Technology - Page 3

“Where would your government be without child porn?”

Posted on February 5, 2012April 11, 2014 by Matt Taylor 9 Comments

“If it didn’t exist, the government would surely invent it.”

Because it’s a great excuse for an internet censorship machine.

This isn’t a debate about whether child sex abuse is right or wrong. You know it’s wrong, I know it’s wrong, we all know it’s wrong. This is a debate about censorship.

Censorship causes blindness

New Zealand has an internet blacklist. A list of content that, if your internet service provider has decided to be part of the filtering project, you can’t access. Images of child sexual abuse are meant to be the only stuff blocked, but the list is secret, censorship decisions happen in private and if international experience is anything to go by, other content has a habit of turning up blacklisted.

What the filter is

Its full name is the Digital Child Exploitation Filtering System. It’s run by the Department of Internal Affairs. It’s powered by NetClean’s WhiteBox, which was supplied by Watchdog International “which provides filtered Internet access for families, schools and businesses”.

The DIA say that they’re contractually constrained to only use the filter to block child sexual abuse material.

They say that:

“The filtering system is also a tool to raise the public’s awareness of this type of offending and the harm caused to victims. The Group agreed that this particular aspect of the filter needs to be more clearly conveyed to the public.”

So basically, it’s to make it seem like they’re doing something, because it doesn’t actually prevent people from accessing child sex abuse images.

The list is maintained by three people (pdf) (mirror), and sometimes there is a backlog of sites to investigate: “The Group was advised that the filter list comprises approximately 500 websites, with several thousand more yet to be examined.”

How it works

A list of objectionable sites is maintained by the Department. If someone using an ISP that’s participating in the filter tries to access an IP address on the filter list, they’ll be directed to the Department’s system. The full URL will then be checked against the filtering list. If the URL has been filtered, users end up at this page. The user can appeal for the site to be unfiltered, but no appeals have been successful yet (and some of the things people have typed into the appeal form are actually quite disturbing).

Is my internet being filtered?

The internet of 2.2 million ISP clients is being filtered.

It’s voluntary for ISPs to participate in because it wasn’t introduced through legislation, however big ISPs are participating:

Telecom
TelstraClear
Vodafone
2degrees

Others are:

Airnet
Maxnet
Watchdog
Xtreme Networks

I assume, for the ISPs providing a mobile data service, the filter is being applied there too.

Why the filter is stupid

Child pornography is not something someone stumbles upon on the internet. Ask anyone who has used the internet whether they have innocently stumbled upon it. They won’t have.

It’s easy to get around. The filter doesn’t target protocols other than HTTP. Email, P2P, newsgroups, FTP, IRC, instant messaging and basic HTTPS encryption all go straight past the filter, regardless of content. Here’s NetClean’s brochure on WhiteBox (pdf), and another (pdf). Slightly more technical, but still basic tools like TOR also punch holes in the filter. The filter is not stopping anyone who actually wants to view this kind of material.

A much more effective use of time and money is to try to get the sites removed from the internet, or you know, track down the people sharing the material. Attempts to remove child sex abuse material from web hosts will be supported by a large majority of hosts and overseas law enforcement offices.

It is clear that the DIA don’t do this regularly. They’re more concerned with creating a list of URLs.

From the Independent Reference Group’s December 2011 report:

“Additionally 18% of the users originated from search engines such as google images.”

Google would take down child sex abuse images from search results extremely fast if they were made aware of them. And it is actually extremely irresponsible for the DIA not to report those images to Google.

Update: The DIA say they used Google Images as an example, and that they do let Google know about content they are linking to.

“The CleanFeed [the DIA uses NetClean, not Cleanfeed] design is intended to be extremely precise in what it blocks, but to keep costs under control this has been achieved by treating some traffic specially. This special treatment can be detected by end users and this means that the system can be used as an oracle to efficiently locate illegal websites. This runs counter to its high level policy objectives.” Richard Clayton, Failures in a Hybrid Content Blocking System (pdf).

It might be possible to use the filter to determine a list of blocked sites, thus making the filter a directory or oracle for child sex content (however, it’s unlikely people interested in this sort of content actually need a list). Theoretically one could scan IP addresses of a web hosting service with a reputation for hosting illegal material (the IWF have said that 25% of all websites on their list are located in Russia, so a Russian web host could be a good try). Responses from that scan could give up IP addresses being intercepted by the filter. Using a reverse lookup directory, domain names could be discovered that are being directed through the filter. However, a domain doesn’t have to contain only offending content to be sent through the DIA’s system. Work may be needed to drill down to the actual offending content on the site. But this would substantially reduce the effort of locating offending content.

Child sex abuse sites could identify DIA access to sites and provide innocuous images to the DIA and child sex abuse images to everyone else. It is possible that this approach is already happening overseas. The Internet Watch Foundation who run the UK’s list say in their 2010 annual report that “88.7% of all reports allegedly concerned child sexual abuse content and 34.4% were confirmed as such by our analysts”.

Someone could just use an ISP not participating in the filter. However people searching for this content likely know they can be traced and will likely be using proxies etc. anyway. Using proxies means they could access filtered sites through an ISP participating in the filter as well.

It is hard (practically, and mentally) for three people to keep on top of child sex abuse sites that, one would assume, change locations at a frequent pace, while, apparently, reviewing every site on the list monthly.

The filter system becomes a single point of attack for people with bad intentions.

The DIA, in their January 2010 Code of Practice (pdf) even admit that:

“The system also will not remove illegal content from its location on the Internet, nor prosecute the creators or intentional consumers of this material.” and that
“The risk of inadvertent exposure to child sexual abuse images is low.”

Anonymity

The Code of Practice says:

“6.1          During the course of the filtering process the filtering system will log data related to the website requested, the identity of the ISP that the request was directed from, and the requester’s IP address.
6.2          The system will anonymise the IP address of each person requesting a website on the filtering list and no information enabling the identification of an individual will be stored.”
“6.5          Data shall not be used in support of any investigation or enforcement activity undertaken by the Department.” and that
“5.4          The process for the submission of an appeal shall:
•   be expressed and presented in clear and conspicuous manner;
•   ensure the privacy of the requester is maintained by allowing an appeal to be lodged anonymously.”

Anonymity seems to be a pretty key message throughout the Code of Practice.

However…

In response to an Official Information Act request, the DIA said:

“When a request to access a website on the filtering list is blocked the system retains the IP address of the computer from which the request originated. This information is retained for up to 30 days for system maintenance releases and then deleted.” [emphasis mine]

Update: The DIA says that the IP address is changed to 0.0.0.0 by the system.

The site that people are directed to when they try to access a URL on the blacklist (http://dce.net.nz) is using Google Analytics. The DIA talk the talk about the privacy and anonymity around the filter, but they don’t walk the walk by sending information about New Zealand internet users to Google in the United States. It’s possible this is how the DIA gets the data on device type etc. that they use in their reports. Because anyone can simply visit the site (like me, just now) those statistics wouldn’t be accurate.

DCE filter Google Analytics

From the Independent Reference Group’s August 2011 (pdf) minutes:

“Andrew Bowater asked whether the Censorship Compliance Unit can identify whether a person who is being prosecuted has been blocked by the filtering system. Using the hash value of the filtering system’s blocking page, Inspectors of Publications now check seized computers to see if it has been blocked by the filtering system. The Department has yet to come across an offender that has been blocked by the filter.”

I’m not exactly sure what they mean by hash value, but this would seem to violate the “no information enabling the identification of an individual will be stored” principle.

Update: They are searching for the fingerprint of content displayed by the blocking page. It doesn’t seem like they could match up specific URL requests, just that the computer had visited the blocking page.

And, from the Independent Reference Group’s April 2011 (pdf) minutes:

“For all 4 of the appeals the complainant did not record the URL. This required a search of the logs be carried out to ensure that the site was correctly being blocked.”

Appeals are clearly not anonymous if they can be matched up with sites appellants have attempted to access.

Update: The reviewers look at the URLs blocked shortly before and after the appeal request to work out the URL if it isn’t provided.

9000 URLs!

The DIA earlier reported that there were 7000+ URLs on their blacklist. This dropped to 507 in April 2011, 682 in August 2011, and 415 in December 2011. Those numbers are much closer to the 500 or so URLs on IWF’s blacklist.

Where did these 6500 URLs disappear to (or more accurately, why did they disappear?). What was being erroneously blocked during the trial period, or was 7000 just a nice number to throw around to exaggerate the likelihood of coming across child sex abuse images (though, even with 7k sites, the likelihood still would have been tiny)?

Scope creep

Firstly, we weren’t going to have a filter at all:

‘“We have been following the internet filtering debate in Australia but have no plans to introduce something similar here,” says Communications and IT minister Steven Joyce.
“The technology for internet filtering causes delays for all internet users. And unfortunately those who are determined to get around any filter will find a way to do so. Our view is that educating kids and parents about being safe on the internet is the best way of tackling the problem.”’

Then it was said that:

“The filter will focus solely on websites offering clearly illegal, objectionable images of child sexual abuse.”

and

“Keith Manch said the filtering list will not cover e-mail, file sharing or borderline material.” [emphasis mine]

One would assume from “images of child sexual abuse” that they would be, you know, images of children being sexually abused. However, it seems that CGI and drawings (Hentai) have made the list.

From the minutes of the Independent Reference Group’s October 2010 meeting:

“Aware that the inclusion of drawings or computer generated images of child sexual abuse may be considered controversial, officials advised that there are 30 such websites on the filtering list [that number is now higher, 82 as of December 2011]. Nic McCully advised that officials had submitted computer generated images for classification and she considered that only objectionable images were being filtered.”

The arguments around re-victimization kind of fall apart when you’re talking about a drawing.

And from the borderline material file:

“The Group was asked to look at a child model website in Russia. The young girl featured on the site appears in a series of 43 photo galleries that can be viewed for free. Apparently the series started when the girl was approximately 9 years old, with the latest photographs showing her at about 12 years old. The members’ part of the site contains more explicit photos and the ability to make specific requests. While the front page of the website is not objectionable, the Group agreed that the whole purpose of the site is to exploit a child and the site can be added to the filter list.”

Clearly illegal, objectionable images of child sexual abuse? No, but we think it should be filtered so we went and did that.

Dodgy DIA

The DIA was secretive about the filter being introduced in the first place. Their first press release about it was two years after a trial of the system started. I wonder how many of those customers using an ISP participating in the trial knew their internet was being filtered during that time?

The Independent Reference Group is more interesting than independent. Steve O’Brien is a member of the group. He’s the manager of the Censorship Compliance Unit. To illustrate this huge conflict of interest, he is the one who replies to Official Information Act requests about the filter. Because the Censorship Compliance Unit operate it.

“The Group was advised that the issue of Steve O’Brien’s membership had been raised in correspondence with the Minister and the Department. Steve O’Brien offered to step down if that was the wish of the Group and offered to leave the room to allow a discussion of the matter. The Group agreed that Steve O’Brien’s continued membership makes sense.” [emphasis mine]

That was the only explanation given. That it makes sense that he is a member. Of the group that is meant to be independent.

Additionally, the DIA seems to have accidentally deleted some reports that they should have been keeping.

From Tech Liberty:

“Last year we used the Official Information Act to ask for copies of the reports that the inspectors [have] used to justify banning the websites on the list. The DIA refused. After we appealed this refusal to the Ombudsman, the DIA then said that those records had been deleted and therefore it was impossible for them to give them to us anyway. The Department has an obligation under the Public Records Act to keep such information.
We complained to the Chief Archivist, who investigated and confirmed that the DIA had deleted public records without permission. He told us that the DIA has promised to do better in the future, but naturally this didn’t help us access the missing records.”

List review

The Code of Practice says:

“4.3 The list will be reviewed monthly, to ensure that it is up to date and that the possibility of false positives is removed. Inspectors of Publications will examine each site to ensure that it continues to meet the criteria for inclusion on the filtering list.”

It’s unlikely this actually happens.

Here’s some statistics of how many URLs have been removed.

December 2011
267 removed
August 2011
0 removed
April 2011
108 removed

It’s impossible that between April and August there were no URLs to remove.

In the Independent Reference Group’s December 2011 report it seemed like the following was included because it happens so rarely:

“The list has been completely reviewed and sites that are no longer accessible or applicable (due to the removal of Child Exploitation Material) have been removed.”

The Independent Reference Group has the power to review sites themselves. But in at least one case, they chose not to:

“Members of the Group were invited to identify any website that they wish to review. They declined to do so at this stage.”

The filter isn’t covered by existing law and didn’t pass through Parliament. Appropriate checks and balances have not taken place. The DIA did this on their own.

By law, the Classification Office has to publish its decisions, which they do. The DIA’s filter isn’t covered under any law, and they refuse to release their list. The DIA say that people could use the list to commit crimes, but the people looking for this material will have already found it.

What if the purpose of the filter changes? The DIA introduced it without a law change, the DIA can change it without a law change. What if they say “if ISPs don’t like it, they can opt out of the filter”? How many ISPs will quit?

The only positive is that the filter is opt in for ISPs. Please support the ISPs that aren’t using the filter. Support them when they’re accused of condoning child pornography, and support them when someone in government decides that the filter should be compulsory for all ISPs.

Side note: why does all of the software on the DIA’s family protection list, bar one, cost money? There is some excellent, or arguably better, free software available. There’s even a free version of SiteAdvisor, but the DIA link to the paid one. Keep in mind that spying on your kids is creepy. Talk to them, don’t spy. The video for Norton Online Family hilariously and ironically goes from saying “This collaborative approach makes more sense than simply spying on your child’s internet habits [sitting down and talking — which is absolutely correct]” to talking about tracking web sites visited, search history, social networking profiles, chat conversations and then how they can email you all about them. Seriously. Stay away.

^{Image credit: Andréia Bohner}

Posted in Free Speech, Law, New Zealand, Technology, Worldwide

WordPress Image Plugins

Posted on February 5, 2012April 11, 2014 by Matt Taylor 1 Comment

Yahoo recommends a number of things to improve web page performance. There’s a couple of WordPress plugins that help with image performance.

Image Pro resize screenshot

WP Smush.it

Yahoo has a service called Smush.it that optimizes images. The WordPress plugin, WP Smush.it, reduces the file size of most images added to posts and pages automatically behind the scenes. It’s non-lossy, so the look and quality of images isn’t altered. Through the Media Library, existing images can be run through Smush.it.

Image Pro

Something else Yahoo recommends is not scaling images using HTML code. The plugin Image Pro lets you resize images in the editor, by dragging the corners, like you’d do in Word. The resized version is saved as a separate image so in the post it isn’t scaled using HTML. However, sometimes there’s a slight quality loss using the plugin.

Posted in Blogging About Blogging, Technology

Close Up’s To Catch a Predator Blurring

Posted on January 25, 2012January 25, 2012 by Matt Taylor Leave a comment

Mark Sainsbury said: “Now you, like us, may feel frustrated that the faces of these predators have been blurred.”

Except they didn’t do as good as a job on not mentioning occupations, or on blurring number plates and names in the story (in the clips they showed the number plate and last name without pixelation):

Posted in Law, New Zealand, Technology

Congratulations Internets

Posted on January 22, 2012February 5, 2013 by Matt Taylor Leave a comment

But your work is not over.

Wikipedia SOPA PIPA Blackout Protest

On January 18 the users and companies of the internet rallied together to protest against SOPA and PIPA, bills that would censor the internet. Check out the numbers. It worked. Here‘s part of a huge list, with even bigger names on it of the sites that participated in the blackout. Google, Wikipedia, Reddit, BoingBoing and Wired are among them. Here’s the page Wikipedia displayed. The Wikipedia page about SOPA and PIPA was accessed more than 162 million times during the 24 hours the site was blacked out. More than eight million people looked up their elected representatives’ contact information via Wikipedia’s tool, crashing the Senate’s website. At one point, 1% of all tweets on Twitter included the #wikipediablackout hashtag.

SOPA? PIPA?

Wikipedia explains, and has some links here.
One page PDF guide to the bills from EFF

Is it over?

It is likely the bills will be back in one form or another:

What’s the best way for me to help? (for U.S. citizens)
The most effective action you can take is to call your representatives [phone calls have the most impact] in both houses of Congress, and tell them you oppose SOPA, PIPA, and the thinking behind them.^[9]
What’s the best way for me to help? (for non-U.S. citizens)
Contact your country’s Ministry of Foreign Affairs or similar government agency. Tell them you oppose SOPA and PIPA, and any similar legislation. SOPA and PIPA will affect websites outside of the United States, and even sites inside the United States (like Wikipedia) that also affect non-American readers — like you. Calling your own government will also let them know you don’t want them to create their own bad anti-Internet legislation.

For New Zealanders, that’s the Ministry of Foreign Affairs and Trade. Their contact details are here.

Megaupload

Megaupload’s website was taken down a day after the protest (without trial), with related people being arrested in New Zealand, and property confiscated. Are we okay with helping enforce US copyright law which, as SOPA and PIPA shows is heavily influenced by the entertainment industry? Is this what extradition should be used for?

It appears, at first glance, that Megaupload was removing infringing material on request. Although it seems their take down procedure was molded around the way they store files–only storing one copy of it if it is uploaded more than once, but giving out a unique URL for the file.

Megaupload has many similarities to other websites, which makes this concerning. It was definitely used for legitimate and legal purposes by legitimate users.

Tech Liberty asks do we need to obey laws from other countries while on the internet, if so, what countries?

Even if I have a web host in one country, what if they provide services via another country? The internet is so connected, how do we know whose laws apply?

^{Image credit: LoveNMoreLove/Wikipedia}

Posted in Free Speech, Law, New Zealand, Technology, Worldwide

Internet Censorship Is Harmful

Posted on January 18, 2012January 28, 2012 by Matt Taylor 1 Comment

I’m on holiday and posting this from my phone. Let’s all pretend this site is blacked out.

http://sopastrike.com/

^{Image credit: Jed Hastwell}

Posted in Free Speech, Law, Technology, Worldwide

Follow Up: Personal Information In Emails, Library Edition

Posted on January 15, 2012April 3, 2018 by Matt Taylor Leave a comment

Deleting messages

I posted a while ago about a security issue with TelstraClear’s webmail. Mainly that someone could access an email account through the referring URL gathered through visitor analytics tools available for most websites.

This made me think about the personal information that I have in my email account.

The library here in Christchurch includes users’ addresses in the header of all emails that they send out automatically (reminders about due books, holds, etc). I gather libraries around the country do this.

This always struck me as strange, because there’s no need to include this information.

An address isn’t the most private information in the world, but if someone broke into my email account, it’s something I wouldn’t like them to have.

So I asked the library about it. Here’s their response:

“Thank you for your recent query as to why postal address details are included in Christchurch City Libraries customer email notifications.
SirsiDynix, the integrated library system provider used by Christchurch City Libraries, have responded that identical address information is shown on both notification options [email and snail mail] because the reports draw on the same User Address information. Their opinion is that modifying the script to suit emailed notices would harm the report’s ability to print the needed addresses for mailed notices.
Unfortunately in-house report customisation is not currently a viable option because of time and financial constraints but we would certainly re-evaluate should there be further customer demand. We are not aware of any likely changes to the SirsiDynix system in the near future.”

No dice.

^{Image credit: Fiona Bradley}

Posted in New Zealand, Technology

PayPal Policy Update Strangeness

Posted on January 14, 2012January 3, 2013 by Matt Taylor 2 Comments

PayPal send out emails about policy updates. Here is one of them:

PayPal Policy Updates

There’s a few strange things going on.

1) I’m not in Singapore but get sent their Singapore address.

2) They link to their site when they could have just said “go to PayPal’s website”. Getting people into the habit of clicking on links asking them to log in, especially ones with weird extensions doesn’t seem good.

3) If you’re going to include a link, at least link to the changes. Why do I have to log in and go to notifications to see them?

4) On the same note, why aren’t the changes just included in the email to begin with?

Here’s one of the changes listed in notifications:

PayPal Policy amendment

It is the whole PayPal User Agreement. What has changed? Who knows.

To their credit, a more recent January change just has the part of the policy that has changed.

Maybe they’re learning.

Posted in Technology, Worldwide

Financial Advice

Posted on January 6, 2012January 2, 2013 by Matt Taylor Leave a comment

Money

Here is a New Zealand Herald article that contains some shitty and some good advice about money.

Thumbs down

Buying over renting

Buy property young, preferably in your 20s. Move heaven and earth to get the deposit. Rent is wasted money.

Buying a house is not for everyone. Sometimes it doesn’t make financial sense for a particular person. Insurance, rates, money spent on repairs (~$5k~ a year) etc. sometimes make renting a better choice. Run the numbers.

Avoid fines

It’s moronic to incur fines. Like the maniac driver in a big red American-style pickup truck who overtook me on State Highway 2 on December 17, just to be pulled over and fined.

Yes, you shouldn’t speed etc. etc., but this doesn’t contain any useful advice if you do get a fine. Actual advice would be to set up an automatic payment account to a ‘Stupid mistakes’ savings account so you have money to pay inevitable fines.

NEVER SPEND MONEY EVAAAA

Every dollar is precious. Think before you spend it.
I regret frittering money on coffees and unnecessary eating out. It would be better to direct that money towards savings.
Needs and wants are often confused. This is perhaps the biggest financial mistake that people make.

If you enjoy a coffee a day, buy a coffee a day. If you enjoy eating out, eat out. There’s no point earning money if you don’t spend it on stuff you love. Cut back on the stuff you don’t care about, optimize existing spending (subscriptions and phone/internet/TV/power etc. plans) and/or earn more money.

Have a budget!!@@111

Track your spending. You can’t budget if you don’t know what you’re spending.

Perhaps the most popular piece of financial advice ever given out. How many people who write this actually do in it in practice, I’m not sure. Tracking your spending by typing into a spreadsheet or basically anything with mainly manual entry is doomed to fail. Xero with BNZ and ASB by itself both offer spending tracking services within online banking. Or, Xero allows the import of other bank’s transactions. Do mainly electronic transactions (because they can automatically coded into categories) and use these.

Credit cards

Credit cards make you look rich. Anyone can live well for a few years, but the debt catches up.

Credit cards with benefits that are automatically paid off each month are excellent.

Thumbs up

Judging people

People are too quick to judge others’ financial decisions, me included.

1) No one wants unsolicited advice. 2) You have your own problems to worry about.

Pay bills

Pay your taxes on time. The IRD has a big stick.

Pay all bills on time. Automate them. The IRD and other companies are always up for negotiation around deadlines.

Experiences

Spending money on experiences is good spending. I am eternally grateful that I sold all but one of my shares at age 22 (by coincidence in August 1987) and went backpacking through Latin America. It’s good spending if the experience enriches life.

Yes. Also, give experiences as presents instead of physical things.

Save for things. Automatically.

Save before you buy. A bit of a radical concept in 2011, but it can change people’s financial future.

Enter into interest-free deals cautiously

Interest-free hire purchase deals are for suckers. You still pay ad establishment fee and the majority of people fail to clear the debt on time and pay interest anyway.

These places invariably have great clauses such as charging you if you pay anything over the set monthly amount. Once you’ve finished paying the item off you get mailed offers from the company for ever and ever.

Avoid interest

Interest payments on personal loans, credit cards and HP are “idiot tax”. Why throw money away unnecessarily?

Work out how much something will really cost when interest is added before jumping into these. There’s calculators online that will help.

KiwiSaver

KiwiSaver is good.

Get in it.

Advice

Take your advice from people who have been through several cycles. Johnny-come-latelies going through their first financial cycle underestimate the risks.

Ask older people what they would have liked to have known at your age. What would they save for if they could turn back the clock?

Read a book

You can learn more about money. The easiest and cheapest way to improve your knowledge is to get a book out of the library.

^{Image credit: 401k/401kcalculator.org}

Posted in New Zealand, Technology, Worldwide

Megafail: Universal Music Gone Rogue

Posted on December 17, 2011April 11, 2014 by Matt Taylor Leave a comment

Megaupload uploaded a $3 million+ viral video attempt in the form of a song, The Mega Song, to YouTube. Containing endorsements from many musicians that have contracts with Universal Music Group, they weren’t the happiest of campers.

Macy Gray sings in the video, which features will.i.am, P. Diddy, Kanye West, Kim Kardashian (who comes running whenever someone utters the word “endorsement”), Lil John, The Game, Floyd Mayweather, Chris Brown, Jamie Foxx, Serena Williams and Ciara on camera. (Side note: It’s accepted that Chris Brown can do endorsements now?)

Using YouTube’s content management system, which Universal has access to as copyright holders, they took the video down. They didn’t own any content in it. They just didn’t like it.

The lawsuit

Now Megaupload aren’t the happiest of campers, and are suing Universal, trying to prevent Universal from interfering with the video, which is now back up, after YouTube appears to have asked Universal as to why exactly they took it down.

The New Zealand connection (read: Universal don’t know what their own artists sound like)

Apart from Kim Schmitz/Kim Dotcom, Chief Innovation Officer at Megaupload having a house here in New Zealand where he also has permanent residency (which he celebrated by giving Auckland a $500,000 USD New Year fireworks display), Universal claimed that they took down the video because it contained content from one of their artists, Gin Wigmore.

Wigmore, of course, doesn’t appear in the video at all, in audio or visual form (but was approached to sing in it), so perhaps Universal have forgotten what their artists actually sound like, and mistook Macy Gray for her.

will.i.am

Two takedown notices were received, the second one from will.i.am (well, his lawyer), who appears in the video, saying “When I’ve got to send files across the globe, I use Megaupload”.

Ira Rothken, lawyer for Megaupload, says that written permission in the form of signed Appearance Consent and Release Agreements were provided by everyone in the video, including will.i.am. will.i.am’s signed form, which you can read here (pdf, will.i.am’s real name is William Adams), is pretty convincing.

The Hollywood Reporter has Ken Hertz, will.i.am’s lawyer, says that he “never consented to the ‘Megaupload Mega Song’”. Because he delivered that line to camera for another reason?

Dotcom says that will.i.am assured him that he “had not authorized the submission of any takedown notice on his behalf”.

Universal’s takedown rights “not limited to copyright infringement”

Universal claim that they can takedown the video under an agreement with YouTube–not the Digital Millennium Copyright Act. In a letter (pdf) to YouTube from Kelly Klaus, a Universal lawyer, says that “As you know, UMG’s [takedown] rights in this regard are not limited to copyright infringement, as set forth more completely in the March 31, 2009 Video License Agreement for UGC Video Service Providers, including without limitation in Paragraphs 1(b) and 1(g) thereof.”

In that case the DMCA’s rules and protections around takedown notices wouldn’t apply. If this is true, YouTube isn’t exactly open about it. They claimed that the video had been taken down by a copyright claim in the message displayed when people tried to watch it:

Mega Song block notice on YouTube

Rothken says “What they are basically arguing, they can go ahead and suppress any speech they want without any consequences. That’s not a workable paradigm”.

This is, perhaps, a huge tick in the column against the Stop Online Piracy Act, which is currently being debated.

Streisand effect, here we come.

^{Image credit: TorrentFreak}

Posted in Free Speech, Law, New Zealand, Technology, Worldwide

My Email Account Is More Secure Than My Bank Account

Posted on December 10, 2011February 26, 2017 by Matt Taylor 18 Comments

Update 28 September 2012: This post was written before I started working for a bank (who I love dearly), and at least some views expressed in this post have changed since then (eg. case-insensitive passwords (and ASB isn’t the only bank that does this) are irrelevant when users are locked out after three incorrect login attempts–Facebook does something similar to this, accepting the actual password, the password with the first letter capitalized (to account for automatic capitalization on mobile devices), and the password with the case of letters reversed (to account for the caps lock key being on), and that a charge for a bank cheque is not so unreasonable in the context of a lot of bank cheques being for a large amount). Also some bank policies have changed since this post was published (eg. ASB no longer charges $2 for automatic payments added/amended online–progress!) There is, however, no way of getting around ASB’s $0.20 fee for a Netcode over-$500-transfer-authorization if you don’t have a token–it is charged even if you call the 0800 number and ask them to release the payment. Except for a note regarding the previous sentence, this post hasn’t been edited from the original form.

And useful (see: next day bank transfers).

National Bank It's Your Money — What it said.

I’m with ASB and they are great, however no one is perfect. Here’s some things that I hate about banks in New Zealand. Many of these problems are shared by the entire industry.

Tertiary accounts

Update: Here’s some clarity around ASB’s tertiary accounts.

Or the fact that ASB keeps trying to convert me to one even though I’m not allowed one.

Here’s mailer number one, received the week of my 17th birthday:

And mailer two, from today:

Irrelevant: check. Impersonal: check. You know how to make a guy feel special ASB. (Case in point: I’m not 18 so they couldn’t give me my own credit card even if they really really wanted to).

This is upsetting because I have a feeling tertiary accounts have less fees than youth accounts. ~~At least, it isn’t emphasized that service fees apply to tertiary accounts like it is for youth accounts on ASB’s fee exemption page.~~ Service fees apply for everyone, see comment from ASB below.

Stupid bank fees

ASB isn’t the only bank that charges stupid fees, but here are some examples of theirs:

$2 to set up or amend an automatic payment or add a person you might want to transfer money to again (like the power company, or mum). Online. On the internet. Changing an entry in a database. By yourself.
20 cents for each time you use Netcode, ASB’s text verification service, which you can choose to happen on login. Google, who isn’t even in New Zealand doesn’t charge for this (see below). Probably get charged 20 cents again by your mobile service provider for receiving the text. Some sort of verification is required for some transactions that take you over a $500 daily transfer limit, or if you’re sending money overseas. ~~Alternatively, you can ring their call center to get transactions verified for free11@!! I wonder if the time of the person you speak to on the phone is worth less than 20 cents?~~ See update at top of post–20 cents is charged even if you call the 0800 number.
Alternatively you can pay $12 a year for a physical Netcode token, which you’d need if you are regularly out of cellphone reception and probably if you travel overseas. RaboDirect provides these for free. BNZ provides the NetGuard card for free.
5 cents for each email alert. For the virtual stamp. Or the person who licks it. Or something.
20 cents for text alerts and text banking. I think they charge you when they receive a text banking message from you. Plus you probably get charged to send texts to them by your service provider. In contrast, Westpac provides a certain number of text alerts free per month as long as you log in to online banking that month.
$5 for bank cheques. Plus because you probably have an “electronic” account, and if you’re not a youth/student, a fee of $3 because that’s a manual transaction.

Password policies

“Please note, your password must be eight characters long, and contain at least two letters (a-z) and at least two numbers (0-9). For example, redbus73 and 8cube224 are valid passwords.”

This is ASB’s. I assume other banks are as ridiculous. Would you like a nine character password? YOU CAN’T. MUST BE EIGHT.

Microsoft’s (now defunct) password checker says both of their examples are weak. ASB lets you use both of their examples as real passwords, because security.

@MothershipNZ and @FromAQuasar point out that ASB passwords aren’t case sensitive and also that some symbols aren’t allowed.

Stupid marketing policies

Here’s an entry form I picked up from BNZ’s tent at The Show:

Note the classy clause at the bottom: “By providing your details, you consent to use contacting you about our products, services and promotions, from time to time (including via text message without an unsubscribe facility).”

Once you’re in, they have you.

I guess if you rang them they’d remove you from their text messaging scheme, but really, why not let people unsubscribe via text using common keywords like stop, or unsubscribe?

Visa Debit cards

And their annual fees. $10 a year for having the card. National Bank got half of the memo and isn’t charging the annual fee if you have their Freedom account. But you have to be earning $30k+ a year and pumping it into that account. Anyway, I like the image they’re using in their ads for it (see top image).

Sure, debit cards are great if you are under 18 or don’t trust yourself with a credit card. But really, if you can, you should just get a credit card.

Banks (looking at you Westpac and BNZ) seem to love converting people to these debit cards, even if the person already has a credit card with the bank. I don’t understand. Family members have received Visa Debit cards in the mail from Westpac, even though they have a credit card with Westpac. If you already have a Visa or credit card, why would you want a Visa Debit?

It’s a bit of a have, because people naturally think this is their replacement EFTPOS card and start using it, probably not realizing that once they start using it they’re going to be charged an annual fee. If they’re lucky, maybe the fee will be waived for a year or two!

When you go into BNZ to request an EFTPOS card, the tellers like to order you in a Visa Debit card instead*, because, you know, they know best.

^{*May have happened just once.}

Lack of security

That’s Google’s 2-step verification programme.

There’s a number of ways to use it. I have the Google Authenticator application on a couple of devices (it works without needing an internet connection), I can get a code sent to me by text (for free!!@@) if the application isn’t working, I can use the backup codes if I have to, and I can tell Google that it doesn’t need to ask me for a verification code on the computer I’m using for another 30 days if I trust it.

It works, it’s good, it’s free. And it’s not even protecting my money.

Side note: security has to actually be built-in by design and be compulsory for it to be useful. Kerry Thompson points out that security conscious people probably have limited use for 2-factor authentication systems, because they already take precautions. The people who aren’t security conscious are also the people who don’t think they need 2-factor authentication, they think they’ll be covered by the bank, or won’t use it because of the cost (hi ASB’s 20 cent per text charge).

See also: Google doesn’t have an eight character password policy and Google gives a detailed account of recent account activity (ASB shows the last time I logged in, but I rarely look at it, and out of context it’s kind of useless).

Gimmicky campaigns for savings

Read: ASB’s Save the Change and Westpac’s Impulse Saver iPhone application.

How about encouraging people to set up an automatic payment to a savings account every pay period and sign up for Kiwisaver?

Also, you would think an application that consists of one button would be easy to set up, but Westpac’s Impulse Saver requires you to apply to use it, and makes you wait for a callback from a customer service person.

Phone banking on mobiles

Westpac and BNZ seem to be the only two banks who try to ban calls from mobile phones to their phone banking numbers. It’s trivial to get around this with Westpac, just call their main 0800 number and press one to get to phone banking. On BNZ it seems like that works too, at least after their call center hours.

Visa and MasterCard undermining credit card PINs

Visa and MasterCard aren’t banks, but whatever.

McDonald’s, in association with Visa and MasterCard has the policy of not requiring a PIN or signature for credit card transactions under $35.

How they can guarantee security, I’m not sure, because they just took away the only security of a PIN or signature. I’m not sure why Visa and MasterCard don’t make this opt-in or opt-out.

Zero liability can’t apply if you don’t realize there’s a fraudulent charge on your statement, so good luck everyone.

Next day bank transfers

Or please stop relying on a cron job for transfers.

10 years after one-off payments were introduced, they still take up to the next business day to go through to accounts at other banks. I realize this might require some consultation with the People In Charge Of The Money, but can we please get rid of this? Thanks. Also, could we please do transfers on non-business days to accounts at other banks and get rid of the 10pm cut off for not-my-bank transfers?

Excellent.

Posted in Life, New Zealand, Technology