Friday 31 December 2010

Security Digest #15: 27C3 Special

The 27th Annual Chaos Communication Congress

With the application of my superior skills of decryption, I deduce that this logo says 27C3. Well, the 27th CCC has just happened in Berlin, spread over the last four days (Monday 27th to Thursday 30th December). Required viewing for all security professionals, the conference was broadcast live on the Internet, which is where I caught the absolutely riveting presentation of Sony PS3 Security Epic Fail. More on that later.


Blah, blah, blah...
  • GSM eavesdropping is now easier and cheaper than ever. Wow, I thought they'd have patched that one by now. Not. One of the most interesting aspects of Tuesday's presentation was the researchers' casual references to two-terabyte rainbow tables. Now we really are living in the future. The use of these tables of precomputed encryption keys is as old as decryption itself, but their sheer size allowed the session's secret encryption key to be found in less than 20 seconds. The presenters also used various software (open source), one laptop, and for their network sniffers: four $15 telephones.
  • FireEye security researcher Julia Wolf discloses a plethora of new PDF vulnerabilities. Actually this one is new (in the detail) and worrying indeed (in scope). I read it and wept, nearly.
  • WikiLeaks defector details new whistle blowing model, OpenLeak. Well, Wikileaks itself was born at CCC in 2007, in a presentation by Julian Assange; so this is an entirely appropriate time and place to announce that. Good luck with your new venture, you former WL operatives, I'll see your new site and raise you 9,000 others. I mean, shouldn't we be calling this Hololeaks already?

Sony FB Part 3

Required viewing for all Sony development engineers. And I'm quite certain every one of them has watched this by now.

As a PS3 owner, I should have a vested interest in Sony's ability to protect their private walled and perfumed garden of game software development. That I do not in fact feel that interest, is a consequence of some cold industry facts. Specifically:
  1. Protected development is no longer directed at creating the staggeringly imaginative games found on previous console generations - Zelda Ocarina on the Nintendo 64 being both archetype and zenith - but instead aims for common denominator, hyper-realistic sandboxes or short span missions, quite devoid of creativity. In fact...
  2. One of the best things to come out of Sony last year was a Sly Cooper retread, retrofitting HD textures to the identical set of polygons first marketed to us (abysmally marketed, in the case of SCE Europe) way back in 2002; adding some unbelievably meh Move mini games, and trumpeting 3D capability. After all, who's going to remember the original Sly 3 from 2005, arriving on the PS2 already replete with anaglyphic 3D and free blue-red specs? Meanwhile, 2011 seems set to repeat such repeats, with an HD/3D reskinning of Ico & Shadow of the Colossus poised for imminent release.
  3. More than most electronic conglomerates, scofflaws Sony appear particularly to despise their customers, treating them with the same apparent level of dismissive contempt as the corporation exhibits towards all consumer protection legislation, internationally. Examples are legion, and entire websites exist solely to bear testament to this single proposition.
Therefore it was with the squealing glee of a wee girl, that I found and devoured the brilliantly presented 40-minute CCC talk Console Hacking 2010: PS3 Epic Fail, presented by fail0verflow members bushing, sven, marcan and segher...

After a little history, the ubiquitous Michael Steil appeared in cameo to present statistics relating to the time taken to hack various consoles, and supporting his assertion that any console without Linux will be hacked to run it within its first year. The apparently atypical run of luck enjoyed by the PS3 (four years) seems to have been due to Linux already being officially available there. But Sony, famously and illegally, removed that feature; now their security has likewise been annihilated. Again, within that twelve month window.

Interesting though, how this narrative thread fits into an emerging pattern of virtual terrorism (cf the many DDoS attacks recently launched both against and in support of Wikileaks). Upsetting the Linux/hacker community looks a bit like pissing off 4chan, or anonymous, in that, you probably don't want to do it. Anyone can see that DDoS attacks in support of say, Wikileaks, are just as indefensible as attacks on Wikileaks itself; yet they continue, trumpeted by the same, sometimes naive, mostly disingenuous, idealistic justifications.

Anyway (removes equivocation apparatus)...

The core of fail0verflow's presentation featured a table of security features implemented on a sampling of consoles. This was followed by a step-by-step account of the group's deconstruction and reverse-engineering of each of these, by means of spectacularly varied and creative vectors of attack. At the finish, as evidenced by the same table, the wretched PS3's security features had been comprehensively deleted, and you could feel nothing but pity for it:


There's a lot to love about this presentation, but the highlights for me were (1) the playing of the Sony "Trophy!" bell and icon each time another layer of security was breached; and (2) the hilarious specific details of one particular attack, the compromising of ECDSA signatures.

This latter was deliciously presented by fail0verflow member and future standup legend segher, who self-deprecatingly explained just enough about this solid encryption scheme to make it obvious to any high school student, that a certain private random number must be truly random.

Actually, he didn't explain that at all. That would have insulted the intelligence of his audience of hackers. Instead he showed the relevant formula, then observed "... but m is supposed to be a random number. And for some reason, Sony uses the same random number all the time." Instantly, the overhead display changed to show two simultaneous equations. The hall erupted in a gaggle of hysterical laughter, and the kind of rapturous and loud applause that actually hurts your hands and feet.

Just to rub salt in the wounds of any Sony devs watching, he showed us his attempt at reverse-engineering Sony's prang:
// Sony's ECDSA code
int getRandomNumber()
{
return 4; // Chosen by fair dice roll; guaranteed to be random.
}
As I mentioned above, there's much more very clever stuff in the presentation; but come on, who could ever follow that? See you next year!


Security Digest is brought to you by the inimitable flavours of Talisker, the only single malt scotch whisky from the Isle of Skye. Actually that Glenmorangie fae Tain's no hauf bad an' all. Aye, and the Lagavulin. Which isnae a patch on Highland Park, incidentally... Happy New Year! Hic.

Thursday 23 December 2010

Don't Hit Me With Your Modem

Today's Apposite Dilbert

Found a Hayes fax modem in the miscellaneous cables & assorted hardware sports bag, during the annual clean & throw out. Here's a picture of it:

Dilbert.com

Also found a couple of wireless routers, two Sharp pocket computers from the 80s, a pre-USB Laplink cable (wow, serial RS-232C and Centronics parallel!), it's all good...

Dilbert ©2010, United Feature Syndicate, Inc.

Thursday 16 December 2010

Quick Security References

One New QSR


Jeremy Dallman of the Microsoft Security Development Lifecycle (SDL) recently announced the availability of a new Quick Security Reference (QSR) document.

These are papers which look at specific security threats from certain particular IT job role perspectives, viz. business decision makers, architects / program managers, developers, and testers. Jeremy describes the place of these documents in the Security Development Lifecycle as follows. If a security related attack is like being thrown out of your plane into free fall, and the SDL is your parachute, then QSRs are a quick and easy way to find the D-Ring...

The new paper covers the subject of Exposure of Sensitive Information. This is not one of the catchy exploit-named areas of security, but it's an increasingly important aspect of your strategy in times when the failure to protect information and its accidental disclosure are increasingly being targeted in the search for vulnerabilities.

Our company has ISO 27001 certification as a business, but we are still just at the very start of the process to introduce adoption of the SDL maturity levels (below) into our software design, development and test practices.


Along with the extensive SDL Implementers' Guides, these excellent little quick reference documents - and this new one in particular - will be extremely useful training resources in the coming months. Even more so in fact, now that all SDL documentation is available under a Creative Commons licence. That includes for example, the flashy colour graphics in this article!

Two Old QSRs


Reminder: the first two QSRs cover the perennially popular subjects of Cross-Site Scripting and SQL Injection, topics chosen because they represent the most common attack types that almost any Development or IT Professional team will encounter today:

Friday 10 December 2010

Book Review: Mean Deviation

Four Decades of Progressive Heavy Metal

Without deviation from the norm, progress is not possible.
- Frank Zappa (dedication).

On June 16, 1902, just as Gottlob Frege's new Grundgesetze der Arithmetik was going to press, Bertrand Russell wrote to him, with catastrophic, utterly devastating news: drummer and co-founder Mike Portnoy had just left Dream Theater.

No, that's not right. Let me try again...

In 2008 a truly worldwide survey of more than 36,000 people (three dozen kilopeople!), the largest of its kind ever undertaken, made the first ever serious attempt to correlate people's musical tastes with their personality types. Led by one Professor Adrian North of Edinburgh's Heriot-Watt University, the research uncovered more than one fascinating fact about us, the musical styles with which we prefer to be identified, and what these say about our characters. But that is not the impression you'd have taken from the headlines at the time.

Almost unanimously, journalists and reporters focused on just one single correlation from that report; one which, for whatever reason, they found to be quite unexpected, striking... astonishing. This was the correlation between classical music lovers, and heavy metal maniacs.

In fact, excluding only age differences, the researchers had found that devotees of these two musical styles share "virtually identical" personality traits. Such as being much more creative than other people*, and being "at ease with themselves", although "not exactly outgoing". Musically and psychologically adjacent to both groups, and giving perhaps some clue as to the nature of their common ground, we find the fans of so-called progressive music. Forever enraptured by technical proficiency and the grand scale of the orchestral, in recent times they have increasingly found their genre migrating due north in a heavy metal-led diaspora.

<diversion>

Some would argue that the classical, the progressive, has been in heavy metal's DNA from its very inception. The entire genre was born in Britain, they'd say, on the cold morning of Friday 13th February, 1970, when the first three notes of Black Sabbath (the opening track of the eponymous debut album, Black Sabbath, by a Birmingham band whose name temporarily escapes us) oozed and spilled out on to the rug, bleeding - in the words of its clever cover art poem, Still Falls The Rain - before a gesticulating death.

Those first doom laden notes, and in fact most of the song, comprise musical theory's infamous tritone interval. Branded Diabolus in Musica or the Devil's Interval by medieval musicians, this eternal technical oddity was otherwise virtually unknown in pop and rock. Admittedly it appears in The Simpsons' theme, but that's quite a rare pop culture appearance. Historically however, it has cropped up in many and various classical guises, from the 19th century onward. Erm, according to those Black Sabbath fans, that is.

</diversion>


Now at last we have the definitive document, the one that records the detailed co-evolution of these disparate musical styles. Today we can finally read the history - some are already calling it the Bible - of progressive heavy metal.

This book's credentials are impeccable. It's edited by Ian Christe, whose own Sound of the Beast: The Complete Headbanging History of Heavy Metal has itself remained more or less definitive in its own subject area, ever since its first appearance as a hardback in 2003. Even more importantly, this new account is written by the former (1996-2001) editor of the Metal Maniacs fanzine, already a highly regarded, respected, and revered authority in the field. Jeff Wagner's book was always guaranteed to be seminal and enthusiastically received, at least from the heavy metal half of an overall perspective.

That it also succeeds quite so brilliantly in charting the convolutions of progressive rock music, with its increasingly intertwined and eventually shared destiny with heavy metal over those decades, is a fact first attested to by the involvement of none other than Porcupine Tree's Steven Wilson in the title's launch. Steven contributes the foreword to the book, as well as the prime and essential tribute: "We now have a definitive book on the relationship between metal and progressive music."

Sneak A Peek

Typical Amazon reviews concentrate on a roll call of the band and personnel names mentioned in the work. I'm looking for better metrics. A page count of 384 may be a nominally useful measure of the length of the work, but an appreciation of its depth can be gained immediately from the size of its index: eleven, full, two-columned pages. And a still better gauge is actually to view the full content of that index, which is available as a PDF download here. That's your roll call right there, that is, and it's particularly gratifying to realise that the entries for Fates Warning and Rush are actually longer than Dream Theater's! Here's a guy who really and truly knows his musical history...

There's a sample extract from Part II: The Science of the Day, chapter five, Passing the Threshold, available in PDF here, just to confirm your suspicions about how painstakingly well researched is Jeff's labour of love, his tribute to the creative artists involved in this fascinating tale.

Musical Structure

Befitting the complex musical forms whose development it describes, the book sports a considered and well thought-through top level framework. Steven Wilson's foreword leads into the author's prologue, where he sets the scene, hinting at the inspiration, the seeds and roots of the book, in his own reaction - as a fan - to Voivod's controversial (and widely misunderstood) sixth album - 1991's Angel Rat. And perhaps more significantly, his roommate's (also a big Voivod fan) diametrically opposed reaction to the same. Jeff saw in this dispute, in the rejection of the band's new direction by such reactionary, conservative fans, the true definition of progressive music.

Following this, the main body of the book is divided into five major parts. Here I'd like to reproduce its Contents section, for the purpose of providing each chapter with a pithy summary paragraph. Please keep in mind that these descriptions do nothing more than sketch out the broadest narrative arc of a work, whose substance is rather to be found in the fascinating level of detail in which Jeff teases out the offshoots and foliage of each main branch. You have to buy the book to get that!

Part I : Atmospheric Disturbance

The groundwork is traced, from the first saplings of metal and prog in the 60s, to the digital revolution in music, and the 90s explosion of progressive heavy metal.

1. Invention / Reinvention.

Almost inevitably in hindsight, we start not with Black Sabbath, but with the shock of 1969's King Crimson opening at Vermont with 21st Century Schizoid Man. Having thus given adequate justification for his book's subtitle, Jeff then goes still further back to enlist Zappa's unprecedented double album Freak Out! from 1966 as the second half of a platform, on which to introduce a mass of later 60s and early 70s names; the pioneers of the first progressive rock. Through this whirlwind retelling, Robert Fripp repeatedly makes clear how he regards much of King Crimson's output, both then and still on 1974's Red, in retrospect as heavy metal proper.

2. All Moving Parts.

Chapter two sees Black Sabbath receive their due recognition as the first heavy metal specialist band, while their fifth album, 1973's Sabbath Bloody Sabbath, gets a nomination for the first ever progressive heavy metal album - due in some part to the keyboard and arrangement duties performed in the studio by a classically trained Rick Wakeman. Meanwhile, in an adjacent debate, just exactly who did first coin that term for what Black Sabbath, Led Zeppelin, Deep Purple et al were now starting to do? Major branches explored here include: Rainbow, Judas Priest, Scorpions.

3. By-Tor at the Gates of Delirium.

And already we've reached the ambitious, ofttimes Ayn Rand-inspired, epic song craft of Rush, whom Jeff credits with the most successful hybridization of prog rock and heavy metal thereto achieved. This entire chapter belongs to the Canadian trio, whose 2112 remains pivotal in prog metal.

4. Open Mind for a Different View.

The groundwork is completed by a survey of the biggest purveyors of "smarter, more sophisticated metal to the masses" in the 80s - principally Iron Maiden, Mercyful Fate, Metallica and Megadeth. As elsewhere, the significant influences on these are well researched and documented, via live contemporary interviews wherever possible.

Part II : The Science Of The Day

5. Passing the Threshold.

Also, in a sense, the torch. True prog metal arrives fully formed, from America, in the definitive guise of Washington State's Queensrÿche and Connecticut's Fates Warning, whose intertwined destinies dominate this, the publicly viewable preview chapter. An amusing sidebar titled "What If?" speculates on the alternative prog metal universe that would have sprouted, had Ron Jarzombek (later of Texas math rock legends Watchtower) succeeded with his tape audition for Fates Warning. Conclusion: actually, things would eventually have worked out pretty much the same.

6. Killed by Tech.

Ah yes, Watchtower. The birth of tech metal. I have no words for the mighty Watchtower. Except... uncompromising, mathematical. And, well, let's see, bat shit crazy. Luckily, Jeff does have words for them and their ilk; well articulated words, too. In fact, I read his very description of the genre as itself a labour of journalistic love. Once again, don't miss the fascinating and funny sidebar, "Prog on a Pogo Stick". We are still waiting for Watchtower's third, the doomed Mathematics; but here, Jeff does give us at least a little hope.

7. A Constant Motion.

Sure, there's a lot more to prog metal than Dream Theater; but hey, they're far and away the biggest kid in this playground. So many and varied superlatives run true of this band, that you sense Jeff had trouble in containing their story to a single chapter. Yet contained it had to be, in a book whose watch word after all is diversity. This chapter contains that one fatal quote, hinted at in my introduction above: "... a union that still shows no signs of relenting." More on that later.

Part III : A Quantum Leap Forward

There are many threads to follow from the early 90s, "going forward". In this section of the book, Jeff splits them both temporally and geographically into five closely related chapters, subtitled "Sublimation from Underground." The result is a well organised, well analysed record of this tumultuous and potentially confusing period of development.

8. Sublimation from Underground I: Voivod & Celtic Frost

Watchtower's Jason McMaster in turn passes the torch to Celtic Frost's Tom G. Warrior, while Canada's Voivod rise from the underground to the acclaim of critics like Cynic's Paul Masvidal; "metal godfathers" Lemmy and Bruce Dickinson; and, erm, Ryan Adams. The familiar sidebar morphs into a four-page discourse on 90s hybridization and genre-box disintegration.

9. Sublimation from Underground II: Europe

That's the continent of course, not the glam rock band. Voivod and Celtic Frost had Berlin-based Noise Records in common. Jeff uses this as a springboard for the exploration of related European bands, including Switzerland's Coroner; Germany's Sieges Even, Mekong Delta, Destruction, Deathrow, and Atrocity; then similar lists in turn from Austria and Finland. Sidebar: Mekong Delta's reworkings of classical compositions. Nice.

10. Sublimation from Underground III: North America

San Francisco is prolific. In fact, California; no, make that the West coast; and the midwest; hell, all of North America (and Montreal too) is breaking out in metal. Jeff picks out two midwestern bands in particular - Anacrusis and Realm - for their still resonant debut offerings, and their refusal to bow to the new orthodoxy of Metallica. Yay!

11. Sublimation from Underground IV: Florida

The explosion of death metal from Florida in the 90s is remarkable, as Jeff makes abundantly clear in this whole chapter dedicated to this one sunshine state, finding within it much variety and deviation from the headlong headbanging stampede. This chapter happens to straddle the midpoint of the book, and so coincidentally contains the 16 pages of full colour plates. Wow, look at San Francisco's Hammers of Misfortune, I'm just sayin', must give them a listen soon...

12. Sublimation from Underground V: From 2112 to 1993

Jeff identifies a sea change in 1993: the death of death metal, at the strangling hands of grunge. He further identifies three creative high spots that ultimately got smothered in the carnage: Spheres by Dutch pioneers Pestilence; Believer's Dimensions; and Cynic's Focus. All three bands would follow these releases with a commercially imposed, 15-year hiatus. And yet this one year remains to this day remarkable, for the sheer number and variety of new and/or evolved bands suddenly innovating in the genre (a fact borne out in the sidebar, 1993: Year of the Eggheadbanger).

Part IV : Genetic Blends

13. Deviation or Derivation?

Historical review time: why prog was dying in 1992, and why Dream Theater made such a positive impact crater. So begins a retrospective chapter, deeply analytical, and with the expository skill of the lifelong observer and specialist, yielding his tools: economics; fashion; and ultimately, perhaps for the last time ever, the thoughts and actions of enterprising new record label bosses. Pain of Salvation and Devin Townsend emerge as creatively, contemporarily, influential.

14. Swedish Oddballs

Yet another country gets the by-now familiar treatment of analysis; history; review. The unexpected prevalence of Sweden in the field of "grisly, violent metal" leads through the frustrations and reactions of small town life, via Therion and Edge of Sanity, to a foreshadowing of the prog metal gods Meshuggah and Opeth. Just recently I realised how many more of my favourite musical acts hail from this Scandinavian land. But on reflection, it would probably have been quite inappropriate (despite endorsements from both the ubiquitous Steven Wilson, and Opeth's Mikael Åkerfeldt) to include Abba. To say nothing of The (thoroughly and comprehensively metal influenced) Cardigans, nor yet of their beautifully talented vocalist Nina Persson's solo project, A Camp. Oh well.

15. The "Weirding" of Norway

Not so much prog, more black metal; Norway's main contribution to the genre is also surprising in its intensity and ubiquity. At this juncture, I must confess that I have pretty much avoided this sub genre personally, almost completely in fact. That's entirely because of the actions of one particularly murderous and maniacal psychopath. Accordingly, I've skipped most of this chapter too. Maybe I'll discover this country musically one day, when I've fully disassociated its music from the violence. But for now, on the basis that I've no knowledge with which to judge this chapter objectively: no review.

Part V : Into Data Overload...

16. The Expanding Universe.

Jeff identifies another sea change in 2000 - this time, using the actual phrase! woohoo! - whereby such challenging music as that produced by avant-garde bands like Japan's Sigh, or maybe America's Kayo Dot, could gain mainstream acceptance. This was one of the most entertaining and fascinating chapters for me. Meshuggah finally get their thoroughly deserved and warranted extensive treatment; Opeth too; whilst the inventiveness and popularity of Tool and Mastodon are justly celebrated.

17. A Way Out from the Way-out?

The final summing up is a complete pleasure to read, the history of progressive heavy metal music in review. Jeff repeats his Gottlob Frege moment, remarking that "In 2010, Portnoy [and] Dream Theater ... are in a comfortable position." At the time of writing, of course, those four bootmark impressions had yet to appear on Mike's arse - in the words of this chapter's title, on his Way Out. Notwithstanding, the final chapter is a beautiful conclusion to a fantastic account of this form of contemporary art.

Brass Tax

Finally, an epilogue and three fascinating appendices round off the work; each to my mind hinting at a potential sequel. Please!

The writing style has been dynamic, actively invoking the personalities not just of individual musicians, but of executives and organisations, bands, towns, epochs in time, musical genres and individual audiences. And despite occasional forays into the darker aspects of the music business, into human weaknesses and addictions, the book's emphasis is always, consistently and correctly, focused on the evolution of its musical forms.

Through it all, often unnoticed in its metamorphoses, the uniquely malleable music grows, develops, matures. It casts off old skins and grows new armour. It splits and fractures, throwing out new offshoots, whole hierarchies of new life. A bewildering tapestry of sub-genres, and certainly a great many new follow-up bands, await most readers, almost completely unaware of just how much they are still unaware of.

In its proper historical perspective, Progressive Heavy Metal is destined to be enshrined as one of the greatest, most evolved, varied and significant, and most artistically important, developed and valid, offshoots of Rock. That fact can become only clearer with time. This beautiful, highly authoritative, truly exemplary book is its illuminated manuscript; its codex; its definitive work of reference; its testament and tribute.

“One thing prog metal certainly is, is metal. Hard and bold and brash, but refined, adulterated, and mutated; it is heavy metal taken somewhere illuminating and sometimes bizarre.”
- Jeff Wagner (author), interviewed on Noise Pollution.

Publisher Bazillion Points have come through in the quality department, with photographs, and incidental graphics, being particularly well reproduced; but also, equal attention to paper and print. Which is just as well; this one will have to stand up to multiple readings, no doubt at all about that. Update, Dec 30: Told ya! I've now read it twice, hence this much expanded & updated review. The only question I have for the publisher is: for such a seminal, pathfinding, and goddammit resolutely well researched and significant work as this: why, oh why, no hardback edition?

Finally, for a quite knowledgeable and much more critical commentary on this book, try the Poetry of Subculture blog of Greek graphic artist Telemachus Stavropoulos, at http://poetry-of-subculture.blogspot.com/2010/12/jeff-wagners-mean-deviation-four.html.

* Jazz fans also received honourable mention for creativity!

Mean Deviation: Four Decades of Progressive Heavy Metal
Author: Jeff Wagner (former editor, Metal Maniacs)
Foreword: Steven Wilson (Porcupine Tree)
Artwork: Michel "Away" Langevin (Voivod)
Paperback: 384 pages
Publisher: BAZILLION POINTS (23 Sep 2010)
Language English
ISBN-10: 0979616336
ISBN-13: 978-0979616334

ИѺ ₡Ħℜℐ$✞ℳѦϟ ШĦЇℒ€ ℑℳ ♈ѦℒḲЇℕḠ

By M△S▴C△RA

Found earlier this week on Warren Ellis's blog, thought I'd put another copy of it in here so I can easily find it again (web searches for Mascara failing as yet to yield the desired results):

ИѺ ₡Ħℜℐ$✞ℳѦϟ ШĦЇℒ€ ℑℳ ♈ѦℒḲЇℕḠ by M△S▴C△RA


Hmmm, lovely. I'm hearing early Faust, Zeit-era Tangerine Dream, and contemporary ambient production artifacts... also notes of lemon, cinnamon, coarse grade abrasives, a marzipan of nostalgia... tell you what, just for a bit of context, and since their sixth studio album Lisbon came out less than three months ago, let's also remind ourselves of The Walkmen's 2007 performance of this piece, at Williamsburg Music Hall, NY:



No Christmas While I'm Talking was (still is) from their second album, 2004's critically acclaimed Bows + Arrows. The full effect of the song is only realised when you know the words. Here they are.
When I was told you lied to me
I hung my head in shame
When I was told you were cheating me
I bit my lip in pain

So back up back far away
And you better know now just for a little while
Do it one more time just for a little while
Lyrics are copyright © 2004 by The Walkmen.

Wednesday 8 December 2010

Microsoft's "Do Not Track" Response

IE9 Extreme Preview



On December 1st, the American Federal Trade Commission released its report on consumer privacy, the catchy "Protecting Consumer Privacy in an Era of Rapid Change" (PDF). As detailed in the commission's press release, there are two major talking points in the report:
  1. a proposed framework to balance (a) consumers' privacy interests, with (b) innovation relying on consumer feedback to develop new, beneficial products and services;
  2. a suggested “Do Not Track” mechanism, probably a persistent browser setting, providing control over collection of data about users' online searching and browsing activities.
Microsoft were quick off the mark, with Chief Privacy Officer Brendon Lynch responding that same day, via the legal and policy On The Issues blog, thanking the FTC (note: they also collaborated with the Article 29 Working Party in the EU) for the opportunity to participate in the roundtables forming the basis of the report, and after bigging up a little IE8, promising that Internet Explorer 9 will continue this focus and leadership on enabling our customers’ choice and control with respect to their online privacy, and to support the FTC’s continued work to engage all interested stakeholders on these important issues.

In the follow-up, Chief Privacy Strategist Peter Cullen presents a considered review of the issues, and of events leading up to the announcement of a Tracking Protection Feature in IE9, whence the above video demonstration.

Via: Associated Press.

Wednesday 1 December 2010

Tweets - November 2010