments, it should tell its customers. They deserve the truth.
http://paranoia.dubfire.net/2012/07/...erception.html





Seeing Through Walls With a Wireless Router
David Hambling

Wi-Spy Click here to see this amazing image even larger. Kevin Hand

In the 1930s, U.S. Navy researchers stumbled upon the concept of radar when they noticed that a plane flying past a radio tower reflected radio waves. Scientists have now applied that same principle to make the first device that tracks existing Wi-Fi signals to spy on people through walls.

Wi-Fi radio signals are found in 61 percent of homes in the U.S. and 25 percent worldwide, so Karl Woodbridge and Kevin Chetty, researchers at University College London, designed their detector to use these ubiquitous signals. When a radio wave reflects off a moving object, its frequency changes—a phenomenon called the Doppler effect. Their radar prototype identifies frequency changes to detect moving objects. It’s about the size of a suitcase and contains a radio receiver composed of two antennas #and a signal-processing unit. In tests, they have used it to determine a person’s location, speed and direction—even through a one-foot-thick brick wall. Because the device itself doesn’t emit any radio waves, it can’t be detected.

Wi-Fi radar could have domestic applications ranging from spotting intruders to unobtrusively monitoring children or the elderly. It could also have military uses: The U.K. Ministry of Defence has funded a study to determine whether it could be used to scan buildings during urban warfare. With improvements, Woodbridge says, the device could become sensitive enough to pick up on subtle motions the ribcage makes during breathing, which would allow the radar to detect people who are standing or sitting still.
1. MOVING SUBJECT
When Wi-Fi radio waves bounce off a moving object, their frequency changes. If, for example, a person is moving toward the Wi-Fi source, the reflected waves’ frequency increases. If a person is moving away from the source, the frequency decreases.

2. REGULAR OL' ROUTER
A Wi-Fi Internet router already in the room fills the area with radio waves of a specific frequency, usually 2.4 or 5 gigahertz.

3. BASELINE SIGNAL
One antenna of the radar system tracks the baseline radio signal in the room.

4. SHIFTED SIGNAL
A second antenna detects radio waves that have reflected off of moving objects, which changes their frequency.

5. PERP, SPOTTED
By comparing the two antennas’ signals, the computer calculates the object’s location to within a few feet as well as its speed and direction.
http://www.popsci.com/technology/art...ireless-router





Dropbox Confirms it Got Hacked, Will Offer Two-Factor Authentication

Spammers used stolen password to access list of Dropbox user e-mails.
Jon Brodkin

A couple of weeks ago Dropbox hired some "outside experts" to investigate why a bunch of users were getting spam at e-mail addresses used only for Dropbox storage accounts. The results of the investigation are in, and it turns out a Dropbox employee’s account was hacked, allowing access to user e-mail addresses.

In an explanatory blog post, Dropbox today said a stolen password was "used to access an employee Dropbox account containing a project document with user email addresses." Hackers apparently started spamming those addresses, although there’s no indication that user passwords were revealed as well. Some Dropbox customer accounts were hacked too, but this was apparently an unrelated matter. "Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts," the company said.

Dropbox noted that users should set up different passwords for different sites. The site is also upping its own security measures. In a few weeks, Dropbox said it will start offering an optional two-factor authentication service. This could involve users logging in with a password as well as a temporary code sent to their phones.

Dropbox has also set up a new page letting users view all the active logins to their accounts, and said it is planning "new automated mechanisms to help identify suspicious activity." At any rate, users may want to think about examining more secure alternatives, encrypting their files, or simply not storing ultra-sensitive information in Dropbox. You may recall that one year ago, a Dropbox screwup left all user accounts unsecured and accessible with any password for four hours. These mistakes haven't led to major problems for users that we know of just yet, but they don't inspire much confidence in Dropbox's security systems.
http://arstechnica.com/security/2012...uthentication/





Analysis: Critics Assail 1980s-Era Hacking Law as Out of Step
Grant McCool

A 1984 U.S. anti-hacking law passed when computer crime was in its infancy is under fire for potentially going too far in criminalizing the actions of employees who violate workplace policies.

Judges across the country are divided on how the 28-year-old law, the U.S. Computer Fraud and Abuse Act, can be applied. At the same time, the Justice Department has signaled it wants to ramp up prosecutions under the law, even as it has lost some cases.

Civil liberties advocates and some lawyers and judges are questioning whether the CFAA, intended to punish hackers and other trespassers who damage computer systems or steal customer information, can be used to prosecute people inside a company who download sensitive data without their employers' approval.

The debate is centered around a key phrase in the law: that it is illegal to "intentionally access a computer without authorization or exceed authorized access." Critics argue this language is too broad and vague and could turn ordinary people into criminals for things many do routinely, such as dabble in online shopping or scan an online matchmaking site at work.

"This statute has the potential to affect millions of Americans in the workplace who work at or use a computer to do their job," said Brent Cossrow, a partner at law firm Fisher & Phillips in Radnor, Pennsylvania, which specializes in computer breach cases. "Hopefully, it gets cleared up soon."

BOUND FOR SUPREME COURT?

A split decision in April by the 9th U.S. Circuit Court of Appeals in San Francisco could be the case that forces the U.S. Supreme Court to examine the law's reach.

In a 9-2 ruling, the appeals court threw out criminal charges brought under the law against David Nosal, a former managing director at executive search firm Korn/Ferry International. Nosal was indicted in 2008 for allegedly persuading colleagues to download confidential source lists and contact information from the firm to use at his new business.

Three co-defendants pleaded guilty to CFAA violations. But Nosal fought the charges, arguing that he and his colleagues had been authorized to access the company's database. The appeals court supported Nosal's argument, and threw out the CFAA charges against him, though he still faces separate charges of trade secrets theft in U.S. District Court in San Francisco.

The 9th Circuit ruling was suspended to give the Justice Department time to consider petitioning the Supreme Court to review the case. If the Supreme Court were to hear the matter, it could potentially be on the docket for the upcoming term.

The Justice Department, which declined to comment on the case, has until August 8 to decide whether to seek Supreme Court review.

Nosal's lawyer, Steven Gruel, said his client wants to exonerate himself. "He's always said he did nothing wrong."

NEW SCENARIOS

If the high court does not take the Nosal case, legal experts say, little is likely to get settled in the near future over how and when the law can be applied.

The CFAA was crafted before the Internet was omnipresent in the workplace. Employees today have vastly more sensitive company information accessible on their computers, leading to scenarios that the writers of the law may never have envisioned.

Some companies, such as Oracle Corp, which filed a brief supporting the Justice Department against Nosal, say such criminal prosecutions are justified.

Oracle said Congress rooted the statute in common-law trespass doctrines.

"Among them is the concept of restricted authorization: a person commits trespass not only when he or she enters property or a portion of it when told not to; a person commits trespass also when he or she has authorization to enter for some purposes but enters for different ones," the brief said.

Critics say the statute, which carries civil and criminal penalties, could be abused by employers.

The precedent that develops largely in the context of a private, workplace dispute "becomes something that people can go to jail for, and that's really dangerous," said Marcia Hoffman, senior staff attorney with the Electronic Frontier Foundation, a non-profit civil liberties organization.

Potential criminal penalties under the law range from one year to 10 years in prison, if the offense involves information relating to U.S. national security.

Prosecutors have brought about 550 federal criminal cases under the CFAA and related computer fraud laws in the past 5-1/2 years, according to court filings reviewed in Westlaw, a legal data division of Thomson Reuters. Over the same period, nearly 500 civil lawsuits were brought in private disputes citing the CFAA and related laws, the filings show.

The Justice Department wants to expand the penalties and prosecutions under the act, an Obama administration official told a hearing on Capitol Hill in November. Richard Downing, deputy section chief for computer crime and intellectual property, said it was important to retain the provisions of the law that apply to employee-use agreements.

Removing that section of the law "could make it difficult or impossible to deter and punish serious threats from malicious insiders," he told the Crime, Terrorism and Homeland Security Subcommittee of the House Judiciary Committee.

If the Justice Department were to go to the Supreme Court and lose over the CFAA, it would remove an arrow in its quiver for prosecuting those "insider" computer abuse cases.

Congress has partially addressed the issue while crafting new cyber security legislation. One possible amendment to a bill pending in the U.S. Senate would narrow criminal cases to exclude relatively innocuous violations of agreements governing the use of private computers, such as a social-network user signing up under a pseudonym.

MIXED RULINGS

In February, the U.S. government lost another case involving an employee who had accessed company data, a case that also raised questions about use of the hacking statute.

That case involved a former Goldman Sachs Group Inc programmer, Sergey Aleynikov, who was accused of stealing code used in the bank's high-frequency trading system before leaving for a new company in Chicago.

Before Aleynikov went on trial, U.S. District Judge Denise Cote dismissed the charges brought under the CFAA, saying the government's interpretation "could convert an ordinary violation of the duty of loyalty or of a confidential agreement into a federal offense." But she let trade-secrets charges against him stand, and in December 2010 Aleynikov was found guilty.

That conviction was thrown out earlier this year by the 2nd U.S. Circuit Court of Appeals, and Aleynikov was freed after serving one year of an eight-year prison term.

The Nosal and Aleynikov cases conflict with an earlier appeals court ruling. That case was a civil dispute between a real estate developer, Jacob Citrin, and his former employer, International Airport Centers LLC. The 7th U.S. Circuit Court of Appeals in Chicago ruled in 2006 that Citrin violated the CFAA by installing a program that deleted files on a company laptop as he was departing for another job.

Citrin was not criminally charged and his case was settled on undisclosed terms, but a Justice Department guide for prosecutors on the CFAA points to the 7th Circuit ruling as "the leading authority" for the position that when an employee is doing something disloyal to an employer, authorized access to the computer ends under the law.

Citrin's lawyers, Ronald Marmer and John Koch, of Jenner & Block in Chicago, had no comment. Citrin is now CEO of Cargo Ventures in Doral, Florida, according to his company's web site.

Unless the Supreme Court ultimately weighs in, the inconsistent decisions will continue, said lawyer John Dozier, of Dozier Internet Law, a Glen Allen, Virginia law firm.

Without clarity, he said, "what is going to be illegal in one part of the country is not illegal in the other."

The cases are USA v David Nosal in the 9th U.S. Circuit Court of Appeals 10-10038 and International Airport Centers LLC v Jacob Citrin in the 7th U.S. Circuit Court of Appeals No. 05-1522 and USA v Aleynikov, U.S. District Court for the Southern District of New York 10-00096.

(Editing by Martha Graybow, Edward Tobin and Leslie Gevirtz)
http://www.reuters.com/article/2012/...86S0DE20120730





Ubisoft Uplay DRM Found to Include a Rootkit
Matthew Humphries

Ubisoft is one publisher that has fully embraced the use of always-connected DRM in its games. They believe this cuts down of piracy, but at the same time it frustrates gamers who legitimately purchase Ubisoft titles because without a reliable Internet connection they can’t play the game they have bought.

Those same gamers may have another reason to get very angry with Ubisoft today. It has been discovered that the Uplay system Ubisoft uses to both check a game is legal and offer up gaming achievements, multiplayer, and additional content, actually contains a rootkit.

The discovery was made by Tavis Ormandy, and information security engineer at Google, when he installed Assassin’s Creed: Revelations on his laptop. He noticed that during the installation Uplay installed a browser plug-in that allows any website to gain access to your machine through a backdoor and take control of it.

The plug-in can be classed as a rootkit because it is thought to allow continued privileged access to a machine without a user’s consent. If this was limited just to the Uplay service with regard to checking games are legal it would still be a major concern, but the fact any website could potentially use the plugin escalates the seriousness of what is happening here.

The rootkit was only disclosed yesterday, so it’s unlikely anyone at Ubisoft has had time to look into the claims. What’s worrying in the number of games this affects due to their use of Uplay. In total there are 21 titles including 5 Assassin’s Creed games, 3 Tom Clancy games, as well as popular titles such as Driver: San Francisco, and Settlers 7, which together will mean potentially hundreds of thousands of PCs are at risk of being exploited.

We’ll keep an eye out for Ubisoft responding to the rootkit claims and let you know what they say. If they have been installing rootkits then we could see a backlash on the same scale as Sony faced back when it shipped a rootkit on music CDs a few years ago.

More at Seclists.org and discussion at HN
http://www.geek.com/articles/games/u...tkit-20120730/





JavaScript Botnet Sheds Light On Criminal Activity

A security research group uses cached JavaScript to control computers connecting to a malicious proxy, gaining intelligence on fraudsters and criminals
Robert Lemos

Two researchers from Madrid-based security consultancy Informatica64 used a JavaScript Trojan horse to take control of computers using an untrusted proxy, gaining intelligence on a variety of underground criminal activity, from Nigerian spammers to dating-site scammers to Web-site defacers.

In a presentation at the Black Hat security conference on Wednesday, security consultant Chema Alonso demonstrated a legally questionable technique to eavesdrop on the activities of people, or create a botnet, by replacing cached JavaScript with an attacker's copy. To inject the JavaScript file into a victim's browser, Alonso and a colleague set up an anonymous proxy server and then published its Internet address on a proxy forum.

In a single day, more than 4,000 computers had connected to the proxy server and had the poisoned JavaScript file in their browser caches. Using the JavaScript Trojan horse, the group started collecting cookies and Web site credentials.

"In one day, we were able to get over 4,000 bots -- in one day," Alonso said. "No pay-per install, no paying anyone to create the exploit."

The researchers found a variety of low-level criminals using their proxy server: fraudsters posing as British immigration officials offering work permits in hopes of stealing money and sensitive documents from their victims; a man pretending to be a pretty woman on a number of dating sites to con victims into sending money for a plane ticket; and another fraudster selling nonexistent Yorkshire Terriers.

While other man-in-the-middle attacks could capture data communicated in the clear, by using JavaScript the security researchers could gain access to data that would otherwise be encrypted using the secure sockets layer (SSL) protocol.

The technique could be used to target specific Web sites by gathering information on the JavaScript files on the targeted site. By replacing one of the JavaScript files with a malicious version via the proxy server, the attacker can tailor attacks for specific sites, he said.

Alonso acknowledges that the technique may be legally questionable. While he published a privacy warning and legal disclaimer on the proxy site, he said you have to be careful where you set up the proxy server.

"It is better to search for servers in countries without law," he said.

It is very likely that companies and governments are already using this technique to eavesdrop on criminal activity, Alonso said.

"If we were able to collect that amount of data in only one day doing nothing, two small JavaScript files, how many governments are doing the same on the Internet? How many intelligence agencies are doing the same on the Internet?"

Alonso recommended that anyone who is using anonymous proxies or even the Tor network to only use servers that they trust. In addition, privacy-sensitive people should regularly clear the browser cache. "The cache is not your friend," he said.
http://www.darkreading.com/threat-in...-activity.html





Former NSA Official Disputes Claims by NSA Chief
Kim Zetter

A former NSA official has accused the NSA’s director of deception during a speech he gave at the DefCon hacker conference on Friday when he asserted that the agency does not collect files on Americans.

William Binney, a former technical director at the NSA, said during a panel discussion that NSA Director Gen. Keith Alexander was playing a “word game” and that the NSA was indeed collecting e-mails, Twitter writings, internet searches and other data belonging to Americans and indexing it.

“Unfortunately, once the software takes in data, it will build profiles on everyone in that data,” he said. “You can simply call it up by the attributes of anyone you want and it’s in place for people to look at.”

He said the NSA began building its data collection system to spy on Americans prior to 9/11, and then used the terrorist attacks that occurred that year as the excuse to launch the data collection project.

“It started in February 2001 when they started asking telecoms for data,” Binney said. “That to me tells me that the real plan was to spy on Americans from the beginning.”

Binney is referring to assertions that former Qwest CEO James Nacchio made in court documents in 2007 that the NSA had asked Qwest, AT&T, Verizon and Bellsouth in early 2001 for customer calling records and that all of the other companies complied with the request, but Nacchio declined to participate until served with a proper legal order.

“The reason I left the NSA was because they started spying on everybody in the country. That’s the reason I left,” said Binney, who resigned from the agency in late 2001.

Binney was contradicting statements made on Friday by Alexander, who told the crowd of hackers and security professionals that his agency “absolutely” does not maintain files on Americans.

“And anybody who would tell you that we’re keeping files or dossiers on the American people,” Alexander continued, “knows that’s not true.”

Alexander also told the audience that the NSA targets only foreign entities and that if it “incidentally” picked up the data of Americans in the process, the agency was required to “minimize” the data, “which means nobody else can see it unless there’s a crime that’s been committed.” Minimization refers to legal restrictions under the United states Signals Intelligence Directive 18 on how data pertaining to U.S. citizens can be handled, distributed or retained.

Following the panel discussion, a former attorney for the NSA elaborated on this to Threat Level.

“You’re looking at a data stream that originates in a foreign country. It just happens to be transiting the United States,” said Richard Marshall, former associate general counsel for information assurance at the NSA. “You’re authorized by law to collect that data and to analyze that data. Even though it was captured on U.S. soil, it’s against a foreign target. Now in the process of doing that, yes, there is a possibility, more than a possibility I guess, that there will be some U.S. person who is involved in a conversation with a foreign entity, a foreign person. So what? If you’re not collecting data against that U.S. person, what’s the harm?”

But ACLU staff attorney Alex Abdo, who was also on the panel, noted that a gaping loophole in the laws governing the NSA allows the agency to do dragnet surveillance of non-Americans and, in the process sweep up the data of Americans they may be communicating with, and hold onto that data even though the Americans aren’t the target. The NSA can then “target [the Americans] after-the-fact.” If, for example, new information came to light involving an American whose information is in the database, the NSA can sift through the “minimized” data and at that point “get the info that they couldn’t target from the outset.”

Earlier this month, the Office of the Director of National Intelligence admitted in a letter sent to Senator Ron Wyden that on at least one occasion the NSA had violated the Constitutional prohibitions on unlawful search and seizure.

According to the letter, the Foreign Intelligence Surveillance Court found that “minimization procedures” used by the government while it was collecting intelligence were “unreasonable under the Fourth Amendment.”

Author James Bamford, speaking with Abdo and Binney, said that the NSA could also get around the law against targeting Americans by targeting a call center for a U.S. company that is based overseas, perhaps in India. When Americans then called the center to obtain information about their bank account or some other transaction, the NSA would be able to pick up that communication.

Finally, Binney contradicted Alexander’s earlier claims that the agency could not violate the law even if it wanted to do so because the NSA is monitored by Congress, both intel committees and their congressional members and their staffs. “So everything we do is auditable by them, by the FISA court … and by the administration. And everything we do is accountable to them…. We are overseen by everybody,” Alexander had said.

But these assertions are disingenuous since, Binney said, “all the oversight is totally dependent on what the NSA tells them. They have no way of knowing what [the NSA is] really doing unless they’re told.”
http://www.wired.com/threatlevel/201...ander-and-nsa/





Why Fibbing About Your Age Is Relevant to the Cybersecurity Bill
Greg Nojeim, Jake Laperruque

Congress is about to decide whether it is a crime to violate terms of service governing your use of Gmail, Facebook, Hulu, or any other on-line service.

One of the amendments to the Cybersecurity Act that the Senate is likely to take up this week would substantially increase already severe penalties for violations of the Computer Fraud and Abuse Act (CFAA), an important law designed to prevent malicious computer activity, such as hacking. The amendment would eliminate provisions setting lower sentences for first time offenders, establish mandatory minimum sentences for many offenders, make computer crimes "racketeering" predicates, and subject homes to civil asset forfeiture for computer crimes committed inside. The problem is, there is widespread agreement that the statute is already overly broad, sweeping in common online conduct, and the Department of Justice has interpreted it in a way that turns many – maybe most – Internet users into potential criminals.

A fix has been proposed, but the Justice Department is opposing it. The DOJ wants all the enhanced penalties, without narrowing the scope of the bill to focus on true hacking.

The CFAA makes it a crime to use a computer "in excess" of "authorization." This has been read to mean that it is illegal to use a computer in a manner that violates contractual agreements. People regularly use websites with broad and ambiguous "Terms of Service" prohibitions, and violations of terms of service are commonplace. For example, Gmail's Terms of Service bar users younger than age 13, but there is little doubt that thousands of pre-teens lie about their age so they can use Gmail. Under the reading of the Justice Department, they are all criminals and should be subject to the law's harsh penalties.

As another example, the 150 million users of Facebook in the U.S. agree to a Statement of Rights and Responsibilities that ban:

• Accessing someone else's Facebook account, even with their permission
• Sharing your Facebook password, or letting anyone else access your account
• Posting any false personal information on Facebook
• Using Facebook "to do anything malicious"
• Using Facebook "to do anything misleading"

Any of these actions would constitute a computer use that is in excess of authorization. As such, in the view of the Department of Justice, each action is a candidate to prosecuted as a federal crime punishable by a fine, asset forfeiture, or prison time.

Fortunately, lawmakers are attempting correct this problem, and ensure that Americans cannot be charged with a felony for actions that merely violate a website's Terms of Service. In September, the Senate Judiciary Committee adopted unanimously an amendment by Senators Grassley (R-IA), Franken (D-MN) and Lee (R-UT) to fix the statute so that most terms of service violations are not CFAA crimes. Organizations and individuals from across the philosophical spectrum endorsed their amendment.

The Grassley/Franken/Lee language has been incorporated into the larger CFAA amendment mentioned earlier, which Senator Patrick Leahy has proposed to the Cybersecurity Act, soon to be taken up by the Senate.

Weighing in on the issue are a group of individuals and organizations from across the philosophical spectrum; CDT is among that group. The group sent a letter today to Senate leadership highlighting the flaws noted earlier and asking that, should the Leahy CFAA come to a vote, that it include the Grassley/Franklin/Lee provisions, which they called "an important step forward for security and civil liberties."

However, the Justice Department is trying to strip out the common-sense amendment of Senators Grassley, Franken and Lee. The CFAA is an important law, but Congress should make sure that it does not criminalize fibbing about your age on the Internet.
https://www.cdt.org/blogs/greg-nojei...rsecurity-bill





Cybersecurity Bill Fails in US Senate
AFP

A bill aimed at protecting the United States from cyber attacks failed to advance in the US Senate on Thursday, severely denting hopes for the passage of a measure backed by President Barack Obama.

The legislation was blocked amid opposition from an unusual coalition of civil libertarians -- who feared it could allow too much government snooping -- and conservatives who said it would create a new bureaucracy.

Senate Stalls with Amendments to Cybersecurity Bill

The bill needed 60 votes in the 100-member Senate to advance under rules in the chamber, but got only 52. The failure came despite pleas from Obama and top US defense officials.

After the vote, the White House blamed "an overwhelming majority of Senate Republicans" for blocking the bill, which it said would have protected the nation "from potentially catastrophic cyber attacks."

The bill was a "comprehensive piece of cybersecurity legislation" but it was foiled by "the politics of obstructionism, driven by special interest groups seeking to avoid accountability," it said in a statement.

General Martin Dempsey, chairman of the Joint Chiefs of Staff, said the bill was needed to protect infrastructure critical to safeguarding national defense.

Related: Gun, Abortion Amendments Stall Senate Cybersecurity Bill

"Because the military relies on this infrastructure to defend the nation, we cannot afford to leave our electricity grid and transportation system vulnerable to attack," Dempsey said in a letter to senators this week.

The revised measure had removed some parts of a bill passed in April in the House of Representatives that previously provoked controversy.

It called for a National Cybersecurity Council to assess vulnerabilities and would create a voluntary system of reporting attacks.

But Matt Kibbe of the conservative group FreedomWorks said the bill was "deeply flawed and would stifle innovation on the Internet."

He said that by allowing the Department of Homeland Security to define what amounted to critical infrastructure it would "create a completely open-ended regulatory apparatus for Internet security."

A campaign launched by civil liberties groups argued that the bill "would let companies like Facebook and Google monitor our online communications and then pass that data to the government without a warrant."

The US Chamber of Commerce argued that the bill "could actually impede US cybersecurity by shifting businesses' resources away from implementing robust and effective security measures and toward meeting government mandates."

Key senators had hoped for passage before the summer recess, set to begin this weekend, which would set up the process for reconciling it with the House bill.

Michelle Richardson of the American Civil Liberties Union said after the vote that the issue of cybersecurity "is far from dead."

"When Congress inevitably picks up this issue again, the privacy amendments in this bill should remain the vanguard for any future bills," she said.
https://www.securityweek.com/cyberse...ails-us-senate





Surprisingly Good Evidence That Real Name Policies Fail To Improve Comments
Gregory Ferenstein

YouTube has joined a growing list of social media companies who think that forcing users to use their real names will make comment sections less of a trolling wasteland, but there’s surprisingly good evidence from South Korea that real name policies fail at cleaning up comments. In 2007, South Korea temporarily mandated that all websites with over 100,000 viewers require real names, but scraped it after it was found to be ineffective at cleaning up abusive and malicious comments (the policy reduced unwanted comments by an estimated .09%). We don’t know how this hidden gem of evidence skipped the national debate on real identities, but it’s an important lesson for YouTube, Facebook and Google, who have assumed that fear of judgement will change online behavior for the better.

Last week, YouTube began a policy of prompting users to sign in through Google+ with their full names. If users decline, they have to give a valid reason, like, “My channel is for a show or character”. The policy is part of Google’s larger effort to bring authentic identity to their social media ecosystem, siding with companies like Facebook, who have long assumed that transparency induces better behavior.

“I think anonymity on the Internet has to go away,” argued former Facebook Marketing Director, Randi Zuckerberg. “People behave a lot better when they have their real names down. … I think people hide behind anonymity and they feel like they can say whatever they want behind closed doors.” For years, the national discussion has gone up and back, between critics who say that anonymity is a fundamental right of privacy and necessary for political dissidents, and social networks who worry about online bullying and impact that trolls have on their community.

Enough theorizing, there’s actually good evidence to inform the debate. For 4 years, Koreans enacted increasingly stiff real-name commenting laws, first for political websites in 2003, then for all websites receiving more than 300,000 viewers in 2007, and was finally tightened to 100,000 viewers a year later after online slander was cited in the suicide of a national figure. The policy, however, was ditched shortly after a Korean Communications Commission study found that it only decreased malicious comments by 0.9%. Korean sites were also inundated by hackers, presumably after valuable identities.

Further analysis by Carnegie Mellon’s Daegon Cho and Alessandro Acquisti, found that the policy actually increased the frequency of expletives in comments for some user demographics. While the policy reduced swearing and “anti-normative” behavior at the aggregate level by as much as 30%, individual users were not dismayed. “Light users”, who posted 1 or 2 comments, were most affected by the law, but “heavy” ones (11-16+ comments ) didn’t seem to mind.

Given that the Commission estimates that only 13% of comments are malicious, a mere 30% reduction only seems to clean up the muddied waters of comment systems a depressingly negligent amount.

The finding isn’t surprising” social science researchers have long known that eventually begin to ignore cameras video taping their behavior. In other words, the presence of some phantom judgmental audience doesn’t seem to make us better versions of ourselves.
http://techcrunch.com/2012/07/29/sur...rove-comments/





In Virtual Play, Sex Harassment Is All Too Real
Amy O’Leary

When Miranda Pakozdi entered the Cross Assault video game tournament this year, she knew she had a slim chance of winning the $25,000 prize. But she was ready to compete, and promised fans watching online that she would train just as hard as, if not harder than, anyone else.

Over six days of competition, though, her team’s coach, Aris Bakhtanians, interrogated her on camera about her bra size, said “take off your shirt” and focused the team’s webcam on her chest, feet and legs. He leaned in over her shoulder and smelled her.

Ms. Pakozdi, 25, an experienced gamer, has said she always expects a certain amount of trash talk. But as the only woman on the team, this was too much, especially from her coach, she said. It was after she overheard Mr. Bakhtanians defending sexual harassment as part of “the fighting game community” that she forfeited the game.

Sexism, racism, homophobia and general name-calling are longstanding facts of life in certain corners of online video games. But the Cross Assault episode was the first of a series this year that have exposed the severity of the harassment that many women experience in virtual gaming communities.

And a backlash — on Twitter, in videos, on blogs and even in an online comic strip — has moved the issue beyond endless debate among gaming insiders to more public calls for change.

Executives in the $25 billion-a-year industry are taking note. One game designer’s online call for civility prompted a meeting with Microsoft executives about how to better police Xbox Live. In February, shortly after the Cross Assault tournament, LevelUp, an Internet broadcaster of gaming events, barred two commentators who made light of sexual harassment on camera and issued a formal apology, including statements from the commentators.

Even so, Tom Cannon, co-founder of the largest fighting game tournament, EVO, pulled his company’s sponsorship of the weekly LevelUp series, saying that “we cannot continue to let ignorant, hateful speech slide.”

“The nasty undercurrent in the scene isn’t a joke or a meme,” he said. “It’s something we need to fix.”

Mr. Bakhtanians, whose actions during the Cross Assault tournament were captured on video, later issued a statement in which he apologized if he had offended anyone. He also blamed “my own inability in the heat of the moment to defend myself and the community I have loved for over 15 years.”

But the issues raised by the Cross Assault episode gained more attention with Anita Sarkeesian’s campaign in May to raise $6,000 on Kickstarter to document how women are portrayed in video games. Her YouTube and Facebook pages were instantly flooded with hate-filled comments. People tried to hack her online accounts. She received violent personal threats.

Ms. Sarkeesian responded by documenting the harassment, posting online the doctored, pornographic images of herself that her detractors had created. Supporters of her efforts, aghast, donated more than $150,000, further angering her critics. A man from Ontario created an Internet game where players could “punch” her, layering bruises and cuts on her image until the screen turns red.

“The gaming industry is actually in the process of changing,” Ms. Sarkeesian said. “That’s a really positive thing, but I think there is a small group of male gamers who feel like gaming belongs to them, and are really terrified of that change happening.”
When Sam Killermann, a gamer in Austin, Tex., saw the reaction to Ms. Sarkeesian’s project, something “broke through,” he said. A few weeks ago, he began a campaign for “Gamers Against Bigotry,” asking people to sign a pledge supporting more positive behavior. The site received 1,500 pledges before it was hacked, erasing its list of names.

Like Ms. Sarkeesian, many women gamers are documenting their experiences on blogs like “Fat, Ugly or Slutty” (whose name comes from the typical insults women receive while playing against others online). It cheekily catalogs the slurs, threats and come-ons women receive while playing games like Resident Evil or Gears of War 3.

The blog publishes screenshots and voice recordings that serve as a kind of universal citation in each new controversy, called upon to settle debates or explode myths. For instance, many of the site’s recordings feature deep voices captured from the chat features of online games, debunking the widely held belief that bad behavior begins and ends with 13-year-old boys.

Jessica Hammer, a longtime player of video games and a researcher at Columbia University, said the percentage of women playing such games online ranges from 12 percent to close to half, depending on the game type. Industry statistics from the Entertainment Software Association say 47 percent of game players are women, but that number is frequently viewed as so all-encompassing as to be meaningless, bundling Solitaire alongside Diablo III.

Women report greater levels of harassment in more competitive games involving strangers. Some abandon anonymous play for safer communities or “clans” where good behavior is the norm.

In other game communities, however, sexual threats, taunts and come-ons are common, as is criticism that women’s presence is “distracting” or that they are simply trying to seek attention. Some have been offered money or virtual “gold” for online sex. Some have been stalked online and in person.

Stephen Toulouse, who was the head of enforcement for Xbox Live from 2007 until February, policed the most egregious behavior on the network, owned by Microsoft. And women were the most frequent target of harassment, he said. In that role, Mr. Toulouse experienced the wrath of angry gamers firsthand, who figured out where he lived, then called the police with false reports about trouble at his house (more than once, SWAT teams were sent).

If players were reported for bad behavior, they could be disciplined by being muted on voice chat or barred temporarily. At least once a day, Mr. Toulouse said, the company blocked a specific console’s serial number from ever accessing the network again.

But policing the two or three million players who are active on Xbox Live at any given time is hard. Just as on the broader Internet, there are people who delight in piquing anger or frustration in others, or “trolling.” For trolls, offensive language — sexist, racist, homophobic comments — are interchangeable weapons that vary with the target.

“They treat the Internet like a vast game,” where offending others scores points, Mr. Toulouse said. But the standard advice to ignore the taunts (“don’t feed the trolls”) is now, in the wake of Ms. Sarkeesian’s treatment, being accompanied by discussions about “how to kill a troll.” And many people are calling for the gaming industry to do more.

James Portnow, a game designer who has worked on titles including Call of Duty and Farmville, wrote an episode about harassment for his animated Web series “Extra Credits.” In it, the narrator says: “Right now, it’s like we gave the school bully access to the intercom system and told him that everyone would hear whatever he had to say. It’s time we take away that megaphone.”

At the end of the video, viewers were encouraged to e-mail Microsoft’s Xbox Live’s team, asking for changes to communication tools and improvements to reporting systems.

After hearing from gamers, Microsoft called Mr. Portnow and invited him to headquarters. He met with a team of executives, including a vice president, for four hours, and they discussed how Microsoft was developing better algorithms for things like automatically muting repeat offenders. Microsoft confirmed it was working toward improvements to its community tools.

“For the longest time, people have seen games as a children’s pastime, and we as an industry have stood behind this idea,” said Mr. Portnow, who will be speaking on a gaming convention panel later this month called “Ending Harassment in Gaming.”

“But that’s not true any longer,” he added. “We are a real mass medium, and we have a real effect on the culture. We have to take a step beyond this idea that nothing we could possibly do could be negative, or hurt people.”
https://www.nytimes.com/2012/08/02/u...irs-anger.html





Fighting the iCrime Wave

Device theft has exploded. New solutions are on the way. Is the industry doing enough about 'Apple picking'?
Rolfe Winkler

Police across the nation are fighting surges in mobile phone and tablet thefts. But can technology and blacklists help bring down the statistics? WSJ's Rolfe Winkler, who was attacked over his own iPad, joins digits to discuss.

We were buried in an e-book when the subway doors opened at the Bergen Street stop in Brooklyn. In a flash, a pair of hands dove into my date's lap and ripped away her iPad. Chasing the guy was instinctive. But he had a crew backing him up that I never saw. Instead of winning back the iPad, I found myself lying on the platform bleeding, my jaw split in half.

Nabbing electronic devices isn't new. But lately it is growing "exponentially" according to a 2011 report from the New York Police Department. The lucrative secondhand market for today's niftiest handsets has produced an explosion in "Apple picking" by thieves. A used iPad or iPhone can fetch more than $400.

How big is the iCrime wave? National data aren't available, but in New York, there were more than 26,000 incidents of electronics theft in the first 10 months of 2011—81% involving mobile phones—according to an internal police-department document. In Washington, D.C., cellphone-related robberies jumped 54% from 2007 to 2011, according to the Metropolitan Police Department. And the data may drastically undercount thefts. Since many don't involve violence, many victims don't bother reporting them.

But plenty of the crimes are violent.

Hwang Yang, a chef at the Modern in New York, was walking home from the subway in the Bronx in April when thieves shot him dead for his iPhone. They were caught after posting it on Craigslist. Outside Denver in 2010, Bill Jordan was leaving an Apple store, toting his new iPad in a bag. When a thief ripped the bag away, the strings tore off part of Mr. Jordan's pinkie.

Subway or bus riders make great targets, especially those engrossed in their devices near the doors. When the doors open, a veteran thief will swipe the device and flee, the doors closing behind him. I was off the train before the doors could stop me—at the cost of eating through a straw for a month.

The best way to deter theft is to reduce the value of stolen devices. After pressure from police departments, the wireless industry is moving to adopt a national registry system that would deny service to such devices. The idea is simple: When a smartphone is reported stolen, its ID number goes into a database. When another user tries to make a call or download data, the device pops up on the blacklist and the carrier denies service.

Two of the four major U.S. carriers—Sprint and Verizon—have had blacklists for some time. AT&T and T-Mobile haven't, partly because their networks identify devices using SIM cards. While SIMs can be disabled, a thief can easily install a new one. The networks operated by Verizon and Sprint identify devices by their electronic serial numbers, so devices reported stolen can't be reactivated.

After an April deal brokered by the Federal Communications Commission, AT&T and T-Mobile are rolling out blacklists that identify devices with an ID number. As part of that deal, carriers also promised to build a unified blacklist by October 2013. That should help to keep stolen devices from being transferred between networks.

Similar systems are already in place in parts of Europe, Latin America and Australia. In London, where a blacklist is in use, "mobile personal robbery" declined from 1,600 incidents per month in the fiscal year ending March 2007 to 900 per month two years later, according to the U.K.'s National Mobile Phone Crime Unit. The blacklist helped, as have better policing methods, says Jack Wraith of the Telecommunications U.K. Fraud Forum. But robbery is back on the rise—to 1,400 incidents per month last fiscal year. That increase comes after the iPhone and other fancier devices began to proliferate, notes Mr. Wraith.

A blacklist for the U.S. is a good start, but it will have important weaknesses. First, there is a loophole for tablets. Most iPads rely on Wi-Fi for connectivity, rather than a carrier network, so carriers can't block them. Another problem is that devices blocked in the U.S. will have full functionality in many other markets. Thieves in the U.K. adapted to the blacklist, exporting more stolen phones to places like Africa and India, notes Mr. Wraith.

Meanwhile, electronics recyclers like Gazelle in the U.S. pay top dollar for used electronics. "There is insatiable demand for iPhones outside the U.S.," says Gazelle founder Israel Ganot, "mostly in emerging markets." In Brazil, where an entry-level iPhone 4S retails for nearly $1,000 because of import taxes, buying "a $400 secondhand iPhone is pretty attractive."

Gazelle sells most of its devices to Hong Kong. "That's the hub where these devices get collected," adds Mr. Ganot, before being sent to other markets. Gazelle purchased 150,000 used iPhones in the fourth quarter of 2011 alone.

Mr. Ganot says that Gazelle does what it can to determine if phones are stolen, using websites like www.checkesnfree.com for Verizon devices, but there is often little the company can do.

Could technology provide an answer? What if a remote kill switch could be thrown to "fry" a stolen smartphone or tablet, making it truly useless? A representative of ARM Holdings, the British company whose technology is the foundation for most chips in mobile devices, says that it is possible to disable a device remotely so that it won't boot up.

After all, what's the point of a mobile device if people don't feel safe using it while they're mobile? In a poster for a new campaign by the San Francisco Municipal Transportation Agency, a woman sits alone with her iPhone on a dark city bus. Towering behind her is a hooded, faceless figure. "Always keep smartphones…out of sight," the poster warns.

Unknowingly, Apple even abets thieves on occasion. Because the warranty on its devices is tied to the device itself, not the owner, thieves have been able to get damaged devices replaced at Apple stores.

Apple spokeswoman Natalie Harrison says the company "has led the industry in helping customers protect their lost or stolen devices." She points to Apple's "Find My iPhone" app that can remotely wipe data from a missing device and locate it on a map. But a smart thief can simply turn off the stolen device—or wipe it clean of apps—to prevent being tracked. Thieves generally don't care about data anyway. They want to erase stolen devices so they can quickly sell them.

No system will end electronic device theft, of course. And people should be cautious when using theirs in public. But device makers could do more. Apple showed on Friday that it wants to improve security on its devices, agreeing to buy AuthenTec, a maker of fingerprint recognition technology. Hopefully the technology can be used not just to protect data but to disable lost or stolen devices.

Steve Jobs was famous for giving customers features they didn't know they wanted. Better antitheft protection is something you don't think about. Until, perhaps, your jaw is wired shut.
http://online.wsj.com/article/SB1000...904439852.html





Does Cybercrime Really Cost $1 Trillion?
Peter Maass and Megha Rajagopalan

Gen. Keith Alexander is the director of the National Security Agency and oversees U.S. Cyber Command, which means he leads the government’s effort to protect America from cyberattacks. Due to the secretive nature of his job, he maintains a relatively low profile, so when he does speak, people listen closely. On July 9, Alexander addressed a crowded room at the American Enterprise Institute in Washington, D.C., and though he started with a few jokes — his mother said he had a face for radio, behind every general is a stunned father-in-law — he soon got down to business.

Alexander warned that cyberattacks are causing "the greatest transfer of wealth in history," and he cited statistics from, among other sources, Symantec Corp. and McAfee Inc., which both sell software to protect computers from hackers. Crediting Symantec, he said the theft of intellectual property costs American companies $250 billion a year. He also mentioned a McAfee estimate that the global cost of cybercrime is $1 trillion. "That’s our future disappearing in front of us," he said, urging Congress to enact legislation to improve America’s cyberdefenses.

These estimates have been cited on many occasions by government officials, who portray them as evidence of the threat against America. They are hardly the only cyberstatistics used by officials, but they are recurring ones that get a lot of attention. In his first major cybersecurity speech in 2009, President Obama prominently referred to McAfee’s $1 trillion estimate. Sen. Joseph Lieberman, I-Conn., and Sen. Susan Collins, R-Maine, the main sponsors of the Cybersecurity Act of 2012 that is expected to be voted on this week, have also mentioned $1 trillion in cybercrime costs. Last week, arguing on the Senate floor in favor of putting their bill up for a vote, they both referenced the $250 billion estimate and repeated Alexander’s warning about the greatest transfer of wealth in history.

A handful of media stories, blog posts and academic studies have previously expressed skepticism about these attention-getting estimates, but this has not stopped an array of government officials and politicians from continuing to publicly cite them as authoritative. Now, an examination of their origins by ProPublica has found new grounds to question the data and methods used to generate these numbers, which McAfee and Symantec say they stand behind.

One of the figures Alexander attributed to Symantec — the $250 billion in annual losses from intellectual property theft — was indeed mentioned in a Symantec report, but it is not a Symantec number and its source remains a mystery.

McAfee’s trillion-dollar estimate is questioned even by the three independent researchers from Purdue University whom McAfee credits with analyzing the raw data from which the estimate was derived. "I was really kind of appalled when the number came out in news reports, the trillion dollars, because that was just way, way large," said Eugene Spafford, a computer science professor at Purdue.

Spafford was a key contributor to McAfee’s 2009 report, "Unsecured Economies: Protecting Vital Information". The trillion-dollar estimate was first published in a news release that McAfee issued to announce the report; the number does not appear in the report itself. A McAfee spokesman told ProPublica the estimate was an extrapolation by the company, based on data from the report. McAfee executives have mentioned the trillion-dollar figure on a number of occasions, and in 2011 McAfee published it once more in a new report, "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency".

In addition to the three Purdue researchers who were the report’s key contributors, 17 other researchers and experts were listed as contributors to the original 2009 report, though at least some of them were only interviewed by the Purdue researchers. Among them was Ross Anderson, a security engineering professor at University of Cambridge, who told ProPublica that he did not know about the $1 trillion estimate before it was announced. "I would have objected at the time had I known about it," he said. "The intellectual quality of this ($1 trillion number) is below abysmal."

The use of these estimates comes amid increased debate about cyberattacks; warnings of a digital Pearl Harbor are becoming almost routine. "A cyberattack could stop our society in its tracks," Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, said earlier this year. Bloomberg reported just last week that a group of Chinese hackers, whom U.S. intelligence agencies referred to as "Byzantine Candor," have stolen sensitive or classified information from 20 organizations, including Halliburton Inc., and a prominent Washington law firm, Wiley Rein LLP.

There is little doubt that a lot of cybercrime, cyberespionage and even acts of cyberwar are occurring, but the exact scale is unclear and the financial costs are difficult to calculate because solid data is hard to get. Relying on inaccurate or unverifiable estimates is perilous, experts say, because it can tilt the country’s spending priorities and its relations with foreign nations. The costs could be worse than the most dire estimates — but they could be less, too.

Computer security companies like McAfee and Symantec have stepped into the data void. Both sell anti-virus software to consumers, and McAfee also sells a range of network security products for government agencies and private companies, including operators of critical infrastructure like power plants and pipelines. Both firms conduct and publish cybercrime research, too. "Symantec is doing outstanding work on threat analysis," said Thomas Rid, a cybersecurity expert at Kings College London. "But still, of course they have a vested interest in portraying a more dangerous environment because they stand to gain for it."

The companies disagree. Sal Viveros, a McAfee public relations official who oversaw the 2009 report, said in an email to ProPublica, "We work with think tanks and universities to make sure our reports are non-biased and as accurate as possible. The goal of our papers [is] to really educate on the issues and risks facing businesses. Our customers look to us to provide them with our expert knowledge."

Symantec said its estimates are developed with standard methods used by governments and businesses to conduct consumer surveys and come from "one of the few, large, multi-country studies on cybercrime that asks consumers what forms of cybercrime they have actually experienced and what it cost them."

* * *

Cyberattacks come in many flavors. There are everyday crimes in which hackers access personal or financial information, such as credit card numbers. There are industrial crimes and espionage in which the attacker — perhaps a foreign country or company — breaks into a corporate or government network to obtain blueprints or classified information; sometimes the attacker gets inside a network and lurks there for months or years, scooping up whatever is of interest. One of the biggest categories of cybercrime is one of the least discussed — insider theft, by disgruntled or ex-employees. There’s also a category of attacks that do not have overt financial motives and that can constitute acts of war: Attempts to create havoc in computer systems that control nuclear power plants, dams and the electrical grid. This category is of the greatest concern to national security officials.

One reason it’s a challenge to measure the financial costs of cybercrimes is that the victims often don’t know they’ve been attacked. When intellectual property is stolen, the original can remain in place, seemingly untouched. Even when the breach is known, how do you put a dollar value on a Social Security number, a formula for a new drug, the blueprints for a new car, or the bidding strategy of an oil firm? It may be impossible to know whether an attacker uses intellectual property in a way that causes economic harm to the victim; maybe the data isn’t of much use to the attacker, or maybe the attacker, though using the data to quickly bring out a new product, is not successful in gaining market share.

There’s an added complication in some attacks: Companies can be reluctant to admit they have been hacked because they fear a loss in confidence from consumers or clients. This can lead to underreporting of the problem.

"How do you even start to measure the monetary damages?" asked Nick Akerman, a partner at the law firm of Dorsey & Whitney LLP who specializes in computer cases — and one of the contributors to the McAfee report. "I would argue it is impossible. Not to say the problem isn’t enormous. It is enormous. But I don’t see how you can adequately come up with dollar figures."

Companies that sell security software are not bound by the same professional practices as academics, whose studies tend to refrain from sweeping estimates. Even when corporate reports involve academic researchers, the results can be suspect. Industry-sponsored studies — pharmaceuticals are an example, according to a 2003 study published by BMJ (formerly known as the British Medical Journal) — can have a bias toward the industry’s economic interests. Unlike academic journals, which use a peer review process, there’s no formal system of oversight for studies published by industry. The economic interest of security companies is clear: The greater the apparent threat, the greater the reason to buy their anti-intruder software. Norton, which is owned by Symantec and sells a popular suite of anti-virus software, advises in its latest cybercrime report: "Don’t get angry. Get Norton."

Computer scientists Dinei Florencio and Cormac Herley, who work at Microsoft Research, the software giant’s computer science lab, recently wrote a paper, "Sex, Lies and Cyber-crime Surveys," that sharply criticized these sorts of surveys. "Our assessment of the quality of cyber-crime surveys is harsh: they are so compromised and biased that no faith whatever can be placed in their findings," their report said. "We are not alone in this judgement. Most research teams who have looked at the survey data on cyber-crime have reached similarly negative conclusions."

Julie Ryan, a professor of engineering management and systems engineering at George Washington University, co-authored a paper, "The Use, Misuse, and Abuse of Statistics in Information Security Research". In an interview with ProPublica, she said: "From what I’ve seen of the big commercial surveys, they all suffer from major weaknesses, which means the data is worthless, scientifically worthless. But it’s very valuable from a marketing perspective."

Yet corporate cybersurveys are repeatedly invoked; the NSA’s Alexander is merely among the most prominent senior officials to do it. ProPublica provided the NSA’s media office with links to critical studies, stories and blog posts about the Symantec and McAfee numbers and asked whether Alexander or the agency was aware of them or, alternately, had other data to support the numbers he cited. The NSA media office responded: "The information is publicly available and was appropriately sourced."

* * *

McAfee was founded by John McAfee, a software engineer who wrote some of the first anti-virus software in the 1980s. The company grew quickly, thanks in part to a novel marketing strategy in those days — McAfee gave away its software, charging only for tech support. The company went public in 1992 and remained a leader in its field; last year it was acquired by Intel Corp. for $7.68 billion. "We have had just one mission: to help our customers stay safe," McAfee says on its website. "We achieve this by creating proactive security solutions for securing your digital world."

In 2008, McAfee decided to commission a report that would look at how the global economic downturn was affecting data theft against companies. McAfee put one of its public relations officials, Viveros, in charge of the project. Viveros, in a phone interview, said a technology marketing company was hired to create and distribute a survey to about 1,000 information and technology executives across the globe. Purdue University’s Center for Education and Research in Information Assurance and Security, headed by Spafford, analyzed the survey results, conducted follow-up interviews and helped write the report. McAfee confirmed that it helped steer $30,000 from a foundation to Purdue for the work.

The 31-page report found that the companies surveyed had an average of $12 million worth of sensitive information stored in offshore computer systems in 2008, and that each lost an average $4.6 million worth of intellectual property in 2008. The report was released on Jan. 29, 2009, in Davos, Switzerland, during a meeting of the World Economic Forum. McAfee issued a news release to announce it, and the release included dramatic numbers that were not in the report.

"The companies surveyed estimated they lost a combined $4.6 billion worth of intellectual property last year alone, and spent approximately $600 million repairing damage from data breaches," the release said. "Based on these numbers, McAfee projects that companies worldwide lost more than $1 trillion last year." The release contained a quote from McAfee’s then-president and chief executive David DeWalt, in which he repeated the $1 trillion estimate. The headline of the news release was "Businesses Lose More than $1 Trillion in Intellectual Property Due to Data Theft and Cybercrime."

The trillion-dollar estimate was picked up by the media, including Bloomberg and CNET, which expressed no skepticism. But at least one observer had immediate doubts. Amrit Williams, a security consultant, wrote on his blog a few days later, "$1 trillion a year? Seriously? Where the hell did the figure come from? To give you some perspective of size the total US GDP is about 14 trillion and that includes EVERYTHING."

The news stories got the worried attention of some of the report’s contributors because McAfee was connecting their names to an estimate they had no previous knowledge of and were skeptical about. One of the contributors, Augusto Paes de Barros, a Brazilian security consultant, blogged a week after the news release that although he was glad to have been involved in the report, "I could not find any data in that report that could lead into that number. … I’d like to see how they found this number."

When the number was announced in 2009, McAfee provided no public explanation of how it was derived. "Initially we were just going to do the report, but a lot of people were asking us what was the total number, so we worked on a model," said McAfee’s Viveros. This week, in response to queries from ProPublica, he disclosed details about the methodology. He said the calculations were done by a group of technology, marketing and sales officials at McAfee and were based on the survey responses.

"McAfee extrapolated the $1 trillion … based on the average data loss per company, multiplied by the number of similar companies in the countries we studied," Viveros said in an email.

The company’s method did not meet the standards of the Purdue researchers whom it had engaged to analyze the survey responses and help write the report. In phone interviews and emails to ProPublica, associate professor Jackie Rees Ulmer said she was disconcerted when, a few days before the report's unveiling, she received a draft of the news release that contained the $1 trillion figure. "I expressed my concern with the number as we did not generate it," Rees Ulmer said in an email. She added that although she couldn't recall the particulars of the phone conversation in which she made her concerns known, "It is almost certainly the case that I would have told them the number was unsupportable."

Viveros said McAfee was never told by Purdue that the number could not be supported by the survey data. The company moved ahead with the news release and, Viveros noted, the trillion-dollar estimate "got a life of its own."

In February 2009, President Obama ordered a 60-day cybersecurity review to look into ways to better protect the country from cyberattacks, and he appointed Melissa Hathaway, who served as a cybersecurity adviser in the Bush administration, to oversee the effort. On May 29, Obama unveiled the review and delivered his first major cybersecurity speech. The second page of the 38-page review cited McAfee’s trillion-dollar figure, and the president used it in his speech, saying, "It’s been estimated that last year alone cybercriminals stole intellectual property from businesses worldwide worth up to $1 trillion."

The administration’s Cyberspace Policy Review includes footnotes, and the one for the $1 trillion estimate directs readers to McAfee’s news release. It is not an ordinary occurrence that a president relies on the contents of a corporate news release to warn Americans of a major threat to the homeland’s economic and national security, but Hathaway, now a security consultant, told ProPublica that at the time of the president’s speech she was comfortable with McAfee’s estimate because it appeared to be associated with Purdue researchers. However, she became wary of it once she began making more inquiries after the speech. "I tend not to use that number anymore," she said. "I was surprised that there wasn’t proved methodology behind the number."

In March 2011, McAfee published its "Underground Economies" report, which repeated the $1 trillion estimate. Criticism of it continued, too. Robert Richardson, then director of the Computer Security Institute, skeptically wrote on the group’s website in the spring of 2011 that "The trillion dollar number is just too good to kill." Later in 2011, Wired’s British edition reported that "if true, the figure amounts to a massive 1.6 percent of global GDP." This year, Microsoft Research’s Florencio and Herley wrote an opinion piece in The New York Times that described widely circulated cybercrime estimates as "generated using absurdly bad statistical methods, making them wholly unreliable."

These critiques have now taken on added importance because government officials are citing a variety of industry-generated numbers in their efforts to bolster support for major cybersecurity legislation. The House passed its version of a cybersecurity bill this spring; the pending Senate bill, known as the Cybersecurity Act of 2012, would enable the U.S. government and private companies to more easily share information about cyberthreats and create a set of voluntary cybersecurity standards for operators of critical infrastructure.

* * *

In his speech at the American Enterprise Institute, Gen. Alexander said Symantec placed the cost of intellectual property theft to the U.S. at $250 billion a year. Tracing the origins of this statistic — as both the U.S. Government Accountability Office and technology writer Julian Sanchez have attempted before — is not unlike pulling a piece of yarn to unravel an old sweater. Although Symantec mentioned the $250 billion estimate in a 2011 report, "Behavioral Risk Indicators of IP Theft," the estimate is not Symantec’s.

The report mentions the figure in passing, sourcing it in a footnote to a legal paper, where, as it turns out, the $250 billion number is not mentioned at all. Eric Shaw, one of two forensic psychologists Symantec retained to research the "Behavioral Risk" report, told ProPublica the footnote was a mistake. Instead, it should have referred to a different paper that points to a 2003 speech by FBI Director Robert S. Mueller. The figure is also cited in old FBI news releases available via the Internet Archive.

An agency spokeswoman said that although she believed FBI officials used a reliable source for the number, the FBI had neither developed the number nor claimed to have done so. She pointed to another document, from the U.S. Department of Justice, attributing the $250 billion figure to the Office of the U.S. Trade Representative.

Then-Commerce Secretary Gary Locke used the $250 billion number in a 2010 speech. Like Locke, the trade representative is a member of the president’s cabinet; a spokeswoman for the office said the figure was not from them. "Your inquiry appears to refer to an industry-reported figure," the spokeswoman told ProPublica, pointing to a U.S. Chamber of Commerce paper on intellectual property theft. Sure enough, there’s the $250 billion again — this time attributed to none other than the FBI.

There are other concerns about Symantec estimates cited by Alexander. Drawing from the 2011 Norton Cybercrime Report, Alexander put the direct cost of cybercrime at $114 billion and cybercrime’s total cost, factoring in time lost, at $388 billion. The report was not actually researched by Norton employees; it was outsourced to a market research firm, StrategyOne, which is owned by the public relations giant Edelman.

StrategyOne surveyed almost 20,000 people in 24 countries, asking them to report whether they had experienced cybercrime and how much it had cost them. The company said it used "standard research practice for online surveys" to obtain a representative sample of Internet users. To calculate a total cost, it multiplied the estimated number of victims by the average cost of cybercrime in each country.

But that still leaves room for uncertainty, several researchers told ProPublica. For example, if responses came mainly from those most concerned about cybercrime or from those who suffered the biggest losses, it could inflate the average cost. And one person’s estimate of the financial damage from a cybercrime might be completely different from the next person’s guess, even if both suffered the same crime and the same amount of lost time.

A StrategyOne spokesman, asked if the Symantec estimates could be called scientific, responded, "Yes, as much as any survey or poll that relies on consumers to estimate their losses based on recall."

Some experts say that’s not good enough. "Nobody can really assess the true impact of cybercrime," said Franz-Stefan Gady, an analyst at a security-focused think tank called the EastWest Institute. "It’s really the self-reporting — because we can’t verify it. It’s just as simple as that."

In their 2011 paper, Florencio and Herley of Microsoft Research did not specifically mention the Symantec or McAfee numbers. But they observed, "Far from being broadly-based estimates of losses across the population, the cyber-crime estimates that we have appear to be largely the answers of a handful of people extrapolated to the whole population."

Sen. Collins added another layer of confusion about the mysterious $250 billion figure when she spoke last week in support of the cybersecurity bill. In remarks on the Senate floor, she mentioned Gen. Alexander and said, "He believes American companies have lost about $250 billion a year through intellectual property theft."

Collins’ office declined several requests for comment. A spokeswoman for Lieberman, who similarly cited Alexander and the $250 billion figure, replied, "Senator Lieberman and his staff believe that McAfee, Symantec, and General Alexander are reputable sources of information about cybersecurity."
https://www.propublica.org/article/d...ost-1-trillion





App Store Infested with Zombie Software, Claims Analytics Startup Adeven
David Meyer

German mobile analytics firm Adeven says that nearly two-thirds of software in iOS App Store are ‘zombies’ — thanks to a new tool that has counted 400,000 apps which get no downloads, are invisible to users and have no ranking.

Zombies may provide a perennial source of material for mobile games, but no developer actually wants their app to be the walking dead. Nonetheless, according to new mobile analytics and ad verification firm Adeven, that’s what almost two-thirds of the iOS App Store constitutes.

The Berlin company’s Apptrace tool launches on Tuesday and as a result it’s showing off several stats as a way of strutting its stuff. The most interesting one is the revelation that around 400,000 App Store apps get no downloads, are invisible to users and have no ranking.

“The reality is there are only a couple of thousand apps that really make some kind of downloads,” Christian Henschel, Adeven CEO, told me. “This is based on Apple’s closed system — it’s tough to discover those kinds of apps. You don’t have proper search, so the only way to discover new apps is through the top listing.”

“If you’re not on those lists, it’s not sure that you’re being discovered by anyone else. The top 25 tend to be the same companies who spend millions of dollars to get to the top of those lists. If you’re an independent, small app publisher, then it’s really tough to be discovered.”

Apptrace finds itself in a busy market, with the likes of Keen.io, Count.ly and (to an extent) Flurry all trying to court developers with the sharpest insights.

But Apptrace takes a different angle. For a start, it’s a free resource that is initially providing something closer to AppData’s outside-view app rankings, only through a prettier interface and with a deeper segment view. Android analytics will come in the fourth quarter, but for now Apptrace collates iOS data from the 155 countries where the App Store is present.

And with a seven-figure Series A round from Target Partners in the bank since April, Adeven already has some key enhancements ready for the rest of this year. The big one will be the addition of in-app analytics: something that will take Apptrace squarely up against Keen.io et al, but Henschel says the combination of the internal and external perspective will be unique.

“We’re not only measuring success within the app, but also within the ecosystem,” he said. “We will also soon be launching a feature where you can compare apps against each other, which is something that’s not available at the moment.”

Apptrace also has a feature lined up for developers with an ad-funded model: at the moment, they need to integrate multiple SDKs into their apps to handle all the different ad brokers such as AdMob and InMobi, but Apptrace will soon come out with a unified SDK that can manage the analytics for all these disparate networks.

And as for making money out of all this?

“The main reason we founded Adeven is to bring transparency into this mobile ecosystem,” Henschel said. “We believe if we provide the transparency then a lot more app dollars will fly into this ecosystem and we will find ways to participate in these revenues. But first, we’re really focusing on getting app developers using our service.”

Which is where those attention-grabbing, suspicion-confirming stats come in. Did you know that the App Store has 1,899 flashlight apps? Madness.
http://gigaom.com/europe/app-store-i...tartup-adeven/





Apple-Samsung Patent Battle Shifts to Trial
Steve Lohr

Patent trials are part bombast, part boredom. Lurid accusations of corporate skulduggery and deceit quickly give way to a mind-numbing slog through the technical details and vague language of patent claims.

Apple asserts that Samsung made “a deliberate decision to copy” the iPhone and iPad, in both product design and software that creates the user experience.

A jury will be asked to sort through all that to settle a dispute between Apple and Samsung Electronics beginning Monday in a federal court in San Jose, Calif.

The jury trial is the latest phase in a global campaign of smartphone patent litigation that began more than two years ago. The legal clashes mainly pit Apple against rival smartphone makers whose handsets are powered by Google’s Android software, notably Samsung, HTC and Motorola Mobility, which Google bought last year. Dozens of lawsuits and countersuits have been filed in courtrooms around the world.

Yet the escalating patent battle is more than just legal maneuvering. Patents can be powerful tools for determining the rules of engagement for major companies in a fast-growing industry like smartphones.

Patents are declarations of invention that are often easily obtained from government patent examiners, but their real value — their validity and strength — is determined in court.

A few significant rulings in favor of one side or the other, industry and patent experts say, could shape the competitive landscape in smartphones and a sister industry, tablet computers. Court decisions, they say, can provide the basis for negotiating the terms and cost of licensing and cross-licensing of patents — or for keeping certain patented features exclusive to one company.

“Once you determine who is the genuine innovator, and in what technologies on the product, you reset the playing field,” said Kevin G. Rivette, a Silicon Valley patent consultant and former vice president for intellectual property strategy for I.B.M.

But to bring a real shift in the marketplace, Mr. Rivette added, one side must have “strong patents, not incremental ones.”

That issue is much debated, and litigated, in the smartphone arena.

Apple scored some points in June. Judge Lucy H. Koh, who will also preside over the jury trial that begins this week, issued a preliminary injunction against Samsung, ordering it to stop selling its Galaxy Nexus smartphone in the United States.

Judge Koh found that Samsung had infringed on an Apple patent for a “universal interface,” which broadly describes crucial ingredients found in Siri, Apple’s question-answering application (though the patent itself was filed by Apple before it acquired Siri in 2010).

But the power of smartphone patents in general suffered a blow in another federal court in June.

Richard A. Posner, a prominent federal appeals court judge in Chicago, dismissed a case involving Apple and Google’s Motorola Mobility subsidiary. In his “pox on both of your houses” ruling, Judge Posner ridiculed Apple’s broad claims for its user-experience patents and Motorola’s claim that Apple should pay it a rich royalty on its basic communications patents. Both companies are appealing that ruling.

Fierce patent battles in new industries have been the rule for more than a century, from the steam engine to semiconductors. The lessons of history are decidedly mixed.

Sometimes, patent warriors can hold off rivals for years, as the Wright brothers did in the airplane business — though the cost in time, money and innovative energy diverted was daunting even then. In 1912, Wilbur Wright wrote, “When we think what we might have accomplished if we had been able to devote this time to experiments, we are very sad.”

In smartphones, some analysts say, the sheer number of patents and the speed of innovation in product development undermine the power of patents. Because a smartphone combines many communications and computing technologies, as many as 250,000 patents may touch the device, according to estimates by RPX, a patent licensing company.

“You necessarily litigate individual patents, but there are thousands of patents behind the ones in court,” said Mark A. Lemley, a patent expert at the Stanford Law School. “That complexity and the speed of innovation may well make it easier to invent around the patent system in smartphones.”

Indeed, for its new Galaxy models, Samsung developed an alternative to one of the Apple-patented features cited in this week’s trial.

One of Apple’s many patents on user-experience programming covers its “rubberbanding” or “bounce” feature — when a user pulls a finger from the top of the touch screen to the bottom, the digital page bounces. On the new Samsung phone, the same finger stroke brings a blue glow at the bottom of the screen, not a bounce.

“There is no single killer patent in this lawsuit,” said Florian Mueller, a patent analyst and blogger. “Apple cannot deal a knockout blow to Samsung.”

Trial briefs filed last week lay out the narrative and some of the details that Apple and Samsung plan to present in court.

Apple asserts that Samsung made “a deliberate decision to copy” the iPhone and iPad, in both product design and software that creates the user experience. The unredacted version of Apple’s filing quotes internal Samsung documents saying that its smartphone design “looked like it copied the iPhone too much” and that “innovation is needed.” Another analysis done for Samsung concluded that the icons on its phone were “too iPhone-like” and were “strongly associated with the iPhone UI,” or user interface.

In its brief, Samsung contends Apple is using patents to try to “stifle legitimate competition and limit consumer choice to maintain its historically exorbitant profits.”

Samsung cites internal Apple documents and deposition testimony to conclude that Apple borrowed its ideas from others, especially Sony. Apple, according to Samsung, was clearly innovative in refining the ideas of others, but it was not the original inventor.

Samsung, quoting its own documents, said it had touch-screen phones in development before the iPhone was introduced in January 2007, pointing to the Samsung F700 model. (The F700 had a touch screen, but also a pullout keyboard underneath.)

According to Samsung, the corporate documents Apple quotes in its brief come from “benchmarking” sessions conducted by Samsung, a standard industry practice.

“Apple,” the Samsung brief observed, citing deposition testimony, “also assembled an ‘Android war room,’ where its employees can study Android products.”
https://www.nytimes.com/2012/07/30/t...tent-wars.html





Taiwan University Sues Apple Over Speech Recognition Patents

A Taiwan university has filed a patent infringement suit against Apple Inc in a U.S. court over the iPhone maker's Siri speech recognition system, which lets users place calls or perform other tasks with voice commands, and is seeking undisclosed damages.

Apple is also wrestling with Samsung Electronics Co Ltd in one of the biggest-ever technology patent trials as a lengthening list of foes big and small charges into legal battle with Apple over patents and trademarks for its popular mobile devices.

Earlier this month, Apple paid $60 million to Proview Technology (Shenzhen) to end a protracted legal dispute over the iPad trademark in China.

Taiwan's National Cheng Kung University said on Monday it had launched a suit alleging that Apple's use of Siri in its iPhone and future versions of its iPad infringes two U.S. patents it was granted in 2007 and 2010 that relate to voice-to-text technology.

The suit was filed in the United States District Court for the Eastern District of Texas, Marshall Division, on Friday, it said.

"We filed that lawsuit in the Texas court because it processes faster and its rulings are usually in favor of patent owners and the compensations are usually higher," said Yama Chen, legal manager of National Cheng Kung, in the southern Taiwan city of Tainan.

He declined to disclose the amount of compensation the university was seeking but said any calculation would be based on Apple's U.S. sales of devices that use Siri.

An Apple representative in Asia could not immediately be reached for comment.

Chen said the university was also examining whether smartphone voice recognition systems used by Google Inc and Microsoft Corp have infringed its patents.

Two small Chinese companies have filed suits against Apple in China, with Jiangsu Xuebao charging trademark violations for the use of Snow Leopard as the name of its computer operating system and Zhi Zhen Internet Technology targeting the voice assistant functions used in Siri, Chinese media reports said in early July.

(Reporting by Clare Jim; Additional reporting by Chyen Yee Lee; Editing by Jonathan Standing and Edmund Klamann)
http://www.reuters.com/article/2012/...86T0A920120730





Talk to Me, One Machine Said to the Other
Kevin J. O’Brien

Ocado, an online grocery store in England, prides itself on its delivery of refrigerated foods: When the company says the goods will arrive at a certain temperature, they mean it.

The promise is more than a marketing boast. Aided by microchip transmitters, heat sensors and a fast-growing form of wireless communication, the boast is a measurable fact.

Inside each Ocado delivery van is a SIM-card module the size of a postage stamp that monitors the air temperature. The sensor sends data to a computer used by fleet managers back at headquarters near London every few minutes.

Ocado says incidents of spoilage of goods have declined since the transmitters were installed last year.

“It has saved us time and given us more confidence in our real-time monitoring, as well as being a safety check for the driver,” said Paul Clarke, Ocado’s director of technology, who oversees a 300-person department that develops software and hardware for the retailer.

The drone of low-density conversation between Ocado’s trucks and headquarters in Hatfield is one example of machine-to-machine communication, a stream of consciousness based on semiconductors that is poised to reinvigorate the mobile industry.

Berg Insight, a research firm in Goteborg, Sweden, says the number of machine-to-machine devices using the world’s wireless networks reached 108 million in 2011 and will at least triple that by 2017. Ericsson, the leading maker of wireless network equipment, sees as many as 50 billion machines connected by 2020. Only 10 billion or so are likely to be cellphones and tablet computers. The rest will be machines, talking not to us, but to each other.

The combined level of robotic chatter on the world’s wireless networks — measured in the digital data load they exert on networks — is likely soon to exceed that generated by the sum of all human voice conversations taking place on wireless grids.

“I would say that is definitely possible within 10 years,” said Miguel Blockstrand, the director of Ericsson’s machine-to-machine division in Stockholm. “This is a ‘What if?’ kind of technology. People start to consider the potential, and the possibilities are endless.”

Machine-to-machine communications has been around for more than two decades, initially run on landline connections and used for controlling industrial processes remotely. With advances in mobile broadband speeds and smartphone computing, the same robotic conversations are now rapidly shifting to wireless networks.

When the total amount of data traffic generated by machines overtakes that created by human voice conversations — or possibly before — mobile operators will have to choose who waits in line to make a call or receive an e-mail — the machine or the human.

“It really does raise some quandaries for the operators,” said Tobias Ryberg, an analyst at Berg Insight. “Most mobile networks are set up for human communication, not for machines. So there will have to be a whole revamping of the system to make this possible.”

Currently, about a third of all machine-to-machine communication involves so-called smart utility meters, which perform duties like sending data on household electric and gas consumption to utilities; the utilities use the information to tailor production to actual demand. In Europe, all households in Sweden and Italy are equipped with smart meters, many of them running wirelessly. In Austria, a law will require five million homes to be equipped with smart electric meters by 2019.

Another third is taking place in the auto industry, through car and truck fleet management systems, which allow transport companies or corporate car managers to track their vehicles in real time, or that are used by emergency accident, repair and location services like General Motors’ OnStar system, now installed on a quarter of new GM vehicles. In Europe, similar technology is beginning to appear in preparation for 2015, when the eCall initiative, an E.U. law requiring all new cars to be equipped with wireless transmitters will take effect. The transmitters would automatically report accident data, as well as airbag deployment and location, to emergency responders

But it is variations on consumer applications like Ocado’s that are expected to provide the biggest growth over the next decade, said Yiru Zhong, an analyst at Frost & Sullivan, a research firm in London that tracks the sector.

In Japan, the government is considering installing a bigger system of seismic sensors to detect earthquakes, Ms. Zhong said. In Calitri, a town in southern Italy, wireless sensors are helping produce caciocavallo, a type of Pecorino cheese made by Caseificio di Cecca e di Roma. The cheese ages in cellars shielded from the searing heat, and sensors regularly send data on humidity to a monitoring station at a local agricultural extension center.

European mobile operators have begun exploiting the financial potential of machine-to-machine communication, and have set up independent units to develop the business. Telefónica, Deutsche Telekom, Vodafone and France Télécom have all established separate business entities or internal centers to develop new products catering to machines.

“Right now, this is a nice contribution to our company’s bottom line,” said Bernd Liebscher, the managing director of Telekom Austria’s machine-to- machine division, which was set up last September. The operator does not break out machine-to-machine sales. “But over time, should we assume services for an entire vertical industry, like utility smart metering, we are talking about a significant business,” he said.

Telekom Austria’s mobile networks wirelessly connected 500,000 machines in eight countries at the end of 2011, a figure Mr. Liebscher said would grow 50 percent this year to 750,000. The tiny transmitter modules provide traffic and weather updates to 1.3 million users of TomTom navigation systems, link Otis elevators in Slovenia to emergency breakdown centers and connect 900 automatic teller machines of Priorbank in Belarus, among other uses. The two biggest applications are electronic payment terminals and fleet management.

Ms. Zhong, the Frost & Sullivan analyst, estimated that machine-to- machine conversations made up less on average than 10 percent of an operator’s total revenue, but the growth potential is considered large.

For wireless machine communication to become ubiquitous — imagine every home or office window opening and closing automatically to control temperature and humidity — the makers of the modules, SIM cards and associated network equipment will have to agree on broad series of technical standards to enable seamless communication between various devices.

Those megastandards do not exist now, and the biggest makers of devices, industry groups and mobile operators have split into different standards- setting groups, which is likely to delay adoption of uniform communications across industries, networks and module makers.

A 2011 research paper produced by researchers at Intel, the leading chip maker, concluded that the lack of broad, overarching standards and technologies that enable mobile networks to keep up with the explosion in robotic communication, are needed to bring about an Internet “embedded” in everyday life.

“I think there will be an effort to work to convergence, but the reality is not there yet,” Ms. Zhong said.

Jim Morrish, an analyst with Machina Research, a London firm that focuses on the sector, said he had no doubts that engineers would come up with the requisite advances to bring about that kind of future.

“I think by the time we reach 50 billion connected devices, we will be in such a different technological stage that those won’t be issues anymore,” he said.
https://www.nytimes.com/2012/07/30/t...the-other.html





Amazon Revamps Its Cloud Music Player to Compete With iTunes
Ben Sisario

It has taken more than a year, but Amazon is finally ready to compete with iTunes in the cloud.

On Tuesday, Amazon introduced a new version of its Cloud Player music service, which first arrived last year in a limited form because Amazon did not have licenses from record companies and music publishers. Now, after many months of negotiations, it has gotten those licenses.

So Cloud Player — which, like Apple’s iTunes Match and other so-called locker services, stores users’ songs so the users can have access to them on any device — now has more extensive and convenient features, like the ability to scan a user’s computer to match songs to a master database. That is a valuable shortcut around the laborious process of uploading each and every track, but one that requires a license from copyright holders.

The new Cloud Player is available in two tiers, including a free version that gives Amazon a slight advantage over Apple. Users can store up to 250 songs free on Amazon’s servers, or 250,000 songs for $24.99 a year; those limits do not count songs bought directly through Amazon’s MP3 store, which has long trailed iTunes as the second-biggest download shop but has been marketing itself aggressively with deep discounts.

Some more detail:

Like iTunes Match, Amazon’s Cloud Player keeps copies of songs at 256 kilobytes per second, even if the original version was lower-fidelity.
It will not, however, upload songs coded with D.R.M. copy protection, which includes virtually everything that iTunes sold until early 2009.


Amazon’s revised cloud service also puts pressure on Google, whose cloud music and media service, Play, has been stymied by licensing issues.

Play sells downloads from three of the four major music labels, but it lacks a deal with the Warner Music Group, whose acts include Green Day, Bruno Mars and the Red Hot Chili Peppers. And while Google also has an unlicensed cloud locker system, its attempts to get licenses for that service have been hampered by the music industry’s longstanding complaints that Google has not been doing enough to prevent piracy.
http://mediadecoder.blogs.nytimes.co...e-with-itunes/





Same Old Song
L.R.

THE kids these days play their music too loud and it all sounds the same. Old fogies familiar with such sentiments will be happy to hear that maths bears them out. An analysis published in Scientific Reports by Joan Serrŕ of the Artificial Intelligence Research Institute in Barcelona and his colleagues has found that music has indeed become both more homogeneous and louder over the decades.

Dr Serrŕ began with the basic premise that music, like language, can evolve over time, often pulled in different directions by opposing forces. Popular music especially has always prized a degree of conformity—witness the enduring popularity of cover songs and remixes—while at the same time being obsessed with the new. To untangle these factors, Dr Serrŕ's team sifted through the Million Song Dataset, run jointly by Columbia University, in New York, and the Echo Nest, an American company, which contains beat-by-beat data on a million Western songs from a variety of popular genres. The researchers focussed on the primary musical qualities of pitch, timbre and loudness, which were available for nearly 0.5m songs released from 1955 to 2010.

They found that music today relies on the same chords as music from the 1950s. Nearly all melodies are composed of ten most popular chords. They follow a similar pattern to written texts, where the most common word occurs roughly twice as often as the second most common, three times as often as the third most common, and so on, a linguistic regularity known as Zipf's law. What has changed is how the chords are spliced into melodies. In the 1950s many of the less common chords would chime close to one another in the melodic progression. More recently, they have tended to be separated by the more pedestrian chords, leading to a loss of some of the more unusual transitions. Timbre, lent by instrument types and recording techniques, similarly shows signs of narrowing, after peaking in the mid-60s, a phenomenon Dr Serrŕ attributes to experimentation with electric-guitar sounds by Jimi Hendrix and the like.

What music lost in variety, it has gained in volume. Songs today are on average 9 decibels louder than half a century ago, confirming what industry types have long suspected: that record labels engage in a "loudness race" in order to catch radio listeners’ attention. Since digital audio formats max out at a certain decibel level, as the average loudness inches towards that ceiling, songs will lose dynamic range, becoming ever more uniform.

This homogeneity is not just jarring to melomaniacs. It might confuse the popular algorithms for identifying and recommending tracks, like those used by Spotify and other music services. Many of these rely on timbre measurements to sort songs into genres, for instance. Some musicians are bound to respond by confounding expectations with new sounds. Whether audiences wish to be confounded remains moot.
http://www.economist.com/blogs/babba.../science-music





For More Pianos, Last Note Is Thud in the Dump
Daniel J. Wakin

The Knabe baby grand did a cartwheel and landed on its back, legs poking into the air. A Lester upright thudded onto its side with a final groan of strings, a death-rattling chord. After 10 pianos were dumped, a small yellow loader with a claw in front scuttled in like a vicious beetle, crushing keyboards, soundboards and cases into a pile.

The site, a trash-transfer station in this town 20 miles north of Philadelphia, is just one place where pianos go to die. This kind of scene has become increasingly common.

The value of used pianos, especially uprights, has plummeted in recent years. So instead of selling them to a neighbor, donating them to a church or just passing them along to a relative, owners are far more likely to discard them, technicians, movers and dealers say. Piano movers are making regular runs to the dump, becoming adept at dismantling instruments, selling parts to artists, even burning them for firewood.

“We bust them up with a sledgehammer,” said Jeffrey Harrington, the owner of Harrington Moving & Storage in Maplewood, N.J.

Pianos consist of hundreds of pounds of metal, wood and intricate machinery able to channel Bach, Mozart and Beethoven, along with honky-tonk, “Happy Birthday” and holiday tunes. It is strange to think of them as disposable as tissues. Yet economic and cultural forces have made many used pianos, with the exception of Steinways and a few other high-end brands, prone to being jettisoned.

With thousands of moving parts, pianos are expensive to repair, requiring long hours of labor by skilled technicians whose numbers are diminishing. Excellent digital pianos and portable keyboards can cost as little as several hundred dollars. Low-end imported pianos have improved remarkably in quality and can be had for under $3,000.

“Instead of spending hundreds or thousands to repair an old piano, you can buy a new one made in China that’s just as good, or you can buy a digital one that doesn’t need tuning and has all kinds of bells and whistles,” said Larry Fine, the editor and publisher of Acoustic & Digital Piano Buyer, the industry bible.

Used pianos abound on Web sites like eBay, driving prices down and making it difficult to sell Grandma’s old upright. With moving costs of several hundred dollars, even giving a piano away can be expensive. Abandonment often becomes the only option, especially for heirs dealing with a relative’s property.

Many pianos are also dying of old age. In the late 19th and early 20th centuries, before radio and recordings, pianos were the main source of music, even entertainment, in the home. They were a middle-class must-have.

So from 1900 to 1930, the golden age of piano making, American factories churned out millions of them. Nearly 365,000 were sold at the peak, in 1910, according to the National Piano Manufacturers Association. (In 2011, 41,000 were sold, along with 120,000 digital pianos and 1.1 million keyboards, according to Music Trades magazine.)

The average life span rarely exceeds 80 years, piano technicians say. That’s a lot of pianos now reaching the end of the line.

Piano dealers also blame other changes in society for a lack of demand in the used-piano market: cuts in music education in schools, competition for practice time from other pursuits, a drop in spending on home furnishings with the fall of the housing market.

Whatever the reason, people in the piano world agree that disposals are mounting.

O’Mara Meehan Piano Movers said it takes 5 to 10 pianos a month to the debris transfer site here. The company was founded in 1874 by the great-grandfather of the brothers Bryan and Charles T. O’Mara Jr.

Bryan O’Mara and an employee, James A. Fox, drove their truck into a hangarlike structure one day last week. Inside the truck were six uprights and four grands. Several came from the Philadelphia school system and one from a retirement home. “This was Mrs. Dombrowski’s from New Hope,” Mr. O’Mara said, patting the Knabe.

Mr. O’Mara and Mr. Fox pushed them off the back of the truck one by one. The top of an upright popped off when it landed. Mr. Fox tossed amputated piano legs and a pedal mechanism. Sprayers from above sent out a swirl of dust-settling mist, adding to the surreal atmosphere.

Mr. O’Mara had charged the former owners about $150 per piano. The trash site charged him $233.24 for dumping them all. A recycling company would pick up the debris and separate the wood from the metal.

Beethoven Pianos, a restorer, renter, mover and dealer in New York, has a 34,000-square-foot warehouse at the base of the Third Avenue Bridge in the Bronx, with scores of pianos awaiting disposal, said the owner, Carl Demler.

“In wintertime we burn them,” he said, pointing to a round metal stove. “This one has eaten many pianos.”

He watched as a worker, James Williams, dismantled a grand. “Ashes to ashes,” Mr. Demler said.

“Dust to dust,” Mr. Williams added, unscrewing pins that held the strings.

The junking of the modern descendant of the “gravicembalo col piano e forte,” the Italian precursor, can evoke strong reactions. A video posted on YouTube by one mover showing pianos being dumped drew violent remarks. Commenters said they felt sickened and called the scene barbaric, painful, outrageous, even criminal. “Stop the horror!” one wrote.

When the video was described to Madeleine Crouch, the administrator of the National Piano Manufacturers Association, she responded with a sharp intake of breath. “That makes me cry,” she said. “Pianos are lovable. You wouldn’t want your pet horse to be thrown out into the glue factory.”

Such reactions emphasize the abyss between the emotional value of used pianos and their worth in the marketplace.

“It is the most emotionally charged piece of furniture that there is,” said Martha Taylor, a rare restorer of uprights, whose Immortal Piano Company is based in Portland, Ore. “When I have to say: ‘You’ve buried your grandmother. You have to bury her piano,’ it’s a really hard thing.”

Many movers say they strive to find homes for abandoned pianos, making the rounds of nursing homes, schools and other institutions.

“You hate to see them go,” said Mr. O’Mara, whose company tries to give away discarded pianos. Any rescued piano, he noted, is also a potential future move for O’Mara Meehan. But there is just so much room in his warehouse for adoptees. He has to cull them like a herd. Churches and schools often do not have room or the means to maintain them.

Brian Goodwin, who owns Piano Movers of Nashua, N.H., and who had 30 pianos in his warehouse ready for the dump recently, said he created the Web site Piano Adoption partly as a clearing house to find homes for unwanted pianos. He posted the video of the dumped pianos that drew such shocked responses.

When owners ask where a cherished piano is going, he said, he tries to avoid the subject or tells them it will be put up for adoption.

“The last thing they want to hear is that it’s going to a landfill,” he said.

But piano movers can also take a clinical view of piano disposal, since they understand the economic realities. While noting that piano disposals can be painful, Mr. Goodwin said: “To be honest with you, the guys enjoy it. They try so hard all day not to scratch anything. And all of a sudden they get to throw it off the back of a truck.”
https://www.nytimes.com/2012/07/30/a...-the-dump.html
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

July 28th, July 21st, July 14th, July 7th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 11:21 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)