Slashdot Log In
Symantec Tries to Censor Criticism
from the tell-it-to-the-judge dept.
Let's first get the facts straight. Peacefire has not posted copyrighted material. It has posted code to decrypt I-Gear's encrypted blacklist. This is exactly like the DeCSS case, except the goal is criticizing a product instead of space-shifting movies.
The criticism here is that 76% of the .edu-domain blocks are wrong. This is a huge number. This suggests that, for every time the product blocks you from offensive material at an .edu Web site, there are three other times it blocked you from perfectly ordinary material.
While there are some people (like Bruce Taylor of the National Law Center for Children and Families) who would like to deny it, nobody's making this stuff up. Censorware really does suck. In fact, Peacefire did the same thing to X-Stop, another blocking package, two weeks earlier, and found a 68% .edu error rate. (But its maker hasn't threatened to sue. Yet.)
So what did Peacefire learn about I-Gear? A description of a milking machine system written in Spanish - blocked. Tricks for a flight sim game - blocked. A page entirely in Latin - blocked. Volumes 4 and 6 of "Decline and Fall of the Roman Empire" - blocked (but you can still read Volumes 1, 2, 3, and 5, go figure).
Furthermore, Peacefire revealed that Symantec is apparently violating its privacy policy by sending information to its servers without telling the user. Your Windows-registered "real name" and "company name" secretly get sent back to Symantec.
You may recall Haselton's Slashdot story "Keep it Legal to Embarrass Big Companies," from two weeks ago. He wondered if these kinds of pressure tactics would be the response to his efforts. It's already started.
The legal issue appears to be whether Symantec's End-User License Agreement (EULA) can contain a clause prohibiting reverse-engineering - and whether that clause can be enforced. UCITA will be the thousand-pound gorilla here, providing real legal muscle behind onerous EULAs. Fortunately, the current legal situation is more iffy, and cnet's story talks about that a little.
Symantec wants to distribute I-Gear only on the condition that nobody looks under the hood or says anything bad about it. And UCITA would back that up - by sending people like Haselton to jail for revealing products' flaws.
And then there's the question of why Symantec is using lousy crypto in the first place. As KnobDicker concludes: "Rather than being thankful that Haselton has conducted testing and work that they should have done themselves in the first place (for *free*), Symantec is crying in their beer and threatening to break out the lawyers to quash the bad press. Chalk up another one for the Open Source model's system of thorough peer review instead of development in a proprietary vacuum."
Give a little, get a lot (Score:5)
----------
Fair Use (Score:5)
Remember when Sony filed suit against Connectix for essentially the same thing? End result was Sonly lost because the court of appeals stated that Connectix was in compliance with the DMCA and that this use of reverse engineering is protected under fair use.
Of course Latin is blocked (Score:4)
Eric
"lousy crypto" (Score:3)
>using lousy crypto in the first place
Because it's not possible to keep secrets on an untrusted computer that needs to access them. If the program needs to decrypt the URL list itself, than so can anyone with a copy of the program, if they spend the effort. You can sue the best crypto alogrithm in the world, but then they key is stored somewhere in the program, where the owenr of the computer can get at it.
This is a fancy version of copy protection and client-side security. It can't be made unbreakable.
Honestly, no suprises... (Score:5)
Some of you may recall that Solid Oak Software has threatened Peacefire in the past. Hell, Solid Oak has even mail-bombed detractors and has recompiled their CYBERSitter software to generate a fake error message if it finds peacefire.org in your browser cache on install. Don't be suprised if Symantec does equally vile things to their consumers. After all, censorship is vile business. Certainly, there is no reason for this attack on Peacefire other than to "get even" for questioning their "moral" authority.
The only thing we can hope for is that this will result in a win for Peacefire. Otherwise, get ready for Big Brother in full effect...
Come on... (Score:4)
If they can decode the list in it's entirety, why don't they do a little more analyisis of it... What is percentage of
How about an analysis of the first 1000 entries? EDU or not.
In direct marketing, people realize that a sampling of 10,000 people from a given list is generally the bare minimum to use in terms of being able to accurately predict response rates... For instance if mail something to 1,000 people from the same list and get a great response, you shouldn't go ahead and buy 100,000 more names fom that list, because you didn't get an accurate sampling...
The same goes with peacefires thing... They're using nearly enough information to give a real idea of what's happening... When you're able to skew data like that, you can show nearly any result that you want.
Re:Of course Latin is blocked (Score:4)
-cpd
Re:Give a little, get a lot (Score:3)
As a similar note, I'm now going to be dropping my copy of Norton AV (Symantec's AV software, for those cave dwellers), and going and getting something else for my home network.
I mean, if I buy product from these companies, how can I really blame them for producing it?
There should be a law... (Score:3)
Every time a piece of censorware blocks a site, it sends the URL (with no information which could identify the user) back to the company which makes it. The companies must keep these lists of blocked URL's public and up-to-date.
Why do I think this should be done? Because it makes you see the censorware companies for what they are; people who compile blacklists of banned information. Not unlike book-burning (I hate to use this comparison so often, but there's nothing more appropriate), only on a scale not seen in the West since Hitler's time. The idea here is to get people to see filters for what they really are. No law is going to directly change the current situation of censorship. It takes a cultural shift to do something like that, to make the people see that censoring knowledge -any knowledge- is far worse than the information itself could possibly be. But for that to happen, people have to see censorship for what it is. Censorware companies have been using sneaky marketing tricks to confuse people for several years now, and the sad fact is that it's worked pretty damn well. So before we can set out to change attitudes toward censorship, we have to undo that confusion. It's the only way it'll ever work.
How about doing it right then?? (Score:5)
Then every week or so the HQ web site puts out a new blacklist. We can have all kinds of easy update utils to help those not squid-knowledgable, and some folks could make a Windows application to do it for those folks as well. Heck, if the existing censorware's methods are decrypted like this one, we could write utils to encrypt it again and drop it in to their directory.
I'm not going into whether you like blacklists or not, so let's keep these to ways of doing it correctly, since these other prorgams don't seem to do it very well. Using an open source list, and appropriate means of rectifying errors, we can do it properly.
Re:Why edu? (Score:5)
The reasons
1) k12.edu sites often have pages made for group projects by kids under 18, the ones who are supposedly being protected.
2) These same kids will probably end up looking at university sites (or the Smithsonian, if their project is on George Lucas's use of mythology...blah) for those same projects. Doing a report on Diocletian? Go to that Calvin College site and grep (or "find" in Netscape) for his name. Unless, that is, the pages are blocked.
3) The signal/noise ratio on
4) If you are out to Prove Something, like Peacefire, Greek and Roman histories/ literature translated into English SGML are valuable statistics-boosters. I haven't gotten to Vol. IV of Gibbon yet, but I would venture that any good translations of Sophocles's plays have frequent use of words like "bitch." Despite this, who's going to argue that high schoolers shouldn't read Sophocles? (Thomas Bowlder would, but he's dead.) It's very convincing to point a figure at the percentage of
Remember that, at least according to the Al Gore types, the Big Use for the Internet is
--Kevin T.
Woohoo :-) (Score:3)
Jeremy Allen
Disclaimer:This post was made from M14 (Mozilla Seamonkey!)
More proof that censorware does not work (Score:5)
Even if you had 95% accuracy (which is far, far better than anything on the market actually achieves), there would still be an unacceptable number of unblocked sites and mistakenly blocked sites. Let's assume there are 10,000,000 web sites; under a given rating system, 1,000,000 are blockable, and 9,000,000 are permissable. With 95% accuracy you would have 50,000 sites that should be blocked that are not, and 450,000 sites blocked that shouldn't be.
What really makes me scratch my head is why adult-oriented sites provide links to the various censorware sites. Webmasters, particuarly adult webmasters, should be the LAST people on the planet to lend legitimacy to these snake-oil salesmen and wanna-be thought police.
The internet is an amazing resource. Like the real world, cyberspace has much to offer; some of it appropriate for children, some of it not. Parents need to be educated that they need to supervise their children in cyberspace just as much as they do in meatspace. If people spent half as much money and effort promoting parent education as they did promoting ineffectual censorware, they might actually achive their stated goal of protecting the children. Unfortunatly, for most of these people "protecting the children" is a merely convienient cover for their real agenda of forcing their religious beliefs down everyone else's throats.
"The axiom 'An honest man has nothing to fear from the police'
pron.edu? (Score:4)
http://www.peacefire.org/
March 2, 2000
Download IGDecode, a program that can decrypt the list of sites blocked by I-Gear. We decrypted I-Gear's list and determined that of the first 50 URL's in the
...
So, uhh...12 of the first 50
An offtopic anecdote re: cum (Score:5)
(I know, it's miles off-topic, but still a good story.)
Nope, it's fair (Score:4)
Doing this to EVERY site would simply take too long. In fact, this is how these idiot filter companies get bogus entries to start with -- they just look at the name, don't even bother to read the page itself.
Secondly, this is the TOP 50 sites, presumably the worst offenders. It's as if you were verifying the FBI top most wanted criminals, and found 76% who were in fact not criminals, just ordinary professors or students. Why bother checking the rest? If the so-called worst offenders are 3/4 wrong, why even bother with the rest? If they can't even get the worst offenders right, what does it matter how right the rest are? If Symantec can't be bothered to verify even the worst offenders, what makes you think they are going to verify the small fries?
--
Re:How about doing it right then?? (Score:4)
http://www.microsoft.com (0, Overrated)
http://www.freebsd.org (3, Underrated)
http://www.linuxone.com (-1, Troll)
http://www.debian.org (4, Insightful)
and of course:
http://www.whitehouse.gov (0, Redundant)
;-)
Re:Come on... (Score:5)
Maybe they do have something to hide?
Did you read Peacefire's site? According to them:
And the pro-censorship response [cnet.com]?
Oh, God, what an idiot. There are so many things wrong with that statement, I don't know where to begin!
Lies, lawsuits and censorship (Score:3)
I want to go through the banned sites to see if any of my domains are in it. What are the legalities if your site is included? Can one sue because of mistakes made by Symantec? Isn't that lost revenue, the same as if someone cracked into your web server and deleted the site? The results are similar.
As far as threatening Peacefire, they are now in the league of bullying companies that threaten rather than fix. It's surely easier (and cheaper) to threaten lawsuits than it would be to fix the problem. Distributed-checking the URLs, as someone here has already suggested, would allow blocking of real porn sites from kids yet not have stupid blocks against items like Latin language texts. Hell, have URL's checked by at least 5 independent folks to eliminate biased censorship. This would give Symantec an edge over the other censorwares (we check so you don't have to, and we can PROVE it). If their encryption was poor, fix it... but why censor their lists? Is it because they're afraid that bona-fide non-offensive sites will sue? Open the lists. Put in seeded fakes so they can check if other companies are stealing their work.
As an aside, I've always supported Peacefire. I've had a link off of warpedreality.com since I put it online. Isn't it worth a line if text off of your page too?
Re:pron.edu? (Score:3)
You need to do better than that (Score:3)
How does Haselton's cracking honestly fall under the definition of "interoperability" or "testing computer security systems"? Any definition I can think of where Haselton's actions would be considered "testing security" would be so tortuous as to render the phrase meaningless. "No sir, I wasn't hacking the encryption, I was just testing security systems" isn't going to fly without additional credible indication of intent. Mr Haselton's publication of the encrypted contents along with an analysis of the contents, (not just publishing the fact that the security was weak like 99% of security alerts) suggests quite strongly that his goal was *not* testing security methods but gaining access to secured content. The interoperability argument in this case is even more specious-- what two pieces of software was Mr. Haselton trying to make interoperate?
IANAL, but Haselton looks like he's standing on shaky ground, even assuming a noble purpose. Looks to me like a classic case of thinking that the ends justify the means. I welcome rational counterarguments; perhaps I'm missing something?
--LP
Re:What if... (Score:3)
<p>I hate to disagree, but 'negative mindshare' with who? With the people who have let eBay get away with appalling uptime? With the majority of the public who think MS and Bill Gates personify Noble American Ideals(tm)? With the people who support RealTrojan Theftware, the Spamazon Patent and Lawsuit Company, and DoubleCross?
The general public doesn't care about this sort of stuff. No matter how much they talk about censorship and privacy online, they don't understand the issues, nor do they _want_ to, unless their credit card number is stolen. Fair enough--people don't care about the details of how their power gets to the light switch either. BUT, the end result is that only a tiny minority--us--will give a rat's ass about ANY level of corporate abuse as it pertains to the internet.
Or in short, it's nigh impossible to generate negative mindshare in a flock of sheep.
parent: +1 Funny (Score:3)
Of course, there's always...
http://www.userfriendly.org (3, Funny)
http://slashdot.org (-1, Flamebait)
[TMB]
Some insight into the subject..... (Score:3)
What pisses me off, however is the fact that in the product advertisements they say that they list is constantly updated by humans. Now I am lead to believe this is bullshit.
I still am not *completely* opposed to filtering... there are sooo many people out there whom are so terrified that their kids will *gasp* find a nude picture on the net, or they might come across something that implys that there may in fact not be a god, or whatever, and these people would not allow their children to use the internet if it weren't for this sort of option.
I think that the guys at peacefire are generally doing a good thing here, but they still kinda need to get a clue. There is more to this software than they are letting on. First of all, the software allows two accts, one filtered and one not filtered. If a kid says that a site is ok, but the software is blocking it (I had this happen with a greeting card site once-- completely clean FYI) the parent can log on, check it out, allow the child to see the site for 5 minutes (i believe) and then email the admin, who can make the page always allowed.
How bad is that?
Please also keep in mind that the site is very unscientific and could possibly be very misleading. They only showed the first 50 of the
Just keep that in mind.
And as for people blaming all of this on Symantec... It has little to do with them. They just recently bought the company that used to make I-Gear... UR-Labs.
Just trying to set things a little straight --
-- Kneel (uber-geek)
Peacefire blocked by our filter... (Score:4)
We use a Sonicwall [sonicwall.com] unit for DHCP/VPN/filter here at work, and it blocks the peacefire.org site with the following codes:Code:abcdefghijkl - 00.C0.F0.48.51.E0 - www.peacefire.org
Here's the breakdown on what those letter codes mean
Time to let their filter people know about this "oversight"...
St. Augustine is apparently smut!!! (Score:5)
Re:Fair Use (Score:5)
True. So far so good.
Fair Use. This is what Haselton has done, plain and simple.
That's not a question of fair use. It is explicitly permitted to sue people under DMCA even if there was no copyright infringement whatsoever. Yep, that's one of the beauties of DMCA: the act of breaking protection is the offense in itself, regardless of the rights that you might have with regard to the protected copyrighted material.
So fair use doesn't fly here.
Reverse engineering is addressed in the DMCA for certain areas. Haselton was fully within the realm of information security validation.
See, the problem is that judges (with some notable exceptions) are not stupid. They can understand why Haselton broke the encryption just as well as we all do. There is no interoperability issue (interoperability with what??) and the "testing security" defence looks *very* shaky to me.
I'm getting tired of pointing out that DMCA does, really really does criminalize standard actions that we all take for granted. It's not the case of some judge "not getting it", it the case of a very bad law that must be repealed or at the very least castrated.
Remember when Sony filed suit against Connectix for essentially the same thing?
Not the same thing. Connectix did the full-blown clean-room reverse engineering thing and they were able to show and document that the room was "really clean". That's why they won. Besides what Connectix was doing was a straight interoperability example.
You've been warned: until something is done about DMCA we are going to see uglier and uglier applications of it.
Kaa
What does this software block, again? (Score:3)
"Install our software! It blocks bad sites!"
"Which sites in particular does it block?"
"Bad ones!"
"Which bad sites?"
"We can't tell you which ones, because then someone else might come along and block the same sites."
*wince*
Re:You need to do better than that (Score:3)
security and/or operability testing is not
what he was doing.
> IANAL, but Haselton looks like he's standing on
> shaky ground, even assuming a noble purpose.
> Looks to me like a classic case of thinking
> that the ends justify the means.
Here I disagree. You seem to imply that his means
are not justifiable by any other rational. Is it
not possible that he believes that his means are
justified?
I can not speak for Mr Hassleton myself (though
I am wearing my PeaceFire T-Shirt here at work
today), I personally think that what he did was
perfectly justified, no matter what the law may
say.
In fact, I would go as far as to say that
any law which would allow companies to sell
a product to a consumer, and allow the company
to take away the consumers right to take it apart
and see exactly how it works and what it does, is
an unjustified law.
I think a consumer has a RIGHT to do whatever
they wish to a product that they purchase. I think
that if a consumer takes apart a product, and
finds out that it does things which the producer
was trying to hide (like sending off info to
the company, or blocking sites that should not
be blocked) then that consumer has not only the
right, but the DUTY to expose these facts.
The simple fact is that he took this product. he
opened it up. He found out that it does NOT
work as advertised. It does things that consumers
should be aware of.
Re:Peacefire blocked by our filter... (Score:3)
;-)
Eric
One more great Taylor-ism ... (Score:3)
No, but it is equivalent to allowing anyone to hire chemical engeineers to figure out the formula. And I believe that this is perfectly legal. In fact, it's the basis for the Designer Imposters perfume line (assuming all liquids are entitled to equal protection under the law).
Re:Peacefire blocked by our filter... (Score:4)
am against censorware in libraries btw (or
anywhere else). Simple fact: They do NOT just
block porn.
Think about it...the entire argument for
censorware revolves around porn...but they
block so much more...the worst of which is
of course...they block dissenting opinions.
but...
> g = Satanic/cult
Nice...and who decideds what is "Cult". From my
point of view the catholic church would be a
cult...so would any other church or religous
group (except maybe the wiccans and a few others)
WHo are these people to draw the line between
religion and cult. I know I am not qualified (as
I just admited above).
> h = Drug culture
So I supoe that means DARE and other organizations
who teach nothing, yet expose kids to drugs (and
have been linked to INCREASE in drug use...as
exposer makes kids curious)...would be OK
However lycaeum or some harm reduction site that
actually EDUCATES and tells people things like
"Mixing A and B could kill you"...are probably
not ok, since they "condone use"
-Steve
Just talked to Semantec VP (Score:3)
Re:Give a little, get a lot (Score:5)
(1) We need to get as many people as possible to link to peacefire.org and censorware.org. Actually, we need an XML blocked site of the day list which people can display on their web pages (ala a slashbox). Banned book lists are very effective in raising awairness of printed media censorship, but only when everyone displays the banned book list. Plus, this convinces members of special interest groups that their sites are being blocked.
If we could really get a campaign going to link to peacefire and mirror peacefire's info on banned sites and instructions for disabling the software.
(2) We need a Perl/CGI module to identify any blocking software that the person viewing your page is using. This allows your page to react diffrently depending upon wether it's viewer is using censorware or not. This could have a variety of intersting effects including:
(a) People putting up pages which turnned into pornography when viewed via censorware. This would be funny as shit; and lots of people doing this would mean that the chances of accedentally viewing porn would go way up when you install censorware.
(b) Technically, pedofiles could use these types of CGIs to identify children browsing the internet, so censorware could be accused of *possibly* attracting pedofiles to kids! More realistically advertisors would use the script to make advertisments which exploited children more effectivly and further endangered privacy.
(3) We need ActiveX controls which disable censorware! I know peacefire has instructions on disabling censorware, but an ActiveX control would be simple and lots more people would put it on their web pages.
There are a lot of other purely code / web projects which need people to work on them (like finding flaws in censorware).. these above projects are just the most obnoxious.. so they seem like fun to discuss.
this irritates me (Score:4)
Um, not to get off topic, but could we please stop pretending that porn is nothing but "nude pictures"? I have heard people compare the range avalible on the internet to a kid being able to read "our bodies our selves" and other such silliness.
If you are pro-porn-choice, be honest about what you are talking about. On line porn includes (but is not limited to) stuff which can be 1. graphicly disgusting (a picture of a man shitting into a woman's mouth) 2. emotionally disturbing (B&D S&M) or 3. humiliating or frightning to those who identify with the subject (teen, pre teen or "oops" sites.)
You do not need to be a puritan to imagine that a kid particularly could be confused or disturbed by such things, especially if they don't have the sort of relationship with their parents which allows them to ask about it and sort out why it makes them feel that way. Now we can argue about what the best way to deal with this is, from better parenting to start out with to censorware, but could we acknowledge the reality of the problem instead of brushing it under the rug? To hear this group sometimes, you would think the porn content of the internet was mildly more raunchy than a display of renisance sculpture. It is unneccassarily insulting and condesending to the people we should be reaching out to, and it prevents rational discussion of solutions that work for everyone.
-Kahuna Burger
I used to work at Symantec (Score:3)
Although I cannot say I actually ever believed that they make very good software, there are a lot of nice people working there. But in the end they are just another American Windows software company, that is, a shark among sharks.
There seems to be a culture clash between the freedom loving, online cyberculture and the older forces of commerce and traditional government. This has been predicted long ago, and anyone could have guessed that the sense of freedom of the Internet would collide head-on with 'old world' ideas and institutions sooner or later.
I think that we need to be strategic in choosing what can be defended and what we can't. Open and free software needs to be defended, free speech, free criticism, nobody can argue about that. On the other hand: porn, violence, crackers, warez etc shouldn't be. Nobody argues about that too.
But there is a large and vague middle ground where things are not so clear. I see people foray too far into that vague space and see them try to defend ground that is disputable at least, and setting up their defence (or attack) there.
In this case, the censor-software breaking, you say 'see this software sucks, see that censorship does not work, it shouldn't exist'. That is very true, and I don't think that you can't block 'bad things' succesfully in the end with this kind of software. But try to understand the confusion and fear, that comes with the Internet. Suddenly, the whole world enters your house, your family. A lot of people are not going to be able to sort the good from the bad, at least in the beginning. They cannot cope with it. Most people are just followers, lost without rules or guidelines. So this censorware is bad, but who comes to the rescue of the worried parents then? Should they just not have Internet at all then? Or are they just being overprotective?
The Open Source idea of 'having a million eyeballs looking at the bugs' could help a lot here. The problem with filters of course, is that they can never catch everything, and always catch what they shouldn't. But a million worried parents, rating webpages into categories, that could actually work. You would need a clever rating system, and just rate a site for what it actually is: educational, commercial, obvious porn, sites about sex but not porn, etc etc. Categories without a moral value judgement, just cleanly categorize it. And of course with a voting system, so that at least say 10 people put some site in the same category, before it actually stays there. Have search engines seek out sites that change, with a crc check, and set up a system where some parent would get a list of a 100 sites, and categorize them, in a distributed system, and then has done his/her service to the community.
Then you have a more or less fair categorization of the Internet, and a parent could then choose a package of things that his children can or cannot see. No porn, no violence, but maybe a yes for sites about coming out for homosexuality.
I see that this might be abused by a government to 1984 its citizens. But a governement could do that anyway, though. China does it now.
You could try to categorize only universally bad things (blatant violence, _commercial_ porno, the Ku Klux Klan (did you know their site runs on Linux, by the way? www.kukluxklan.org [kukluxklan.org]), and mark the rest as 'mostly harmless'. I don't know.
I just think that something along those lines needs to be done, because nobody with any sense is adressing the fears of the fledgling millions of new Internet users right now. We could even give this community provided lists to Symantec. That would be quite a shock to them.
-----------------------------------------------
UNIX isn't dead, it just smells funny...
CensorWare that "learns" (Score:3)
How about a program that allows a parent to define their own list of sites to block. The parent (and this should be the husband, since he is the ultimate boss), would have to look at a continous stream of porn sites and click "yes-offensive for kids" or "no".
He would have to use the program alot to make sure all the bad sites got blocked, but wouldn't the peace of mind be worth it?
Re:You need to do better than that (Score:3)
There's only one problem: There's another law which applies too, and this law is the supreme law of the land. It's called the Constitution of the United States of America, and it has an amendment (the 1st Amendment), which the Supremes have held explicitly protects "critical speech" that makes "fair use" of copyrighted material. What this means is that, in the end, the parts of the DMCA that consist of government inhibition of free speech will be thrown out.
The problem is that it will take years of appeals before the illegal portions of the DMCA are thrown out, and it will cost hundreds of thousands of dollars in court costs. In the meantime, software companies will continue to use tactics of intimidation and threats to prevent critical speech, much as McDonalds did with their McLibel lawsuit against Greenpeace activists.
And the next problem is that, after this law is thrown out, the companies involved will buy yet ANOTHER law that removes people's right to engage in critical speech, and the whole thing starts over again. And so it goes in the United States of Self Delusion, where we delude ourselves that we live in a free country when in actuality we are ruled by those who spend millions of dollars to buy laws that benefit themselves at the cost of the rest of us.
-E
Re:How about doing it right then?? (Score:3)
The contributing volunteers shouldn't add sites to a blacklist or even a broad categorization. Instead they should apply a number of labels simultaneously to each page. Here are rough examples of what I mean, for three different sites:
"Entertainment+ExplicitHomoSexuality+Graphics"
"Educational+Art+MildHeteroSexuality+Graphics"
"Political+Literature+ExtremeRacism+Text"
Of course the filtering software would have to come with default rules which wouldn't truly suit anyone, just like current packages.
"FILTER *Racism ALL"
"FILTER *Sexuality ALL"
But the end user could easily tweak the rule set to be as precise as they like. eg:
"FILTER *Racism UNLESS Educational OR Literature"
"FILTER ExtremeRacism ALL"
"FILTER *HomoSexuality ALL"
"FILTER MildHeteroSexuality UNLESS Educational"
"FILTER Explicit*Sexuality UNLESS Literature AND NOT Graphics"
The filter rule sets can be adapted by anybody. You don't need to be a programmer, just to be able to understand what UNLESS, AND, OR, NOT mean, and to be able to understand that the result of any given rule may be modified by what rules come after it. Like *any* series of filters applied sequentially.
No doubt people of like mindset would trade their carefully crafted filter rule sets between themselves.
This system is still slightly (though less) vulnerable to misclassification by volunteers with an evil agenda. But some sort of metamoderation scheme would soon identify those reprobates and flag up all the sites that needed rechecking.
Can anyone think of a reason why this wouldn't work?
PS. Just in case this sort of scheme should find its way into anyone's commercial implementation, I'm releasing the above idea to the world under the terms of the GPL - so there are should be no encrypted filter lists based on this idea, OK?
Consciousness is not what it thinks it is
Thought exists only as an abstraction
No, he's right. (Score:3)
Suppose I have a kid who's starting to get computer literate and I decide I want censorware. Well, in that case I would want to know the false positives rate because too many false positives would increase my kid's motivation to try to circumvent the censorware. The more motivation on my kid's part, the more insecure the censorware package.
So yes, Hasselton's actions in my book constitute a form of security testing and thus should be protected.
Re:I used to work at Symantec (Score:4)
Au contraire. The question 'what is porn' is argued over constantly, leading to the vague-but-appropriate concept of community standards in obscenity trials and the like. What you call porn, I call erotic art, and Europeans call commercials.
Same with violence. Just filtering on violence gives you a world where Teletubbies are OK, and _Saving_Private_Ryan_ is banned. Who decides?
>Categories without a moral value judgement, just cleanly categorize it.
Except that categorizing _IS_ value judgment. Again with _Ryan_, it would be 'objectively' categorized into "Violence, graphic dismemberment," and correctly so. The fact that it is, in fact, a powerful work of art cannot be reflected except by offering up a relative value judgement of some kind.
>universally bad things (blatant violence, _commercial_ porno, the Ku Klux Klan
Right there. A value judgement. In the US, even the Klan has a right to express and believe whatever they want, so long as they're not actually committing crimes. Period. Calling it 'universally bad' and therefore OBVIOUSLY needing to be censored is exactly what you allege to be against: selling your ideas of propriety onto others.
Ratings systems, censorware, whatever, the very ACT of dividing things into acceptable and unacceptable is a set of value judgements. And it's simply impossible to make a set of value judgments that works for everyone, and irresponsible to try.
--
Oops, I missed one. (Score:3)
(a) All applications of artificial intelegence to scanning content either from the blocking software OR to create a master list. I am including simple search applications like looking for fleshtones commonly found in porn. I am also including the idea of using a combination AI / human interface where the AI flags the human and lets them check the content.
(b) Patent the simple protocoll ideas, like online blocking list updates and special codes the porn sites can give out to help the blocking software avoid them. Also, patent the buisness model ideas like using a common blocking standard which many diffrent groups can provide lists to. Note: I realise that there is prior art for some of this, but that did'nt stop amazon..
It would be really cool to kill this industry with software patents! Unfortunatly, this takes a lot of money. It might be possible to work out some deal where joe hacker submits the idea, the ADL's blocking software company foots the bill, and the EFF/ACLU controls everyone else access to the patent, i.e. get the anti-Nazi people to pay for it in exchange for being the ONLY blocking software which is allowed to use it.. and they would hopefuly not be permitted to censor anyhting but hate speach. It's not an idea situation, but it might be the only way to get the patents paid for.
Plus, it might make more people understand the problems with software patents (and intelectual property in general).
(5) We need to produce hard evidence that human censorship methods (i.e. the librarian ask someone to leave when they cause a problem) are more effective then blocking. There are a variety of variations on the human sencorship method, including having a flshtones alarm (or slide show) on the circulation desks computer which scans the web browser caches, but they all havethe property that they block a MUCH larger percentage of porn then censorware dose.
We also need to point out that human censorship is the ONLY thing which wil block the kinds of things that the AFA uses to drum up support (like someone changing the background to porn).
No, this really is a copyright violation issue too (Score:3)
- This is is a copyright violation issue. The list of encrypted URLs was posted. This is copyright material. Period. To its credit, Peacefire has removed the link, which satisfies this complaint. But Symantec still was in the right here.
- This is definitely also a reverse engineering issue. Symantec clearly stated in the letter that Peacefire had not been given "permission" to decode the list. In this regard, this does become a sticky legal issue that Peacefire is correct in raising.
- Privacy: Symantec is violating its privacy policy. However, as Peacefire states, the software was manufactured by URLabs, which may have had a different policy than Symantec, so we must be careful in claiming malice on their part. The violation must still be corrected though.
However, Peacefire, and everyone here on Slashdot, is immediately jumping on the "Symantec is evil" bandwagon, where in reality Symantec in the letter did not mention, at all, the claims of failure rate. Symantec clearly stated concerns over a valid copyright violation, and a legally debatable claim to prohibiting reverse engineering.Yes, you can extrapolate that Symantec is not happy with this disclosure. But just blindly posting parts of their code was stupid. To say in this article that Peacefire clearly did not post copyright material is WRONG and muddles discussion of the real issue, which is simply reverse engineering. A valid, important issue, worthy of discussion, no doubt. But as with so many other things on Slashdot, people are quick to jump to conclusions without thoroughly reading what has actually happened.
----------
Any System with ONE ranking for a page will fail (Score:3)
The only solution to this sort of system is based on automatic matching of your opinions to those of individual moderators. For example, you moderate 10 pages a day. Over time, the system can determine how you would moderate a page based on the similarity of your moderation to other moderators, and can block pages based on criteria you specify.
So, for example, I would agree with those moderators who moderate child porn as "obscene", but would not agree with those moderators who moderate Anais Nin as "obscene", so my browser could tell me "You will probably find this page obscene. Continue?" before displaying it. Or, I could configure it to block such sites if my kids (maybe such a system will actually be functioning before I have kids) are using the computer.
If I'm a puritanical christian, maybe I agree with other puritanical christians, and my software will block damn near everything. The key is that it's using the same system.
The same system could also be used to rank results in search engines, for example, and I could ask the computer for recommendations on some new fiction based on what other people with my taste recommend. Assuming suitable go-betweens to preserve privacy could be established, it could be the world's first successful computer dating service.
--Kevin
Re: which AV? (Score:3)
Mendax Veritas dun said:
Well, they aren't the only ones in the market, really--F-Prot, which comes in two different flavours (the Data Fellows [datafellows.com] "Finnish Mix" and the Command Software [command.com] "British Remix"), is damned good, beats the pants off of both McAffee and NAV, and hasn't been bought out by either company (largely because at least Data Fellows also sells other security software like firewall programs, SSH clients and SSH servers for NT, etc.). Also worth noting is the Best Damn Antivirus Software Money Can Buy (according to alt.comp.virus--and by the way, it's not just antivirus writers who hang out there; there are a fair number of virus coders who hang out there as well), AVP [avp.com]...hell, they've even got a version for Linux for folks who run servers (who want to scan the stuff they're serving for Nasty Stuff).
By no means are you restricted to what Network Solutions or Symantec have to offer. There's other stuff out there that's actually better but less well known about (wow...kinda like BeOS and *BSD and Linux, eh? ;).
I wouldn't say it's entirely a non-problem. In a home environment, with a clueful user who doesn't download strange binaries without checking the source twice, and especially if he's using an OS for which very few viruses exist (such as BeOS or Linux or *BSD)...and more importantly anymore, never uses certain office suites out of Redmond with extensive macro capabilities including hooks to Visual Basic (which has hooks to system calls in Win32) nor uses programs with extensive HTML and Javascript capability to read email, then yes, it'd be a non-problem.
There are cases where it could be a problem, though. Say...work environments that have to use Office 97 and accept Word and Excel documents from Goddess-only-knows where, or home users who dabble in warez because they don't feel like paying $200 for the latest killer game, or work environments where people take stuff from home and put it on the boxes, or people who are new to the net (and don't know about stuff like Good Computer Hygiene) and get offered this "cool South Park screensaver" from an email address that belongs to their friend on the net (and they are completely and utterly unaware that said program is in fact the "Pretty Park" trojan/worm that mails itself to everyone on your Outlook Express address list)...in those cases, yes, it could be a problem.
Now add in those folks who have to take home stuff from work. Now add in the number of folks at work who are the clueless folks who will blindly run that "Pretty Park" executable, and/or have warez'd copies of Diablo, and/or take stuff to work to show folks how "cool" it is...and you have to take Word documents home to work on them, or Excel spreadsheets...and think of all the OTHER companies your company might be sharing Word documents with...'s pretty scary, really, if you think about it.
I'll touch some more on this below...
By and large, antivirus software isn't for us who know how to use debugging tools :) It's for folks who might be new to computers, or who have to take stuff home from work and run it, or who might want to be double-safe that the program they just downloaded doesn't have anything nasty in it.
Yes, some TSRs and some programs will cause antivirus software to hiccup. I'll also note that these are (in the case of most folks--not necessarily us techy ones) few and far between. It also depends specifically on the heuristics that the program is looking for--I've heard that Norton Antivirus tends to give quite a number more false positive alarms than AVP or F-Prot do, for instance (in fact, on alt.comp.virus it's recommended that if you run Norton or McAffee Antivirus (another AV program bad for false positives in heuristics mode) you double-check it by running F-Prot or AVP in heuristics mode because the latter two programs are far less susceptible to false positives).
As it is, for binary viruses and trojans heuristics can work well; for Word macro viruses (which are the single largest category of viruses today, by the way) they're nearly foolproof. As Word macro viruses are a far worse problem nowadays, this is probably a Good Thing.
I'll assume you practice Good Computer Hygiene (not downloading strange binaries, etc.) I do have some questions for you, though...
Do you run Microsoft Office? Do you accept Word documents from possibly untrusted sources? (The single largest category of viruses and worms, not to mention the one with the most growth by far, is Office macro viruses and worms (especially Word macro viruses which often are also worms in that they have specific hooks to common mail applications to enable spread by email)...in 1993, Word macro viruses were literally unheard of. The first "proof of concept" Word macro virus appeared in 1997, and eventually spread to the wild. A year later there were over 200 known Word macro viruses, and the first Excel macro viruses were known. In 1998-ish the first known Word macro worm was discovered. As of now (early 2000) there are over four thousand Office macro viruses (the vast majority Word macro viruses, and a fair number of which can be considered worms as well; more than a few also are "droppers" for destructive payloads), depending on whom one is talking to (some would put it higher, some would put it closer to two thousand)--literally more Word macro viruses and worms exist than binary-based viruses at present, and it is becoming a fairly serious problem in businesses (a Word macro virus/worm brought the email systems of many businesses to a screeching halt last year because of all the load--one of those companies just happened to be [ironically] Microsoft). The largest portion of databases for antivirus software are for Word macro viruses; I suggest you take a look down at Data Fellows' [datafellows.com] virus-lists and see just how many have the little prefix "W97/M" (Word 97 macro virus)...it's really a staggering number. Binary-based viruses like CIH are by far the exception now; most folks doing viruses are either working in Word macro viruses or are working on worms (such as mIRC worms, or trojans that are worms such as "Pretty Park").
Fortunately for antivirus software authors, most Word macro viruses have specific infection routines and use specific Visual Basic calls (Microsoft, in its infinite wisdom [HAH!], decided to allow one to use Visual Basic hooks in Office macro code...which is a security disaster waiting to happen, as Visual Basic has hooks into the operating system itself) to do nastier things (like the "propogation behavior" of Word macro worms, or droppers for destructive payloads for the nastier Word macro viruses--in a way, they behave more like trojans than viruses), so it's pretty easy to kill such things with heuristics. (It's also pretty easy to kill such things if you don't enable macros, or you use stuff like StarOffice to read the file. But that's another issue :)
(Unfortunately, it seems the bulk of the business world not only uses Win95/98 or WinNT, but also Office, and also Outlook Express--which helps Word macro worms spread like wildfire through a network (by the way, Word macro worms are having the same growth Word macro viruses had in the beginning, and some have been found with destructive payloads--things are going to get interesting indeed). Even worse, Word macro viruses are cross-platform--they can infect Word on Winboxen, Macs, and presumably any other platform that can run Microsoft Word and/or a word processor that recognises Word documents and Word macros (fortunately, most of the Word macro worms can spread only under WinXX and largely only if Outlook Express exists as a mailer, though some can also use Eudora [the other big mailer], but I don't expect this to last very long--and the Mac users can still infect documents with the worms).)
Do you have to share computers at work with anyone? (Their computer could be crawling with viruses. Just because you don't do anything stupid doesn't mean your co-workers won't.)
Does your workplace have a strict "no-files-or-disks-from-home, no-programs-from-home" policy? (If not, they're wide open unless they're using a scanner. Again, you might practice Good Computer Hygiene, but others won't necessarily do so.)
If you do consultation work, are all your boot-disks and install material on non-writable media like CD's? (If they've got a boot-sector virus, they can infect ZIP disks and floppies.)
Are you absolutely certain that all of the software you get is virus-free? (About the only way you CAN be certain is if you compile and run it yourself--and even then, if the compiler itself has virus code, you still might not be safe (cref. a proof-of-concept of this where hidden backdoor code was included in early C compilers for Unix--if code was removed, the compiler simply reinserted it at compile-time; the only way to remove it for certain was to compile from a known clean copy, and reportedly the backdoor generated WAS used a few times). Commercial software has been released accidentially with virus code before (most infamously, a demo CD included with a PC game magazine that was infected with CIH); hell, computers have literally come preinstalled that had viruses (there was a rather infamous case where either Dell or IBM (memory fails me on which one) actually sold some laptops which were infected with CIH--it turns out that the standard disk image used to copy the OS and apps onto the drives had been infected with CIH somehow). There are now known worms that can infect a computer using Outlook Express (with HTML and ActiveX extensions turned on) without even opening the mail itself (just by previewing the mail). Most Internet worms propogate themselves anymore by sending copies to everyone on an address-book list in email clients (the vast majority of Word macro worms, and even some "trojan" worms like PrettyPark), or by mass-DCC send (most mIRC worms propogate this way--the worms take advantage of insecurities in mIRC scripting language).
Do you serve files for other people? (If so--even Word documents--if you don't check them before offering for download, you may unwittingly pass along infected files. Again, infected files don't even necessarily have to be binaries anymore--the vast majority of viruses anymore are Word macro viruses and worms, and the few actual binary viruses tend to be spread either through warez or as "trojans" or worms.)
You see...it's not as easy keeping virus-free as one thinks. In fact, if you accept foreign Word documents at ALL and don't have either a damned good virus-scanner or macros turned off completely, you are essentially wide open to getting a rather nasty case of computer VD. Even more so if you use Outlook Express, or (God Forbid) accept attachments of *.exe or *.doc files in email, or accept HTML-email or have Javascript or ActiveX enabled in your email browser.
1) Even commercial software has been infected--there is more than one documented case of this.
2) As stated above, things have changed a LOT in the world of viruses since 1993 :)
2a) The major problem, with rare exception (CIH, which really is novel in that it attempts to over-write BIOS info in boxen with flashable BIOSes), is not binary-based viruses like Stoned or Jerusalem (the two biggies in 1993, by the way). The biggies, by far, are Word macro viruses (literally more Word macro viruses exist now than binary ones exist now or in 1993, a fair number have nasty droppers or destructive payloads, and an increasing number can also be classified as worms as they propogate through vulnerabilities in a number of Internet programs [a short list--Outlook Express, Free Agent (Usenet client), Eudora, etc.]).
2b) With the exception of CIH, the major problem with malicious binaries isn't with viruses anymore but with Trojans of various types. The vast majority of these may be classified either as worms (i.e. PrettyPark.exe, the latest in this line) or as attempts to pass off Back Orifice (a program designed by Cult of the Dead Cow to spotlight rather serious security flaws in Win9X, and which can be used to remotely control another computer--often without the victim knowing, as Back Orifice hides its processes and tries to make it difficult to uninstall).
3) The single largest increase of ANY viruses or malicious programs today is in the form of worms. Many of these worms are essentially multiplatform and the vast majority target the single largest used office suite in businesses today. Many of these companies must share Word documents and other traffic with other sites, often untrusted traffic. In a way, the Internet has been the best thing since sliced bread for propogation of viruses (keep in mind, too, that when you left Symantec the vast majority of "program trading" was at universities and most of the "warez" traffic as well as virus traffic was at universities and on small, members-only BBS's; there were still roughly an equal number of *.edu and *.com sites online, the plague known as AOL had yet to hit the net (that occured in 1994 or 1995, and AOL has always had a wee bit of a script-kiddie/V/C community), and the Internet had NOWHERE near the penetration it has now--it was next to impossible for worms to spread the way they do now, much less Word macro viruses (again, keep in mind that macro viruses of ANY kind were unheard of before 1997).)
4) In 1993, a lot of companies still used dumb terminals or didn't have much computer access. Now, a large number of folks have computers--frequently connected to the Internet--and they frequently have to take home work and such. Many of these folks don't practice Good Computer Hygiene--they run programs their friends send them online (unaware that many worms use address-lists specifically to propogate), while spreading rumours like "Good Times" because they literally don't know any better. Sometimes this even extends to the folks running the boxen--a number of sites use NT or even Windows 98 to administer networks, and many of these folks don't use proper security precautions (like not allowing executables to be installed, etc.). 5) The fact that so many folks ARE on the net with Win95/Win98 boxen has to be a major factor in how viruses are spreading, and especially worms (which had pretty much died out in the days of tht Morris Worm and WANK-Worm until Word macro viruses started coming out). Win95 and Win98 are notoriously insecure--in essence, everyone (even on a multi-user system) has root/administrator access, most of the Internet applications for these systems--especially those from Microsoft--are not exactly designed with security in mind, the major office suite for these boxes (Office 97) has major security flaws in its scripting language insofar as using it in a networked environment...the major scripting language for Microsoft-based Internet apps, ActiveX (which has even been incorporated into the OS in Win98) is so insecure that nearly every security site recommends disabling it...also, Win9X is designed for people who are complete and utter computer virgins, who aren't going to know about computer security and who are lucky to know how to install a program without some kind of installation-wizard. It's an OS designed for the clueless, and it's user-friendly to the point of sacrificing security...it also doesn't help that Internet apps (by and large) were actually an afterthought to the OS, added when the Internet exploded in popularity (especially the World Wide Web).
I'd even go so far as to say that, as designed, Win95 and Win98 are outright unsafe to use in a networked environment without some sort of protection both against malicious programs and scripts AND against malicious parties trying to gain outside access. Win9X was not designed as a multi-user, networkable OS; it was originally designed as a home OS for the newbie user who needs stuff to be point-and-click simple, and networkability was an afterthought added when Microsoft found out people actually wanted that Internet thing. Security has always been an afterthought, if it's been thought of at all; to make it secure actually requires either add-ons (like antivirus software and intrusion-detection software) or keeping it off a network period. Yes, security really IS that bad with Windows9X. (NT and Win2000 are considerably more secure, but that's partly because they were designed as networkable OS's and they do have security features in light of this. They are also somewhat less user-friendly, especially in tighter security settings (many WinNT sites have EVERYONE with admin access because some things become unusuable in lower settings).)
It's not just the Microsoft apps for Win9X that have security bugs, either--the whole idea of running untrusted apps is a Bad Thing (there REALLY needs to be a "sandbox" area for untrusted apps; moxe *nixes do this with multiple users and security settings, and Java does it by running it in a virtual machine with no direct hardware access). Eudora has had serious security bugs that worms exploit. mIRC, a major IRC client for Windows boxen, has had periodic troubles with script worms (in fact, before Word97 worms became popular, mIRC was the major target of worms on the net). WinGate, a popular telnet server for Windows boxen, is so horribly broken that early versions have essentially no security whatsoever and can be used as an anonymous relay host by Bad Folks because it has no logging whatsoever (and it HAS been used like this by Bad Folks, which makes it a MAJOR pain in the arse to try to track them down). Most FTP servers for Windows boxen can be cracked. Nearly any Internet-capable program for Windows can be made to cause the system to crash by simply sending "file://C|/con" (with HTML browsers and email clients that parse HTML like Outlook Express and Eudora), or requesting "C:\con" (with FTP clients)...hell, you could probably write malicious ActiveX code to do the same thing, or add that as a dropper to a Word macro virus. This is partly the fault of the programs, but it's partly a sign that the OS in and of itself is horribly mis-suited for network use.
In short, there've been a lot of deep, almost fundamental changes in the world of viruses and malicious code, and more importantly, the dominant means by which they spread and the dominant "host" they breed in to begin with.
I wouldn't say virus myths outnumber actual viruses (I think the number of Word macro viruses slightly beats the number of variants of "Good Times"/"Jessica Maddick", etc. :) but Kumite's a good site. (Hell, I recommended it in my last post. :) There IS bad stuff out there, though (especially if you are misfortunate enough to have to use Win9X + Outlook Express + Office 97) and "computer condoms" never hurt. "Computer safe sex" (and yes, I posted a number of tips for that too) never hurts, either. Combine the two and you shouldn't have trouble. :)