e-ignite has now opted out of Phorm / Webwise tracking so visitors to the site will have their privacy protected. Please see the open letter below:
Email sent to: email@example.com
Date / Time: 28 April 2009 / 7.18pm UK Time
Subject: Website Exclusion Request: e-ignite.co.uk [An open letter]
Content: To whom it may concern,
I own and operate the domain e-ignite.co.uk and all subdomains under this domain. I wish this website and all its subdomains to be excluded from Webwise / Phorm for the benefit of the privacy of all visitors to the site. I fundamentally disagree with the Webwise tracking practices and I also disagree with the policy that website owners have to specifically opt-out via email – a Webwise / Phorm specific entry in robots.txt should be respected.
A recent BBC News article discussed a new email law that is being introduced by the UK government. This law means that all emails sent or received in the UK will have the details logged and stored by ISPs for a period of one year. Although the government say that this does not include the content of the message, only details such as date, time, from, to and presumably IP address, some critics think that it might not be a large stretch before we find that the content is being logged as well.
From a practical point of view, this means that ISPs have to store masses of data – bear in mind that this is all emails received, so this will include the details of tens of millions of spam messages sent each day in addition to legitimate emails. The UK Government are also going to have to pay the ISPs to record this information, with cost estimates ranging between £25 Million and £70 Million. With these costs in mind, perhaps it won’t be long before the government compiles all the email records into one central database – this is a real concern, not least because of the many highly publicised data breaches but for your privacy. The director of human rights group “Liberty” stated that you have a human right to privacy, and this right should be protected. It is very difficult to regain privacy after it has been removed.
So how would you feel knowing that details of every single email you sent or received had been recorded and monitored? Is this the kind of thing that should happen in a free and democratic society? Or do you find this sinister and of great concern?
I recently had some fairly serious problems with my iPod Touch when the latest 2.0.2 firmware was released. I don’t normally blog about these problems to complain, but it seems to me that there could be a serious issue affecting all iPod Touch and iPhone users – the Apple support website offered little or no help and at one point, I thought I might have bricked my iPod. In the hope of helping anyone out who may suffer the same problems, here’s my story…
Firstly, I should make it clear that my iPod is 100% above-board. It’s not Jailbroken and I bought and paid for both the original software update (the January Software Update which added mail functionality along with weather and stocks gadgets), and the iPhone 2.0 update for iPod Touch. I absolutely love my iPod and use it intensively for checking my email, general web surfing and all things music and video.
I first noticed a problem when I tried to update my iPod to the 2.0.2 software – I was able to update to 2.0.0 and 2.0.1 without any problems whatsoever just weeks earlier. I launched iTunes, plugged my iPod in and a “New Hardware Detected” bubble came up in Windows XP (Pro) stating that new hardware was found and it was a “Digital Stills Camera”. I thought that this was a bit strange, and within a few second, Windows went into memory dump mode and I got the Blue Screen Of Death (BSOD). Annoyed, I re-booted and plugged my iPod back in – this time it worked, connected no problem and so I started downloading the new firmware. The firmware downloaded (although at almost 250Mb, it seemed like a huge download for such a small device… I guess that’s just the way it is though) and began to install on my iPod. The “Digital Stills Camera” bubble popped up again in Windows and within seconds, my computer blue-screened and the software install didn’t finish correctly. I tried switching the iPod on – it worked, remembered my password etc, but when I tried to open anything (the Settings dialog for example), it just froze up.
As many of you from the UK will know, petrol prices have gone skywards and show no sign of slowing. With the Government announcing even more taxation on fuel, it’s time to take a stand. Lorry Drivers took matters into their own hands and staged the first of a number of threatened protests which I wholeheartedly agree with.
If you agree that fuel prices are too high and something has to be done at government level, please take just a few moments of your time to sign the government petition before 17 June 2008:
According to a number of recent BBC News articles, the UK government are currently considering creating a massive database logging all phone calls and emails sent. As usual, the excuse for needing such a database is “Terrorism” or “serious crime”, but at what point must voters and members of the public say that enough is enough? It is inconceivable to think that each and every call that is made is logged and every email that you send is noted – with current mobile phone technology, it’s possible for your location to be pin-pointed (simply download the Google Maps java application to your mobile handset and see for yourself by clickong on “my location”) so does this mean that yourlocation at the time of the call would be logged? It’s absolutely possible.
We’ve seen the function creep of technologies like this already – for example, average speed cameras that use number plate recognition to catch those speeding were installed under the promise that they would only ever be used for the purposes of speed control. Now though, we see that they are used to track movements of “terrorists” or “serious criminals”. With a database of all calls made and received, will the function eventually creep so that your exact location is logged every fifteen minutes or so when your mobile phone “checks in” with the network? Email on the move is also susceptible to this form of tracking – the IP address that sends the email could be tracked and in the future, why would they not start logging all the websites you’ve visited recently?
So it turns out that SHA-1 might be broken. If not broken as such, it’s certainly bruised and its ability to be relied upon is in a significant amount of doubt. But why should that matter? We can just use SHA-256 or SHA-512 for more security, can’t we? Well yes we can… but does that actually help the wider issue?
Think about this in another way: If you receive a signed email from a contact of yours and it verifies correctly, do you check what method of signature was used on the email? I’d suggest that unless you’ve fitted yourself for a tinfoil hat, you’re unlikely to do this. Seeing as the signature process is employed to provide verification, we need a method that can use in a widespread manner and that we can rely upon. Is it time to revoke SHA-1 and DSA signatures? Should encryption and signing packages refuse to verify messages and files signed using these methods? Perhaps. However, it’s extremely unlikely that this would be implemented – md5 was broken some time ago and yet it’s still used for verification of file downloads etc in a farily widespread manner. So what should we do to protect ourselves from potentially forged digital signatures?
This video is really an attack on the Fox News network, but I think it highlights effectively that any information that you hear mustn’t be taken as gospel. This goes hand-in-hand with my views on the UK and US governments pushing the excuse of “terrorism” on us so that we give up rights to privacy and head towards Surveilance Societies. Yes, I believe terrorism is a real problem, but how much of a problem is it really? As bad as they say? Or not really? Think about it.
The Raw Story reports that the US are currently drafting a law that will allow them full access to examine any email, file or web search at any time. Currently the plans are at the draft stage, but if passed, this could essentially mean the end to any form of privacy on the internet. Consider that the largest email providers such as Gmail, Hotmail (Live Mail – run by Microsoft), AOL and many others are based in the US but they have international users on a massive scale. This is a frightening plan that has global consequences, and will really pave the way for essential cryptographic systems on email.
From the article:
National Intelligence Director Mike McConnell is drawing up plans for cyberspace spying that would make the current debate on warrantless wiretaps look like a “walk in the park,” according to an interview published in the New Yorker’s print edition today.
McConnell is developing a Cyber-Security Policy, still in the draft stage, which will closely police Internet activity.
“Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the autority to examine the content of any e-mail, file transfer or Web search,” author Lawrence Wright pens.
“Google has records that could help in a cyber-investigation, he said,” Wright adds. “Giorgio warned me, ‘We have a saying in this business: ‘Privacy and security are a zero-sum game.’”
A zero-sum game is one in which gains by one side come at the expense of the other. In other words — McConnell’s aide believes greater security can only come at privacy’s expense.Read the rest of this entry »
The results of this year’s Privacy International report are in and it doesn’t make comfortable reading! Many countries including the USA, China, Russia and the UK have been described as “Endemic Surveillance Societies” – a sobering thought when you consider that China (widely criticised for its web censorship and monitoring of citizens) is in the same category as the US and UK!
The report can be found here on the Privacy International website and I’d recommend you take a look and see how your own country got on.
It’s official: You have no right to the expectation of privacy when your computer is in for repair.
A recent Slashdot article told the story of a man from Pennsylvania who had his computer in for repair (a repair to the DVD burner of his PC). When the computer was in for the repair, technicians found illegal pornography on his hard disk, and he was reported to and arrested by the police. When it went to court, he successfully argued that the technicians had no right to be accessing data on his hard drive, but this decision was later overturned by a prosecution appeal.
In no conceivable way do I support his actions relating to the illegal material found on his computer, and I believe that people who make and access this material deserve to be prosecuted to the full extent of the law.
The fact the the material in question was found on the computer, however, highlighted the issue: do you or can you trust computer technicians with your data when your computer is in for repair?