Some notes about Broadband World Forum Asia 2008

Posted on by
Reply

I chaired the Hot Session at this conference. The topic was “Peer To Peer: opportunity or threat?” The two panelists were rather in favor of P2P although they highlighted some threats. The best quote from Shashi: “P2P means also People To People” I love this one.

Two sessions were interesting from the security point of view. The first one was “VoIP security: Myths and Realities”. The papers were not technically detailed. The most interesting part was the discussions and Q&A. Final conclusion: “Encryption for VoIP is probably useless from the security point of view, nevertheless it makes people feel more comfortable.”
The risk of eavesdropping in a cafe the unsecure wireless transmission is probably not serious. There are easiest ways to listen the speakers such as being near or high quality microphones. The risk of a eavesdropping by government wiretapping is balanced by the legal requirement asking for such feature. In other words, if you want it to be secure, either use an independent scrambling codec, or use a VPN.

The second session was “Monetizing Content: 360 degree view of the customer”. Two speakers were extremely interesting. Daniel Brody VP of Tudou (The Chinese YouTube), and Ringo Chan VP of Tuner International. Some interesting comments/facts. According to Mr CHAN, the release window of VOD will soon coincide with the release window of home rental, i.e., the DVD sales. Currently, VOD occurs one to 3 months after DVD release. The future of VOD will be difficult in China when you find high quality DVD for 1$ at each corner street months before the official DVD release. Tudou succeeded to have a commercial agreements with Chinese content providers. It was far easier than with Western content providers. Chinese content providers do not have complex business models such as windows release. An interesting revelation from Dan. User Generated Content (UGC) is about buzz. And it is extremely easy for UGC sites to create the buzz on the clips they want to promote. He revealed that they are very good at this game.

iPhone 3G hacked

Posted on by
Reply

It was even faster than expected. One week ago, Apple launched its iPhone 3G. Apple claimed that this time, unlocking would be unbreakable. Remember that it took one month last summer to first hackers to unlock the iPhone (see newsletter n°7). As always, our law 1 proved to be true: Attackers will always find their way. Already two attacks are available. A team of Brazilian hackers has unlocked it using a SIM card emulator. We are now waiting for the software-based unlock. iDev Team has jailbroken the iPhone 3G allowing access to its system. First step in that direction. Jailbreaking allows to add homebrew applications to the phone.
See site iPhone hacks

Watermark and privacy

Posted on by
Reply

The Center for Democracy & Technology (CDT) issued an interesting paper titled “Privacy principles for digital watermarking“. CDT published similar principles of other technologies such as RFID or DRM.

The document proposes eight principles:
1. Privacy by design; Interestingly in this principle, CDT recommends that the digital watermark technology providers imposes, by contract binding, to the application designer to respect privacy issues. This is highly ethical but is it realistic in business environment?
2. Avoid embedding independently useful identifying information directly in watermark; in other words the payload should look random without access to relevant information
3. Provide notice to end-users; CDT provides an interesting rationale to inform end users if the watermark is used against copyright infringement. End user should secure his/her content to avoid theft by third parties; else they may suffer from legal actions.
4. Control access to reading capability
5. Respond appropriately when algorithms are compromised; Their recommendations is not to renew the algorithms as technologists would recommend. Rather, CDT recommends to publish a notice if the hack allows watermark forging. I am not sure that this will be loved by technology provider
6. Provide security and access control for back-end databases
7. Limit uses for secondary purposes
8. Provide reasonable access and correction procedures for personally identifiable information

The principles are sound and many of them apply to other security related techniques. Of course, in view of the goal of its editor, some recommendations are Utopian. This document is worth reading.

Are modchips illegal?

Posted on by
Reply

Modchips are components that are added to a game console in order to gain new features, often possibility to play replicated games. Modchips require the opening of the console and soldering of a chip on the board. Of course, the addition of a modchip to a console means the loss of the warranty.

In the US, modchips fall under the realm of DMCA. Often the games are encrypted, and thus fell in the scope of DMCA. But, is it the case in all countries? Last month, it seems that English judge Jacobs ruled in favor of legality. Mr Neil HIGGS was released from the 26 counts. He sells modchips imported from Honk Kong.

Modchips are an important factor in game piracy. There are modchips for most game consoles. It is rather easy to find modchips on the Web, but it requires some skills to solder the chip. Some shops offer this service, and even sell already modchiped consoles. Ironically, one large modchip supplier uses holograms to authenticate its modchips. Other suppliers are selling counterfeited modchips!

Should you invest in the long tail?

Posted on by
Reply

The long tail theory is one of the strong belief of opportunities in Internet. In a few words, dematerialization of goods offers more choice to consumers; The production cost are minimal. Furthermore, online distribution will change the curve of demand. in other words, people will look for rare treasures and this niches will be great. To simplify, if Internet can provide easy access to the long tail, then there will be a market (expected to be serious)

In the last issue of Harvard Business Review, Anita Elberse benchmarked this theory with real data. She analyzed the weekly sales of home videos from January 2000 to August 2005 on a random sample of 5,500 samples. She verified her results with 3,300 artists between January 2005 to April 2007. Her conclusions are surprising. The shape of demand evolved: The tail becomes longer and flatter.

According to her, the long tail theory does not hold. Among her many findings, some excerpts:

  • Consumers of the most obscure content also buy the hits.
  • Consumers who rent obscure movies are in general the heaviest users.
  • Hit products remain dominant, even among consumers who venture deep into the tail.
  • Hit products are also liked better than obscure products.

So the question is open: is the long tail one Internet Eldorado? read the paper and build your opinion.

Reference: ELBERSE A., Should you invest in the long tail?, in Harvard Business Review, Volume 86, Number 7/8, July/August 2008.

YouTube versus Viacom: privacy does not matter

Posted on by
Reply

In 2007, Viacom launched a suit against YouTube for copyright infringement. Viacom requested $1 billion of damages. In this battle of giants, the latest court order is surprising.

L. Stanton, the senior judge on the United States District Court for the Southern District of New York, ordered YouTube to deliver to Viacom the list of every YouTube username, the associated IP address and the videos that user has watched on YouTube. The objective of Viacom is to evaluate popularity of copyrighted content on the viewing habits of YouTube users. It seems obvious that this evaluation could have been done through anonymized data, as commonly done for statistics. Stanton dismissed Google’s argument that the order will violate user privacy, saying such privacy concerns are merely “speculative.”

More interestingly is that the judge refused to deliver the source code of YouTube software to Viacom to protect the business of YouTube. According to him, the source code could allow competitors to set up a similar system.

According to me, the judge through his decision offers to Viacom the treasure of YouTube. The business model of YouTube is to better know its users so to display more targeted, and thus higher value, advertisments to users. This has only value due to the huge database of collected user viewing habits, i.e., the one to be passed to Viacom. In YouTube software, the most valuable part is probably the profiling one that the judge could have isolated and protected. The rest of the software is available or deployed by many competitors.

Of course, EFF already fight against this breach of privacy.

This type of case becomes more and more complex requiring a good understanding of many fields in addition to legislation. Judges will have to understand technical details as well as business theories. The future of experts to the courts and testifiers seems bright.

Carnage on French piracy

Posted on by
1

French cybercops are extremely active these last weeks. They stopped members of two famous French warez. If you are used to scout P2P for French movies, then the names of CaRNaGe and cinefox are probably familiar to you. Four members of CaRNaGe have been arrested. CaRNaGe was the first release group to provide a cam of latest French blockbuster: “Bienvenue chez les Ch’tis” the day of the theatrical release. A few days later, an excellent version ripped from a DVD version used in post production houses was in circulation on P2P, delivered by another release group.

They may incur up to 5 years of jail and a fine of 500,000€. The timing of these arrests is interesting. It coincides with the French presidency of EU. French president, Nicolas Sarkozy, has promised that fight against piracy will be of of his priorities during this coming semester of presidency.

CaRNaGe, as a warez, collected terabytes of movies, songs and software. Typically, warez data flows after a few days or weeks to P2P networks. Release groups are at the top of the pyramid of Internet piracy.