Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Bruce Sterling (bruces@well.sf.ca.us) cited the following in the austin.eff newsgroup: : *The Australian* on Tuesday October 25, 1994: : : Hacker uses Internet e-mail account to send racist material : : CHARLESTON, West Virginia: A college professor in Texas says someone broke : into his electronic mail account and fired off racist messages to about : 20,000 computer users in four States. : : The message brought death threats and other harsh responses from nearly 500 : users who thought it came from Professor Grady Blount, a white professor of : environmental science at Texas A and M University. : : "My door is locked. We cancelled a class last night and one today will be : moved to another location," Professor Blount said. He also changed his : computer password. : : His password was used to send electronic mail messages to 20,000 Internet : users in Mississippi, Wisconsin, Colorado and Texas. : : The Internet computer network links colleges research facilities and : individuals worldwide. : : The racist message echoes a flier printed by a white supremacist group : called the National Alliance. : : It urges readers to send "minority parasites packing to fend for : themselves" and condemns community development funding as support for black : "breeding colonies". : : A Texas A and M spokesman, Mr Greg Orwig, said the e-mail address : apparently was picked at random by someone who tapped into the university's : computer system on Sunday. -- Prentiss Riddle riddle@zilker.net Moderator of austin.eff
The NYT has an article about Bell Atlantic's video plans: Edmund L. Andrews, A launching pad for a video revolution, New York Times, 27 October 1994, pages C1, C6 [business section]. The point of the article is that BA wants to deliver video to customers, and is teaming up with Hollywood types to obtain the content. The main focus for Risks, though, is probably the privacy aspects of the scheme. A few quotes will probably give the idea: "Company executives, convinced that they must distinguish themselves from today's established cable programmers [and so they plan to] offer more customized entertainment and shopping. "Thus, the company has tied together a computer system that could, almost like Orwell's Big Brother, monitor the movies that a person orders and then suggest others with the same actors or themes. "Going a step further, the system would enable advertisers to send commercials directly to customers known to have bought particular kinds of merchandise. Thus, people who bought camping equipment from a video catalogue might start seeing commercials for outdoor clothing." ... "The scale of the new center ... makes clear how serious Bell Atlantic is about this venture." If this sort of thing is really what people want, of course, then that's their perfect right. But advocates for other visions of technology can do plenty to ensure that people make informed choices. One is to inform people (in honest but vivid terms) that their program selections and purchases are being recorded, kept, and used for secondary purposes. Another is to keep on building things like the Internet and community networks, and redouble efforts to publicize them by telling clear, powerful stories about them. The point is to show that privacy-enhancing and *genuinely* interactive technologies exist, and that they are useful, accessible, democratic, entertaining and convenient. As my colleague Francois Bar emphasizes, this sort of end-user experimentation is crucial for defining the architectures of the future. Bell Atlantic and its brethren are creating top-down, privacy-invasive, 500-channel visions of the future — even though they haven't worked very well in pilot tests in carefully selected communities — because that's the business model they know. We can try to suppress the Risks associated with this model, but that's like shoveling the tide back into the ocean — a lot of work. Another approach to pursue in parallel is to create alternatives that offer *both* democratic values *and* a lucrative business model for the people who can supply the necessary infrastructure. This process starts with experimentation and continues with public relations. Here's a plan. If you're doing something terrific with networks, volunteer to demonstrate it in your local school. Have great stories ready to tell about it. Ask the kids to tell their parents. Then write a press release. Send it to all the newspapers and TV stations in your area — especially the small ones. And make it available on the net as a model for others to follow. Phil Agre, UCSD
A friend of mine who is from outside of the US, and who is now in the US for graduate school, took the computer-administered version of the GRE (Graduate Record Examination) General test last year. The school where this individual was enrolled had a policy that allowed accepted students in some departments to begin graduate studies prior to having taken the GRE, so long as the GRE was then taken and passed with a minimum aggregate score by the beginning of the second semester. The aggregate score was to be the total score in the verbal and quantitative testing categories — the other category, analytical, was not considered. With analytical out of the picture and with this person being a non- native speaker of Enlish, the math (quantitative) section offered the best hope for scoring badly needed points. With preparation, things would go fine. The Computer-Based-Testing option seemed perfect, because it was scheduled late in December which allowed some vacation days for pre-test cramming, and it also promised quick scoring, which would ensure that the results would arrive at the school before the start of the spring semester. When the day of the test arrived, my friend felt well prepared and was especially confident for the math section. For the five-section test, the software makes a random assignment of sections drawn from the three categories: verbal, quantatative, and analytical. Therefore some categories are repeated (with different questions, of course). With my friend's fortunes resting so heavily on the quantitative category, naturally the computer's random algorithm chose to assign not two, but THREE analytical sections — the one category not regarded by the school. This left one verbal and one quantatative section. (It seems strange that the computer was not programmed to choose combinations of 2,2,1 and avoid those of 3,1,1 — but there's more to this story.) The Computer-Based-Testing administration of the GRE is also known as the "Computer Adaptive Test (CAT)," because it uses a new technique that presents different questions of varying difficulty based on this examinee's previous answers. Since my friend had done a good job boning up on math, the software, detecting a run of correct answers, began selecting more advanced questions. This was no problem, but it did mean that it took more time to answer each question. And the test had both a time limit, and a minimum number of questions that had to be answered. Now you see where this story is going — when my friend had ALREADY clicked the answer of the last required question, and was just about to click "Confirm" with the mouse, the time expired and the screen went blank. So instead of a good score for answering difficult questions, or a low score for leaving one question blank, my friend received a "No Score," or "NS." Added to a low verbal score, this was enough to ensure that there would be no more graduate studies for this student, at least not at the original school. The rest of the story: In September 1994 a carefully hedged letter arrived from the ETS (the Educational Testing Service, which administers the GRE). "...We have recently determined that it is possible that a small number of examinees who took the [CAT] received a NS (No Score) because they were unable to confirm an answer selection before time expired...." The ETS offered to replace the NS with a newly calculated score based on the completed questions. The new aggregate score turned out to be 130 points HIGHER than the minimum that would have been required for the student to maintain graduate status at the school. The offer of score adjustment is welcome, but seems to trivialize the (already incurred) very heavy costs to the student, who had to sacrifice a full semester of a graduate career while still being responsible for maintaining cost of living abroad--many visitors to the US on student visas are not allowed to work, so this was a great drain financially, in addition to being very stressful for the student. Compared to some of the stories we read about x-ray machines and airplanes, this may not seem like much, but it is another reminder that as designers of information systems we need to remember that our work affects people's lives, and we should try to anticipate this in our designs. Carlos McEvilly mcevilly@netcom.com, cim@lanl.gov
AOL, now boasting 1.25M subscribers, up by a factor of more than three in the past year, apparently cannot boast about its E-mail performance. Yes, it is handling something like 15 million E-mail messages a month, about 7 times any of its competitors. But, No, it is not delivering 15 million E-mail messages a month. MANY MESSAGES sent to AOL are bounced back to the senders. Steve Outing, with 150 AOL subscribers on his discussion group, complained of getting a few hundred bounces a day. Message volume seems to be overburdening AOL's Internet gateway. AOL admits that a ``bug'' between 21 Sep and 5 Oct 1994 caused outgoing mail to ``go awry'' --- but that has been fixed. More recently, five-day delays have been reported for receipt of mail on AOL. [Source: An article by John Eckhouse in the San Francisco Chronicle, entitled "AOL Users Find E-mail Going Undelivered", 28 Oct 1994, p. D1.] [From my vantage point of sending out RISKS, AOL FINALLY provides RISKS (comp.risks) as a newsgroup, although most of my direct subscribers have not caught on yet and are still getting private subscriptions. AOL apparently splits RISKS issues (normally just under 32K) into max-22K chunks, so perhaps one half of an issue gets through and the other half doesn't, which at least enables someone to realize that something is missing. A reminder to AOL subscribers: Your mailbox is limited to 550 messages, after which new incoming mail is simply rejected. More-than-week-old messages just vanish. Presumably that means you should not use AOL if you are going to be away for more than a week, or if you get a lot of mail. I presume the newsgroup stuff ages just as rapidly. PGN]
A follow-up to the backspace/delete problem I've been having with my
cut-rate internet service provider, NETCOM.
PROBLEM: Dialing the standard local NETCOM number will occasionaly give me
one server which displays ^? when I hit backspace; and in a later session,
_without_ reloading or restarting my telecom package, give me another server
with a backspace key that properly ERASEs. I thank the avalanche(!) who
provided me with suggestions on STTY and UNIX arcania. I apologize for
resorting to form replies. Particular thanks for info on "The UNIX Hater's
Handbook".
OBSERVATIONS:
1.) Others e-mailed me with the _same_ NETCOM problem!
2.) the duration of the blink of the SD light on my modem
clearly differentiates the Backspace key from the DEL key, and
indicates I am always sending BACKSPACE.
3.) The only thing which changes between these sessions is:
a.) the telephone path,
b.) Equipment and software on THEIR end.
c.) The modem's compressions session???
NETCOM's latest official response:
"Sir, with all due respect, other UNIX personnel do not have the ability
to diagnose concerns about Netcom's system. They may have experience with
differently configured Sparcs, but it's good to keep in mind that our
configuration may not necessarily be what you are used to."
"You have repeatedly described a problem that is characteristic of
terminal software problems. Our technical support staff has diagnosed this
kind of problem innumerable times.... it is in our opinion clear [?] that
any remaining problem is the fault of your terminal software. ... We have
concluded to our satisfaction that this is not an error on our end." [With
original a-gramatica.] They then repeatedly tell me to put STTY ^H in my
.login, file, which they have already done WITHOUT my permission! It does
NOT, and CAN NOT work as both my modem, and the command line clearly show
they receive the ^? code, hex 7F, "DEL"; Not ^H, 08, "Backspace"."
CONCLUSION:
Something on NETCOM's end occasionally decides (at log-in) to map both
BACKSPACE and DEL together to the DEL code.
The ONLY way I can fix the problem, is by typing STTY ERASE, and then
tapping the key which is, at the moment, producing the ^? code at their
command level — the backspace (^H) key; usually after I commit a blunder I
can not backspace out of! I often hang up.
The RISK of not fixing intermittent problems is having to increase your
marketing budget. Same for not understanding English.
John V. Vilkaitis, Senior Consultant, Software General Corp. 408-983-0518
[John asks whether anyone knows of a more competent internet server
for less money serving both Northern California and Connecticut.
Unfortunately, each one has some partially overlapping set of problems.
RISKS does not wish to get into a war among the Internet service
providers, more or less all of whom have been dinged here at one time
or another, and all of whom seem to be eagerly creating their images
as fly-by-nighters. RISKS most equanimiously hopes that a little public
exposure will goad them into doing something reasonable. Our very best
wishes to all of them for getting well soon. PGN]
IMHO, the worst button-placement crime is one almost every computer manufacturer for the last 20 years has perpetrated: the CAPS-LOCK key on the keyboard. Consider: this is a key which has a completely different interface than every other key on a standard keyboard (toggle instead of momentary contact), which performs a function almost completely obsoleted 15 years ago (by decent text-editing and word-processing software), and which is a factor in a number of fiendish user-interface traps. As an example of the latter point, consider the most common solution around our shop to "I can't log into my account anymore", namely, "Did you bump the CAPS-LOCK key on?" Since the characters of the password are (IMHO quite rightly) not echoed, and since the password is (IMHO quite rightly) case-sensitive, there is no obvious indication given to the user of this error. Another example, which has bitten me several times, is what happens under many versions of UNIX when I inadvertently type my login name (a single smooth motion) before realizing I have the CAPS-LOCK key on. The getty program (IMHO quite cleverly) decides that I must be on an uppercase-only terminal (when was the last time you used one of those babies?) and configures the TTY driver accordingly. The only ways I know of to cure this condition are (1) type a control-D at the login process to restart getty, or (2) get logged on (assuming that my current password contains no uppercase characters, or that I remember to backslash them) and type "stty -lcase" (I understand why the parameter is called "lcase" instead of "ucase", but I'm still amazed at the choice of name): suffice it to say that I consider neither method intuitive, or obvious to a novice. Manufacturers, please: let's make this particular dinosaur extinct. Bart Massey bart@cs.uoregon.edu
This is more of an anti-risk than a risk, but I thought a mention of the Microsoft Natural Keyboard might be appropriate. In case you haven't seen a picture of it, it's an ergonomic keyboard with the left and right hand key areas tilted in two planes for more natural hand positioning. It was the best looking design I'd ever seen in a $99 keyboard, so I bought one. At the risk of being incredibly subjective, I love it. This is one of the nicest keyboards I have ever used. (50th percentile hand dimensions make me a keyboard-designers dream) *BUT* it p***es me off that it is still a secretary's keyboard. I understand that it has to be as close as possible to an 1890's QWERTY keyboard for backwards compatibility reasons, but: The caps-lock key is where the control key *should* be, requiring an impossible stretch of the left pinky every time a right-handed control character is required. A similar stretch of the right pinky past the '/" key is required to get to the enter key. That stretch of the pinky was fine when you only hit the enter key every 60 characters or so, but it is (IMHO) unadvisable for programmers, spreadsheet users, etc., who are likely to need to hit the enter key every ten or fifteen characters. Speaking from personal experience with a Dec keyboard I suffered considerable hand pains from those pinky-stretching motions until I rebound the control key on top of the physical caps-lock key and swapped the enter and '/" keys. The change in my hand problems was immediate and dramatic. [If anybody knows of a Dos/Windows way to do that rebinding please let me know (email to me, not risks... I'll summarize if people want). I've tried doing it with the DOS ANSI driver but the '/" and enter keys only seem to accept incompatible combinations of shift, control, alt, etc. modifiers] Anyway, on the whole I'd say Microsoft did a real nice job on the hardware (installing the new keyboard driver software on my laptop was another story, but we all know hardware companies rarely write good software :-) -Don (Just my opinions, of course... your handage may vary)
Many lists accept posts from non-subscribers. One need only know
that the list exists and where to send contributions. It would be a simple
task to poll ten thousand LISTSERVs for a list of lists. Having compiled
such a listing, one could then send one's advertisement into several
hundreds of thousands of mailboxes.
It's been done. In mid-September I (and the readers of all the other
publicly-known mailing lists beginning with A or B) got a pitch for a
remote-backup service that started, "Dear Friend, since you read email..."
Paul Wallich
[It can happen to RISKS BITNET subscribers and USENET comp.risks readers,
but not to the mainstream direct subscriptions. This was a problem only
in the early days of RISKS, where my distribution macro on the Foonly
made the live broadcast address accessible while it was being run. PGN]
A. Padgett Peterson wrote in RISKS that everybody should have Caller ID, to screen unwanted calls to a computer system or a personal telephone. There's a difference between Caller ID - which transmits and displays the number of the calling party, often without that person's full awareness - and programming one's telephone or modem to screen out unfamiliar incoming telephone numbers. Devices for screening out unfamiliar numbers are on the market and may be used without subscribing to Caller ID. These devices - or software that does the same thing - present no privacy problems that I can identify. It's the display of the number and the ability to capture it for later commercial exploitation that create the privacy problems. Robert Ellis Smith, Privacy Journal, Providence, RI 0005101719@mcimail.com.
Minnesota is just introducing a new drivers license, with new security
features, as well as a bar code and a magnetic stip (with full name, date of
birth, and license number). The photo and signature are digitized, and
presumably stored by the state as well as being printed on the card. I
learned about the new licenses from an article in City Pages, a free weekly
here in the Twin Cities.
The new licenses are produced (for $1.29 apiece) by Deluxe (the check
printers). About 4000 drivers had to go back to have their pictures retaken
because they were transmitted at night from one computer to another over
"incompatible phone lines" [whatever that means] and billions of bits went
"screaming into the ether". Deluxe blames a subcontractor.
Since the magstripe can hold about 256bytes, there have been discussions
about what else might be stored there. Things like a list of cars and guns
registered in your name, perhaps. Or, people receiving food stamps or
welfare might use their license to obtain their benefits, either at a
food-store cashier or from an ATM.
Don Gemberling, director of MN's Public Information Policy Analysis Divison,
evidently did raise the privacy issues during the planning process, noting
that a "universal personal identifier ... has been consistently resisted in
this country". Alice Gonzalo (assistant director of DVS, the state Driver
and Vehicle Services Division) notes that DVS already sells driver's license
information, sorted by different fields. (One could buy a list of
Minnesotans over 6'3", for instance.)
There is already a national database of drivers with commercial licenses,
called AAMVANET, and there are plans to expand this to all drivers.
In Wisconsin, a driver's license can be suspended for failure to pay
fines unrelated to driving (like library fines).
MN dept of Administration's Bob Schroeder says
In my opinion, the driver's license has nothing to do with driving.
How many times have you pulled it out because an officer asked you
for it? You pull it out much more because someone at a store of a
check-cashing place wants to know who you are. It has less to do
with driving and more to do with being a universal identifier, a
way for you to be identified over the long term. Business really
relies on the state to establish this sort of identifier for them.
-John Sullivan sullivan@geom.umn.edu
Please report problems with the web pages to the maintainer