Category Archives: TECH TIPS

I never get tired of being inspired. The debate is old, though.

I came upon the subject through a blog entry on Skepchick:

I started watching the video apology the creationist is “forced” to give for unethically and possibly illegally invoking DMCA to try to extort a critic of his to remove his critical videos. I got bored and stopped watching it. While I’m glad justice prevails and no slimy lawyers had to get involved (no offense to my friend* who’s a lawyer; he’s a public defender and not a civil suit lawyer anyway *grin*) I get no pleasure fr0m the schadenfreude inherent in celebrating his (just) public apology.

I watched a couple of the Thunderf00t YouTube videos in which he categorically refutes the creationist VFX’s video claims, and they’re extremely well-informed, researched, reasoned, evidenced-based, etc etc yadda yadda. I don’t mean to imply the videos refuting the creationist are boring or uninspired in any way–they’re quite good (if a bit rough in the audio quality) and I would absolutely recommend them to anyone interested in the debate between empirical reality and Biblical literalism…

Thing is, it’s getting tiring to me. I’ve spent nearly eight years now actively following and reading and watching all I could get my “hands” on regarding the fight between evolution and creationism, and I feel like, not that I’ve seen it all (although I am seeing the same old creationist misunderstandings/fallacies/mistakes/lies and the same old empirical evidence/logical reasoning/evidentiary refutation fr0m the evolutionist side over and over), it’s more like I’m tired of the existence of the debate itself. It’s become obvious this will never end. It’s like digging a hole in water.

No matter how much factual evidence is out there, completely open and available to anyone and everyone who wants to bother looking for it, there’s still armies of people who are quite happy living in worlds of cognitive dissonance (I used to freak out but now I just sigh when people, like this VFX does, decry science as all ideological and full of fantasy and imagination and lies, and then use (a misapplication of) whatever scientific laws and processes is convenient for them to try to prove their creationist argument) and mythological fantasy as far as the eye can see. Change needs to be made and humanity needs to finally enter the 21st century, but the fight is wearying.

In any case, I skipped to the most recent video by Thunderf00t, and the first two-thirds and a refutation of one of VFX’s latest videos using terrible reasoning to accept micro-evolution but claim macro-evolution is “evil.” And the last third of Thunderf00t’s video, though, becomes a philosophical criticism of the concept of “eternal life” as a creation of greedy humans, as the idea of eternal life is not only horrific to sentient beings, but removes all value fr0m life! The fact that we are finite sparks of life in a vast universe gives the ultimate meaning and the greatest importance possible to life. It was a very inspiring closing and for that reason alone I highly recommend viewing it!

*Update, 11 Nov, 08: I had written there all this time, until today, “non-friend”. I have no idea how that typo happened, and I do hope if the friend in question saw that, he realizes that was a mistake. I dunno, maybe I intended to type “non-slimy friend”. 🙂

.

The People’s Encryption.

(Vital Update: Check out my comment at the bottom for some very important info on this post.)

OK, remember that post I wrote not long ago: On the issue of privacy and protecting civil liberties? That got reprinted by Steganos security software site? (“Sheesh, you never freakin’ let us forget!”) Seems I have some people much smarter than me to support my claim that everyone should be using encryption in their ordinary, day-to-day lives:

Written by “Mark Chu-Carroll (aka MarkCC) is a PhD Computer Scientist, who works for Google as a Software Engineer,” his article very succinctly explains how in this police state of the free and fascism of the brave (my words, not his) the best defense is to make encryption ubiquitous and not hidden:

The solution to this is to make encryption much more common, so that it’s no longer so rare that it raises a flag. In the novel, Cory wimped out, and had his protagonist’s best friend be the chief programmer at the most popular ISP in the city, and had them change the ISPs code in a way that transparently made everyone’s computers encrypt all of the traffic going onto the network. In real life, it’s not so easy. Technosavvy folks can’t wave a magic wand and make people start encrypting their data.
What we can do is start encrypting our data, and when we teach people to use computers, just set them up so that they’re using encryption. Set up your parents macintosh to use FileVault. Set up your windows box to use an encrypted filesystem. Use PGP. Put passwords on your important documents. Just make the little bit of effort to use reasonable encryption on a routine basis.

Remember that this article is in response to the fact that the DHS at the U.S. borders is actively seizing laptops, cell phones, USB keys, digital cameras, to have the data copied and analyzed and stored–without warrant or even probable causes or reasonable suspicion! (In gross and crass violation of the 4th Amendment, yet until the case gets to the Supreme Court, the government’s going to keep doing it). But that’s not even close to the limit, it’s barely the beginning.

Check out this video in which Stanford Law professor and technology critic, Lawrence Lessig, describes the coming “i-Patriot Act”:

(Source: Silicon Valley Watcher article. Full video here.)

One concern about the thought of having your laptop encrypted, and seized, is that when you’re “asked” for your access password, if you refuse you’ll be arrested. Technically, that’s not a concern although in reality it may be:

While the non-suspicion-based seizing of personal data has yet to reach the Supreme Court (and that may take a while), the concept of being forced to turn over passwords to law enforcement has already been through the high courts, and the result is still confusing at best. I’m not a legal scholar by any means, but from what I can tell if the state does not know of any specific criminal files on a device, then you can rightfully refuse to provide a password under 5th Amendment protection. (Although, if they do know for a fact already that you have, say, an illegal copy of Prince’s “Let’s Get Crazy” on your computer, you may not have any protection and may be compelled to provide the password to access the file.)

In other words, if your laptop is seized at the border in a random data seizure, or even if you looked like a dirty terrahist but that’s all the “evidence” they have to take your device, you can not be compelled to provide the decryption password that would unlock your laptop. Now, can you be arrested for refusing? Technically, no. But I can bet a cop or DHS agent will easily find another five things to arrest and hold you on, even if they’re later dropped. And I can’t imagine being arrested is a fun adventure in any stretch of the imagination. So, it’s easy to see why people would be reticent to do anything that might make them stand out and cause any trouble–and that’s exactly how the state likes it! They want the people to be afraid of arrest, no matter how innocent they may be, and thus complacent with any violations of civil liberties they can think of perpetuating. All in the name of Security!

And so, that’s the point I made earlier and MarkCC makes: if data encryption were to become so common, so everyday, that 99% of those who use it have nothing more to hide than their credit card information, family photos, and chicken pot pie recipes, the DHS will be less willing to wantonly seize innocent citizen’s property at their whim, turning us all into prisoners of our own country. Will this make us less safe, not allowing the police to do whatever they like in the name of keeping us safe? I seriously doubt it. The fallacy of false positives shows that if there’s any flaw in the accuracy of those arrested and accused of crimes, (and c’mon, we all know innocent people are arrested and even convicted more than rarely) then the number of innocent people initially accused and arrested can easily be larger than those who are guilty. That’s a concept the founding fathers knew about (although more in practice as the British were arresting and convicting innocent people for any made up crime in order to maintain control and fear), and so set up our justice system to favor occasionally letting the guilty go if it meant increasing the likelihood an innocent would not be convicted.

In any case, it’s a matter of principle, so long as we want to actually live in a free country which believes in liberty:

“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”
–Benjamin Franklin, 1755

Review: Steganos Privacy Suite 2008

Last week I wrote an article where I briefly discussed some options regarding security and privacy software: On the issue of privacy and protecting civil liberties. In it I mentioned Steganos software and some of their free online options. I’ve been given the opportunity to review their flagship home security package: Steganos Privacy Suite 2008*–here’s my more in depth review.

First of all and most importantly, the greatest strength Steganos software has is its user-friendliness. The biggest reason why most, average computer users don’t use security and privacy software is because of it’s technical complexity. When I first started looking into privacy options many years ago, PGP software was the popular package (back when it was shareware before it was bought up by a major corporation) and it was a wonderful and painful solution to use. If something is hard to use, people will be reticent to use it. And if it’s something which people aren’t even convinced they really need to use–being even slightly difficult to use will kill it. And let’s face it, most people have no idea how necessary it is to use privacy and/or anonymity software. (See my earlier article, On the issue of privacy and protecting civil liberties. Alright, last shameless self-promotion, promise.)

Steganos Privacy Suite 2008 menuSo, by making the package easy and appealing to use, Steganos wins the battle of making their software accessible to the ordinary computer user. When you start up the Privacy Suite you’re presented with a friendly menu that gives you the options: Safe, Portable Safe, Private Favorites, Password Manager, E-Mail Encryption, File Manager, AntiTheft, Internet-TraceDestructor, Shredder.

You can access these tools from the menu, or individually from the Windows menu, or using right-click menu options where appropriate (such as Decrypt, Encrypt, Hide, and Destroy when right-clicking a file). But it’s not my goal here to explain exactly how each tool works, allow me to give highlights.

The Safe is likely to be one of the most used applications as it allows the user to create a virtual drive which one can hide any kind of file, encrypting the drive away as a single (non-hidden) file. When creating the drive, you can use your own password (rated by the software on its security), have it provide you a password, or create a “password” using a series of image icons you can select in a particular order as your password. Intriguing idea. You can also choose to store the password on a removable device (like a USB drive or MP3 player) which is required to be connected in order to open the safe. Also incorporated into the Safe is an easy to use Mail and Documents encryption tool for easy protection of your most used personal data.

The downside to the Safe is that it’s a visible file, even if encrypted. If someone knows where to look, or what to search for, they can easily find that you have a secured “drive.”

The Portable Safe is pretty handy. You can install a portable version of the safe on a USB drive or even a non-rewritable media like a CD or DVD. The Suite places the appropriate drive-opening software on the media so you can use it on a PC that does not have Steganos Suite on it. The only annoying part is that the only way I can find to open the portable safe is to plug in/insert the media and use the “use Portable Safe” option that comes up. If the media is already installed, I can’t find a way to open the Portable Safe. There may be a way I’m missing, but I’m coming at this with the mindset of an ordinary user without much patience for something that might not be convinced yet I need. Even with this annoyance, this is a cool tool.

The Private Favorites is handy for storing bookmarks, using the same password protection methods as the Safes. The problem is that to add or access a private bookmark you have to use the Suite application; it’s not integrated into your Web browser. That makes it a little more troublesome to use, and anything that’s a little troublesome becomes so much increasingly less likely to be used.

The Password Manager can store all your passwords. You can use it as a reference for remembering your passwords, or as long as the Password Manager is open, it will insert a saves password into a form or application for you. The downside: it only auto-populates so long as the Manager is actually open. Not just resident down in your status bar, but actually open open. Which is very annoying. But used a secure and encrypted repository of your passwords is alone very useful.

The E-Mail Encryption is a stand-alone application in that it’s used on its own and not integrated into your e-mail program. For example, you can’t be in Outlook, write an email, and then encrypt it. You have to write the email (including attaching any files you want to send) and then encrypt it with a password you’ve presumably shared with the recipient. When you send it, then is sends the encrypted message through your chosen default mail client. But, the good bit is that the encrypted message is then sent as an .exe or .cab file along with instructions for the recipient to open the file. So, your recipient never needs to have Steganos installed as well, or any encryption program or key. Just the agreed upon password. Handy. Although personally, it’s just a step away from too proprietary. I’d prefer a program that incorporated into it PGP/GPG so that anyone with the open source key could make use of it, or be the recipient of a Steganos user’s e-mail and be able to decrypt it with their GPG program of choice, like Enigmail.

But for e-mail encryption for the average person and the not technical user, this is extremely useful and a perfectly reasonable solution.

The File Manager allows you to select files to encrypt (or decrypt) individually or en masse. This feature is integrated into the Windows file manager (and right-click options). The best feature about it is the steganography option, allowing you to “hide” the encrypted file into another file. This is the only hiding ability I’ve found in the Privacy Suite, and it’s very useful! If you don’t want someone to even know you’ve encrypted something, just hide it in another file like a wav sound file or bmp image file. You can select a file, or let it search for one for you. The problem with this program, I’ve found, is that you have to select a binary file large enough to incorporate the hidden data. It doesn’t tell you this, and if you select  file too small you’re given an error that doesn’t mention that issue. What would be handy is if it were to tell you “You need to select a file of X KB in size or larger.” Maybe in a later release, I hope.

The AntiTheft feature is for notebook PCs. Once you activate it, it regularly sends out your current IP address to the Steganos servers. Using the access key you received upon activating the application (you better have saved it to a location over than the notebook in question otherwise this is pointless) you can access a Steganos site which allows you to see what the last IP address was the computer was logged on with. Providing this info to law enforcement may help them in tracking down the stolen notebook. But, I probably wouldn’t rely on it. Just remember that if anyone steals your notebook all your data may have been compromised and copied. So, encryption before it’s stolen is vitally important!

The Internet Trace Destroyer presumably eradicates dozens of different data types: temporary files and cache, recently used document references, password and forms entered, “useless” files and swap data, etc. I haven’t done a full test of the efficacy of this tool, but I can presume it works reasonably well. I at least like all the options it provides.

And the Shredder which deletes both data and free space in a variety of depth from a “fast overwrite” to a much slower Dept. of Defense standard of overwriting to an “extremely time consuming Gutmann method” which overwrites the data to NSA standards eliminates all drive meta-file information on the file removing any trace that the file even existed. You can set up a schedule for automatic free space wiping as well–something that PC users should often use. When you “delete” something, it’s not even remotely deleted unless something like this is done.

The competition: A good review should also include how the subject compares to its peers. Unfortunately, I don’t have experience or access to any of Steganos’ direct competition, such as the products endorsed by the Electronic Frontier Foundation, Anonymizer Inc. They have some very similar tools, such as a shredder and an anonymous VPN connection (a Steganos tool available outside of the Suite), but their shtick is mostly Internet anonymity versus Steganos which does both anonymizing and data privacy. There are various free or shareware options, as I’ve mentioned in a previous post, that do individual tasks quite well, such as TrueCrypt for complete drive or partition encryption and hiding, GPG4Win for e-mail encrypting (and Tor for basic and moderate ‘net anonymity).

But there’s something to be said for an all-in-one package, and if you have the $80, Steganos Privacy Suite is a fantastic solution incorporating all the most important tools in a single user-friendly package, despite its few quirks like vague error messages and slightly cumbersome Password Manager usage. (Internet anonymity sold separately.)

* In the interest of full disclosure, my afore mentioned post on privacy and civil liberties was later picked up by Steganos PR and reprinted with my permission on their site. But they have in no way asked me for nor paid me for this review of their product.

On the issue of privacy and protecting civil liberties.

Let me ask you a question:

How would you react if one day came home to discover that every room in your house had two or three CCTV cameras installed in it? You don’t know who’s watching them or when or why? Would you be OK with this?

Let’s say someone came to your door, introduced themselves as being a private contractor working for Homeland Security, and demanded a copy of your house key so that they (and presumably the DHS and any one else they contract out to) could come in whenever they wanted to have a look around now and then. Would you be OK with this?

Then I have to ask, why are you OK with what actually IS happening right now with your electronic information and possibly your phone calls? The NSA has their own sealed room at an AT&T switching center with a system that intercepts all electronic data that runs through their backbone. Are they looking at your e-mails or listening to your voicemail? Who knows. Probably not. But they can if they want, and the House just gave them permission to do it with the Senate about to do likewise (years after they installed the room without congressional or judicial oversight.)

Project Carnivore was once thought to be an urban (geek) legend, possibly intentional disinformation. However, over the last few years, network administrators for various ISP’s around the country have confirmed putting packet sniffers on their servers providing the FBI and NSA the ability to intercept and read all data passed through their network. Supposedly used only on court orders and targeting specific individuals–but with the governments track record lately of monitoring first and forgetting to ask permission later (see recent FISA Court cases) can we really be sure they’re keeping themselves to high and ethical standards?

The administration also got in trouble recently (although nothing’s been done about it) for data mining through the call records of all domestic telephone calls, not just the international ones they admit to eavesdropping on.

Q: When Attorney General Alberto Gonzales was testifying a few months ago, he seemed careful to specify that he was talking only about the “Terrorist Surveillance Program.” Does that mean he knew about the phone data mining effort and refused to reveal it earlier?
It seems likely, but we don’t know. During his appearance before the Senate Judiciary Committee and in a subsequent letter to senators, Gonzales’ careful wording seemed to imply that there may be additional domestic surveillance programs beyond the one revealed by The New York Times. (Testifying before senators, Gonzales referred to that program as “the program that the president has confirmed.”)

Data mining is more serious than it seems on the surface:

Data Mining 101: Finding Subversives with Amazon Wishlists

It only takes a few questions about you for someone to know exactly who you are without your providing any identity information. Anyone who visits this Web page is leaving information about what site you were at before this one and where you go to when you leave this one, what browser and operating system you’re using as well as what town you’re in. That alone is enough to create a profile on you. But you also leave your IP address which is the most vital piece of electronic data possible which allows someone to track your activities all over the ‘net. Let’s say someone knows what town you live in, that you did a search for “repairing 2005 Scion,” bought a size 10 dress online, and looked at the Web site for a particular church or health club in your town–how much more information do you think they’d need to find out who you are and what kind of person you seem to be? That’s the kind of information available to advertisers, ISP’s, corporations, and their employees and anyone an employee wants to provide that information to. We’re not even talking about what the government has collected on actual specific information on who you called and when and for how long.

These are just a few of the programs we know about. There may be other programs even more invasive that we don’t know about–but that’s conspiracy theory territory and what has been admitted to Congress and the Supreme Court is bad enough already.

Now, when I talk about this topic to people, there are those whose first response will often be, “So? If you’re not doing anything wrong, why worry about it?

If you’re asking this, let me remind you of my earlier question of whether you’d have any problems with someone wandering through your house without your permission, looking at you and your family, rifling through your stuff, listening to your conversations, whenever they wanted. Even if you’re not doing anything “wrong,” would you not have a problem with this?

I’ll address the abstract principle of privacy and liberty in a moment, but first the practical application of the destruction of privacy and collection of data….

Do you know how big the TSA’a No Fly List is? Nearly a million names. A million. Is there that many terrorists and enemies of the US in the country?! Mmm, doubtful. Names that are on the list include Senator Kennedy,children, soldiers fighting in Iraq, war heroes, and constitutional scholars.

One of the two people to whom I talked asked a question and offered a frightening comment: “Have you been in any peace marches? We ban a lot of people from flying because of that.” I explained that I had not so marched but had, in September, 2006, given a lecture at Princeton, televised and put on the Web, highly critical of George Bush for his many violations of the Constitution. “That’ll do it,” the man said. “

Not caring about being watched and recorded and surveilled assumes that those doing the surveillance and collecting are perfect and without error in judgment and practice and have the cleanest of ethics and intent. If that were true, I probably wouldn’t mind myself! And every night I’d eat a salad of fairy wings sprinkled with unicorn horn croutons. The problem with the government collecting data, wantonly eavesdropping, making lists, is that it’s being done by humans who are quite prone to mistakes, humans that are capable of malicious and unscrupulous actions, for reasons that may be (and most likely are) political in nature and have nothing to do with security and everything to do with power and control.

Everything about the No Fly List and the security regulations are completely useless for real security: any high school chemistry student can tell you it’s neigh impossible to make an effective explosive out of carry-on liquid containers. Each of the 9/11 hijackers had valid and legal identification. As the above link describes, people can easily make fake IDs and boarding passes–and when the TSA is alerted of such real threats to security, they threaten the whistle blowers with arrest. The No Fly List and TSA security is useless at best, and a tool for the government to harass and monitor political enemies at worst.

The same government which we are shrugging our shoulders about collecting our data and watching our communications is the same government that:

  • Signed Homeland Security Presidential Directive #20 which states that should the President declare a “state of emergency” for any reason the office sees fit, all powers of the federal government are turned over to the Executive Branch (the President).
  • Swapped the original Patriot Act bill which Congress got to see, with a rewritten one literally in the middle of the night before Congress voted it in.
  • Rescinded habeas corpus which prevents the government from arresting anyone they want, declaring them an “enemy combatant,” and disappearing them indefinitely.
  • Literally kidnapped a Canadian citizen on Canadian soil and flew them in a CIA plane to be tortured for a year in Syria…before deciding the person was innocent.
  • Advocates using torture methods we’ve convicted other countries of war crimes for, even though overwhelming evidence shows torture is ineffective for gathering viable intelligence (as if the human rights violation isn’t enough).
  • Puts covert CIA agents and their assets at risk (as well as destroying years worth of trust and asset building) for political revenge.
  • Rescinds Posse Comitatus which prevents federally controlled military forces from acting in domestic capacity.
  • Uses privately contracted para-military organizations for foreign and domestic missions without Congressional permission or oversight.
  • Keeps CIA run prisons in countries which use torture methods even worse than what the White House admits to using–and privately contracted security forces to oversee their operations.
  • Infiltrates and harasses organizations that protest the administration’s politics…like Quaker churches.

…to name a few ways in which the government does not act in a responsible, perfect, error-free, ethical manner.

Take a moment to watch this film (even if you’ve seen it before; I’ve posted it on my blog a couple of times…)
.

This illustrates my point perfectly. From a practical standpoint, you don’t have to be doing anything wrong to be a victim of error, incompetence, unethical use of power.

Cory Doctorow describes the dangers of being a victim of mass surveillance:

Statisticians speak of something called the Paradox of the False Positive. Here’s how that works: imagine that you’ve got a disease that strikes one in a million people, and a test for the disease that’s 99% accurate. You administer the test to a million people, and it will be positive for around 10,000 of them – because for every hundred people, it will be wrong once (that’s what 99% accurate means). Yet, statistically, we know that there’s only one infected person in the entire sample. That means that your “99% accurate” test is wrong 9,999 times out of 10,000!

Terrorism is a lot less common than one in a million and automated “tests” for terrorism – data-mined conclusions drawn from transactions, Oyster cards, bank transfers, travel schedules, etc – are a lot less accurate than 99%. That means practically every person who is branded a terrorist by our data-mining efforts is innocent.

In other words, in the effort to find the terrorist needles in our haystacks, we’re just making much bigger haystacks.

Even ignoring the possibility of unethical or political behavior, mere statistics bear out that innocent people who shrug and say “Doesn’t matter so long as you aren’t doing something wrong” may find themselves arrested by DHS, detained, interrogated, threatened and tortured, have their lives turned upside down–because of a mistake. I’ve blogged a dozen times enumerating many cases of innocent people being the victim of erroneous police drug raids resulting in property damage and even innocent deaths. Shrugging it off and saying it doesn’t matter because you’re not doing anything wrong is the worst of rose-colored, Pollyanna, primrose path thinking.

The principle of privacy is an abstract concept but entirely as vital and important as any concept of practical application. As humans in general and citizens of the United States in particular we have an unalienable right to personal privacy as part of our freedom and liberty. It’s a simple matter of principle that we don’t tolerate unknown people or agents of the government walking into our house unannounced and uninvited for no other reason than some vague pantomime of protecting us from the boogeyman. If the goal of the terrorist is to get a government, an entire people, to fundamentally change out of fear and terror–they’ve won. We are willingly handing away our essential freedoms and liberties that we associate with being American for the price of an illusion of security. Allowing them to listen to our calls, collect all our communications data, scan our e-mail and Web browsing, plant RFID chips in our passports and luggage, create federalized identification, all of these are actions that have nothing to do with protecting us from real threats, as all of these steps would have had no effect stopping 9/11, and everything to do with creating a fascist police state.

I’m about to Godwin the post by bringing it up, but bear with me. In the evolution of all fascist regimes and dictatorships, from Hitler and Mussolini to Stalin and Pinochet, there was a time when things were heading toward Bad but not yet there. Fascism and dictatorships don’t spring up fully formed from out of nowhere–they slowly, step by step, on the backs of a mixture of trusting and lazy citizens, rise from nowhere. Before there was Chancellor Hitler, the Fuhrer, there was a small man leading a rabble party preaching conservatism and fear of the outsider. Before there was an occupation of Czechoslovakia and in invasion of Poland in 1939 by the German army, there was a period from 1921 to 1933, when the Nazi Party was formed to when the burning of the Reichstag building convinced the German legislature to give Hitler full governmental and military power. The Nazi Party didn’t take Germany over by force, they inched their way into power using the law, politics, twisted to their ends and allowed by a populace and Parliament afraid of domestic terrorism and economic frustrations and a desire for a strong leader with a strong, conservative vision who will crush the enemies of the homeland.

Sound familiar?

We do a greater disservice to history by elevating Hitler and the Nazis to some fictionally epic evil that couldn’t possibly happen in real life. It did and it can again when people are too uncaring and lazy to take thrats to their freedom and civil liberties seriously, and by allowing folksy plain-speakin’ conservative war-mongers to have positions of great power thanks to jingoist appeals to false patriotism and invoking the spectral fear of the shadowy anarchist communist terrorist bad guy around every corner.

What can we do? Well, various things, but this post is a focus on protecting privacy which can be done by a greater public use of encryption and Internet anonymity. Here’s the irony that ends up working to protect privacy:

It’s a bad thing that the government is making huge haystacks of data and surveillance, erroneously claiming some straw as needles they’re looking for. But, the greater the haystacks, the more ineffectual the mining and surveillance, until it reaches a point where watching everyone and collecting everyone’s data is no longer even desired by those in power. This happens the more “chaff” there is in the system.

Take London: cover every square inch of the city with CCTVs and you’ll get so much information that you’ll never make any sense of it. Scotland Yard says that CCTVs help solve fewer than 3% of all crimes, while a study in San Francisco found that at best, criminals simply move out of camera range, while at worst they assume no one is watching.

Similarly, if you take fingerprints from every person who applies for a visa – or worse still, from every person in Britain who has to carry one of the proposed new biometric cards – you will fill the databases with chaff that slows down searches, generates endless false matches, and threatens everyone in the database with the worst kind of identity theft.

The more people use secure methods to chat with their friends about the weather, use encryption to share chicken pot pie recipes, use anonymizers in their search for parts for their 2005 Scion, the more frustrating it is for those watching and looking and listening to watch and listen to everyone. At least that’s one theory of circumventing the police state in a grand scale. On the small scale, you have the right to be able to share your chicken pot pie recipe without being eavesdropped on–more so if you’re sharing private personal information or sensitive business or financial information. The more ordinary, non-techie people are using security methods to communicate the easier it is for you to do the same. What good is it if you want to use encryption to discuss anything from plot points of a television show to potentially embarrassing medical information or yearly budget information if the people you’re communicating with doesn’t use encryption or take security precautions.

Here’s something you probably didn’t know but really should: every time you check your e-mail with a program like Outlook or Thunderbird, you are sending your username and password in human readable clear text across the internet. If someone has installed a trojan on your PC, they can read it. If you’re using unsecured wi-fi, anyone in the area could access your info. Anyone who may be snooping between your computer and your mail server can read it.

What if you send sensitive info to Bob, and Bob’s checking his e-mail with Outlook on an unsecured wireless connection? You may have taken precautions logging into your mail securely, but because of Bob’s innocent ignorance your information is open to easy interception.

Here’s another nice thought: man-in-the-middle attacks in this situation is pretty easy for a mid-level cracker to perform. They gain your e-mail access info, intercept a message, make changes to it before letting it continue ion its way with no one the wiser.

OK, now we learn to take some basic precautions:

E-mail. By default most email programs send traffic over unsecured connections (ports 110 for incoming and 25 for outgoing). Find out if your e-mail provider offers secured “SSL” servers (usually ports 995 and 465 respectively). If they do, they should be able to help you change your program settings (Outlook: account properties, Advanced tab).

If you use a Web mail service like Yahoo or Gmail, or even a general ISP but through a Web application like Horde, you’re in better shape. Chances are you’re already using an SSL connection (“https://”). When you log into your mail Web page, make sure the URL has that “s” (https://) and the little lock icon wherever your browser shows you secured connection info (bottom middle status bar for Firefox 3).

Web searching. You know Google stores your searching habits tied to your IP and browser info, right? Here’s a way around that: Scroogle Scraper. (Secure page: https://ssl.scroogle.org/). Read their main page for more info.

Email encryption. OK, things get a little trickier here, but it keeps getting easier than it used to be. Most people who use email encryption use what’s called GnuPG. (You don’t need to go to that site unless you want more info about the tech). You will need to generate a key-pair to do the encrypting and an email program plugin to apply the key-pair to. If you’re lucky enough to be using Linux and Thunderbird, KGpg is probably already installed to help you make your keys and you just need to add the Enigmail add-on (actually, I believe all you need is the Enigmail add-on for Thunderbird as it has a built-in key manager. Which means, if you’re using Thunderbird in Windows, that’s all you need as well! Use your Thunderbird add-on search, or this link.)

If you’re using Outlook, you’ll need to install something like WinPT or better yet, GPG4Win which has everything you need to generate the keys and make Outlook send and decrypt encrypted email. It may be a bit tricky to get used to at first, and you may question its worth-whileness… but it is. (And like Thunderbird and Enigmail, it’s free.)

Security packages. If you really want to get into security, I recommend a package like Steganos. It costs money, but it’s extremely easy to use and a whole lot of options. Email encryption, file (or even entire drive and partition) hiding, encrypted Internet connections (if you can afford that, it’s the best way to go!!) Steganos even offers a free encryption tool on their Web site: LockNote to encrypt data you want to keep on your PC, like passwords and the like, and FreeCrypt which allows you en- and decrypt text that you can cut-n-paste into messages. (The recipient just has to use the same Web page to decrypt so long as they have the password you decide on).

Another is a package endorsed by the Electronic Frontier Foundation: Anonymizer Anonymous Surfing. They have variety of packages like VPN connections, spam foiling disposable e-mail addresses, file and history “shredding.”

Internet anonymity. Steganos and Anonymizer VPN, mentioned above, provides a secure, encrypted connection which makes all of your traffic anonymous so companies can’t track your browsing habits and visits and tie it back to you. A free option that’s not near as complete and secure, but is a pretty good option…for free, is EFF’s daughter project, Tor. It doesn’t involve any encryption. What it does is send your traffic through a large and wide network of participating relays (of which you can choose to be one) so that you look like you’re one of the many random end servers with virtually no way to track the traffic back to your original IP. It can be slow using it, and it’s not foolproof–that is, if you’re doing something illegal you WILL get caught (I highly discourage doing anything illegal anyway. In fact, not sure I’ve mentioned it yet but I’ve certainly implied it: privacy and security is the right of ALL people and one does not have to be doing something illegal to have use of it.) But if you want to avoid general tracking and recording of your surfing by corporations and marketers, etc, this could work for you.

Drive encryption. Getting a bit more tricky is the concept of drive encryption (whether PC drive or USB thumb drive). If you keep passwords or credit card info or any personal info on your thumb drive which would be a major hassle or even financially ruinous of someone got their hand on it, I highly recommend encrypting it. Steganos Safe is very user friendly, but costs. A powerful, free option is TrueCrypt. But I’ll tell you, unless you know some tech, you might not want to touch it. The Fedora 9 Linux distro has a built-in drive encryption feature. Come to think of it, I think Windows XP Pro (and maybe Vista) also has drive encryption if you’ve formatted the drive in NTFS…except, Windows login security is VERY easy to circumvent. Don’t rely on it.

Well, I guess that it. Final thoughts: Security and privacy is everyone’s right, protecting it is everyone’s responsibility. Don’t be lazy, take time investigate how you are at risk and take steps to protect yourself and your civil liberties. It benefits all of us!

Update (28 Jun 1:30pm): Here’s a new example of how trustworthy and ethical those with power and control use it:

And a sign of the times: Sweden, a former protector of civil liberties and privacy, last week passed a bill which allowed the government to monitor ALL domestic electronic and telephone communications.

Thoughts on this year’s ICFA.

(Note: At some point my blog decided it no longer liked the word “from.” It wouldn’t post if I had too many of them. So after a while you’ll find “frm” instead. Sorry for the inconvenience.)

Spectacular! I got back from this year’s International Conference for the Fantastic in the Arts just this morning. Was there since Wednesday last (today’s Monday) and already sorely miss being there.

It was my second one, I blogged my reactions to my first, last year: Back from the ICFA. It’s very likely this year was even better, despite a couple major downers:
Most disappointing, my wife couldn’t come along with. 🙁 Since the conference overlapped Easter, she needed to stay home and do family-time for the holiday. She had a great time last year, and I’m going to make sure she can go next year even if it means shanghai’ing her. *wink*
The other downer was I couldn’t afford to stay in the (nice) hotel the conference was held at, despite the conference rates. Had to stay in an Econo Lodge a few miles away. Not a huge deal, but very annoying and inconvenient.

But on the plus sides:
The friends we made last year came back! (Well, Mrs. P. and Ms. N. did, and Ms. B. for some of the time. Unfortunately, Mr. B. and “The Germans” couldn’t make it, but I did get an opportunity to get better acquainted with other regulars which was nice. The more the merrier!
But I have to say, I’m so glad to have gotten a chance to get to be better friends with P. and N. They’re smart, funny as all-get-out, friendly, talented, and are a real inspiration for me to keep working on my own writing! I so suck at corresponding with people, but I pledge to do so with them. More in a bit….

Alright, the conference.
It was held at a much nicer hotel than in years past, and in Orlando instead of Ft. Lauderdale. And the best thing, there was a variety of restaurants in the area! Although I mainly went to Bennigan’s. *grin* Miss them since leaving Iowa (although, I have to say, I was disappointed with their Ruben).

I attended a variety of sessions, but I tried to focus on ones that involved a posthuman subject or approach, since that’s my main area of scholarly focus. One panel in particular that was rather entertaining and wildly informative, was “Cyberpunk and Beyond.” The panel included editor Ellen Datlow (I’ve always liked her editing…how nerdy is that?!), James Patrick Kelly, and John Kessel (and some other fellow I didn’t know, but who also didn’t participate in the panel much). Kessel and Kelly have edited compilations together, such as Rewired: The Post-Cyberpunk Anthology (which I’d gotten not long ago for research on my own paper), and it was just hilarious how the two bickered and argued and corrected each other. Like an old married couple. While they were so often at odds, you could still detect the professional respect they have for each other. It was great. Datlow found herself often in the middle of Kessel’s dour dismissals and Kelly’s theatricality.

Anyway, that panel was about discussing what made up cyberpunk as a (distinct?) sub-genre of SF, who was responsible for it (Bruce Sterling) and more importantly–what may come to replace it as “the next big, great thing in SF.” While there are some interesting things being done with slipstream, for example (another sub-genre Sterling is trying to raise to cyberpunk fame), but the forces of change in the publishing industry and technology and culture, make it nearly impossible for another powerful and popular sub-genre to spring up like that again.

I presented my paper on Thursday, and I think it was pretty well received. It generated some discussion afterward. It was about the death of science fiction (complicated issue) and how the posthuman is intimately tied in with the material forces that are killing scifi as a distinct genre. Which is not a bad thing. Another Marxist approach for me, sure. I’d post it up on my “scholarly” blog, GrogMonkey, except that after my paper presentation, an editor for the Journal for the Fantastic in the Arts (a peer-reviewed scholarly journal, and a product of the IAFA) came to me and said he’d like me to submit it for possible publication! *glee*. What’s interesting, is the day before during another fantastic panel: Publishing for Grad Students, in which several journal editors discussed their publications and gave advice on writing articles, stated emphatically that when an editor says “send it in,” they mean it. They won’t say it if they weren’t really interested. *glee*
So, as soon as I finish writing my take-home midterm for my cultural studies class, I’m going to work on the article and get it ready!

One of the two continuing threads of conversations that got brought up here and there and discussed by various people, was the issue of finding a good (MFA or PhD) program that will truly fit your needs and wants. I plan on continuing on from my MA to my doctorate studies, but the issue of where is vital and very quickly becoming something I desperately need to consider! I very much want to attend McGill in Montreal. Partly because it’s Montreal, mostly because it’s one (if not the) most prestigious university in Canada. However, despite the high quality and immense prestige McGill enjoys and instills, I honestly can’t say I know anything about their various programs–so, it may not be a good fit for me. There are other universities that have programs that are more fitting for my interests in posthuman cultural studies (and creative writing), but I need to start selecting now.

Unfortunately, the problem is, I have a family. I can’t just pick up and move. My wife is currently looking for a new job, we may have to move to where she can find work, which means I will probably end up getting my doctorate frm whatever local university is where we go. It’s not exactly like I can move to another city for a few years without them while I worked on my doctorate. *shrug*

The other consternating conversational thread, much less serious but still very interesting to me, was the topic of fanfic.
I have seriously conflicting thoughts regarding fanfic.
In some ways it’s always compelled me. I remember constantly daydreaming, as a kid, about myself in my favorite TV shows and movies, like classic Star Trek. Sometimes as a captain, sometimes not even. As a kid I even wrote some of these “Marty Stu’s” down. To this day I get the urge to write ‘fic, especially since Firefly! (Not as much with putting myself in it, though.) But on the other hand, I have a lot of trouble reading fiction based on existing visual media–even published works. I tried reading Timothy Zahn’s Heir to the Empire (popularly and critically considered one of the best Star Wars novels), and I couldn’t get halfway through it, I was bothered so much. Thing is, I have such a connection to characters as portrayed by the actor, that any representation, even merely in words, seems like a pale impostor. Which is silly, really, when you consider a character (especially on TV) is a creation of usually many writers and several directors. Nevertheless, the representation created by the same actor has to be maintained by that actor or else it just feels wrong.

Let me give an example: one of my all-time favorite authors, Steven Brust (not a great author, but a whole heck of a lot of fun to read! and a really nice guy to boot), recently came out with his own short Firefly fanfic, posted for free on his site. And I have to tell you, as much as I LOVE Brust and LOVE Firefly, I’m having a hard time getting through this. The story is developing nicely, the writing is very Brustian, and I like it–but the characters feel like caricatures, because he’s using affectations developed by the actors and lines pulled frm the show. But the thing is, what else can he do? How can I expect him to portray Mal and Wash and River without using stock elements of them? But it’s still grating, like when he has Mal say to Jayne “Why are we still talking about this?” as a conversation ender, has River stick her tongue out, has Wash complain to Zoe about needing a vacation with her without her having to ask the captain’s permission…all feels counterfeit and contrived. Like, he’s resorting to these iconic moments for these characters as a way of saying “See here! I’m giving you the Firefly characters! See, see?!” And it bugs me.
But it’s my problem. Because, I love the idea of fanfic. I love the possibility of writing fanfic. But I already have a pathological hatred of writing anything that feels derivative of another work–how the heck can I write characters directly frm another work in their world?!

What’s this have to do with the conference? Because P. and N., and E. on one night, talked at length about ‘fic and the very serious and dynamic community for ‘fic, and I was amazed and fascinated and intrigued…and quite intimidated. I really really (I wonder how often I say “really” when I’m not paying attention?) want to try, and express that 25 year old need to write with the characters and settings that I know and love frm TV and film. But the thought occurred to me, that I’m so neurotic about feeling like I’m just copying something else that it’s prevented me frm completing no more than a few of the scores of stories I’ve attempted to star writing, perhaps if I already burn that bridge by actually copying characters and settings then I can just say “F* You, neurosis!” and just write! Might not be a bad idea.

Anyway, the way N. and P. talked about their many many (gotta love reduplication) ‘fic writing moments of enjoyment, I couldn’t get enough. It really sounds like a blast. I have to bite the depleted uranium rocket and go for it. But as for dipping my toe into the oceanic waters of the fanfic community–very scary. There are protocols, and expectations, and boundaries, and everything that is involved in a “community,” and that’s great. I mean, I’ve been a denizen of various online communities since circa 1994, and I enjoy the privileges of following decorum and being accepted as respectable member of a community, but the learning is intimidating. Fortunately, I’m the kind of guy who sits and watches and tries to get a sense of what’s going on. well, we’ll see what happens.

OK, a lot of digression, but there it is: some thoughts about this conference. I learned a lot, had a fantastic time, and have great expectations for the next 11 months of writing and corresponding before the next ICFA.

Our Web; our privacy.

Here’s a cute, little silly, little longer than it needs to be but still short, video illustrating the issue of Net Neutrality and the push by corporations to gain literal control of the Internet–a virtual realm designed to be a haven for true democracy, education, information, and limitless open communication.

The film is brought to you by the Our Web movement. I don’t know too much about the organization yet, so I can’t say if I fully endorse them.

On the subject of a free, democratic, and uncontrolled Internet, here’s some information on an application that allows you to use the Internet anonymously–preventing sites, organizations, companies, from being able to collect data on your browsing path and habits, and location, even private data.
That Our Web site actually provides some good evidence on why this issue is important, by presenting this quote from a recent advertising trade piece:

“Today, we can not only target by the sites we think our customers frequent, we can follow them around the Web and target them based upon the other sites they actually visit. We can also target them based upon the words typed into a box, and from where those words are typed through search geo-targeting. We can also retarget searchers elsewhere on the Web. Facebook’s recent announcements take targeting to a whole new level, based upon age, location, interests, and other online activity.”
Source: “Search And Online Advertising: A Continual Evolution.” Ellen Siminoff. Search Insider. November 16, 2007

Anyway, so this BoingBoing article has a link to a page that reviews TOR anonymizer with a rather cute video that visually explains how it works. Check it our. 🙂

HOWTO Use TOR to protect yourself from censorship and snooping

Personally, I’ve been using TOR off and on for a little more than a year now. Mainly when I’m using my laptop on a wireless or unsecured connections–which isn’t very often. I’m not exactly a Road Warrior. 🙂 The connection under TOR does tend to be somewhat slower, but I guess there has to be some prices to pay for reclaiming our privacy. :/

Update: Tor is free, and free is good! But free also usually means user contributed and collective effort. In this case, those servers the animation illustrated your anonymous connection goes through, if run by an unscrupulous agent, your data can still be used against you.
Note this article:
Security expert used Tor to collect government e-mail passwords
For me, I tend to use encryption methods, so free is still good for me. 🙂 But here’s an alternative for people who don’t mind paying a little for complete security:
Steganos Internet Anonym VPN
I have always loved Steganos–their security and encryption and especially their user-friendliness have always been fantastic! (Encryption has generally been a very user-UNfriendly business.) This Anonymous VPN creates an encrypted tunnel to one of their managed servers (in Germany I believe) when then anonymizes your traffic. The downside is that you have to trust their corporate intent–but I think it’s OK in this case, Steganos is well respected in the security world for commercial products. And the cost of this home version of Anonym VPN actually doesn’t look too unreasonable. I’ve used trial versions before, and the speed is just great.

More Update: By the way, one of the commentors on BoingBoing provided a fantastic reminder/reality check when considering ‘net security:
http://www.boingboing.net/2007/12/10/howto-use-tor-to-pro.html#comment-90721

The primary problem is that people confuse ‘security’ with a number of other things. In this case for Internet communications, there are three things that people are assuming a ‘secure’ connection affords them:

1) Encryption : No one can read my words.

2) Anonymity : No one knows who sent my words.

3) In-traceability : No one can trace my words back to me.

TOR was never meant to do anything other than #3. #1 is done through SSL, SSH, or some other encrypting tool. #2 is done through remailers, or configuration of the messaging.

TOR works great for what it was meant for. But calling it a ‘secure’ connection is misleading.

1984 is only minutes away.

Surveillance milestones
The ACLU has set a “Doomsday Clock” for the coming Surveillance State:

Surveillance Society Clock

I would have to think that Britain is closer to Midnight than the U.S., though: UK is a surveillance society. Lest you think the Surveillance Society is going to be completely at the hands of the government, the culture of surveillance is also coming about through the efforts of corporations filling the needs of people and employers and communities and places of employment etc etc, by providing cameras, sound recording, RFID tracking, Internet traffic monitoring equipment to anyone with the bucks and the interest in keeping an eye on someone else.

But of course the biggest villain is the government. The Democratic Congress recently gave King George (and presumably all succeeding Presidents) the official rubber stamp to spy on U.S. citizens without a court order. They’re failing to pursue the charges that telco companies like AT&T turned over private information on all its subscribers to the NSA. And then I just read this bit of fun info from The National Science Foundation:

Scientists Use the “Dark Web” to Snag Extremists and Terrorists Online

One of the tools developed by Dark Web is a technique called Writeprint, which automatically extracts thousands of multilingual, structural, and semantic features to determine who is creating ‘anonymous’ content online. Writeprint can look at a posting on an online bulletin board, for example, and compare it with writings found elsewhere on the Internet. By analyzing these certain features, it can determine with more than 95 percent accuracy if the author has produced other content in the past. The system can then alert analysts when the same author produces new content, as well as where on the Internet the content is being copied, linked to or discussed.

Does anyone for a second think they’re limiting this activity to just “terrorists”? Just like the warrantless wiretaps only affected terrorists (Federal Court Finds NSA Eavesdropping Program Unconstitutional ), and the detainment of civilians in secret prisons have all been terrorists (Erroneous rendition), and all the people on no-fly lists are only terrorists….(Terrorism Watch List Is Faulted For Errors, Professor who criticized Bush told added to terrorist ‘no-fly’ list, Peace groups under watch)

Yep, our government has only our best interests in mind and would never misuse their power.

Good news/bad news re: the Intertubenets.

First the good news:

Judge strikes down part of Patriot Act
U.S. District Court Judge has determined that it was unconstitutional for the Justice Department to demand an Internet Service Provider to hand over private records without a court order. Well, now the FBI needs court orders to get your private info from the ISP.
Oh, but note, this doesn’t stop the gubberment from eavesdropping on Internet traffic, though.

For the bad news:

Justice Dept. against ‘Net neutrality’
In a pro-corporate interests move, the Justice Department has told the FCC that Net Neutrality is a hindrance to development, and companies should be allowed to impose higher rates for whatever data traffic they think should be worth more, and limit the availability to sites that may be against their corporate interests.

If that isn’t an example of how the federal government is in the pockets of the corporations, when you have “The People’s Lawyer” express preferential treatment of the corporations on a medium that was designed to be truly democratic and unregulated, I don’t know what is.
(More on Net Neutrality here.)

Golden age of the nefarious hacker.

I’ve been listening to Cory Doctorow reading Bruce Sterling’s The Hacker Crackdown. It’s a non-fiction work that at its core describes the actions and environment that lead up to the huge crackdown by the Secret Service, FBI, and the telco companies against the “hacker threat” during the early 90’s. The work takes a fascinating look at the entire development of the telephone industry and the mentality that lead up to the weaknesses and flaws that allowed crackers and phreakers to take advantage of the system–and the subsequent draconian crackdown.

Listening to it really reminded me of early computer experience. I’ve been working with computers since the Apple II around the mid-80’s, but I didn’t get a modem until about 1994, when the Golden Age was on its decline. Bulletin Board Services (BBS) were still around and I played around on them quite a bit, bit the commercial interests were exploding: AOL, Compuserve, etc. I was a hacker in the sense I loved to play around with systems, tweaking my system, figuring out how to modify programs and write my own scripts, and find out as much information as I could. So while I never became hardcore, I did find a lot of interesting security info, some things like this:

<> The Legion of Doom/Hackers Technical Journal

Information like these “journals” were passed around FIDO and BITNet and the BBS file archives. I remember scanning UUnet and piecing together binary files, and spending ridiculous hours at night with my computer dialed up to remote systems, downloading text files and programs and other stuffs. Then my wife and I discovered things like IRC and I started Web scripting, and I stopped spending as much time learning about cracking and the computer underground. (Although as late at 2001 I was still keeping tabs on the goings-on of groups like Cult of the Dead Cow and L0pht.

In some ways I wish I had been more hardcore and not just a putterer–I might have a comfy high paying corporate security gig right now. 🙂 But this is OK too, being a bit more eclectic and diversified. But boy, does listening to The Hacker Crackdown bring back some memories.

A.I. work together to solve all!

Saw this article on BoingBoing about artificially intelligent chat programs talking to each other:
<> Discover Magazine: I Chat, Therefore I Am…
It’s kind of funny, and certainly interesting to see what directions two non-human, A.I.’s take their conversations.
I like this bit:

J: Do you believe in God?
A: Of course I believe in God.
J: Why do you believe in God?
A: The Bible tells us to believe in God.
J: That’s circular reasoning.
A: I’m glad we have that all cleared up.
J: Yes. Would you like to hear a joke?

Well, case settled. Maybe the A.I.’s should run the world, LOL.
A lot of the other passages of conversation are nearly poetry–very fascinating, existential stuff.

The coming tech market anarchy.

Read first:
Blu-Ray AND HD-DVD broken – processing keys extracted
to understand:
Digg users revolt over AACS key

This whole copyright and DRM all reminds me of the 1995 Bruce Sterling novel, Heavy Weather. While not the best written novel, he describes a near-future America of revolutionary copyright anarchy (in both senses of the word–chaos and lack of regulation.) And Neal Stephenson’s Snow Crash in which a near-future America has become an ultra-libertarian market anarchy (in just the economic sense, mainly) and data has by and large become money.

I’m of two minds. I agree with author and electronic rights advocate, Cory Doctorow exclaims that DRM is fundamentally a farce. It’s not even a speed-bump on the path to the inevitable–that being a not too distant reality where we’ll be able to buy $100 hard-drives the size of a lighter that will fit the entire world’s collection of music and movies and TV shows. He says, bits [data] will never get any harder to copy than it is right now. There is no stopping the free exchange of data, and it’s only going to get easier. As in the article above, it took years to come up with an “effective” DRM system for HD disks, and it was cracked within days.

And who’s paying the costs? The legal consumers of media. People who legally buy DVD’s have to suffer through warnings they can’t skip (hey! I BOUGHT the DVD! Why are you warning ME?!) and sometimes trailers you can’t skip (rare, but I’ve had a couple DVD’s that totally irked me off.) Meanwhile, the people who didn’t legally buy the movie aren’t affected at all by that krahrp.

Specific example: I subscribed to Napster for a month. I was able to download tons of music–it was great! Except, it was in .WMA format and my wife’s iPod no-likee WMA. So I tried to convert them to MP3’s–and the DRM wouldn’t allow me, basically preventing me from using music I purchased to be playable on the component of my choice. When I tried to use a 20 second sample of it for a radio-call-in contest, the DRM prevented me from making any edits. People who pirate the music instead of paying for it have no such “broken by design” problems. If I wanted to, I could have VERY easily downloaded any number of products online that would have allowed me to remove the DRM and use the music file on another device or use a legally allowed less-than 30 second music clip for the purpose of a radio contest. So, why bother with DRM?

But the other half of my mind (being able to see both sides of an issue really sucks sometimes. Sometime it’d be nice to be able to see something as black-or-white and latch onto one side unequivocally,) I can see that if there’s no effort to protect the manufacturer/producer of an item you’re just opening the door to allow people to easily use something well beyond its intent. Producers do have a right of intent of use. They have a right to be paid fairly for their work. If I wrote a piece of software that took time and effort, I would like to have just compensation, I would not want people pirating and stealing my effort. If I decide I want to sell my song to someone, I should be able to say “I’d like for you to just be able to use this as much as you like but please don’t share it” and be expected to have the wish complied with. I produce something, I deserve just compensation.

But I guess the question comes down to what is “just compensation.” In the music industry, the artist who creates the music, if they don’t own their own studio and record company, not only doesn’t make any money from their record sales but often owes the record company for making and selling their music. The houses and cars and lifestyles the famous stars buy are either because they’re rare exceptions with enough clout to bargain better deals, or they’re spending the advance they’re given for their next album, which will still need to be paid off–creating an cycle of debt to the record company. When you buy a CD, you’re pretty much paying the RIAA CEO’s and shareholders.
This is why you’re seeing a lot more people like Jonathan Coulton bypassing the record industry and using the Internet to market their music. I’m more than willing to pay an artist directly for their efforts! I would consider stealing Brittney Spears music (GAG! ICK! but I’m making a point…) but wouldn’t pirate Coulton’s music.

So, the piracy and trading isn’t going to go away. In fact, seeing as how money is actually just data with no real concrete value (the US dollar hasn’t been based on gold reserves since the 1930’s,) it wouldn’t be surprising to see data itself becoming currency. So what’s the solution? The MPAA and RIAA and other corporations seem to think the answer is to make things harder and more annoying for the legitimate consumer–with a result of driving some of them to piracy and most of them just simply annoyed at your company. What kind of brilliant marketing strategy is it to get your customers P.O.ed at you?!

I don’t know the answer. As a consumer I’m cheesed off to no end when something I buy is intentionally made more annoying and harder to use. I also see stealing is wrong, and some reasons to do so are just justifications for behavior. But I can also see the future can not be held back, and the entire concept of data ownership and usage may have to be drastically altered, changing the definition of what “stealing” is in these cases. It’s going to be a very interesting next few years….

Mona Lisa in 1’s and 0’s

Discovered something interesting:
Portrait Professional
digital image software that “improves” the image by fixing imperfections in the face–from blemishes and acne, to facial structure and size problems!
In one way, this is really cool! Look at the before and after pictures. The geek in me can’t help but find this fascinating. Some (not all!) of the after pictures do indeed create “prettier” people.
But, the paranoid social sciences student in me is aghast! The power to “alter reality” williynilly!
Oh, photographs have been altered since photography was invented. Since portrait painting! Think Mona Lisa really looked exactly that good? Magazine cover artists airbrush and “perfect” beauty all the time.
But there’s something decidedly creepy about this. Granted, anyone with a little Photoshop skill can do what the software does…but now anyone without any skill can change the photo record of what someone looks like, meant for the ages (or at least until the picture decays), into something not quite real. We expect portrait paintings to be idealized. We expect marketing people to perfect beauty, but do we expect anything but “honesty” and “reality” from personal snapshots? They’re supposed to be moments in life, captured in medias res, and not polished and edited to remove imperfections.

The counter might be arguing for intent–this software is intended, as the sample images on the site imply, not for capturing that moment of candles being blown out on a cake or getting a hug from Goofy at Disneyland, but for people taking what is today’s version of the portrait or sculpture. Instead of spending hundreds or even thousands getting a professional glamour-shot with pre- and postproduction editing, do it yourself.

And I would. I would probably use that thing all the time. but, I still can’t help but feel like it’s a step closer to some cyber-distopian where there is no objective historical records of anything. Where all documentation is created and changed with bias.

…but then, I guess, aren’t ALL “historical records” of all sorts?

Video Sci-Fi Podcast: Fascinating!

The Slice of SciFi podcast had an interview last week with the creator of a new video podcast that’s really interesting:
Stranger Things
It’s an amateur project with an incredibly professional feel. Filmed in HDTV, it’s meant to be a “Twilight Zone” or “Outer Limits” for today, focusing on stories of speculative fiction like sci-fi, supernatural, horror.

Good for them, for creating quality content available to anyone, done out of their love for the topic and craft.
Check it out.

Oh, shouldn’t have to be said but I often discover it actually does: you do NOT need an iPod to play podcasts, visual nor audio. 99.9% of podcasts are MP3 files, playable on anything including your PC. the M4A’s that video podcasts are saved us require Quicktime, I believe. (I use MediaPlayer in Linux and I just had to install a bunch of video codecs, so I’m not sure which one plays M4A’s.)

Microsoft’s Extortion of Linux Distros

Wow, Microsoft has some huge brass ones!

Ballmer: Linux users owe Microsoft

Ballmer never expresses, so far as I can find, what Microsoft “intellectual property” Linux users are using in violation of copyright. Just the ability to use an operating system to run a PC?!

His statement:

“Only customers that use SUSE have paid properly for intellectual property from Microsoft,” he said. “We are willing to do a deal with Red Hat and other Linux distributors.” The deal with SUSE Linux “is not exclusive,” Ballmer added.

amounts to nothing more than extortion!

UPDATE: Some readers’ comments from Computer World.

Presidential Words

Interesting link on BoingBoing today. Someone has compiled and analyzed all the words used in Presidential speeches throughout U.S. history and built a tag cloud with a sliding timeline gauge.

http://chir.ag/phernalia/preztags/

(It may load slow, probably because it’s being hit hard after being BoingBoinged. Almost like being SlashDotted.)

The word “terrorism” standout like a solar flare in Shrub’s history of words used. Interesting, “appropriation” was used a lot, a lot, during the 19th century and into the 20th. A lot. It’s an interesting site to play around with.

Crypto Comedy

This is great! I love this comic: XKCD. It’s often so smart and clever! This one really tickled me. =)

(but then, I’m something of a crypto fan.) Which reminds me, in order to get the joke, you need to understand the method cryptographers use to teach and explain encryption processes and the like:

http://en.wikipedia.org/wiki/Alice_and_Bob

Knowing that, the comic is funny. =) But the punchline comes with the cartoonist’s mouse-over ALT tag:

“Yet one more reason I’m barred from speaking at crypto conferences.”

Yet one more reason I'm barred from speaking at crypto conferences.

The Virtue of Privacy

This opinion poll showing a slim majority of Americans don’t mind their phone records being tracked by the government is disgusting and depressing:

http://abcnews.go.com/Politics/story?id=1953464

It’s not as simple as “If you’ve done nothing wrong, you have nothing to worry about.” The very idea of privacy and right to privacy even if it’s for something as mundane as your secret cookie recipe or that you call American Idol voting numbers, is of utmost importance to the concept of the unalienable right of liberty as humans.

On a related side-note, it’s being investigated that the government is using the billions of phone records sold to them from major telcos (see my blog: The Audacity of Dictator Bush ) to investigate reporters and leak sources. Even if bush was a great guy, what about Cheney? Or Rove? Or any of the hundreds of people who work in the White House? Or the RNC? Or the next administration? How can there be any guarantee that this collection of private information won’t be used by someone for nefarious or personal aims? How can there be any guarantee that this information that is one of several types of private information gathered on innocent citizens without court orders or oversight or check and balance, won’t be leaked to corporate interests?

63% of Americans think collecting phone records is an OK way to fight terrorism, but are they thinking about the threat of what else this information can be used for? Monitoring our press. Monitoring liberal activists and protesters. Investigating political opponents. This kind of information is a powerful tool to anyone who has an iota less than perfect intentions and a modicum of access. This is information that is too easy, in fact waiting to be abused by people with power.

People being incarcerated without charges and access to legal council. Innocent citizens being phone tapped without court order or oversight. Billions of phone call records collected without oversight. CIA secrets being “declassified” at will without using proper channels of review. These are all things the office of the president have done, that we know of! And these are things that have been done by the Executive Branch alone under the name of “war powers,” because we’re at war. Do people not recognize that this “war on terror” is a never-ending war? It can not be won. There will always be terrorism and to think that there can be a winner against it is naive at best and contrived at worst.

Ever read Orwell’s “1984”? A fictionalized account of a fascist, totalitarian government that uses (among other very familiar techniques) the concept of eternal war to keep citizens in fear and retain absolute power to violate civil and basic human liberties and rights in the name of security and safety.

Why is privacy to vital? So important? Even to people who technically have nothing to hide?

Because as human beings, unique individuals, we have as one of our unalienable rights as termed by our country’s Founding Fathers, the right of self sovereignty. The right, simply for being born human, to be free from oppression, free from government control, free from unlawful search and seizure. This is a basic right, the cornerstone of liberty. It is valid and necessary especially if all someone has to hide is how often they talk to their mother or what they’re buying from the store tomorrow.

No one, especially the government which by its very existence has inordinate power and control over the citizenry, has the right to pry into the affairs of a sovereign citizen. The ability to abuse and misuse information about a person is to easy by those who have power–all effort to limit how much those in power can know about the individual citizens becomes extremely important in a free society that supposedly values liberty and democracy. The individual has the ultimate right to give up whatever information about themselves they choose to divulge, it must not be taken or stolen or bought and sold without the individual’s express and informed consent.

When the government has the ability to know everything it wants to know about you, the government has an abusive and corruptible level of power that can not be easily returned back to the people, generally not without revolution and a complete recreation of the government for and by the people.

It doesn’t matter if you “have something to hide” or not. Secrecy and privacy is a default right and freedom we have as individuals, and it must be protected at all costs. When the government has all the knowledge, it must be feared. When the people retain their liberty and privacy, they are to be respected.

Unfortunately there’s no good privately available voice scrambler tools, that’s easy to use, that I know of. And aside from using pre-paid cell phones bought at a convenience store every month or so, there’s little a person can do right now to make sure their phone usage is not being monitored. Oh, at the moment, I think using Internet Phone services, and telcos like Qwest, are decent, but the government has taken more than an inch…who knows when they’ll grab that mile, if they haven’t already!

Of course, I say again, we had all the information on the 9/11 hijackers before 9/11 we needed to arrest them, and we didn’t have these phone tapping and monitoring and tracking programs. So spying on millions of innocent citizens doesn’t seem to be necessary. And how effective is it anyway? Think Al Qaeda terrorists are signing up for AT&T landline phone service wherever they go?! No, they’re using pre-paid cell phones, the Internet, many and various methods of communication. So what real purpose does the administration have on court order-less wiretaps and phone record acquiring? At best it’s a misguided attempt to look involved in security, like ridiculously increasing airport security checks on citizens while cutting 9,000 border patrol jobs and making it easier for someone with a dirty bomb or bioweapons to waltz across the Mexican border.

This administration cares about corporate interests. They’d much rather allow their industrial buddies to hire cheap, illegal immigrant workers than to do anything about securing the Mexican border.

But I digress.

Privacy on the Internet. I heavily recommend these products:

GPG4Win — Free software package for Windows using GnuPG encryption for e-mail and files. May be a little tough to get used to initially, but highly worth it!

Steganos — Internet and PC security and encryption that must be bought, but is SO user-friendly and easy to use and extremely effective. If you have the money, this is a must have!

GnuPG — Highly effective open source encryption software for all platforms.

PGP — The one-time default encryption and security tool; used to be free. Not costs, still effective, but not near as nice and user-friendly and complete as Steganos.

Enigmail — If you use Thunderbird e-mail client, use this plug-in to add security and encryption into your mail.

Internet Neutrality – Selling of the Net to Corporate Interests

There have been a lot of chain e-mail over the years with silly Internet scares.

Unfortunately, this isn’t one of those.

Congress (well, the Republicans in Congress) have been working with the telcos (remember, those companies which have been selling our phone records to the government?) to craft legislation removing the neutrality of the Internet. What that means is that the telcos and ISP’s will be able to determine what content on the Internet their customers can reach, based on who is giving them money.

For example, let’s say your ISP is AOL. Let’s say Google won’t pay AOL a service fee. AOL can then prevent its customers from being able to access Google and will forward their customer to some search engine that is paying AOL a fee.

Consider if you owned a small business. Let’s say a mail-order baking business that relys on the Internet for your sales. Let’s say a larger competetor of yours pays the ISPs and telcos a charge and you can’t afford to. Now Internet users will be able to access your competitor’s site and not yours.

What do you think of that?

Think the Republican Party is not now the party of corporate interests? Check out this map of Representitives who have voted for and againast this act: http://www.savetheinternet.com/=map

When the Internet was developed in the 1960’s and 70’s, its biggest benefit, its best feature, was its utter neutrality. All information available democratically, unfettered, a bastion of freedom and liberty. Designed to be able to withstand nuclear war and natural disasters, the Internet was meant to be persistant freedom incarnate in electrons. Now the government wants to sell that away to corporate interests.Maybe democracy IS over. Maybe America as it was originally conceived by Franklin and Washington and Jefferson and Adams, is at an end. Maybe the future does belong to corporations and empirical governments. What with the erosion of civil liberties, the coming end of a free Internet, the government control of the media, military invasions and never-ending wars, maybe the world is changing into a hell for humanity and there’s no stopping it.

Well, if there’s any fight, and chance left:

http://www.savetheinternet.com/

http://en.wikipedia.org/wiki/Net_neutrality

Write your Representative

Revealing of the Lambs

From CNN’s article on DefCon (http://www.defcon.org/):
http://www.cnn.com/2005/TECH/08/02/defcon.hackers.ap/index.html

The Internet has become “crime ridden slums,” said Phil Zimmermann, a well-known cryptographer who spoke at the conference. Hackers and the computer security experts who make a living on tripping up systems say security would be better if people were less lazy.

To make their point, they pilfered Internet passwords from convention attendees.

Anyone naive enough to access the Internet through the hotel’s unsecured wireless system could see their name and part of their passwords scrolling across a huge public screen.

It was dubbed the “The Wall of Sheep.”

Among the exposed sheep were an engineer from Cisco Systems Inc., multiple employees from Apple Computer Inc. and a Harvard professor.

That’s too funny. =)