In 2020 a group of book publishers sued the Internet Archive over their Controlled Digital Lending program, which made PDF scans of books and lent them out from the Archive's website. For books still in copyright, the Archive usually limited the number of copies of a book lent to the number of physical copies of the book they had in storage. Several publishers sued with an argument that can be summarized as "that's not how it works." more
Listening today to the U.S. Congress' House of Representatives Subcommittee on Communications and Technology hearing on ICANN governance reminded me just how often Vox Populi Registry, the company bringing dotSucks names to the Internet, is a guest at parties to which it has never been invited. Sometimes, like today, we are able to view it all from a distance and mostly we have refrained from trying to correct every misstatement or argue each odd point. more
After a more than 100 year run, the end is nigh for plain old telephone service (POTS). Through most of recent history POTS was provided by monopolies, which were regulated at both the federal and state level. The new world is much more competitive; we can talk via cell phones, computers, traditional phones hooked to a variety of devices instead of the old phone line, and a plethora of new gadgets like tablets. Voice service no longer has to be vertically integrated. more
A significant rise has been detected in the use of malware aimed at harvesting consumer data, known as password stealers. more
Earlier this month, Avaya held a new type of customer event in Toronto, called Evolutions. They have been looking for better ways to bring customers together, so aside from their global event, they've put together Evolutions, which has a regional focus. The first one was recently held in Mexico to great success, and my understanding is that Canada was the next trial event, and that's what I attended in downtown Toronto... I'm almost certain I was the only Canadian analyst invited, so this may well be the only place you'll hear about Evolutions. more
I have written about the problems with the "little green lock" shown by browsers to indicate a web page (or site) is secure. In that article, I consider the problem of freely available certificates, and a hole in the way browsers load pages. In March of 2017, another paper was published documenting another problem with the "green lock" paradigm - the impact of HTTPS interception. more
US prosecutors have charged two Romanians with hacking Washington DC police computers linked to surveillance cameras just days before President Donald Trump's inauguration. more
"Reverse Domain Name Hijacking" (RDNH) is a finding that a panel can make against a trademark owner in a case under the Uniform Domain Name Dispute Resolution Policy (UDRP)... While neither the UDRP nor the Rules provide any further details or guidance, the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Second Edition, provides some insight into the circumstances in which panels have found RDNH. more
The Internet Infrastructure Coalition (i2Coalition) and The Domain Name Association (DNA) have announced their intent to merge, forming the largest Internet infrastructure advocacy group in North America. more
Last week, comments were filed with the FCC in response to the Berkman study of international broadband comparisons... Many of the comments were not supportive of the Harvard Berkman study. In an earlier blog posting, we had observed that there appeared to be statistical problems in the Berkman study that would not hold up to peer review. Our comments may have understated the extent of the problems. more
A new report on 5G and geopolitics by Oxford Information Labs details the complex landscape of 5G security. Importantly, it draws out how a variety of proven technical concerns around the quality of Huawei security practices and equipment are drowned out by the US' Twitter diplomacy. Critical international dialogue on genuine cybersecurity concerns relating to 5G and Huawei are being lost in the noise of the US-China trade war. more
The Anti-Phishing Working Group has released its latest Global Phishing Survey, written by myself and Rod Rasmussen. This report comprehensively examines a large data set of more than 250,000 confirmed phishing attacks detected in 2015 and 2016. By analyzing this cybercrime activity, we have learned more about what phishers have been doing, and how they have done it. Unfortunately, there's more phishing than ever, and phishers are registering more domain names than ever. more
UK government today announced the release of a new cyber security standard for self-driving vehicles. Funded by the Department for Transport, the British Standards Institute has developed the guidance to set a marker for those developing self-driving car technologies. more
Given that CircleID is about "Internet Infrastructure" it would be remiss if there wasn't a mention here that October 29, 2014, was the 45th anniversary of the moment when the first message was sent between two ARPAnet computers located at UCLA and the Stanford Research Institute (SRI). That moment was chronicled well this year by Matt Novak writing on Gizmodo's Paleofuture, complete with photos of the original logs and more. more
The international press is alight with reports of various countries considering privacy and anti-spam legislation. It appears that many countries have arrived at the logical conclusion that after years of supposed 'self regulation'; some marketers must be brought to heel by way of regulation and law, to stop abusive practices. more