OK, off my soap box – for a second, anyway. One of the measures I’ve put in place to deal with such nuisances is to implement blacklisting by user agent in htaccess files. It’s not the most effective way in the world to deal with bad-behaved bots, but it’s quick, easy, and deals with a large majority (80%+) of the spammers and script kiddies – the ones who aren’t smart or skilled enough to write their own bots, or to even change the user agent name to one that hasn’t been seen a gazillion times.

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)

This particular agent string – as I write this – is #16 on this list, as well as this one. In going through 2 1/2 years of logs from my old hosting, it’s apparent that no legitimate use of this agent string has ever been seen on any of the sites I manage, and obviously, it’s been caught in honey pots for years as well. The decision to blacklist this user agent was one of the easier ones to make. This particular rule has already stopped four bots (a lot for my sites!) in the first two days it was in use, including these two entries from the server logs:

174.143.89.144 - - [29/Jan/2012:17:12:41 -0500] "GET / HTTP/1.1" 403 380 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
174.143.89.144 - - [30/Jan/2012:17:43:07 -0500] "GET / HTTP/1.1" 403 380 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"

A whois query shows that this address resolves to the BBB:

Council of Better Business Bureaus RSPC-1244493612054045 (NET-174-143-89-128-1) 174.143.89.128 - 174.143.89.159

I was aware that the BBB was running a bot that checked in on one of the sites I administer once a day, but I never gave much thought to the user agent this bot identifies itself with. What makes this interesting is that I remembered seeing that the BBB was a supporter the various “anti-piracy” measures in Congress. After doing a little searching, I found these two letters from the BBB to various members of Congress stating the BBB’s support of the SOPA and PROTECTIP bills. They are all generic form letters, with the name of the legislative bill and the congress critter’s names being changed as appropriate. However, the BBB did publish these to the world, and this is their official stance, so deconstructing what they say – especially in light of this bot – is only fair.

Rogue websites are often designed to deceive consumers into believing they are legitimate by misappropriating trademarks from respected businesses and entities – including the BBB – to foster trust with those who visit the sites.

Speaking of deceptions, why doesn’t the BBB label their bot as a bot that belongs to the BBB? What do they have to hide? As well, in faking this user agent, BBB has misappropriated and violated the Mozilla trademark, as well as several Microsoft trademarks. People in glass houses.

Moreover, consumers who share sensitive personal and financial information with these sites are also exposed to an increased risk of falling victim to other malicious online activity such as phishing scams, identity theft, or viruses.

In addition to jeopardizing consumer safety and protection, rogue websites impact the health of our national, state and local economies. According to a 2007 report for the Institute of Policy Innovation, copyright theft costs the U.S. economy more than 373,000 jobs that would otherwise have been created, as well as $58 billion in economic output and $3 billion in federal, state, and local tax revenues.

Scams such as these are already illegal. Is it really so difficult to understand that if the current laws aren’t enforced, further legislation isn’t going to make a difference? Apparently it is, since these fallacies are peddled by every shill expressing their support for these kinds of “solutions.” 373,000 jobs and $58 billion in economic output? And we’re supposed to believe those incredible numbers, with nothing more than a reference to an unnamed and unsourced report?!?

More importantly, the BBB is dreaming of a world they aren’t willing to work to make happen – at least not anything beyond lobbying efforts. Their bot only adds to the immense and wasteful noise caused by other bots. Some of those bots are used by site scrapers, who in turn create the rogue websites the BBB is complaining about. In short, the BBB is a part of the problem they’re demanding legislation to deal with.

In any case, since I’m sick of dealing with all the noise that comes from that particular agent string, it will remain blacklisted. If the BBB wants to check that this particular client’s site is up or whatever the hell they do, they can damned well pay a human (preferably in the USA instead of Canada) to manually check it every day. Or they can stop their deception and rename it to something that accurately identifies itself as belonging to the BBB – as well as programming it to follow directives in robots.txt. Organizations like the BBB, RIAA, MPAA, and the US Chamber of Commerce need to either start acting with the moral standards they are demanding of the rest of the world, or shut the fuck up.

Those who count on quote ‘Hollywood’ for support need to understand that this industry is watching very carefully who’s going to stand up for them when their job is at stake. Don’t ask me to write a check for you when you think your job is at risk and then don’t pay any attention to me when my job is at stake.”

You can’t be more blatant with bribes and threats than this. However, it’s highly unlikely this petition will do any good – looking at this petition service on the White House’s site leaves one with the impression that it’s only been deployed as a PR exercise. Reading the terms makes me wonder if I should raise my hand and ask if I can go to the bathroom, instead of just doing so. And there’s already another petition on there to “Actually take these petitions seriously instead of just using them as an excuse to pretend you are listening.”

Nonetheless, there’s also a campaign demanding Congress return Dodd’s/Hollywood’s dirty money, and they’ve listed the MPAA “Dirty Dozen”:

Below is our list of the MPAA “Dirty Dozen” — the top recipients of the MPAA’s cash (data shows contributions from Q1 2009 to Q2 2011, and comes courtesy of the Sunlight Foundation’s Influence Explorer).
Sen. Dianne Feinstein (Calif.) – $14,700
Sen. Patrick Leahy (Vt.) – $12,200
Sen. Harry Reid (Nev.) – $7,800
Rep. Howard Berman (Calif.) – $7,500
Sen. Mitch McConnell (Ky.) – $5,500
Sen. Chuck Schumer (N.Y.) – $5,500
Rep. Kevin McCarthy (Calif.) – $5,000
Rep. Henry Waxman (Calif.) – $5,000
Rep. John Boehner (Ohio) – $4,900
Sen. Daniel Inouye (Hawaii) – $4,000
Rep. Colin Peterson (Minn.)  - $3,500
Rep. Melvin Watt (N.C.) – $2,500

Public Knowledge issued a statement that sums it up nicely:

“Public Knowledge welcomes constructive dialog with people from all affected sectors about issues surrounding copyright, the state of the movie industry and related concerns.  Cybersecurity experts, Internet engineers, venture capitalists, artists, entrepreneurs, human rights advocates, law professors, consumers and public-interest organizations, among others should be included.  They were shut out of the process for these bills.

“We suggest that in the meantime, if the MPAA is truly concerned about the jobs of truck drivers and others in the industry, then it can bring its overseas filming back to the U.S. and create more jobs.  It could stop holding states hostage for millions of dollars in subsidies that strained state budgets can’t afford while pushing special-interest bills through state legislatures.  While that happens, discussions could take place.”

The FBI has caused incalculable damage, far in excess of the losses claimed by the content lobbies, in a fruitless attempt to prevent access to the media content hosted on Megaupload, some of which they claim to have been infringing copyright under US law.

…

The widespread damage caused by the sudden closure of Megaupload is unjustified and completely disproportionate to the aim intended. For this reason Pirates of Catalonia, in collaboration with Pirate Parties International and other Pirate Parties [including the Pirate Party of the United Kingdom], have begun investigating these potential breaches of law and will facilitate submission of complaints against the US authorities in as many countries as possible, to ensure a positive and just result.

Congratulations to the FBI and ICE on a job well done. If this results in a lawsuit against the USA, then who pays for that? Oh, right, the taxpayer – the ones the government claims to be protecting jobs and income from with this very action as their justification for these kinds of unlawful actions.

In approximately April 2006, members of the Mega Conspiracy copied videos directly from Youtube.com to make them available on Megavideo.com.

So? Were these copied videos copyrighted and the licensing ignored, were the licenses followed, or were they in the public domain?

On or about August 31, 2006, VAN DER KOLK sent an e-mail to an associate entitled “lol”. Attached to the message was a screenshot of a Megaupload.com file download page for the file “Alcohol 120 1.9.5 3105complete.rar” with a description of “Alcohol 120, con crack!!!! By ChaOtiX!”. The copyrighted software “Alcohol 120” is a CD/DVD burning software program sold by www.alcohol-soft.com.

The last time I checked, it wasn’t illegal to possess CD/DVD burning software. More germane to this investigation, did they actually use it to make unlicensed copies and distribute them? Or, was this email possibly even a joke? Again, there’s no context given.

On or about November 13, 2006, VAN DER KOLK sent an e-mail to another individual that contained 100 Megaupload.com links to infringing copies of copyrighted musical recordings by the artist Armin van Buuren.

But why did he send them? And who did he send them to? For all I know, he sent them to an individual at a recording company to verify they were infringing. Or maybe he was pirating them. Again, no context is given to tell.

And on and on and on, for 72 pages. It’s amazing the government’s case is so slipshod after they’ve apparently been collecting and sifting through email from megaupload for years. That long-term surveillance suggests a fairly high priority was given this case. Unless they’re hiding a ton of documents, or the emails are much worse then the indictment suggests, the D.O.J. is going to have a hard time proving their claims of racketeering and laundering. Given that, it’s stunning that New Zealand (who took a NZ$10 million bribe for granting Dotcom citizenship there – maybe they were pressured like Spain was) arrested him and several other members of the company, seized everything, and are preparing to extradite them all to the U.S.A. I’m sure these aren’t nice people, and they’ve probably committed some offense or other. However, no trial has been held, extradition hasn’t even occurred yet – no due process has been followed to the end! All of those assets were seized merely on the accusation of the U.S. government.

The hell with the arguments of infringement vs. theft. This is exactly the kind of nightmare scenario that many people have predicted SOPA/PIPA would bring about: an entire site taken down, instead of just the infringing content. And it’s already happening before the legislation has been voted on. (It’s actually been going on since at least June 2010). An entire site has been shut down wholesale, many people have lost legitimate content, and the effect is already having a chilling effect on all file-sharing sites, no matter their perceived legitimacy by Hollywood – which gives further strength to arguments about the current “intellectual property” regime having chilling effects on innovation.

A more important issue that also falls under the jurisdiction of I.C.E. is counterfeit drugs. 60 Minutes did a story about this growing problem. In it, David Elder, from the F.D.A, said their resources haven’t been able to keep up with the increase in volume of counterfeit drugs coming into the country through the mail.

“We don’t have the authority to actually destroy this on site. This product could very well come back into the country through a different mail facility. Maybe it gets through, maybe it gets stopped.”

“But they’re banking on one of these times, you’re going to miss.”

“Yeah. I think they are.”

FDA Commissioner Margaret Hamburg said “40% of drugs taken in this country come from other countries. 80% of the active pharmaceutical ingredients in drugs takin in this country actually come from other countries.” The show then discussed Heparin, which once had one of it’s ingredients that comes from China replaced with a counterfeit ingredient. That resulted in over 80 deaths just in the USA. “Drug companies say they already have their own systems in place to protect their supply chains”. Yet “the company [that makes Heparin] told [60 Minutes] in a letter that the counterfeit ingredient so closely mimicked heperin that it was able to evade the quality control systems and regulatory oversight of more than a dozen companies and nearly a dozen countries.”

Now, I’m no fan of China, especially with their human rights record. But consider this: among the leaked wikileaks was one about Apple’s late attempts at dealing with piracy in China. The article described China’s priorities when it came to fighting various piracy and counterfeiting rings:

Chinese officials readily cooperated with pharmaceutical companies on their raids, but that hasn’t translated to software, as Microsoft has discovered, or electronics, as Apple is learning, said Nachum, the professor. Whereas a defective pill could cause sickness or death, a shoddy iPod has less dire consequences.

Our government has the wrong set of priorities: Instead of regulating the biggest pirates (the bankers) and the worst pirates (counterfeit prescription drug makers), they surveil an internet file-sharing company for years, on the say-so of the entertainment industry, and abuse all due process in their attempts to save $500 million in lost potential profits. Apparently, that $500 million is more important than justice for those 80 people’s lives, or preventing another incident like the one that killed them.

Now, it may seem like SOPA is the end game in a long fight over copyright, and the Internet, and it may seem like if we defeat SOPA, we’ll be well on our way to securing the freedom of PCs and networks. But as I said at the beginning of this talk, this isn’t about copyright, because the copyright wars are just the 0.9 beta version of the long coming war on computation. The entertainment industry were just the first belligerents in this coming century-long conflict…

But the reality is, copyright legislation gets as far as it does precisely because it’s not taken seriously…

The triviality of copyright tells you that when other sectors of the economy start to evince concerns about the Internet and the PC, that copyright will be revealed for a minor skirmish, and not a war. Why would other sectors nurse grudges against computers? Well, because the world we live in today is made of computers. We don’t have cars anymore, we have computers we ride in; we don’t have airplanes anymore, we have flying Solaris boxes with a big bucketful of SCADA controllers; a 3D printer is not a device, it’s a peripheral, and it only works connected to a computer; a radio is no longer a crystal, it’s a general-purpose computer with a fast ADC and a fast DAC and some software…

The grievances that arose from unauthorized copying are trivial, when compared to the calls for action that our new computer-embroidered reality will create…

…[2011] was the year in which we saw the debut of open sourced shape files for converting AR-15s to full automatic. This was the year of crowd-funded open-sourced hardware for gene sequencing…The trajectory of 3D printing will most certainly raise real grievances, from solid state meth labs, to ceramic knives.

And it doesn’t take a science fiction writer to understand why regulators might be nervous about the user-modifiable firmware on self-driving cars, or limiting interoperability for aviation controllers, or the kind of thing you could do with bio-scale assemblers and sequencers…Regardless of whether you think these are real problems or merely hysterical fears, they are nevertheless the province of lobbies and interest groups that are far more influential than Hollywood and big content are on their best days, and every one of them will arrive at the same place — “can’t you just make us a general purpose computer that runs all the programs, except the ones that scare and anger us? Can’t you just make us an Internet that transmits any message over any protocol between any two points, unless it upsets us?”

The video of Cory Doctorow’s speech is also available at boingboing. The content of Joshua Wise’s transcript is licensed CC Attribution here, and available here.

Over a century ago Thomas Edison got the patent for a device which would “do for the eye what the phonograph does for
the ear”. He called it the Kinetoscope. He was not only amongst the first to record video, he was also the first person
to own the copyright to a motion picture.

Because of Edisons patents for the motion pictures it was close to financially impossible to create motion pictures
in the North american east coast. The movie studios therefor relocated to California, and founded what we today call
Hollywood. The reason was mostly because there was no patent.
There was also no copyright to speak of, so the studios could copy old stories and make movies out of them – like
Fantasia, one of Disneys biggest hits ever.

So, the whole basis of this industry, that today is screaming about losing control over immaterial rights, is that they
circumvented immaterial rights. They copied (or put in their terminology: “stole”) other peoples creative works,
without paying for it. They did it in order to make a huge profit. Today, they’re all successful and most of the
studios are on the Fortune 500 list of the richest companies in the world. Congratulations – it’s all based on being
able to re-use other peoples creative works. And today they hold the rights to what other people create.
If you want to get something released, you have to abide to their rules. The ones they created after circumventing
other peoples rules.

I’ve heard this story about Hollywood avoiding Edison’s patents, though I’ve never seen any sources for the story. It wouldn’t surprise me, as Edison lost a ton of money over his life to people who violated his copyrights and patents. And while I’m in complete agreement over their stance on SOPA (and all similar stupid legislation that Congress pushes every single session), I have to take issue with this part of their statement:

And the funny part is that our rules are very similar to the founding ideas of the USA. We fight for freedom of speech.
We see all people as equal. We believe that the public, not the elite, should rule the nation. We believe that laws
should be created to serve the public, not the rich corporations.

The founding fathers of the USA believed that governments should be instituted to protect individual rights. Writing laws that “serve the public” instead of protecting individuals is a big reason we are here now. Until we get over this flawed belief that’s common to all modern “liberal” democracies that the public good outweighs individual rights, legislation like SOPA is inevitable, because it provides any special interest the argument to be made, while they lobby their legislature, that their group benefits the public more than their competitors. Which will, regardless of the special interest group flapping it’s gums, always result in stupidity like this:

SOPA Penalties

Surely Hollywood wouldn’t try to suspend due process, would they? Or create a parallel enforcement system? Or take away citizen recourse if they were unfairly silenced? They wouldn’t imagine the possibility of a longer jail term for streaming a Michael Jackson video than Jackson’s own doctor got for killing actual Michael Jackson? Would they?

That was written in response to this NYT blog entry, in which the author makes a few somewhat valid points about there being two different camps opposing these bills. However, that writer sympathizes with the entertainment industry position of “It’s very difficult to counter the misinformation when the disseminators also own the platform.” Maybe so, but that is the same frustration many people have felt for decades with the power to distribute movies and music being concentrated in the hands of a tiny group of people. Compared to the “disseminators” of the internet, these are much smaller groups with much higher requirements for entry. What’s more, the internet “disseminators” rarely own the platform. I own the content of this blog, but I don’t own the platform it’s served from – the hosting provider I’m paying does. The huge majority of websites that participated in this blackout protest also don’t own the infrastructure their sites are hosted on. They are more effective at getting their message out, because they’ve actually taken the time to learn how to use a decentralized platform. The entertainment industry, on the other hand, have stubbornly done everything in their power over the last 15 years to save their outdated, centralized propaganda and distribution networks – and always at the expense of everyone else in the world.

I think the first blog writer hit the nail on the head when he says “[Pogue] simply cannot imagine that the bills are as bad as they actually are.” I’ll take it a step further, and suggest that maybe Pogue (the NYT writer) has a flawed understanding of life in general, when he says:

At the same time, what the piracy sites are doing doesn’t seem quite fair, either. Yes, it’s a quirk of the Internet that you can duplicate something infinitely and distribute it at no cost. But that doesn’t make it O.K. to shoplift, especially when the stolen goods are for sale at a reasonable price from legitimate sources. Yes, even if the company you’re robbing is huge, profitable and led by idiots.

Well, no, piracy isn’t fair. So what? Life isn’t fair! And as far as the theft straw-man argument, I’m going to avoid it completely and say this: No one would argue it’s O.K. to shoplift, but people still do it anyway, no matter what laws are written. The retail industry acknowledges this when individual companies measure “shrink” and set an acceptable level for it. They acknowledge it as a fact of life and deal with it. Contrast that with the entertainment industry response of “It’s not fair! There should be a law!”

It also isn’t fair that RIAA and MPAA routinely hire companies that spider through web sites, at rates that resemble DOS attacks, eating up bandwidth and tying up hardware that the entertainment industry has not  paid for. Instead of crying about life not being fair however, I and many other webmasters simply set up rules to block those companies, and that’s that. The “legal” criminals in other countries are harder to deal with, because they’ve spent more time refining their tools to make them harder to filter. Imagine if the entertainment industry had spent it’s considerable resources evolving the tools necessary to deal with those criminals, instead of hiring lawyers, hackers, and Congress critters. If they had chosen to make lemons from lemonades, they could be selling licenses to that software and have another source of revenue. However, what’s become abundantly clear the last few years, and even more so in the last two months, is this: The members of the entertainment industry never heard from their parents when they were growing up, that life isn’t fair, so get over it! Of course, they aren’t the only ones whose perceived status quo is threatened by disruptive technologies like the internet – they’re just the first to have to face the requirement to adapt or die. They have not adapted well, and they only have themselves to blame for that.

“Exerting leverage on companies here in the United States” will never stop overseas piracy sites, or even the domestic ones. (It’s also open to debate how wise it is to make ISPs and domain registrars enforcers of the laws Congress writes, instead of the Executive branch.). In all of the writing I’ve seen on this subject, there seems to be little knowledge about what a site like the pirate bay is, even though it gets mentioned so often. TPB is no more than a search engine for torrent files – specifically, files that will tell a bit-torrent client how to search a p2p (peer-to-peer) network for a specific file. There actually are legitimate files to be had by searching TPB (though admittedly legitimate files are easier to find on other sites). Let’s imagine the entertainment industry were to finally have it’s dream come true, and they were able to kill TPB for good. That act will not effect the existence of those torrents one single bit, nor will it even effect the ability to use a search engine to find those torrents, because there are many other sites that track torrents. Even if those other sites could all be shut down too, the bit-torrent network is still operating. The only way to kill that would be filtering the entire protocol at the ISP level – and as there are many legitimate uses for torrents, that act would be blanket censorship. The movie industry, at least, is well aware of this: it regularly examines bit-torrents to see who’s downloading them, in order to file their complaints with the ISPs. So, when the movie industry issues official statements like this, I see nothing but a disingenuous, duplicitous, former politician who’s twisting words to establish a witch-hunt, to rationalize horrible legislation. Even if one puts aside the issues with censorship and due process, and these bills are considered solely as anti-piracy measures, they are complete and utter failures. The current entertainment industry stance of “you’re either with us or you’re with the pirates” that is so irritating in it’s ignorance and it’s arrogance, insures they will remain so.

Senate Majority Leader Harry Reid, D-Nev., said he was postponing a test vote set for Tuesday “in light of recent events.”

I don’t know what a “test vote” is, but it definitely reinforces the perception I already have that Congress wastes a lot of time.

“The day will come when the senators who forced this move will look back and realize they made a knee-jerk reaction to a monumental problem,” [The main Senate sponsor, Judiciary Committee chairman Patrick Leahy, D-Vt.] said. Criminals in China, Russia and other countries “who do nothing but peddle in counterfeit products and stolen American content are smugly watching how the United States Senate decided” it was not worth debating the bill.

This is entirely the fault of the sponsors of these bills. In the House, where they had the chance to debate these bills back in November, they instead chose to marginalize anyone who wasn’t completely on board with their horrible proposed legislation. Clearly they thought it was made of golden fleece when it was actually made in a cesspool, from a cesspool. When a “consensus” is reached that the best possible outcome can be decided without involving the experts on the internet, there is no debate – there can only be dissent and alienation.

In the House, [House Judiciary Committee chairman Lamar Smith, R-Texas] said he had “heard from the critics” and resolved that it was “clear that we need to revisit the approach on how best to address the problem of foreign thieves that steal and sell American inventions and products.” Smith had planned on holding further committee votes on his bill next month.

I don’t understand how laws that censor DNS records on US government sanctioned name servers, while circumventing all due process in the court system, help “address the problem of foreign thieves” in “China, Russia and other countries.” (Countries which, by the way, happen to have their own name servers that do not fall under the jurisdiction of the United States Federal Government!)

Reuters itself says that

The two bills would allow the Justice Department, and copyright holders, to seek court orders against foreign websites accused of copyright infringement. They would bar online advertising networks and payment facilitators such as credit card companies from doing business with an alleged violator. They also would forbid search engines from linking to such sites.

Actually, the bill would allow the Justice Department to shut down all websites (not just foreign) with court orders based only on an accusation. There are very subtle differences in Reuters’ statement and the one I just made. The people at Reuters are professional journalists (meaning they get paid, not that they follow some imaginary journalist code of ethics) who know exactly what they are writing and why. However, Reuters has made their stance over the years on this issue crystal clear, so I don’t expect to read unbiased reports from them on this subject. (UPDATE: MSNBC is reporting this same story – postponed Congressional votes on legislation – as “U.S. lawmakers stopped anti-piracy legislation in its tracks on Friday.” Add that to “idiots making up the news” category.) More importantly though, what good is a law when it’s enforcement will be left to private companies (in this case, the search engines, ISPs, and hosting companies)? Anyone who believes that simply passing a law and requiring private companies to be the sheriff will effectively end piracy – especially when policing user content is not in the business interests of said companies – is drinking some potent Kool-Aid. It’s the same Kool-Aid they were drinking 14 years ago, when they said that DMCA would solve these same issues. Even if the government carries out enforcement themselves, their record with existing laws and cases is hardly encouraging.

But the CEO of the Motion Picture Association of America, former Connecticut Democratic Sen. Chris Dodd, warned that, “as a consequence of failing to act, there will continue to be a safe haven for foreign thieves.”

There will be a safe haven for foreign thieves no matter what laws are passed in the United States. This man is such an effective shill (he is the CEO of the MPAA, so shill is an accurate description) that he’s lost any common sense or critical reasoning skills he might have ever had. (Actually, I don’t think he ever had any reason, and I’m convinced he never head any morals – but if I’m ever in a position to need a lobbyist without a conscience, Dodd will surely be the first person I look up!)

The MPAA, which represents such companies as Walt Disney Studios Motion Pictures, Twentieth Century Fox Film Corporation and Warner Bros. Entertainment Inc., is a leading advocate for the anti-piracy legislation.

In the process, they’ve turned their cause into the latest incarnation of McCarthyism. Anyone who disagrees with them must be on the side of the pirates, and is not participating constructively. Additionally, anyone who’s involved in the blackout protest – which according to the MPAA, is an “abuse of power” aimed at turning Web users into “corporate pawns” – should “stop the hyperbole and PR stunts and engage in meaningful efforts to combat piracy.” (Now you know the real reason I have the “Stop Censorship” ribbon there as I write this – it’s not any issue I have with censorship, I’m trying to turn you, dear reader, into my corporate pawn. Oh wait, maybe I should go file with my state for a corporation before I start collecting corporate pawns!)

An issue that is rarely talked about by anybody in all of this, is that what used to be handled as civil cases – copyright/patent/trademark violations – is being turned into a criminal offense, which will divert law enforcement expenditures from prosecuting crimes that actually have a victim. It’s bad enough that there are patent trolls abusing the system, but we want to make I.P. offenses criminal now? We still have bankers that cost the taxpayers of this country trillions of dollars – not a single executive was arrested, much less tried, and the “bank reform” that Congress passed was a joke. The economy? No worries, it’s fixed. Government Spending? No problem, the Treasury still has plenty of pension funds to raid.  Clearly, we’re living in a Golden Age (or was that Gilded?), as Congress has the time and energy to ram a law down our throat that will give the DOJ authority to muzzle someone on the internet for merely the accusation of posting a song on their website, as well as locking them out from the financial system. Maybe next, they could work on introducing debtor prisons to this country!

Here is the most ironic thing of all, which shows the effectiveness of the entertainment industry’s propaganda: The MPAA and RIAA (and the companies they hire to do their dirty work) are the biggest abusers when it comes to DOS’ing, scanning, and scraping my web sites – all things that would be considered illegal if I did it to their sites, or any of the sites belonging to the Government that are paid to protect their interests. That is to say: the biggest pirates and hackers are the ones demanding legislation to stop piracy committed against them.

Some settings are changing with the recent updates to Facebook privacy, but Facebook’s commitment to providing you control over your information is not. Here’s a summary of what’s changing:

Providing me control over my info…Well, let’s just see, shall we?

• The Privacy page has been simplified, and in that process, some settings have been consolidated. For security reasons, you will now be required to enter your password if you’d like to update your privacy settings.

Huh. Simplified & consolidated – nice way to say “we rearranged the screen and got rid of some of those peskier settings.” And what security reason could justify entering my password to update my privacy settings? If someone has hacked my account that shouldn’t be messing with those settings, then they already have my password! Entering my password a second time does nothing to enhance my security or privacy – and it’s arguably worse without strong encryption being used.

• A privacy control has been added to the publisher at the top of your home and profile page. This allows you to set privacy on individual posts. For example, you could post a status to Everyone or only to Friends. Learn more on the Publisher help page.

OK, even this curmudgeon has to admit this is a good thing.

• Instead of having networks for regions (eg., Australia or New York City), people’s locations are now listed in the “Current City” or “Current Region” field of their profiles. This means if you use the “Friends and Networks” privacy setting, the networks part only applies to work and school networks.

What’s this have to do with security or privacy? Read on…

• A basic set of information is publicly available, meaning it’s visible to anyone that’s able to navigate to your profile, applications you use on Facebook, and websites you connect with via Facebook. This information includes your name, profile picture, gender, current city, networks, friend list, and Pages. Any additional information (eg., photos or videos) will only be exposed if your privacy settings allow it.

This is where facebook is screwing the pooch. By providing all this information publicly, a hell of a profile can be built about any given person. This is a paradise for spammers, scammers, stalkers, and sickos. It’s a tyrannical government’s new tool. It’s a pedophile’s wet dream. And it’s a nightmare for anyone who desires or needs privacy.

Keep in mind that anyone who navigates to your profile will be able to view your publicly available information and information you’ve made visible to Everyone. While you do have the option to hide your Friend List from being visible on your profile, it will be available to applications you use and websites you connect with using Facebook. In addition, your profile picture appears in places you make comments and posts. You can always change your current profile picture or lower your search visibility if you choose.

Oh, yeah, the application gap. It amazes me the amount of info an application can get not just about me, but about my friends. Yes, the API documentation mentions what personal information you’re not supposed to retain about your users, but there’s no system security behind that API to enforce it. Oh, sure, there are the various agreements for facebook developers – but the honor system does no good when facebook does nothing to enforce those agreements. In reality, the more money an application makes, the more ad revenue facebook is getting a cut of – and the less likely they are to do anything about it. So the worst offenders (Zynga, for example) make millions scamming people. It’s only a matter of time before someone sells all the info they’ve mined out of facebook profiles. Maybe that’s why zynga is using iesnare, and maybe that’s why I haven’t heard a peep from facebook since I filed a privacy violation about that issue.

The pages and friendlist are the two most egregious violations of privacy. You can build a fairly good picture of, for example, a person’s political affiliations, religious beliefs, and sexual tendencies, by examining their pages. Why does this need to be public? I used to be able to selectively show that to whoever I wanted or to nobody at all. Same deal with the friendlist – I could customize who would see that (and had it set to only the people I really knew in real life and trusted) – now it’s an all-or-nothing setting. The setting to hide your friendlist from your profile doesn’t even do a thing to ensure the privacy of that. For example, if you’re logged onto facebook, take a look at Mark Zuckerberg’s profile, and you’ll see he has hidden his friendlist from his public profile. However, by appending anybody’s facebook account id or account name to the end of www.facebook.com/friends/?id=, you can see their entire friend’s list, regardless of their privacy settings – this is Zuckerberg’s friend list, which I’m sure he won’t mind being shared like this since that base url is hardly a secret, and the same info can be gotten by platform applications and Connect sites.

Publicly available information includes your name, profile picture, gender, current city, networks, friend list, and Pages. This information makes it easier for friends, family, and other people you know to connect with you.

No, it makes facebook more like twitter, publicizes more of everyone’s info – especially when the search engines start crawling publicly enhanced profiles and putting together their own social graphs – and frankly only makes it easier for more people to connect with me who I don’t want to hear from at all. In reality, despite the way this change has been spun by facebook, I have less control over my information with this change.