Month: March 2011

Petition: Facebook, Stop Invading My Privacy!** (**a facebook group) – by “Anna D”

~ bradevanrosen ~ Leave a comment

Experience has taught me that most humans like to talk about themselves, and, in the digital age, we all seem to have a guaranteed audience. If you can’t find anybody to listen to your stories in person, you can broadcast them over the internet for any friend, relative, coworker, stalker, or total stranger to enjoy. Thus the emergence of LiveJournal, MySpace (now My____), Facebook, Twitter, Gmail Buzz, Digg, and a plethora of other sites that allow us to feel connected to the world from the privacy of our own homes. Through these sites, we can share our intimate details of emotional turmoil and real-time updates about our most mundane actions (and, if you’re Jessica Simpson, you can demonstrate your affinity for clean ears).

Of course, with all of these social networking sights, there is the risk of overshare. One wrong click could make a journal entry that was supposed to be “private” readable to all the world, and a lapse in judgment could result in you complaining about your boss in your Facebook status update when, in fact, your boss is a Facebook friend. My high school teachers were quick to remind us that we should be very careful about what we posted online, as we might have viewers outside of our intended audience. They held up one of my peers as a prime example. A recently graduated student had tried to get a job in the school’s Computer Lab during his gap year before college, but he had made the mistake of alluding to his affinity for marijuana on his MySpace profile. In addition to refusing to hire him, they saw fit to share his faux pas with the entire faculty, student body, and association of parents as a cautionary tale.

I felt: Lesson learned. No open profile. No stupid photos. No exposing my personal information to school officials, potential employers, or strangers. I had assumed that, if I was careful, I could maintain my privacy. Of course, there was the issue of a friend writing something unsavory on my wall or tagging me in a photo I wasn’t proud of, but there are means of protecting yourself against that. As the author of  “10 Privacy Settings Every Facebook User Should Know” suggests, you can protect your privacy by monitoring your friend list, removing yourself from Facebook result searches, removing yourself from Google, avoiding the infamous video/tag mistake, protecting your albums, preventing stories from showing up in your friends news feeds, protecting against published application stories, making your contact information private, avoiding embarrassing wall posts, and keeping your friendships private. If I did all of this, my profile might look a little boring, but I should have absolute privacy, right? Wrong.

Even Facebook users with the most strict security settings do not really have “protected” profiles. According to Wall Street Journal investigators, Facebook “apps” have been transmitting identifying information such as Facebook user IDs and names to external companies to use them for marketing purposes, regardless of whether the user has tried to make his/her information private. For some users with less strict privacy settings, their age, occupation, residence, and/or photos might be released to these advertising and data firms which could then attach them to “dossiers” they had already compiled on the user’s personal information and internet-activity history. When the WSJ conducted its investigation in the fall of 2010, each one of Facebook’s ten most popular apps (FarmVille included) was guilty of transmitting user IDs, contributing to a breach of privacy for tens of millions of Facebook users.

Facebook officials indicated that their company was opposed to such information sharing (evidently it is against its privacy policy for apps to user information to these external companies), and they promised that Facebook was working on limiting user’s exposure. Several “guilty” apps were disabled, but, how can Facebook monitor the activities of all 550,000 apps? What incentive do they have to bother?

After coming under a lot of scrutiny for its privacy policy (which most users could not even understand because of its length, density, and language), Facebook unveiled its plan for a new format, which should make the policy more readable and understandable. Facebook disseminated a graphic to demonstrate how the new format, characterized by “simplified explanation” and “interactive tools,” will help users understand the way their information is being used:

 

 

 

 

 

 

This is a nice gesture… but the privacy policy itself will remain completely unchanged, so personal information can still be used to target advertisements and “Sponsored Stories” about us can be used to advertise products to our friends. For a lot of people, this gesture is simply not enough.

Steven J. Vaughan-Nichols argues that our personal information and privacy is too high a price to pay for just “free web-hosting and some PHP doodads.” He believes that the Facebook’s Panopticonic system developed out of the centralized server/client architecture that pervades today, and he suggests that our freedom can be obtained through decentralization, through the use of small, inexpensive plug servers, dubbed Freedom Boxes. According to the Debian wiki, “We live in a world where the use of the network is mediated by organizations that often do not have our best interests at heart. By building software that does not rely on central service, we can regain control and privacy. By keeping data in our homes, we gain legal protection over it. By giving back power to the users over their networks and machines, we are returning the internet to its intended peer to peer architecture.” Freedom Boxes will offer data encryption and security, and it will allow Internet users to enjoy “safe” social networking through “privacy-respecting” services such as Diaspora, Appleseed, and Lorea.

Sounds very interesting, but I’m curious about how successful these new sites will turn out to be. The centralization of Facebook’s system might give it too much power, but it is a power that will be difficult to overthrow. Facebook has become not just a social network but THE social authority; as Hortsense Smith for Jezebel notes, “it often seems like its somewhat required to have a Facebook profile just to appear to have a presence on Earth.” If you’re not on Facebook, how will you get this invitation or hear about that piece of news (gossip)? How will the person you met at the dinner on Friday track you down to see you again? How will you announce to the world that you’ve just finished reading Twilight and the ending made you cry? While ceding control over one’s personal information is certainly a cost, it seems to be one that many millions of people are willing to pay for the convenience and size of the network. Seeing as so many of the people that join networking sites join them to have 1) an audience to perform to and 2) a constant source of entertainment as they watch other people’s performances, how could they walk away from so vast an audience and so great a spectacle?

I anticipate that Diaspora and similar “secure” social networking sites will become very popular within certain circles (most likely among computer-savvy users that already know P2P, appreciate open-source software, and understand how seed systems work), but I think they will remain niche. Most of us (many computer-illiterate) will just stay on Facebook and grumble about privacy breaches through status updates, wall posts, and Facebook groups.

Free Software: Not Just Operating Systems – by “Benjamin G”

~ bradevanrosen ~ Leave a comment

GNU/Linux is the poster child for the free (as in speech) software movement. It is highly reliable and capable software that has beat out proprietary operating systems in fair competition, proving that people will in fact produce software even without the incentives provided by copyright law. If there’s a bug in the program or a missing feature, someone will be annoyed enough and competent enough to fix it out of self-interest, and everyone will benefit from the improvement. At least, that’s how GNU/Linux developed, and the theory is that the same principle will apply to any sort of free software. But does it? Will people voluntarily improve any program they use?

Games are probably the kind of program that would work least well with the free software model. Nobody has to play a game, so nobody will be forced to fix a bug in order to do his job. And if the sum of the experience of fixing the program and then playing the amended version isn’t better than the experience of playing the game as it is, it won’t be worth it for anybody to work on it.

wesnoth_main_menu

There are free games, though, some of which are apparently pretty good. Battle for Wesnoth, for example, is a free, turn based stragegy game licensed under the GPL. It is “the most played turn-based strategy game on the Linux platform, being probably the most polished, full-featured and addictive game in its category.” I’m not surprised that a turn-based strategy game has been successfully developed as free software; the programming challenges are less about window-dressing and more about the underlying gameplay. And that kind of coding can be fun in itself.

I am by no means an expert coder, but a few years ago I did write a blackjack game. I wasn’t collaborating with anybody, but the free software model did apply, to an extent. I found a shortcoming in the existing software (most computerized blackjack games shuffle the deck after each hand rather than dealing out six decks of cards before randomizing) and I took the time to fix it. I tried to build as many features as I could, but I’m sure I missed some; I’m also sure that, if I put the source code online, someone would be interested enough to fix it. (I’m glad to distribute the source code [it’s written in Java] if someone tells me the best way to do so)

I’m less sure that someone would take the time to design a really good GUI. To me, at least, designing user interfaces is labor intensive and boring- not worth the time. I may just be projecting my own biases here, but I suspect that fewer people will voluntarily work on the tedious but necessary tasks that are necessary for some types of games.

Of course, with a large enough user base, there will be some people who really enjoy doing graphics. But still, on average, free software will be weaker in these areas. There’s a certain amount of boring but necessary work that must be done, and most of the time that means you have to pay someone to do it.

Free software can be produced by paid programmers. Quake and its sequels are an example of software licensed under the GPL but produced by a commercial company. My point is only that the model of “the users will do a better job than any defined group of developers” works better for some tasks than for others.

What’s Going on with DRM? – by “Daniel P”

~ bradevanrosen ~ 3 Comments

A few years ago, my friend copied a bunch of music from his brother’s hard drive to his new iPod. His brother has awesome taste in music, and since my buddy didn’t have to pay anything for it, I thought he got a pretty sweet deal. We were talking about this while driving around and listening to the White Stripes.

“Dude!” he said all of a sudden. “This sucks! I can’t play blue orchid on this iPod cuz I don’t have the license for it.”

“Ah shit man,” I replied. “It’s because of DRM.”

“DRM sucks.”

Yup. It does. Used to be that if you bought a CD you could do whatever you wanted with it. Listen to it anywhere, let your friends burn it, or burn it yourself and hand out the tracks. Music CDs (not CD-ROM media) by definition cannot have DRM applied to them because its not standards compliant. Guessing the music industry didn’t like this too much and was getting ready to release another CD technical standard with built in DRM.

But they didn’t have to. People dropped their CDs and started using digital files. When online music stores appeared on the scene, they just limited they ways you could use the files you bought from them. Let’s look at how:

Exclusivity – If I download “Fell in Love with A Girl” on x music downloading site, I can only play it on user end hardware or software affiliated with that site. For a while (maybe still now) music downloaded using Kazaa could only be played on Windows media player. Music from the Wal-Mart and Napster stores can only be played on products with Microsoft “plays for sure” certification, something iPods don’t have. iTunes’ version of DRM, fairplay, limited the number of devices an individual song could be stored on. Apple also only allowed files downloaded through iTunes to be played on Apple products and a select few Motorola phones.

Fees – Copies of music have a price. Napster charged an extra $5 dollars per month if you wanted to play the music you downloaded through it on a portable music player. Good thing I can fit my laptop in my pocket when I got to the gym. Napster actually had the worst deal ever: you lost access to all the files downloaded using it if you didn’t pay your monthly subscription fee. That’s just lending music on a monthly basis.

A lot of music stores recognized that DRM-free music has its price. Apple initially sold such files at an elevated price. Now all files on iTunes are DRM free and popular songs cost $1.29, thirty cents more than the standard price per song the store was unveiled with. Napster’s done away with its DRMed wares too.

I’m sure there’s someone out there asking, “Where did you go, DRM’d music? I miss you.” I’ve got a few guesses. Stores probably realized that DRM’d music is really annoying for users. It limits where and how they can play it and makes copying your music from your old computer to a new one really painful. They also realized that people would be willing to pay a bit more for music without DRM. In Apple’s case, thirty cents more. And I bet there’s some calculation out there that says the extra thirty cents generates enough money to outweigh revenue lost due to piracy. The last reason is the iTunes stores. It’s got 25% of the digital music market in the U.S. If it doesn’t have DRM’d music then any site that does is going to lose to it. Also, don’t forget the iTunes store’s buddy, the iPod. It has a whopping 74% of the U.S. mp3 player market, further cementing Apple’s hold on the stuff we’re listening to.

Looks like Apple is calling the shots in the online music market. But at $1.29 per song, who’s using it? Look at the numbers again.

iTunes market share = 25%
iPod market share = 75%

Most people who download music have a music player. Most people with iPods use iTunes. If most people with iPods bought music from iTunes, its market share would be far more than 25%. A lot of pirates still in town.

46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2 – by “Ben S”

~ bradevanrosen ~ 14 Comments
Is this image illegal?
A "PS3 Flag", an homage to its predecessor, the "Free Speech Flag"

On January 3, George Hotz, or geohot as he calls himself, a hacker previously involved in the effort to jailbreak the iPhone, released the private key to the PlayStation 3, using techniques described by the group fail0verflow at the 2010 Chaos Communication Congress.  Essentially, possession of the key allows users to create and run signed software on their PS3s without the use of any sort of external USB device–i.e., to run the software as if it had been distributed by Sony.

There is every indication that this is why the parties involved exploited the, well, exploit–so that they and others would be able to use the machines that they own to run whatever software they want to write for it or share with each other (fail0verflow claims to have developed the hack in order to allow PS3s of all firmware versions to run Linux).  Of course, one of the side effects of the release of the key is that users can now, if they so choose, use it to run pirated versions of PlayStation 3 games on their machines, which Sony is loathe to allow.

In a response eerily reminiscent of that of Universal and its cohorts following the release of DeCSS and of that of the MPAA and AACS LA following the release of the AACS cryptographic key (the key that protects Blu-Ray DVDs), the corporate machine leapt into action (after one embarrassing gaffe on Twitter), and fired off lawsuits against both fail0verflow and geohot, causing the latter to start a legal defense fund.

This case lies much closer to that of AACS than that of DeCSS–the court ruled, in Universal v. Corley, that DeCSS was not protected speech because, among other things, the DMCA’s restrictions on circumventing technologies was “content-neutral,” and DeCSS seemed to have been distributed for the purpose of redistributing copyrighted DVDs, at least according to the District Court.  In the case of the AACS key, while the MPAA and AACS LA issued numerous DMCA takedown notices (notably to Digg), this was the only legal action taken: no lawsuits were filed, and the legal status of the key remains up in the air.

In the case of the PS3, the stated purpose for circumventing the “technological measures” that “effectively control” access to the PS3 was to get the machine to run Linux–undoubtedly, this is not in violation of any copyright law.  But will this be its primary use? The court tells us in MGM v. Grokster that we must consider not only whether a noninfringing use exists, but its relative frequency compared to that of infringing uses.

Will most users use the key to play pirated games?  More importantly, does it matter?

Similar to the avalanche of posts of  “09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0” on Digg following the MPAA’s response to the release of the key, a…flurry? of “46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2” posts appeared on Reddit in the aftermath of geohot’s publication of the key.  Both communities felt a sense of injustice that posting a 128- or 160-bit key, a number short enough to scrawl on the back of one’s hand, should subject the poster to prosecution.

On the other hand, the DeCSS program, in its shortest incarnation, is only 434 bytes, or 3472 bits, only about 20 times as long as the AACS and PS3 keys, and the court found that it was illegal–just as a clever Digg user created a flag using the hexadecimal key, or how I shamelessly copied the idea to make a flag of my own, so too did protestors of the DeCSS decision create MIDIs, plays, and even a haiku of the program.

When everything is expressed in terms of numbers, anything can be expressed in terms of anything else.  The court has ruled that some numbers are illegal, so where exactly is the line?  If I write some protection protocol with a cryptographic key of “1”, can I go around issuing DMCA takedown notices to every website that has the audacity to post a “1” somewhere? Would that even count as an effective technological measure? Probably, since knowledge of the key is generally not enough to crack the code–one must also know where to put it, which requires some amount of proficiency with computers (arguably more proficiency than most users possess).

So where is the line? Is it at 10 bits? 100? 1000? We already know it can’t be any greater than 3472.  The problem is, wherever the line is drawn, it will be arbitrary–any attempt to exclude some kinds of speech from protection will, when taken to its logical extent, inevitably result in some sort of restriction that seems ridiculous and unfair.  There will always be some tricky end case.

And programmers are great at coming up with tricky end cases.

Let e-Books be e-Books – by “Lynn W”

~ bradevanrosen ~ Leave a comment

Having used Yale library for the past four years, I’ve come to accept as fact that the wonderful invention of the e-Book allows all library users to bypass the logistical obstacles that accompany the borrowing of physical books – unavailability when checked out by others, the trip of physically finding and retrieving the title from its shelf, the revulsion of thumbing through dilapidated  volumes with unidentifiable stains. More than once, I’ve taken Yale classes in which professors have assigned books that are available online from the Yale library. The strategy for those readings has always been to click on the link whenever I want, at my own pace and timing. The only “hassles” were perhaps that the pages cannot be printed, and that some versions do not allow electronic markings or highlights. Small price to pay for the convenience offered.

Interestingly, and much to my dismay, this universal access model to library e-Books does not extend much farther beyond the university setting. Although e-Books are not yet widespread among public libraries, the ones they do occupy maintain heavy restrictions on usage, as if these electronic files were physical objects.

Take the New York Public Library as a case study. Although the library has 100 titles in e-Book format, it offers them in very limited quantities. For example, currently there are just two e-copies of Blackveil (published Feb. 2011). Both are unavailable, with two “patrons” on each waiting list. The older, but more popular Artemis Fowl (published Aug. 2009) is even more scarce; there is just one currently unavailable copy, with eight on the waiting list.

Perhaps even more ludicrous are the policies on checkout and return. There are no standard lending periods, as these can vary from title to title depending on individual licensing agreements. Furthermore, two of the three provided e-Book formats (OverDrive and Mobipocket) “cannot be returned early. They are automatically returned at the end of the lending period.” So assuming that Artemis Fowl has the standard library lending period of three weeks, I’d have to wait until September 2011 for three weeks of access to a PDF copy? What???

Oh wait… I just got it here.

Granted, this version is in a much plainer font, and there are no page numbers. But the content is exactly the same. How did I find this? By Googling “artemis fowl pdf” and clicking the third search result. Clearly, DRM is not serving its purpose. Is it really necessary to ensure that libraries abide by DRM for their e-Books when cases of circumvention abound so prolifically on the Internet?

Functionality aside, the more important question is whether DRM has a place in the public library domain. The whole point of libraries is to offer communities a local learning center for free. Specifically, the New York Public Library aims to “inspire lifelong learning, advance knowledge, and strengthen our communities.” The digitization of books should, if anything, only help accelerate this mission of educating the community. Why, then, is the new medium of communication being subject to the same delivery constraints of old media? Why, when electronic files can be accessed instantaneously and multilaterally, should people have to wait for months to take their turn?

Library e-Books belong in their own category, separate from print books, and they deserve their own lending policy – one that makes use of the advantages that they offer in speed and plurality of transmission. The Yale model of universal access isn’t necessarily ideal for all public libraries, but the old print model of lending for e-Books simply needs to go.