b.cognosco
Where leaping to conclusions is my primary form of forward motion.
Most Popular
- Historical Yearly Average Gasoline Prices
- Outlook 2003 Message-ID Insanity
- Real-time Sand Animations
- Adobe Acrobat 7
- Adobe Announces Name Change and New Product
- Largest Technology Boondoggle in Public Education History
- Yahoo! Buys del.icio.us
- Skype - Disruptive, Not Compelling
- Aluminum Christmas Tree Museum
- Network Printing Hell and windoze XP
Book Reviews
Recently
How Do We Know When the Police State Arrives
$107 Billion and Counting
Are You A Denied Person?
Friday, October 14, 2005
EULA-based Deep Root Spying On Blizzard Entertainment Customers
If you play Warcraft, World of Warcraft, or any other Blizzard Entertainment game you need to read this. You probably have no idea how much personal info the cretins at Blizzard are collecting from you. [via Copyfight]I Spy With My Little EULA (Donna Wentworth)
You may recall that Blizzard is the videogame company that sued three software programmers for creating BnetD, a free, open source program that allowed gamers to play games they purchased with others on the platform of their choice. Blizzard claimed that the programmers violated several parts of the company's End User Licensing Agreement (EULA), including a provision on reverse-engineering. But it turns out that's not all that Blizzard's lawyers have inserted in the fine print. As Bruce Schneier reports, the company is also using its Terms of Use agreements to justify spying on gamers' computers.
Writes Greg Hoglund, co-author of Exploiting Software, How to Break Code:
I watched the [software] warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time. ...[The scanning] certainly will result in warden reporting you as a cheater. I really believe that reading these window titles violates privacy, considering window titles contain alot of personal data. But, we already know Blizzard Entertainment is fierce from a legal perspective. Look at what they have done to people who tried to make BNetD, freecraft, or third party WoW servers.
As Schneier says, this is truly scary stuff. Yet even a few of the security-savvy readers at Schneier's weblog are downplaying its significance. Why? Annalee Newitz has a theory that rings true to me: people think of routine spying as normal. […]
Terry Frazier at 11:11 PM
| Permanent Link
| Trackback URL | Categories: Privacy, Security, Technology
How Do We Know When the Police State Arrives
This quote from |Matt| on the state of Great Britain’s police state:Followed by this from the 18.35 issue of EFF’s EFFector:You get the police state you deserve
Paul Craig Roberts writes:Police states are easier to acquire than Americans appreciate.Here in Britain I hope we're not as far down the track but I think we kid ourselves if we think there's no risk. Just ask Benyam Mohammed.
[…] But the most interesting part of the Government's response is what it reveals about the DOJ's expansive use of the All Writs Act in other cases. Without citation to any cases supporting the invasive surveillance of credit cards without probable cause, the Government notes:When the government claims telling you what it’s doing to protect you will prevent it from protecting you, the main thing you need protection from is the government.Currently, the government routinely applies for and upon a showing of relevance to an ongoing investigation receives "hotwatch" orders issued pursuant to the All Writs Act. Such orders direct a credit card issuer to disclose to law enforcement each subsequent credit card transaction effected by a subject of investigation immediately after the issuer records that transaction.
This is a revelation, and a disturbing one at that, since these so-called "hotwatch" orders have not been previously mentioned in court cases, law review articles, or DOJ materials. While the cell phone tracking case is still ongoing, our litigation has unveiled yet another step taken towards the surveillance society.[…]
Terry Frazier at 8:05 PM
| Permanent Link
| Trackback URL | Categories: Policy & Regulation, Security
Saturday, September 10, 2005
$107 Billion and Counting
According to the 2005 Dept. of Homeland Security Budget in Brief, the total expenditures for 2003-2005 exceed $107 billion. Let me repeat that:$107 billion
This does not include the special appropriations made for Katrina. It is just the operating funds for the largest bureaucracy in American history. If we were to demand that the governemnt calculate a Return on Investment (ROI), which is how most businesses determine if something is worth doing, I suspect we would be able to identify precisely one piece of tangible evidence for this massive expenditure - the Disney-like Homeland Security Advisory System.
But we do see enormous burdens on travelers, citizens, airlines, and airports, as well as enormous profit opportunities for bureaucrats, technology companies, and people with hare-brained ideas to sell to the government.
It is amazing what we have come to accept from our elected representatives.
Terry Frazier at 7:48 PM
| Permanent Link
| Trackback URL | Categories: Policy & Regulation, Security
Friday, May 13, 2005
Are You A Denied Person?
I received an interesting, informative, and anonymous comment today regarding the Official Denied Persons List athttp://www.bxa.doc.gov/dpl/Default.shtm
Back in October I bought a new copy of PGP and grew annoyed when I paid my money, got my confirmation, and all it included was a "purchase review". Today someone posted an explanation and clarification that made me feel a little better about the situation:
Terry this isn't a re-instatement of the law, it is the current law. The "review" is a machine review. Your name is run against the "denied persons" list - which you can find here (btw i don't see your name on it)http://www.bxa.doc.gov/dpl/Default.shtm
Its not a list of terrorists or naughty boys and girls but a list of those who've violated export control laws and are 'denied' as part of their punishment under law.
When you click to download the software a GEO IP check is performed (determines geographically where you are by your IP) to make sure you aren't in the IP space of one of the embargoed countries - Iran, Iraq, Cuba, Libya, N. Korea. Sudan & Syria. If your IP is anonymous or from a satellite ISP - you'll also be denied I think. Those IPS fall into "A1" and "A2" IP space.
This IP check of course doesn't and couldn't account for someone in say a Syrian embassy in a european country.
I checked the site. It's part of the Dept. of Commerce. And the post seems written by someone who knows the subject. This past Tuesday I received the following e-mail:
Dear Terry Frazier,
PGP Corporation has just released completely new versions of its award-winning desktop products -- PGP Desktop Professional 9.0 (formerly PGP Workgroup Desktop 8.x) and PGP Desktop Home 9.0 (formerly PGP Personal Desktop 8.x). These new versions are the most significant PGP product upgrades ever offered. [...]
I suppose there is some connection between the new product release and someone showing up on my site. Maybe a little "blog trolling" to try and address any negative feelings? In any case, I appreciate the comment and the explanation.
Terry Frazier at 10:00 PM
| Permanent Link
| Trackback URL | Categories: Policy & Regulation, Privacy, Security
Syndication
Contact
Presence
This Page was last updated: Wed, 02 Jul 2008 22:06:57 GMT
