Oct 12, 2000

Spam blacklist battle goes to court
Spam & E-Mail
10/12/2000; 3:54:23 PM

'In a case with a host of free speech and e-commerce-related legal implications, a San Jose judge today is scheduled to consider arguments in a lawsuit involving the conduct of Mail Abuse Prevention System, or MAPS, a widely used Peninsula company set up to help companies screen junk e-mail.

'Under attack from companies that have wound up on its so-called ``Blackhole List'' of junk e-mailers, MAPS filed suit this spring seeking a definitive ruling from a California court that its practices do not violate any laws. The target of the suit was Black Ice Software, a New Hampshire maker of software tool kits that had threatened legal action over being placed on the Blackhole List....

'``We're no different than a restaurant reviewer at the Mercury News saying `Don't go to this restaurant,' '' said Anne Mitchell, legal director for MAPS. ``People are free to go there or not. It's just opinion protected by the First Amendment.''

'Companies like Black Ice disagree. Lawyers for Black Ice could not be reached for comment Wednesday, but in court papers they have depicted MAPS as recklessly disseminating false information. Critics of the Redwood City company maintain it has accumulated too much control over what Internet messages reach their destinations.'

I think MAPS' position is literally correct. They are no different then a restaurant reviewer. This case should then be run as a libel procedure, where MAPS will almost certainly come out on top, because of their precise definition of who gets placed on their list, and their ability to substantiate placement of people on their list (a statement is not slanderous if it can be proven true, and MAPS' statements are quite clear and easy to prove).

This is the inactive-central-host problem, just like Napster. Napster does not move MP3 files. MAPS does not filter e-mail. Napster users are moving MP3 files around, RBL users are filtering e-mail. Can the central organization be held responsible for the actions of their users. The right answer is no, the answer I see coming is yes. Sadly, I think we're answering "yes" out of convenience, not out of logic or justice. It's just easier to go after the central source, so let's do it.

So what would you then do about a totally decentralized block list? (Such a thing could be easily created.)

Oct 12, 2000

SDMI cracked! Maybe!
Music & MP3
10/12/2000; 3:19:31 PM

'Watch out -- recording industry executives are about to start running for cover. All of the Secure Digital Music Initiative's watermarks -- its much ballyhooed music protection scheme -- have been broken. A spokesperson for SDMI has denied the reports, but according to three off-the-record sources, the results of the Hack SDMI contest are in and not one single watermark resisted attack.'

Also see the Salon article Is the SDMI boycott backfiring? for some good background on why this might to important news.

For what it's worth, I don't believe watermarking will ever be possible. If it's detectable, it's removable.  There are just too many ways of decomposing sound and recomposing it for watermarking to work.

Oct 11, 2000

Full Disclosure
10/11/2000; 2:43:08 PM

I've wanted to have the ability to look into the web server log for this site for a while but haven't been able to, because that info is not available through Several people around have been using SiteTracker, but I do not want to farm this out to a third party.

Thus, I've tacked something on the end of my pages that will ask for an image from another web site I have possession of and the ability to read the logs of.

If this bothers anybody that I can now see standard log information, please let me know (although absolutely every site on the net does this, because web server log info is vital to running a server). It will help me understand how people are using this site so I can improve it.

Oct 11, 2000

When to Make the Link
Free Speech
10/11/2000; 2:27:37 PM

'It's an illustration of potential pitfalls as news organizations direct readers into cyberspace. And it raises the question: If these news organizations have an obligation to stand behind the content of their stories, should they also be responsible for the material on the sites to which they send their readers?'

Well, that depends. When the news announces that there will be a Klu Klux Klan rally at the capitol steps tommorow at 5:30 p.m., are they somehow magically responsible for the rally? Should we prosecute the news outlets under hate crime laws?

The only reason not to link to sources is that you don't want your interpretation challenged, or you don't trust your readers (or you don't trust your readers not to challenge your interpretation). Make the links. Disclaim them to your hearts content, but it's not really necessary, because you are not responsible for the content on the other end.

If you are responsible for the content on the other end, then it should cut both ways. If you link somewhere "bad" (whatever "bad" is), then you should share in the "bad" consequences, but that should equally mean that by linking somewhere "good" you should share in the "good" consequences. Clearly, getting "goodness" from a link is absurd (Amazon, I hereby charge you $1000 for this link!). Being somehow responsible for bad effects is equally absurd for exactly the same reasons.

Link the sources!

Oct 10, 2000

Why the world needs reverse engineers
Privacy from Companies
10/10/2000; 2:22:28 PM 'Many of the privacy risks we face today such as the unique computer identification numbers in Microsoft Office documents, the sneaky collection of data by Real Jukebox, or the use of Web bugs and cookies to track users were only discovered by opening up the hood and seeing how things really work. Companies do not publish this kind of information publicly.

'Sometimes they even disavow that they meant to design and build their products to work way it ends up working. People engaged in reverse engineering are a check on the ability of companies to invade our privacy without our knowledge. By going public with the information they uncover they are able to force companies to change what they are doing lest they face a consumer backlash.

'Uncovering security vulnerabilities is another domain where reverse engineers are sorely needed. Whether by poor design, bad implementation, or inadequate testing, products ship with vulnerabilities that need to be corrected. No one wants bad security, except maybe criminals, but many companies are not willing to put in the time and energy required to ship products without even well known classes of problems. They use weak cryptography, they don't check for buffer overflows, and they use things like cookies insecurely. Reverse engineers, who publicly release information about flaws, force companies to fix them, and alert their customers in a timely manner.'

<- Future Posts Past Posts ->


Site Links


All Posts