Archive for the 'internet' Category

Some members of crowds are wise…

Friday, April 11th, 2008

The latest flutter on the internet is concern about the reflection in Dick Cheney’s glasses.

United Press International (UPI) just published a story of an expert who used the latest digital technology to conclude “In one lens of his sunglasses you can clearly tell it is a sleeved arm of Cheney or a fishing companion”.

Reddit published a link to the full-sized version two days ago (of course the comments leave much to be desired).

A week of browser news…

Saturday, October 21st, 2006

Serendipity?

18 October: IE 7 comes out, bringing tabs, anti-phishing protection and slightly better standards support to the windows world. It received a very mixed reception.

18 October: The Find It! Keep It! website goes up presenting my Mac webpage & video saving browser to the world.

18 October: Flash 9 appears for Linux.

19 October: CoolIris released a plugin to make browsing flickr easier with Safari.

19 October: Firefox RC3 is released, featuring anti-phishing protection, a better UI, and better standards support.

20 October: Opera 9.1 beta is out, featuring new anti-phishing protection. In the same week, Opera asked for credit for having invented tabs, although Internetworks released it to the public earlier

24 October: Firefox 2 is due next Tuesday

Ho hum, ansemond.com was a blank page in Firefox

Thursday, October 19th, 2006

A final tweak to my website before it went live made it not work with Opera or Firefox…
Luckily a friend noticed and pointed that out.
Sorry to all those that visited it to meet a blank page!

I must double check my site in Firefox!
I must double check my site in Firefox!
I must double check my site in Firefox!
I must double check my site in Firefox!
I must double check my site in Firefox!
I must double check my site in Firefox!

Browzar solves the wrong problem

Saturday, September 2nd, 2006

So… the no-cost commercial privacy browser Browzar is adware. Of course it is. That’s how you make money on free things. The real question is why people buy its privacy story.

Browzar says that it prevents information from being left on the computer you used. Independent testers deny this. I don’t have Windows so I can’t verify either claim.

Even if Browzar does what it says, people may be under the impression that it will keep their browsing private. For instance, the BBC says Net browser promises private surf. Browzar promises users total privacy when surfing the web. Not true!

Privacy on the web

Browzar’s underlying assumption is that data on your computer is less private that data off it: by not saving any data, no incriminating evidence is left. This sidesteps the fact that everything you do on the internet is public. The websites you use, and the computers that route your traffic know who you are and could record what you do. By not saving data, the browser has to fetch it more often, actually increasing your chances of being seen on the net.

To strengthen your privacy on the internet you have to:

  • Minimize your internet traffic.
  • Encrypt your internet traffic.
  • Prevent your browser from identifying you to the website you are browsing.

Minimizing your internet traffic means caching things on your home computer, thereby reducing your internet usage.

Encrypting your internet traffic generally means using SSL: use the https prefix instead of the http prefix wherever possible (for instance when reading your mail from gmail).

Preventing the browser from identifying you to the website you are using is nigh impossible because it goes against the way the internet works.

  • When you request a page from a website, the website needs to know where your computer is so that it can send the information back to you. This is one way that search engines such as AOL identify all a users’ searches. Anonymous proxies, such as those provided by Tor, can hide your computer behind an effective smokescreen of other computers.
  • Your browser requests data from the address it was given. By uniquely tailoring this address to you, you can be identified: For instance web bugs in an email, if downloaded, can tell a webserver that your read that email. “Phishing detection” tries to address this by telling you whether the phishing-detector’s author trusts the website.
  • Browsers pass sideband information to the website in what are called headers. These include what you typed into forms, cookies, the last page you were on, and so on. Because this information is not shown to users, many websites leak private data here. Privoxy strips this information out at the cost of requiring user tinkering
  • Javascript can access more detailed information such as your browser history, encrypt it so the browser cannot detect it and send it to the website
  • Furthermore every plugin including Java run by your browser implements whatever security it feels fit. For instance, Flash can be told to save information on your computer, emulating cookie behavior even if you turned cookies off. Legitimate uses include Pandora which uses this to track which songs you’ve listened to. However a bugs in any common plugin could be used to read your personal files on your harddrive

Given these hurdles, it’s best to think of everything you do on the internet as being public.

Network tools shows you what your browser is leaking. To learn more, go to Shields Up.

Privacy at home

It is not socially acceptable to read someone else’s diary, but for some odd reason, it’s OK to use someone else’s webbrowser. A partial solution is provided by Safari’s “Private Browsing” mode, but it increases one’s internet traffic. A better solution might be to provide quick switching between different private browsing sessions. The key would be to make the switching painless.

What can we learn from Browzar?

  • The media didn’t fact check this story. Even the BBC seems to have just published Browzar’s press release.
  • Browzar’s story is a purple cow. It took off like wildfire because people really want the easy-to-use privacy they promised.
  • If something commercial is free, it’s because it was worthwhile for someone to pay to get your attention for their own benefit.
  • The internet is self-correcting to those in the know, but let’s hope that noone gets into trouble.

Stealth polls by spam…

Tuesday, August 29th, 2006
  • By default most Mail tools download images embedded in HTML mail. Apple’s Mail tool does, and Leopard’s new Mail templates can only increase this tendency.
  • By embedding images with unique URLs into spam, spammers can discover which email addresses are used.
  • By sending emails that are clearly spam and emails that are unlikely to be spam, a spammer can determine whether you have a spam filter.
  • By sending emails that could be spam, but also could match terms in your email, a spammer can determine what other email is in your mailbox, thus for instance what your political opinions are.

This could provide an alternative explanation for the recent rash of weird spam not selling anything.

Universal frees its music library

Tuesday, August 29th, 2006

Universal, which has the largest music library in the world, has made a deal with Spiral Frog to provide its music for free downloading starting in December. The service will be supported by contextually relevant advertising targeted at 13 to 34 year olds… the demographic that was brought up on computers, and which isn’t listening to the radio anymore.

Nokia’s move to webkit impacts Opera

Tuesday, August 22nd, 2006

Heise is reporting that Opera has lost 70% of its revenues, mainly as a result of Nokia reducing its licensing. (Robotic English version here). Nokia is switching to a WebKit based browser, which they have already released under a BSD license. It’s interesting to see how the KHTML toolkit originally started by the KDE project was adopted by Apple and now Nokia despite the existence of Gecko. Opera is reacting by extending its support to Sony’s Mylo (which runs linux), and Nintendo’s Wii and DS consoles.

Mac Tip: Adobe PDF plugin and Google

Tuesday, August 22nd, 2006

Google now adds a fragment to URLs to PDFs it finds:
#search=%22 search-terms-seperated-by-spaces %22

For example:

http://www.biozentrum.unibas.ch/~schwede/Teaching/BixII-SS05/Semantic_Networks.pdf#search=%22Rappaport%20sneps%22

The Adobe PDF plugin seems to use this fragment to find every occurrence of any of the search terms. I hadn’t seen that before.
Because the PDF plugin only works in Safari, this is currently only supported in Safari.

Web 2.0 and Internet Cafes

Tuesday, August 8th, 2006

Despite yesterday’s hoopla about AOL, there’s a new online desktop out there. It’s still very much a beta (the mp3 player stopped responding in Safari) but it’s pretty and gives a good idea of where things are going.

If it has reasonable bandwidth requirements, it could do very well among people who use Internet Cafes, either because they cannot afford a computer, or because they’re traveling. I was astounded by the ubiquity of and crowds at Internet Cafes in India.

The other potential market is people who want to have a personal desktop they can share at work and at home. This market is less safe because corporations can easily block out services. A service for people in those markets would do better targeting people’s personal mobile phones.

Nevertheless, I didn’t see anything in their terms of service about how they protect my data from over-inquisitive people.

Privacy: the big flaw in Web 2.0

Monday, August 7th, 2006

While I understand many of the benefits of Web 2.0, the downsides have always bothered me. Few people realize that everything they do online is public knowledge. Techcrunch is up in arms about AOL’s recent release of data (Google cache). User 17556639 may well find himself in trouble pretty soon.

The data release may be a good thing. It gives us a clearer picture of what a government can get if it subpoenas a search engine. This may either help change the law, or the data-retention practices of Web 2.0 companies. Ultimately we may see a Web 3.0 emerge: where data leakage to the web-application is minimized and monitored by your web-browser. For instance the browser could encrypt the data, and while the web application could ask questions about the data, their number would be strictly controlled.