Read more of this story at Slashdot.
Visit web site Support Details and it'll quickly round up your system information, including operating system, browser, IP address, and more. Sure, you know that info by heart, but the site comes in particularly handy when you're helping someone else out.
Next time you're helping out uncle Hank and aunt Marge troubleshoot their computer and all they can tell you about their system is that the lights are on, tell them to type supportdetails.com into their browser, enter your email address in the form, and send the details your way. (You can even pre-fill the form with some URL tweaks if you want to make it really easy.) It's not the most in-depth system information you'll ever see, but it's probably the simplest to get to when you're helping someone who's not all that computer literate.
supportdetails.com
We've actually mentioned the site once before in passing, but it's handy enough it deserves a full mention.
Last week we asked you to share your favorite place to get a good book recommendation, then we rounded up the results for a vote. Now we're back to highlight your favorite.
Leading the pack was GoodReads (39%), a book lover's web site with lists, lists, and more lists to fit your interests. Following GoodReads was the recommendation engine at Amazon.com (27%), followed by Shelfari (13%), and then LibraryThing (11%). Rounding out the Hive was "Other" (7%) and GetGlue (5%).
Check out the results in bar graph form by clicking on the image below.
Have a great place to find a new book that wasn't covered in the Hive Five? Let's hear about it in the comments. Have an idea for the next Hive Five? Shoot us an email at tips@lifehacker.com with Hive Five in the subject line.
Last night's episode of The Rachel Maddow Show (solidly guest-hosted by Chris Hayes of The Nation) focused largely on the Afghanistan war documents leaked on Sunday by Wikileaks.
I joined for a segment about the tech side of that story. As I said during that segment, if you zoom out beyond this specific leak, if you zoom out beyond Julian Assange (Wikileaks' highly public and highly polarizing figurehead), and if you zoom out even beyond Wikileaks—that's where this gets really interesting.
The incident marks the same kind of historic turning point in power distribution as when the music industry flipped out over Napster in the '90s, and the movie industry flipped out over BitTorrent in the early '00s. This moment feels like the same kind of apple-cart-upset, but for information control by military and political powers which, before this moment, we perceived as "in control." (It's no accident that the copyright maximalists and secrecy maximalists are often in agreement regarding internet restrictions and issues like net neutrality— and I'd expect to see new laws and controls soon proposed in that regard).
Did you see the Washington Post "Top Secret America" series (blogged on BB here)? Spend some time with it. This moment is the natural counterpoint to the massive, unprecedented buildup of secrecy and surveillance documented in that investigative report.
Do Wikileaks and other "distributed anti-secrecy networks" that will surely follow have the power to topple governments, or set into motion massive political change?
Wikileaks is a big story. But the story is bigger than Wikileaks alone, and it has just begun. What happens next, whether there's a backlash and a doubling-down of attempts to exert control, is one of the next big questions. Dan Gillmor digs into that here, a must-read essay. Jay Rosen's thoughts in this piece were referenced in the Maddow Show broadcast. Another meta-analysis piece worth reading today by C.W. Anderson at Nieman Lab. And another from David Carr, of the New York Times (one of the three news organizations that received early access to the "Afghan War Diaries" data-dump.)
Watch the video:"Wikileaks: BoingBoing.net's Xeni Jardin joins The Rachel Maddow show." (MSNBC)
LIGATT Security, a controversial Georgia-based computer security firm, is embroiled in an ongoing flame war with its online detractors, who question the firm's legitimacy and stock prospects. Earlier this month, LIGATT upped the ante by filing suit in a Georgia court, threatening about 25 anonymous commenters on Yahoo! Message Boards and demanding a $5 million judgment and a court order prohibiting criticism. LIGATT CEO warned that he hoped the lawsuit would "set a trend" for other OTC companies facing online critics.
We hope not. EFF is frequently called upon to help protect the rights of anonymous speakers in similar suits, and the world does not need more facially deficient lawsuits targeting online critics. As we explain below, this complaint is a prime example of a case that should be dismissed. And, if LIGATT attempts to use this complaint to subpoena Yahoo! for the identities of its critics, the subpoenas might not only fail, but LIGATT may be forced to pay its critics' attorneys' fees.
It is not surprising that LIGATT has attracted controversy and commentary. The publicly traded company is headed by Gregory Evans, a self-described "media personality" who calls himself the "World's #1 Hacker." Evans' books include "Memoirs of a Hi-Tech Hustler," an account of the exploits that landed him in federal prison, and "How to Become the World's No. 1 Hacker," an allegedly plagiarized introduction to computer security. LIGATT has published provocative online videos advertising its services. And this is not the first time LIGATT has been criticized over its litigation.
The important legal question at this point, however, is not whether LIGATT's critics are right or wrong, but whether the complaint sets forth a valid claim. It does not. LIGATT and Evans' complaint asserts three primary claims: defamation, commercial disparagement, and "tortuous interference with contractual relations," which is a way of accusing the defendants of hurting its business relationships. The company also seeks an injunction against the defendants from posting any further defamatory comments against LIGATT Security, its subsidiary SPOOFEM.COM, or its CEO Evans, and demands $5 million dollars in damages. The alleged damages are double the most recent "Estimated Market Cap" for the whole company listed on its investor relations page.
Curiously, while LIGATT's press release announcing the lawsuit and the accompanying video claim the suit was filed against "stock bashers," the complaint never once references the company's stock or alleges stock manipulation. While federal and state law prohibit certain forms of stock manipulation, criticizing a publicly traded company and its CEO is not a valid legal cause of action in and of itself.
In its complaint, LIGATT claims the defendants posted "false and defamatory statements" on the Yahoo Technology message board and a few other websites. But the purported defamatory statements are never identified in the complaint, much less set forth. There is no attempt to tie each of the defendants to particular statements. Under long-standing Georgia law, failure to clearly identify defamatory statements in a complaint is grounds for dismissing a defamation claim (with leave to amend). The allegation in this complaint is insufficient because it is just a bald conclusion that the unidentified statements are "false and untrue and defamed Plaintiffs." Under Georgia law, libel complaints are subject to a strict standard, and "allegations ... characterizing the publication as libelous and libelous per se are mere conclusions not supported by the pleaded facts" that must be dismissed.
Similarly, if the defendants were to move this case to a federal court (which may be possible if the defendants are not from Georgia), allegations of specific statements would be required and the complaint would be dismissed under the federal pleading standard that requires more than "conclusory allegations" and "legal conclusions masquerading as facts" (recently explained in two Supreme Court decisions, commonly known as Iqbal and Twombly).
LIGATT's "commercial disparagement" claim is simply a variation of the original defamation claim, and hangs on the same unidentified "false and defamatory statements" thread. The court should dismiss the claim for the same reasons. Moreover, even if the actual statements were pled, a federal court in Georgia recently noted that Georgia law does not support this type of claim, and a Georgia Supreme Court opinion both refused to recognize the similar tort of injurious falsehood and held that plaintiffs could not recover twice under two theories.
The complaint’s final substantive claim, accusing the defendants of interfering with LIGATT's business contracts, would also fail because LIGATT must identify wrongful conduct and provide facts, not legal conclusions, to support the cause of action. The complaint, however, does not identify any wrongful conduct on the part of the defendants beyond the deficient defamation claim. This claim should fall with the rest of the house of cards.
California’s anti-SLAPP law is another hurdle for LIGATT. Most of the defendants are anonymous Does, who have exercised their constitutional right to speak pseudonymously online. To the extent that LIGATT wants to issue subpoenas to Yahoo!, located in California, to uncover the identities of the posters on the message board, LIGATT would be wise to realize that California law mandates attorneys' fees for anyone who prevails in quashing or modifying such a subpoena, if the underlying action involves the person's online free speech rights and the plaintiff does not make a prima facie showing of the cause of action.
When courts, both in California and throughout the country, consider whether to allow a subpoena to unmask an anonymous speaker, they use a First Amendment test that requires the plaintiffs to show they have a real case. As explained above, the complaint fails to allege sufficient facts to do so. Moreover, since the plaintiffs would likely be considered public figures for purposes of this lawsuit, LIGATT would have to show a prima facie case for actual malice--a significant and difficult hurdle to overcome.
Through this lawsuit and its press release, LIGATT is affirmatively seeking to encourage and extend a disturbing trend of using the legal system as a weapon to intimidate online critics. Often, these deficient lawsuits are used to unmask online critics, even when those critics are engaged in constitutionally protected speech. LIGATT's complaint is rife with conclusory allegations and exemplifies the deficiencies with most of these lawsuits. LIGATT should voluntarily dismiss this lawsuit, and not refile unless and until it can state a valid claim that a critic has actually violated the law, quoting specifically the allegedly defamatory speech and alleging facts that show how the quoted speech is false, defamatory and was made with actual malice.
Net Index is a free service that ranks and compares download and upload speeds, quality of broadband connections, and internet service providers across the globe using data obtained from the popular Speedtest.net and Pingtest.net online tests.
The Net Index takes a little work to wrap your head around when you first visit the site, but it's full of useful information if you take a little time and start drilling down into its offerings. For example, the front page starts with the Household Download Index, which rounds up the average download speed across the globe, highlights the average speed by country (at 9.87Mbps, the U.S. is above the global average of 7.59 but below the seriously high speed countries, like South Korea's mind-blowing 31.38).
From the front page, you can drill down into countries or states for more information about the cities and ISPs providing the fastest connection—much more interesting for consumers looking for the best ISP in their area. For example, here in California, I can see that if I want the consistently fastest downloading ISP, I'd probably want to go with Charter—followed by Comcast and Road Runner.
I can also see that each of the three fastest ISPs are rated around 3 out of 5 stars by customers. Cox, the fourth fastest, has 4 stars (rounded up)—something to keep in mind when I'm making my decision. Download speed isn't the only thing that matters, and the site performs the same analysis using upload speeds and a "quality index" based on results from Pingtest.net.
Give it a try, and let's hear how its measurements seem to match up with your ISP—and whether it looks like you might want to switch—in the comments.
San Francisco - The Electronic Frontier Foundation (EFF) and a coalition of nonprofit groups have asked a federal appeals court to protect the "safe harbor" rules for online video service providers that encourage free expression and innovation on the Internet.
In an amicus brief filed Friday in UMG v. Veoh, EFF told the U.S. Court of Appeals for the 9th Circuit that Universal Music Group's (UMG's) effort to hold online video service Veoh responsible for infringing content uploaded by a minority of its users would thwart federal law and Congress's intent to stimulate electronic commerce and free speech.
"By creating a clear path for innovators like Veoh to limit their liability for the copyright violations of their users, the statutory safe harbors helped foster the innovation environment that has made YouTube, Flickr, eBay, Blogger, and myriad other hosting-based services possible," said EFF Senior Staff Attorney Corynne McSherry. "UMG is trying to turn back the clock and reinstate a climate of legal uncertainty that would harm new online businesses and the free expression they foster."
The safe harbors are part of the Digital Millennium Copyright Act (DMCA) and give sites immunity from monetary damages if they observe the DMCA's "notice and takedown" procedures for potentially infringing content and comply with other legal requirements. In a lawsuit first filed in 2007, UMG argued that the safe harbors don't apply to any service that "displays" or "distributes" copyrighted material, rather than simply "storing" it. Last year, a federal district court rejected that argument. UMG appealed.
"The safe harbors have proven to be a huge success in encouraging the growth of innovative platforms for free expression, hosting vibrant amateur creativity," said McSherry. "But under UMG's vision for the Internet, we'd get something a lot more like television, where nothing is seen until it's approved by an army of lawyers. That's why we're asking the appeals court to affirm the lower court's ruling."
Joining EFF in the amicus brief are the American Library Association, the Association of Research Libraries, the Association of College and Research Libraries, the Center for Democracy and Technology, the Computer and Communications Industry Association, the Internet Archive, NetCoalition, and Public Knowledge.
For the full amicus brief: http://www.eff.org/files/filenode/umg_v_veoh/UMGvVeohAmicusBrief072310.p...
For more on this case: http://www.eff.org/cases/umg-v-veoh
Contacts:
Corynne McSherry Senior Staff Attorney Electronic Frontier Foundation corynne@eff.org
The federal government has censored approximately 90 per cent of a secret document outlining its controversial plans to snoop on Australians' web surfing, obtained under freedom of information (FoI) laws, out of fear the document could cause "premature unnecessary debate". The government has been consulting with the internet industry over the proposal, which would require ISPs to store certain internet activities of all Australians - regardless of whether they have been suspected of wrongdoing - for law-enforcement agencies to access. All parties to the consultations have been sworn to secrecy.
The government has been consulting with the internet industry over the proposal, which would require ISPs to store certain internet activities of all Australians - regardless of whether they have been suspected of wrongdoing - for law-enforcement agencies to access.
All parties to the consultations have been sworn to secrecy.
Good news: another federal judge has ruled that violating a website terms of service is not a crime. But there's bad news, too — the court also found that bypassing technical or code-based barriers intended to limit access to or uses of a website may violate California's computer crime law.
The decision comes in Facebook v. Power Ventures, a case in which Facebook is suing a company that offers a tool for users to access and aggregate their personal information across social networking sites. Because Facebook's terms of service don't allow users to access their information through "automated means," Facebook claimed that Power accesses its service "without permission" in violation of California Penal Code Section 502. Facebook has also argued that Power broke the law by evading Facebook's effort to block the Power browser’s IP address, which was meant to try to keep users from accessing their Facebook accounts though the Power website.
EFF filed an amicus brief in this case, urging the court to reject Facebook's computer crime claims. We argued that turning any violation of terms of use into a crime would give websites unfettered power to decide what conduct is criminal, leaving millions of Internet users vulnerable to prosecution for everyday activities.
The court agreed with our position, relying heavily on our brief. This part of the ruling is great.
Unfortunately, the court also said that Power might be liable if it changed its IP address so that its browser could continue to interoperate with the Facebook service. In other words, it may be a crime to circumvent technological barriers imposed by a website, even if those measures are taken only to enforce the terms of service through code. There's nothing inherently wrong or unlawful about avoiding IP address blocking, and there are valid reasons why someone might choose to do so, including to sidestep anticompetitive behavior by other Internet services. As long as an end user is authorized to access a computer and the way she chooses doesn't cause harm, she should be able to access the computer any way she likes without committing a crime.
Overall, yesterday's opinion is an important precedent that aligns with United States v. Drew, a decision last year finding that a woman did not violate the federal hacking law when she created a fake MySpace profile, as well as recent Ninth Circuit cases. We welcome the court's rejection of terms of service violations as triggers for criminal liability, but will continue to work to demonstrate to courts that not all technological measures are created equal. If the measure seeks to control access to or use of data, then evasion of it is almost certainly criminal. But if the restriction merely seeks to impose owner preferences or terms of service on otherwise authorized users, bypassing it should not be a crime.
As other courts look at this issue, we hope that they will agree that code-based restrictions require a very fact-specific inquiry, and will remain open to the possibility that bypassing such measures should not necessarily be criminal.
Coauthored by Seth Schoen
The White House recently released a draft of a troubling plan titled "National Strategy for Trusted Identities in Cyberspace" (NSTIC). In previous iterations, the project was known as the "National Strategy for Secure Online Transactions" and emphasized, reasonably, the private sector's development of technologies to secure sensitive online transactions. But the recent shift to "Trusted Identities in Cyberspace" reflects a radical — and concerning — expansion of the project’s scope.
The draft NSTIC now calls for pervasive, authenticated digital IDs and makes scant mention of the unprecedented threat such a scheme would pose to privacy and free speech online. And while the draft NSTIC "does not advocate for the establishment of a national identification card" (p. 6), it’s far from clear that it won’t take us dangerously far down that road. Because the draft NSTIC is vague about many basic points, the White House must proceed with caution and avoid rushing past the risks that lay ahead. Here are some of our concerns.
Probably the biggest conceptual problem is that the draft NSTIC seems to place unquestioning faith in authentication — a system of proving one's identity — as an approach to solving Internet security problems. Even leaving aside the civil liberties risks of pervasive online authentication, computer security experts question this emphasis. As prominent researcher Steven Bellovin notes:
The biggest problem [for Internet security] was and is buggy code. All the authentication in the world won't stop a bad guy who goes around the authentication system, either by finding bugs exploitable before authentication is performed, finding bugs in the authentication system itself, or by hijacking your system and abusing the authenticated connection set up by the legitimate user. All of these attacks have been known for years.
The draft NSTIC says that, instead of a national ID card, it "seeks to establish an ecosystem of interoperable identity service providers and relying parties where individuals have the choice of different credentials or a single credential for different types of online transactions," which can be obtained "from either public or private sector identity providers." (p. 6) In other words, the governments want a lot of different companies or organizations to be able to do the task of confirming that a person on the Internet is who he or she claims to be.
Decentralized or federated ID management systems are possible, but like all ID systems, they definitely pose significant privacy issues. 1 There’s little discussion of these issues, and in particular, there’s no attention to how multiple ID's might be linked together under a single umbrella credential. A National Academies study, Who Goes There?: Authentication Through the Lens of Privacy, warned that multiple, separate, unlinkable credentials are better for both security and privacy (pp. 125-132). Yet the draft NSTIC doesn’t discuss in any depth how to prevent or minimize linkage of our online IDs, which would seem much easier online than offline, and fails to discuss or refer to academic work on unlinkable credentials (such as that of Stefan Brands, or Jan Camenisch and Anna Lysyanskaya).
Providing a uniform online ID system could pressure providers to require more ID than necessary. The video game company Blizzard, for example, recently indicated it would implement a verified ID requirement for its forums before walking back the proposal only after widespread, outspoken criticism from users.
Pervasive online ID could likewise encourage lawmakers to enact access restrictions for online services, from paying taxes to using libraries and beyond. Website operators have argued persuasively that they cannot be expected to tell exactly who is visiting their sites, but that could change with a new online ID mechanism. Massachusetts recently adopted an overly broad online obscenity law; it takes little imagination to believe states would require NSTIC implementation individuals to be able to access content somehow deemed to be "objectionable."
The draft NSTIC "envisions" that a blogger will use "a smart identity card from her home state" to "authenticate herself for . . . [a]nonymously posting blog entries." (p. 4) But how is her blog anonymous when it’s directly associated with a state-issued ID card?
The proposal mistakenly conflates trusting a third party to not reveal your identity with actual anonymity — where third parties don’t know your identity. When Thomas Paine anonymously published Common Sense in 1776, he didn’t secretly register with the British Crown.
Indeed, the draft NSTIC barely recognizes the value of anonymous speech, whether in public postings or private email, or anonymous browsing via systems like Tor. Nor does it address issues about re-identification, e.g. the ability to take different sets of de-identified data and link them so as to re-identify individuals.
Bellovin credits the draft NSTIC for suggesting the use of attribute credentials rather than identity credentials — that is, using credentials that could establish that you're authorized to do something without saying who you are. But, as he puts it, "We need ways to discourage collection of identity information unless identity is actually needed to deliver the requested service," and the draft NSTIC doesn't seem to address this.
The draft NSTIC seems to presuppose widespread use of smart ID cards. In one example, it envisions that an individual will use "a smart identity card from her home state" to "authenticate herself for a variety of online services," presumably modeled upon driver’s licenses. (p. 4)
One major concern, acknowledged briefly in the draft, is whether people's computers can really be secure enough to be used for these purposes — smart ID cards or no smart ID cards. As noted above, the vast majority of privacy and authentication vulnerabilities stem from buggy software, and when a computer is trivial to compromise, its users’ credentials are easy to steal. The NSTIC proposal could, in fact, decrease user privacy and enable identity theft: once a user’s digital ID is stolen, it could be used to both pose as the user and access all the user’s accounts and data.
Consider, for example, the proposal to use a state digital ID card to access health records and online banking. What happens next time you lose your wallet?
Furthermore, by consolidating your credentials, the NSTIC plan may provide the government with a centralized means of surveilling your online accounts. And if the government issues your digital ID itself, it won’t even need to approach a third party with any kind of legal process before surveilling you.
The draft NSTIC also mentions the development of a public-key infrastructure (PKI). (pp. 15, 27) We support good, widespread encryption, which could allow people to get correct public keys reliably and possibly cut down on phishing, spam, fraud, and pretexting. But as Bruce Schneier and Carl Ellison have explained, doing PKI properly isn’t easy.2 All of their concerns apply, in some form, to the NSTIC proposal.
Another concern that’s emerged recently is whether governments could coerce certificate authorities in a PKI to issue false credentials in order to facilitate surveillance. Chris Soghoian and Sid Stamm have reported on an industry claim that governments could get "court orders" giving them access to falsified cryptographic credentials. This threat seems greater if the government itself is running the PKI.
Much more could be said. The NSTIC is only a draft, and the Department of Homeland Security and the White House sought public input online through July 19th. Because of the importance of this issue, EFF has joined with a coalition of concerned civil liberties group to ask the Administrations for a longer comment period and a way to submit more detailed comments. We hope and expect that this will be only the beginning of a public debate about ID management online.