Nicholas Weaver's Techdirt Profile

Nicholas Weaver

About Nicholas Weaver

Posted on Techdirt - 16 November 2013 @ 12:00pm

Nicholas Weaver's Favorite Techdirt Posts Of The Week

OK, so who is this crazy paranoid ivory tower dweller who said “Yo”
when asked if he’d do the “Favorite Posts of the Week,” and who is
prefacing this with the standard academic disclaimer of “all opinions
are my own, not those of my employers or funders”?

I’m a
researcher
at both the International Computer Science
Institute
in Berkeley and UC San Diego. My
work has included high speed
worms
, detecting
ISP manipulations of network traffic
and the business
model of Viagra spammers
. I’ve also ranted on how the NSA
weaponized the Internet backbone
, and if you want to test your
network connection, I’m also one of the developers of Netalyr, which now is
available as an Android
app
. Please help us understand how the Internet really
works: download and run Netalyzr today!

I’ll start not with the NSA but with the latest in the Prenda saga.
Ah, Prenda. You’ve been partially responsible for my spending too
much of my beer money on PACER. My liver thanks you, but my wallet
loathes you. Thus it’s with utmost delight that I read how the Prenda
principles of Paul, Paul, and John have drawn the wrath
of the Nazgul
, err, no wait, a group that should scare them more:
Comcast’s and AT&Ts lawyers. Comcast’s legal counsel let loose with a
full broadside, detailing all the ways that the firm of Prenda
vexatiously litigated the case, while AT&T basically went with “yeah,
what he said” (probably saving Prenda a good $5K in the process). I
suspect that the final bill (or at least the supersedeas bond) will be
epic.

More important, albeit less popcorn worthy, was Google’s total
victory over the Author’s Guild
. I’m hardly Google’s biggest fan
(I prefer companies who treat me as a customer, not a SKU), but Google
Books represents an unquestioned good for scholars, users, and even
authors. Unstated but equally important, the lack of a license
implies that others can do the same, preventing Google from gaining a
monopoly through an exclusive agreement.

But I can’t stay away from the spook show. Two particular stories
came to mind. The first is GCHQ’s tepid response to their hacking.
Some backstory is necessary. What the GCHQ did was:

  • Identify a set of technicians at Belgacom
  • Identify their Slashdot and/or LinkedIn Accounts
  • Instruct their wiretaps to look for users logged into those
    accounts
  • Instruct their weaponized-wiretaps to attack these
    victims
  • Use the control of the victim’s computer to execute wiretaps
    within Belgacom, a telecommunications firm belonging to a NATO
    ally

So of course they don’t want to comment about it. Although we
shouldn’t focus on Slashdot or LinkedIn, any site where the
unencrypted page can identify the logged in user could have been used.
It’s just they were targeting the network geeks. I’m utterly certain
that GCHQ will casually accept the same explanation if (or if I was
running the DGSE,
when) France decides to follow the GCHQ playbook in targeting British
Telecom. What’s French for “Sauce for the goose?”

The second concerns my own Senator and her campaign
contributions
, but not for the expected reason. I’m actually
shocked at the small difference and small values. I don’t find it
corrupt, but rather even more disturbing, the paltry sums makes me
think that Feinstein actually believes what she’s saying. So why
doesn’t she release all her phone records? After all, it’s “just
metadata”
.

Switching gears from the invasive but competent to the invasive and incompetent, this literary quote encapsulates what the TSA’s real
criteria involved in their behavioral profiling:


“Uncooperative. Too cooperative. Talks to much. Talks to little. Gets his story perfectly straight. Fucks his story up.
Blinks too much, avoids eye contact. Doesn’t blink, stares.” -David Simon. _Homicide: A Year on the Killing Streets_.

When one actually articulates the sort of criteria needed to do a ‘behavioral profile’ in just the “what is your name,
where are you flying to, what is your favorite color” question asked by the typical TSA agent, it quickly becomes obvious that
it can’t work. About the best it could elicit is a “uh, can’t you read?”, further clogging the system by equating hostility towards
the Theatrical Security Administration’s pointless procedures as yet another “behavioral indicator.” It’s not like it’s possible to
hijack a plane these days: even with weapons the question is not whether a hijacking team succeeds or fails but rather whether the
hijackers survives the ass-kicking that will be delivered by the passengers. It shocks me that both the shoe bomber and the underwear
bomber survived.

To conclude on a lighter note, let’s shift to the sock
puppet/catfishing (sockfishing? fishpuppets? sockcatting?) accusations
against Ashley Madison
. What I find surprising is that they
allegedly did it manually. This should be a high technology
operation: a stock photo account and a bit of automatic text
generation and voila, “profiles,” that for some reason never respond
yet make the site seem populated with MILFs on the prowl.

Hey Ashley Madison: you run a sleazy site, you have an affiliate
program which encourages a particular spammer to clog my inbox, and I
really, really don’t like you as a result, but here’s my offer anyway:
hire me. My obscenely high consulting rate for setting up an
automatic profile generator would, in the end, still be a lot cheaper
than defending against a garbage nuisance suit from an
ex-employee.

More posts from Nicholas Weaver >>