Categories
Internet

ICANN: Enabling the stalker

You’ve had a weblog for a couple of years. You started out with a Blogspot weblog, but have since started your own domain.

You write about politics, but also about your life and interests, just like most webloggers. You’re aware of not giving away much about yourself, so you don’t talk about work or the private, intimate details of your life.

A couple of months ago, you bitched about having to get up so early because you had to be at work. Last week you talked about how early the sun is setting now and it’s almost dark when you get home. It’s full dark when your husband gets home.

Last weekend you and the hubby splurged on a new eMac. You worry about the expenditure because you also bought one of those new Panasoic TVs that project color on the wall behind the TV. You joke how you’re a sucker for all new gadgets that come out.

You’ve made halloween costumes for your kids — look, here’s photos of them. Aren’t they cute? Little Jim is eight and Barbara eleven now, they’re growing so fast. You think about taking them trick or treating, but you don’t know the neighborhood, you haven’t met any of your neighbors. How, when everyone works during the day, and have other activities on the weekend.

Oh, and you’re going to vote for Kerry.

Now, what’s so personal about any of this, and how can it enable a stalker. Shelley, you’re paranoid

Here’s what I know

From your information I know that you’re married, with two young kids. I know that both you and your husband work and are gone during the day. I know about what time you leave for work, and about what time you get home. I also know your husband is home later, which leaves you and the kiddies alone for a time.

You’re not the only one that’s gone during the day — most of your neighbors are, also. And just think, you have a house full of wonderful, and expensive, electronics.

You don’t have a man-eating dog named Bruno protecting the place as you never talk about him.

But then, you have these two cute little kids, and my that’s a pretty little girl, isn’t she?

Still…

Of course none of this matters because no one knows where you live. Except…

Except that you have a domain name, and a whois on that domain not only provides your name, but chances are your address and phone number, too.

Let’s face it, an online existence is full of exposure no matter how careful you are. However, it’s made even more precarious when stalking is actually enabled by an organization such as ICANN.

How ICANN Enables Stalking

ICANN is the Internet Corporation for Assigned Names and Numbers, and is the organization responsible for DNS, or the Domain Name System. Anytime you access a site by a name rather than an IP address, you do so through DNS, under the auspices of ICANN.

When you register a domain, at something like Dotster, which is one of my registrars, you’re working with an ICANN accredited registrar, who then ensures your domain name is connected with two different name servers — one as primary, the other as backup. These nameservers, then, are the servers that provide the actual domain name/IP address mapping. For example, this site is using nameservers provide by the hosting company, Hosting Matters.

All of this works remarkably well, and for much of the criticism of ICANN, we have seen it manage an explosive grown in online presence and activity. However, where ICANN fails, and fails absolutely miserably, is in maintaining the privacy of domain holders.

If you go out to the ICANN FAQ, one of the items on it is a response to the question, Will my name and contact information become publicly available?:

Information about who is responsible for domain names is publicly available to allow rapid resolution of technical problems and to permit enforcement of consumer protection, trademark, and other laws. The registrar will make this information available to the public on a “Whois” site. It is however possible to register a domain in the name of a third party, as long as they agree to accept responsibility — ask your registrar for further details.

In other words, to have a domain name, you have to provide contact information. If you do, anyone can use the Whois database and look this up. Anyone. If you try to obscure your contact information, you risk losing your domain.

Why do this? In a nutshell? Intellectual Property rights.

ICANN states that the reason they do this is for resolution of technical difficulties, but is rarely used as such. It’s also used against those who abuse their ISP’s domains or perhaps spam people, but having this information doesn’t do a bit of good. If you don’t get the response you want just by emailing the person responsible for a domain, it’s very unlikely you’ll do any better if you call them, or visit them. Those who have trapped email addresses from comment spammers and contacted the ISPs have discovered this for themselves.

As for illegal activities, well we all know how secure the Internet is from government agencies. Not.

No the main reason for this is so that people can legally go after those who violate their intellectual property rights, either by using a trademarked term at their site; or using copyrighted material such as photos, text, music, and other media in their pages.

That’s it–the reason most of us are exposed to stalkers of one form or another is so that Disney can protect it’s damn Mouse.

Recently a Whois task force was created to address domain names, Intellectual Property issue, and privacy. In July of this year, Robin Gross of IP Justice sent a letter to ICANN saying that ICANN threatens civil rights. In the letter, Gross wrote:

ICANN’s Whois database of personal information (including name, telephone number, home address, and email address) on millions of individuals who register domain names raises a number of significant civil liberties implications. Over-zealous intellectual property holders use the data to threaten and harass people who often have a lawful right to engage in the online activity but lack the resources to defend themselves. Law enforcement agents access the information in the course of investigations, skirting constitutional protections such as due process of law. Although originally collected for “technical purposes”, the Whois database of personal information has become a virtual honey-pot for abuse, irresistible to those seeking identifying information for any reason.

ICANN’s current policies regarding the Whois database of personal information threaten a number of fundamental freedoms, such as freedom of expression, the right to anonymity, freedom of association, and individual privacy rights. Although setting Internet governance policy, ICANN, a private corporation, makes rules that governments would not be legally permitted to make. Many national constitutions and international treaties guarantee freedom of expression and privacy rights to the public that ICANN’s Whois database policies routinely violate. Since ICANN is a private corporation, and not a government, it is immune from the procedural due process guarantees and other civil liberties protections enshrined in most national constitutions and international treaties.

ICANN forces Registrars to violate privacy laws by publishing registrants’ personal information without their consent. And it undermines fundamental freedom of expression and association guarantees by prohibiting anonymous website publishing. To have any legitimacy, ICANN’s policies for management of the Whois database should, at a minimum, measure up to the standards agreed to in international treaties and national courts dealing with freedom of expression and ensuring consumer privacy protections.

You can follow more on Whois Privacy at this ICANN page. If you look at the summary report from the task force’s effort, you’ll see a lot of analogies with cars and bikes and how ICANN needs to change, but change is best in small steps.Which goes to show that the task force has, to all intents and purposes, not listened to the people who sent letters such as Mr. Gross from IP Justice.

As it stands now, the full Whois privacy statement given to registrars to use can be seen at the ICANN site and includes requirements such as having to provide a postal address, complete phone number information, all of which has to be updated yearly (I’m currently overdue for all my domains — I’m thinking of setting the mailing address to Disney’s home headquarters.)

When you do, unless you specifically tell them how to remove you from the lists, you’ll get letters from people trying to intimidate you into registering all variations of your domain (such as yourdomain.us, yourdomain.org, and so on) or you’ll lose your site ‘identity — not to mention the ocmpanies trying to steal you away from your current registrar.

Even Google, which provides phone number and addresses for people if you search on a name and a city, has an easy to use Phonebook removal page to remove yourself from Google’s Phonebook. ICANN needs something as easy.

(Note to many of you I know — you’re still in the Google Phonebook. In fact, to demonstrate the dangers of this, I came close today to calling several of you, to breath heavily into the phone; except for some odd reason, I was pretty sure many of you would enjoy this, and that’s too kink for me. Regardless, may I suggest you search on the head of household name and city or state and if you see yourself, remove yourself?)

What can you do

Some of us can do more to kick ICANN in the butt about privacy more than others. And hopefully will, and quickly. For the rest of us, you have a couple of options.

First, you can register with a Registrar that’s willing to provide you with a contact for your domain. What this means then is that this contact information will show up in the record during a Whois lookup, not yours. It’s legal, because if they get contacted about your account, because bad you has copied someone’s Mouse picture, they’ll pass that contact on to you, without revealing your name or other information. This is the securest, safest approach to take.

(I’ve started a page at the Wiki to collect URLs for registrars who provide this type of service. If you know of any, and don’t see them on the list, please add them.)

Failing that, you could consider getting a post office box and using this for your address, but this exposes your name and phone number. Of course, many of us put our names with our sites — but not all.

Summary

What never fails to amaze me is how the US is leaning towards re-electing the current President largely because of his handling of security against terrorists. We’ve spent billions on this — enough to have provided adequate health care coverage for every person living here. We’ve given up our freedoms, and antagonized other countries. We’ve even invaded another country.

Yet we’ll get weblogs and post photos of our kids on Flickr, start weblogs for our kids, get domain names with our address and contact information, and tell everyone every last bit of our day to day itineary.

Not only that, but we post photos of our home — inside and out– and also provide loving detail of all the nice new gadgets we’ve bought, not to mention our software and music libraries.

We tell everyone where we’re going to be, and when; especially when we’re going to be out of town, and our homes empty. And we think nothing of announcing a general meetup with anyone in an area who wants to come.

I think our priorities are a little off.

Some more safety tips:

  • In addition to using a registrar who will hide your contact information, you should get with your family and establish a security politicy for online activities. This includes monitoring who your kids chat with, as well as talking about what will and will not be featured on weblogs.
  • I love to see pictures of people’s kids online, but this is not a good idea, unless you are weblogging anonymously.
  • Tell people about your trips — after you’ve returned. No need to talk about it before hand. If you want to meet up with people in your destination city, choose from among the people you know already and contact them directly.
  • Don’t give out daily routine information, about the road you travel, and the hours you work. And don’t blare out for all to hear about your home being empty, or your kid all alone.
  • Do not every mention your kids school, or show pictures of your home or other importatant locations in such a way that the addresses can be derived.
  • If you have grandkids, sure post photos of them. And talk about their recent visit — but don’t tell people ahead of time on your weblog that your grandkids are coming to visit this coming weekend.
  • If you’re a pretty young woman (or boy) and you want to post your address and phone number and semi-naked photos of yourself everywhere, please don’t come crying to us when you get stalked — use some common sense.

Use some common sense. That’s the key. We don’t have to be paranoid as much as we should be aware.

I’m one to talk, as my domains are currently wide open. However, now that I have the bucks, I’m in the process of moving my domains to a registrar who will protect my information. Until then, my address is there for all to see. That’s great: send me birthday cards in a couple of weeks, or roses now. Better yet, make that orchids–I love exotic flowers.

After all, I can trust all of you. Right?

Categories
Technology

Submission dues (or is that dux or ducks?)

Recovered from the Wayback Machine.

I threw caution to the wind and submitted my carefully crafted session proposal to O’Reilly for ETech. I thought about posting it here, but is that bad luck, or poor taste?

Regardless, I will tease you and tell you that is is very complementary to what Sir Tim really wants but doesn’t know it yet. He looks for a revolution and Great Things and a crescendo of meaning; the rest of us just want to find things.

Silly things.

Categories
Technology

The tech that ticks

I am currently working with a small company to create an online store. When finished, I’ll point you in its direction–one of those very rare times when I’ve worked on a site that actually has a public interface I can point people to. Go, me. Go, company.

One decision we made right from the start: you don’t code from scratch when working with a common functionality such as a shopping cart/store front–you use existing code. Among all the many available packages we reviewed, we decided on using an open source PHP/MySQL solution, OsCommerce. One big difference, though, on using it straight out of the box is that I’m cleaning up the publicly accessed pages so they either use the Smarty Template engine, or simple and easy to use function calls that pull in the appropriate data. OsCommerce currently embedd barely wrapped functional calls to the database directly in the public pages, making them, frankly, a real mess for anyone but the most proficient PHP developer.

Once I create the non-business specific wrapper, regardless of what approach I use, this layer will go into the public domain, as a contribution to the open source community. Should be a satisfying effort.

There are other tools built on OsCommerce we could use; in fact, several. But they’re either commercial products with too restrictive licenses, or just about as messy in the public pages as OsCommerce (by ‘messy’ I don’t mean bad; I mean that there isn’t enough separation of the presentation from the process and the process from the data).

In other work, I also have the Rodent Regatta port from WP to MT and from HTML tables to CSS almost done, except for that damn problem with the vertical sizing of a contained element that is floated. I know about using clear:both in an element as the last element in the container, but I’m doing something wrong, it’s not working correctly.

Anyone spot what I’m doing wrong, or what I need to add?

Finally, I’m working with a couple of other people on a different site called the IT Kitchen (no relation to Doc Searls IT Garage–unless he wants to hook up, and he and the garage would be welcome). This site is going to host a two week interactive clinic focused specifically at non-techs, explaining as much about all of this as possible. Not everyone who programs is a professional; and not every non-geek weblogger wants to have others handle their CSS and basic site maintenance.

It’s going to be using a combination of technologies to ensure an interactive element, as well as provide a little something different. Everything will be Creative Commons or GPL licensed, and the static portion of the clinic will get wrapped into zipped files for copying when finished; the wiki and other interactive elements will, hopefully, continue to thrive on. Sort of a Wikipedia for webloggers.

(More on IT Kitchen later this weekend. )

I’m looking for volunteers, geek and non-geek, to help with this. Something like this is only going to work if its community driven. And If I don’t get enough volunteers, I’m going to continue quoting existential philosophers. Many more existential philosophers.

Speaking of existential, I’m finishing up my proposal for O’Reilly’s Emerging Tech Conference. I’m rather fond of it, but the success of the proposal is going to depend on who is judging the entries, and what their current focus is.

Categories
Technology Weblogging

Some Gratuitous Weblog Software Writing

I’m starting to get a pretty good handle on what WordPress 1.3 will be offering, both from the code and forum discussions. I also found a link in the support forum for a WordPress 1.3 release wiki, which details the individual changes.

(From the wiki software used, I wonder if the WordPress documentation wiki is being moved to MediaWiki – the same wiki software used for Wikipedia. We can only hope.)

I’ve discovered some of these changes with the work I did for Doug, am doing for Steve right this moment (you can see the actual transform taking place here, as I migrate the HTML table layout to pure CSS), Tim (if he doesn’t lose his heart to Tinderbox), and might be doing for Loren (if he has a mind for this direction, now that he knows I’m not disappearing at the end of the month).

One big change, and one I adore, is pagination. With this, search results and archives are now paginated to list twenty or so entries at a time, with navigation automatially handled to go back and forth in the list. If you’ve ever searched my site on say, ‘flower’, my but you’ll kill both your and my bandwidth. Pagination will eliminate this problem.

The developers are also providing a Dashboard, I think for an overall linking mechanism to the site and the features, but it’s still under development–right now there’s nothing in the page. and you’re redirected to new posts. They’ve also packaging themes into their own subdirectory, and you can install and switch between themes just by coping the files into the directory and clicking a button in the administration pages. This will be good if you like to play around with your site a lot.

Architecturally, for the tweakers, the individual global values that you used to access in code previously have been added to a general object, but the old global values are maintained for backwards compatibility, at least for one release. The organization of the pages has changed, with a new header and footer page, which should help make the pages a little cleaner to work with. Recently when I talked about keeping your weblog tool independent, I mentioned about a split between the content of the page before the posts, the post listings, and the content after the posts. This is mirrored in the WP page split between wp-header.php, index.php, and wp-footer.php. I like it.

There’s also been function changes, and I’m still exploring what these are. From what I read, existing functions will be supported in a deprecated state for at least one software release. Good for those who have tweaked their pages.

Multiple blog support isn’t there, but an interesting announcement was made last week for what sounds like might be a parallel branch of development called WordPress MU. This isn’t a ‘fork’ in the code (i.e. a new and separate development based on original code) as much as it is a ‘wrapper’ around WordPress, from what I’ve read. The announcement about it says that it provides both Smarty template support and multi-user/multi-weblog support–in hosted environments.

The multi-user/multi-weblog capability should make WordPress more attractive for those who need a classroom solution to weblog hosting – a tool that can be used to create many weblogs for many different people, but administered from one spot.

As for the use of the Smarty template system, I am curious if this can be dropped into a regular installation of WordPress, for those who would prefer Smarty over the embedded function calls. If so, this would make a nice option to those who are uncomfortable messing with PHP code directly. Where before a person did the following:

<?php the_date(‘’,'<h2>’,'</h2>’); ?>

They would, instead, use a Smarty template tag such as the following that would resolve to the function call:

<h2>{$smarty.now|date_format:”%Y-%m-%d”}</h2>

 

The sidebar is also split off into a separate file. This does concern me a bit from a design perspective as this tends to enforce a specific type of weblog look, the two column look.

As an aside from a discussion of WordPress 1.3, when Movable Type announced it was providing a dynamic PHP-based wrapper around Movable Type, I thought that the company would take core bits WordPress and modify these to point to their own database so that WordPress plugins and templates would work with the Movable Type database. With this, though users would have lost the Perl plugins for MT, they would have gained the PHP-based WordPress plugins. At least, those plugins that deal with parameterized data, only.

This wouldn’t be all that complicated either. Smarty could have been used to transform tags for the traditional MT users; while others could have used the WordPress embedded function calls (and themes) if they wished. Licensing wouldn’t have to be an issue because MT could continue to license the MT ‘engine’ with associate Perl code, and GPL’d the code for the PHP wrapper. They would gain friends from the open source community, while the supported, proprietary, corporate Perl code would still be there for corporate types who get nervous around the word ‘open’.

And wouldn’t this have been an interesting way to mix proprietary and GPL code?

Categories
Browsers

More on Firefox

Another new, or I should say heavily modified, feature I accidentally discovered with the RC 1.0 version of Firefox (I don’t think it was in the .9x releases) is the “Find in this Page” text search capability. Previously, the search function was a window that would open, you’d type in the phrase, and it would scroll to item.

Now when you click the link for “Find in this Page”, a bar opens at the bottom of the browser. As you type in the word you want to find, Firefox immediately scrolls to the first word that matches the letters as they are being typed. And it works very, very fast, too.

You can also highlight the words if you want to see all occurrances in the page. And leave the Find bar up for use in all your pages, if you’re doing some heavy researching on a term.

Firefox beats out any other browser I’ve used, on either my Mac or my Windows laptops. Unfortunately, I still have to use IE for printing on my Windows 2000 laptop because Firefox does not work well with my printer. In fact, I have to re-boot the machine to kill the runaway process triggered by Firefox if I forget and do a print. But the HP drivers I have for this printer are badly behaved anyway (I must see if there are updates that fix the problem) so I’m not blaming the browser.