BBC – Whatever happened…
March 17, 2008
…To our dreams of freedom?
A documentary by Adam Curtis. First part below, next 2 parts also on youtube.
Ethereal NSIS issues…
March 17, 2008
UPDATED: Cheers AMIR – Wireshark has superceded Ethereal and is available free from http://www.wireshark.org/download.html
…I have of late been trying to DL another copy of Ethereal for various projects I am working on. Thing is, just can’t seem to get a version which doesn’t complain on install (via NSIS error) about ;
"The installer you are trying to use is corruted or incomplete. This could be the result of a damaged disk, a failed download or a virus."
JR Croy, if only there were more…
March 17, 2008
…like this man, who, when he found himself in a shop being held up by some guy with a gun, decided to do something about it, and smacked the (would be) robber repeatedly in the head with a sledgehammer that he happened to have with him – pure class. Bet that fucker thinks twice (if he can think for himself anymore, that is) next time he robs a small store ;) Full story here http://www.ananova.com/news/story/sm_899411.html?menu=
AN UNPRINCIPLED SCHEME
March 17, 2008
[Lifted from www.no2id.net]
The government’s own advisor lays out ten broad principles for the design of a “consumer-driven universal ID assurance system” scheme – and the Home Office ID scheme breaks them all.
1. Any scheme should be restricted to enabling citizens to assert their identity … BROKEN
2. Governance should inspire trust. It should be independent of Government … BROKEN
3. The amount of data stored should be minimised. Full biometric images (other than photographs) should not be kept … BROKEN
4. Citizens should “own” their entry. It should not be possible, except for national security, for any data to be shared without informed consent … BROKEN
5. Enrolment should minimise costs and give citizens a hassle-free experience … BROKEN
6. To respond to consumers and give benefits, it should be capable of being rolled out quickly … BROKEN
7. Citizens who lose cards or whose identity is compromised should be able to get it fixed quickly and efficiently … BROKEN
8. The scheme’s systems should work with existing, efficient, bank systems to reduce risks … BROKEN
9. To engage consumers enrolment and cards should be provided free of charge … BROKEN
10. The market should play a role in creating standards, to ensure ease of use and minimise costs … BROKEN
And finally – unless we’ve overlooked something – the Home Office published the results of its latest survey [PDF]. The Home Secretary bluffs and blusters that the benefits of ID cards are “undoubted”, but her own department’s research shows that while three-quarters of people consider the claimed benefits to be “very important”, only just over one quarter consider them to be “very believable”.
Unprincipled. Unchanged. Unbelievable.
[For an explanation of how each principle has been broken, see NO2ID's press release on the Crosby Review.]
If you believe the hype..
March 17, 2008
…we (They) know where every single untaxed car is among the millions of car owners in the UK, every unlicensed but we haven’t got a clue where thousands of `illegal immigrants` and `terrorists` are located – maybe Gordon should put the fucking DVLA in charge of immigration, SOCA and MI5/6 et al…
Phorm technicalities, misinphormation
March 17, 2008
It is apparent that Kent Ertugrul still has a massive problem with telling the truth.The truth is, there is no proprietary system in use for monitoring your browsing. The phorm system *MUST* be compatible with web browsers, which means it *MUST* use predefined web standards to do what it does. They may use any proprietary system they want for analysing the data, but not when dealing with the web browsers.
If we take Kent at his word that you can opt out by blocking cookies from oix, then he is lying about inserting cookies into other domains. A cookie set for guardian.co.uk is set for guardian.co.uk and is not blocked by any lock on oix cookies.
If we take him at his word on injection of cookies into other domains, then he is lying about being able to opt out by blocking oix cookies.
They are either injecting cookies into other domains, using 302 redirection headers, or inserting an image/iframe/javascript element into all returned pages (something else they deny).
If they are completely ignoring all opt out methods, then they could also simply copy every single page.
These are the 4 possible methods, none of them are proprietary, and only the 302 method would allow the opt out method they suggest while being able to not store a copy of the page.
The 302 method can break your entire internet browsing in some circumstances, and potentially opens up all 10 million customers to a very nasty attack in which DNS poisoning would allow an attacker to know every single URL you visit as well as your phorm cookie, regardless of opt out status.
The same attacker could easily redirect your browser to phishing sites, completely undermining the anti-phishing this is being sold on the back of.
Almost confirming that 302 is the method in use, Marc Burgess answered last night that POST requests are not touched by the system. POST requests cannot be redirected without breaking them. Combining 302 headers with POST requests would kill all login forms, forum postings, online ordering systems etc. The other methods could all be made to work with POST requests.
While stating they were injecting cookies into other domains, Kent made a very big screw up. Apart from the fact it cannot be true if their opt out system works (and they really need it to work to comply with the DPA), if you visit a domain for the first time and have no cookies set for that domain, the phorm system would have no way to identify you from your cookie ID. Generating a random ID each time would mean that your browsing history is a series of unlinked matches, and the phorm system would only be able to use the matches it found on the current page. This is no different in advertising terms than serving up adverts relevant to the site rather than the user, and it does not require the massive invasion of privacy to achieve. It does not even require the use of cookies. It’s the most basic and non-invasive form of web advertising there is when done correctly.
Of course, they could be lying again. If they have a way to identify the account that is visiting the site, they can link the current cookie to the previous matches. This goes against everything they’ve said about protecting your privacy.
Kent also claims in various places that it is impossible to link a cookie to personal data, and considers IP addresses as personal data. When combined with the claim that ads are served in the normal way, we have another inconsistency.
When you have your data analyzed at the ISP end, they may not have an IP address to tie the cookie to, but once you pull an ad from their site they operate exactly as any other ad broker. The very nature of TCP/IP demands that they know your IP when you send the “anonymous” cookie.
There are many completely incompatible “facts” being spread about this system by both Kent and the phorm “tech team” (who are actually a hired P.R firm with no knowledge of the system). Some are incompatible with each other, some are incompatible with the underlying architecture of the internet.
They are relying on the average user not understanding this. It’s the reason they ask if you’d mind them giving you phishing protection, rather than asking if you mind them copying every single page you visit. They need the masses to stay uninfomed
British Telecoms Bad Phorm
March 17, 2008
BT has admitted that it secretly used customer data to test Phorm’s advertising targeting technology last summer, and that they covered it up when approached on the subject.
In a statement, BT said: “We conducted a very small scale technical test of a prototype advertising platform on one exchange in June 2007. The test was specifically conducted to evaluate the functional and technical performance of the platform.
“Absolutely no personally identifiable information was processed, stored or disclosed during this trial. As with all service providers, it is important for BT to ensure that, before any potential new technologies are employed, they are robust and fit for purpose.” – read: Blah Blah Blah, inane drivel….
It is likely many people will look to take legal action.
“…absolutely no personally identifiable information was processed, stored or disclosed” meaning all information was processed, stored or disclosed but the personal bits were filtered out – although presumably in retrospect the two sets of information are help in different places and CAN be reunited. Clearly unlawful.
Various people have already filed complaints with Information Commissioner’s Office and are consulting on how to proceed through the courts with other BT subscribers who believe their connection was subject to illegal Phorm tests.
BT claim that only ONE exchange was involved. Going on the accuracy and transparency of information supplied in the past on this matter I see no reason anyone should believe this.
BT are still banging on about how it is compliant with DPA and various other legalities. Legality is however not the only issue here. I mean murdering nigh on a million Iraqis is apparently `legal` yet growing or selling cannabis will get you locked up. Just because something is Legal does NOT make it OK or FAIR or ACCEPTABLE to MOST PEOPLE – this is increasingly the case in society.
Sir Tim Berners-Lee has spoken out against ISP ad targeting. He summed up public opposition to the system: “It’s [web traffic] mine – you can’t have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I’m getting in return.”
The Downing Street petition against Phorm has now amassed almost 5,000 signatures.
Carphone Warehouse has said it will ensure that its subscribers are opted out of Phorm and Webwise by default. BT and Virgin Media have made no such promise – time to give them the fuck off, methinks.
