Personal Privacy - WaynePorter.com

Permalink | Comments (2)

Poor Phorm, NeBuAd and Protests

Posted in Civic Issues, Personal Privacy, Security by wayne.porter on July 16th, 2008

THE CONVERSATION CONTINUES

I have been talking about the Phorm and NebuAd lately and I received a very insightful comment from Kellie Stevens from AffiliateFairPlay.com Kellie has my utmost respect in terms of chasing the money trails and is a modern day click sleuth…I have paraphrased her comment and made a few spelling corrections and bolded a few key sentences. The original post about the controversy plus the comments can be found here. Other relevant posts: Twelve Questions for Phorm, more on Phorm, some more and Phorm’s response to me.

Kellie writes:

These are indeed very important issues emerging around NebuAd and Phorm. On a side note, it should not come as a surprise that some of the execs at NeBuAd are former execs from Claria/Gator. It is similar data tracking but only at a potentially much larger scale.

INAL so I’m not sure how strong of a legal case the Intellectual Property angle may be. It didn’t work that well in the past with lawsuits involving adware. But then a split hair can make all the legal difference at times.

I do think that there other issues surrounding this aside from consumer privacy rights and concerns. As if that isn’t enough in and of itself. ISP’s willingness to use both Phorm and NebuAd (until the stuff hit the fan) follows the same track as other practices I’ve observed by ISPs, which are flat out browser hijacks for their own profit IMO. With ISPs facing more competition these days and are looking at online advertising as a revenue source they need to understand what types of practices are and are not fair game. If certain practices have been deemed as unacceptable by software, why can an ISP engage in the practice? As an end user, I’m not any more happy when my browser doesn’t go where I’ve specifically intended for it to or my user preferences have been overridden. It doesn’t matter to me if it’s a piece of software or my ISP that has done it. I’m actually more disturbed when it’s my ISP because I view them (whether it’s correct or not to do so) as a public service provider such as other media providers. Indeed cable companies have been regulated by Public Service Commissions in the past, although that regulation seems to pretty fragmented now. Regardless, I have expectations of a higher level of responsibility from my ISP (which may well be providing my TV and telephone service as well in the case of companies like Charter).

I also think that this brings up another issue that I don’t think has ever been adequately addressed when looking such data collection by software applications on the end user’s computer. Even if the end user does agree to opt in to tracking such as by NebuAd and Phorm, where is the line drawn about what type of information can be collected and how it can be used. Online businesses need to have their rights to fair competition and protection of proprietary information protected along the same lines as in the brick and mortar world. The boundaries seem not as clearly defined online as they are offline.

I brought this issue to the FBI in the past in the form of a formal complaint when I saw the type of data a particular adware application was collecting and sending back to their servers. Coincidentally (?) the behavior disappeared from the adware a few weeks later. Of course some forms of behavioral tracking with consent has long been considered acceptable. Hence Nielsen ratings.

Thanks for the great commentary Kellie. It was too good to lose your thoughts in my terrible commenting system…I will fix that eventually…Keep up your fantastic analysis.

ON WITH THE PROTEST

Some people are not taking it sitting down either- they are having a protest. The people across the pond take their privacy very seriously. Good for them!

On July 16th 2008 there will be a protest rally at The Barbican Centre (The Barbican Theatre) in London. The purpose of the event is to protest against plans by BT Group PLC, Virgin Media and Car Phone Warehouse to deploy intrusive technology across their broadband networks for the purpose of profiling the behaviour of their customers which is then sold to Phorm Inc. (formerly 121Media) and used for their Open Internet Exchange (OIX) service.

You can read updates regarding the event on the following web page: https://nodpi.org/category/events/

Popularity: 2% [?]

Emerging Issues: NebuBad

Posted in Attention, Civic Issues, Personal Privacy, Security by wayne.porter on July 4th, 2008

NebuAd in the U.S. and Phorm (formerly 121 Media) in the U.K. have both been accused of deep packet inspection of user traffic without consent with the lofty goal of tracking behaviour to target ads. I posted a dozen questions for Phorm and while I know they have followed the entries, they declined to answer the dirty dozen. For what it is worth I also invite NebuAd to answer them as well- these are the questions that need to be asked. (So that it is clear Phorm and NebuAd are seperate companies and not related.)

The fundamental issue is pretty clear- permission needs to be obtained, it needs to be obvious and in easy-to-understand language. This means fifty page EULA’s written by lawyers are NOT the answer either. Bypassing consent is a deal killer.

I want to call attention to Brad Waller’s recent entry on Deep Packet Injection / Trademark Infringement and NebuAd which looks at the issue from an Intellectual Property perspective.

…compares the NebuAd process to serving some other cola to a customer who asks for a “Coke.” He argues that when the NebuAd cookie is injected by your ISP into a page they serve you, that the page is no longer the exact page you asked for. He says ” When your ISP delivers you a page with a NebuAd cookie injected, the statement that this is the page you asked for is false. The ISP is passing off the NebuAd cookie as being from Amazon. It’s not.” This seems like a bit of a stretch to me, but I’m not an intellectual property attorney. He argues that since the cookie is used to sell you goods that it would be close enough to be an issue.

Talk about splitting hairs and cookie crumbs!

A coalition has formed to tackle NebuAd. (This is good!) The groups at this stage in the game include heavy-weights like the: Electronic Privacy Information Center (EPIC), the Electronic Frontier Foundation (EFF), the Center for Democracy and Technology (CDT), the Center for Digital Democracy (CDD), Public Knowledge, and Free Press.

As other security guns have reported Charter Communications has cancelled a pilot of the NebuAd advertising system and apparently CenturyTel is cutting NebuAd loose as well. MediaPost reports that the CDT plans to present to the Senate Commerce Committee that NebuAd’s methodology may violate federal wiretapping laws due to how communications are intercepted. The title of their June report: “NebuAd and Partner ISPs: Wiretapping, Forgery and Browser Hijacking.” leaves nothing to the imagination.

The state of online security is wobbly enough, the last thing people need is yet another incursion that erodes their privacy. While privacy and security are different they are related…I really feel this needs to be nipped in the bud so make your voice known.

Ironically some people might already know…this quote from Art Brodsky a spokesman for Public Knowledge on NebuAd’s CEO’s claims is pretty startling:

“We have seen video of the NebuAd CEO saying, ‘Google knows what they do on your site, but we know everywhere you go, the sites you stop at and ads you see.‘ The problem is there’s no opt-in or opt-out to these types of services.”

Popularity: 3% [?]

Permalink | Comments (4)

Phorm and BT Go Free

Posted in Personal Privacy, Security by wayne.porter on June 13th, 2008

I have been covering the Phorm “situation” over the last couple of weeks, even going so far as to ask them a few questions after they asked me to change an assertion (which I did not, although I did add an addendum). Alexander Hanff, a noted IT specialist, claimed that the 2006 BT-Phorm trials had contravened the Regulation of Investigatory Powers Act (RIPA) and the Data Protection Act. In the U.K. they have laws like this. In America we have the Patriot Act. *cough*

From ZDNetUK (found via Hermes Project Blog)

The Information Commissioner’s Office has ruled out an investigation of BT or Phorm, despite calls from academics for the telecommunications giant to be punished over trials of controversial ad-serving technology in 2006.

Following the publication of a leaked document detailing a trial of the technology by Phorm and BT, the Information Commissioner’s Office (ICO) told ZDNet.co.uk on Monday that the information in the leaked document would not cause it to take any punitive action against the companies.

“The ICO seeks to resolve issues informally,” said an ICO spokesperson. “We didn’t have the internal [leaked] document, but Phorm and BT did present us with information [after the trial]. We’ve worked with BT and Phorm and we are not going to take any punitive action at this stage.”

Popularity: 2% [?]

http://ec.europa.eu/commission_barroso/reding/contact/index_en.htm

Dozen Questions for Phorm

Posted in Civic Issues, E-Commerce, Personal Privacy, Security, Technology by wayne.porter on June 10th, 2008

Since everyone is up in arms over Phorm, and as a security professional I believe there are many valid reasons to be concerned. I have put together a very simple Q&A. People who know me know that I treat these Q&A sessions fair and square. I take no sides, simply ask the questions and post the responses. The party can even pass on the question.

Phorm has informed me they would decline the Q&A here or at Revenews. If they don’t like the venue I urge others to take the list of questions, make the same offer and add your own. You don’t have to be nasty, just demand to be heard. Here we go- some questions I, and other security professionals, have. I am really curious as to the answers.

Questions for Phorm

Question 1. Why did Phorm not responsibly advise British Telecom (BT) against doing the trials in secret without consent nor explaining it to BT support staff?

Question 2. Is Phorm’s WebWise system currently undergoing development that will make it stealthy?

Question 3. What are the time frames for the next trials, with whom and what should we expect to see?

Question 4. How will Phorm’s WebWise system ask for consent without first intercepting and/or modifying the user’s connections over the Internet?

Question 5. Are Phorm aware that their technology will force many users to switch ISP? Do they feel this is OK?

Question 6. Why do Phorm feel it’s OK to intercept traffic without opt-in consent for profit where officers of the law have to get court warrants for each case?

Question 7. Do Phorm believe that because interception of business e-mails within the same organization is allowed that it means that it’s OK to intercept anyone’s traffic?

Question 8. How will Phorm gain the trust of an entire population after what its done?

Question 9. Why, if Phorm is willing to be so transparent, do Phorm not make this software open source?

Question 10. What happens if the equipment gets hacked and repurposed by hackers?

Question 11. And what happens when exploits are found in third party software they may be using as part of this solution? For example, a regular expression exploit: http://www.securityfocus.com/bid/14620

Question 12. Who will police the solution to ensure Phorm will not only follow the privacy laws during the tests, but in ongoing updates too? Does Phorm understand it will need everything checked with any changes, ranging from source code checks to legal requirements checks, demanding a team of specialized people just to monitor their solution?

There you go Phorm. An even dozen. I am happy to post your replies, or you can ignore it all and hope it goes away. History has taught me differently.

ADDENDUM:

William of Ockham chimes in with this comment:

Chris Williams from The Register has been in contact with EU Information Commissioner Vivian Reding.

https://nodpi.org/?p=21

She is monitoring the situation closely and is asking for anyone who is concerned about the covert and potentially illegal trials to send her a letter as soon as possible:

Viviane Reding
Member of the European Commission
BE-1049 Brussels
Belgium

Her email address is available here:

It is preferable if you send her a physical letter, though. Thanks!

Popularity: 3% [?]

Permalink | Comments (5)

Phorm Responds - Ads not Hijacked

Posted in Blogging, Civic Issues, E-Commerce, Personal Privacy, Security, Technology, Web 2.0 by wayne.porter on June 10th, 2008

It appears some were misinformed about aspects of Phorm…here is a copy of the e-mail I received.

Dear Sirs

We are writing to you regarding the forum posting which appears on your website Reality is Relative at the following URLs:

http://www.wayneporter.com/2008/06/07/515/

The forum posting is based on an article published on the website http://nodpi.org/ which made false and defamatory allegations about Phorm Inc and Phorm UK, Inc – that we hijacked and replaced charity advertisements with our own ads.

Phorm have written to the author of the website, Alexander Hanff, and he has agreed to retract the allegations (see the article that now appears at http://nodpi.org/ under the heading “Humble Pie”).

In the circumstances we would be most grateful if you would edit the content on your article to remove the following words:

… which were substituted in place of some charity adverts e.g. from Oxfam.

Yours sincerely

Alex Laity
Phorm

Indeed the author of the blog has written Humble Pie Time as a retraction. I do not intend to edit my blog by deleting content. I will make every effort to get the straight facts and I will annote the blog so it is clear. In addition I have offered up an Interview Q&A at Revenews or here as to which Mr. Laity declined. I will post my questions anyway.

So that it is clear the ads were not hijacked but purchased.

From the Humble Pie Post at Nodpi:

I am unable to remove information posted on 3rd party sites but I will make this appeal to anyone who has posted stories, blogs or comments regarding the charity ads - please could you edit these to make it clear that I have the word of Kent’s solicitor and Emma Sanderson that these ads were in fact purchased and not hijacked.

Popularity: 3% [?]

Permalink | Comments (2)

Phorm Is Not the Norm- Brits Scorn

Posted in Censorship, Civic Issues, E-Commerce, Intellectual Property, Personal Privacy, Proxy, Security by wayne.porter on June 7th, 2008

Earlier I updated readers on the latest action with the CDT and more importantly the smack down going on in the U.K. over Phorm (previously known as the artists- 121 Media). I would lay money down that paperghost will have a field day with this on vitalsecurity.org

Just in from Timeless Prototype. Now it appears there is a BT internal report leak on illegal secret Phorm test.

Shameful indeed…It almost feels like the days of Nail.exe and Direct Revenue….wonder if they have a Dark Arts section?

It seems that there has now been a leak of the internal British Telecom Retail report, dated January 2007, which highlights the technical issues and performance of the illegal 2 week secret technical trial which British Telecom inflicted on thousands of its unsuspecting broadband internet customers, for two weeks in September 200 The report confirms that that none of the BT customers were consulted beforehand, and they did not grant their permission for their port 80 web traffic to be intercepted and modifiedby British Telecom and 121Media (as Phorm were then known

They tested out the substitution of banner adverts from a range of British based advertising agencies, mostly relating to Motoring, which were substituted in place of some charity adverts e.g. from Oxfam. It is unclear from this report whether Phorm had paid for the charity adverts, but, given the sneakiness of this commercial espionage test, it seems unlikely that any charity would have been consulted or agreed. The BT report highlights the obvious web cookie dropping problem and its incompatibility with informed consent.

The effect on static IP address customersby the sneaky imposition of the proxy servers is also recognized in the report. The report does not mention the Regulation of Investigatory Powers Act 2000 section 1 criminal offence legal implications of intercepting web based emails, but the engineers do seem to be passing the buck over to the BT legal department, to get the terms and conditions of the broadband customer contract changed.

Update:

A copy of the BT report (17Mb .pdf) also now resides on the supposedly “uncensorable” Wikileaks.org website in Sweden. Ouch.

ADDENDUM: Phorm contacted me about an accuracy. Please see this post regarding their letter, the original author’s retraction, etc. I have also offered up some questions for Phorm if they wish to respond to the e-commerce and security community.

Popularity: 3% [?]

Permalink | Comments (4)

Congressional Investigation of ISP Data Collection Plus PHORM

Posted in Civic Issues, E-Commerce, Personal Privacy, Security, Technology by wayne.porter on June 6th, 2008

ISP Data- Who Owns That Data Anyway?

Fifteen of the nation’s leading privacy and public interest groups released a letter urging Congress to hold hearings on the growing practice of Internet Service Providers targeting ads to subscribers based on their personal Web activities.

The letter urges the House Telecommunications Subcommittee leadership to investigate the plan of Charter Communications to capture all of the messages and activities of its Internet subscribers and share that data with a third-party firm, which plans to use the data to target those consumers with specific ads. The plan raises serious privacy and legal issues, the letter says.

Letter to House Telecom Subcommittee [PDF] June 06, 2008

Group Press Release June 06, 2008

PHORM- Oh My Get the Guns

This one had my colleague Timeless Prototype up in arms, hell they are even picketing BP shareholders over in the U.K. where people still value privacy (even though there are more surveillance cameras in the UK than I care to think about)…I found some good reading at the CDT blog.

Last week, the European Commission issued an answer to several queries regarding Phorm, a U.K. company that uses Internet traffic data to serve targeted advertisements. Phorm has proposed partnerships with some of the United Kingdom’s largest ISPs that allow Phorm to use deep packet inspection (DPI) to create profiles of individual consumers’ Web habits. Several members of the European Parliament asked the European Commission whether Phorm’s actions constitute an invasion of privacy contrary to European Union privacy protections.

European Commission & ePrivacy Directive

In its response to these questions (Joint answer given by Mrs Reding on behalf of the Commission Written questions : E-1884/08 , E-2227/08 , E-2576/08 ), the European Commission explained how the Phorm system intersects with the EU ePrivacy Directive. The Commission declared that, under the directive, the Web traffic information collected by Phorm is “traffic data” and the content of search queries intercepted by Phorm constitutes “communication,” both of which are protected from interception or surveillance without consumer consent.

The Commission noted that the U.K. Information Commissioner’s Office (ICO) — which enforces U.K. data privacy laws — is responsible for monitoring Phorm’s actions. In a review of Phorm’s DPI plans, the ICO said that Phorm’s system “does not appear to be” harming consumers. The ICO will be scrutinizing Phorm’s actions, however, to ensure that the company delivers on its promises to not violate consumer privacy rights.

The Commission itself is also taking ICO’s wait-and-see attitude, promising to remain vigilant in continuing to observe the situation and to “take appropriate action, should the need arise.”

Here is Timeless Prototype’s Take:

Phorm’s Webwise system is a fascinating exploration of technology that is not fit for a commercially-sensitive Internet because if consumers lose trust in the Internet service they receive, it will harm the economy that is built around the Internet.

Even if that loss of trust has no factual basis! If this is not the case, it will simply be that the Internet ‘heals’ itself as consumers migrate to more trusted ISPs. The latter is already taking place regardless of cost and inconvenience to the consumer.

Many people in the UK have written to their MPs requesting an answer to the question: “If BT’s trials of the Webwise system were ‘illegal’ due to non-informed consent of the customers, then why has no criminal investigation begun?”

If it does go to court, it will be very important for each of the parties involved in the trials to show consistency in their actions at all times if they are to potentially get off lightly by showing that their intentions were pure. However, it may not go down so well if they are asked the question: “when issues were pointed out with the proposed solution, why was no action taken to remedy them?” But, this would really only apply if further trials of the system were to actually take place.

Currently it appears to be in a state of limbo. A grace period if you like where Phorm have the opportunity to hold off further public trials in order to implement changes that fix all the issues that have been highlighted. To deploy it now without making the changes whilst knowing about the issues opens them up to further litigation.

On the flip side, will this mean Phorm might try to make it completely stealthy and undetectable to the users and the web site owners? I’d like to hear a public statement from Phorm with regards to this question.

I will be following the progress of this very closely, as I’m sure many others are too.

You Bet I Will

NO time like the present to rattle the famous paperghost cage and my other Security MVP pals.

Popularity: 2% [?]

Security and Privacy: Twins of Different Mothers

MSFT MVP’s Downloads, Documents, Patches

Posted in Personal Privacy, Security by wayne.porter on June 4th, 2008

Get ‘em while they are hot…

By Tom Gemmell, Principal Privacy Program Manager, Microsoft Corporation Learn how security and privacy professionals can achieve beneficial results by closely aligning their efforts to manage the risks associated with collecting, holding, and using private and sensitive information about employees, customers, partners, and others.

Microsoft Security Intelligence Report, Volume 4
The latest volume of the Security Intelligence Report features sections on security vulnerabilities, exploits, malware, and potentially unwanted software. New for this volume are sections on privacy and Internet safety enforcement, along with more detailed insights into spam and phishing. Built on feedback from almost 500 million computers worldwide, this report is the most comprehensive and wide-ranging Security Intelligence Report that Microsoft has released. Download the full 105-page report or the 12-page key findings summary.

Download Forefront Security for SharePoint with Service Pack 2

Microsoft Forefront Security for SharePoint with SP2 can help protect Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0 from malware and inappropriate content. New features include support for Windows Server 2008 and installable key word lists for automatically blocking documents containing profanity and discriminatory words in eleven languages. Download the trial today, along with the new evaluation guide

Solution Accelerator Beta:
Security Compliance Management

In today’s IT environment, compliance with governance regulations and industry standards such as the Sarbanes-Oxley Act is a source of deep concern for many organizations. This toolkit provides best practices about how to plan, set, get, and remediate a security baseline. It also offers tools that you can use to verify the implementation of recommended security baselines for Windows Vista, Windows XP SP2, and Windows Server 2003 SP2 plus Configuration Packs to use with the Desired Configuration Management (DCM) feature in Microsoft System Center Configuration Manager 2007 to verify and report on the security baseline deployed for these Windows operating systems. Quickly and easily use reporting functionality to demonstrate that the computers in your environment are in compliance with the best practices.

Use the New Security Enhancements of Windows Vista SP1 and Windows Server 2008. Want to take advantage of the new security enhancements of Windows Vista SP1 and Windows Server 2008? Download the new Microsoft Assessment and Planning tool and determine if your existing machines are ready.

Interesting Insights from Stephen Lamb
Windows Server 2008, Windows Vista and Windows XP Service Pack 3 each have native support for Network Access Protection (NAP). NAP provides the means for administrators to restrict resource access purely to client (and other server) computers that currently comply with the network security policy.

You CAN define policies regarding what to do with requests from clients that do not have support for NAP. Specifically you can grant access to specific resources for machine that can’t attest their health (policy compliance) status. In addition, there are third parties who are extending NAP to support LINUX and Apple’s OSX platform too.

How to Protect SharePoint Products and Technologies with DPM 2007
SharePoint administrators are looking for a better way to protect and recover their collaboration infrastructures. Microsoft has listened to its customers and has delivered a complete solution with System Center Data Protection Manager (DPM) 2007.

Microsoft Security Bulletin Summary for May, 2008

Documents

2007 Microsoft Office Security Guide: Threats and Countermeasures

This guide is a comprehensive technical reference that explains the security and privacy settings for the six referenced applications, their recommended configurations, and which threats they address. It also contains Common Configuration Enumeration (CCE) IDs for all the settings. CCE provides identifiers to system configurations to facilitate fast and accurate correlation of configuration data across multiple information sources and tools.

Deploying Group Policy Using Windows Vista

Sort through the new and updated features available in Windows Vista, and learn about best practices to help you deploy Group Policy to centrally manage a greater number of features and component behaviors than you were able to do in Windows Server 2003.

The Cable Guy: Wireless Group Policy Settings for Windows Vista Learn how to centrally configure and distribute wireless network settings to all the computers in your Active Directory network.

Framework-Based Regulatory Compliance
Explore a framework-based approach to address regulations and standards related to IT controls and privacy with this chapter from the Regulatory Compliance Planning Guide.

Enable Enhanced Identity Privacy
Enhanced identity privacy is an optional setting that you can configure on a resource partner in the account Federation Service in an Active Directory Federation Services (ADFS) deployment. Learn how to enable this setting.

Data Encryption Toolkit for Mobile PCs
Learn how to better secure the data on your organization’s mobile PCs–in a cost-effective way–using Encrypting File System (EFS) and Microsoft BitLocker Drive Encryption technologies.

How to Create a Customized Privacy Import File

Privacy settings in Microsoft Internet Explorer can be customized through a variety of dialog boxes reachable from the Privacy tab in Internet Options on the Tools menu. Additionally, if the user chooses, privacy settings can be specified by importing custom settings using the XML syntax. Learn how with this overview.

Downloads

Microsoft® Windows® Cryptographic Next Generation Software Development Kit for Windows Vista and Windows Server 2008
Windows CNG SDK Version 1.3
The CNG SDK contains documentation, code, and tools designed to help you develop cryptographic applications and libraries targeting the Windows Vista SP1 and Windows Server 2008 Operating Systems. [Download]

Microsoft Antigen 9 with SP1 Readme
The Messaging Security Suite includes Antigen for Exchange, Antigen for SMTP Gateways, and Antigen Spam Manager, and provides server-level protection against the latest e-mail threats.
{Download}
Microsoft Enterprise Resource Planning Management Agent for SAP®
Identity Lifecycle Manager 2007 ERP Management Agent for SAP® helps you synchronize identity information, easily provision and deprovision accounts and identity information and also provides password management capabilities for SAP® systems. {Download}

Microsoft Baseline Security Analyzer 2.1 (for IT Professionals)
The Microsoft Baseline Security Analyzer provides a streamlined method of identifying common security misconfigurations. MBSA 2.1 adds Windows Vista and Windows Server 2008 compatibility. [Download]

Identity & S+S: from the enterprise to the Internet and back

Windows Mobile SSLChainSaver
Creates certificate XML for Windows Mobile 5.0+ devices

Michael Howard Talks About
“Everything Developer Security”
Video and speaker notes from Microsoft TechEd Developer2007 in Barcelona
In this session, Michael Howard answers general questions about secure development issues and strategies

Michael Howard Discusses the Microsoft SDL Development Practices
Video and speaker notes from Microsoft TechEd Developer2007 in Barcelona
In this session, Michael Howard discusses secure development practices, as part of the Microsoft Security Development Lifecycle (SDL)

Providing Security for Web Applications and Infrastructure: Best Practices for Managing Security Risks
The Windows Live Security team shares best practices - from platform and network security to incident management - in providing security for web applications and infrastructure.

Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

Microsoft® Windows® Malicious Software Removal Tool (KB890830)
This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

Active Directory Certificate Services Upgrade and Migration Guide
This document discusses the planning and implementation of a Windows Server 2008 Active Directory Certificate Services (AD CS) upgrade and migration from an existing Windows public key infrastructure (PKI), including scenarios and step-by-step instruction.

Security Features in Microsoft Online
This white paper describes how the Microsoft concern for security, as defined in the Trustworthy Computing initiative, has driven key features in the design, deployment, and operation of the Microsoft Online Services environment.
Security is critical to customers: Online services from Microsoft were built from the ground-up to be more secure by design, secure by default, and secure in operation; validated by Cybertrust Certification and SAS 70 Type II attestation. [Download]

Cybertrust downloads microsoft MSFT MVP MVPS patches Security

Popularity: 2% [?]

alibis newsgroup newsgroups newsgroup servers news reader news servers private party uncensored usenet usenet usenet newsgroups

Uncensored Usenet Feeds

Posted in Censorship, Personal Privacy, Proxy, Security, Uncensored USENET by wayne.porter on June 3rd, 2008

Usenet Unblocking

Does your ISP block or censor your Usenet newsgroup access through their news servers? They also keep log files of everything you view or download from their newsgroup servers! If you are tired of intrusive ISP’s that want to censor what you can view and read on the internet then you need a private party Usenet newsgroup provider. They do not keep log files of what you view or download.

Over 120,000 unrestricted Usenet newsgroups.

If it exists you can find it on Usenet and these feeds are not throttled or restricted.

Download using your favorite news reader program.

Have you always been interested in using Usenet newsgroups but have not done so because you felt learning how to use a news reader program might be too difficult? They will even set up a phone appointment with you and will walk you through downloading a news reader, setting it up for their news servers and help you get started by showing you how to use it too download messages and files from newsgroups.

They are the only Usenet company that will take the time to personally help you get started using Usenet newsgroups- I know of users who have signed up and used them for years. If you have always wanted to find out what Usenet newsgroups are all about but have been hesitant to try it out now is the right time to give it a try.

The service is not free, but well worth the price you pay to get uncensored usenet access.

Uncensored Usenet from A libis or learn more at the USENET FAQ.

Want Usenet binaries and pictures that are *not* logged, come across with blazing high speeds, and offers a trial? Try and see why everyone raves.
USENEXT. Fast, Anonymous and Spyware and Adware free.

Popularity: 2% [?]

Pieces from Steve Hodson’s post: The Great Web 2.0 Con Job.

Con Jobs, Twitter, Open Source Self, Death Shovels and My Aftermath

Posted in 3D Social Networks, Attention, Facebook, Future Shock, Personal Privacy, Second Life, Twitter, Web 2.0 by wayne.porter on October 30th, 2007

TWITTERS

Caught this twitter via Steve Hodson after reading about the death of Sam Harrelson’s cousin. I agree with Steve and I feel for Sam. Bitter irony given some recent work with virtual war memorials.

Sam twittered:

This probably isn’t Twitter material, but this is my sounding board. Just found out my 1st cousin (very close) was killed in Afghanistan.

and I tweeted back…

@SamHarrelson It *is* Twitter material my friend, more so than the latest tech sighting…thoughts are with you & family of your cousin.

WHAT IS TWITTER MATERIAL?

I am surprised Sam doubted it.

Twitter material, in my eyes, is playing Scrabble with Robert Scobel until 5 am after Monkey phone calling him on a podcast and calling his cellphone to waste his time and get his opinion, or talking X-Box Smack with Steve Rubel who I feel needs Twitter therapy.This twitter discussion weeks after offering him a monkey phone call via LinkedIn after some Edelman crap. I truly felt for the guy- but maybe I wasn’t very compassionate, but it was as compassionate as I could be about his employer I suppose.

Steve please try to keep being human and not an agency, continue to tear into magazines you don’t like. As you can see I am a laughing prankster and jerkweed, but I really do have a soft center.

Perhaps it is meeting up with Fleep and learning about her life and work at University of Cincinnati- a chain reaction I have dissected ad naseaum on this blog- just search “Fleep”. (Thanks for the dance Chris!)

Twitters are little pieces of our lives, fragments of our existence, or little earthquakes if I wanted to go all Tori Amos on you…in part, or as a whole or mix them together. They are tiny ignition switches.

THE CON JOB

One of the biggest selling points that Web 2.0 proponents like to wave about is the immense social change that it is going; or has brought about. It is the incredible democratization of our society that will forever change the way we interact with each other and the world at large. It is the warm and fuzzy on a global village scale were everyone knows your name and is your friend.

Well I have only one thing to say about this idealized rose colored view of the cyber-landscape - bullshit.

Proof is in the pudding, there are changes on a microlevel maybe, but it certainly hasn’t trickled up to how we act as a “society”

or “global community”…one more key paragraph (although the jabs at data, information and the power of Facebook I can appreciate- read the privacy policy- hell don’t - no one does.)

Myself I do believe whole heartily that the web and technology can still effect great social changes but not as long as we continually get distracted by catch phrases like Web 2.0 which are nothing more that cool catchy marketing terms. Funnily enough and even though Robert Scoble might have declared them dead and boring I do think that blogs can play an important part in any future social changes. I even think that the Web 2.0 darling Twitter can be more than a bit player. The future social fabric of our society will depend on more that Facebook nudges or pat on the back groups. It will depend on more than bland second rate web applications that feed monstrous advertising money machines. It will depend on more than us snacking on bit size morsels of information.

As long as we keep falling for this illusion of how Web 2.0 is going to change the world though the kool-aid makers will keep getting rich off of us, the technological divide will continue to grow and social change will continue to be a marketing catch phrase used to further fleece us of our information.

WHAT WILL MAKE THE CHANGE

I think Twitter is a big deal. I think blogs will have their place. To Steve Hodson- most people don’t take the time to read well-thought out pieces or even shitty ones. The ones that do are probably forward thinking change agents anyway. Many do not contribute or take action. Simply sharing their lives, pulling back that veil is a good step. Small, but positive. Bite sized info won’t do it, at best it serves as a catalyst one would hope. You hope it makes people think, stop, halt and maybe to nudge them to act.

Ultimately Web 2.0 will *not* change the world- it will only change how we negotiate our reality.

People, individuals and folks en masse, ultimately have to make the changes.

ONE BLOG EXPERIENCE and WHERE AVATARS FAIL

I understood that clearly after a decade of writing and blogging basically what I now consider mental gymnastics- of which I will return too I am sure. I laid out a post after being flat out depressed and unable to write anything. I was bothered. So I wrote what I thought, more- what I felt. In some ways I felt like I “open sourced myself”- or tried.

Despite haven been in the middle of so many adverse issues, or in hostile debates or taking on criminal rogues, etc…It was one of the hardest pieces I have written yet I received more feedback (counting e-mails, IMs, skypes, comments, virtual conversations, etc) from this one piece on “Deaths and Shovels”. than hundreds previous combined. Real feedback, the type of sharing that changes one’s world view, one that changed my path and has lead me to some new revelations. One executive, who I respect a lot, called me up and his no-holds barred sharing of personal experiences stunned me. How personal they were, and how they made me think. Hell- even my father skype’d me…I think just to check-up.

AFTERMATH

Shortly after I wrote the piece and had my catharsis of sorts I learned a good friend’s baby had died in a tragic accident. That was it- blow to the stomach. We knew each other in a virtual world, had become fast friends and collaborators- why do bad things keep happening to good people? As he told me of this event tears rolled down my cheeks. Not just for him, but for “all of us” on the techno fringe.

How do you comfort an avatar? You really can’t.
Oh there are loads of animations, but how many for grief? How do you throw an arm over someone’s shoulder if no one has scripted it? Why would you?

When I look at the range of emotions in avatars- what an avatar CANNOT do shows me how much work “we the people” have yet to do and what is rewarded and what is not. Social change…heavy order for humanity. Our priorities are still wrong.

So I will have more to say on shovels and fate…I have some nerve up. I am trying to keep pushing the “open source myself”. I can’t take action until I can say what I want to say…getting there…and I didn’t quite get to where I wanted…

FLASHBACK

This is not poetic. There is no poetry or meter in this…this is splattered ink on a canvas.

I recall being a child and taken from school. It was lunch time, I was eating green peas…ice-like silience on the short ride back.

What is wrong?

Silence from Aunt and Uncle..I was perplexed. What could this mean?

Enter home…people, many- gathered- crying…being eight I had no idea the revelation or the impact awaiting me- it was out of my scope.
Beyond my reason and reality.

My two little brothers and sister herded to the back room where my father was…looking at us- eyes red. He was young then, far younger than I now. In retrospect I wonder if he rehersed the words? I have no idea. We know so little of our family at times. We know so little of what makes people tick, what drives them, what shaped them or shapes them….we don’t ask or they don’t tell.

He gathered us around in a semi-circle with his arms and delivered the news the only way he could and told us- our mother was dead- I can’t even type the exact words though I know them well. Age 26…All went black, utterly and totally dark. There are no memories for hours and hours after that. I awoke playing Chinese checkers at my grandmothers with my cousin in front of the gas heater. I love open flame gas heaters to this day. They are warm.

I thought about that incident when writing the piece. Should I include this deeply personal piece? Would it matter? How much should or was it just my business? Would people see a different aspect? I don’t want pity. Is it just public psychotherapy? No.

I have reconciled the best one can after something like that- children tend to lose part of being children when tragedy strikes. The difference writing about it this time as a 37 year old father… I, for once, appreciated my father never left our family, always showed up at ballgames, cooked or taught us how, always ensured we could survive and instilled in us a desire to learn and adapt. Too many thanks to count. I didn’t feel any cause to worry and no tear for me. If I were to cry it would be for my dad.

Because no father should ever have to tell that to his four little children.

Yet I know these words are delivered to children all over the world- everyday, under different circumstances, both here and abroad. I just don’t know what to do about it, talking about it? I guess, Sam, in my eyes this is all appropriate material and we should not worry that it is not.

No morals. No preaching. Kids are out now looking for candy- it is trick-or-treat.

I have far more important things to do right now.

3D social networking attention facebook future Personal Privacy Second Life twitter web2.0

Popularity: 7% [?]

3D social networking E Commerce Personal Privacy Second Life Security Social Networks technology web2.0

Permalink | Comments (3)

Google Going Second Life, Second LIfe Gets Encryption

Posted in 3D Social Networks, E-Commerce, Personal Privacy, Second Life, Security, Social Networks, Technology, Web 2.0 by wayne.porter on October 9th, 2007

We knew this was coming since CIA backed In-Q-Tel sold Sketchup to Google…along with Google Earth formerly, known as Keyhole- I think. Never can keep up on that sector. Don’t act surprised- it is plain sight folks.

Google Going Grid?

The Multiverse Network is announcing a partnership today that will allow you to create a virtual world using Google Earth and Google’s 3D Warehouse, a repository of 3D models created using tools like Google Sketchup. So, say if a city has 3D models built of it’s buildings, you could create a virtual world from them, almost instantly using this new technology. They are planning on showing Architectural Wonders at the Virtual Worlds conference tomorrow in San Jose, California.

Wonder what Second Life folks think? I’ve noted some ex-Lindens in the Google officer’s mess. Yet I am not so quick to throw in their towel (although at times…)- Google does not like to create content, they really don’t like controversy, and really I don’t think they like to police content either (hint- it doesn’t scale)…still I take their Grid over Second Life’s anyday who knows…perhaps it won’t be so proprietary and “grid crasher” will come to fruition ala Open Sim.

I also have to wonder if Second Life saw a bit of light encryption coming…or if they wonder what might be coming next since this is just a light warm up I am sure. Yeah I am really, really sure more is coming. 100%…and this is important. Not object-to-object- person-to-person or avatar to avatar. Your nomenclature may vary.

Second Life Encryption- weak like mint tea- but the concept is there.

What You Get: The Chevalier Encoder HUDS come in packs of 2, 5, 10 and 20. One for you and one for whomever you want to chat with securely, each avatar is required to have one to be able to join the chat.

How it works: The HUD, or heads up display, includes an on-screen keyboard, which you attach from inventory. It will attach itself to the top center location of your screen, which of course, you can change as you do you other HUD’s, and place it somewhere other than the top center.

To use the Encryption Keyboard HUD click the “Menu” button and select “New Chat” or “Add To Chat” from the dialog that pops up, you will be given a list of avatars in range (96 Meters), then select the avatar with whom you wish to speak to (or add to an existing session) in encrypted form and a notice is sent to their HUD, which they must be wearing. A random pass-code is generated and swapped between HUD’s, and then you can safely communicate with that avatar or avatars.

You may also choose a pre-determined pass phrase that everybody wearing the Chevalier Encryption HUD knows, by keying in the group pass phrase and clicking the “Set Pass” button, and everyone can talk in group chat- encrypted.

Communication works Sim wide once pass-codes/phrases are swapped and chat begins.

NOTE: This version of the HUD uses simple encryption so while no other avatars can read it, the text is still visible to Linden Labs. It is also notable that the keying in of information is slow using the screen keyboard; you can also enable a chat channel to speed up encoded chatting, although this is not as secure. A high numbered random channel is selected each time you enable this feature, but using presets can help, and the look of the faces of the enemy is priceless.

I tried it- it is slow as stated, but for emergencies- it works, and fun to hit channel scanners with. Really….plus SOX, HIPPA, e-discovery- remember all that kids? VoIP or IM, e-mail or chat, no matter how ephemeral the medium it has to be archived if you are a publicly traded company. Not sure how encryption fits in there.

Popularity: 6% [?]

attention echo chamber Instant Messenger iPhone Personal Privacy Security sms tweets tracking tweets twitter twitter patterns web2.0 whois username yourkeyword

Permalink | Comments (2)

Twitter Tracking - Twitter does More

Posted in Attention, Instant Messenger, Personal Privacy, Security, Twitter, Web 2.0, iPhone by wayne.porter on October 8th, 2007

There is nothing worse then having one/half hand to type with- (My left hand is practically paralyzed, but have regained some back in my right- so I am hopeful). It can be described as pure frustration. I will have to bore readers with just calling attention to things I find interesting, critical or poignant- then again maybe I won’t bore them. I admit I am behind on reading after four (FOUR) days of being unplugged completely and until the 30th, save for occasional game or writing that is the doc’s orders which I decided to heed. Forgive me for becoming an echo chamber, then again perhaps I am too verbose and it is better that way.

From Twitter- twitter tracking- a bit annoying as you must do it via SMS from what I read.

(Some edits per me)

track YOURKEYWORD

When someone (anyone who updates in public) mentions “YOUKEYWORD,” you’ll get it on your device in real-time. From there you can send “whois username” to find out more about that person, or “follow username” to follow his or her updates. Don’t want to receive anymore about YOURKEYWORD? Toggle it off with:

untrack YOURKEYWORD

*Note the word can also be a phrase.

You can create as many of these as you want, so send “track drinking tea”, “track iphone”, “track walking san francisco” and you’ll receive matches for all. Want to get a list of what you’re currently tracking? Send “track” alone (or “stats”). Turn them all off by sending “track off”.

Popularity: 5% [?]

3D social networking attention E Commerce Personal Privacy Satire Second Life Social Networks Video Games web2.0

Marty and Joe Return

Posted in 3D Social Networks, Attention, E-Commerce, Personal Privacy, Satire, Second Life, Social Networks, Video Games, Web 2.0 by wayne.porter on August 7th, 2007

I have been thinking about bringing back “Marty and Joe” on a wider scope. For those who don’t know Marty and Joe were two evil executives I used to use as conversation points years ago to focus in on issues through the use of satire. They had no morals, no real brains beyond being conniving, and everything revolved around how to screw over their partners. They were the worst of everything rolled into a litigation happy package. Most people saw it for what it was, others actually took some of the dialogs at face value. The conversations were merely meant to stimulate thinking about worse case scenarios…and sometimes real scenarios or scenarios that “could be”. Sometimes I would “interview” them, sometimes we just got a glimpse into a conversation.

How would Marty and Joe respond to this prediction about Second Life and spartan living?

The authors of the “Metaverse Roadmap,” a briefing document that explores the possible development of virtual worlds over the next 20 years, agree that a boom within a decade is likely. Their research has indicated that by 2016, half of us will have interactive avatars, with those aged between 13 and 30 spending around 10 hours a week socializing in 3-D visual environments.

And the draw of virtual worlds may encourage some of us to forsake our mundane real-life surroundings for a luxury life online.

The Metaverse Roadmap points to the millions of youths who already use worlds like Habbo Hotel and Playdo, and suggests that “Youth raised in such conditions might live increasingly Spartan lives in the physical world, and rich, exotic lives in virtual space.” It makes a certain kind of sense: why cripple yourself with huge mortgage payments on “real” real-estate when on Second Life you can buy an entire island for $1,600 and $300/month maintenance?

Marty and Joe Business Brainstorm on Second Life

Marty: “OK the initial reports about Second Life are in. It seems marketers are having a hard time making money directly and there are some “problems”. Drugs, prostitution, nudity etc. Nothing unusual, the same kind of stuff you see in IRC only with avatars.”

Joe: “Problems. Good. Problems are usually market opportunities Marty.”

Marty: “True. What are you thinking?”

Joe: “Well according to ground reports they actually have “free” and complete “doobie” and drug kits to dispense virtual drugs, joints that exhale simulated particle effects and auto chat scripts to the message line every x random times messages like “you smell california chronic”…..They even have a “hit of sunshine” you can place on your HUD to simulate LSD effects.”

Marty: “Hmmm. So we build a “Marijuana Island”. Seems like the demographic is pretty poor. You thinking t-shirts, caps, that kind of stuff?”

Joe: “That is short-term Marty- think bigger- this is the attention economy. Wouldn’t the feds be interested in an inter-state, pro-marijuana island in SL?”

Marty: “Yes, yes I think they would. We could make it an Alternate-Reality-Game to educate people on the effects of drugs. We can have all the “virtual drugs” made and
laced with some tracking using the scripting language. We can find out who are the “weed passers” and those within range of the smoke. Then we append the information from a social network.”

Joe: “The pay off is what? Some funding from a drug education group?”

Marty: “Nah….not enough dollars. We sell it all to the feds in act of revolt as we quietly go “Jerry Ruben 2.0″, they get to nail a few silicon hippies, and ironically we can take our money and relocate to Amsterdam.”

Joe: “I like it- this has legs. Get Winthrop and the legal team in here…and find a way to plug it into Facebook- it’s hot right now.”

Marty: “You know…this might even be more lucrative in China…virtual worlds are huge there.”

Popularity: 6% [?]

Tips for conference speakers…..

Security Books & Blackhat

Posted in Civic Issues, Lifestyle Evolution, Personal Privacy, Security by wayne.porter on July 31st, 2007

If I didn’t know paperghost and the fact he wore the madcap shirt to RSA at our presentation…I would find it hard to believe.

Thomas Dullien, a prominent security researcher who has been a fixture at the annual Black Hat security conference, was denied entry into the US on his way to this year’s conference. Dullien said he was blocked from entering the US “for carrying trainings materials for the Blackhat trainings, and intending to hold these trainings as a private citizen instead of as a company.” The ironic twist? Dullien claims that “the largest [number] of attendees are US government related folks, mostly working on US National Security in some form.”

Next up is Christopher Boyd, Microsoft Security MVP and Director of Malware Research for FaceTime Security Labs. On a recent trip, Boyd discovered that his baggage had been inspected. He describes the affair: “Admittedly, a suitcase containing shirts saying “Terrorist”, “N.W.A” and “Hung Gar Kung Fu” is going to tick the “mad bomber”, “black power” and “Crazy Kung Fu Communist” boxes for Homeland Security in one fell swoop, but I was surprised to find that, while a “Notice of Baggage Inspection” card had been desposited in my case, a “We’re keepin sum stuff bai” card was strangely absent.Why? Oh, maybe because ALL OF MY UNDERWEAR IS MISSING.To the kinky freak running around in PG Pants, I hope they serve you well. But really, you could have just asked.”

This is why you should make up silly written languages for notes, never use power point or study ancient Assyrian- there is now a pragmatic use. As for paperghost- I had zero to do with the underwear but it sounds like you have a fan!

assyrian Government & Politics made up languages Net Lifestyle Paperghost Personal Privacy Security security research speeches US National Security

Popularity: 4% [?]

Article on violations here…highlights include:

Ben Edelman on the FTC and Zango- That Trust & Baton Metaphor Again

Posted in Civic Issues, E-Commerce, Free Software, Personal Privacy, Security, Skype by wayne.porter on July 31st, 2007

I have examined an article that will probably make some people at Zango queasy. Colleague Ben Edelman (assistant professor at the Harvard Business School in the Negotiation, Organizations & Markets unit) dissected some recent Zango installations — then cross-checked them with Zango’s settlement with the FTC.

According to Ben’s allegations, and I think the evidence stands firm, Zango doesn’t seem to live up to what the FTC requires- if you recall that November 2006, FTC Settlement let’s review a snip from Sunbelt…which i have renamed “you dropped a bomb on me baby…you dropped a bomb on me”- hope you don’t mind Alex.:

The settlement bars Zango from using its adware to communicate with consumers’ computers – either by monitoring consumers’ Web surfing activities or delivering pop-up ads – without verifying that consumers consented to installation of the adware. It bars Zango, directly or through others, from exploiting security vulnerabilities to download software, and requires that it give clear and prominent disclosures and obtain consumers’ express consent before downloading software onto consumers’ computers. It requires that Zango identify its ads and establish, implement, and maintain user-friendly mechanisms consumers can use to complain, stop its pop-ups, and uninstall its adware. It also requires that Zango monitor its third-party distributors to assure that its affiliates and their sub-affiliates comply with the FTC order. Finally, Zango will give up $3 million in ill-gotten gains to settle the charges. The settlement contains standard record keeping provisions to allow the FTC to monitor compliance.

One- Wayne Porter, Paperghost, Sunbelt, Ben Edelman, Eric Howes, Facetime, Suzi Turner, Wilder’s Security, PCPitstop, CastleCops, Spyware Warrior, Temerc, and countless other security watchdogs have noted this type of behavior for years. Others in the performance marketing industry have covered and discussed e.g. Todd Crawford- source Revenews.com per Wired, Peter Figueredo noted the “heavy settlement”…I feel it was “a slap on the wrist” and if I took things personally a “slap in the face”- good thing I don’t.

Ben’s article argues Zango’s compliance is unusually poor. For one, some of Zango’s “installs” — especially the Hotbar-descended installation sequences fail to show the “short form notice” (prior to and separate from a EULA- End User License Agreement) that the FTC settlement specifically requires. Furthermore, some Zango ads up to and including toolbar ads, desktop icons, and even some pop-ups, don’t have the labeling and hyperlinks the settlement requires. Ben’s piece has the nasty details in his usual cold, cutting and methodical fashion and this security and media researcher is not surprised.

Naturally we have video and an array of screenshots. Ironically I have to wonder if this is what they mean by “the long tail” and “user generated content”- lets “help keep the internet free” or something similiar?

Since I have been talking about video ala Steve Rosenbaum (I did warn about never going the “adware” route) so keep that in mind Steve if you open things up…fine line between fair money and trust.

This article summarizes selected incidents I have recently observed. In particular:

Widespread Zango “ActiveX” Installations without Unavoidable, Prominent Disclosure of Material Terms (XP SP1 and Earlier).

Widespread Zango Banner-Based Installations without Unavoidable, Prominent Disclosure of Material Terms (XP SP2).

Ongoing Zango Installations with No Disclosure Whatsoever.

Unlabeled Zango Ads - Toolbars, Desktop Icons, and Pop-Ups.

Zango Ads for Bogus Sites that Attempt to Defraud Users.

These practices call into question the integrity of Zango’s business, as well as the status of Zango’s compliance with its obligations under its recent settlement with the FTC.

And let’s not forget the outcome–as he sums up FTC retort to himself and respected colleague Eric Howes of Sunbelt-

When Zango and the FTC announced their settlement, Zango claimed that it had “met or exceeded the key notice and consent standards since January 1, 2006.” I emphatically disagree. With widespread ongoing installations that fail to provide the notice required under the settlement, Zango cannot claim to provide the necessary notice before installing. And with widespread toolbar, desktop icon, and even popup ads still lacking the labeling required under the settlement, Zango cannot claim to be consistently providing the on-ad notice the settlement demands.

In a letter to me and to Eric Howes, responding to our concerns about enforcement of the FTC’s then-proposed settlement with Zango, the FTC said it “recognizes that it must be vigilant regarding Zango’s conduct once the proposed order becomes final.” I have previously remarked on FTC enforcement actions I consider too timid or narrow (echoing the position of FTC Commissioner Leibowitz). Whatever my prior concerns, these widespread violations by Zango offer the FTC a clear opportunity to demonstrate the importance of full compliance with settlement terms. I look forward to a tough and effective response from the FTC.

This is the proverbial baton I was talking about in another post.

The more imaginative and effective are the weapons that are real. Never pull a baton you don’t intend to use, and batons come in many shapes and forms if you think metaphorically.

The FTC needs to wield said metaphorical baton…so the settlement is truly settled. Otherwise I predict what Jimmy Daniel’s echoes in this post of months past…or let’s go further back in history…..quote myself.

Companies will be measured by what they do and not what they say. Trust is not given, trust is earned.

I remember it well- inspired by this summit ages ago hosted by Esther Dyson. I recapped my thoughts almost a year later…and yet ANOTHER YEAR has flown by. My children have become fluent in “malwarese”. Sad.

We are beyond summits…

I don’t want to hear “the affiliate did it defense” either…

I desperately want to be able to tell my children one thing- their government responded decisively.

It is sad enough I have to educate them about this ongoing problem.

Addendum: Zango refutes the findings.

E Commerce Free Software Government & Politics Personal Privacy Security Skype wayne porter

Popularity: 6% [?]