Net neutrality in a nutshell? Forget the tech giants, ask Burger King

Words about net neutrality have been bandied about in mainstream America over the last year since  FCC Chairman Ajit "no really guys, i'm just a geek like you, look at my oversized and not at all pandering Reese's mug" Pai publicly expressed his opposition to the idea. American nerds have been keen to the concept and its consequences for quite some time now, and Pai's words drew backlash from most of  the technical community, who astutely pointed out that his position was pro-ISP and anti-consumer.

It's a pretty simple idea - the internet should be open to all, and service providers should actually provide access to everyone, without playing favorites or purposely blocking pieces of the web for any reason. What reasons, you ask? Well there's a ton of them, including some really good ones. Personal bias... kicks... politics...

You know... money.

But I digress. Ever since net neutrality arguments caught the public eye, the subject has been broken down to its simplest facets, talking mainly about pay for play and fast/slow lanes, with parallels from tech pundits and just outright horrible "explanations" put forth by our technologically simple leaders in Congress. But out of all the noise and opposing voices, you know who actually got it right?

Burger King. That's right. the King published a video explaining the base concepts of net neutrality by using, of all things, the Whopper sandwich. Watch, learn, and be amazed:

So what do you think? Absolute genius right? Whopper neutrality? The traditional megabits per seconds being replaced with "making burgers per second?" The open mockery of Ajit Pai and his pander mug? The best part about is that it not only talks about the principles of net neutrality, but presents the restaurant and diners as ISP's and their customers. Take a listen at the Burger King clerk's words:

"Burger King corporation believes that they can sell more and make more money selling chicken sandwiches and chicken fries, so now they’re slowing down the access to the Whopper."

That actually parallels real concerns. Without net neutrality, ISPs could always drive users to the services that they stand to make the most money from instead of allowing user choice. These likely would be be services that they or their partners provide. Next up is the $20 Whopper customer. They were able to get their sandwich without waiting because they paid to be priority customers over everyone else to get their product. Almost like how a repeal of net neutrality would favor those with money huh? Weird. Granted that's an extreme case, but as long as ISP's aren't making any promises that they won't operate that way, we still have cause to worry.

The themes accurately depict how a world without net neutrality could potentially operate. And in the end the customers share how they learned about net neutrality through their hellish meal experience. Say what you want about BK and the King, but they put out an entertaining commercial that actually helped educate the populace on an important issue, pointing users to change.org/savethenet to learn more. And you should want to know more. And go there. Because this is kind of important.

The Equifax Saga Thus Far

Any time any of us makes a big purchase it’s a matter of pride. After saving and budgeting we finally have the scratch to put down some money towards a new car or join the club to become an American homeowner. But before we can sign the papers, there’s one final thing to do – the credit check. Here in the states your credit is reported by what’s called the “big 3” credit agencies -  Experian, TransUnion, and Equifax. Their say so can make and break what you’re trying to do – they’re the gatekeepers that hold massive databases on all of us and our credit histories. One would think that such sensitive information would be kept under the strictest locks and keys digitally available, but last week we found that sadly, what we hope and assume versus what’s reality are often not the same. This is worse than having most of your other accounts hacked though - this one included a giant list of social security numbers.

Equifax, one of those big 3 credit agencies, reported that it was hacked last week, potentially opening up the personal information for 143 million American consumers. And a slow response from them to help the affected consumers whose information they coughed up, three things became abundantly clear to me – they knew this was coming, they did nothing to stop it, and you’re on your own.

After the breach Equifax provided a phone number and a website to check if your information was compromised as what was seemingly a helpful hand. Equifax’s official response came from CEO Richard Smith in the form of a video you can see here.

If you checked if your information was hit, they were kind enough to provide you with free credit monitoring from that point on. But there were multiple issues with that – in addition to the glib “mea culpa” attitude given to consumers, the hotline kept strange and limited hours, urging consumers to use the website to check. The website itself asked for social security numbers (after yours may have been swiped) to check that info. That yielded another issue – as multiple IT colleagues as well as myself found, the website check would come back and say that your information was compromised regardless of what information you put in. Even If the information you entered was fake. So what was the deal?

Well, after checking on your info, the one thing Equifax did make easy was enrolling in their free credit monitoring service. But as all of us have found in the scope of general life, nothing comes for free. Enrolling in the service came with some very very fine print – if you enrolled in the program, you waive all rights to sue Equifax for any damage their breach could have caused through their arbitration clause. Awesome, right? They get users enrolled in their programs and legal immunity against those users at the same time. It’s a pretty sweet deal for them. Thankfully though, after intense criticism and pressure, Equifax changed this to a user-responsible opt-out clause and finally removing the arbitration clause altogether. Let’s be real though, this clause shouldn’t have been part of the agreement for their services given the absolute train wreck of a data leak that they were involved in.

But this was just the tip of the iceberg. Additional information that was unearthed over the following week took this action from shady activities to what may be pointing to a full blown cover up.

What happened?

It’s been revealed that the vulnerability that was exploited was something called Apache Struts – which to the non-web-savvy is a web server tool that is used by a lot of companies. This information on its own made me cringe as an IT boss. I, as many of my colleagues recall, saw a lot of this activity back in March, with our firewalls and security software coming up with and shutting down attempts to exploit Apache Struts multiple times a day. Patches to plug up the security hole were readily available back in March and even posted as security bulletins from Apache as well as US-CERT (i.e. the Federal Government), which means that Equifax had 2 months to patch up their Apache security holes.

And didn’t.

Granted, there's more than just patching involved to fix a screw-up of this magnitude, but there's more: Equifax reported that July 29 was the date of the hit, meaning two months had passed before they decided to reveal this information with the general public. That's 2 months where they could have started working on it, come up with a game plan, and started a conversation with consumers. Apache themselves put out a statement, citing that “Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years,” according to René Gielen, Vice President for Apache Struts.

Firewalls and security software can help keep the bad guys out of your network, but on the inside of the firewall, updating that software and patches for everything your company is running is the crux of protecting users against further threats. I know from running a technical division how much effort my team takes to make sure everything is patched up and protected from vulnerabilities, and the fact that Equifax, who houses information far more important than most companies do, did not, is absolutely mind boggling to me. And that’s both as an IT boss as well as an American consumer.

And while Equifax was taking there time not patching? Hackers were already putting breached information into use.

From idiots to evil?

I really wish this was it, but even more information that came to light showed that while Equifax was going through the motions not patching their networks and hiding critical information from the American public, their officers were seemingly busy financially hedging for what was sure to be a massive loss. After the reported July 29 breach, top-ranking Equifax executives offloaded about $2 million in shares on August 1, raising eyebrows across the country. The company maintains that it was scheduled and they didn’t know anything about the hack, but the timing is just a bit more than suspect. Suspect enough for a bipartisan group of senators urging an investigation of the sale by the FBI, FTC the SEC. You can see the text of that letter to the Chairmen of both the SEC and FTC, as well as Attorney General Jeff Sessions here.

OK. What happens to them?

Equifax has had some “personnel changes” in the wake of this event. Susan Mauldin and Dave Webb, their Chief Security and Chief Information Officers, have retired. But our boy Richard Smith? Still in charge. But as far as government action, Equifax is now under investigation by the FTC, and Smith has been formally called to testify before Congress, and will testify before a special panel on October 3. So we’ll have to see how this plays out.

What about me?

Your first steps should to get a copy of your credit report. Under the FCRA, we are all entitled to one free creit report per year. The FTC has links here on where and how to obtain your credit report through annualcreditreport.com. You can also consider freezing your credit, which blocks any new accounts being made in your name with your social security number. This does not affect your current existing accounts, so you will still have to monitor those.

But otherwise? You’re basically on your own. Using a reactive approach and waiting until your hacked takes a lot of power away from you and limits what recourse you have in reclaiming your identity and credit for theft. The best course of action is to always be on guard. If you yourself are not a technical person or versed in what a disgusting cesspool the internet actually is, ask someone. I guarantee you that they will be more than happy to help you become more proactive about your data security. Granted, that would have done little to stop what happened with Equifax. Unfortunately for the American consumer, someone can be as secure as possible and this kind of event can screw that up.

And having seen friends and colleagues that have been victimized in such a way, there’s an emotional component too. Imagine what you’d be able to immediately do while also dealing with the fear and anger of being hit where you live? Being proactive should be part of everyone’s digital routine in today’s day and age, including vigilance and consistent checks of bank and credit accounts.

There’s nothing we can do about the data that was given up – it’s out there now and it’s not coming back. There's 143 million sets of data out there and the chances of your information being used for something are fairly small, but it's something we need to pay attention to nonetheless. We can try to take this as a lesson, but I understand that for most people reading this, it’s a bitter pill to swallow.

April Fool's Double-Cross: Amazon Dash

So it may be Game of Thrones month for the upcoming season 5 premiere in a lot of internet sites devoted to nerddom, but there was another important day this week that for the last few years has made the internet come alive in the name of comedy and foolishness.

That means shenanigans and hijinx.  April Fool’s day, to be precise.

Every year a lot of companies in the nerd space assail us with pranks for new games or new products or just weird stuff in general – and with each passing year we’ve come to expect it. Google reversed everything with com.google and let you play Pac-Man in your Google maps.  ThinkGeek advertised a Game of Thrones based edition of Clue taking place in Westeros, as well as a steam-powered Steam Box you could enjoy while drinking your Groot Beer.  Microsoft went old school and “launched” MS-DOS Mobile for Lumia devices. And Blizzard, with their tried and true pranks, introduced the T.I.N.D.R. Box as an in-game item.

(Sorry kids, the link for Game of Thrones Clue was taken down.  I’m hoping it’s because they’re going to MAKE IT REAL.  You hear me, ThinkGeek?  MAKE IT HAPPEN!)

But there was one trick I couldn’t figure out – and it was being played on me by Amazon.  You see, they introduced Amazon Dash on April Fool’s day, a series of push-buttons you can affix anywhere in your home so that you will never (ever) run out of stuff.  Stick a button marked “Tide” on your washer.  Press the button when you need more.  And more is bought for you.  And delivered with Prime shipping.  Check out the video below:

So clearly, this was just a joke, right?  There’s no way I’m putting buttons all around my kitchen for Amazon shipment so I don’t have to go to the store to buy things, is there? Crap.  I might.  It’s possible highly probable that I’m just that lazy.

So I gave it a couple days and let it sink in.  I figured maybe it would be a double cross and the reveal that it’s fake would be April 2nd.  Or maybe they were bucking the trend and trying to hit me with a slow roll prank.  Days passed and it didn’t go away.  It just got more fleshed out.  And it was then that it struck me – this is legit. I’ve signed up and I’m waiting for an invitation.  Amazon Dash is part of their Amazon Fresh service, and you can sign up for it here.  My address isn’t in the delivery area, but those April Fool’s buttons were just the start and I’m eagerly awaiting an expansion.  If nothing else, I’ll have something to review for you kids, right? Now it looks like there’s a barcode scanner, with voice, that will scan and link anything you swipe with your Amazon Prime account, setting up an order.  So in the wake of the confirmed legitness of Dash, to Amazon I have one thing to say:

You are absolutely brilliant.

From every aspect, Amazon is using the new “Internet of Things” craze to help people shop – and though these buttons are a bit weird, they might just save the day for people and families that are legitimately too busy.  Doubly true for routine things we buy on a regular basis, like laundry detergent, coffee, and razors for shaving.  What’s more is that big brands are getting in line to partner with them and be part of the program – after all, it’s their stuff we’re buying.

And how about debuting the program on April Fool’s day?  If nothing else, they made Dash a household name within 24 hours of internet exposure – they made sure that regardless of whether we thought it was a prank or not that we at least knew the name.  And whatever you truly believed, we were all scratching our heads on the 1st wondering if it was real.

So is this new IoT buying experience going to help streamline our busy lives, or is it taking us one step closer to what some would call our inevitable WALL-E future?  I guess time will tell as Dash rolls out to more markets, and makes its way to a home near you.  Here’s the latest from Amazon:

So let's see how this goes.

"Six Strikes," Piracy, and Your Internet

During summer 2012, we all heard tell of internet service providers agreeing to a new Copyright Alert System (CAS), intending to curb online piracy.  All we really knew of it back then is that it involved your ISP sending you messages when you were suspected of downloading copyrighted works illegally, ultimately cutting you off when you crossed the line too many times.  Of course the RIAA and MPAA were on board, and brought with them major ISP’s Comcast, Verizon and Time Warner.  Critics, including myself, took issue with this being a potential violation of users’ privacy, as well as the Digital Millennium Copyright Act (DMCA) containing language that requires ISP’s to be able to terminate user accounts for repeat offenders.  Outside of that, we didn’t have any other real information on how the final impact to users was going to look.

Well this week the CAS went into effect, and ISP’s will now be sending warnings to customers whenever they see something that can be considered copyright infringement.  If you haven’t gotten a letter in the mail from your particular ISP you should be shortly, and hopefully that letter clearly tells you all what’s going on.  In case it doesn’t (which let’s be serious, it won’t), ol’ Tushar is here to let you know what’s up.

The way it works is pretty simple – content owners trawl P2P traffic to see if there’s any of their own copyrighted stuff out there.  If they find some, they track your IP number and report it to your ISP.  Your ISP matches up your IP address with your account information, and SHAZAM – you get, as they call it, an “educational” message saying that there’s illegal content being downloaded from your account.  Your ISP, contrary to fears from last year, will not be monitoring your internet use.  From everything I’ve read, what they’re expressly looking for is peer-to-peer BitTorrent traffic.  The monitoring doesn’t get into email attachments or private online storage like Dropbox and its ilk.  If you don’t use BitTorrent, then I really don’t think you have anything to worry about.  And according to LifeHacker, right now Usenet is probably safe too.

But come on, we’ve all done it at one point or another.

These warnings can be called “strikes,” and in all cases six strikes will trigger the use of a handful of punitive methods at your ISP’s disposal to deter you from repeating this kind of behavior.  Verizon will cap your speed at 256k as punishment (can you imagine coming down from FiOS to THAT?).  Comcast will present persistent alerts in their browser windows, and users will have to speak with Comcast security to be educated in how to download legally before their internet service is unlocked.  Time Warner will have a similar unlock system.  And finally AT&T will force the user to an educational website before unlocking their internet again.   In most cases, after four warnings the user has to agree to a “I’ll never do it again guys, I promise” landing page they’re forced to before they browse the web.  CAS warnings can be challenged to the American Arbitration Association for a number of different reasons, and the going rate for said challenge seems to be $35.  No word on whether or not the user will be reimbursed for winning the challenge.  Also in most cases, 6 months of pirate-free activity and you start back at zero.  Ars Technica was nice enough to post pictures of the Comcast editions of these notices, which you can see here.  It’ll give you a much better idea of what I’m trying to illustrate.  You can check some links to your specific ISP’s CAS policies on PCMag.

You’ll notice I use the word “educational” in this post.  That’s not my word – it comes from the Center for Copyright Information (CCI), the brainchild behind the new CAS system.  In their own words:

“As with any innovative system, the process of building the CAS has taken time. We appreciate the collaborative engagement from the many organizations, companies and professionals involved in CCI who helped advise us along the way. CCI and its partners have worked hard to meet our goal of implementing a system that educates consumers about copyright and P2P networks, encourages the use of legal alternatives, and safeguards customer privacy.”

… Education?  Do the RIAA and MPAA (big surprise they back the CCI) really think that people using BitTorrent don’t know the score?  Back when I used to do such things I did it for two reasons – (1) because it was relatively easy and (2) it was free.  And yes, I fully knew that a lot of it was (3) illegal.  No one’s under any kind of illusion that what they’re doing isn't skirting the law.  If the CCI really thinks that education is the problem, then they’re not seeing things clearly, or simply refusing to.

Now thankfully, this isn’t as bad as everyone thought it would be.  Like I mentioned above ISP’s won’t be sniffing packets or monitoring traffic on everything you’re doing (at least that’s what’s reported).  And I get the idea of people getting paid for their work.  I really do.  But this is just a band-aid to the issue.  Copyright law itself has to be re-examined to see what works and what doesn’t now that digital delivery of content has proliferated at such a grand scale.  We’ve seen people pay for content with services like Netflix and Hulu+, even though we all wish they had more content.  Services like HBO Go on the other hand sometimes leave a lot to be desired.  Warner Brothers’ digital copies of blu-rays?  Forget it, it’s a horrible service that’s not transferable between my own damn machines.  The bottom line is that people are willing to pay for content, as long as it’s fair to the user, structured properly, easy,  and most importantly worth their hard-earned money.

Otherwise, Matthew Inman at the Oatmeal makes a whole lot of sense.

Safer Internet Day - Some Tips for Your Digital Life

The internet contains more and more of our lives these days.  We have online accounts for our banks and paying bills, online shopping, and a number of other types of online activity that put more of us out there.  With social media like Facebook and Twitter this is increased a hundredfold.  And the more of our lives are public, the more we stand to lose if some unsavory digital brigand gets their hands on our digital info.

Hacks happen.  Plain and simple.  Whether it's a brute force attack or poor security or a social engineering scheme, there are people whose livelihood relies on messing with the livelihoods of others.  So we all have to be on the lookout.  So to promote safe internet use and to prevent internet abuse, InSafe established Safer Internet Day, a day to promote awareness for internet safety an internet health for all.  Today, February 5th is the 10th Safer Internet Day, and this year's theme is "Connect with Respect."  The initiative has global support including giants like Microsoft, who has some great resources on their SID site including downloads for how to protect children on line and teach them digital safety, as well as some guidelines on how to keep control of your digital life.

So in that spirit, I thought it would be a good idea to give you all some tips for internet safety.  Maybe you don't think you need them, but it's always good to have reminders.  I work in IT for a living, and I've been hacked before.  Even Mat Honan, part of the crew at Wired Magazine, has been hacked in a very public and spectacular fashion.  It goes to show one is ever 100% immune, but with some proactive measures, we can all make our digital world safer.  This is by no means an exhaustive list, but take a look, and put some of these practices into play.

1.  Good password management: Use complex passwords for your online accounts, especially sites like banking and payment sites.  Make sure your password includes a mix of capital and lowercase letters, with numbers and special characters as well.  Remember - a good password is hard to guess but easy to remember.  Also,  update your passwords regularly and be sure to never send your password to anyone over email.

2.  Control your social media: Facebook, Twitter, Google+ and any other social media site you use have increasingly become targets for hackers and other online miscreants on an information hunt.  These services give you a way to control who sees what information through privacy settings.  You can set up exactly how public you want your information to be.  For example, your Facebook privacy settings should probably be kept at "friends only" to be on the safe side.  And on content you choose to keep public, think twice before you post something that could be potentially embarrasing or damaging to your digital reputation.

3.  Suspicious email: Email is a popular way for hackers to hit users with phishing scams, trying to trick them into clicking links to malicious content or handing over information they wouldn't normally hand over, like credit card numbers.  Ask yourself if there's any reason you'd be getting a particular email.  If not, it might be safer to not open.  Another red flag is if there are attachments to the email that you don't recognize.  And another trick is to hover your mouse over links in the body of the email.  When you do, a tiny box will appear telling you where that link really goes.  Because a link that says Blizzard or Amazon may lead somewhere else that you  don't want to be.  Phishing emails become a lot more common during certain times of the year - namely holidays, tax season.  Some of them also claim to be from the government asking for your information.  Remember that a government entity like the IRS will always send you official communications in writing, not over random email.

4.  Stay updated!: Make sure you have anti-virus software running on your computer like Norton or Trend, and turn on the setting to auto update.  This will keep you up-to-date with the latest anti-virus definitions to protect your systems.  A good anti-malware software like Malwarebytes is also a good idea.  Enabling automatic updates on Windows will also ensure that you have the latest updates from Microsoft like security patches.

5.  BE PROACTIVE.  There's a lot of stuff you'll come across on the internet, and a lot of it isn't going to be safe.  Flag and report sites and content that are clearly abusive and/or illegal to Google or the entity being abused.  You can also report internet crime to the FBI through the ISC (the Internet Crime Complaint Center).  And if you're one of those tech folks that's in the know, educate people!  Run a presentation on internet safety at your workplace, tell your friends how to stay safe, and practice these tips yourself.

If you're unsure of anything, ask your local computer nerd!  While they may have a gruff and nerdy exterior, they'll always be happy to help someone be proactively safe on the internet.  Or leave a comment or ask me a question if you have them.  The internet can be a scary place, so make the right decisions and surf safe.

DNS Changer Malware and the FBI's July 9th Deadline - A Few Answers

[Article first published as DNS Changer Malware and the FBI's July 9th Deadline: What It Is and What You Should Know on Blogcritics.]

Depending on how close you are to your local nerd, you should have already heard about a computer virus that is claimed to eventually cause thousands of people to lose their internet access in just a few days on July 9th.  Some folks don't even know it's coming, some have waved it off as a hoax, and some have even gone so far as to claim immunity because of course, nothing could penetrate their primitive anti-virus shields, regardless of everything I've been trying to tell them.  At any rate, it's happening.   So what exactly's going on?   The culprit behind this scheduled havoc is a particular class of malware known as DNS Changer.  Before I get into what exactly it's doing, I should give you a short primer DNS and what it does - because after all,  like it's named, DNS Changer changes DNS.

"Phone Numbers for the Web" - A Quick DNS Primer

Think about phone numbers for a second.  Suppose my phone number is (123) 456-7890.  If someone has that phone number written down, and just that phone number, they have no idea who exactly they're calling if they punch it into a phone.  The information they have to contact me over the phone is incomplete.  Now if they have two pieces of information - the phone number and my name to go with it, then that makes far more sense.  Now they know that I'm at the other end of (123) 456-7890.

DNS is exactly the same thing.  Internet websites have what's called an IP address (think phone number for a website).  Now let's make an example.  I'm going to give you an IP address, and you tell me what that address goes to.  Ready? OK, here it is: 173.194.75.103.  Complete gibberish to you?  I'll tell you what.  Take that number and put it into your web browser where you put in what website you want to go to, and tell me if it doesn't take you right to Google.  DNS is what allows your browser to cleanly translate domain names to IP addresses - in this case it matches up 173.194.75.103 to "http://www.google.com."  Just like a phone number.  You don't get out your cell every time you want to call me and dial out (123) 456-7890.  You go to my name.  Your address book, as it turns out, is a mini list of DNS entries, matching numbers to names.

That was just a basic primer, but it gets far more complex than that when it comes to the Internet.  There's not just one DNS server, but many that communicate to allow you to browse the web.  You browse the web primarily using the DNS servers that belong to your Internet Service Provider (Comcast, Verizon, Roadrunner, or whoever you pay your bills to).

What Does DNS Changer Do?

So now that you have a better idea of what DNS is, let's look at what DNS Changer does.  In the end it can do the same thing that email phishing scams can do in the sense that it can lead you to fake and fraudulent websites to try to steer you in the wrong direction.  This works a little bit differently though - instead of sending you fake links hoping that you'll click them without paying attention, DNS Changer literally changes your DNS settings, giving the intruder the ability to change where you go and leave your computer wide open to a number of cyber attacks.  The image to your right is a great concise diagram from the official FBI website that shows how it works.

The FBI has been able to identify networks of these rogue DNS servers that can potentially do you harm through what was known as Operation Ghost Click, and have taken a number of steps not only to disable them, but to help internet users until they do.  They've been working with ISPs and providing known clean DNS servers so that affected users can redirect to them to browse safely.  On July 9th, support for these temporary clean DNS servers ends, so everyone has to make sure that they're up to snuff.

What Can I Do?

But fear not friends.  There is something that can be done.  First and foremost, go to this website to check if your current DNS settings are legit and not hijacked: http://dns-ok.us/.  If the image comes back with a nice green background like at the top of this post, then your DNS settings are in good working order.  If it comes back red, that means your DNS settings have been jacked to hit rogue DNS servers and you have some fixes to make.  There will be a link too that will point you in the right direction.

If it comes back red, there are steps you can take.  The FBI as well as the DNS Changer Working Group (DCWG) have sites set up to guide you through the process that you can get to at the bottom of this post.  The most important thing to remember is that if your check does come back red, as I mentioned that means that you could be vulnerable to additional malware and viruses.

Check in with your local nerd if you have any issues or questions.  I've also set up a temporary email address you can send your questions to through July 9th, at helpdesk@tusharnene.com.

DNS Changer Checker: http://dns-ok.us

Official FBI DNS Changeer website:http://www.fbi.gov/news/stories/2011/november/malware_110911

DCWG DNS Changer website: http://www.dcwg.org/

Vox Populi: SOPA and PIPA Put on the Shelf

[Article first published as Vox Populi Puts SOPA and PIPA on the Shelf on Blogcritics.]

Looks like it’s over.  Senate bill PIPA and its house companion bill SOPA have been shelved indefinitely by their sponsors.  On Friday, the announcements were made by Sen. Harry Reid (D-NV) and Rep. Lamar Smith (R-TX).  And it wasn’t the pundits or political experts that made it happen.  It was the people of this country – our nation’s collective vox populi – that made it possible.

On Wednesday we looked at the Internet blackout – sites like Wikipedia, Reddit, Wordpress, Tumblr and more replaced their regular daily content with black screens, featuring information about PIPA and SOPA instead, citing reasons for its detriment to the internet age, and a number of resources for how to take action if the reader user chose to do so.  Even webcomic artists like XKCD’s Randall Munroe and Questionable Content’s Jeph Jacques joined in the blackout for solidarity, while Ars Technica hosted “SOPA Resistance Day.”

January 18^th marked the largest protest in the history of the internet.  By the numbers, there were 10 million petition signatures.  Through the Electronic Frontier Foundation, Demand Progress and Fight for the Future, over 3 million emails were sent to Senators and Representatives.  All for one singular purpose – convincing their politicians to drop support for these bills.  And damn did it ever work.

“I have heard from the critics and I take seriously their concerns regarding proposed legislation to address the problem of online piracy," Smith said. "It is clear that we need to revisit the approach on how best to address the problem of foreign thieves that steal and sell American inventions and products."  This statement came just hours after a tweet from Senator Reid stating “In light of recent events, I have decided to postpone Tuesday's vote on the PROTECT IP Act #PIPA”

I remember watching the first SOPA markup session in the House Judiciary Committee on a live stream and seeing Rep. Darrell Issa (R-CA) and Rep. Jared Polis (D-CO) stand up to point out the flaws in the bill.  While it seemed like there wasn’t enough knowledge in the room, these two representatives called for a hearing with technical experts to discuss every provision, including those covering DNS blocking.  Back then SOPA and PIPA never made the news cycle, and everyone outside of my circles of nerds looked at me cross whenever I mentioned it (They thought I was talking about soap, soup, and now-global sweetheart Pippa Middleton).

So while the movement against SOPA had support, that support didn’t have numbers.  There simply wasn’t any awareness in mainstream media or an understanding in non-technical people as to what was being discussed in Congress.  That’s where the January 18th blackout protest came in.  In addition to the millions online, people physically took to the streets in protest and generated a grassroots protest the likes of which we have never seen before.

Any of you that have read my articles with any regularity know what my stance was on SOPA and PIPA.  Ever since I saw that SOPA live stream, the overturning of these bills became a big cause of mine.  The internet is the greatest innovation in the history of the world – it connects us all, allows us to share, and is integral to not only the innovation and economic health of this country, but the entire world.  I’d like to personally thank every person that took action on this issue over the past few months.  Whether you wrote your congressman, stood in protest, joined the blackout in solidarity, posted messages on social media, or even just spread the word and educated those around you, it was everyone’s action together that helped to keep our internet free.  And to members of Congress, I commend you for hearing the voice of your constituents. 

December SOPA Update: GoDaddy.com

[Article first published as December SOPA Update: GoDaddy.com on Blogcritics.]

Earlier this month we took a look at the Stop Online Privacy Act (SOPA) as it made its way through hearings in the House Judiciary Committee, through amendments, strong objections and ultimately a question on whether or not those folks in the room were even qualified to make any rational and informed decision on the topic. Eventually the proceedings were postponed and will pick up again when the House reconvenes after the holidays, but that doesn’t mean that December has to be devoid of all SOPA news, does it? Politics aside, there was still a fair amount of SOPA news in the last two weeks or so, the majority of it revolving around one of SOPA’s public supporters, domain name registrar GoDaddy.com.

While many other internet companies lined up to publicly oppose SOPA as a death sentence to the free web, GoDaddy supported the bill and other related legislation like Protect IP as a viable method for policing piracy on the internet. They went so far as to publish and op-ed piece on Politico shortly after the bill was introduced praising the bill, as well as providing written testimony to the House Judiciary Committee in support. It seemed strange really, as they were the only internet company named in the Committee’s list of corporate SOPA supporters, in a field of entertainment media production companies (Disney, etc.) and organizations that represent entertainment media and related special interests groups like the RIAA and MPAA.

This of course irked the ire of some of their customers, culminating in a Reddit-fueled boycott of GoDaddy by poster selfprodigy, who planned on moving all of their 51 domains away from GoDaddy’s services. As of right now the post has over 3,000 comments and a Reddit score of 4,409 points with more and more people voicing their opinions on the matter. While GoDaddy pretty much ignored the boycott as a nuisance to start, bigger threats from bigger customers like Ben Huh of the Cheezburger websites started to come in (with his 1,000 GoDaddy registered domains), and GoDaddy turned an about face, stating in a news release that they would no longer support SOPA. But was that public reversal of policy nothing more than a parlor trick to woo customers back and keep the ones they still had? Their support for SOPA cost them about 37,000 domains and it looks to me that the only reason they “reversed” their position was an increasing loss in revenue streams. An interview with GoDaddy CEO Warren Adelman by TechCrunch’s Devin Coldewey also shows how this change of heart might not really be for real:

“Adelman couldn’t commit to changing its position on the record in Congress when asked about that, but said “I’ll take that back to our legislative guys, but I agree that’s an important step.” But when pressed, he said “We’re going to step back and let others take leadership roles.” He felt that the public statement removing their support would be sufficient for now, though further steps would be considered.”

“Sufficient for now.” It’s pretty clear that GoDaddy hasn’t changed their position, but instead have publicly run to the middle with Swiss-like neutrality, which only further tells me that “We don’t support SOPA” doesn’t translate into much more than “We don’t support losing customers and their cash.” Adelman goes on to say that he will support SOPA when the internet community does and that there has to be “consensus about the leadership of the internet community.” Leadership of the internet community? That’s just the point, no one owns the internet, and this statement further shows how out of touch GoDaddy is with reality and the internet community they claim to serve. Having dealt with GoDaddy before, and reading other pre-SOPA stories of how they operate, it’s just not that surprising.

Other pro-open internet registrars like Dreamhost, NetGator and Namecheap are taking this as an opportunity to take some of GoDaddy’s customers through SOPA coupon codes like “NOSOPA” and SOPASucks.” Namecheap is even running an offer through December 29th in which they will donate $1 to the Electronic Frontier Foundation for each domain transfer from GoDaddy. NameCheap CEO Richard Kirkendall had the following to say on SOPA:

“While we at Namecheap firmly believe in intellectual rights, SOPA is like detonating a nuclear bomb on the internet when only a surgical strike is necessary. This legislation has the potential to harm the way everyone uses the Internet and to undermine the system itself. At Namecheap, we believe having a free and open Internet is the only option that will continue the legacy of innovation and openess that stands for everything we all value in our modern society.”

GoDaddy really shot themselves in the foot here. This series of moves is going to lose them a lot of business. But if you’re the “silver lining” type, the GoDaddy mass exodus could be ammunition against SOPA supporters in Congress as a "here's what we think" sort of statement. We’ll see. If you’re looking for another domain name registrar, Lifehacker has a list of some decent ones that are not pro-SOPA.

And about that “leadership of the internet” thing, I’ll throw my hat in the ring for “Internet Elder." 

99. The House Judiciary Hearing on SOPA was a Messy Show

[Article first published as House Judiciary Online Piracy Hearings Frightening on Blogcritics.]

Thursday was a, well let’s say, interesting day, for those who have any sort of stake in, or connection to technology, politics or the horrific relationship between the two. 

Over the past few weeks there have been a number of legislative efforts to stop piracy on the Internet, specifically, to protect the intellectual property and innovation of American developers and creators.  One of these bills, HR3261, is called the Stop Online Piracy Act (SOPA).   While it’s certainly a noble goal, the language and text in SOPA caused enough outrage and fear across the country (you can see the actual wording here) as to draw strong bipartisan criticism and concern.

The problem, well one of the problems, with the bill in its original state was that it was extremely broad and equally vague in its definitions of terms such as rogue websites and what exactly constitutes infringement.  As it existed,sites like YouTube and Tumblr could become potential targets for legal action and blacklisting, as would any other site where the majority of content is user generated.  Theoretically, for example, if a blogger at Blogcritics.org were accused of having promoted infringement, other blogs, as part of the same domain, could go poof in the night just for being on the same domain, without proof, only suspicion.  That's broad enough to be easily abused.  Other critics note that the bill is counterproductive, effectively putting a stranglehold on American innovators and startups by forcing compliance to be a design requirement for them.

As a result of the criticism, the bill’s sponsor, Rep. Lamar Smith (R-TX), drafted a manager’s amendment to SOPA, with the goal of toning down the language and narrowing the broad definitions that were in the bill’s original draft.  The amendment also narrowed the targets of the bill to non-U.S. sites, and removed language that would put entire domains at risk if even one page appeared to be linked to infringement.   While some provisions were made in the manager’s amendment, a lot was left to still hash out.

So let’s get back to why Thursday was interesting.  The House Judiciary Committee met to discuss SOPA, specifically Chairman Smith’s manager’s amendment.  Thanks to our digital age, I was able to watch some of the hearing's live stream on my phone, all the while hoping and praying that I would not be accused of infringement for occasionally allowing other people to hover around my 4” screen.  After the coverage that I myself was able to see, I came up with one very solid conclusion with which I’m sure many other viewers would agree:

the people in this room have absolutely no business making this decision for the rest of us.

My first fear was that it felt like there was a mad rush to hammer this legislation out before 2011 ran out of days.  I simply don’t understand the rush, when the potential consequences of this bill are so far reaching for not only the United States, but the Internet itself.  Thankfully a few folks in the room, both Democrat and Republican, pointed out to the the committee that rushing the decision could potentially lead to big mistakes.  These included Rep. Sheila Jackson (D-TX) and Rep. Darrell Issa (R-CA), who cited the America Invents Act, the result of an attempt to reform the patent system that started in 2005; proof, at least to Rep. Issa, that there hadn’t been appropriate levels of due diligence on SOPA.

But that was only half of a two part horror I experienced while watching the stream, with the second half more horrifying than the first.  Hours of representatives tripping over basic technology phrases such as IP address and DNS server were  more than just a little painful to hear, since the proposed actions can cause sweeping changes for technology.  Every third or fourth time someone spoke, their comments were preceded by what became almost cliché disclaimers, such as: “I’m not a nerd/I’m not a technical expert, but I’ve been told,” or “from what I understand.”  These are the people who are discussing whether or not additional regulations (and let’s face it, outright censorship) should be applied to the Internet.  Excellent.  If you can’t intelligently explain to me what an IP address is, or what DNSSEC does, then get your damn hands off our Internet.  It’s not that you don’t speak for us, just that on this topic (with the exception of Rep. Jared Polis (D-CO)), you simply don’t have the capacity.

So there’s what Thursday was all about: an argument about whether the blind leading the blind should run full speed into a brick wall.  There were a number of proposed amendments that limited the far-reaching scope of SOPA which were ultimately killed by the bill’s proponents who seemed to be interested in nothing more than going full speed ahead.  The whole thing seemed like a ceremonial meeting that had to happen on principle, and nothing more.  The only individuals in the room who seemed to be talking sensibly, logically and with technical expertise, were Reps. Polis, Issa, Chaffetz and Lofgren, who asked Rep. Smith to stop the hearing so that the committee could hear testimony from technical experts.  Smith refused at the time, but he did make time to hear from the Motion Picture Association of America (MPAA), a strong SOPA supporter).

The Electronic Frontier Foundation posted an open letter to Congress, from some of the minds who engineered the Internet (Vint Cerf, co-designer of TCP/IP among them), and who laid out all of their concerns about SOPA.  They didn’t have to preface the letter by apologizing for not being technical experts, because guess what, they are.  And I don’t know about you, but if I received a letter about the Internet in which the senders could legitimately use the phrase “When we designed the Internet the first time,” I’m pretty sure I would give it a listen.  These are the technical experts you didn’t consult, and their opinion is very clear: that this bill would do nothing to stop foreign piracy of American IP, but will hamper American innovation and assault law-abiding citizens’ rights to communicate openly and express themselves online.

Thankfully, it appears that the 11 hour session seemed to convince the committee that we need to explore this far more. As I write this, the SOPA vote has been delayed, hearings resuming at the “earliest practical day that Congress is in session.”  I hope for the sake of the Internet and American innovation that this allows the committee to hear technical experts testify and derail this bill.

I mean, I'm no expert on politics, but…

23. the great escape (chinese internet addiction center edition)

probably not this cool

while i do always tout that we are living in the digital age, there is a line that can be drawn between "web enthusiast" and addiction.  a web enthusiast may be bored without his or her collection of gadgetry and digital accessories, but it's not the end of the world.  it's not going to reduce them to a slumped neanderthal that can barely function in the world.  an addict, on the other hand, is willing to stay online at all hours of the day, forsaking work, school, and personal relationships for what they find online.  sometimes it's gambling, maybe illicit online affairs, or topping all else, games.

internet addiction may sound strange, but i have seen it happen on a number of occasions.  the first time i did was when i was a sophomore in college, where a few of us on our floor shared an 11am physics class (so it's not like it was even early)  that you generally wouldn't want to skip.  one morning as i'm preparing to make the trek to the lecture hall, we noticed one of our classmates, in the same clothes he's wore for days of course, on his computer.  "you not going to physics today man?"

"no dude i can't.  i have a guild meeting."

i don't care how good the game is or the intensity of your god damn raid schedule - someone with a normal thought pattern would recognize that while you're talking strategy so you can get some experience points and gear upgrades, your school is draining your real life account by anywhere between $400-$600 per credit.  unfortunately for him, this became a pretty standard practice.  he pretty much fell off the face of the earth after that.

the case above isn't even an extreme one.  people can spend upwards of 15 hours online gaming or, well, doing whatever it is they do.  as i mentioned before, online affairs and gambling have become pretty popular pastimes - probably because the internet and network services as a whole, in my opinion anyway, facilitate these addictions in many cases, and almost act like an extension to an existing personal problem.  it's become so widespread that treatment centers are offering programs for internet addiction, right alongside alcohol and gambling.

this seems to be an even more crippling affliction in china, where estimates put the number of "internet addicted" citizens above the 20 million mark, by the china youth association for network development.  and to remedy the situation, their treatment facilities are run like military centers. officially treatment involves chinese calligraphy, philosophy, and a strict military regimen.  not surprisingly, there have been widespread reports of abuse in these centers from beatings to other forms of torture.  in august 2009, a 15 year old, well, inmate, for lack of a better term, was beaten to death by two guards who were sentenced to 10 years in prison last month.

so what do you expect when you take one of these facilities, 14 young men in jiangsu province, some of them addicted gamers (whose primary goal is always to down a boss), a steady stream of work-camp-like conditions, military grade physical training, and possibly abusive guards?  quiet acceptance?  adherence to disciplinary rules?  hell no.  without anyone giving you more details you know this all clearly spells shawshank style escape and revolution.

i imagine it was something like this

the crew of motley nerds found an opening, jumped their commander (yes, commander) and bound him to his bed, then made a break for it.  once outside, they hopped a couple of taxis in the hopes of making it back to taste sweet freedom and online logons.  but as all great escapes go, be it steve mcqueen on a stolen bike or chinese kids packed in a taxi like a clown car, their plan was foiled.  you see, the problem was that they were broke.  and the cab driver was less than understanding.  the cops were called to the scene, and all 14 youths were taken to the local 5-0 station.

but it doesn't look like this shook the parents' faith in the treatment centers and their methods, and thus the people's republic (not to mention the equivalent of a few grand they shelled out).  after picking them up from the police, out of the 14 renegades, all were shipped directly back to the huai'an center.