Nicholas Weaver's Techdirt Profile

Nicholas Weaver

About Nicholas Weaver

Posted on Techdirt - 16 November 2013 @ 12:00pm

Nicholas Weaver's Favorite Techdirt Posts Of The Week

OK, so who is this crazy paranoid ivory tower dweller who said “Yo” when asked if he’d do the “Favorite Posts of the Week,” and who is prefacing this with the standard academic disclaimer of “all opinions are my own, not those of my employers or funders”?

I’m a researcher at both the International Computer Science Institute in Berkeley and UC San Diego. My work has included high speed worms, detecting ISP manipulations of network traffic and the business model of Viagra spammers. I’ve also ranted on how the NSA weaponized the Internet backbone, and if you want to test your network connection, I’m also one of the developers of Netalyr, which now is available as an Android app. Please help us understand how the Internet really works: download and run Netalyzr today!

I’ll start not with the NSA but with the latest in the Prenda saga. Ah, Prenda. You’ve been partially responsible for my spending too much of my beer money on PACER. My liver thanks you, but my wallet loathes you. Thus it’s with utmost delight that I read how the Prenda principles of Paul, Paul, and John have drawn the wrath of the Nazgul, err, no wait, a group that should scare them more: Comcast’s and AT&Ts lawyers. Comcast’s legal counsel let loose with a full broadside, detailing all the ways that the firm of Prenda vexatiously litigated the case, while AT&T basically went with “yeah, what he said” (probably saving Prenda a good $5K in the process). I suspect that the final bill (or at least the supersedeas bond) will be epic.

More important, albeit less popcorn worthy, was Google’s total victory over the Author’s Guild. I’m hardly Google’s biggest fan (I prefer companies who treat me as a customer, not a SKU), but Google Books represents an unquestioned good for scholars, users, and even authors. Unstated but equally important, the lack of a license implies that others can do the same, preventing Google from gaining a monopoly through an exclusive agreement.

But I can’t stay away from the spook show. Two particular stories came to mind. The first is GCHQ’s tepid response to their hacking. Some backstory is necessary. What the GCHQ did was:

  • Identify a set of technicians at Belgacom
  • Identify their Slashdot and/or LinkedIn Accounts
  • Instruct their wiretaps to look for users logged into those accounts
  • Instruct their weaponized-wiretaps to attack these victims
  • Use the control of the victim’s computer to execute wiretaps within Belgacom, a telecommunications firm belonging to a NATO ally

So of course they don’t want to comment about it. Although we shouldn’t focus on Slashdot or LinkedIn, any site where the unencrypted page can identify the logged in user could have been used. It’s just they were targeting the network geeks. I’m utterly certain that GCHQ will casually accept the same explanation if (or if I was running the DGSE, when) France decides to follow the GCHQ playbook in targeting British Telecom. What’s French for “Sauce for the goose?”

The second concerns my own Senator and her campaign contributions, but not for the expected reason. I’m actually shocked at the small difference and small values. I don’t find it corrupt, but rather even more disturbing, the paltry sums makes me think that Feinstein actually believes what she’s saying. So why doesn’t she release all her phone records? After all, it’s “just metadata”.

Switching gears from the invasive but competent to the invasive and incompetent, this literary quote encapsulates what the TSA’s real criteria involved in their behavioral profiling:

“Uncooperative. Too cooperative. Talks to much. Talks to little. Gets his story perfectly straight. Fucks his story up. Blinks too much, avoids eye contact. Doesn’t blink, stares.” -David Simon. _Homicide: A Year on the Killing Streets_.

When one actually articulates the sort of criteria needed to do a ‘behavioral profile’ in just the “what is your name, where are you flying to, what is your favorite color” question asked by the typical TSA agent, it quickly becomes obvious that it can’t work. About the best it could elicit is a “uh, can’t you read?”, further clogging the system by equating hostility towards the Theatrical Security Administration’s pointless procedures as yet another “behavioral indicator.” It’s not like it’s possible to hijack a plane these days: even with weapons the question is not whether a hijacking team succeeds or fails but rather whether the hijackers survives the ass-kicking that will be delivered by the passengers. It shocks me that both the shoe bomber and the underwear bomber survived.

To conclude on a lighter note, let’s shift to the sock puppet/catfishing (sockfishing? fishpuppets? sockcatting?) accusations against Ashley Madison. What I find surprising is that they allegedly did it manually. This should be a high technology operation: a stock photo account and a bit of automatic text generation and voila, “profiles,” that for some reason never respond yet make the site seem populated with MILFs on the prowl.

Hey Ashley Madison: you run a sleazy site, you have an affiliate program which encourages a particular spammer to clog my inbox, and I really, really don’t like you as a result, but here’s my offer anyway: hire me. My obscenely high consulting rate for setting up an automatic profile generator would, in the end, still be a lot cheaper than defending against a garbage nuisance suit from an ex-employee.

More posts from Nicholas Weaver >>