This is (another) security freak-out from the PlayBook. Is it really the case that Quantcast isn’t properly registering their certificates? What does it mean for the end-user to deny verifying the certificate?
The information contained in this screenshot lacks actual actionable information for most end-users, and they’re instead given a choice between X and Y without having any clear understanding of what either X (Decline) or Y (Accept) entrails.
The fact that American copyright holders basically govern an arm of the US government that can, and is, shutting down website URLs at the TLD root is terrifying. That degree of power, however, looks like nothing compared to what happened in the recent MegaUpload takedowns. Consider the following:
The width and breadth of the global police action are simply massive, and are, quite justly, being painted as a massive over-reach. The full indictment goes so far as to mention Canadian bandwidth provider Cogent, whose headquarter employees were even held and questioned during the raids this week. Indeed, anybody who provided bandwidth, rack space or Internet services appears to have been held, questioned, and/or pressured in the global raids.
The policy of seizing domains and hardware first, without any adversarial court process, limits every person’s ability to contest American efforts to silence free speech. Moreover, the maneuvers taken impose American understandings of American law upon all people living around the world. Such actions not only makes associating with certain others, and certain behaviours, legally dangerous but given a willingness to even threaten major ISPs’ employees it suggests that even third-party data transit providers are at risk. America is (rapidly) developing a policy process and technically-informed system capable of censoring any communication, any speech, any uploaded data that its rights holders believe might damage those corporations’ economic interests.
In the 30s and 40s there was a name for this kind of behaviour: fascism. We’re now witnessing the final stages of what was intended to be the greatest republic in the world go the way of Italy. All that stands between the RIAA and running considerable elements of American law enforcement are the courts.
God save us all.
From Ars:
… e-book publishing experts have concerns about the formatting that iBooks Author can output, which isn’t fully ePub 2 or ePub 3 compliant. Furthermore, Apple has added a clause to iBooks Author’s end user license agreement that prohibits selling e-books created with iBooks Author anywhere but the iBookstore.
…
“The offending language in the iBooks Author EULA is a condition on the use of the software, sort of disguised as a condition on the use of the books that are created,” Brown said. “Imagining how this might play out in a dispute reveals the nuance. Say a user makes her iBooks Author created work available for sale through some non-Apple platform. Would Apple sue, claiming that that book is infringing? Of course not—it would lose that lawsuit big time. Instead, Apple would claim that the use of iBooks Author to create that work violated this condition of the EULA, thus was beyond the scope of the EULA, and thus was infringement. Any lawsuit would be for infringement of the software, not of the book.”
On first glance, the new iBooks Author application looks really interesting. I’m incredibly impressed with it’s general ease of use and the capability to make works created through the application available to anyone using an iDevice. Unfortunately, I’m unwilling to produce works for a platform or publisher that so dramatically limits the scope of my potential audience. The licensing requirements mean that only freely available works can be made available in multiple domains, and inability to export to ePub (and expect it to work) means that I’d effectively be creating locked-in text for a hyper-small audience.
As an author, Apple is punishing me. Hell, if I were a content publisher (in the large commercial sense) that gave a damn about content accessibility I’d run for the hills.(Yeah, I know, there really aren’t many of those!)
The public shouldn’t regard the fact that major publishing houses have partnered with Apple as indicating any interest whatsoever in ‘democratizing’ education. No, what is really happening is a clever end-run around democratizing education. You see, by adopting Apple’s environment and charging for works, publishing houses are creating new license-based reasons to rebuff those who want publishers’ texts in standards-compliant, multiple-device accessible, formats. In effect, the publishers have single-handedly stepped into Apple’s reality distortion field to appear to be ‘reshaping education’ while actually locking out efforts to truly democratize textbooks.
Well played textbook publishers. Well played.
Nate Anderson writes, in reference to Spain’s new web blocking law:
Resistance from locals was fierce. The US embassy, which enthusiastically supported the Sinde law, noted that “serious challenges” lay ahead, that the law was opposed by Internet groups and lawyers, and that “the outcome is uncertain.”
Still, the government didn’t think much of the opposition. Carlos Guervos, Deputy Director for Intellectual Property at the Ministry of Culture, told the US ambassador that “the dogs bark but the caravan moves on” and that the law would be passed.
The dogs put up a good fight, though. As the BBC noted, “Last year hacktivist group Anonymous organised a protest at the Goya Awards—Spain’s equivalent of the Oscars—which saw several hundred people in Guy Fawkes masks booing the minister of culture while applauding Alex de la Iglesia, then-president of the Spanish Film Academy. The movie director had previously voiced opposition to the Sinde law on Twitter and later resigned over the issue.”
Then in late 2010, opposition parties managed to halt the bill in parliament. On December 21, the Electronic Frontier Foundation declared victory and said that a committee had “just stripped the website shut-down provision from the Sustainable Economy Bill”—in part due to the revelations about US pressure.
But the government found a way to bypass the barking mutts, leaving the law for the incoming administration to handle after November 2011. (The law was so unpopular that the former administration elected not approve it after huge levels of animosity surfaced on social networking sites.) The new government did so quickly, passing a modified version of the Sinde law—judges will now have to issue the actual blacklist order, for instance.
…
Whatever you think of the resulting legislation, the process was grotesque: the Spanish film industry got one of its officials into power, then promoted a tough new law backed by the threats (and even active lobbying) of the US government—though the US didn’t take the same measures itself.
This is yet another demonstration of American content industries’ ability (and willingness) to exert political pressure through the State Department to affect legislative changes around the world. It’s absolutely absurd that such a small segment of the American economy can wield such incredible power. The Web, and Internet, is larger in economic, political, and cultural importance than any particular group of rights holders; copyright should not trump the laws governing the next generation of content generation and dissemination. As a content producer – with items in print – it’s absolutely reprehensible that any rights holder would actively attempt to undermine the principles of open and free exchange of knowledge that the Web is based upon.
Jon Evans, over at TechCrunch:
More than two-thirds of iOS users had upgraded to iOS 5 a mere three months after its release. Anyone out there think that Ice Cream Sandwich will crack the 20% mark on Google’s platform pie chart by March? How about 10%? Anyone? Anyone? Bueller?
OS fragmentation is the single greatest problem Android faces, and it’s only going to get worse. Android’s massive success over the last year mean that there are now tens if not hundreds of millions of users whose handset manufacturers and carriers may or may not allow them to upgrade their OS someday; and the larger that number grows, the more loath app developers will become to turn their back on them. That unwillingness to use new features means Android apps will fall further and further behind their iOS equivalents, unless Google manages – via carrot stick, or both – to coerce Android carriers and manufacturers to prioritize OS upgrades.
Android fragmentation is a pain for developers and, perhaps even more worryingly, a danger for users who may not receive timely security updates. To be sure, Apple rules-the-roost when it comes to having better updated device, insofar as users tend to get their updates when they become available. Whether those updates contain needed security upgrades is another matter, of course, but Apple at least has the opportunity to improve security across their ecosystem.
Unfortunately, where Apple sees their customers as the people using the devices, Google (and RIM) both have mixed understandings of who are their customers. Google is trapped between handset manufacturers and carriers whereas RIM is largely paired with the carriers alone. Neither of these companies has a timely, direct, relationship with their end-users (save for RIM and their PlayBook, which has routine updates that bypass their mobile devices’ carrier-restrictions) and this ultimately ends up hurting those who own either companies’ mobile devices.
Google’s recent decision to integrate its social services into its search product has led to (another) round of outrage. There’s some speculation that the FTC and European Commissioners could launch anti-trust investigations, on grounds that Google is leveraging their search monopoly to unfairly muscle into other markets. Many of the popular tech news and gadget blogs are in an uproar (perhaps knowing it will lead to page views), with Gizmodo proclaiming that Google’s recent action “wiped out all those years of loyalty and goodwill it had built up” because while the new Google search service is
…ostensibly meant to deliver more personalized results . .. it pulls those personalized results largely from Google services—Google+, Picasa, YouTube. Search for a restaurant, and instead of its Yelp page, the top result might be someone you know discussing it on Google Plus. Over at SearchEngineland, Danny Sullivan has compiled a series of damning examples of the ways Google’s new interface promotes Plus over relevancy. Long story short: It’s a huge step backwards.
I actually use Bing a lot – it’s the default (and sole option) for native search on my phone – and I hate it. HATE IT. It’s really an incompetent search tool at this point. Google, even after integrating social results, works far, far better. Nevertheless, I get the complaints surrounding the anti-trust issues and even agree with them, to a point.
What is that point, you might ask? Well, there has been a long-standing discussion of whether we need ‘search neutrality’ along the lines of ‘network neutrality’, on the basis that people increasingly find sites via search rather than directly plugging in URLs. Thus, Google’s new approach could be seen as constituting a violation of so-called ‘search neutrality’. So, where does the question or issue arise? It’s when we ask this: do search algorithms, or sets of search algorithms, function as networks do – are they ‘dumb’ algorithms meant to get us and data from point A to point B – or do they constitute a form of creative expression, of speech? If you see the algorithms as speech then the notion of ‘speech neutrality’ seems awkward: such neutrality would insist that individuals/corporations moderate their algorithmically-derived ‘speech’ once they reach a certain size.
Whether there are anti-trust violations from Google’s integration of their social services into search will remain to be seen. The more pressing question, however, is whether we see algorithms along the lines of speech or raw data transmission from A to B. I suspect that this question will be addressed or discussed in anti-trust cases and that is where the real action will likely take place.
Over the past years, one of the things I’ve spent an inordinate amount of time researching and writing about has been security certificates and data transport security. This is just to say: I spend time in security and know more than a lot of non-technical people.
I have no clue what the fuck this message in the Kobo application for the BlackBerry PlayBook is doing here.
To be specific: I opened the app in a wifi-dead area that was dead in the middle of no where. There was no cell service. I checked with packet sniffing applications on my computer, there were no adhoc or other wireless networks. This kind of a warning indicates that some third-party was trying to intercept encrypted messaging traffic that was destined to Kobo’s servers but gives no indication of how or why this certificate problem was raised. In effect, it’s a warning “shit’s gone back, son!” without say “because X just happened!”
Security – on all devices – should be transparent to the user. The warning above (which I’ve seen in other PlayBook apps) is useless to the end-user because it gives no guidance as to what just happened, how to address it, or even how to learn more about the issue. While I commend RIM for making certificate errors so front and centre, presenting highly technical security information to the end-user is garbage unless you also inform them what the hell just happened.
Sprint does have terms and conditions which prohibit certain types of data use that may impair other customers’ usage or harm or interfere with the network. At yesterday’s investor conference, Sprint CEO Dan Hesse was referring to Sprint’s right to terminate service of data abusers who violate Sprint’s terms and conditions. Customers who abuse our network by violating the terms and conditions will be contacted by Sprint in an effort to have the customer change their usage to comply with their subscriber agreement. Customers who do not change their usage and remain in violation of the terms and conditions may be subject to actions reserved by Sprint, including but not limited to termination. Consistent with our advertising, engaging in such uses will not result in throttling for customers on unlimited data-included plans for phones.
This was how in the late 90s, early 2000s, ISPs dealt with their ‘heavy users’ (aka ‘early adopters). You’d typically get a semi-threatening phone call, with the person on the other end refusing to actually say “we have a cap of X amount of data per month” while simultaneously suggesting that your usage was at an (unspoken) amount that “was unfair to other customers.”
Only once, in many phone calls, did the person on the other end come clean. My account had escalated to a VP of the company and, surprisingly, the VP called me rather than give the case to a flunky. I think he was just curious to talk to someone who used amongst the most bandwidth in the country (I was 9th heaviest user on a ADSL connection for two months straight). He spelled out that no, I wasn’t really being “unfair to other customers” in the sense that I was consuming all the available bandwidth – the usual trope that was trotted out – but that I was being “unfair” in the sense that my level of data usage was so high that the data transit costs associated with my account were incredibly unprofitable for the company. I think they had to line up something like 150 other accounts against mine to be revenue neutral! The call was good though: I got a one hour lesson in the costs of data transit and a request – not demand – that I either reduce my consumption below a certain aggregate amount per 3 months or else I’d have to find a new carrier. I ended up sticking with them; while I wasn’t happy with complying with the request, it was by far fairer than any agreement I’d have gotten with one of the large ISPs.
I regularly hear people claim that there’s not enough legal enforcement of privacy. In some places, as a matter of practice, that may well be true. But there is no shortage of overlapping authorities with the power to bring or adjudicate privacy claims. Curiously, in privacy circles, most of the focus is on the enforcement actions of the DPAs. But in practice, the DPAs are just one of many different authorities who can and do bring privacy enforcement actions. And the trend is clearly going up, both in terms of the numbers of laws that can be violated, in terms of the severity of sanctions, in terms of the numbers of complaints that are brought, and in terms of the breadth of authorities who are involved in enforcing privacy.
Fleischer is Google’s chief privacy counsel, so he’s got a pretty good eye for what’s coming at Google (and other large data collectors and processors). I wonder, however, about the actual effectiveness of the legal challenges he refers to: Canada’s privacy law didn’t stop Streetview from coming into Canada but instead mediated some of its most invasive characteristics. Similar things can be said about powerful network surveillance apparatuses that are deployed by Canadian ISPs. My worry is less that large companies will be whacked with large fines, but that the regulation will serve to legitimize a lot of practices that legally are acceptable without being according with our social norms.
On the whole, I really like my PlayBook. That said, there are certain UI decisions that make absolutely no sense and are in desperate need of being cleaned up. One example: the URL bar in the default browser.
Excited Pixels