Rosio Pavoris a blog

MySpace bars 29,000 sex offenders

The company found more than 29,000 convicted sex offenders in the United States had profiles on MySpace – up from a figure of 7,000 given in May.

MySpace said it was pleased it had identified and removed the profiles of the offenders.

I’ve complained about this before—”sex offender” is far too broad a term, Megan’s Law is a miscarriage of justice, if these people are online they’ve already done their time (though double jeopardy doesn’t apply in this case, obviously), it’s not Myspace’s place to be a parent to your children, &c. &c.

“The exploding epidemic of sex offender profiles on MySpace – 29,000 and counting – screams for action,” said Connecticut Attorney General Richard Blumenthal.

In North Carolina, Attorney General Roy Cooper wants a state law that would require children to obtain parental permission before creating profiles on sites such as MySpace, and require the site to check parents’ identity.

Attorneys General Blumenthal and Cooper are fucking idiots, either out to get some easy votes or insane paranoiacs ignorant of their own laws.

That is all.

Edit: Alright, not quite all. There’s also this post by Stephanie Booth, which for the most part articulates my thoughts a bit more coherently. Go read it.

Met given real time c-charge data

Police are to be given live access to London’s congestion charge cameras – allowing them to track all vehicles entering and leaving the zone.

Anti-terror officers will be exempted from parts of the Data Protection Act to allow them to see the date, time and location of vehicles in real time.

They previously had to apply for access on a case-by-case basis.

Home Secretary Jacqui Smith blamed the “enduring vehicle-borne terrorist threat to London” for the change.

(…)

But they will only be able to use the data for national security purposes and not to fight ordinary crime, the Home Office stressed.

(For the non-British, “Met” is the Metropolitan Police Force, which is responsible for Greater London. Because apparently London is a separate country now.)

To be perfectly honest, I’m surprised they hadn’t been doing this, and that it took six years for them to actually have the gall to.

Yes, if there were a legitimate terrorist threat, this would be understandable, and perhaps even defensible, but remember, the “enduring vehicle-borne terrorist threat to London” consists of a single amateurish case involving two car bombs, neither of which would have been detected using these cameras.
Islamic terrorism over the past six years has had far less impact than the IRA in the ’80s and ’90s, and they apparently never merited this sort of bullshit.

But the worst part of this: why, pray tell, is “national security” suddenly an acceptable excuse when “ordinary” crime isn’t? They know damn well the people wouldn’t put up with using these cameras for regular crime-fighting (well, considering that this is London, they probably would; I wouldn’t be surprised if in a few years, they expanded their power to also allow for regular crime-fighting, and the people of London wouldn’t even notice), so why the fuck are we (well, they) supposed to put up with this for “national security”, a term so vague it might as well mean nothing at all?

Anyway. This acknowledgement probably means it’s been going on for years by now, and it’s a good example of how you will lose your rights if you don’t care about them.
I’m not sure if apathy or fear is the greater driving force behind the Londoners not doing something about this, but in the end, it amounts to the same thing.

The Belgian Society of Authors, Composers and Publishers (SABAM) has just won an important legal battle within the context of the dispute that opposes it to the Internet Service Provider (ISP) Tiscali, which has become Scarlet Extended Ltd. In its sentence of June 29, 2007, the Court of First Instance of Brussels is demanding from the access provider that it adopts one of the technical measures put forward by the expert in order to prevent Internet users from illegally downloading SABAM’s musical repertoire via P2P software.

From here (PDF warning).
SABAM is trying to set itself up as a defender of poor starving artists (something the RIAA stopped doing years ago), but the implications are obvious: the right to privacy does not exist online.

There is no way to enforce this decision.
The only way that could come close is either running all traffic through something like this (with the extra overhead and reduced speeds that entails; and it’d be trivial to circumvent it with encryption), or just blocking all P2P traffic through packet shaping (and the inevitably enormous amount of false positives and blocking of legitimate traffic that entails; what constitutes P2P, after all, and how would go about reliably distinguishing it from non-P2P traffic?).
This idea that ISPs are able to regulate, or can realistically be held responsible for, what their users do on their network is something I’ve never been able to get. It just shows an incredible ignorance of how the internet works, and what the internet actually is.

Either way, Scarlet isn’t an ISP any self-respecting user should pay money to use.
Scarlet (formerly the Belgian branch of pan-European Tiscali) isn’t the largest ISP in the country by any means (Telenet is, and I think Belgacom is bigger too), and it’d surprise me if there are any people who have no other options, but they’re big enough that this is a real problem.
Though it’s also important to keep in mind that Scarlet isn’t to blame for this; SABAM is, and whatever moron judge presided over this case.

Complain loudly.
This case is exactly like suing the mail system because you can send CD-ROMs of MP3s to people through it. There’s a reason it’s illegal to open other people’s mail.

(Via Slashdot, because I don’t watch the news often enough anymore.)

(Blatantly stolen from I Can Has Cheezburger?.)

Google’s Street View could be unlawful in Europe

EDITORIAL: Like a trigger-happy tourist, Google has shot almost every street in five US cities and added its pics to what might be the world’s biggest holiday album. But if Google ever starts shooting the streets of Europe, courts here could fight back.

(…)

If you are caught on camera and complain to Google, Google will remove the pics. But that may not be enough for Europe’s courts.

Our data protection regime lets us take holiday snaps, even of strangers, provided we’re doing so for private purposes. But if we’re taking snaps for commercial use, where individuals are identifiable, there is no such exemption. We need to notify the subjects, and that’s hard for Google to do. Even a loudspeaker on top of the camera cars (“Hi, it’s Google here, say ‘cheese’ everybody!”) might not suffice.

The law sets extra requirements for so-called sensitive personal data: it demands explicit consent, not just notification. That means when taking pictures of someone leaving a church or sexual health clinic – which could reveal a religious belief or an illness – camera cars might need to pull over and start picking up signatures.

I understand some people don’t think Google Street View is a privacy nightmare and a stalker’s best friend (that’s actual stalkers, and not the “Facebook Newsfeed” kind of stalker), but these kind of laws just make sense, I think. This “if you’re out in public, people can see you” type of bullshit is getting on my nerves.

Google’s options now seem to be to either do that thing where you take several pictures and splice them together to get rid of the people in it (or essentially the same thing with the longer exposure time, or perhaps use some form of image recognition to automatically find and blur out people in pictures, which would be impressive, technically), or to hide behind varying definitions of “commercial”.
While I don’t like Google, I’ll grant they do tend to not go for the legal jackassery if there’s a techy option available, so I’m guessing they’ll do some variety of the former.

(Via Slashdot.)

Just… ouch.
The picture says it all.

There’s a race going on in the entire English-speaking world to achieve the most Orwellian society possible, and the UK is winning easily. It also seems to be the nation to care the least.
Canada seems to be safest for now, but not by as much as many would like to think.

Apathy kills, people.

(Via Phil.)

Department of Homeland and Security wants master key for DNS

The US Department of Homeland Security (DHS) (…) wants to have the key to sign the DNS root zone solidly in the hands of the US government. This ultimate master key would then allow authorities to track DNS Security Extensions (DNSSec) all the way back to the servers that represent the name system’s root zone on the Internet. The “key-signing key” signs the zone key, which is held by VeriSign.

DNSSEC is a set of extensions of the DNS protocols that are intended to increase security all-round by making it pretty much impossible to spoof DNS (among other things). Apparently the DHS itself is involved in funding part of it, and they seem to feel they should be in complete control of it, and completely exempt from the DNSSEC measures the entire world is working to implement.

This sort of bullshit is why the internet, if it is to be government-regulated at all, should be regulated by an international commission, as I’ve said before, and why even people in countries the US isn’t likely to invade soon should keep a close eye on the self-important windbaggery that goes on there.
The DHS is looking to turn the entire world into their personal police state playground.

(Via Slashdot, which gets the implications of this completely wrong.)

With Sweden on the verge of implementing a Big Brother type program and the US’s Department of Homeland Security Blanket trying to reimplement the Total Information Awareness project under a different name (it was axed last time for being worse than Orwellian), I was going to write a post about what privacy means in the Age of the Internet, and how much of it you should expect to be allowed to have, but I can’t really put it more succinctly than assume people read your e-mail.

For all intents and purposes, everything the average user does on the internet with vanilla applications (that is, an account with a regular ISP, a brower, and maybe an e-mail client) is visible to everyone who wants to look at it. This includes every single e-mail you send and receive, every website you visit, and every password you use.

If you do not have a firewall, do not even assume your computer itself belongs to you.

If you do not use PGP (or something similar) to encrypt data, do not assume your e-mails are private. Do not use e-mail to share private information or files.

If you do not use an anonymiser of some sort (such as Tor), do not assume people aren’t watching your every move.

Do not assume IM is secure. Do not assume IRC is secure. Do not assume anyone cares about your privacy. Individuals won’t, and corporations may appear to, but really, they won’t either. Safe-guarding user privacy is a costly affair, and even though security breaches cost customers, anything beyond some (very) basic measures won’t be worth their time.
For similar reasons, do not use the same password for everything. All it takes is a single company being stupid enough to store passwords in plaintext and a single security breach to compromise every single one of your accounts, even if you’re careful otherwise.

You cannot erase your tracks once they’ve been made. You can make sure they don’t lead directly to you if you take care to prepare.
If you access a website, it will be logged, and storing logs is so cheap and so handy few companies clear out their old logs. If you receive an e-mail, it will be archived indefinitely (especially if you use Gmail), attachments and all, even if you delete it.

There are ways to protect yourself, but they involve in-depth knowledge of the tools you’re using to be really safe. If you’re using tools for the wrong purposes, you may end up more vulnerable than you started.
Many people use proxies to protect their identity, for example. These people don’t understand how proxies work, or why they exist.

There is no such thing as paranoia online.

Having said all this, do I bother with it myself?
Not really.

I’m aware of my vulnerabilities, and only cover up the ones I care about the most.
I use a decent firewall, and a fairly large number of passwords. I do not handle sums of money over the internet I cannot afford to lose. When I do handle money, I make sure whatever I’m using uses a secure connection (at its most elementary, HTTPS).
Maybe that has more to do with the unreliability of Paypal than with a fear of losing my savings.

I do not encrypt my e-mail. I do not send vulnerable information over e-mail. The most private thing I e-mail people is the occasional picture of my penis, and if anyone really wants to see that, honestly, just ask and I’ll probably show it to you anyway.
Of course, a problem with encrypting e-mail is that the people you’re e-mailing need to be able to decypher it.

I do not use anonymising networks. I don’t care if people know which sites I visit. I’m not ashamed of anything I do online, and nothing I do can be used to blackmail me.
Of course, a problem with anonymising networks is that they add additional routing points between you and whatever you’re looking at, so they add lag. And they aren’t really suited for general use anyway.

Which, of course, demonstrates the problem. Increased security almost always comes at the cost of convenience.
Up to a point, it’s definitely worth it, and the point is probably different for every person. You cannot decide where it is, though, without realising how incredibly vulnerable you can be.

If I end by saying that as far as basic privacy goes (as opposed to actual identity theft), you just shouldn’t do anything you don’t want people to find out about, people will accuse me of siding with Big Brother, and they’d be right to say that, so instead, I’ll just repeat:

Assume people read your e-mail.

Keeping that in mind is the first step to keeping (or reclaiming) your civil liberties online.

From here:

A CARELESS mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA “help information” [local] trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.

This seems to be a repost. Google returns articles on the topic dating as far back at 1999, so presumably this was discovered in 1997, and Wikipedia claims the Lotus thing happened in 1997, which would put the first discovery of this thing in 1995, so it’s entirely possible this problem was both short-lived and mostly contained to versions of Windows so old nobody uses them anymore at this point, if it was a problem at all.
The bit about Windows 2000 makes it seem like an update to the older article, but Windows 2000 came out seven years ago as well.

Reposting it now, especially without context or date, mostly seems intended to dissuade people from switching to Vista. There are plenty of valid reasons not to “upgrade”, so bringing up a decade-old possibly-moot argument seems lazy.

Either way, it’s intriguing. Does anyone have more information on this?

Police blotter: Teens prosecuted for racy photos
“On March 25, 2004, Amber and Jeremy took digital photos of themselves naked and engaged in unspecified “sexual behavior.” The two sent the photos from a computer at Amber’s house to Jeremy’s personal e-mail address. Neither teen showed the photographs to anyone else.”

These kids were 16 and 17. It’s legal for them to have sex. Apparently it’s not legal for them to see each other naked.
I especially liked this bit:

“Further, if these pictures are ultimately released, future damage may be done to these minors’ careers or personal lives.”

Because the best way to protect the children is by labelling them child porn producers and getting them permanent spots in the sex offender registries.

The minority opinion was the sane one here:

If a minor cannot be criminally prosecuted for having sex with another minor, as the court held in B.B., it follows that a minor cannot be criminally prosecuted for taking a picture of herself having sex with another minor. Although I do not condone the child’s conduct in this case, I cannot deny that it is private conduct. Because there is no evidence that the child intended to show the photographs to third parties, they are as private as the act they depict…

Someone needs to have some sense beaten into them, and it’s not the kids.

This is exactly as ridiculous as charging a masturbating teen with sexual abuse of a minor. This is a private matter between responsible adults (yes, adults, in this respect; if they’re mature enough to have sex, they’re mature enough to decide whether or not they want to send their loved ones nude pictures of themselves). If anyone should be punished in this matter it’s whoever passed these pictures on to the police (presumably the parents of one of the kids), for violation of privacy and perhaps even sexual abuse of minors, since they distributed the pictures without the consent of either party.
People make me angry. I blame social conservatives.

(Via a bunch of places.)

Whitehall plan for huge database
“A giant database of people’s personal details could be created at Whitehall under government plans which ministers say will help improve public services.”

This isn’t the first time he’s tried this, or even the most blatant attempt. It seems the British government really has problems realising when they’re being excessively creepy. Remember this poster?

This was real, apparently.

People need to stop reading Nineteen Eighty-Four like an instruction manual.

Britons to be scanned for FBI database

“The Observer has established that under new plans to combat terrorism, the US government will demand that visitors have all 10 fingers scanned when they enter the country. The information will be shared with intelligence agencies, including the FBI, with no restrictions on their international use.”

The article says Britons because it’s British, but it really applies to all foreign visitors.
As you may or may not know, the US still requires the tourist visa thing from most foreign visitors, but a number of countries (Belgium among them) can go through the DHS’s US-VISIT program instead. This involves having your picture taken and being fingerprinted. Now, there being no evidence whatsoever that this program has done anything but harass legitimate visitors, they’re extending it to eventually integrate it with the FBI’s database as well.

Even if you don’t object to being treated like a criminal for no reason, keep in mind that fingerprint identification has a pretty high error rate, and these prints will mostly be taken by inexperienced staff using equipment that takes thousands every day. Combine this with the fact that habeas corpus is still suspended in the US, and suddenly you have a very real chance of being detained indefinitely without any trial rights whatsoever when all you wanted to do was visit some friends for a week.

Of course, the American populace won’t care. After all, non-citizens aren’t really people, and all of them are probably in league with the terrorists anyway.

George Orwell Was Right: Spy Cameras See Britons’ Every Move

From the article:

“People are shocked when they hear the cameras talk, but when they see everyone else looking at them, they feel a twinge of conscience and comply,” said Mike Clark, a spokesman for Middlesbrough Council who recounted the incident. The city has placed speakers in its cameras, allowing operators to chastise miscreants who drop coffee cups, ride bicycles too fast or fight outside bars.

Almost 70 years after George Orwell created the all-seeing dictator Big Brother in the novel “1984,” Britons are being watched as never before. About 4.2 million spy cameras film each citizen 300 times a day, and police have built the world’s largest DNA database. Prime Minister Tony Blair said all Britons should carry biometric identification cards to help fight the war on terror.

This is hardly surprising; the UK has slowly been turning into a surveillance state for years now (one camera per fourteen people, roughly; though they’re not nearly as concentrated in smaller villages, and much more so in London itself, of course), and 9/11 only made things so much worse.
I know, “if you go out in public people can see you”, but that does not justify this kind of mass surveillance.

And of course (if “Orwellian” struck you as hyperbole), in addition to this there’s Blair’s biometric ID card project (als mentioned in the article). Unlike some people, I don’t particularly have any problem with identity cards, but huge biometric databases just open the doors to staggeringly painful abuses.
Regular identity cards present a slope, though I’m not convinced it is slippery; but this is hardly relevant when you have a government willing to jump down it head-first.

The privacy situation in the UK is even worse than the US. Blair may claim that citizens have to sacrifice some freedoms to fight terrorism, but Franklin, twat though he was, was ten times the man Blair could ever hope to be, and he was right when he said “Thoſe who would give up Essential Liberty to purchaſe a little Temporary Safety, deſerve neither Liberty nor Safety”.
(Alright, so the origin of that quote is in doubt. It’s still true.)

Terrorism may be a police matter, but if that’s a reason to turn any nation into a police state, we have already lost.

(Via Slashdot.)

Film at 11.

“Senator: Illegal images must be reported”

The headline makes it seem reasonable enough, until you read on and realise that “obscenity laws” also apply to most porn and, given the vagueness of the bill, possibly things like swearing.
And then, of course, you remember that “sex offenders” include people who get drunk and peed in a bush somewhere and were caught, and kids who mooned their high school principal.
Also note yet another attempt at having people register their e-mails, similar to the proposed Schumer/McCain bill due in January.

This won’t pass, obviously, and even if it did, it would be widely ignored.
This sort of thing is a dangerous slippery slope nonetheless, both because of the attempts to make the internet “child-safe” at the expense of freedom of speech, and because it takes even more rights and civil liberties away from convicted sex offenders.
I’m not sympathising with rapists or pedophiles, obviously, but very few people realise how incredibly easy it is to end up being labelled a sex offender, and how far-reaching the consequences can be. Add to that that if these people are online, they’ve presumably already done their time in prison. Double jeopardy isn’t just a segment on a game show.

And finally, people just need to stop trying to legislate what they don’t understand. Clearly the internet is beyond people like McCain and Ted Stevens and, to be honest, most of Congress. There’s no shame in letting more competent people deal with things, y’know.

But as long as blatant pandering continues to get votes, McCain (and others) will continue doing it. And if nothing else, “sex offenders” and porn make better bogeymen than even terrorists.

(Through Slashdot.)

This is only of interest if you actually have a Facebook (and even then just barely), so I’m not going to bother to explain what the Newsfeed actually is.
Some people, including some people who really should know better, complained about it and called it “stalkery” and an invasion of privacy.

This is a social networking website, so stalkers should be a consideration, of course. Because of its exclusivity, Facebook is a lot safer than, say, Myspace, but it’s still internets. However, complaining about this particular feature of it is completely misplaced.

This is a website that exposes to everyone on it your real name and the college you go to, and you’re worried about people on your fucking friends list seeing trivial things they could see anyway, like what groups you join and who you friend? What the fuck is wrong with you?
The update that allowed you to turn bits of it off is an improvement, of course, but it’s an interface improvement, not a privacy improvement, because there was no goddamn problem with privacy that wasn’t already there before the Newsfeed to begin with.

I have said this before, but Facebook (and Myspace, and Livejournal, and other social networking sites) is not Pokémon. You do not have to “catch them all”. If there are people on your friends list you don’t want seeing these things, don’t fucking friend them in the first place.
Facebook is already too accomodating as far as that goes, with their “limited profile” thing, which also affected the Newsfeed.

The only reasons I can think of that people would join that retarded “Students against Facebook News Feed” group is:

1. They didn’t know how the Newsfeed worked.
2. They jumped on a random bandwagon.

Yelling at—oh, alright.

3. They were dropped on their heads as a child.

Yelling at admins about a feature you don’t even understand is retarded, especially if it’s a free service. Politely offering suggestions is fine, but again, make sure you understand what you’re complaining about.
I realise most people haven’t been in the situation I’m in, as the admin of a free online service (namely, Muffins), but everyone should at least be capable of understanding that having people *demand* you do something and denigrate you and the effort you put into something isn’t a lot of fun, especially if those people don’t seem to have a clue what they’re talking about.

Seriously, if you want to worry about your privacy, worry about the parts you should be worried about. Facebook is excellent about protecting privacy, as social networking sites go, but for all intents and purposes, anything you put online should be considered public.

Don’t be a fucking moron, and don’t jump on retarded bandwagons without thinking.