Staying Anonymous Online - A Guide to Anonymity, Privacy and Proxies

The Sad Tale of Uncle SMS

2012-05-09T15:01:00.000+01:00

If there's one law that would turn me into a republican pretty quickly it's that of Lese Majesty which is the crime of violating a sovereign ruler. It has it's origins in Ancient Rome and is based on their law of "injured majesty". It still exists on the law books of many countries including some in Europe but fortunately it is rarely used in the democratic nations. The last documented case in the UK was in 1715 for example.

Unfortunately Mr. Amphon Tangnoppakul (also know as Akong) did not live in a European democracy he lived in Thailand and on the 23rd November 2011, this 64 year old man was sentenced to 20 years in prison. The reason - for sending 'insulting text messages' regarding the Thai royal family to the personal secretary of the previous president. That's five years imprisonment for each and every SMS message that was allegedly sent!

Akong was dubbed Uncle SMS by his supporters and the various Human rights organisations who lobbied for his release.

If this sounds implausible and ridiculous, it's made even worse by Amphon's insistence that -

He never sent the texts
He doesn't Own the mobile phone used.
He doesn't know how to send an SMS

It seems likely he was completely innocent of the accused crimes but it's not likely that would have much bearing on his trial in any case. This is of course Thailand - a place described by the social commentator Sulma Suvaraks as

.... now in Thailand there is no respect for either the constitution or human rights

However the sad end to the tale is that yesterday on the 8th May, 2012 Uncle SMS's ordeal came to an end - he died in custody.

He had spent the last 20 months of his life in police custody on these ridiculous charges, the man who was suffering from oral cancer was denied bail 8 times on the grounds of the seriousness of the charges and that this old, sick man was liable to abscond. RIP Akong - he lost his life and his family lost a husband and grandfather to a stupid law intended to protect the honor of the Thai Monarchy. To be honest it doesn't look very noble or honorable from where I'm sitting.

You can read more about this story here -

Asian Human Rights Commission - Amphon Tangnoppakul

Interesting Essay on the Lese Majesty Law

Identity and Authentication Credentials - Cookies

2012-03-24T16:10:00.002Z

One of the big issues that every web site encounters is how to authenticate and identify it's users. In the physical world there are lots of straight forward options for doing this - you might have a security pass at your place of work or you may use a library card to borrow books against your name.

In these situations it's the physical credential that is important, you are allowed to borrow books based on the possession of a library card. You can walk passed the security desk because you're wearing a security pass or badge.

But how does this work in the digital world ?

Well it's actually very similar but obviously the credentials can't be in a physical form. The premise is the same - the credentials are presented, if these are authenticated then the owner is allowed access. Online authentication systems require the same sort of credentials as are used in the real world - i.e they need to possess one of the following requirements:

Something you know
Something you have
Something you are
A combination of the above

These are known as authentication factors and the more a system has then the higher the level of security. In security terms you'll hear expressions like Two factor authentication - such as an ATM machine. To get your cash you need a bank card (something you have) and a PIN code(something you know) in order to withdraw cash.

One of the most common authentication credentials used online is of course the cookie. Most people of course will have heard of these but it's often overlooked the huge power of this particular identity credential.

So what exactly is a cookie ? Well it's defined in the Hackers Dictionary as a handle, transaction ID, or other token of agreement between cooperating systems.

It's just like the ticket you are given by the cobbler when you leave your shoes to be mended. The ticket is only useful for one thing - for you to retrieve your shoes after they've been mended. It's just like a cookie - a record of a specific visit or transaction.

Online these cookies are exchanged between browsers (like Firefox or IE) and the web servers that people actually visit. Linking together transactions and people in the digital world just like the ticket for your shoe repairs

For example say you visit a website called www.surfing.com for the very first time. The owners of this web site want to see who visits their site so have configured their server to pass a cookie to every person who visits. The cookie is in the form of a little text file which unique information about your visit. The browser stores the cookie in a file on your computer - this file will be accessed every time you visit that web site again.

So here's the chain of events -

The server asks my browser to store some information for it.
The server supplies the information that is to be stored.
The browser stores the information in a text file on the computer (chosen by the browser).
The cookie doesn't contain any information about me (only my visit)
The cookie is a merely information (it can't be run or access anything on the computer)
The cookie is supplied back to the web server every time I revisit the site.

If it sounds quite simple, it's because it is. The primary aim is to identify subsequent visits by the same user over time - something that HTTP can't normally do because it is classed as a stateless protocol.

In practice it's used for remembering who you are, filling in online forms, remembering your password or the selections you made on the last visit. They are designed to make your visit to the site more rewarding and simpler of course if you'd rather be anonymous most browsers can be configured to not accept them.

They can be configured to do a host of other things though in certain circumstances which I will cover in a separate post. In general they are quite benign though and the chances are you probably have hundreds of cookies sitting on your computer at this very moment!

How to Watch Iplayer on the Ipad Abroad (E.g. USA)

2012-02-24T16:21:00.000Z

I've had an Ipad for a few months now without knowing much about it. The main reason is that my family love it, they use for browing the web, watching movies, playing games - in fact it's almost always in use. But I kept getting emails about whether you could use Identity Cloaker on it to watch TV, connect to banking sites safely etc.

So I checked it out and it's surprisingly easy to do as the vast majority of the secure servers have VPN functionality enabled. So all you need to do is to set up a simple connection to one of their servers and enable it whenever you need it.

How to Watch Iplayer in the USA Using Your Ipad

So you've probably found anywhere outside the United Kingdom, that the BBC Iplayer application won't work (unless you get the overseas subscription version). The reason is that the site checks your IP address to see where you are based - all Non-British ones get blocked. It happens on most big media sites - Non US are blocked from Hulu, ABC and Pandora for instance whilst Non-French can't use the fantastic M6 Replay channel.

The solution is easy on the PC you just use something like Identity Cloaker to hide your IP address. Here's how you do it on the Ipad (Mac is similar).

Select Settings
Select General
Select Networks
Select VPN

You should then find yourself here -

You can see I've already set one up here for a US connection to access Pandora but you need to click Add VPN Configuration. You'll then be presented by this rather technical looking screen but don't worry it's very easy to complete.

You need to leave it on L2TP at the top and then fill in the following. You'll need to get a couple of pieces of information direct from Identity Cloaker as they haven't published this yet.

Description - Give it a name like UK VPN, US VPN then you can select quickly which country you need
Server - Drop Identity Cloaker an email for a list of enabled VPN server names
Account Name - Your IDC Username
RSA SecurID - Ignore this
Password - Your IDC password.
Secret - Drop Identity Cloaker and email and Ask for the VPN Secret Name

That's the hard bit done, next click Save from the top right hand corner. Next You need to enable your VPN.

To do this you simply select the VPN configuration you needed, so for a US based Ipad you'd connect to a UK VPN to watch BBC Iplayer. Just Turn the VPN Button to on and it will connect to the configuration you selected. As long as you put all the details in correctly it should work straight away.

The status will change to connected and in the top left hand side of your Ipad it will show that the VPN is connected like this.

Whilst this connection is enabled all your traffic will be encrypted and diverted via the server you are connected to. If you're just using it watch a media channel like BBC Iplayer or Hulu, then it's best to disconnect after you've finished watching.

If you haven't got Identity Cloaker yet, it's probably best to try the 10 day trial first to see how you get on with it. Any questions let me know and I'll try and help although IDC support guys are way better than me!

Iranian Internet - The Noose Tightens

2012-02-11T16:47:00.000Z

The 11th of February is a special day for Iranians, it marks the day when the revolution overthrew the last of the country's monarchy. It is the day they celebrate the establishment of an Islamic Republic, however it's not the celebration that the regime are concerned about. The day is often used for protests against the despotic Government who currently run Iran.

Like all unpopular and brutal regimes they are concerned the way the internet allows people to coordinate protests. Unfortunately like China, Iran has the technical resources to control and block access to the web. Many of us think that the end game for these countries will be a national intranet with the country effectively cut off from the rest of internet. It is the only way they can guarantee control of what the population sees and says online.

But for the moment that hasn't quite happened but it's getting closer. Here's what many Iranian users are seeing when they attempt to access Facebook, Gmail and hundreds of other secure sites.

Now normally for lots of people this wouldn't normally be a problem. Most Iranian web users are well used to online oppression as well as real life and are skilled in the use of proxies, VPNs and other related anonymity services like Tor. However we are hearing a variety of reports currently (11 Nov 2012) that wholesale blocks of secure sites are taking place - which make using these tools difficult. It's not just simple tactics to restrict access to Facebook.

However there are worrying signs that there is an increasing sophistication to the filtering technologies being used. China has been using Deep Packet Inspection (DPI) for some time, recently developing a system that can actually analyse and block assess to Tor for example. It looks like Iran is going down the same route, there is evidence of Packet Inspection here - detecting when SSL handshakes take place then selective blocking of IP addresses and ports related to these.

This packet inspection is by far the most worrying development from a technical level. If the Iranian regime really have installed a National capability of looking inside a packet to detect not only the SSL handshake but also comparing against specific signatures of anonymity networks like Tor - this is going to make communication much more difficult and dangerous. It means that the Iranian regime can specify which specific secure sites can be used. So they could allow sites like banks and Government sites whilst blocking anonymity and social networking sites for example.

The Iranian user could find the internet getting smaller every day for them - already accessing thousands of sites are redirected to the regimes preferred web site - Peyvandha which was created in 2010.

I don't speak Persian but I'm guessing it won't be quite as fun as Facebook. You should also be very careful what you say! The site consists of the Governments recommended links and suggested web sites and is currently one of the most visited sites in Iran (although mainly because so many users are redirected here!).

Anyway the reports are mixed at the moment, one minute the selective blocking, the next wholesale restriction on all secure sites. It is unsure whether this will just happen over the revolution celebrations to stifle protests - although most fear the worse for the long term in Iran.

The Dangers of Social Networking for Activists

2012-02-02T11:03:00.007Z

There is no doubt that social networking sites have proved a major weapon for activists who wish to expose oppression of their governments. But this freedom comes at a price, a huge risk to those posting, filming or even appearing in such evidence.

Take this video for example illustrating the barbaric behavior of the Kazakhstan police (be warned it's very disturbing)

Although the benefits of exposing this brutal behaviour of the state police is obvious, many people do not consider the risks involved in both filming and posting up this sort of evidence. There is a widespread and somewhat naive belief that authoritarian governments and their security services take little notice of the risks placed by social networking sites like Youtube, Twitter and Facebook - nothing could be further from the truth.

The idea that individuals from places like Iran, Kazakhstan or Syria can operate freely online without restrictions or risks is simply not true. This form of Cyber Utopia simply doesn't exist and anyone who posts evidence such as the video above puts themselves at a huge risk. Tracking people from their digital activities is easily done with the right resources - and trying to remain anonymous online is much more difficult than most imagine.

The above video was posted by Saule540 now we don't know if she was aware of the risks they took but we do know that very soon after the Kazakhstan security services had identified and raided the apartment the video was taken from. Thankfully the occupants had fled - we wish them luck.

Hide Your Tracks Online

The reality is that all these sites are heavily monitored and it is extremely difficult to cover your tracks on them. Infiltration of an online group or obtaining the contact list of a known activist from a social networking site will give security forces thousands of suspects to pursue.

The actual images or videos also place the people depicted at great risk. Imagine you took a video at an event or protest to illustrate the violence of some police or security forces. It would of course bring such events to world notice but it also could provide information on all the protesters taking part.

There are many very advanced facial recognition technologies available to regimes who want to identify protesters. Also it is common for authorities to set up web sites with images copied from these videos and pictures in order to identify activists.

One application which has been developed in order to attempt to help mitigate this risk is called Obscuracam developed by a trio of organisations - WITNESS, The Guardian Project, and the International Bar Association. Currently available on Android it's a free application which allows users to censor their videos and photos before uploading.

As you can see it enables users to obscure the identities of subjects quickly and easily from their phone without the need for photo editing software which simply might not be available. It can also be used to obscure any other visual information which may be best concealed.

There are other features allowing the user to specify secure areas to upload the images and also to remove metadata from the image.

You can get ObscuraCam from the Android market or from the Guardian Project Link above. Hopefully it will make the brave activists who stand up to these repressive, violent regimes a little safer.

It's important to be aware though that almost every government (oppressive or not) has significant resources monitoring these social networking sites. Be careful what you post up online wherever you live.

How to Wreck the Web - Protect IP Act

2011-12-20T15:58:00.001Z

The internet has changed all our lives, it has made the world much smaller and enabled communication like no other technology in human history. In it's infancy the web was relatively free of censorship, we could all see the same stuff, communicate without restrictions and share ideas and thoughts without limits. This allowed a huge burst of creativity and the number of amazing resources available online grew exponentially.

Now of course many people didn't like this, people with certain political, religious or economic agendas would rather you just subscribed to their particular view of the world. There are of course obvious examples - China has it's infamous Great Firewall of China which blocks huge swathes of the internet, dictatorships like Iran and Syria block access to thousands of webs sites which encourage free speech and the exchange of ideas. Even democratic nations like Turkey block access to lots of web sites including Gay and Lesbian networking sites and forums. If a Thai citizens says something bad about the Thai Royal family online and he'll be looking at a jail sentence. Still worse there's North Korea which basically has shut down everything so that it's people can't see how much better other people are treated by their Governments.

But of course the internet has still grown, for those people in countries which filter and censor there are options like Identity Cloaker and other VPNs to bypass the often hopeless technical restrictions and surf where they please. In some places just a change of your DNS settings is enough to sidestep the blocks. A simple knowledge of the Basics of SSL will also go a long way.

However ironically there is a much bigger threat to the internet looming and it's not driven by some mad, despotic leader who wants to control a population - no this one is driven by money and the entertainment industry.

The reason that the web has such greats sites is partly because it was allowed to develop relatively unhindered. Obviously this has had it's down side with cyber crime and paedophiles learning to exploit and utilise the network for their own means. But on the whole this unregulation has allowed fantastic sites like YouTube, Facebook and Twitter to grow quickly into the global resources they now are. This could be about to change and it's in the form of a piece of short sighted and dangerous legislation called the Protect IP Act which is in danger of being passed in the USA.

If you haven't heard of this - then I urge you to watch this video.

Truly scary stuff and although it will no doubt make the entertainment industry richer, the end result will be handing over a powerful mechanism for the establishment to control the internet.

Who's going to invest in creating a new social networking site with the risk of expensive litigation simply if a user posts a video, link or picture that is under copyright. It's a huge hammer blow to any sort of innovation or investment to any web based business, even though it's a US law the implications will affect most of the internet.

There are many practical implications to this - almost all of them bad, but here's one for illustration.

A band discovers that a popular social networking sites has links to bootleg copies of their concerts.
The bands lawyers petition the Government under the bill for an injunction against the site.
Government lawyers will give the internet providers 5 days to 'block access' to the website to their subscribers.

So that's all it takes for an foreign website to get filtered to the US. If it's a commercial venture the block will possibly cripple a business. The potential of abuse is of course incredible.

If you're in the US then any Film, Music or Media company has the power to decide what you have access to online.

The US is in danger of becoming a parody of everything it stands for, the Iranians are censored by a dictator, the Americans by Movie producers and rock groups! This bill is happening now!

Bye Hitch - Death of Christopher Hitchens

2011-12-17T00:26:00.002Z

For once nothing to do with internet privacy or anonymous surfing, just this.....

Whatever your beliefs or politics, the world is a much, much duller place now Christopher Hitchens has gone.

Bye Hitch...........

Carrier IQ - An Electronic Spy on Your Android

2011-12-01T12:22:00.001Z

Well for the paranoid of us, this comes as no real surprise - would you be shocked to find out that your shiny Android smartphone comes complete with a digital spy. The electronic equivalent of a private detective monitoring your every move, logging your calls and text messages and even monitoring each web site you access. Why would a company do this - well here's their answer -

“gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.”

Are you convinced that's a good enough reason to monitor absolutely everything that you use your phone for? Well the company concerned is called Carrier IQ and for a demonstration of what's exactly happening I urge you to watch this video - an investigative piece by Trevor Eckhart.

Now of course it could be argued that this is not an official part of the Android OS but just an nasty little spying kit set up on millions of Android devices without the knowledge if the owner. For you Android users, do you remember being asked if it was ok for all your web browsing, calls and SMS messages to be logged by a secret marketing application running on your phone. You don't - are you sure??

Of course many will accept this privacy invasion as part of the deal with new technology, they accept that without expense and anonymous surfing software, that they will have no privacy whether on phone or PC - it's just a price to pay for progress. But for others it represents a real threat to privacy and free expression. Funny that the company concerned have responded with legal threats including a demand that he replace his research with a statement written by them. Does this sound like a company you want to send a detailed profile to. Do you trust that a company that will install logging software which is practically impossible to remove and runs quietly in the back ground?

The Carrier IQ debate is going on strongly now. The company will no doubt deny everything but the evidence looks pretty damning. What is this information really being used for - I would suggest profit. The information is a goldmine to a sleazy marketing company who want to sell lists of highly profiled users to well other sleazy companies ready to buy and exploit this.

Anyway I urge you to watch the video, it's not too long and to follow the debate. I think this one will continue for quite a while.

Can Google Control Your Life?

2011-11-07T14:52:00.003Z

This sounds a silly thing to say, but there are many web companies who really do have quite a lot of impact on your life especially if you use the internet a lot. Let's take Google for example, whose 'raison d'etre' is as follows

Google's mission is to organize the world's information and make it universally accessible and useful

Which sounds a perfectly reasonable and responsible aim for a search engine company to have don't you think. A big electronic librarian creating some sense and order out of all the information on the internet. You certainly couldn't see any way that statement could in any way control your life or even a small aspect of it. Unfortunately the reality of our digital lives is that all these companies can have much more influence on your life than you would expect,

In 2010 the Google Vice President Marissa Mayer said that someday soon the company wants to make the search box obsolete. Their goal is to search out what you want or need automatically, your smart phone busily working in the background looking for information you might need before you know you need it. Of course they haven't a hope of doing this without knowing an awful lot about you and your preferences.

For those of us who like to restrict access to our details and surf anonymously then it's obviously going to be much more difficult. But those who dutifully fill in their Google profiles, click +1 on their favorite web sites then Google will have way more information on you and what sort of person you are.

Companies attempt to create this digital version of you in different ways - Google relies heavily on profiles, web history and click signals. A click signal is simply analysing what you actually click on.
For instance if in your search results you are shown advertisements for a remedy for male baldness, then the algorithm can make some assumptions based on this. If you frequently click on such advertisements or search for related information there are some pretty heavy signals that you are not a twenty one year old female student. Gradually and often subtly the search engine is building up a picture of who you are and what you like.

Of course this is one of the reasons that some of us who would rather prefer a little more privacy are concerned about this. Most people I would imagine would not be aware that they are slowly being profiled by others based on what they search for on the web. But this data is of primary importance to Google - who use it to base what you see in Google News, advertisements it displays etc.

Another worry is that this digital version of you - is being compiled by computer algorithms created by search engine programmers, so it's not necessarily accurate. Worse still the expectation of privacy can be dangerous if you're not aware of the issues. For example if you share a computer and a profile with your family - the results being displayed on Google News for all of you are personalised based on what you do on the internet. Imagine the implications for some one with a difficult problem that they were not ready to share.

But although there are many privacy implications with the creation of this digital identity, it doesn't really mean than Google can control your life. But just think if we expand the question to include a social networking site like Facebook which also heavily profiles it's users. Then a user might have a huge part of their life tailored to this digital identity. Facebook bases your environment on what you share, like and interact with - here's some of the adverts I get at the moment.

Boring huh, these are based on me being a thirty plus man, with an interest in environmental issue and often interacting with investment and money sites. I could soon alter those advertisements by changing my age and interests in my Facebook profile or by liking a few different things. Try it, change your profile and watch your adverts change!

So two environments Google and Facebook which I would guess some people spend many hours a week in. It's not hard to imagine how this might slowly have an impact on someone's life. Here's a just a couple of 'made up scenarios' off the top of my head but I'm sure you could think of more.

A young girl concerned about her weight would be constantly shown adverts, web sites and products relating to weight loss and weight issues - sublimally reinforcing her concerns and perhaps in extreme cases causing a health issue like anorexia.
A recovering alcoholic may be constantly served up lots of adverts or web pages based on drinking and drinking culture based on their previous web history.
A young student who is interested in Greek history get's served up advertisements for colleges and universities specialising in Ancient history. They click on an advertisement and several years later complete their degree at that college.

I put the last one in to highlight of course that there are positive aspects to this sort of digital personalisation. But it certainly illustrates well the sort of effect that your web experience can have on your real life. Lots of us spend many hours a day in an online environment - one which is being heavily customised based on our digitial profile - they could certainly affect if not directly control your life.

Kazakhstan and The Internet War on Terrorism Continues To Usurp Freedom of Expression

2011-10-20T16:31:00.000+01:00

It is no surprise to read about Kazakhstan and the internet war on terrorism. Kazakhstan and its people have seen many changes in the years since the breakup of the Soviet Union in1991, democracy being one of those changes.

Although the Kazakhstan government is attempting to change, it is often difficult to dismiss the familiar, which is the case with Kazakhstan‘s attempts to introduce democracy in a land that has never known democracy. For three thousand years, nomadism, tribal warfare, Mongol dynasties, foreign domination, and Soviet communism have ruled Kazakhstan.

If the internet and blogs had been around when the communist apparatus fully integrated Kazakhstan into the Soviet system, Stalin would have banned them, which is not unlike what is occurring today with Kazakhstan and the internet war on terrorism.

In 2007, authorities arrested a Kazakh philosopher, charging him with writing an email questioning Kazakhstan's close relationship with Russia. The government claimed the email was inciting racial hatred. The philosopher claimed he had only been expressing his personal views.

Security officers broke into his mailbox and removed some letters that they later presented as evidence in court. This action was in direct violation of Article 18 of the Kazakhstan Constitution granting citizens the right of privacy in personal correspondence. However, they still confined the man to a psychiatric institution.

In an effort to build up a positive image in the West, in 2007 Kazakhstan made a bid to chair the 2010 Organization for Security and Cooperation in Europe (OSCE), which would be focusing on security issues that year.

Because of Kazakhstan’s dismal human rights record, OSCE members and human rights groups argued that Kazakhstan would be an extremely controversial choice, which is exactly why it lost its chairmanship bids in 2005 and 2006. It's hardly surprising given this context that most web users ensure they use security software to ensure their anonymous surfing as a matter of course.

In response to the concerns about Kazakhstan's poor record, then-Foreign Minister Marat Tazhin pledged that the government would improve human rights practices and amend its media law to allow more media freedom while not losing its focus on Kazakhstan and the internet war on terrorism.

Watchdog groups repeatedly questioned Kazakhstan’s vow to uphold OSCE’s commitment to human and civil rights. Their suspicions proved correct. In spite of the pledge, freedom of the press increasingly diminished throughout the year, and in 2009, Kazakhstan passed a restrictive internet law which it used to intimidate bloggers and block websites. In addition, the government closed down two independent newspapers while allowing a journalist to remain in prison.

The law categorized websites as mass media outlets. In the interest of state security, with obscure language and extremism statutes, the law granted authorities greater freedom to shut down sites. On March 1, 2010, the Kazakhstan government declared a computer emergency and established a response team.

Kazakhstan Banned Livejournal

In addition, the government announced it was compiling a blacklist of destructive websites. It further reported that KazakhTelecom and NurSat, Kazakhstan’s largest internet service providers, had repeatedly obstructed access to the LiveJournal.com blogging platform. In the case of Kazakhstan and the internet war on terrorism, one of these old adages might fit: “The apple doesn’t fall far from the tree.” Or, “Old habits die hard.”

During all of 2010, the government continued to make empty promises to correct its human rights violations relating to cyberspace. Despite diplomatic efforts and media scrutiny on the freedom of expression situation during Kazakhstan’s year long OSCE chairmanship, and notwithstanding amendments offered in January 2011, the legal regime of internet suppression remains unchanged for the most part

Based on Kazakhstan’s history of controlling personal emails, it is no wonder

Kazakhstan is considering forcing internet cafes to monitor their customers’ use of the web, which human rights organizations say is cyberspace censorship by the ex-Soviet state. The government, on the other hand, claims the new regulations are an attempt by authorities to cut off the steady stream of literature and videos that militant Islamists produce that serve to foment extremist violence.

A Kazakhstan court recently blocked access to LiveJournal.com, a popular Russian blogging platform, claiming Islamic extremists had been using it. The Kazakh Interior Ministry contends that most information technology crime occurs in internet cafes where criminals and extremists congregate.

For this reason, authorities are now considering monitoring internet café clients by using software to collect data showing the time of a customer’s work and the IP address used. The proposed regulations may also require internet cafes to install cameras to video tape customers.

Because Kazakh citizens living outside of major cities are beyond the reach of the internet, only a minority of people can currently access the web. However, with increased numbers of citizens wanting to access blogs and social networks, Kazakhstan’s relationship with the internet remains a complicated one, requiring the government to buttress internet usage and improve the telecommunications sector while at the same attempting to monitor and suppress online content.

Long before the current internet law was enacted, a plethora of legislation (300-plus acts controlling information and telecommunications) was already passed into law placing limitations on internet content. Therefore, Kazakhstan and the internet war on terrorism will continue for some time into the future.

New Zealand’s File Sharing Law Violates Civil Rights

2011-10-06T13:13:00.000+01:00

New Zealand's file sharing law is actually a replacement of Section 92A of the Copyright Act. Fortunately, New Zealanders vehemently protested against the draconian measures outlined in Section 92A of the original law introduced in 2008.

It wasn’t oppressive enough that Section 92A called for internet suspension based on accusations of copyright infringement, the law stipulated disconnection would take place without being awarded a trial and without submitting any evidence in court. If people had not written letters to the appropriate ministers and complained in numbers, the law would have gone into effect on February 28, 2009.

To show solidarity and to inform the public about the implications of Section 92A, a group of artists formed Creative Freedom Foundation. Protesting New Zealand’s file sharing law via social media like Twitter, CFF led a week-long internet “Blackout,” which lasted from February 16-23. The blackout attracted Twitter's topmost tiers, including a British TV personality. The nonprofit also promoted the movement on New Zealand television and radio stations.

The Foundation objected vociferously against the “Guilt Upon Accusation” portion of the law as well as the penalties associated therewith. The National Business Review joined the protest and pointed out that in actuality the law meant that one person’s bad behavior could destroy an institution.

As a result of the enormous public outcry, the government delayed implementation to allow for government reconsideration. On March 23, 2009, the government voted to throw out Section 92A and proposed to completely rewrite the section.

In response to the widespread objections to New Zealand's file sharing law, Parliament repealed that section and replaced it with Copyright (Infringing File Sharing) Amendment Act 2011, which officially went into force September 1, 2011. However, in August, P2P network monitoring had already begun. The replacement, with a continued intent to reduce illegal file sharing, replaced Section 92A with a “three-notice” regime, a $15,000 fine, and a six-month suspension of the internet.

The main focus of the rewrite was the three-notice process, which serves to educate the public about illegal file sharing while providing effective ways for copyright owners to enforce copyrights. It further assured file sharers they would receive adequate warnings that unauthorized sharing of copyright material is illegal.

Although the “three notice” regime is a gentler term than the more commonly used term of “three strikes,” the end result is the same. Copyright owners will be able to claim damages and request that the internet subscription of the file sharing infringer be suspended.

The element most faulted in Section 92A was the accused not being allowed the right to reply to an accusation. The new Act extends the jurisdiction of New Zealand’s Copyright Tribunal to hear both sides of the argument and to rule on cases of alleged infringement.

The government now gives account holders a reasonable amount of time to stop infringing before the enforcement phase takes place. The bill stipulates definite time frames so account holders are able to effectively address illegal file sharing activity happening on their internet connection. In addition, account holders also have the opportunity to challenge notices, and they may ask for hearings at the Copyright Tribunal to contest infringement claims.

Other than complaints about suspending internet accounts, the following have improved New Zealand’s file sharing law.

Replaced the far too broad definition of ISP (Internet Service Provider), which would have changed to include almost anyone with a shared connection or website. ISPs now include any organization, business, school, library, or government department that provides internet services. The new law reads, “IPAP” (Internet Protocol Address Provider).

Accused copyright infringer now has an opportunity to defend himself against the accusations.

Does not require ISPs to be the responsible party for deciding about disconnection; just required to transfer messages between accuser and accused.

Greater respect for account holder’s privacy.

Even though improvements were made to New Zealand’s file sharing law, the Act still has some major problems:

Holds the person whose name appears on the internet account responsible for all activity by any user of that connection. People will be responsible for everyone living in their domicile, parents will be responsible for their children, libraries will be responsible for their free internet terminal users, and businesses will be responsible for their employees. Simply sharing an internet connection can put a person at legal risk.

Presumes the accused is guilty until proven innocent. Unless the account holder can disprove the accusation, the Copyright Tribunal is expected to believe the media companies’ accusations. Even when accusations are proven time and again to be inaccurate, there is no penalty for making a false accusation.

Because disconnecting internet users for any reason limits the type media that individuals are allowed to use to express themselves, a UN report concluded that it is a violation of a person’s civil and political rights. Some UN officials were alarmed at the disconnection proposals in New Zealand's file sharing law and said that an individual’s internet access should never be terminated for any reason, including copyright infringement.

Using BBC Iplayer Abroad - Watching via a UK Proxy Server

2011-10-03T08:54:00.000+01:00

I travel a lot and when away there are two main Internet sites that cheer me up without fail - BBC IPlayer and Pandora. Unfortunately using the BBC outside the UK and Pandora outside the US are actually quite tricky because they will only work with a UK or US workstation respectively.

Fortunately because I always surf through a secure proxy on the Identity Cloaker network, this doesn't really matter to me as my location is defined by whichever proxy I am surfing through. So I simply select a UK server for watching BBC IPlayer abroad.

Identity Cloaker is the most sophisticated security software on the internet, it allows you to surf completely protected via a network of private proxies across the planet. These are fast, secure properly run proxy servers not the free slow ones infested with viruses that people normally try to use !! You might have also seen the dedicated VPN and proxy servers promoted to watch the BBC or other online TV stations - they are very often simply a single server set up quickly. Why? Simply because when the BBC legal department threaten them (which they usually do), they end up disappearing suddenly.

So when I am in Turkey and want to watch - I simply connect via a UK proxy and watch BBC Iplayer, if I want to listen to Pandora outside the US I just select one of the US proxies. It doesn't matter where I am as long as I have a working internet connection, because it's encrypted I can watch from anywhere. The same goes for a TV channels in lots of other countries as they have Australian, Canadian, German, French, Irish and a host of other proxies in addition to the huge number of UK servers.

Anyway I have made this rather bad video to illustrate how I access the BBC Iplayer abroad. I'm afraid I don't do the ease of this any justice with my video though, the best thing about the Identity Cloaker to access these programs is the huge choice of proxies and their speed. If you've ever tried using Iplayer through a free proxy you'll realise how painful it can be.

Using BBC Iplayer Anywhere

I've never used the video software before so apologies for the amateurish video editing. I just wanted to make sure people were able to see how easy it is to use this security software. There are dedicated services for just watching BBC Iplayer that cost well over twice the price of Identity Cloaker, they offer just a single proxy server to do this - Identity cloaker has proxies all over the planet and dedicated software to control and protect your connection, from an icon in your taskbar.

It takes a minute or so to install and then you just point and click.

*** You can actually watch BBC Iplayer on your TV through most gaming consoles now, the Wii works great with Identity Cloaker straight onto your TV, read my post here Wii Iplayer ***

*** Identity Cloaker now has a facility to turn off encryption, you can use this to speed up video streaming such BBC Iplayer from the UK Proxies ***

It is actually a fundamental point of using a proxy abroad, your IP address defines who you are and what you can see. So if you surf via a UK proxy this is how any web server you visit will see you also exactly the same as a UK Internet surfer. Because Identity Cloaker has fast proxies in lots of other countries you can use it to access similar restricted broadcasts in Sweden, Germany, France, Canada, US and many others. If you like music try Pandora for an awesome US only radio station - just select the right countries proxy and you'll be away.

Of course you can use this method by using a free proxy but most are unsuitable for watching videos from BBC Iplayer outside the UK as they are so slow, but PLEASE remove the proxy before you start doing any other surfing remember free proxies are mostly hacked servers and your details are not safe being passed through them !

So can you use BBC Iplayer anywhere?

Pretty much, as long as you pick one the UK proxies, it manages your connection in the background and encrypts you connection. You can even run it from a USB stick if you remember to take your login details with you, watch it through firewalls and when countries try to censor what you watch.

If you travel a lot it also means you can access lots of other sites which have country restrictions stopping you watching the BBC IPlayer abroad. For instance I can access UK poker and casino sites from the States who would normally block an American IP address, Turkey often block Youtube and social networking sites but Identity Cloaker users just bypass this.

Anyway I'm off to Turkey in a few weeks and I'll be keeping up with all the latest BBC programs watching BBC IPlayer abroad via Identity Cloaker.

In a few minutes you can be watching your favourite BBC shows through a safe, fast and secure proxy

If you like to watch or listen to any UK TV shows and you spend any amount of time abroad, you'll find it a fantastic investment. The software is simple to work and you just pick a proxy to connect to and off you go, remember free proxies are very slow and many are full of viruses. If you do manage to find a safe, fast free proxy server to watch the BBC Iplayer on, chances are it will be gone in a day or so.

The ability to watch media is not advertised on the web site but drop them a line if you want to check, the support staff are very responsive and will check out problems with any channels - BBC is pretty straight forward but ITV, Channel 4 and some US channels need to use the Open VPN settings in the program. Be very careful of companies who do advertise this TV facility openly, they frequently disappear overnight, after legal threats from the media companies themselves i.e. BBC, Hulu and ITV etc.

Why not treat yourself here to 10 days of the BBC Iplayer with the Identity Cloaker trial to check it works - for the price of a coffee and sandwich you'll be impressed I'm sure!

Use the Open VPN Mode when Proxy doesn't work

I have just added a contact me address at the top of this page, if you are unsure about anything - please drop me a line, I am happy to help with any questions if I can, if you have any comments on their service I'd like to hear them!

There's a 14 day Money back guarantee on the software so you can't lose really -it's a proper professional solution that needs no skills, you select the UK proxy and you'll be watching BBC IPlayer abroad or wherever you are in no time.

For those who want to use Identity Cloaker with an Ipad, Iphone or Ipod outside the UK then here are the instructions - Using Iplayer on an Ipad abroad

The Deep Web - The Hidden Internet

2011-09-06T16:32:00.002+01:00

You might think that you know your way around the internet. Asked a question and most of us could have a pretty good stab at it via a Google search, Yahoo or a trawl around Wikipedia. But in reality if these are your normal gateways to the net then you're missing a huge proportion of the websites that are actually online.

There are in fact two World Wide Webs, the normal 'surface' web sites which will all appear when you search through social networking sites or search engines - the second an underground, hidden web that you can't access through those means or with a standard web browser. They go by a variety of names such as the Darkweb, deep or hidden web. I've talked about one such hidden network before - here called the Freenet Network.

There is another huge network of information that I want to cover which we will call the Deep Web and it exists on the well known Anonymity network known as Tor.

Tor - The Anonymous Host

Tor was originally designed by the US Navy as means of protecting Government communication but now is freely available and used by people all across the world. It is basically a network of virtual tunnels which people use to surf the web anonymously by hiding the users IP address.

As you can see from this image, Tor creates an encrypted network using nodes which are actually other Tor users and servers. The majority of people use it for basic security and obscuring their IP address but it can equally be used to publish web sites and content on the Tor network anonymously.

It is this function that forms the infrastructure that holds the pages of the Deep Web. The sites don't exist on any traceable server, but on an anonymous cloud hosted by the millions of anonymous Tor nodes online. To access this underground network all you need is the Tor Browser and Tor extension of Firefox which you can get from the Tor Project site.

The Hidden Wiki

For many people the first time they stumble across this hidden web is through a small portal called The Hidden Wiki, this is one of the many directories compiled of some of the sites available on this hidden network. Here's the URL - kpvz7ki2v5agwt35.onion remember it won't work in a normal browser - you'll need to get onto Tor first (which only takes a minute from the above site) and use their browser.

But be careful, this isn't the fluffy, sanitized internet we all spend the vast majority of our time in. The Deep Web is completely uncensored and much of the material stored on here is illegal, immoral and just plain scary!
Here's a screenshot of part of the Hidden Wiki, which lists some of the commercial services available.

The anonymity of the network obviously attracts a certain type of client, here you can buy drugs, stolen credits cards or hire anyone from a hacker to a hitman. Want to buy the latest Facebook virus or a guide to growing and selling drugs - well you'll find them all on this network. To be honest a lot of the Deep Web is pretty unpleasant, it is anonymous networks like these where criminals, perverts and crooks hang out. You should be careful about what you click on as some of these sites are seriously nasty and around every corner you may find a hacker, pedophile or FBI agent!

However alongside the seedy and illegal are political activists, bloggers who would be imprisoned if they published on the normal web, whistle blowers and information idealists of all persuasions. They are also on there but sometimes it's difficult to find them through the plethora of porn, drugs and crooks. Believe me if you think you've seen some dodgy sites online - you've seen nothing like these!

So a bastion of free speech or a criminal marketplace?
Should it protected, policed or closed down?

There are many points of view and in fact the arguments mirror the ones around privacy and free speech on the normal web. The Deep Web possibly offers a glimpse of what an unfettered network would look like - take a look if you dare !!

Dutch Government Making Downloading from P2P Sites Illegal

2011-08-19T20:41:00.000+01:00

The Secretary of the Dutch Government for Security and Justice, Fred Teeven, is hell bent on making it illegal to download anything for personal use. He wants to make copyright holders able to force ISPs into blocking websites and services by obtaining a court order, if any website or service is accused of infringing upon their copyrights.

The Netherlands, a land formally known for freedom, inhibition and neutrality, is now becoming a part of the repressive movement, looking to enforce copyright crimes and filter the Internet.

Teeven says that he just wants to modernize the country’s current copyright laws, giving them more power and authority over their content. But the Dutch laws already state that it is illegal to upload any copyrighted material to the Internet, under the illegal distribution laws. Downloading this same material for your own personal use has been legal for all content other than software or games.

But Teeven wants movies and music to be added to this list, making downloading from P2P sites completely illegal.

They currently have a levy tax on blank media devices, such as CD-Rs, but they plan to eliminate this tax in exchange for making downloading movies and music illegal. They say that it would also prevent further taxes on media devices such as iPods and other MP3 players, laptops, USB storage devices and DVD recorders; but since when has anything prevented taxes?

Once a website or service has been proven to have acted illegally and offered music and movie downloading for free, copyright holders will be able to request that these sites are blocked from customers.

In other words, if they don’t like what you’re downloading from a certain website, they’ll soon block it and you won’t be able to see it again. Teeven says that this would be the last option they would take, giving websites and services time to defend themselves, but that’s truly doubtful. They shouldn’t have to defend themselves in the first place because according to the current laws, what they provide is entirely legal.

Teeven also says that copyright licenses are due for reform as well. They need to keep up with the pace of the Internet and be easier to obtain, mostly so the government can enforce things more easily and they can’t be accused of anything unfair or unjust.

He says that the new laws would encourage creative reworking of media, allowing people to edit and change copyrighted material to share on the Internet, but many are wary of this. Copyright holders will most likely get just as angry about that, and soon it will be illegal to download altered media as well.

The anti-downloading and anti-P2P organization referred to as BREIN said that they are in full support of this new legal action. They have been successfully shutting down piracy websites as well as individuals who download illegally for many years. They are thrilled that the last line of defense for P2P sites is finally being breached.

Canada may have deemed P2P downloading legal, but other countries are still cracking down on illegal downloading. The US, along with forty other nations across the world, have signed a sworn statement saying that all people should have full access to the Internet and everything that it provides, whether it costs money or not. The statement follows the decree made by the UN, saying that Internet access is a human right, allowing individuals their freedom of opinion as well as expression.

This statement even went beyond its human rights component to say that there should be as little repression of Internet information as is possible. Only in certain limited situations would restriction be used, such as when other human rights are being violated, or if the information is harming someone or something.

This statement makes it clear that making downloading from P2P sites illegal is just plain wrong. When people are no longer allowed to express themselves, on the Internet or otherwise, the civilized world is coming to an end. We live in a technology driven world, with everything from Blu-Ray players and iPods to in-car navigation systems and smart phones. Shutting down every website or service that makes someone unhappy would eliminate the Internet within a year.

People who say they are anti-P2P or anti-downloading might as well say that they are anti-technology. When the means are available, people will do as they please. This freedom of expression includes the act of downloading music, movies and other media as they see fit.

Some people will choose to purchase these things and others will not. Usually the people that download from P2P sites simply can’t afford to purchase the media they require to express themselves. Is that really a right we want to take away from them?

With more and more of the world joining the Internet repression bandwagon, it’s hard to say whether or not our rights will extend to the World Wide Web much longer.

138 Words Banned From the Turkish Internet

2011-07-27T10:56:00.000+01:00

The latest development in a series of oppressive acts in Turkey is a simple list of words. These words, consisting of many everyday terms, phrases and even names, are being banned from the Turkish internet for reasons unclear to the population.

A notification was sent to all internet service providers in Turkey on April 28th containing one hundred and thirty-eight words and terms to be banned. The Telecommunication Communication Presidency forwarded this list without explanation as to why it includes many ordinary words that are essential for use in everyday life and conversations.

Names such as Adrianne and Haydar, along with words like hikaye, which means ‘story,’ were on this banned word list.

Associate Professor Yaman Akdeniz, who is a lecturer at a law university, sought out information from the Internet Department at the Telecommunication Communication Presidency. He asked why these words were all of a sudden forbidden and classified into three groups on the list. One particular question he asked them was why the two first names Adrianna and Haydar were on the list. He asked who they belonged to and why they were so important to ban.

He also demanded that the Telecommunication Communication Presidency send him the documents and related materials which spawned this list. Akdeniz said that it was a matter of public interest, something people needed to know. Answers were requested, but what answers would be given?

Apparently, the Telecommunication Communication Presidency had no legal basis for requesting this word ban, which includes primarily common words from ‘forbidden’ and ‘fire’ to ‘overweight’ and ‘sister-in-law’. What reasons could they possibly have for banning these words? After all, any words can be harmful or benign; it’s just a matter of phrasing. They might as well ban ‘human’ too, that is, if it isn’t already on the list.

Akdeniz says that they have no right to ban websites from using these words and threatening them if they don’t comply. With the risk of closing over ten thousand websites just because they use common words, how can there really be anything legal about this ban?

The Telecommunication Communication Presidency claimed that they did have legal justification for their request, but the law they referenced does not give them authority to ban websites in any way. They claimed later on in the tense debate that the list of banned words was mailed to internet companies with an informative purpose.

This only caused more confusion and didn’t answer many questions. It only fueled Akdeniz’ outrage, as they had sent a threatening letter along with the list to the internet firms, warning them not to disobey their instructions.

Even the hundreds of companies from abroad that have sites on the Turkish internet are panicking, including Google and Yahoo, who have many questions but still no answers. Although the Telecommunication Communication Presidency never said what they would do if the web providers didn’t ban websites containing banned words, it’s enough to make companies worried.

Devrim Demirel, CEO and founder of BerilTech, the leading internet and domain name company in Turkey, says that their requests were both unprofessional and inconsistent with internet laws. He also says that it seems like nothing was taken into consideration for the technical aspects of internet work, suggesting that those who made decisions for the list of banned words had no technical knowledge or skill. Banning domains and sites with the words on that list would cause massive losses that businesses would never recover from.

Demirel says that he even received the letter and list from the Telecommunication Communication Presidency via email, a dangerous and unsecure method of official communication. He says that it was not ethical or secure, and that it should have been mailed to his office with the necessary seals and signatures, not by electronic means. Anyone could have sent that email.

Demiral called banning these words a ‘censuring service’ that has left him scratching his head in confusion, along with everyone else.

Adding to the ridiculous nature of this banned words request from the Telecommunication Communication Presidency is the fact that websites will be closed even if a banned word is unintentionally written in the domain name. The website called donanimalemi.com, for example, would be shut down because it contains the word ‘animal,’ even though it translates to hardwareworld.com. Even websites using certain numbers in domain names would be forbidden, such as the number 31, a euphemism for male masturbation. Even if the meaning is unintended and entirely innocent, the websites will still be shut down for use of anything on the banned words list.

Other English words that are also on the list include, but are not limited to, ‘escort,’ ‘homemade,’ ‘free,’ ‘nubile,’ ‘hot,’ ‘beat,’ and ‘teen.’ Apparently the common male name Haydar is on the list of banned words because it is also slang for penis.

Akdeniz and Demiral are just two of the many enraged Turkish people fighting for answers regarding this list of 138 words banned from the internet. It doesn’t make any sense besides as a pure form of censorship. The questions will not stop until there are sufficient answers.

Anas Maarawi: A Missing Voice of Freedom

2011-07-19T15:58:00.002+01:00

From Egypt to Syria to the Gulf States, Arabic youth are in revolt. With undying urges to shuck the bonds of despotic regimes and generations of governmental, religious and cultural oppression, they have risen up against their captors, and are crying for freedom and democracy.

At the core of democracy is freedom of information, expression and the press, for this is the only way a free people can know what it's government is doing, and keep it in check. Despotic regimes, throughout the region, recognize that they must crush free expression to maintain their vice-like grips on their oppressed people, and have declared war against free speech.

The latest casualty in this war of oppression is Anas Maarawi, a Syrian blogger, web-developer and champion of open source software and free speech. On Friday, July 1, 2011, Maarawai was detained, by Syrian authorities, at his home in Damascus, and he has not been heard from since. A voice of freedom has disappeared from the face of the Earth, and the Syrian government has remained silent as to his condition and whereabouts.

Why Anas Maarawi, a man who simply wanted to express himself freely? He was a threat to the regime of Bashir al-Assad, the despotic Syrian president who is well known for his human rights violations, assassinations of political opponents, and criticism of democratic states, the United States included. Bashir's regime controls Syria's economy, and through mismanagement has kept the nation poor and on the verge of economic collapse. Furthermore, Bashir's security forces have required that Internet cafe's record user comments on chat forums, and they have also periodically shut down Wikipedia Arabic, YouTube and Facebook. Bashir knows that his control comes only through an iron fist and suppression of rights, and Anas Maarawi, with his quest for freedom, was his “public enemy #1.”

Maarawi maintained a personal blog, “Anas Online,” as well as several technical blogs. He also developed Android, the first Arabic blog for the Google operating system. Blogs are a forum for free speech, and Maarawi was blogging in Arabic, to an Arabic youth movement in revolt. He blogged about free speech. He leaked details of government-produced television series, and he commented on the Syrian government's block of Facebook and YouTube. He criticized the government for being the sole ISP in Syria, and having the ability to regulate information exchanges. Anas Maarawi, the voice of Syrian freedom, was a threat to Bashir, and on 7/1/2011, government goons took him from his home, never to be seen again.

Syrian authorities, as expected, have remained silent about Maarawi's detention. In fact, they have yet to make any statements, and surely have not admitted culpability in this crime against freedom. We do know that Maarawi isn't the only voice of freedom to be quieted. Other, less prominent, bloggers have also gone missing. The Syrian folk singer and political activist, Ibrahim Kashoush, was found with his throat cut, and Bashir's forces have also been implicated in that killing. To this day, Syrian governmental authorities claim that they do not take political prisoners or order assassinations. As expected, they remain silent on Maarawi, and the scores of others who have been killed or detained in recent months.

Where is the world outcry on the detainment and possible murder of Anas Maarawi, a champion of freedom and democracy? None of the free states, the United States included, have made any statements on the disappearance of this freedom-fighter, nor have they openly criticized Bashir's government for its recent rash of human rights violations. After all, Maarawi was Syrian, blogging in Arabic to an Arabic audience. Although he was an important voice of freedom to oppressed, Arabic youth, he was little-known outside of the Arabic world. The outcry would be audible had he been a white Westerner, but the free world chooses to ignore the plight of an Arab.

The outcry against Maarawi's detention has come solely from the blogosphere, where people truly value and champion free speech. Bloggers throughout Europe, the Americas and the Middle East have heard of Maarawi, and they are the only ones calling for his release. Pleas to Bashir's government have gone out, asking for information and his release from detention. Online petitions have been signed, yet only silence still abounds. The Syrian government fears bloggers and free speech, and will not waiver in its authoritarian rule.

Anas Maarawi has been a voice of freedom in a region ruled by authoritarian despots. All he ever asked for was his basic human rights. He championed the Arabic blog movement, and tried to give truthful information to the Syrian people. For this, he was deemed a public enemy by the government of Bashir al-Assad, who has a long and sordid history of eliminating his political opponents and dissidents. Maarawi's voice of freedom has gone missing, perhaps never to be heard again, and the free world remains silent.

You can Read the Free Anas Website - Here and if you wish to help the campaign some information - Free Anas Campaign and Plus 1 this post !

Another Reason for Hiding Your IP Address

2011-07-06T12:30:00.002+01:00

Now I guess a lot of people who read this blog already keep their IP address private. If you're like me you switch IP addresses several times a day just for practical reasons - perhaps from a UK one for BBC Iplayer, then to a US based IP address for catching up with the latest Simpsons on Hulu. However there still seems to be some sort of confusion elsewhere that an IP address is used specifically and exclusively by one particular person.

This false assumption is of course ludicrous, however it still ends up being used as the basis for various legal claims (usually involving copyright infringement). Fortunately most cases fail brought on this basis fail, simply because of the uncertainty of who was using a connection at a particular time. Indeed it is well known that paedophiles ensure that their own networks and Wifi connections are completely unsecured so that they can use this doubt as a defence if brought to justice.

Another case with relevance to privacy, anonymity using IP addresses has recently been heard - the case of - Media CAT Limited v Adams.

This case was one of many expected to be brought in response to the rather unpleasant business model developed by Media Cat and ACS Law, first mentioned in this blog post - here. Basically the model involved a company obtaining the rights to pursue internet users for downloading films from torrent sites and then pursuing them for damages or taking them to court.

ACS Law would send out threatening letters asking for money in return for dropping the action. Of course what happened is that the person who paid the ISP bill generally got this letter, even when they were completely innocent of the copyright infringement. So for instance a grandmother would be deemed to responsible for her grandson downloading pornography on his laptop - an actual example.

Just for clarity let's just summarize what this business model involved -

Find a copy of a pornographic film being shared online
Contact ISPs and get a list of all the IP addresses that have downloaded this file
Cross reference IP address with users name and address
Send threatening letter to each user demanding payment or they'll be taken to court
Collect money from those who pay up
Take to court (eventually) everyone else
Return to step 1 and find another file.

So of course, half the people who received these threats had never downloaded the films. How many people share an average internet connection, how many unsecured connections are broken into, how many computers are hacked, infected with trojans and viruses. It is of course impossible to tell without further investigation.

These cases are important - firms like these are trying to hold the person who pays the ISP bill fully responsible for anything that happens through that connection. Clearly in a criminal case more evidence would be required that someone is guilty of a crime. However in civil cases there was a real danger that a more lax precedence would be established.

Of course there are so many mobile, network connected devices around nowadays, people cannot be held responsible for everything that connects through or via their networks. Nor should peoples personal details and surfing information be shared so readily and distributed to firms like MediaCat.

Remember your ISP is holding a comprehensive list of everything you do, say or download online - this information and our privacy needs to be protected. Fortunately the judge was equally as sceptical in this instance of this method of business - here's a quote from his transcript.

First, the nature of the case itself raises many questions. I have mentioned some of them above. The issues are as follows:-

i) Does the process of identifying an IP address in this way establish that any infringement of copyright has taken place by anyone related to that IP address at all. The technical issues raised by Mr Davey (and Mr Stone) relate to this point.

ii) Even if it is proof of infringement by somebody, merely identifying that an IP address has been involved with infringement then encounters the Saccharin problem. It is not at all clear to me that the person identified must be infringing one way or another. The fact that someone may have infringed does not mean the particular named defendant has done so. Perhaps the holder of the account with the ISP has a duty to assist along the lines of a respondent to another Norwich Pharmacal order but that is very different from saying they are infringing.

iii) The damages claimed deserve scrutiny. If all that is proven is a single download then all that has been lost is one lost sale of one copy of a work. The sort of sum that might represent would surely be a small fraction of the £495 claimed and the majority of that sum must therefore be taken up with legal costs. If so, a serious question of proportionality arises but again this has not been tested. Clearly if the defendant has infringed on a scale as in the Polydor case then would be a very different matter but there is no evidence of such infringement here.

Hopefully this will deter other such opportunistic companies from taking up this business model. Which invaded peoples privacy and amounted to little better than extortion in my opinion. It does highlight the importance of keeping our data and information secure though. There are many so called legitimate companies seeking to exploit it for their own gain.

How Do I Get a UK IP Address ?

2011-06-13T17:57:00.003+01:00

This very question was sent to me by a US reader who wanted to change his US address to a UK IP address for a single reason - Television. Specifically he wanted to watch Match of the Day, the BBC Formula One coverage and Dr Who on the BBC. All these shows are available online through the wonderful BBC Iplayer but unfortunately it is only accessible to those based in the UK or more accurately those with a UK IP address.

The reason is that the BBC like most other media companies who operate online use a technology called geotargeting. It sounds a complicated, geeky term but it isn't really. It's short for geographical targeting and is a way for a website to display different content to different readers. It's probably best illustrated with an example. The following is a screenshot of a search I ran in Google for 'Plumbers'

Google has determined that I'm using in the UK and decided to show me lots plumbers in and around the London area.

But lets change my IP address to a different country and run the query again. For this one I'll change my IP to an IP address in the United States.

This time Google has using my IP address decided that I'm in Arizona (it's actually where this IP address is registered to - so logically has decided to show me lots of plumbers and adverts for plumbers from within Arizona. Loads of web sites do this and of course it's most annoying when they block you from accessing content based on your location.

Everyone of the main media sites do this, Hulu, ABC, NBC in the US, BBC1, ITV and the other UK stations in Britain and virtually every major broadcaster across the world.

So How Do Web Sites Determine if I Have a UK IP address or a US one?

Well it's actually quite simple, they simply record your IP address when you connect and look it up in big country directory database. It's actually very easy to set up yourself. You can download the IP address database here from a company like Maxmind, then load it into a spreadsheet or database and lookup addresses from there. Most websites will either pay for a service or just run their own scripts against this database to determine which location your IP address is registered to.

There are other more sophisticated methods but largely this or a variant is the one utilised by most companies online.

So to bypass these restrictions you need to ensure that your IP address is from the correct location - this is very usually the country of origin. So for example

Hulu - US Address
BBC - UK Address
Pandora - US Address
ABC - US Address
CTV - Canadian Address
RTE - Irish Address
M6 Replay - French Address

And so on, it is unfortunate in some instance that the people who most want to access these online services - Ex-Pats, people working abroad etc are the ones who can't access them by default.

Originally people used proxy servers that they found online, these are computers which sit in between the web site and your PC. They are commonly used in corporate and educational networks as a barrier to the internet. If you can access the internet at work it is almost certainly through a proxy server. However the ones available online are very dangerous to use as they are often used to steal information and spread viruses - the ones that aren't are nearly always extremely overloaded and too slow for accessing video.

There was obviously a gap in the market! So many of us spend so much time online, for entertainment, research and for work - IP addresses are used to block, restrict and filter what we do online. The requirement was filled by hundreds of proxy/VPN providers who offered a commercial service which you could use to shield your real IP address when you needed to.

There's literally hundreds of these companies now, many market themselves quite openly as TV proxy services (you should be careful with these as they can be shut down overnight). The more sophisticated option is the security software which are generally better run, offer a wide range of country IP addresses (rather than one or two) and a faster infrastructure.

My recommendation is Identity Cloaker whose software is easy to use and offers access to servers in about a dozen different countries (including USA, UK, France, Germany, Canada, Australia and quite a few more). With a click of a button you can change your address to a US or UK IP address or whatever you require. Their trial offer is here - Identity Cloaker or if you want to see it running - I've got a video demonstration here - of me watching BBC Iplayer abroad in Turkey.

There are loads of others though, I do favor the ones that have developed their own software and are proper tax paying companies. Too many of the sites are set up by a kid from his bedroom with a cheap hosting and a mate who's really good at web design !!

Can You Keep a Secret? The Voynich Manuscript

2011-05-10T14:25:00.005+01:00

I had a brief online discussion the other day with someone who doubted that it was worth encrypting anything as there was bound to be someone who would be able to access your data if they liked. The discussion was based around the case of Room 641A and the Government's internet surveillance. Of course it's true that the amount of computing power has greatly increased the chances of breaking ciphers via brute force methods. But to think it's impossible to have an unbreakable cipher is perhaps missing the point. Cryptography isn't a single puzzle to be unlocked, it's the aim of securing or concealing a message to anyone but the intended recipient - there are almost unlimited methods of doing this based on a variety of methods and techniques.

The techniques and methods of cryptography are also being continually adapted - the cipher that the German Kriegsmarine adapted in World War 2 is a long way from the simple substitution ciphers used by Julius Caesar.

The inventor of the Enigima cipher actually estimated that it would take 1000 skilled cryptanalysts armed with captured Enigma machines testing four keys a minute - approximately 1.8 billion years to test all possible combinations!

Now obviously modern day computing power would seriously reduce that - but it is also possible to add millions of more variations to Enigma fairly easily (adding extra rotors to the machine for instance).

But I think there is a better example in The Voynich Manuscript.

Now this is one book with a strange story, there are claims it was written by Leonardo De Vinci, Roger Bacon and that it contains a variety of hidden secrets. It contains 104 parchment folios separated into sections which appear to be on a variety of subjects - herbal, astronomy, biology, pharmaceutical and some sort of recipe sections.

But the real reason that this book is so mysterious is that nobody can read it. The entire book appears to be encrypted with some sort of unknown cipher, we only have a rough idea of the content from the hundreds of illustrations and symbols that appear on the majority of the pages.

Over hundreds of years right up to the present day many people have tried to crack the code and read the book. A couple of people have claimed to have succeeded although these have all been discredited. The book has been recently carbon dated by the University of Arizona who have asserted that it was written on pages created between 1404 and 1438.

But what secrets are contained in the text? It is generally agreed by cryptoanalysts that there is some form of readable text protected by some sort of cipher but until some one cracks the code then we can never be 100% sure. There are of course lots of rumors about the mysteries it holds.

However the crux of my point is that in the age of high powered computers and modern technology - this cipher has remained unbroken for over 600 years despite the best efforts of many. We now have the likes of Advanced Encryption Standard (AES) which is supposedly uncrackable if implemented correctly. Who knows if the NSA or similar have developed systems and procedures for deciphering information encrypted by their enemies. One thing is for sure though that breaking encryption which has been implemented correctly using a system such as AES is no trivial undertaking even if it is possible.

For anyone interested in reading more about the Voynich Manuscript - here's a great place to start -

The Voynich Manuscript

Restricting Information Leakage - Keeping Your Identity Secure

2011-04-22T21:42:00.001+01:00

There are enough inherent risks in using the internet, this blog covers many of the challenges we all face in trying keep our surfing anonymous. However it is sometimes amazing just how much data is just leaked to the internet largely unintentionally.

I started thinking about this post after a friend of mine asked me to look at his security cameras in his small shop. These were IP based cameras and after briefly sorting out the problem I had a look at the remote admin function these cameras had built in. Basically you could watch the video feed from them over the web in a simple web browser, you can even (with the admin password which was set at default anyway) control the cameras. The owner had no idea they could do this and was quite shocked that anyone could see into his shop over the internet !

I want to show you some of the information leakage that takes place over the internet using some simple Google queries. Some of this data is leaked intentionally but very often the company or individual has no idea they are allowing the world access to this information.

Photo and Images Dumps

If you're like me then you probably have several thousand digital pictures that you have never got round to printing out. But of course with the high resolutions of todays cameras your SD cards are soon filling up so you have to dump them onto a computer. Of course many times these are dumped in to home directories, file shares or computers that are connected (and accessible to the internet) so instantly people become publishing moguls.

Here's one simple Google Query to find these photo dumps, just type this into Google -

index.of.dcim

Which simply searches for the directory structure which many digital cameras create and are copied onto computers across the planet. Here's the query and a snapshot of the results.

Try it yourself, you'll get thousand of web addresses which lead to simply dumps of digital photos from a variety of different cameras. Some are probably intentional but if you browse through the pictures you can tell that many are definitely not.

Does this young chap from one of the dumps realise that his photo has been released online possibly leading to identity theft or at the very least compromising the location of one of his nut stores!

Online Video Cameras

These are all over the place now and there are hundreds of different makes and models most which allow some sort of internet connectivity. Of course many of these are set up deliberately to allow people to view them online but when you start looking at these, many clearly are not intentionally left open.

Here's some queries - just type the highlighted phrase exactly into Google.

Toshiba Cameras - camera - user login"
Panasonic Cameras - inurl:"Viewerframe?Mode="
Sony Online Cameras - SNC-RZ30 Home

You'll find security cameras watching peoples homes, business, warehouses, offices and school corridors. Of course many of them are watching public places and interesting sites so have been set up specifically to allow open access but it's clear that many haven't been. Would you want the entire internet to be able to see if you've left your back door open or you're away for the night - nor would I!!!

Using a VPN to UK for More Than Just Watching BBC IPlayer Overseas

2011-04-02T16:11:00.004+01:00

Most of the people who use security software or the many VPN to UK products available do so to things like watch BBC Iplayer overseas. For them the security side of these products is pretty immaterial, however this is in my opinion a mistake. You might expect your user accounts, login details and passwords to be quite secure especially if you have that nice secure padlock in your browser. However you couldn't be more mistaken!

Let me show you a little example using a online payment system that most are probably familiar with - Paypal. I'm not singling these guys out it will happen with any so called secure site that you care to mention - but it's one of the scarier as many of us have bank cards linked directly to our accounts.

Is My Account Secure if I use Secure Sites (SSL)?

First of all I want to show you how many places have the possibility of intercepting your data when you login in to Paypal. It's the very nature of the way the internet work that all your data flies across a huge array of shared hardware that makes up the infrastructure of the internet. If you want to see the route your request will travel to a particular website you can use the tracert command in Windows. Just select the command prompt and type the following

tracert www.paypal.com

This will show you the route all your requests will take to the paypal server.

Here's the route my requests will take starting off from my router, next to my ISP then along a series of routers and switches until it reaches the Paypal web servers. Any of these points has complete access to all my data and it will probably be logged at most of these points along the way. Of course you can add to this list anybody who is deliberately intercepting your traffic from any of these locations too.

Now normal web requests are serviced using HTTP which is a basic clear text protocol, it's fast and efficient but anyone who has access to this data can view all of it. This complete lack of security is why SSL was invented to add a layer of encryption to web requests for important transactions like logging in to a web based payment system like Paypal or logging in to your bank account and stuff like that.

So let me show you the problem with SSL security as I login in to Paypal -

You can see at the top that this is a secure web page protected by SSL - the address starts HTTPS which means that when I login all my details are encrypted including my username and password. That's great then, nothing to worry about, or is there?

Next I want to introduce you to a little program called a SSL sniffer made by a company called Komodia. You can download it for free at this address - Komodia Sniffer. This program not only can sit and sniff all the data sent and received by any process (in this case it will be Firefox) but it also can decrypt the data as well. It takes about a minute to set it up and requires no real technical skill.

So here's what I see after I login to my Paypal account with Komodia SSL Digestor running in the background.

Now you'll have to try this for yourself or take my word for it, but listed in the data is my Paypal login name and the password. I've obviously blanked this out but I can assure you it was completely decrypted and readable. The SSL digestor actually decrypts the traffic on the fly, so anyone has the potential to harvest usernames and passwords for any accounts on the internet using this and tools like it.

Now don't get me wrong I use a VPN to UK all the time to watch my favorite shows on the BBC Iplayer. But don't forget about the security aspect, if you've invested in a subscription to a proper security product like Identity Cloaker don't just use it for watching BBC Iplayer overseas - protect your connection too!

File Encryption Tactics - The Rubber Hose Technique

2011-03-10T21:02:00.003Z

From the people I've spoken to - the majority of people who visit this site are kind of similar to me. Many are concerned about the privacy issues from either governments or online criminals monitoring and stealing our data - many times both. I know there are also lots of people who just want to protect their internet connection when travelling or using Hotel Wifi (a prime target for Identity Thieves).

There are of course more who actually don't give a fig about security or anonymous surfing and just want to bypass the many blocks, filters that restrict access to various websites. There are thousands of people who just want to watch BBC Iplayer from the US or catch up with their favorite shows on Hulu, ABC or any of the other media sites that block access outside their own country. All these are of course blocked unless you happen to be in the right country or have a subscription to Identity Cloaker.

Accessing BBC Iplayer

However there are a certain amount of people who have a genuine need for such anonymity techniques and software, people who's actual well being is at risk. There are so many countries now where if you actually use technology to communicate freely you are putting your liberty or even life at risk.

Which takes us neatly to the subject of this post and one of the core technologies we have to allow us to communicate freely - encryption. The ability to encrypt everything you do online is of course great for protecting yourself on the net. However there is a fundamental problem with it and that's encryption only keeps your data secure while you keep the password to yourself.

For instance you may routinely use disk encryption to keep your data secure on your laptop - you may be a free speech activist living in somewhere like Iran or Libya, a journalist reporting from similar oppressive regimes or even a cyber criminal who just wants to block access to incriminating files on the hard disk. There are loads of excellent file or whole disk encryption solutions available - in fact most security aware organisations will encrypt their laptops hard disks as a matter of course. The problem again is that your data is secure as long as no-one knows the pass phrase to decrypt it.

That's the problem an activist in Iran would face, his laptop may be protected by extremely powerful encryption but if the authorities know the password then it's essentially worthless. This is in fact the stark reality, cracking powerful encryption may be well nigh impossible but beating the password out of a suspect might not seem so hard if you aren't bothered about the moral aspects. The issue is known as rubber-hose cryptanalysis and refers to using violence to extract the password to an encrypted file or disk (the euphemism is beating someone with a rubber hose until they co-operate).

'Julian Assange - (New Media Days / Peter Erichsen)'

So what options do people have? Well there is one file encryption system that offers a possible solution. It was conceived and co-authored by a rather famous Australian called Julian Assange - it's name is Rubberhose. It's quite old now but a very clever concept of how to encrypt a disk, instead of encrypting and securing the whole disk and protected by a single password, Rubberhose creates individual partitions or layers each requiring a separate password to decrypt.

It is impossible to detect how many layers exist on a single disk, either by mathematical or physical analysis of the disk. It is theoretically possible to save hundreds of layers to a single disk although in reality trying to remember too many complex passwords is not really practical.

There is an important practical aspect to this multi-layered technique as it provides some options for anyone stuck in a dangerous situation.

How Rubberhose Encryption Could Save the Day

So lets take a topical example of how this software could possibly save your skin. Perhaps you are a Libyan protester picked up by Gadaffi's secret police. They have you and they have your laptop encrypted using Rubberhose.

Now normally in this situation you'd be faced with the unpleasant choices of either giving up the password to your disk (and possibly endangering fellow protesters, friends, colleagues etc) or refusing to hand it over to a regime with little qualms in using violence and torture to obtain the information they need. But although Rubberhose doesn't get you out of this situation it does at least give you some options.

Imagine our protester has set up three separate layers on his hard disk, each one giving access to specific data. Without all three passwords you are unable to view all the data on the disk and no-one can determine how many layers there are. When the Libyan security heavies start to interrogate you, perhaps you can resist slightly before divulging the first password - perhaps this gives access to some ordinary, completely innocent information. The heavies are not convinced and push further until you give up the second password which gives access to some more information - perhaps something slightly more sensitive but not dangerous. Will this be enough to save them suspecting or torturing our hero to achieve the third password? Who know's but of course it would at least give him a chance.

The psychology of this situation and how to handle it of course is open to debate. To reveal too many levels and passwords quickly would probably be a mistake and I suspect the best tactic may be to just reveal a single password with access to the majority of 'safe data' on the disk. There is no doubt that the activist with Rubberhose protecting his disk, at the very least has more options than those with a single password protecting the whole hard disk.

It's a simple but very clever concept - was authored by Julian Assange and Ralph-P Weinman and is freeware. You can read more about and download Rubberhose from this link - http://iq.org/~proff/marutukku.org/

Free Speech Case Study - The Demise of Tomaar.net

2011-02-21T22:06:00.002Z

It's easy to think especially given the recent unrest in Egypt, Libya, Iran and Bahrain etc. that the very simplistic ways of censoring and controlling the internet are the only methods available to a government. When we watch the rather ineffective tactics of Mubarak's regime - first censoring the social networking sites, then getting everyone even more determined by switching off the country's internet and mobile phone infrastructure - you'd be tempted to think that there were limited tactics available.

Of course in reality there are many more options and in fact many more factions involved in the ongoing cyber war taking place online. The tactics taken in Egypt were the last roll of the dice for the Mubarak regime, the impetus was already there, the internet by this stage was simply just another communication medium for organising the protests, but was by no means essential as we saw. The same appears to be happening in Libya even as I write this, the switch has been pulled on the Internet three days ago yet the protests are still gaining momentum.

We know that the filtering and blocking tactics are becoming increasingly ineffective, the tools like Identity Cloaker are well known to most young people even if they just use it to access things like BBC Iplayer or Hulu rather than bypassing Government censorship. But unfortunately there are other methods available to block ideas, or remove access to virtual meeting places - tactics that I fear will become increasingly familiar.

Tomaar a Place for Saudi Arabians to Discuss Ideas

Let's take for example the site Tomaar.Net, an Arabic discussion forum set up by some Saudi Arabians who had been educated in the West. It was a lively and interesting forum which covered lots of different areas from Philosophy, politics, economics and current affairs - all the sort of stuff that the rulers of the Kingdom of Saudi Arabia would rather you didn't discuss.

The Tomaar Discussion Forum

The site ended up being incredibly popular, not just with Saudis but other Arabic speakers from across the world. The Saudi Government however took their usual stance on anything that has the potential to conflict with their rule or strict religious beliefs and blocked it from all the ISPs in Saudi Arabia.

However as we have already seen, the sort of people using Tomaar were sophisticated web users - who all had access to circumvention tools to bypass the governments ban. Of course lots of the users were Saudis living in other countries which actually allowed free speech so they weren't subjected to this block in any case.

Of course you'd imagine that a discussion forum about Saudi Arabia hosted with an American provider was free from any interference from the aforementioned regime. Well let's just finish the story of Tomaar and you can make up your own mind.

The forum thrived, but shortly after the Saudi Internet blockade something strange happened - the guys who set up and ran the forum received a letter from their hosting providers terminating their contract. They moved the site to different hosts but it kept falling over and being unavailable.

So what was happening to Tomaar?

Well shortly after the Saudi Arabia instigated their internet blockade on the site, it started being the subject of DDOS attacks. DDOS stands for Distributed Denial of Service - and is basically when lots of computers (also called botnets) target a specific website making repeated requests to deliberately overwhelm it's resources. The key is the word distributed because these computers are all infected and controlled computers all across the internet. They are simply instructed to simultaneously request web pages over and over again until the server cannot cope.

The simple fact is that this is very easy to achieve, the average hosting account is not able to cope with more than a few concurrent connections at a time and even a small network of attacking computers will quickly overwhelm the server. Also the hosting providers simply don't want the hassle and expense of defending against these sort of attacks which are extremely costly and will affect their other customers as well.

This was how Tomaar died, regularly attacked by botnet networks, they didn't have the resources to defend against - the site gradually faded away, now you can only see a skeleton of it's once lively content and discussion on the Wayback machine which caches copies of old websites.

There's no direct proof that the Saudi Government were behind this, in reality it's quite a simple an inexpensive process to bring down a smallish website like Tomaar - the timing is perhaps just coincidental. It should be pointed out that you can buy DDOS attacks from pretty big networks for a few hundred dollars from sites without even having to set up anything yourself. The worrying thing is that it is so trivially easy to shut down a site you don't like, when Tomaar upset Saudi Arabia even being hosted in the land of free speech - I'm afraid it's days were numbered.

The Price of Your Privacy--And Why It’s a Secret

2011-02-07T15:42:00.000Z

Yahoo Spies for Cash

When a graduate student in Indiana decided to learn more about the way online service providers aid government agencies in investigations, he found Yahoo’s menu of services--and their prices.

It turns out that Yahoo is more than happy to help government investigators learn more about Yahoo users--if the government is willing to pay for the help. The documents uncovered via a Freedom of Information Act Request reveals exactly what Yahoo knows about its users, how long they know it, and how much the Internet giant expects to receive from the government for the data.

Internet privacy is a huge concern for millions of users. People are increasingly concerned with how much data websites collect and how that information can be used. As such, it was not surprising that the Yahoo “spying price list” attracted a great deal of attention subsequent to its online publication.

Trying to Block the Information

Yahoo, recognizing that their wilingness to sell user data to investigators would be poorly received, quickly took action to prevent the disclosure of the information via the FOIA request.

Yahoo filed a twelve-page objection to the request. It maintained that the information amounted to a trade secret. It also argued that disclosure of their spying price list was inappropriate because it might “confuse”, “shock” or otherwise irritate consumers. In other words, Yahoo basically asked the government to withhold the information to prevent its users from realizing that their data was for sale to government investigators because that knowledge might be bad for business!

The self-serving argument was not strong enough to prevent compliance with the FOIA request and the world soon discovered that Yahoo was more than happy to sell user information to the government.

The DMCA Takedown Attempt

The price list, which found a home at Cryptome, a website focused on whistle blowing, received substantial attention. Yahoo responded by issuing a Digital Millenium Copyright Act takedown notice. The company again argued that trade secrets were at play and also maintained that publication of their price list represented a copyright violation.

Despite their efforts to keep the information under wraps, the “Yahoo Compliance Guide for Law Enforcement” is still readily available online, making it easy for anyone to see just how much Yahoo values customer information.

What is Your Yahoo Privacy Worth?

Basic subscriber records cost $20 for the first user ID and an additional $10 for each additional ID. Basic Yahoo Group information, including details about moderators costs $20. The content of subscriber accounts, which includes user emails, is priced at “$30-$40 per user”. Law enforcement can receive the full content of any Yahoo Group for $40 to $80, according to the guide.

The guide also points out the limitations inherent in efforts to obtain Yahoo information. The bulk of user information is not stored indefinitely. In many cases, the cancellation of an account purges all of the data, as well. Yahoo may be able to provide the government with a great deal of data, but the total amount available may not be as high as one would think.

In Defense of Yahoo

It should be noted that Yahoo’s arguments against release of the data were not completely without validity. Yahoo observed that other telephone, cable and Internet service providers behave in a similar fashion, establishing price guidelines for law enforcement information requests. Yahoo also pointed out that the information was only available to investigators who had the appropriate warrant or subpoena. Investigators could not pay Yahoo a few dollars to help with a “fishing expedition” or for any other questionable endeavor.

By publishing Yahoo’s list without offering that kind of context, Yahoo rightfully feared that they would suffer more at the hands of consumers who might believe that the company’s policies were somehow unique or outlandish.

There is strong reason to believe that Yahoo was right about many of its concerns. A great deal of the discussion surrounding the price list failed to mention that other companies would work with investigators in a similar way. Almost none of the conversations about the spying price list mentioned the strict requirements the government would need to meet to obtain the information, either.

Conclusion

In any case, the information is available and we now know the estimated value of Yahoo privacy. The price tag is not too high. Basically, the government can get its hands on user emails and Yahoo group data at a very low cost. If you have been planning any criminal enterprise via Yahoo and its properties, you might want to rethink your strategy!

If one takes a wider perspective on the spying price list and remembers the burdens placed on law enforcement before they can obtain the material, it seems silly to consider the compliance guide’s pricing an actual indicator of value.

Nonetheless, it is intersting to know that the Federal government can have a full copy of your emails for $20. That fact is so interesting that Yahoo did almost everything in its power to stop you from learning about it!

In the end, there is little cause for alarm, though. Protections are in place to prevent unwarranted privacy intrusions and Yahoo’s approach to providing investigators with user data appear to be fairly consistent with the policies of other service providers.

Privacy and the Data Mining Risk

2011-01-18T14:24:00.007Z

This blog seeks to highlight the extent at which our privacy is at risk whenever we do anything online and how you can enjoy anonymous surfing. Perhaps to also draw attention to that completely false perception that you can surf anonymously without doing anything to protect yourself when using the internet. There are so many individuals, companies and agencies who have access to virtually everything you do online simply by looking at the logs at your ISP or intercepting the data from your internet sessions directly. But I'm afraid in some senses it's much worse than that, we are all to some extent contributing to our lack of privacy.

I'm referring to the process of data mining, which is the way of collecting, collating and analysing data obtained from various sources and creating useful information. The way this information is used varies hugely of course, but is often used to increase revenue, target advertising, reduce costs and of course monitor individuals or groups. That data is often ours and put up online or supplied voluntarily by ourselves.

You'll often won't be aware of how your information is being used but the simplest examples are from things like Store loyalty cards. The big supermarkets love these because it allows them to mine all sorts of information about people and their shopping habits. Their goal is of course to simply increase profits using the information at their disposal. So when they can extract information on purchasing habits on this scale they can adjust things like pricing, special offers or even product placements to make enormous differences to their profit levels.

It's all incredibly powerful stuff, limited only by the information available but with people using the internet and the amount of personal information leaked through this then that's never going to be a problem. Just to illustrate the potential I'd like to tell you about an experiment conducted by Tom Owad some years ago.

All Tom did was to use some freely given information from Amazon to mine some interesting data. He focussed on the Wish lists available on Amazon which contain details of books, films and products that customers buy or wish to buy. It took him a couple of days but he succeeded in downloading and analysing the wish lists of over a quarter of a million Americans.

This data included a partial address with city and state, first name and last names. So Tom was able to use Yahoo People Search to get their full address and phone number using that information. He then used other online tools to look up exact locations and plot them on Google maps .

He was then able to generate a map graphically illustrating the exact location of those who had a particular item on their wish list. This map shows all the readers of George Orwell's book 1984 for illustration - as you can see you can zoom in to the exact location of the reader. So remember Tom achieved this 5 years ago in a couple of days with an ordinary personal computer, some computer skills and publicly available information. What would a Government department with a couple of mainframes, a team of computer programmers, access to huge databases and a big fat budget be able to achieve.

Of course the searches are easily changed to those who've bought other books like the Quran, books on drugs, atheism, movies, music, recordings or really anything at all available at Amazon. I'm sure there's many such demographic maps on the systems of agencies like the CIA and FBI for example.

As Tom points out the Patriot Act allows the FBI to demand the complete database of any such organisation like Amazon if it's in regarding investigation and the prevention of terrorism and worse it doesn't even have to be disclosed - so you'd never know anyway.

I think the point I'm trying to make is that we should be really careful about how much of our lives we put out there online. There's so much information out there about us already, that adding endless Twitter and Facebook updates on every move we make just seems too dangerous. Everything we do or post online stays up there, in all likelihood permanently as part of your very own electronic profile.

Of course there always be the argument of 'why do people need privacy if they've done nothing bad' but to be honest that's like asking someone to put up with a stalker because you've got nothing to hide. Ok rubbish analogy I know, but I hope you get my meaning. Wait till you read some of the Facebook stuff I've been researching !