China’s Censorship Arms Race Escalates

Last week the China Digital Times reported that a photo (shown in the post) has been making the rounds in Chinese blogs and chatrooms. It is an image of a "computer science float" for Thursday's National Day parade, onto which somebody has photoshopped a screenshot of the Internet Explorer error message familiar to anybody who has ever tried to access a blocked website in China: "This page cannot be displayed." more

The EU AI Act: A Critical Assessment

The proposed new European Union (EU) Artificial Intelligence Act has been extolled in the media as a bold action by a major legislative body against the perceived dangers of emerging new computer technology. The action presently consists of an initial proposal for a Regulation with annexes from 2021, plus recent Amendments adopted on 14 June. This regulatory behemoth exists entwined among a multitude of other recent EU major regulations... more

Epsilon Interactive Breach the Fukushima of the Email Industry

A series of attacks on the Email Service Provider (ESP) community began in late 2009. The criminals spear-phish their way into these companies that provide out-sourced mailing infrastructure to their clients, who are companies of all types and sizes. ... On March 30, the Epsilon Interactive division of Alliance Data Marketing (ADS on NASDAQ) suffered a massive breach that upped the ante, substantially. Email lists of at least eight financial institutions were stolen. more

Facebook’s TOS Fumble

One big story of the day was Facebook's new and improved terms of service which this Consumerist post flagged and which set off a firestorm of controversy... What Was Facebook's Mistake? Facebook could have avoided much of the controversy by providing its users some advance notice of the upcoming changes. more

The FTC Authentication Summit

The Federal Trade Commission and NIST had a two-day Authentication Summit on Nov 9-10 in Washington DC. When they published their report explaining their decision not to create a National Do Not Email Registry, the FTC identified lack of e-mail authentication as one of the reasons that it wouldn't work, and the authentication summit was part of their process to get some sort of authentication going. At the time the summit was scheduled, the IETF MARID group was still active and most people expected it to endorse Microsoft's Sender-ID in some form, so the summit would have been mostly about Sender-ID. Since MARID didn't do that, the summit had a broader and more interesting agenda. more

The Christmas Goat and IPv6 (Year 5)

This year I didn't even get a good picture of our famous Christmas goat here in the city of Gavle Sweden. The Christmas goat this year survived Christmas but were suddenly on the 28th of December dismounted. The reason for the poor goat's early leave from its own little park downtown Gavle is that it is now the year of the goat in China, and the city of Gavle has a sister-town in China -- Zhuhai. more

Tracking Internet Piracy: Harder Than You Think

Wired Magazine recently published an article called "The Shadow Internet", where it says: "Anathema is a so-called topsite, one of 30 or so underground, highly secretive servers where nearly all of the unlicensed music, movies, and videogames available on the Internet originate. Outside of a pirate elite and the Feds who track them, few know that topsites exist. Even fewer can log in." But what are the difficulties in tracking and identifying these so-called topsites? Joel Snyder, a senior network consultant responds. more

Will VeriSign Be Able to Engage in Tiered Pricing for .com Soon?

According to the draft of new Generic Top-level Domains (gTLD) contracts for Section 7.3, "Price controls have been removed for 2008 in favor of the transparent pricing model outlined above." Section 3.2.b) of the .com registry agreement states: "ICANN shall not apply standards, policies, procedures or practices arbitrarily, unjustifiably, or inequitably and shall not single out Registry Operator for disparate treatment unless justified by substantial and reasonable cause." In my opinion, VeriSign (and other existing gTLD operators) are almost being invited to ask for their contracts to be amended... more

NASA Teething Troubles Teach a DNSSEC Lesson

On January 18, 2012, Comcast customers found they could not access the NASA.gov website. Some users assumed that Comcast was deliberately blocking the website or that NASA, like Wikipedia and Reddit, was participating in the "blackout" protests against the Stop Online Piracy Act (SOPA) going on that day. As it turned out, the truth was much less exciting, but it offers important lessons about DNSSEC. more

Spam Fighting: Lessons from Jack Bauer?

As I blogged about several months ago, as did numerous other anti-spam bloggers, David Ritz was sued by Jeffrey Reynolds and a judge in North Dakota agreed with Reynolds. At the heart of the case was that Ritz engaged in anti-spam activities using techniques known only to a small subset of advanced computer users, and used these techniques maliciously against Reynolds... Back in the olden days of spam fighting, some anti-spammers used to use malicious techniques against spammers in order to shut them down... more

WHOIS Users Facing Serious Challenges Caused by Post-GDPR Fragmentation

On May 25, 2018, the European General Data Protection Regulation (GDPR) came into effect, meaning that European data protection authorities (DPAs) can begin enforcing the regulation against non-compliant parties. In preparation, the ICANN Board passed a Temporary Specification for gTLD Registration Data - essentially a temporary policy amendment to its registrar and registry contracts to facilitate GDPR compliance while also preserving certain aspects of the WHOIS system of domain name registration data. more

Domain Registrars File Lawsuit Against ICANN

Members of the Domain Justice Coalition filed a lawsuit today requesting a temporary restraining order and other relief against ICANN to block the implementation of a domain name Wait Listing Service (WLS). The WLS was proposed by VeriSign, Inc. (pdf) and approved by ICANN in federal court in Los Angeles. The suit challenges ICANN's failure to comply with its internal decision-making process requirements when it approved implementation of the WLS in the face of opposition from domain name registrars, resellers and consumers. more

An Overview of the Concept and Use of Domain-Name Entropy

In this article, I present an overview of a series of 'proof-of-concept' studies looking at the application of domain-name entropy as a means of clustering together related domain registrations, and serving as an input into potential metrics to determine the likely level of threat which may be posed by a domain. more

The Digital Geneva Convention Exists: Just Use It

It is one of those surreal, ironic moments in time. This coming week, an event called the Internet Governance Forum (IGF) 2017 will be held at Geneva in the old League of Nations headquarters now known as the Palais des Nations. On its agenda is a workshop to discuss "A Digital Geneva Convention to protect cyberspace." If the IGF participants, as they enter the Palais grounds, simply look in the opposite direction south across the Place des Nations, they would see 100 meters away, a glass cube building provided by the Republic and Canton of Geneva. more

European Court Declares Dynamic IP Addresses are Subject to Privacy Protection Rules

The Advocate General, top advisor to the European Court of Justice, has issued an opinion today about Internet anonymity, Electronic Privacy Information Center reports. more