If you believe the Daily Mail and the BBC, Google and Microsoft have buckled under pressure from the Government to block images of child abuse on the Internet. What they’ve actually done is block around 100,000 search terms that are used by peodphiles looking for material, whether such search terms could be used to locate other content or not. Great.
Actually, this is rubbish. Google (about which I know more) has not even been indexing such sites, so search terms won’t have found any that it knew about anyway. I’m sure the other search engines have similar programmes in place. This is a public relations exercise, with a piece by Eric Schmidt in the Mail today. It’s a desperate PR stunt that will back-fire on Google.
Eric Schmidt of Google, seeming desperate
The fact is that household names like Google don’t have a case to answer here. They’re not ISPs, they’re not providing hosting space for illegal material and they’re not actually responsible for it in any way. The only thing they can do is spend their money researching such sites, dropping them from there indices and alerting the relevant authorities to their research. This they already do. So when the likes of Mr Cameron criticize them, as an easy target, the correct response is “Don’t be silly, it’s not us, and it’s the job of your Police to catch the criminals whether they’re using the Internet or not”. What Google has done with this move is give legitimacy to the original false accusation.
As anyone concerned with cybercrime will tell you, the major criminal activity takes place in areas outside the World Wide Web – areas not indexed by Google or any legitimate company. It travels around the Internet, encrypted and anonymous; and the peodophiles seem to be able to find it anyway. All this move will achieve is pushing the final remnants underground, where they’ll be much harder to track.
Looking at the comments that have appeared on the Daily Mail site since it was published is depressing. They’re mostly from people who have been taken in by this line (originally spun by the Daily Mail, after all), and they clearly don’t understand the technical issues behind any of this. I can’t say I blame them, however, as the majority of the population has little or no understanding of what the Internet is or how it works. They simply see a web browser, normally with Google as a home-page, and conflate the Internet with Google. The Prime Ministers advisors are either just as simple-minded, or are cynically exploiting the situation.
According to today’s Guardian, Skype is being tackled by the data protection commissioner in Luxembourg over concerns it has secret links with the US National Security Agency, and its Prism communications intercept programme. Like many “interesting” companies such as eBay, Amazon and even Starbucks, Skype chose to be be based in the Luxembourg in the hope it would be left alone. However, the infamous tax haven’s constitutionally enshrined right to privacy might turn around and bite Skype.
Microsoft bought Skype a couple of years ago; it had once been owned by eBay and, as a separate division, Microsoft has presumably decided to keep it in Luxembourg for the tax advantages. However, while Microsoft was allegedly one of the first large technology group to be pulled in to Prism, Skype has been widely thought of as a secure communications channel. If Luxembourg-based Skype has been passing intercepts to the NSA, its users and the local authorities will not be pleased.
I understand that the local law does allow this kind of thing, and for it to remain secret, if it’s specially negotiated by the government. And as such the data commissioner may not have been in the loop.
But, you may wonder, how does an encrypted peer-to-peer system like Skype get intercepted anyway? The protocol was designed to pirate media files in such a way that lawful authorities were unable to track or disrupt it (which is why no network administrators would ever want it on their LANs). If it has weaknesses, they must have been there from the start. And I believe they were.
A few years back I was talking to someone from Facetime, a manufacturer of firewalls. They’ve since found that flogging their domain to Apple for an iPhone product is also lucrative, and now they’re called Actiance. But I digress.
Facetime had struck a deal with eBay to get details of the secret protocol so that they could manage Skype on local networks. As it’s obfuscated and designed to avoid firewalls, this is a neat trick, and they were the only people able to do it at the time. As an example, they were able to determine which versions of Skype were in use and block those that didn’t fit with company policy. In other words, they could positively recognise the obfuscated protocol and make sense of it.
According to the files the Guardian claims to have seen, Skype was ordered to cooperate with the NSA in February 2011, and it only took them a few months to have call intercepts in place. I’m not that surprised; given the Facetime firewall’s abilities I suspected that payload decryption was going to be possible if you asked the right questions whilst brandishing a big enough stick.
Making this information public, as is now the case, is simply going to push the people that should be intercepted on to systems not under the influence of the USA. How about a Chinese Skype-alike instead? Perhaps not, as it’s widely believed that the Chinese version has a back-door for the local authorities to plunder. But there are plenty of anarchist outfits out there with the ability to write a VoIP system that isn’t compromised by big business’s need to cooperate with governments if they want to make a profit.
Meanwhile, let’s see how Luxemburg’s data protection commissioner gets on.
I’ve been watching with dismay David Cameron’s statements on the Andrew Marr show at the weekend; he’s attacked Google and other big companies for not blocking illegal pornography. Let’s be clear: Google et al, already do, as far as is possible. The Prime Minister is simply playing politics, and in doing so is exposing his complete lack of understanding about matters technological and social.
It’s not just the coalition government; Edward Miliband trumped him in stupidity by saying that the proposed plans “didn’t go far enough”, which is his usual unthinking response to anything announced by the government that’s might be popular.
Cameron’s latest announcement is to force ISPs to turn on “no porn” filters for all households (optionally removed, so it’s not State censorship). I’d be fascinated to hear him explain how such a filter could possibly work, but as my understanding of quantum mathematics isn’t that good it I may yet be convinced. Don’t hold your breath waiting.
The majority of the population won’t be able to understand why this is technical nonsense, so let’s look at it from the social point-of-view. People using the Internet to distribute child-abuse images do not put them on web sites indexed by Google. If Google finds any, they will remove them from search results and tell the police, as would everyone else. Paedophiles simply don’t operate in the open – why would they? They’re engaged in a criminal activity and don’t want to be caught, and therefore use hidden parts of the Internet to communicate, and not web sites found by Google!
Examining the illegal drugs trade is a useful model. It’s against the law, harmful and regarded as “a bad thing” by the overwhelming majority. The police and border security spend a lot of time and money tackling it, but the demand remains and criminal gangs are happy to supply that demand. So how successful has 100 years of prohibition been? Totally ineffective, by any metric. With 80% of the prison population on drugs IN PRISON it should be obvious that criminals will continue to supply drugs under any circumstances, if there’s a demand. If anything, proscribing drugs has made it more difficult to deal with the collateral effects by making the trade and users much more difficult to track.
So, if we can’t stop drugs (a physical item) getting in to prisons (presumably amongst most secure buildings in the country) , does anyone seriously think it’s possible to beat the criminals and prevent illegal porn being transmitted electronically to millions of homes across the country? David Cameron’s advisors don’t appear to have been able get him to understand this point.
Another interesting question is whether I should opt to have the porn filter removed from my connection. The only way such a filter could possibly be effective is if it banned everything on its creation, and then only allowed what was proven safe through. There are generally considered to be over 500 million web sites out there, with 20,000 being added every month. That’s sites; not individual pages. The subset that can realistically be examined and monitored to make sure they are safe is going to be quite small, and as a security researcher, I need to retrieve everything. So am I going to have to ‘phone my ISP and say “yes please, want to look at porn”? Actually, that won’t be a problem for me because I am my own ISP. The government doesn’t even know I exist; there is no register of ISPs (or even a definition of the term). There are probably tens of thousands in the country. So I shall await a call from Mr Cameron’s office with a full technical explanation of this filtering scheme with interest.
Fortunately for the Prime Minister, his live speech on the subject scheduled for 11am has been displaced by a load of royal reporters standing outside a hospital and Buckingham Palace saying “no news yet” on the supposed imminent arrival of the Duke and Duchess of Cambridge’s first child.
I was somewhat surprised to hear that the news that CIA (or NSA) has been snooping on Internet interconnections has surprised anyone (read that twice). In the computing world, this has been the assumption since the Internet became commercial, and probably before. There’s a widely held belief that Facebook was built on CIA money, and although I’ve not seen any evidence to prove it, strategically it all makes sense. Social networking promises a rich goldmine for the intelligence services. If they weren’t digging in it I’d want to know why I was funding them with my taxes. Amazon and IBM are currently in a spat over who gets a contract for a CIA “cloud” data centre. Of course they’re all connected!
GCHQ in Cheltenham
Here in the UK there’s now a kerfuffle about whether GCHQ is involved in using this data. Snooping without a warrant is considered “not cricket”, and I’ve just watched Sir Malcolm Rifkind (chairman of the Intelligence and Security Committee) backing up the Prime Minister in saying that the UK agency was acting within the law, and wasn’t listening in on conversations without a ministerial warrant. This has never been the issue. Tracking those conversations that take place is not the same as listening in on them, and as I understand it, is perfectly legal. In fact ISPs are required to record the details of such conversations, but not the content unless they so wish. They know who calls who, but not what was said.
The public has no right to get all precious about this invasion of privacy. They signed it away when they signed up to Twitter, Facebook or whatever other freebie social networking service they joined. These services exist to mine personal data on their users to sell advertising, or just to sell. If you’re happy about telling a multi-national corporation with dubious morals what you think and who you associate with, why should you be unhappy about your elected government knowing the same things? If you don’t trust them, vote them out.
Personally, I don’t use Yahoo, Facebook or any other service for “social networking” – and not just because I have a life. If you choose to, don’t be naïve about it.
There’s a real, genuine cyber-war going on over the Internet between Spamhaus and a Dutch company called Cyberbunker, and their connectivity provider A2B Internet. Spamhaus is a not-for-profit organisation that blacklists internet service providers that allow spammers to use their facilities, and Cyberbunker is an ISP which, according to their own web site, provides services to anyone for any purpose “except child porn and anything related to terrorism. Everything else is fine.” Spamming is okay by them; they’ve never denied it and basically take the view that all ISPs dealing with spammers: it’s none of Spamhaus’ business what they do and launching a denial-of-service attack against them is some kind of natural right. They’re known for hosting outfits like Pirate Bay when no one else would touch them, to give you some idea.
One of Cyberbunkers more high-profile customers – The Pirate Bay.
The war started on 19th March when a DDOS attack was launched against the Spamhaus servers in retaliation for them adding a range of IP addresses provided to Cyberbunker by A2B Internet.
A2B Internet’s view is that they’re not responsible for what Cyberbunkers’ customers do with the IP addresses and it’s no business of Spamhaus what anyone else on the Internet does. Spamhaus, and the users of the Spamhaus block-list (SBL) think it is, and after all, no one is forced to use the SBL – they use it to identify emails coming from outfits of the type often hosted by Cyberbunker. This didn’t stop A2B Internet going to the Dutch Police in outrage, accusing Spamhaus of extortion by blacklisting some of its IP addresses. Quite how this amounts to extortion isn’t clear. It pressures A2B on who it sells connectivity to Cyberbunker, to stop doing so, but Spamhaus would argue that it was listing IP addresses used to send spam, and that’s all there is to it.
Although the SBL isn’t easy to disable by such methods, it was nonetheless annoying and Spamhaus called on the services of Californian-based CloudFlare to mitigate the attacks, which promptly got attacked themselves for their trouble. The attackers are using a feature of DNS to send gigabits of traffic towards the Spamhaus servers. Using a botnet, they’re sending zone transfer requests to poorly configured DNS servers claiming that Spamhaus has requested data on a zone (domain). The request is short, but the data returned can be very large and is sent directly to Spamhaus. People running a DNS should configure it such that it won’t accept zone transfer requests from “just anyone”, but many fail to do this – especially Microsoft installations, in my experience. By using a botnet to send the initial request the attackers have been generating traffic said to be in excess of 300Gbps.
But these attacks don’t just affect Spamhaus. The DNS servers hijacked for the purpose are consequently over-loaded when legitimate requests get through, and the traffic heading to Spamhaus is going to squeeze other legitimate traffic en route. There are stories about concerning disruption to Netflix and other high-bandwidth Internet services. Whether this is any great loss is a matter of opinion.
But is it fair to blame Cyberbunker for these attacks? Circumstantially they’re implicated. The New York Times quoted “Internet Activist” Sven Olaf Kamphuis, who claims to speak for the attackers, as saying that Cyberbunker was retaliating against Spamhaus for “abusing their influence using one of the largest DDoS attacks the world had publicly seen.” However, it’s my understanding that Mr Kamphuis is the actually the Managing Director, and possibly owner, of Cyberbunker – so if the comments in the NYT are correct, it’s clearly them.
Kamphuis continued, “Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet, they worked themselves into that position by pretending to fight spam.”
He has a point, but possibly not a very good one. About 75% of the spam filters in the world use the SBL to drop mail from dodgy sources. They don’t have to; they choose to. If the SBL was no good, they wouldn’t use it. It’s not really a case of Spamhaus determining what goes on the Internet, it’s a case of the majority of the Internet trusting Spamhaus more than they do Cyberbunker when it comes to deciding what’s spam and what isn’t.
But it means that the maintainers of the SBL have a lot of power, because incorrectly listing an IP address has a seriously negative effect on its owner. It depends on your point of view as to whether a listing is deserved or not. Spammers say they’re within the law (or their moral rights); the recipients of their marketing messages may disagree.
Cyberbunker is what its name suggests: a data centre in a disused NATO bomb-proof bunker
This disagreement has been going on for years, but A2B Internet’s complaint to the police and the subsequent DDoS attack are probably a game changer. They’ve crossed a line and “the authorities” can no longer ignore Cyberbunker’s activities. Subsequent action could be interesting as Cyberbunker’s own web site boasts of them already having defeated a raid by a Dutch “SWOT team” – a bunch of heavily armed police with battering rams at least. As they’re holed up in an old NATO nuclear bunker with blast doors able to withstand a 20 Megaton atomic bomb, a bunch of coppers with a sledge hammer aren’t going to have much effect.
Turning off the up-stream link might, however, have the desired effect. They may have buried themselves with enough food, water and diesel for their generators to withstand a long siege, but there’d be no point once they’d been disconnected. I understand that A2B Internet have decided to turn off the tap already. According to Spamhaus, Cyberbunker is getting feeds from elsewhere, but on checking they’re not terribly good feeds – or someone is currently attacking Cyberbunker.
As to the collateral damage, I suspect it’s being somewhat over-blown. Operators of a DNS server should configure it properly to prevent this nonsense, and ISPs really ought to take the initiative and check their customers are secure. But this could be a seminal event where spammers are concerned, and the world will be watching the Dutch authorities with interest.
And before condemning Cyberbunker completely, it’s worth noting they’re providing hosting for legitimate users being hounded by illegitimate governments around the world. In principle, they’re possibly as often right as they are wrong by ignoring what their customers do. There’s reputedly a lot of cyber-crime taking place on AWS, don’t forget, and the world isn’t clamouring to shut Amazon down. The difference may only be scale.
The Department of Education has just lost in its bid to keep secret the “faith affiliation” of applicants planning to up Free Schools, and has been forced publish the figures by the Information Commissioner.It’s taken two years to get this information, and it’s interesting reading if you read them carefully.
Figures are not available for the first wave of 373 applications, but is (to an extent) for the second and third waves. I’ve been doing some number crunching.
Religion
Wave 2
Wave 3
Total
%
None
202
183
385
74.47%
Christian
45
21
66
12.77%
Muslim
17
18
35
6.77%
Plymouth Brethren
11
3
14
2.71%
Jewish
3
5
8
1.55%
Sikh
2
5
7
1.35%
Hindu
1
1
2
0.39%
The breakdown is a little strange. In Wave 3 the different Christian denominations are specified in some cases but left as “Christian” for others, as they all are on Wave 2. Except the Plymouth Brethren, who appear always to be separate from “Christian” for some reason in both sets of data. “Muslim” and “Islam” are also two different religions, apparently. Did the compiler of these statistics know anything about religions?
I also have my doubts about whether religion has been reported at all. We’re asked to believe schools like Noah’s Kingdom (Reading) isn’t religious. To quote from their ethos description: If life is based on human values then it is incomplete, but if we base our lives on the plan of God then we have a secure path.
It’s not just the Christians – how about the Khalsa Science Academy in Leeds? Sounds Sikh to me! A quick look at their web site confirms my suspicions.
What about the Maharishi Free Schools? Non-faith? Yogi’s might fly! There’s even “Destiny Christian School” in Bedford that’s listed as secular. The clue should be in the name. It’s actually being proposed by “Miracle Church of God in Christ”, and part of the Christian Schools’ Trust who’s attitude to creationism is that it is science and they intend to teach it as such.
In short, a quick scan through the names on the list is enough to show any reasonable person that the published data is full of errors. Journalists like those at the BBC may have taken them at face value, but they’re an insult to any thinking person.
Whatever you feel about so-called “Faith Schools”, having the data kept from us by Michael Gove and the Department of Education isn’t going help with an informed debate.
Edward Miliband had just announced he’s going to restore the 10p rate of Income Tax if anyone is stupid enough to vote for him. Interesting. He’s going to pay for it with a divisively-named “Mansion Tax” on properties worth more than £2M. This may be appealing for the numerically challenged, but does it makes sense? What are the figures The BBC is reporting this kind of stuff without bothering to work it out.
First off, how many houses are worth more than £2M? No one really knows, but according to the Land Registry, 1,620 houses worth £2M+ were sold in 2012. Let’s say they change hands every ten years on average, so there are about 16,000. I don’t know if this is the correct figure, but hacks reporting the story aren’t even asking the this question.
How much did it cost when Gordon Brown scrapped the 10p rate of income tax? Apparently it raised £3.5B. I’ve seen 7Bn bandied about, but £3.5Bn was the figure Alistair Darling was working with (according to reports in the Guardian at the time). So that works out at £218K tax a year per £2M house in the country. That’s more than 10% of the value of the asset. It’s not that difficult for someone in London to end up living in a £2M house but to otherwise be of limited wealth; it’s their house not their income. They certainly won’t be earning the kind of money to pay such a huge levy – they could very well be pensioners, albeit likely to have a relatively good private pension. But not that good!
So the arithmetic doesn’t work; is anything else thought through?
In Bradford today, Miliband said: “We would put right a mistake made by Gordon Brown and the last Labour government.”
Funny that. In 2008 he said of abolishing the 10p rate, “When you make a big set of changes in the tax system, some people do lose out. That is a matter of regret. Of course it is. But overall these changes make the tax system fairer.”
So having a 10p rate of tax is unfair? Taxing an asset value is certainly unfair. Today he’s proposed to do both.
And that’s before you start looking at the practicalities – who knows the value of a property? A lot of it is already owned by overseas companies in order to avoid disproportionate taxation anyway.
A large minority of the UK population isn’t going to be at all surprised to hear horse DNA has been found in processed meat products – they’re already vegetarian/vegan or at a minimum, they choose organic meat products. The remainder either don’t know, or don’t want know. Either way, with the information on how animals are farmed widely available, I haven’t got a lot of sympathy with their current predicament.
But if you’re going to eat processed meat products, what’s so bad about horse? I’ve just been listening to an American campaigner on the radio warning that people go around the US buying old nags at auction and shipping them to Europe for food – horses that were probably pets (or from his soap-box, a race horse) and treated with drugs you wouldn’t give a farm animal such as phenylbutazone. He was particularly keen on mentioning this. Look it up – it’s an anti-inflammatory drug also given to people with arthritis and similar problems. It has side effects, including some rare but serious ones. Okay, so you wouldn’t want to dose anyone without good reason, but to get a dose from eating horse meat you’d have to literally eat the whole horse. And that would be one dose. I’m sure he was really motivated by the “horses are pets and we shouldn’t eat pets” attitude, but the BBC didn’t question his motivation at all.
So am I saying it’s okay to eat horses with phenylbutazone in their system? Well I wouldn’t eat it, but I wouldn’t eat any farmed meat, which is chocked full of legally introduced medication and kept, killed and processed in decidedly worrying conditions. Horses with shots of bute are no different to me. Think about it – if you don’t even know what species the meat is, you certainly can’t say much about where it came from. Actually finding a bit of horse in a beefburger sample changes nothing – it’s always been dodgy.
One thing you can probably say for certain is that New Labour and news media will be whipping up a bit of hysteria about this. They did it with the BSE crisis in the 1990s – remember that? Thousands will die due to eating disease contaminated meat? Of course it didn’t happen. They did it again when in power, in an over-reaction to Foot and Mouth, presumably to prevent the Conservative opposition playing the same trick on them. This is going to run and run (it’s bound to turn up everywhere following the inevitable further tests that are doubtless being considered right now).
If what’s in your meat worries you, become vegan (dairy products and eggs aren’t clean either). Otherwise, be aware that the meat processing business is pretty grim with this kind of thing going on behind the scenes all the time – and live with it. Can we have some real news now?
If you’ve never heard of Nominet, you should have. It’s the organisation that manages most of the domain names ending in .uk. It was set up in 1996 as a company when the previous arrangements (known as the Naming Committee) became overwhelmed. The Naming Committee granted the use of domain names to their rightful owners for no charge, but only their rightful owners. Nominet charged, and was more relaxed about who it sold things to – being too picky meant less income, and it needed income to cope with the increased demand for Internet services.
The snag with this new arrangement was that it allowed speculators to register as many domain names as they wished, with a view to charging end users money to use something they’d pre-registered. This is known as cyber-squatting, although people in this business prefer to call themselves “domainers”.
Nominet was created for the benefit of Internet users in the UK, not cyber-squatters. Unfortunately, cyber-squatters register more domain names than anyone else (as they would), and started to get an undue influence based on their size. Cyber-squatters make various claims about how they’re important for a “vibrant market” in domain names, but there’s no benefit to society in such a market. You could say they’re trading in something that should be free to legitimate users. Some would go as far as to call them parasites. If any cyber-squatters or domainers wish to explain exactly why the label is unfair, please enlighten me.
Anyway, the Nominet board isn’t stupid and has, in recent years, done a lot to skew things in favour of UK Internet users. Not enough as far as I’m concerned, but they’re trying to look after the majority. The cyber-squatters don’t like this, and have started personal attacks on Nominet’s CEO, Lesley Cowley in an attempt to get rid of her with a view to installing someone more of their liking. What’s really upset them was a consultation to allow people to register names directly under .uk, without a .co.uk or .org.uk. For example, Tesco could have been tesco.uk, as is often the case in other countries. Legitimate UK ownership would have been verified, like in the old days, but they would also have cost more. Cyber-squatters hated the idea, because their current stock-pile of .co.uk names would have been somewhat devalued! They had to defeat Nominet in order to preserve their “investment”. The rest of us would have quite like to see the speculators clobbered, although I’ve never had the feeling that was Nominet’s intention.
Nominet has finally had enough, and late this afternoon launched a High Court action against Graeme Wingate and his company That Internet Ltd, citing “[unacceptable] harassment and victimisation of our staff”. What this is really about is whether Nominet is run for the benefit of everyone, or the cyber-squatters.
I wouldn’t normally want to pre judge the reasons for an Air Accident but I’m getting a bit fed up with the twaddle appearing on the BBC and radio about the incident today where a helicopter appears to have hit a crane. Listening to Kate Hoey, MP for Vauxhall, making political points over it on the BBC just now is too much. Checking the NOTAMs for London, the following is in force between 07 Jan 2013 17:00 GMT and 15 Mar 2013 23:59 GMT.
HIGH RISE JIB CRANE (LIT AT NIGHT) OPR WI 1NM 5129N 00007W, HGT
770FT AMSL (VAUXHALL, CENTRAL LONDON), OPS CTC 020 7820 ####
12-10-0429/AS 2.
A NOTAM, or notice to Airman, is issued to all pilots and they’re required to check them against their flight plan in case there’s anything important they need to know about. In my day it was done on paper – now it’s on-line and really easy to check. This is basically saying there’s a crane erected that’s 770′ high at this location in Vauxhall. It’s lit at night (but not during the day). Keep at least a mile away.
It was clearly foggy, so the pilot should have given it a wide berth. On the face of it, it appears he didn’t. Eyewitnesses don’t report anything unusual about the helicopter.
Helicopters are supposed to be flying in to London over the Thames in order to provide a “safe” landing area in the event of trouble. (That’s safe to the people on the ground, at least). It appears to have been broadly in the right place. Ms Hoey is being populist, but then again, that’s her job.
Update 13:30
News reports now say that the helicopter had diverted; this might explain why the pilot wasn’t aware of the crane it the original route went nowhere near it, although flight plans should have diversion plans and NOTAMs for diversions should also be checked.
Much is now being made of people who said the lighting wasn’t good enough. Lighting in daylight isn’t normal (or useful) anyway, and neither is it any good in fog (day or night).
However, having seen aerial shots (they’re all up there with helicopters) the crane doesn’t appear to be at the location specified in the NOTAM. That could turn out to be a story, but I’m not on the ground to check it.
The NOTAM (reproduced above) doesn’t actually give an accurate Lat and Long – it actually puts the crane next to the Kennington Oval. Normally NOTAMs in central London are a lot more precise – a couple more digits of accuracy. This is starting to look like a story, and you saw it here first.
