FCC ruled against Comcast

Posted on by
Reply

Comcast was throttling BitTorrent. On Friday 1st August, FCC ruled against Comcast. Comcast is not allowed to block or throttle any P2P traffic. FCC pushes for strict net neutrality (regardless of the legality or illegality of the transferred data). Nevertheless, FCC did not fine Comcast.

FCC’s message is clear. Illegal activity on P2P cannot be fought through throttling or any other type of bandwidth shaping.

Legal eavesdropping

Posted on by
Reply

Swedish government passed a law that allows eavesdropping of any communications that is passing the border. It means that any mail, or phone conversation may be read or listened to. Obviously, the announced argument is to fight terrorism. More than 1 millions Swedes protested by mail. They claim that is a blow to privacy.

More and more such types of laws are passed by many governments. Another example is the law that allows to open laptop at US borders (I will come back to it soon) Does fighting terrorism require to loose privacy? I doubt. There are two possibilities:

  • Legislators believe that they will really fight terrorism with this type of method. This is probably wrong. We should stop to believe in the image of stupid terrorist. They will be able to use modern tools to hide the communication. They may encrypt mails or communications. Or even better, if they want to be stealthy, they may use stenography.
  • Governments cannot on one hand claim they fear cyberterrorism that requires cyber attackers and in the other hand use methods that any beginner hacker could bypass.
  • Or legislators do know it is snake oil. Then either they use it for theatrical security (to reassure Joe Sixpack), or for an hidden agenda.

According to you, which one is the good explanation?

Comcast throttling BitTorrent: trouble

Posted on by
Reply

ISP throttling P2P networks is not new. But often, they just control the bandwidth once they identified P2P packets. It is why encrypting the transfer (BitTorrent has an encryption mode) often cures throttling. Comcast uses a new method, deployed by Sandvine, of throttling. When a comcast peer seeds a non-comcast user/peer, after a few seconds Comcast issues a reset (RST) packet to the non-Comcast user. This has two consequences:

  • The non comcast-user losses its seed
  • The comcast-user losses some upload bandwidth. This may have an impact on the transfer ratio in case of private P2P. In these P2P network, the more you seed, the more and faster you receive

Of course, the community immediately reacted and worked on the problem. The nicest solution is based on the use of Linux Firewall. It is possible to filter the RST packets, thus stopping the throttling. Some sites provide all the information to setup the filtering for different Linux distributions ( For instance Tux training)

But was is more interesting is the reaction of the FCC. It is expected that FCC will order Comcast to cease throttling. According to a majority of members of FCC, they believe it is illegal to throttle without informing customers. Decision to be announced in the coming days.

We may expect some ISPs soon to change their licensing conditions and put in it that they may throttle. If there is an obligation to announce clearly throttling, this will be an argument for choosing his/her ISP (with or without throttling).

Yahoo will not deliver new licenses

Posted on by
Reply

In April 2008, Microsoft was announcing that it was closing its MSN music service. As consequence, it announced that it would not anymore deliver licenses for purchased songs.This time, it is Yahoo music store that announces its closing end of September 2008.

Once more, user will loose their purchased songs if ever they change the computer, or even upgrade it. This is due to so called computer fingerprinting. The license is attached to the computer and not to the user. To attach it, the DRM embeds in the license parameters that are supposed to uniquely identify the computer, for instance mac address, serial number of the hard drive, of the OS, … This disables illegal duplication of the license. But as a consequence, if the user changes his/her computer, then the licenses are not any more valid. The user has to request new licenses to the DRM server for his/her new computer. This operation will not be any more supported.

Yahoo proposes two alternatives to its customers:

  • Reimburse the lost songs
  • Migrate the license to Rhapsody Unlimited service that will continue to operate.

Once more, this event will give arguments to the opponents of DRM. Is there any solution to this type of problem. In theory yes. The first onbe is the mythical DRM interoperability. It should be possible to migrate all the songs to another DRM seamlessly. A second one is to attach the license to the user and not to the computer. The notion of domain, initially defined by DVB-CPCM (and :Wink: SmartRight) and now adopted by OMA is a potential answer. The domain is linked to a user or a familly and not to a given device.

PS: Follow up of Microsoft story, In June, Microsoft announced that it would operate the license server until end of 2011. This is another solution.

Fair use and video online

Posted on by
Reply

The US Center for Social Mediarecently published a report entitled Code of Best Practices in Fair Use for Online Video. Its aim is to help creators to interpret the copyright doctrine of fair use. Fair use is a set of exceptions defined by the DMCA. The document does not define the limits of fair use. When reading it, you quickly understand that these limits are extremely fuzzy. Everything is about balance and judgment.

The paper gives a good overview of fair use doctrine. It clearly states the two questions which are at the heart of fair use:

  • Did the unlicensed use “transform” the material taken from the copyrighted work by using it for a different purpose than that of the original, or did it just repeat the work for the same intent and value as the original?
  • Was the material taken appropriate in kind and amount, considering the nature of the copyrighted work and of the use?
  • Then, it provides some guidelines for 6 typical cases:
      • Commenting on or critiquing of copyrighted material
      • Using copyrighted material for illustration or example
      • Capturing copyrighted material incidentally or accidentally
      • Reproducing, reposting, or quoting in order to memorialize, preserve, or rescue an experience, an event, or a cultural phenomenon
      • Copying reposting, and recirculating a work or part of a work for purposes of launching a discussion
      • And quoting in order to recombine in elements to make a new work that depends for its meaning on (often unlikely) relationships between the elements

The funniest part of the document is the section about myths and truths of fair use. Some supposedly questions:

  •  If I’m not making any money off it, it’s fair use.
  • If I’m making any money off it (or trying to), it’s not fair use.
  • Fair use can’t be entertaining
  • If I try to license material, I’ve given up my chance to use fair use.
  •  I really need a lawyer to make the call on fair use.

If you ask yourself some questions about fair use, read it. Although its target is video, I am sure that it is easily extrapolated to other type of copyrighted materials.

Malware in mails

Posted on by
Reply

We are used to the typical malware hosted in mails. They are often based on basic human instincts such as lust or greed. How often are we proposed pictures of nude artists? By the way, this could be an excellent way to decide who is believed to be the sexiest woman in the world: Measure their occurrence in the malware mails. Normally, you should only use the most attractive ones.In view of my junk mails, it seems that Angelina Jolie is leading these last weeks.

Often these mails are so rudimentary that they may be spotted even by unaware people. Often wrong spelling and weak grammar are a good signature. Nevertheless, I received an interesting one, that was better elaborated than the usual ones. It is why I looked at it rather than deleting it immediately. It was titled customs, please read. Here is the text

Good day,

We have received a parcel for you, sent from France on July 9. Please fill out the customs declaration attached to this message and send it to us by mail or fax. The address and the fax number are at the bottom of the declaration form.

Kind regards,
Frederick Shepard
Your Customs Service

Of course, the attached file was containing a Trojan named BKDR_AGENT.SHH. This Trojan is known for more than one year and detected
by anti viruses. Nevertheless, from the social engineering point of view, it was a nice piece:

  • It presents itself as coming from customs. Customs are official entities, thus in theory trusted. You are always careful with customs.
  • The address and the fax were supposed to be in the attached declaration form. Thus, you would have to open it, and trigger the malware.
  • The email address was customs_service@bluejeanc.com.tr. Looks very official. Blue jean mail lead to believe that it is a selling site (this is not the case).

There is still one error. I am located in France. So why should a parcel sent from France need any custom clearance. Still some effort to do for the malware writers. But they progress.

YouTube will not have to provide private data

Posted on by
Reply

Next sequel in YouTube-Viacom litigation. You tube was requested by a judge to handover Viacom the IP address and list of viewed clips of each viewer. (See Blog of 10th July) Fortunately, YouTube and Viacom reached an agreement. The data will be anonymized before to be passed to Viacom.

This is at least true for normal users. Viacom maintains the requests of these identified data for YouTube’s employees. The objective is to prove that YouTube was aware of these infringements. In retaliation, YouTube will ask the same data for Viacom’s employees who browsed YouTube. The objective is to detect eventual Viacom’s people posting copyrighted clips.

Let’s wait next movement. Nevertheless, we can applause two companies that found an agreement on a legal decision that preserves privacy.