fury.com presents... ...also at fury.com
Kevin Fox
bio ~ email ~ resume		 AOLizaWARRandompixel
AOLiza
Weblog. No, journal! No. Weblog!

Look Inside

AOLiza

Metacookie

QWER

Randompixel

War

Blogger Purity Survey

Pi Log
 

Look Ahead

 

Meme-o-matic

Plushie Microbes

Penguin Baseball

Website Mixmaster

End of the World

Illegal Art

With Gusto

Longest Line

Godchecker

Lego Treasure Hunt

Badgers! [local mirror]

Badgers!

Stealth Disco

Zombie Simulation

Fishy!

Virtual Bubblewrap

Creation Science Fair

Elgoog

Making Fiends

Gayometer

Triplettes de Belleville

Muffin Films

Googlism

Catapult Watch

Amon Tobin: 'Verbal'

Apple Japan: Switch

Switch: Terrortown

Strong Bad

Odd Todd

Golden Gate Tunnel

Ballmer-Rock

Jesus

Weeeee!

L33T R+J

Pancake Bunny

Dictionaraoke

suggest-a-meme...
 

Friends

almost there

booboolina

chad

davezilla

fanboy

inpassing

jessajune

leiascofield

life am good

linkstew

littleyellowdifferent

metagrrrl

miceland

min jung kim

noire

peterme

phoenixfeather

powazek

zhaneel
 

RSS feed:
RSS feed
(what is RSS?)

  

privacy

Keep it secret, hide it, transmit it securly. Security is the hidden warrior in all wars, and sometimes it's just plain fun.


permalinkI am not Kevin Fox - Saturday, Oct 30 2004, at 7:25 pm (more ego, politics, privacy, travel)

Well, I'm a Kevin Fox, but if you're from the Chicago area and this is the first time you've come to the site, I'm probably not the Kevin Fox you're looking for.

Seems another Kevin Fox has been arrested under suspicion of murdering his 3 year old daughter, in a story that's gotten quite a lot of media attention, at least according to Google News.

I have no feeling as to whether the guy did it or not. Being my namesake doesn't mean I'm prejudiced towards him, though I hope he didn't do it if for no other reason than it would lessen the chance of my being stopped at airport security because my name matches that of a suspected murderer.

CAPPS II, the airport security system that causes anyone whose name is similar to that of a 'person of interest'to be flagged for extra security measures or barring from flight, is one thing I would be really happy to see eased or eliminated under a Kerry victory. As it is, I'm selected for security screening when I purchase my ticket less than two weeks in advance, but not in other cases. I'll keep you posted on whether I get screened more frequently on my upcoming flights. It's an interesting test.

Three more days. God, just three more days...

Comments?

 

permalinkiPod AAC DRM backdoor? - Thursday, Jun 5 2003, at 7:05 am (more dot-commerce, music, privacy)

So I've been thinking (always a dangerous sign). With Apple's new Music Store, they enforce digital rights management (DRM) by apparently encrypting the songs they download to you with a key to ensure that only a computer registered to you can listen to the music. Other bloggers have verified that the actual content portion of the song is changed, not just some identifying header, having purchased the same song under two IDs and otherwise identical conditions, and finding no similarity to the data within the song files, though they play identically.

Under Apple's digital rights management scheme (which, by the way, for all the evils of DRM, is the least evil I've seen), an Apple Music Store customer can play their purchased music on a Mac that has been linked to their account, and at any time up to three macs can be so linked. At the same time, any song from the Apple Music Store can be played on any iPod, which brings me to my thought: How does the iPod get around the DRM?

What I mean to say is, if the song file is protected, presumably through some sort of encryption, so that only computers in possession of a decryption key linked to the user's account can decrypt a song, how are the iPods exempt?

It seems to me that there are four possible solutions:

  1. The files are encrypted by the user's personal key and that key is actually included inside the song file, so that iPods can decrypt any song. Mind you, any other application that knows about the key could decrypt any song, too, unless the key itself is encrypted by another key that is stored somewhere in the flash rom of every iPod so that iPods, and only iPods, can decrypt the key in the song, then use that key to decrypt the song. I believe this is similar to how DVD encryption works, though I could be wrong.
  2. Similar to #1, perhaps when a mac uploads a song to an iPod, it tacks on the user's personal decryption key along with the song so the iPod can decode it. A way to test if this is the case is to take a protected song to someone else's mac (that can't play the song because it doesn't have the key), then try and upload it to an iPod and see if the song plays. If it doesn't play, then it means that songs have to be loaded on to iPods from 'permitted' computers.
  3. When uploading to the iPod, the mac might completely decrypt the song and then upload it, obviating the need for any kind of decryption on the iPod side. In this case, as in #2, only a 'permitted' computer could successfully upload a song to an iPod. The difference here is that if two people purchased the same song, then uploaded them to iPods, then copied the song back from the iPod, using command-line copying or another third-party iPod tool, then the two files should be decrypted, and identical to each other. Incidentally, these files would likely be playable on any AAC player, effectively removing the DRM without sacrificing quality.
  4. Maybe the files aren't actually encrypted at all, and are just made to look different by inserting a small amount of random noise, or a digital signature, to the original waveform prior to encoding, so that the files can be tracked, and playability on different computers is solely regulated by a weak honor-based system within iTunes.

With a little time and two Apple Music Store accounts, it should be easy to tell which of these systems is being used (unless it's something other than the possibilities above). I might do it if I have the time in the next week or so, but I'm really just more curious than anything else. I don't feel the need to go around trying to break Apple's DRM and be a new EFF poster child fighting the DMCA.

For now my main hope is that TiVo sends out an update for its Home Media Option so that it can play my Apple-bought music, especially since Apple's courting independent labels today, and many more cool bands could be in the store in the next couple months.

Comments?

 

permalinkUnited States vs. CNN - Wednesday, May 22 2002, at 10:17 pm (more music, politics, privacy, software)

Okay, follow me on this one, this is great:

One of the provisions of the Digital Millennium Copyright Act (DMCA, passed into law in 1998 as house resolution 2281) is that not only is it illegal to circumvent content-protection schemes (for music, CDs, DVDs, anything) but it's also illegal to distribute such circumventions, even if the circumvention mechanism in question can be used for legal purposes, such as making a personal backup of a piece of software or encoding a CD to mp3 to listen on your portable player.

The most famous test case for this was regarding DeCSS, a small software app that allowed people to copy and decrypt DVD movies. Within weeks of the software coming out, the developer was sued, and sites hosting the software were ordered to remove or face prosecution.

The most notable site refusing to remove the program was the hacker site 2600. 2600 was sued by the Motion Picture Association of America (MPAA) where the judge found in favor of the plaintiff, and 2600 lost [pdf]. To be clear, they were breaking the law because they were, through dissemination of information, enabling people to circumvent a content-protection scheme.

In a similar case, a Russian programmer, Dmitry Sklyarov, was detained while attending a trade show in the United States because of his participation in creating a program that circumvented Adobe's content copy-protection scheme.

After Adobe customers staged significant protests at Adobe's San Jose headquarters, Adobe asked that the charges against Sklyarov be dropped. Since it was a criminal matter, not a civil matter, Federal prosecutors had the option to continue with the charges against Sklyarov if they so chose. As of May 8th, a federal judge has declared that the law is constitutional, and that Sklyarov and his company must still stand trial to determine if they violated it.

...

A few months ago, Sony started manufacturing audio discs with a copy-protection scheme which inhibited their being ripped into MP3s by making them incompatible with the Audio CD and Hybrid CD formats in such a way that most audio CD players could read them, but CD-ROM drives could not. (Pioneer, the developer of the CD format, claims that Sony can't call them 'Audio CDs' because they don't conform to the standard for that designation.)

The protection system works by making a 'hybrid CD' that looks like it contains both an audio session (with the music tracks) and a data session. While an audio CD player ignores the data portion entirely, a CD-ROM drive will check the data session on mounting the disc, to determine what it should do with that data. On Sony's disc, they place corrupt header data on that session, so that the CD-ROM drive rejects the disc, audio tracks and all, and refuses to mount it.

Some smart folks figured out that this was how Sony managed their trick, and they scribbled over the data session portion of the disc with a black marker. The data portion is visible as the matte ring around the edge of the CD, while the audio tracks make up the matte circle from the inner edge to nearly the outer edge of the CD.

Covering the data track prevents it from being read in the first place, and thus the CD-ROM drive sees a simple audio CD, and operates normally.

Okay, well and good. Except that by the letter of the DMCA, this is a circumvention mechanism and it is therefore illegal to make this modification to the media you purchased. Further, disseminating instructions on how to circumvent the copy-protection mechanism is also a criminal violation of the DMCA.

So yesterday CNN publishes a story about the circumvention technique, spelling out in the introductory paragraph exactly how to defeat Sony's copy protection mechanism.

According to the DCMA, ratified by Congress and upheld by the federal courts, CNN appears to be in violation of the law, and should face criminal prosecution (as should I for this very post).

It's irrelevant that Sony might not want to press charges against CNN. The federal government's refusal to grant Adobe's request to drop the charges against Sklyarov demonstrates that, as a criminal matter, the decision on whether to prosecute doesn't lie solely with the alleged victim.

The trouble is that the only person who is helped by this prosecution is the consumer. The entertainment industry would rather not have this trial come to court for fear it would expose the DMCA's protections as going beyond reason and restricting a free press. CNN would rather not get prosecuted. Actually, I hope I'm wrong and CNN would welcome the constitutional challenge, but with so many media outlets being owned by entertainment corporations in favor of the DMCA, it's questionable how likely CNN, or other sizable media outlets would be to test this case. A smaller outlet probably wouldn't want to risk the legal consequences of losing.

It's important to realize that bringing CNN to court over its story sounds stupid and childish, and it absolutely is. sadly, it's what the DMCA demands, and I dearly, dearly hope that it happens to show that the copy-protection-protection laws in the DMCA go far beyond what is reasonable for the protections they seek to provide, and that this case may be the method for stopping the next Sklyarov, or any person simply wanting an mp3 of the album for which they've purchased an individual license.

I'm sending out a few emails tonight. Further news will follow if any of the people in positions to do something about this get back to me...

Comments?

 

permalinkThe Good of Targeted Advertising - Friday, Apr 26 2002, at 12:21 pm (more dot-commerce, marketing, privacy)

For all the concerns of privacy online, I have to say that I think ultra-targeted banner ads are a good thing, and not an evil.

Whenever I work from home I get at least four calls from solicitors for newspapers, credit fraud protection dealies, or roofing supplies. I also get about 80 spam messages a day, not to mention a handful of Instant Message spams (vile vile vile). I'm anxiously awaiting California's statewide 'do not call' list, to be freed from the telemarketers, as I'm hoping for an eventual solution to the spam and IM problems.

What I don't mind (comparatively, anyhow) are advertisements that pay for content I want to read/watch/listen to. Advertising that pays for the sites I read, radio stations I listen to, or TV shows I watch, while annoying, are at least fair trade. A solicitor with a junkmailer or a phone bank provides nothing of value to me in trade for the intrusion on my time and brain.

Of course, TV and banner ads aren't as effective as direct marketing because they only reach broad, marginally targeted demographics. If this science were perfected, while still maintaining my anonymity, then a banner ad with only 1000 impressions to the right people would be more effective than a 50,000 impression ad buy.

Google's AdWords goes a good way toward that, in addition to preferred search results, for all the bad ink they've been getting lately.

For businesses to survive, they have to get the word out there, and almost universally people don't want to have 'the word' pushed upon them. But really, isn't a contextually relevant ad, given in trade for content that you actually want, a fair exchange?

The Open Source movement makes a distinction in the term 'free'. They note the difference between "free as in beer" meaning not costing money, and "free as in speech" meaning unfettered communication and distribution. A similar terminology might befit the privacy world:

  • "Private as in invisible" should relate to not allowing tracking or profiling of any kind, as in cookies, registrations, or server log tracking.
  • "Private as in citizen" should mean the inability of marketers to contact you without your consent, or in a form other than paid advertising in content you specifically request.
  • Somewhere in the middle is "Private as in anonymous" where you can be tracked, but not individually identified.

I'd love to hear thoughts you guys have on this distinction, as well as better, more catchy terms...

Comments?

 

permalinkA Mac Scorned - Friday, Jan 25 2002, at 10:51 am (more i am a geek, privacy)

Briefly, I point you to a great saga of one guy's tech adventure to reclaim his sister's stolen iMac, using the power of Timbuktu and AppleScript.

Deep down I think a lot of people wish this happened to them, so they could really try out their hacking skills without fear of criminal persecution, because they're hacking into their own machine, stolen and placed somewhere else on the net.

Comments?

 

permalinkAnywhere, anytime, we can find you. - Sunday, Sep 23 2001, at 9:42 pm (more communication, privacy)

...or at least your phone.

Congress mandates cell phone locating ability, ostensibly for emergency 911 services:

"Under the E911 mandate, carriers could track phones embedded with GPS chips, even when they aren't turned on."

But this is just so dispatchers can know where 911 callers are calling from, naturally. Mind you, I'm not making a stand on privacy issues here, but I do take offense at privacy-removing bills being masked as anything else.

Comments?

 

permalinkNot a good day for the other guys... - Thursday, Aug 23 2001, at 12:49 pm (more marketing, politics, privacy, web flotsam, yahoo)

Sometimes I'm really glad to be working where I am:

(and for those who keep hinting that Fury is just a front for Yahoo, consider that maybe I chose to work there because I like the company, and not vice-versa)

Comments?

 

permalinkCrypto thoughts for the day - Wednesday, Aug 15 2001, at 10:21 am (more privacy, wireless)

First, why do we call it 'anti-piracy' protection when it's some company's crypto, but 'privacy' protection when it's ours?

Second, why do people constantly get persecuted and imprisoned under the DMCA when they try to publish the vulnerabilities in encryption systems (CSS, SDMI, eBook, HDCP). but several people have demonstrated successful attacks on WEP (802.11b wireless encryption) without any reprisals? Is it more onerous when someone documents how to attack a copy-protection protocol than when they document the vulnerabilities of a privacy protocol?

Comments?

 

permalinkSecurity through lucidity - Wednesday, May 10 2000, at 4:43 pm (more i am a geek, privacy)

If you're interested in cryptography, especially steganography, you might want to read a post I put up on Slashdot this afternoon.

It details how a hypothetical data haven could work for secure transmission of information between you and someone else, where not only the data is secure, but also the information about who you're sending it to, where you're getting it from, and whether you're getting it at all.

Best of all, it's all out in the open.

Comments?

  		 
 

Legend

One Day

Three Days

Older

 

Read by Topic

ambient displays (2)

aoliza (39)

art (19)

audio (7)

awards (15)

berkeley (49)

blogging (130)

books (24)

buffy (42)

can you help (28)

carnegie mellon (40)

chatblogs (6)

clippings (10)

communication (113)

conductor gary (5)

dancing (21)

datavis (31)

dot-commerce (85)

dotcom storytime (18)

dreams (12)

ego (43)

election (6)

environments (34)

essays (12)

excuses (51)

family (42)

favorites (13)

feedback loop (71)

fox minute (1)

free association (3)

friends (109)

fury (95)

fury 4 redesign (9)

galleries (11)

games (18)

google (48)

haha (81)

hardware (79)

history (15)

i am a freak (54)

i am a geek (50)

ikea (13)

infoarch (23)

interface (89)

iPad (26)

kisa (10)

kvetches (66)

language (41)

life stuff (142)

marketing (44)

metacookie (9)

movies (74)

music (64)

nostalgia (108)

only i care (2)

photo (75)

pittsburgh (59)

politics (90)

prius (9)

privacy (9)

quotes (19)

qwer (6)

random (13)

randompixel (18)

Red Tuesday (1)

reference (11)

relationships (18)

religion (5)

sblog (8)

school (63)

science (45)

secret stuff (17)

september 11 (47)

sex (18)

software (52)

space (19)

sports (7)

storytelling (50)

synergy (1)

the way we work (70)

tivo (24)

tolkien (2)

traditions (30)

travel (121)

tv (71)

underblog (5)

vacation (37)

vocation (40)

web flotsam (145)

wireless (13)

yahoo (52)

 

Read by Date

This week

Early October

August

July

June

February

January

December 2007

November 2007

September 2007

August 2007

July 2007

June 2007

January 2007

December 2006

November 2006

October 2006

September 2006

July 2006

June 2006

May 2006

April 2006

February 2006

January 2006

November 2005

October 2005

September 2005

August 2005

July 2005

June 2005

May 2005

April 2005

March 2005

February 2005

January 2005

December 2004

November 2004

October 2004

September 2004

August 2004

July 2004

June 2004

May 2004

April 2004

March 2004

February 2004

January 2004

December 2003

November 2003

October 2003

September 2003

August 2003

July 2003

June 2003

May 2003

April 2003

March 2003

February 2003

January 2003

December 2002

November 2002

October 2002

September 2002

August 2002

July 2002

June 2002

May 2002

April 2002

March 2002

February 2002

January 2002

December 2001

November 2001

October 2001

September 2001

August 2001

July 2001

June 2001

May 2001

April 2001

March 2001

February 2001

January 2001

December 2000

November 2000

October 2000

September 2000

August 2000

July 2000

June 2000

May 2000

April 2000