Following Up for the Week Ending 8/29/2010

feeds | grep links > Chrome Store Opens to Developers, Flash in Java, P2P Users as Innocent Infringers, and More

  • Google opens Chrome app store to developers
    The Register has more details on a move from Google that has been puzzling me. From their description, what “installing” a web app in Chrome will do is allow a traditional web application to customize Chrome’s, er, chrome with its own icon and such as well as getting some higher privileges to access the browser’s resources. I suppose the security implications aren’t very different from other kinds of add ons, many of which already integrate with web services. I do wonder if the lower barrier to entry than a proper extension might make auditing for securing harder just because of increased volume.
  • Java based Flash player
  • Legal analysis of Oracle v. Google
  • SCOTUS told P2P users can be “innocent infringers”

feeds | grep links > Framework for Badging Non-Profits, YouTube Experiments with Embeddable HTML5 Video, and More

“Yes Men” Using BitTorrent to Avoid Censorship

Ernesto at TorrentFreak has news of the latest with the duo who most recently drew unfortunate attention from the US Chamber of Commerce in response to them hijacking a press conference. I am surprised they didn’t try this sooner as the popular p2p technology has proven resistant to take downs, especially with the actions of the high profile Pirate Bay.

More specifically, the activists are using VODO, a BitTorrent powered platform that hooks into a variety of high profile channels including Lime Wire and The Pirate Bay. Being able to reach a larger audience than those already savvy with BitTorrent itself will help in their fund raising efforts for current and future projects.

“There are a few reasons why we chose BitTorrent. First off, it’s a way to avoid censorship,” Mike Bonanno told TorrentFreak. “This version includes video of an action against the US Chamber of Commerce that we are being sued for. No commercial outlets will touch it. We had a TV show scheduled on Planet Green and their lawyers nearly wet themselves when they heard we wanted to use footage of us making political mince-meant out of the largest lobbying organization in the world.”

Ernesto goes much deeper into the Yes Men’s views on distribution, piracy and the “copyright mafia”. Well worth a read and food for thought when consider the free speech burden that copyright and the current media distribution models impose.

“Yes Men” Use BitTorrent to Avoid Censorship, TorrentFreak

Following Up for the Week Ending 7/18/2010

Following Up for the Week Ending 7/11/2010

P2P Search Engine

The P2P Foundation blog has an intriguing post about Faroo, a P2P search engine. The idea is that client computers would actual do the indexing, sharing results with other peers in the system. As the article points out, this pushes control of index data out to the peers and helps anonymize collection and usage. Basing indexing on sites users actually visit sounds as much a limitation as the advantage of avoiding spam sites. I could easily imagine the index becoming too locally optimized if the number of peers is too small, as it is likely to be early on.

The other downsides mentioned remind me very strongly of the Tor project. I can easily imagine trying to use something like Faroo to find it runs at a fraction of the speed of more traditional, centralized search engines. However, more projects experimenting with using P2P as a base architecture makes me hopeful that there is a greatly likelihood of one such project cracking some of the adoption and scaling problems.

feeds | grep links > DoJ Fails to Report Wiretap Orders (Again), Ads with Cloud Printing, Ajax Library Targets Mobile Developers, and More

  • DoJ fails to report wiretaping activities to Congress, again
    Mike Masnick at Techdirt links through to some findings by Julian Sanchez that the Attorney General has failed for a period of some years to provide a report on the number of surveillance orders applied for by law enforcers. This report is meant to allow Congress to exercise proper oversight which has essentially just not happened for large swaths of the past decade. As Masnick goes on to explain, the DoJ has done this twice before, lapsing then dumping multiple years of data onto Congress effectively creating years of operation at a stretch where oversight was impossible.
  • HP experimenting with ad delivering on its cloud based printers
    Via Cory at Boing Boing, this Computerworld article has me very concerned. Automatically printing ads along with print jobs your submit over the net is very different from purely digital ads on web pages and email. A user of one of these printers is paying for consumables, most notably ridiculously over-priced ink. I don’t care if HP says their first test subjects didn’t mind, I have to imagine a majority of folks will be surprised, not sanguine, if not outright angry at the presumption.
  • ExtJS tries to harness developer outrage to fuel its new framework
    The Register has an announcement from the ExtJS folks, a dual license AJAX library, that they are launching a new project to compete with mobile apps by combining their library with a couple of others targeted at programming touch interfaces and vector graphics presumably including animation. I’ve worked with ExtJS in a professional capacity and I am not entirely impressed by this attention getting move. I won’t say the library is bad, it packs a lot of capabilities. However, I will say I don’t think it is any easier to program than the iOS or Android SDKs. If you want to target pure web applications using HTML5 at mobile devices, I am positive there are better options.
  • Inside Australia’s data retention proposal
  • Employee monitoring, when and why IT is expected to spy
    Via Slashdot.
  • More on issues, activism around filming police
  • VPNs not adequate to anonymize BitTorrent users

Bit Torrent Opens the Sources to uTP, Network Aware Protocol

This story at TorrentFreak by Ernesto is the first one I’ve seen in a while following a trend in which I was, and still am, very much interested. uTP, or micro transfer protocol, is an attempt by Bit Torrent, Inc. to make their swarming data transfer applications better citizens on the network. It is of a kind with Pando and P4P in trying to strike a balance between the demand for serving more data, faster, and not clogging ISPs’ networks in the process.

Reception for uTP, according to Ernesto, has been lack luster. The reason is that many have experienced drops in performance of file transfers, possibly attributable to the additional overhead the newer protocol requires. Opening up the sources is the company’s way of inviting the community to help address these criticisms.

As much as I admire the goal of uTP, the article explains that no ISPs have weighed in on how well it reduces the need for proactive network management. File sharers would like to avoid monitoring and throttling. Achieving that end also has the potential of easing the privacy concerns that arise from certain technologies, like deep packet inspection, often used to identify Bit Torrent traffic. I am a bit at a loss for the lack of at least feedback since almost every debate over network neutrality these days has the ISPs spouting off about reasonable network management. A congestion aware, manageable version of Bit Torrent seems entirely reasonable to me.

File Sharing and Privacy

I spotted a couple of interesting stories around the legal and technical aspects of privacy for file sharers.

TechLaw has a worthy clarification of the ruling on appeal for the Arista v. Doe 3 case. A lower court had equated publicly sharing a folder of files to a peer to peer network as an abdication of any 1st Amendment rights to anonymity. The 2nd Circuity clarified that there is a difference between publicly sharing files and one’s online identity. The difference is slim, though, as such privacy doesn’t insulate one from claims of copyright infringement, which still lie at the core of the case.

On the technical side of privacy and file sharing, Ernesto at TorrentFreak points to some research demonstrating how Bit Torrent is leaving its users wide open to discovery. Because the protocol needs to distribute quite a bit of data about members of a swarm, it not surprisingly makes it easy to observe and collect data about downloads and users. The recovered data included the content providers, or original seeders, not just the files and downloading users. Worse, the researchers were able to recover about 70% of the data when BitTorrent is run in conjunction with Tor.

The folks at the Tor project concede this is a valid finding and go on to explain why. They have actually been very clear from early on that Tor is not proof against close scrutiny. It can help preserve your anonymity but never made claims to bullet proof security. There is also the matter of trying to shoe horn the immense data usually flowing through a swarm onto the limited set of Tor relays.

Thankfully, the Tor maintainers welcome this kind of research, suggesting it is a good opportunity to keep re-evaluating privacy risks and developing better solutions, whether they are based on Tor or something else.