http://www.christonium.com/Jared/ Events & Issues Thu, 18 Mar 2010 06:40:48 MST en-us http://www.christonium.com/Jared/ISPY_and_SPY_Act_Discussion http://www.christonium.com/Jared/ISPY_and_SPY_Act_Discussion Fri, 08 Jun 2007 12:18:19 MST What is your reaction to the recent I-SPY and SPY acts? Do you think thess bills can cut down on Internet spyware and make the web more safe or do you think they will have little effect on Internet privacy and security issues? Do you think this type of legislation is necessary? What role do you believe the government should take in regulating the Internet and related software? How do US bills like I-SPY and SPY effect the global scope of Internet privacy and security issues? http://www.christonium.com/Jared/Spiders_and_Caching http://www.christonium.com/Jared/Spiders_and_Caching Fri, 08 Jun 2007 12:17:29 MST Search engines like Google, Yahoo, and MSN use programs that search the net for web pages, documents, images and so forth. These programs are called spiders; spiders crawl over the web in search of new and updated content. When new content is found it is downloaded and indexed, or cached. This allows google to sort search results before the search is ever even submitted to them. When you go to google and search for something like "school paper" you get a list of websites that are in some way related to the words "school paper". If you look closer you'll see a little link called "cached" at the end of every result. If you click on that link you will be taken to the website as it appears on google's web servers. A search engine's cache of webpages is permanent, and they're not the only ones doing it. There are services out there that let you browse websites that are a decade old and don't even exist anymore. You can prevent search engine spiders and similar web applications from caching if you create your own website and have the technical knowledge to do so but if you do this then nobody will ever find your website. If you allow you site to be open to the public anything you write on the web is permanent. In other words, any time you post information that can be found by a search engine the content you have posted is filled in multiple permanent records, even if you later decide to delete the content. When a web application or web site is to spiders and caching the damage is permanent. There are a few places where you don't have to worry about this so much. Generally, email is fairly safe, but email providers usually hold on to your deleted mail for months after your supposed to have deleted it (read their user agreement, I can promise you it will say that). Facebook is free of caching compared to myspace, but it's not a fundamentally secure site ever since they opened up to non students. The only website I can think of that lets you be truly anonymous and free of caching is christonium.com. http://www.christonium.com/Jared/Spiders_and_Caching_Discussion http://www.christonium.com/Jared/Spiders_and_Caching_Discussion Fri, 08 Jun 2007 12:17:28 MST Do you think that caching is an important privacy issue for internet users? What do you think about email providers holding on to your deleted mail for several months after you requested its removal? What sites on the Internet are you aware of that actively combat caching and promote Internet privacy and security? Do you know of any similar issues or related news? http://www.christonium.com/Jared/Browser_Security_Poll http://www.christonium.com/Jared/Browser_Security_Poll Fri, 08 Jun 2007 12:16:54 MST I read a poll published Oct 27, 2004 from Bentley College that states "49 percent of internet users are not aware of security flaws in Internet browsers"(see: http://www.bentley.edu/news-events/pr_view.cfm?id=1648) . Further, "48 percent are rarely sure or are unsure that sensitive information is encrypted before transmitting it over the Internet". I'm sure that these figures have changed slightly since the end of 2004, but I don't think public awareness of Internet security issues has significantly changed. Very few Internet business even address browser security issues beyond general warnings and, for the most part, web publishers seem dependent on tracking tools to target potential customers or deliver targeted ads. A major security issue on the internet are scripts that are uploaded to sites like myspace where anyone can put up just about anything. Myspace is a large Internet service that appears safe because of it's popularity. What people don't generally realize is that accounts are often fake and that the owner of an account has almost complete control over a visitors web browser with virtually no oversight or restrictions. Browser security concerns are not solved by updating browsers or turning off javascript. Statistics show that a little less than half of all Internet users are even aware of security flaws. You will find significantly fewer people are aware of the vast amounts of personal information being collected by websites today. There are also very intrusive methods used to collect information of which 99.9 percent of people are completely unaware of (see Spyjax for an example). The language used to describe security problems is no help either. Existing security and privacy language is far too technical and provides no simple answers to privacy and security concerns. The average Internet user will probably see words like "javascript" and "cookie" as tech-talk and ignore these important issues all together. http://www.christonium.com/Jared/AntiSpyware_Bills http://www.christonium.com/Jared/AntiSpyware_Bills Fri, 08 Jun 2007 12:16:37 MST The U.S. House of Representatives has recently passed two anti-spyware bills. The Spy Act passed this week by a margin of 368-48. It is significantly stricter than a competing measure dubbed the Internet Spyware (I-SPY) Prevention Act, which the House passed last month The Spy Act calls for penalties for anyone who causes software to be installed on a PC without first clearly notifying and receiving the consent of the end user. It also proposes punishments for those who distribute software that tries to bypass a computer's security mechanisms, transmits personal information about the user without notification or is used to carry out a federal crime. "The bill, as currently drafted, would regulate every Web site on the Internet and for any site that collects any 'personal' information, a proscriptive notice pop-up box would appear," Mike Zaneis, an opponent of the bill and a vice president with the Interactive Advertising Bureau, told CNET News.com. "Congress is not capable of carving out all of the benign technologies that currently exist or will be developed in the future." Among the legitimate activities critics say could be threatened by the bill is the use of cookies. Instead, technology companies are throwing their weight behind the I-SPY Prevention Act, which takes a much narrower approach to combating "malware". I-SPY creates penalties of up to five years in prison for some spyware-like behavior. Kevin Richards, federal government relations manager for Symantec Corp, said the bill is a "needed piece of legislation in order to protect consumers", adding that many online identity theft schemes start with spyware on a victim's computer. However, the proposed bill's penalties may be superficial. Last month, the Electronic Frontier Foundation issued an alert about the SPY Act; they oppose the bill because they believe it will preempt tougher state laws against spyware and hacking. EFF lawyer Fred von Lohmann wrote that "in fact, having been massaged by lobbyists for the software and adware industries, the bill would actually make things worse, insulating adware vendors from more stringent state laws and private lawsuits". In May 2005 the House passed I-SPY and a second spyware bill. The Senate did not pass these bills partly because of concerns that they too broadly defined spyware. Currently, there appears to be less opposition to I-SPY because it has "broad support from the industry," said Geoff Gray, legislative consultant for the Cyber Security Industry Alliance, a trade group. "It concentrates on bad actions as opposed to bad technologies." I-SPY now goes to the Senate for consideration but two champions of antispyware legislation in the Senate, Republicans George Allen of Virginia and Conrad Burns of Montana, were defeated in last November's elections. Although Burns and Allen are gone Gray believes that I-SPY has a "decent" chance of passing the Senate. He added that the House may have given it a better shot by not passing the more controversial SPY Act at the same time. Representatives of tech-focused senators said their bosses are looking at antispyware legislation. "It's one of our priorities," said a spokesman for Senator John Ensign, a Nevada Republican and cosponsor of an antispyware bill in the last session of Congress. Senator Ron Wyden, an Oregon Democrat, is also looking into the issue, a spokeswoman said. Wyden, cosponsor of the broader antispyware bill in the Senate last Congress, is "looking into what he feels the correct course should be legislatively ... based on the way the spyware issue has evolved over the last two years," said spokeswoman Melissa Merz.