Average Americans tend to see the Internet as safer and more secure than it is partly because they operate under a simplified notion of what the Net is.

Jeremy: As John Edwards might say, "Let's hear it for Average Americans!"

Me: No comment.

The cyberworld in which we live at the moment resembles the snarly Gibsonian version more closely than it does the harmless version put forth in commercials touting e-commerce. In this real cyberspace, skilled hackers attack large institutions — including the federal government — and equally brilliant ex-hackers try to fend them off. The two sides fight each other to a fragile standstill, break off, and go back at it again the next day. The realization that hackers sometimes win caused the Pentagon last week to cancel a plan that would have allowed military personnel and other Americans in 50 foreign countries to vote via the Internet.

The New York Times is tuning onto the same channel as Gibson.

The Hard Way to Learn That the Internet Is Not Disneyland

] Once upon a time, there was a SPC Schwarz stationed with
] the Army in the Balkans. SPC Schwarz was either very
] clever or very bored; but probably both, since he managed
] to attempt or be warned about 213 things he wasn't
] allowed to do. He collected those things into a
] hillarious list and posted them to the web. The site
] hadn't been updated in a couple of years and has since
] gone away; but the list is classic, so I saved it.

There are some great ones in here..

87. If the thought of something makes me giggle for longer than 15 seconds, I am to assume that I am not allowed to do it.

I live by that rule.. :) [ Its more like 30 seconds. -ed ]

213 things you can't do in the Army

Decius wrote:
] It turns out that the MemeStreams Bookmarklet has not worked
] in IE since I made the changes needed to support Safari back
] in July. No one told me about it until yesterday. The
] bookmarklet has now been repaired. If you know anyone who had
] trouble with this in IE during the past few months, please let
] them know that the bookmarklet has been updated. They can
] reinstall it and it will work fine.
]
] Thank you Apple for not only creating a third way to call
] document getselection, but also doing it in a way that sends
] Microsoft browsers into lala land. You truly suck.

You left out the single most important word, the one that explains everything: Javascript.

RE: MemeStreams broken in IE!!

Elonka wrote:
] For those of my friends and associates who have been asking me
] questions about how to get started on Memestreams (and for
] anyone else who finds this of use), here's the four-step
] QuickStart:

Click through for a short guide to getting started using MemeStreams.

Someday we will have an intuitive new user process that directs you through installing the bookmarklet. In the meantime, we have Elonka. :)

RE: Memestreams QuickStart

Decius wrote:
] Should the government force me to be private even if I don't
] want to be? I don't think so. The government should create a
] framework in which we can make choices.

They can force you to keep certain (or better) records, and have been doing so in various industries such as healthcare and accounting. If that's happening, rules that say what information can't be kept (or used in certain ways) could be crafted as well. I could envision laws that either have something to do with protections or disclosure.

The disclosure angle is both tricky and interesting. Think about your average online transaction, and the various parties your information passes to/from. Might be a group like Amazon, Visa, your bank, and UPS. There are also a few additional parties in there, such as companies contracted to handle transactions, accounting, etc. Its probably complex as hell..

Picture a requirement, in lets say 5 years, that every company you deal with online has to be able to present you with a detailed individualized privacy report. That type of empowering of the consumer would result in an interesting form of distributed oversight, not to mention education and awareness.. That's the type of thing I'd like to see.

] The system is not responding to your interests.

The number of people concerned about these issues is growing, as we said it would. I am still confident that will change.

] We ought to curtain the data the government shares.

I am of the opinion that some top down clue is necessary. Most of the real problems occur at the "DMV level". Note I said top down clue, not top down control. I think these ID systems should all remain state level concerns, but a shared strategy or set of guidelines for protection of privacy seems like a good idea. The national ID doesn't.

] 3. The most important thing that we need is awareness and
] sophistication about this issue with the general populace.
] Levels of understanding have improved a great deal in the last
] 20 years, but there is still a lot of road to cover.

This is one of the reasons I think strategies that push for more disclosure are good ideas. As you indicated earlier, the absolutist approach to privacy can't work. The best way to teach someone is to throw information at them, in context. People don't spend much time reading privacy policies, but they do go over whatever "my account" information the site provides them. That is where the consumer needs to be provided with more information.

] There is no reason why Google can't discard the last two
] octets of your IP address. It will not impact their
] demographics at all, but it would provide enough protection
] against turning their database into a thought crime monitor.
] And they'll do it, but only if we demand it.

Google might disagree with you. That may cause more problems for them then it solves for anyone. Given cookies and ways to cross-reference them with things like Orkut, it really wouldn't matter either.

The weak part in the chain, at least as far as the Patriot Act angle goes, is the removal of judicial protections. Not the information or the ability to relate it. With most ID concerns, the problem is parties releasing information without permission, or failing to protect information.

Companies addressing these issues will become in vogue at some point. Just mark my words. It will be used to build trust with their customer base. In terms of long term trust, many of the companies in the position to be a "leader" in the space have only been around for a few years. Google should care right now about how I'm going to feel about them in 4 more years. Same for Amazon, B&N, etc..

RE: Wired News: Great Taste, Less Privacy

] A patron walks into a bar and orders a drink. The
] bartender asks to see some ID. Without asking permission,
] the barkeep swipes the driver's license through a card
] reader and the device flashes a green light approving the
] order.
]
] The bartender is just verifying the card isn't a fake,
] right? Yes, and perhaps more.

[ Best freak-out tone ] Now the FBI is going to know everywhere I ever go!! Is no place save anymore!? [ / ]

Seriously though.. Just last night, out with ballsdeep, he had a problem with the way this girl ID'd him, making it necessary for us to flee the bar.. That didn't even involve a scanner. I think she was hitting on him. She asked me my sign. Usually, my Jersey license just gets a kinda sneer.. Something you have and something you know? That's a better way of validating the ID then asking my birthday. This night, the bar got a lot of information. However, I feel bd misinterpreted the situation.

Vegas for instance.

What can you say after that?

Anyway.. After a few very high profile shit storms come down on venues that misuse collected information, it should become apparent that if you screw your customer base, they will find out, and not be happy about it. People still do need to be more aware of when their information is collected and how it is used. Entities who collect information also need to be aware that it is their responsibility to protect the information they collect from being compromised and misused.

Oh yeah. I am a big fan of "opt-out".. As I was reading this article, I found myself contemplating a "the ID doesn't leave my site" policy. The situations I really don't like, are the ones when someone takes your ID away from you and checks it. Like restaurants where the bartender has to check the card, so the waitress takes it. Its not like my credit card, it doesn't need to be verified against something external. That shouldn't be necessary. Everytime that happens, I feel like they take the thing somewhere, photo copy it, it gets entered in some database, images of old punchcard computers fly through my head and morph into things spitting out junk-mail envelopes, etc.. I don't mind when the person I'm interfacing with needs to know who I am, and authenticate my age. That's ok. Its when the information spreads outside that transaction space, it becomes a problem. I feel like I should ask for a printed privacy policy.

This whole situation is one of the reasons I love my Jersey ID. No barcodes. No chips. No mag strips. Its laminated even! Very low tech. However, a skilled eye can tell a fake. I'm going to miss it when I switch over to Cali.

Here is a question for the MemeStreams community.. If you were proposing legislation for laws governing how venues can collect and use information from IDs, what would you propose?

Wired News: Great Taste, Less Privacy

] The Pentagon will scrap the Secure Electronic
] Registration and Voting Experiment (SERVE) until the
] current system can guarantee the security of the voting
] process or a new system is designed, a Defense Department
] spokesperson said.

This was covered earlier. Good outcome.

Pentagon scraps flawed Net voting plan | CNET News.com

] "The Government must play a greater role in punishing
] those who conceal their identities online, particularly
] when they do so in furtherance of a serious federal
] criminal offense or in violation of a federally protected
] intellectual property right," (Lamar) Smith said at a hearing on
] the topic today.

Congress wants to make it a federal crime to lie on your domain name registration. If you do not make your real address, telephone number, and email available to everyone on earth you can be sentenced to federal prison time (in this version you'd have a sentence for another crime extended). This came up in last years legislative session as well. The thing that makes my blood boil about this is that the spin is totally wrong. The copyright people are lying through their teeth, this journalist can't see through it, and the CDT/ACLU don't understand EITHER so they are providing the wrong counterpoints, almost assuring that this will pass!

This article lets slide absolute lies like:

] Smith and Berman drafted the bill after receiving complaints
] from the entertainment and software industries that much of
] their material is made available for free on Web sites whose
] owners are impossible to track down because their domain
] name registrations often contain made-up names.

No web site owner is "impossible" to track down!

DNS whois information is made available for reference. It is intended to assist communication between administrators who run networks, for security or network management related reasons. It was not designed for lawyers or police. It was also not designed with the modern spam and stalker infested internet in mind, and therefore often people fill it out with false information, especially if they aren't a business entity.

If you want to track down someone on the internet for a legal reason, you do not use the DNS whois system. That is not what the DNS whois system is for. You do a nslookup on the domain name and get the IP address. Then you use the ARIN whois system, (a completely different and totally unrelated database that used to run on the same software) which tells you what ISP an IP address has been issued to. ARIN whois is usually correct. If it is not correct you can complain to ARIN and they can check their records. Their records are always correct unless the IP addresses have been stolen (and if you're dealing with stolen IP addresses you're way past the point where DNS whois is going to help you, federal crime or not). Either way you'll get an ISP. You then go to a court and get a subpoena, and send that subpoena to the ISP, and the ISP produces contact information for the customer. This always works.

Let me be absolutely clear about this. Requiring people to keep accurate dns whois records has absolutely nothing at all to do with being able to track down domain holders on the internet. You can always do that today. Forcing people to keep accurate dns whois records is about being able to track down domain holders on the internet without court authorization. We should not allow that.

What really pisses me off here is that no one on "our side of the fence" in this debate is making that point. We're going to loose this one if the discussion isn't forced back into the realm of reality. If this is about people committing crimes on internet sites that can't be tracked down by any means, we'll be passing laws based on a complete fantasy.

Kids, this is exactly how bad law happens.

Congress Eyes Idiotic Whois Crackdown

] I was 23-24 years old when I wrote these diaries. I
] certainly wasn't planning on publishing them when I wrote
] them; so reading them now either makes me laugh, cry or
] cringe. I will not make any claims to being a gifted
] writer or diarist, but the aim here is to give the reader
] some sense of what it was like to tour across the USA in
] a van with a punk rock band in the mid to late 1980's.
] Some say this was the heyday of independent rock music
] and the college radio scene. I would bet we worked harder
] and played many more shows than many of today's
] 'alternative' rock bands will play in their short-lived
] careers.

Dean Clean has put up a Moveable Type blog, and is posting commented entries from his journal covering the Milkmen's first tour. Other members of the band are also adding comments. You can follow the band on their tour, 18 years lagged.

Also, they have a number of music videos available for download from their main website.

The Dead Milkmen are required listening. Don't trust anyone who says they do not like The Dead Milkmen.

The Dead Milkmen: 18 years ago

] The new law hasn't had an effect on the amount of spam
] being sent, either. "There's been no reduction in the
] volume of spam," says Scott Chasin, MX Logic's chief
] technology officer. "In fact, the exact opposite--our
] spam rates are actually going up."
]
] MX Logic classified 77 percent of its customers' e-mail
] as spam on Monday, up 6.5 percent from January 1.

SPAM continues to grow exponentially. At these rates I think there is about a year left before people will start exiting SMTP in favor of closed systems.

PCWorld.com - Is the CAN-SPAM Law Working?