[ NNSquad ] Re: The Once and Future King: Multicast looks to (finally) be the future of television.

[Lauren Weinstein]

Interestingly (and perhaps not surprisingly) even seemingly
straightforward technical issues such as SDV and related mechanisms
trigger what amount to network neutrality (and "vendor neutrality")
concerns -- and DRM controversies as well.

See:

Important Warning Regarding New HD TiVo and Cable System Incompatibilities
http://lauren.vortex.com/archive/000273.html

Cable Industry Responds Regarding HD TiVo Incompatibilities
http://lauren.vortex.com/archive/000275.html

The Coax Straightjacket: Stopping Cable Copy-Protection Abuse
http://lauren.vortex.com/archive/000310.html


--Lauren--
NNSquad Moderator

 - - -

> [EMAIL PROTECTED] wrote:
> > this article from cringley may explain some isps behavior:
> > 
> > http://www.pbs.org/cringely/pulpit/2007/pulpit_20071221_003697.html
> 
> ...
> 
> > Both Comcast and Verizon are rapidly rolling out IP multicast, as I am
> > sure most big cable and telephone ISPs are. 
> 
> Switched digital video (SDV) appears to be a simpler way to solve the 
> cable spectrum crunch because it requires fewer changes to the cable 
> boxes. But really, it doesn't matter how digital cable works under the 
> hood - either IPTV w/ multicast or SDV will free up spectrum that 
> cablecos can use for Internet access. (Uh oh, did I just accidentally 
> mention the Isenberg Proposal?)
> 
> http://www.lightreading.com/document.asp?doc_id=122733&;
> http://www.lightreading.com/document.asp?site=cdn&doc_id=135458
> http://www.lightreading.com/blog.asp?blog_sectionid=419&doc_id=139512
> 
> Also, it's worth noting that ISPs run mutiple disjoint IP networks. For 
> example, AFAIK U-Verse has two different IP networks carried over two 
> ATM VCs: the Internet and the IPTV net. The IPTV net uses multicast, but 
> who cares since it's a closed network. Will ISPs enable multicast on the 
> *Internet*? And will customers be allowed to *create* groups or just 
> join existing ones? These are the interesting questions.
> 
> But my favorite part (and the only part really relevant to this list) is:
> 
> > Multicast also solves (from the cable company's perspective) the "problem" 
> > of P2P because they'll give multicast addresses to paid content and content 
> > from
>  movie studios and traditional TV networks that PAY for this privilege, 
> saying that this is a preferred alternative to P2P, which will continue to be 
> traffic
>  shaped.
> 
> Yeah, just like people stopped downloading music and movies for free 
> when the iTunes store came out.
> 
> For a more technical look at multicast in cable networks, check out this 
> article from 2005: 
> http://www.cisco.com/en/US/tech/tk828/technologies_case_study0900aecd802e2ce2.shtml
> 
> To find out whether you can talk to the MBone: 
> http://www.multicasttech.com/mt/index2002.php3
> 
> Wes Felter - [EMAIL PROTECTED]

[ NNSquad ] Warning regarding SPF records and this mailing list

[Lauren Weinstein]

Greetings and Happy New Year.  I think that this is an appropriate
time to warn everyone (since I've seen some rejects) that if you're
going to send messages via this or related mailing lists, and your
site uses SPF domain records, it's important to make sure that those
records properly reflect such use -- or else there will be bounces
that I will not attempt to manually intercept.  After several such
bounces, the mailing list system will likely automatically remove
you from the list (and you may not necessarily receive an explicit
warning to that effect).

Frankly, I consider SPF to be highly problematic.  Its problems
related to mail relays and mailing lists are obvious, and its
usefulness in general seems extremely questionable.  But if you're
going to use it, please make sure that your records reflect the
possibility of your mail relaying through any *.vortex.com gateway
domain.

Thanks.

--Lauren--
NNSquad Moderator

[ NNSquad ] [ PRIVACY ] Would You Know if Your ISP Tampered With Your Web Pages?

[Lauren Weinstein]

   [ Some specific technical suggestions in response to the message below
 are already arriving -- I will forward them as appropriate to
 this list after receiving redistribution permission from their
 authors.
  -- Lauren Weinstein
 NNSquad Moderator ]



--- Forwarded Message


To: [EMAIL PROTECTED]
Date: Sun, 06 Jan 2008 17:47:29 -0800
From: [EMAIL PROTECTED]
Subject: [ PRIVACY Forum ] Would You Know if Your ISP Tampered With Your Web
Pages?


  Would You Know if Your ISP Tampered With Your Web Pages?

http://lauren.vortex.com/archive/000351.html


Greetings.  Would you even know if an ISP spied on or tampered with
your Web communications?

While encryption is the obvious and most reliable means available 
( http://lauren.vortex.com/archive/000338.html ) to avoid unwanted
surveillance or intrusions into the data streams between Web
services and their users, it's also clear that pervasive encryption
will not be achieved overnight.

In the meantime, we see ISPs apparently moving at full speed toward
various data inspection and content modification regimes, and laws
to protect Web services and their users from inappropriate or
unacceptable ISP actions are being fought tooth and nail by ISPs and
their corporate parents.

Some announced concepts, like AT&T's alarming plans to "monitor"
Internet communications to find "pirated" content, appear most akin
to wiretapping in the telephone realm (would people accept the
monitoring of all phone calls in search of any illegal activity?
Even given the current telcos/NSA controversies, I would tend to
doubt that this would be widely applauded).

Others, like Comcast's unacceptable disruption of P2P traffic,
appear to partly be extremely aggressive "traffic management" and
partly outright packet forgery in the furtherance of interfering
with communications.

And of course, we still have the ongoing Rogers saga 
( http://lauren.vortex.com/archive/000337.html ), where direct
modification of data streams to insert ISP-generated
messages or, as suggested by a related hardware vendor, advertising
( http://www.perftech.com ), is the order of the day.

Encryption is the only sure approach to deal with the potential for
ISP (or other) surveillance on Internet connections, and even
encryption will permit a significant degree of traffic analysis in
the absence of anonymized proxy architectures.

But in the case of ISP tampering with data streams, is there
anything we can do for now -- short of the goal of full-page
encryption -- to inform users that their Web communications are
being adulterated?  Can a Web service be sure that their users are
able to see the actual Web pages that are being transmitted --
unmodified by ISPs?  Can this be accomplished with the highly
desirable attribute of not requiring major server-side modifications
to the Web pages themselves?

There are a number of non-trivial issues to consider.  First, a Web
page, as we all know, is frequently composed of many disparate
elements, often hosted by a variety of completely different servers
under the control of multiple entities.  How can we define "a Web
page" in a way that takes all of these elements and data sources
into account, especially when each user may see not only differing
primary text and images, but totally different ads?

Would the amount of real-time data coordination necessary to create
and communicate such a single-user page "validation snapshot" be
practical, or useful in a relative sense given the amount of work
that would be required?

Assuming that we can create such a snapshot, a secure mechanism to
immediately transmit this validation data to the user's Web browser
would then be necessary, bringing back into the mix the probable
need for some encrypted data, albeit of a very small amount as
compared with fully encrypted Web pages. 

The last step in the validation process would be for the user's Web
browser (or a suitable plugin) to alert the viewer in the case of
suspected data tampering, along with providing necessary details
that would be useful in logging and/or reporting the incident.

I won't get into technical details here on approaches to the
nitty-gritty aspects of this concept.  I have some ideas on
implementation techniques, though I'd much rather see a rapid move
toward full encryption.

However, I would certainly be interested in your thoughts regarding
this concept of Web page validation and whether or not it might have
a useful role to play, particularly to help gather evidence that
might be useful in the ongoing network neutrality debates.  

Thanks as always.

--Lauren--
Lauren Weinstein
[EMAIL PROTECTED] or [EMAIL PROTECTED] 
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren 
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org 
Co-Founder, NNSquad 
   - Network Neutral

[ NNSquad ] Examples of suspected P2P throttling in Washington D.C. area sought

[Lauren Weinstein]

FYI only: I've received a note from a law firm in the Washington
D.C. area that is interested in hearing from local D.C. cable subs
who suspect that they've experienced "throttling" of P2P protocols.
Neither I nor NNSquad take any position regarding this query, other
than that public dissemination of more hard data regarding this issue
would be useful.  Feel free to contact them (or not) as appropriate
and as you wish: Brian Weinthal - [EMAIL PROTECTED] -
(202) 772-1930.

--Lauren--
NNSquad Moderator

[ NNSquad ] AP: FCC to investigate Comcast P2P actions

[Lauren Weinstein]

http://www.newsvine.com/_news/2008/01/08/1212798-fcc-to-probe-comcast-data-discrimination

--Lauren--
NNSquad Moderator

[ NNSquad ] Net Neutrality Paper: "AT&T vs. Google"

[Lauren Weinstein]

Andrew Odlyzko at University of Minnesota has just released an
interesting network neutrality paper partially funded by NSF:  

"Network neutrality, search neutrality, and the never-ending conflict
 between efficiency and fairness in markets":

http://www.dtc.umn.edu/~odlyzko/doc/net.neutrality.pdf

I will not attempt to review the paper here, other than to mention
that he casts network neutrality largely as a battle between AT&T
and Google, and to note that I agree with some of his analysis
and disagree with some aspects as well.

It's worthwhile reading in any case, and his citing of historical
precedents is particularly noteworthy.

--Lauren--
NNSquad Moderator

[ NNSquad ] AP: Congress to investigate FCC

[Lauren Weinstein]

http://online.wsj.com/article/SB119982972316175627.html?mod=rss_whats_news_technology

--Lauren--
NNSquad Moderator

[ NNSquad ] Re: ISP's resetting RealPlayer?

[Lauren Weinstein]

Part of the problem is that it can be difficult to differentiate (without
specific testing) between:

a) generally crappy Internet service
b) lousy or failing hardware
c) crude or buggy software
d) purposeful ISP interference, throttling, blocking, or other related
   ISP traffic manipulations

Part of what we're trying to do is find systematic ways to help determine
which of these are involved in any given case.

--Lauren--
NNSquad Moderator

 - - -

   

> Hello all,
> 
> I have a question and no proof that this is true.  I listen to NPR daily
> while working, on a computer that pretty much does nothing else.  It is on
> the same wireless network as my main computer I use for working.  I have
> Comcast broadband through a cable modem.  On some days I have no problem at
> all with the connection to NPR, which makes me believe that the reset is not
> coming from the content provider.  On other days I regularly get a
> connection reset every hour or so.  The timing on the days that I'm being
> reset seems non random, but I have no stats to back that up.  Today I have
> been reset 3 times in 5 hours, but I don't remember being reset this morning
> so probably 3 times in 3 hours.  I would estimate that this happens about
> once a week or once every two weeks.  I find it difficult to believe that
> streaming realPlayer is hitting any secret bandwidth level, but I could be
> wrong.
> 
> Does anyone else have this issue, or has anyone looked whether or not ISP's
> might be limiting content by sending resets to clients that are not P2P?
> 
> Thanks,
> Ron Teitelbaum
> 

[ NNSquad ] Re: ISP's resetting RealPlayer?

[Lauren Weinstein]

Cutting people off, or "charging by the gallon" for that matter, are
only reasonable (and would only be acceptable in the context of
power, water, or any other conventional utility) if specific rules
are known to subscribers in advance and -- *very* important -- if
proper notification is given before taking actions.  Even if people
don't pay their power, water, phone, or cable bills, they're given
notification and time to argue their case before they're cut off --
at least in this country.
 
What ISPs are frequently doing is acting as judge, jury, and
executioner at the *data* level, often based on vague and general
statements in Terms of Service agreements -- leaving subscribers to
wonder, as in the cases under discussion, how or if they violated a
rule or limit, or whether they're being affected by some totally
different technical issue unrelated to purposeful ISP actions.

The argument that explaining the detailed rules and limits in
advance would provide too much information to subscribers who might
try to take "excessive" advantage of those limits is unacceptable.
If Comcast, for example, felt that they needed to manipulate P2P
traffic for the sake of all customers, they should have made this
clear in advance, and not denied what was going on until they
got caught red-handed.  

One critical issue related to Network Neutrality isn't really a
technical matter at all.  It's the obvious need for full transparency
in ISP dealings with their subscribers.  Without that, all other
efforts are likely doomed to inefficacy.

It is in fact largely the lack of such transparency -- and
unfortunately, trust as well -- that has made this project 
necessary in the first place.

--Lauren--
NNSquad Moderator 

  - - -

>  
> >You didn't quote the whole question, or relevant information.  Ron said:
> >
> >"On some days I have no problem at all with the connection to NPR, which
> >makes me believe that the reset is not coming from the content provider.  On
> >other days I regularly get a connection reset every hour or so."
> >
> >If the audio servers were setup to drop streams that were up for a period of
> >time, the behavior would be deterministic.
> 
> Human listeners' behavior is not deterministic. Some programs are popular;
> others are not. More people listen on some days than others. 
> 
> >> The terminated sessions may also be the result of the use of a stateful
> >> firewall. When there are lots of long term connections, the tables in the
> >> firewall can fill up. It may be forced to throw out state information --
> >> especially when the transaction is being conducted via UDP (which isn't a
> >> session-oriented protocol, though RealPlayer uses it as such). When you're
> >> going through a NAT firewall there can be no guarantee that UDP port
> >> translation will be maintained over an extended period. It would be
> >> interesting to see if your connections were still terminated if you used
> >> TCP instead.
> >
> >This is total bunk, if you know anything about how stateful firewalls work.
> 
> I've written them, and it is not.
> 
> >TCP sessions are stateful because of their connection-oriented nature.  UDP
> >connections are pseudo stateful in that firewalls will keep state
> >information for a set amount of time for UDP connections.  If there is no
> >traffic between the hosts and ports for the timeout period, the firewall
> >would time out the "state" of the UDP connection.  It is very deterministic.
> 
> No, it's not. Often, the router will drop information on the oldest aliased
> port when the table fills. We see not only consumer but also enterprise 
> routers
> that do this.
> 
> >> On the other hand, many ISPs do limit the durations of sessions. People
> >> often leave streaming media on and then go home -- for the evening or even
> >> for days at a time. If large numbers of people do this (and as an ISP I
> >> can tell you from our statistics that it's quite common), it can consume
> >> excessive resources. It doesn't help that streaming audio consists of lots
> >> of small packets, maximizing network overhead and causing congestion.
> >> Having the user click again to keep listening after 5 hours is perfectly
> >> reasonable.
> >
> >This is a reasonable root cause of the problem, without passing judgment on
> >whether this is "perfectly reasonable" for an ISP.
> 
> If someone has flat rate water service and leaves the tap on 24x7, it's
> reasonable to cut him or her off or start billing by the gallon. This
> situation is analogous. 
> 
> >It would be very easy to check to see what the lease on the DHCP IP address
> >is for Ron.  And, it is VERY unlikely that he would get a week or two lease,
> >and then all of a sudden get leases that only last for an hour for a period
> >of time, only to be followed by another period of week or so long leases.  
> 
> The leases may be short, but the IP address may not change every time. I've
> seen this on many dynamic cable modem connections.
> 
> --Brett Glass
> 

[ NNSquad ] Richard Bennett on Comcast and Fairness (from IP)

[Lauren Weinstein]

--- Forwarded Message
From: David Farber <[EMAIL PROTECTED]>
To: "ip" <[EMAIL PROTECTED]>
Date: Mon, 14 Jan 2008 15:21:28 -0800
Subject: [IP] Interesting -- comment from author -- F.C.C. to Look at


 ---

From: Richard Bennett [EMAIL PROTECTED]
Sent: Monday, January 14, 2008 4:23 PM
To: David Farber
Subject: Re: [IP] Re: F.C.C. to Look at Complaints Comcast Interferes With 
Net - New York Times

As the author of the article in question, I'll gladly defend it. The
fundamental point I was trying to make is simply that there's a huge
hole in the architecture of the IETF protocol suite with respect to
fairness. I'm a layer two protocol designer (Ethernet over UTP, WiFi 11n
MSDU aggregation, and UWB DRP are in my portfolio), and in the course of
my career have devoted an embarrassing amount of time to engineering
fairness in network access. Most the younger generation takes it as
given that if you understand TCP/IP you understand networking, but in
fact most of the progress in network architectures over the last 30
years has been at layers 1 and 2. And with the TCP-centric mindset, they
tend to believe that all problems of networking can be solved by the
application of the right RFCs. But in fact we all connect to our ISP
over a layer 2 network, and each of these has its own challenges and
problems.

The carriers are often criticized for not using packet drop to resolve
fairness problems, but that's not really the scope of packet drop, which
is actually a solution to Internet congestion, not to the lack of
fairness that may (or may not) be the underlying cause of the
congestion. We need a different solution to fairness at layer 3,
especially on layer 2 networks  like DOCSIS where packet drop closes the
door after the horse has run off.

The buffet analogy needs a little refinement. What the bandwidth hog
does is block the line to the all-you-can-eat buffet so that nobody else
can get any food. That's not a behavior that would be tolerated in a
restaurant, and it shouldn't be tolerated in a residential network.
Unfortunately, it wasn't the huge problem when DOCSIS was designed, so
the 1.0 and 1.1 versions of the technology don't address it, certainly
not as well as Full-Duplex Ethernet, 802.11e WiFi, and DSL do.

Some may argue that the Internet doesn't need a fairness system as it's
mostly a local problem, and I have some sympathy for that point of view.
But in the final analysis, we all know that some of our bits are more
important than others, and the network will work better if the layer 3
and layer 2 parts can communicate that sort of information between each
other.

I don't view this as a moral problem as much as an engineering problem.
Moral philosophy is certainly a fascinating subject (as is video
coding), but it's outside the scope of the current discussion.

RB

David Farber wrote:
> 
> From: Bob Frankston [EMAIL PROTECTED]
> Sent: Saturday, January 12, 2008 1:01 AM
> To: David Farber; 'ip'
> Subject: RE: [IP] Re: F.C.C. to Look at Complaints Comcast Interferes 
> With Net - New York Times
>
> Moral court again ...
>
> Does this mean I can't share files with my neighbor because of the cost of 
> peering with a remote provider? Will someone judge that backing up over the 
> net is not an appropriate use of the network? Am I not allowed to backup to 
> peers?
>

- ---
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


--- End of Forwarded Message

[ NNSquad ] FCC Seeks Comments Regarding Comcast P2P Practices, Etc.

[Lauren Weinstein]

Greetings.  The FCC's Wireline Competition Bureau today issued two
calls for comments related to "Network Management Practices By
Broadband Network Operators" -- Translation: Fallout from the
recent Comcast P2P interference debacle.

I urge all interested parties to take advantage of this opportunity
to get their thoughts and suggestions on this matter into the record.

Deadlines:

Comments Due: February 13, 2008
Reply Comments Due: February 28, 2008

Please see the FCC files (pdf):

( http://hraunfoss.fcc.gov/edocs_public/attachmatch/DA-08-92A1.pdf )
Comment Sought On Petition For Rulemaking To Establish Rules
Governing Network Management Practices By Broadband Network
Operators

and:

( http://hraunfoss.fcc.gov/edocs_public/attachmatch/DA-08-91A1.pdf )
Comment Sought On Petition For Declaratory Ruling Regarding Internet
Management Policies

--Lauren--
NNSquad Moderator

[ NNSquad ] NASA and BitTorrent

[Lauren Weinstein]

Here's some amusing reading for those in the audience who believe
that P2P in general, and BitTorrent in particular, are only used for
illicit purposes by music and film pirates:

http://visibleearth.nasa.gov/faq.php?e=4

--Lauren--
NNSquad Moderator

[ NNSquad ] Re: Richard Bennett on Comcast and Fairness (from IP)

[Lauren Weinstein]

Yeah, yeah, I know, "The ability to encrypt data is insignificant
next to the power of ISP Force ... " 

Well Darth, uh, I mean Nick, it's not a matter a faith, it's 
a matter of cause and effect and war without end.  

Sure, ISPs and their cohorts could choose to deploy ever more
invasive technologies -- keyloggers perhaps, hmm? -- and users will
counter with equally aggressive countermeasures -- an Internet arms
race par excellence that would gladden the heart of Dr. Strangelove:
"We must not have, an encryption gap!"

What a waste of time, effort, and resources.  You don't need to have
taken a single economics course to realize that any product or service
marketing relationship where the seller and buyer increasingly 
consider each other to be The Enemy with a capital "E" is most
seriously disfunctional.

As far as encryption goes, all I'm essentially saying is that if
ISPs keep pushing the envelope in their eagerness to inspect the
content of user data, and/or manipulate/alter that data in various
manners that many view as intrusive and inappropriate, this *will*
rapidly speed the adoption of crypto, and accelerate all of the
varied consequences that will result.

Let's start wrapping this thread up fairly soon before we 
wear out the patience of the collective mind out there.

--Lauren--
NNSquad Moderator

 - - -

> Lauren, I find your faith in this technological terror, err,
> cryptography disturbing.
> 
> EG, the strength of piracy on the Internet is the ease of getting the
> pirated material, and the ease of distribution.  Thus rather than
> playing Whak-A-Mole on Torrent servers (which are largely offshore),
> with ISP cooperation it becomes possible to play Whak-A-Mole on the
> users...
> 
> So the MP/RI-AA surfs the Torrent sites, and connects to the torrents
> with a manipulated client, verifies that a particular torrent is a
> copyright violation, maps the users of the torrent, and then sends an
> automated list of the nodes to the ISP saying "This graph is bad, any
> edge between two nodes in this graph should be killed", and you simply
> RST-flood any edge in the graph which crosses your network.
> 
> If this means dropping your bandwidth bill by 30-50% by kicking
> deliberately-noncacheable
> bittorrent traffic of your network, while making it easier to
> negotiate a deal for your video on demand service at the same time,
> and reduceing the likelyhood that Hollyweird will get even MORE
> draconian legislation pushed through, you do it.
> 
> 
> This won't stop closed-world pirates, but those are far less annoying
> to the ISPs simply because there are so many fewer of them, and less
> important to the MP/RI-AA because they are less likely to be users you
> can convert to paying customers if you make the illegal content
> sources unusable.

[ NNSquad ] NYT: Differing views on Time Warner's Bandwidth Cap Experiment

[Lauren Weinstein]

http://bits.blogs.nytimes.com/2008/01/17/time-warner-download-too-much-and-you-might-pay-30-a-movie/?ref=technology

--Lauren--
NNSquad Moderator

[ NNSquad ] Re: [IP] My [ Dave Farber ] position on Comcastidiocy

[Lauren Weinstein]

Dave, notice the repeating pattern of how ISPs seem to be doing
business these days:

1) Without prior public notice, major technical changes are deployed
   that have significant and in some cases critical effects on their
   subscribers' ongoing applications, including crucial services like
   e-mail.

2) As users try to understand and workaround these sudden problems,
   rumors (often true, sometimes not) spread like wildfire around Net
   regarding the situation.  Often when customers ask ISPs what's
   going on they're met with blanket denials of any changes and/or
   utterly misinformed customer service agents.

3) *After the fact* (that is, when the effect is obvious to all 
   and can no longer be ignored or denied) the ISP makes a public
   statement about what it has done.

If any other utility -- basic telephone service, power, water, you
name it, operated on this basis nationally, there would be calls for
Congressional investigations, not just an occasional grudging FCC
look-see.

ISPs are still operating as if this was still the experimental Net of
many years ago.  Hell, DOD wouldn't have accepted this level of
behavior even in the early days of ARPANET.  The Internet is now a
key information and communication utility that people depend on,
not simply a sideline toy to be snooped on and manipulated at will.

It's time that ISPs who won't behave like good citizens on their own
have their feet held to the fire, either by the marketplace or, if
that won't work, by other means.

These concerns are key aspects of what Network Neutrality is all
about.

--Lauren--
Lauren Weinstein
[EMAIL PROTECTED] or [EMAIL PROTECTED] 
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren 
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org 
Co-Founder, NNSquad 
   - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com 
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com 

 - - -

Dave Farber wrote:
> The debate over port 25 is interesting. BUT the idea that without
> notice they disabled by outbound email (which is NOT high volumn --
> POBOX.com handles list distribution) is IRRESPONSIBLE in the
> extreme. Also consider those who dont have access to CMU and IP
> whose mail agents set up port 25 by default. Suddenly their machine
> stops sending email and their personal and/or business suffers. I
> wonder if Comcast will refuse to let me place calls on their digital
> voice if I call too much or they just feel in the mood.
>  
> This is BULL -- you know what.
> 
> Dave
> 
> ---
> Archives: http://v2.listbox.com/member/archive/247/=now
> RSS Feed: http://v2.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com
> 

[ NNSquad ] Comcast port 25 blocking (from Dave Farber via IP)

[Lauren Weinstein]

--- Forwarded Message

From: David Farber <[EMAIL PROTECTED]>
To: "ip" <[EMAIL PROTECTED]>
Date: Fri, 18 Jan 2008 11:10:36 -0800
Subject: [IP] My position on Comcastidiocy

The debate over port 25 is interesting. BUT the idea that without
notice they disabled by outbound email (which is NOT high volumn --
POBOX.com handles list distribution) is IRRESPONSIBLE in the
extreme. Also consider those who dont have access to CMU and IP
whose mail agents set up port 25 by default. Suddenly their machine
stops sending email and their personal and/or business suffers. I
wonder if Comcast will refuse to let me place calls on their digital
voice if I call too much or they just feel in the mood.

This is BULL -- you know what.

Dave

---
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


--- End of Forwarded Message

[ NNSquad ] "TW Bandwidth Cap Experiment" thread is closing ...

[Lauren Weinstein]

OK gang, I think this thread has pretty much run its course today,
so I'll be winding it down now.  Please refrain from additional postings
on this topic unless you have significantly new and fascinating information
or insights to share. 

Have a good weekend.  Thanks.

--Lauren--
NNSquad Moderator

[ NNSquad ] Re: NYT: Differing views on Time Warner'sBandwidth Cap Experiment

[Lauren Weinstein]

A significant problem is that since by and large the network
topologies involved are not publicly known and not regulated in
detail, all such analysis at that level is essentially a guess.

We don't really know how much of any bandwidth contraints are due to
local capacity issues, upstream links between the cable system
"intranet" and the public Internet, or other parameters.

We do know that the broadband provider in this kind of case holds
all of the cards, and on modern cable systems, for every chunk of
frequency bandwidth allocated to their own media servers, or to HD
video channels, or to switched video channels, or whatever along
those lines, there's in theory and often in practice corresponding
less available for the Internet per se.

And even within the Internet frequency allocations, the cable company
has significant control over performance parameters and
subscriber/throughput tradeoffs that directly impact the customer
experience and the usefulness of outside Internet services to those
subscribers (see: "Characterizing Residential Broadband Networks" -
http://www.imconf.net/imc-2007/papers/imc137.pdf ).

Since we don't *really* know what's going on in these regards, it's
impossible to reliably determine if these broadband ISPs are
behaving in a fair manner or not at any given time.  The fact that
they tend to declare so much of this information to be proprietary
helps to ensure the outside world's ignorance and prolong the
guessing game.

Of course, trying to gather metrics to help lift this information fog 
is part of NNSquad's main purpose.

--Lauren--
NNSquad Moderator

  - - -

> Actually, this is NOT quite the same, if/when such a system is
> deployed, there will probably be a singificantly lower transport cost
> for the cable co's offering.  And I'm willing to bet this is the sort
> of argument you'll see:
> 
> Here's why:
> 
> For the bits from Competitor, they are coming over the commodity
> internet link.  Often, its not the local network thats oversubscribed,
> but the upstream link.  Likewise, there is an additional cost with the
> upstream link, which can be significantly more than the cost of the
> local loop for bits actually sent.  (Local loop is cost of building
> the infrastructure, while upstream bandwidth is a continuous cost).
> 
> With the cable company's service, its coming from the local-office
> disk array, perhaps even a cache located in the distribution system
> close to the endpoint, which takes special advantage that it is
> streaming video.  Since it is video streaming, a 1 GB/hr video source
> requires serving only .27 MB/s.  Thus a small, ~$500, passively cooled
> system with a single 1 TB disk could cache 1000 hours and serve 100+
> simultaneous customers.  Play multicast games and the caching could be
> nice and efficient.
> 
> So, actually, the transport cost for the cable company for its own
> service IS likely to be less than transferring bits for the
> competitor.  So why shouldn't billing reflect this?
> 
> The interesting question is "Will they bill for bits from the Akamai
> CDN box?"  Since those bits aren't coming over the commodity Internet
> either.
> 
> 
> Also, at $.10-$.18/GB overage charging (what Amazon charges for their
> service, which would probably be a good guideline for network costs
> with a nice profit to the ISP ), we aren't talking a very big penalty,
> perhaps a dime or two, for transferring from the third party video
> source.  So the "competitive advantage on pricing" on these $5
> pay-per-view/"rental" movies is 5%.
> 
> 
> On Jan 18, 2008 2:22 PM, Lauren Weinstein <[EMAIL PROTECTED]> wrote:
> >
> > Now we get squarely into core Network Neutrality issues.  For
> > example, when you order a PPV movie from your cable company, it's
> > just bytes being pumped down the line on the same physical cable as
> > your cable Internet connection.  However, you can be sure that the
> > bytes used to send you that film from your cable company servers
> > won't be counted against your monthly allocation of Internet data.
> >
> > So, if you had a choice of paying N dollars to your cable company to
> > get a movie without affecting your Internet usage totals, or
> > alternatively paying the same amount to a cable company competitor
> > for the film, but using up a significant fraction of your monthly
> > Internet allocation in the process, which would most people
> > presumably choose?
> >

[ NNSquad ] Re: NYT: Differing views on Time Warner'sBandwidth Cap Experiment

[Lauren Weinstein]

Now we get squarely into core Network Neutrality issues.  For
example, when you order a PPV movie from your cable company, it's
just bytes being pumped down the line on the same physical cable as
your cable Internet connection.  However, you can be sure that the
bytes used to send you that film from your cable company servers
won't be counted against your monthly allocation of Internet data.

So, if you had a choice of paying N dollars to your cable company to
get a movie without affecting your Internet usage totals, or
alternatively paying the same amount to a cable company competitor
for the film, but using up a significant fraction of your monthly
Internet allocation in the process, which would most people
presumably choose?

--Lauren--
NNSquad Moderator


 ---


> If qualifying traffic by throttling certain types of traffic is 
> unacceptable  - then shouldn't a strategy that quantifies cumulative 
> traffic be unacceptable too? I mean, ISP's already charge differently 
> for access speeds (tiers of down/upload speed), how can another layer of 
> costs be put on top of that without creating mass confusion, not to 
> mention anger on the part of the end user/consumer?
> 
> Content providers already pay for bandwidth charges to web hosting firms 
> who pay handsomely for their own connectivity. Why should end users also 
> be charged simply for downloading an excess of the same content that the 
> content provider has already paid to deliver. This would be like the 
> post office charging receivers of mail a fee if the quantity of mail 
> exceeded a certain arbitrary level (I know - not the best analogy). 
> 
> Also - will Time Warner charge people who exceed the cap when they are 
> downloading content exclusively from Time Warner sites? Or will TW 
> privilege their own offerings - thus discouraging users from seeking 
> content from outside providers (for whom TW receives no advertising 
> revenue).
> 
> It all raises more questions than answers . . . none of them good.
> 
> Michael
> 
> 
> 
> Fred Reimer wrote:
> >> This need not be a case of wealth
> >> transfers only - there can be value creation as well. In one simple
> >> world with a zero-sum-game, for every penny charged for over-usage, the
> >> average bill for others should go down commensurately.
> >>
> >> A first Q to me is to what extent is or isn't this a zero-sum game?
> >> 
> >
> > In the US companies have a fiduciary responsibility to make as much money as
> > they can for their stockholders.  If you think Time Warner, or any ISP, will
> > reduce the price for Internet access for the "average Joe" who uses minimal
> > bandwidth to something that is comparable to India (even with exchange rates
> > and cost of living calculations included) you are mistaken.  The ONLY reason
> > why Time Warner is doing this is because it is a chance for them to make
> > more money.
> >
> > You can have your opinion of what SHOULD and should not happen, but
> > realistically this is not how business in the US works.  Especially not in
> > the telephone / cable / DSL markets.  I have no special knowledge of this,
> > it is common knowledge.
> >
> > Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
> > Senior Network Engineer
> > Coleman Technologies, Inc.
> > 954-298-1697
> >   
> >
> >   
> >> -Original Message-
> >> From: [EMAIL PROTECTED] [mailto:nnsquad-
> >> [EMAIL PROTECTED] On Behalf Of Rahul Tongia
> >> Sent: Friday, January 18, 2008 12:59 PM
> >> To: Barry Gold
> >> Cc: Lauren Weinstein; nnsquad@nnsquad.org
> >> Subject: [ NNSquad ] Re: NYT: Differing views on Time Warner'sBandwidth
> >> Cap Experiment
> >>
> >> As someone who's spent lots of time internationally, there are many
> >> tiered pricing plans for DSL. All you can use are often MUCH more
> >> expensive. BUT, the entry plans are dramatically cheaper, e.g.,
> >> $2-6/month in India.
> >>
> >> So, if only a few percent of people are using up "too much" bandwidth
> >> perhaps a solution would involve congestion pricing and/or graceful
> >> degradation only for those who go above reasonable fair use caps.  Is
> >> there too much complexity in this? If I want to download something huge,
> >> there should be ways for the system/network to signal "off-peak"
> >> pricing. I think we need some new protocols/tweaks/out-of-channel
> >> signalling for that.  Given these are all happening on the last mile, it
> >> shouldn't be hard to program that in (in a layered,

[ NNSquad ] AP: EU Group: IP Addresses are "personal information"

[Lauren Weinstein]

http://kstp.com/article/stories/S321059.shtml?cat=159

[ NNSquad ] A quick comment on EU's "IP addresses are personal info"

[Lauren Weinstein]

Greetings.  Just a short note regarding:

http://kstp.com/article/stories/S321059.shtml?cat=159

The issue of logged IP address retention by search services and other
entities (uh, like anyone running a Web site, in most cases!) is a
complicated one that I won't address here and now.

However, the story referenced above seems to suggest the possibility
at least that the EU might wish to somehow prohibit WHOIS lookups of
IP addresses used to determine the responsible organizations.  

Such a prohibition would have extremely negative ramifications for
spam and virus fighting, necessary Internet operations and
troubleshooting, and a range of related areas.  

As much as I'm of course pro-privacy regarding many Internet issues,
absolute (e.g. lookup) IP address privacy does not appear to be
compatible with a reliable or practical Internet environment.

--Lauren--
Lauren Weinstein
[EMAIL PROTECTED] or [EMAIL PROTECTED] 
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren 
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org 
Co-Founder, NNSquad 
   - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com 
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com 

[ NNSquad ] AT&T, P2P, and Filtering (from Slyck)

[Lauren Weinstein]

Greetings.  Definitely do read the article referenced below.
Particularly interesting is how AT&T attempts to simultaneously
claim the moral high ground when it comes to filtering (even
invoking child porn examples, as predicted) while simultaneously
making it clear that economic issues are their core concern (related:
http://lauren.vortex.com/archive/000356.html ).

AT&T also attempts to *praise* P2P technology at the same time that
they condemn many of its users. 

Particularly amusing is how they'd like to legally finesse such
monitoring and filtering, apparently by acting as a "notification"
agent when they detect "illicit" materials -- but then not taking any
direct action themselves.  In this way, they obviously would hope to
avoid taking on legal responsibilities that could decimate their
DMCA exemptions.

Anyway, it's a good article:

http://www.slyck.com/story1640_ATT_P2P_Filtering_and_the_Consumer

--Lauren--
NNSquad Moderator

[ NNSquad ] Re: AT&T, P2P, and Filtering (from Slyck)

[Lauren Weinstein]

There is an interesting parallel available from another common
utility.  It's well known that many power companies look for
statistical "oddities" in consumer power usage.  A sudden drastic
drop in month-to-month usage (taking time of year into account)
*might* suggest meter tampering (though it could also be a sudden
dropoff in major appliance usage, installation of solar panels, etc.)

Similarly, a massive unusual *increase* in power usage has often
been a trigger for police investigations of possible indoor pot
growing operations (due to all the plant lights).

Both of these cases are essentially traffic analysis examples.  But
what happens next?  In the power decrease case, the company would
typically ensure that the (usually external) meter and surrounding
connections were inspected soon.  The power company doesn't usually
show up at the door and demand to inspect the house contents.

In the power increase case -- it was becoming fashionable for power
companies to report such cases to law enforcement.  Police were
then using thermal imaging (IR) devices from outside the homes
to image inside looking for pot growing thermal signatures.  

However, some years ago, the U.S. Supreme Court (in a ruling where
the yes votes were not necessarily from whom you might expect) declared
this practice illegal surveillance if a search warrant was not
obtained first: 
http://prfamerica.org/US_supreme_court_sides_with_privacy_rts.html

In essence, the Supreme Court ruled that use of thermal imaging
to look inside a house (that is, at its *contents*) was not
permitted for law enforcement purposes without a warrant.

I believe that there may be a useful analogy here to the AT&T P2P
situation, where AT&T is discussing inspecting the *contents* of
end-to-end user data for "illicit" materials, rather than just
performing traffic analysis that would be much more typical in the
course of ordinary business.

--Lauren--
NNSquad Moderator

 - - -

Bob Frankston wrote:
> This is a good test of NN in the sense that if ATT were doing this normally
> they would be accused of vigilantism. Just because they happen to control
> the pipe of information to my house why are they any more justified in such
> actions? Is the electric power company going to take responsibility for what
> people do using the light from street lamps?
> 
>  
> 
> The DMCA point is a good one -- Kevin Bankston will likely be talking more
> about this particular issue than I will at
> http://www.netneutrality2008.org/Schedule.html but I will try to make sure
> it gets raised though there isn't much time and the panels seem to be
> staffed mostly by those with a stake planted firmly in the pat and up ...
> sorry, gotta be nice.
> 
>  
> 
> As to child porn - how many of those so concerned voted in favor of health
> care for children - my guess is that the correlation between the two is
> negative.
> 
>  
> 
>  
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Lauren Weinstein
> Sent: Wednesday, January 23, 2008 12:48
> To: nnsquad@nnsquad.org
> Cc: [EMAIL PROTECTED]
> Subject: [ NNSquad ] AT&T, P2P, and Filtering (from Slyck)
> 
>  
> 
> Greetings.  Definitely do read the article referenced below.
> 
> Particularly interesting is how AT&T attempts to simultaneously
> 
> claim the moral high ground when it comes to filtering (even
> 
> invoking child porn examples, as predicted) while simultaneously
> 
> making it clear that economic issues are their core concern (related:
> 
> http://lauren.vortex.com/archive/000356.html ).
> 
>  
> 
> AT&T also attempts to *praise* P2P technology at the same time that
> 
> they condemn many of its users. 
> 
>  
> 
> Particularly amusing is how they'd like to legally finesse such
> 
> monitoring and filtering, apparently by acting as a "notification"
> 
> agent when they detect "illicit" materials -- but then not taking any
> 
> direct action themselves.  In this way, they obviously would hope to
> 
> avoid taking on legal responsibilities that could decimate their
> 
> DMCA exemptions.
> 
>  
> 
> Anyway, it's a good article:
> 
>  
> 
> http://www.slyck.com/story1640_ATT_P2P_Filtering_and_the_Consumer
> 
>  
> 
> --Lauren--
> 
> NNSquad Moderator
> 
> 

[ NNSquad ] Comcast silently dumping e-mail containing particular URLs?

[Lauren Weinstein]

Greetings.  Word has been circulating for a few days suggesting that
Comcast is silently discarding e-mail messages containing URLs
shortened via the easyURL service (easyurl.net).  

This has apparently been confirmed from a number of points but there
has been no comment from Comcast yet.

I'd appreciate any additional available information on this issue.

For more see:

http://blog.easydns.org/archives/188-Comcast-silently-discarding-email-containing-URLs-shortened-via-easyURL.html


Thanks.

--Lauren--
NNSquad Moderator

[ NNSquad ] Re: Comcast silently dumping e-mail containing particular URLs?

[Lauren Weinstein]

A quickie update.  While reported empirical tests seemed quite clear
regarding the existence of this condition, it also now appears that
the problem, filter -- or whatever it was -- has now been
cleared/lifted, perhaps after public discussion on the NANOG list,
or perhaps just coincidentally. 

So this ceases being an active issue, though added info would of
course be welcome at any time.  Thanks.

--Lauren--
NNSquad Moderator

 - - -

> Greetings.  Word has been circulating for a few days suggesting that
> Comcast is silently discarding e-mail messages containing URLs
> shortened via the easyURL service (easyurl.net).  
> 
> This has apparently been confirmed from a number of points but there
> has been no comment from Comcast yet.
> 
> I'd appreciate any additional available information on this issue.
> 
> For more see:
> 
> http://blog.easydns.org/archives/188-Comcast-silently-discarding-email-containing-URLs-shortened-via-easyURL.html
> 
> 
> Thanks.
> 
> --Lauren--
> NNSquad Moderator
> 
> 

[ NNSquad ] Re: Speculation, how AT&T can implement "copyright filtering" without wiretapping/dpi...

[Lauren Weinstein]

Without getting into the legal aspects (including potential collateral
damage to innocents) of the discussion, I would hasten to suggest that the
approach you outline is likely only feasible on an ephemeral basis.

The only reason that "offending" torrents can be so easily identified
(especially in an automated manner) is that the operators of such
systems have not seen a need (up to now) to obfuscate this level of
information.

Even without resorting to full encryption, there are obvious, and
relatively simple, means that could be implemented to (a) make
automated identification exceedingly difficult, and (b) to raise the
risk of misidentifications to a very high level (which would have
particularly nasty ramifications when legit streams were cut off).
Details left as an exercise for the reader.

I predict that any ISP moves along the lines that you outline would
trigger an immediate P2P evolutionary burst in a manner similar to
what I describe above.  So the question becomes, would ISPs want to
take on the legal complexities of such a path, given a very limited
duration effectiveness and short-lived appreciation payoff from
their entertainment industry partners?

--Lauren--
NNSquad Moderator

 - - -

> I think you're exaggerating a bit, Kevin. My slide from Mininova shows a 
> list of torrents that all carry Microsoft Office and a key generator. 
> There is nothing ambiguous about these torrents, they're not fair use, 
> they're not mashups, and they're not Digital Culture, they're simply 
> theft. That's needed to shut down these illegal transactions is a 
> request from the copyright owner to the ISP that's carrying the traffic 
> to shut it off. Due process doesn't come into it unless somebody is 
> prosecuted.
> 
> There is a risk of unfair shut-offs, but it's very, very small and can 
> be dealt with after the fact in some reasonable way.
> 
> I agree that the system involved is non-neutral, but that doesn't mean 
> it's bad a priori. I imagine most copyright thieves would prefer to have 
> their streams blocked than go to jail or pay a fine, wouldn't you?
> 
> RB
> 
> Kevin McArthur wrote:
> > There's nothing inherently offensive in this methodology until you 
> > realize that it bypasses due process of law.
> >
> > The difference between copyright violation and fair use is not 
> > possible for a piece of software to decide. While many uses are 
> > clearly infringing, there currently exists no system that can tell the 
> > difference between legitimate fair use (like appropriation art or 
> > criticism) and true copyright infringement with any level of accuracy. 
> > Some questions arise:
> >
> > Will the software, network or content owner be liable for a false claim?
> > Will a user falsely accused of downloading be able to make a libel claim?
> > Will the artist be able to make a claim for censorship, undue 
> > preference or collusion between the network owner and big media 
> > companies?
> > If the ISP _can_ police the network, do they not then have a _duty_ to 
> > police it -- and do they not waive their special intermediary 
> > immunity, instead opting for the legal environment of broadcasters and 
> > publishers?
> >
> > These proposals bring more questions than answers, and I'm frankly 
> > surprised that these ISPs would even think about opening the pandoras 
> > box that is intermediary liability.
> >
> > Even the very basic idea that one could take a currently-downloading 
> > torrent, and unilaterally decide it is infringing, is ludicrous; 
> > you're talking about acting on allegation before proving it in a court 
> > of law. From a legal perspective, its shoot first and ask questions 
> > later.
> >
> > And thats not good enough,
> >
> > K
> >
> >
> >
> >
> > Richard Bennett wrote:
> >> I presented this technique at the NN2008 symposium yesterday. I 
> >> showed a screen-grab from Mininova showing pirated Microsoft
> >> Office, and the peer list from an Azureus leecher. It's pretty easy 
> >> to connect the dots from Microsoft's monitoring of the tracker to 
> >> action by an ISP in response to electronic requests from the 
> >> copyright owner. One technique that comes to mind for stoppng piracy 
> >> transactions is Reset Spoofing, of course.
> >>
> >> I showed the technique to clarify that enforcement of copyright 
> >> doesn't involve Deep Packet Inspection or anything that scary.
> >>
> >> Is there any reason that such an automated system should not be used, 
> >> or does Net Neutrality now connote a license to steal?
> >>
> >> RB
> >>
> >> Nick Weaver wrote:
> >>> I've done some speculation on how AT&T might actually implement their
> >>> proposed copyright-filtering mechanism, without actually having to do
> >>> deep-packet inspection or even providing new hardware. After all, if
> >>> their motive is to save money, they will select a mechanism which
> >>> doesn't cost money.
> >>>
> >>> The idea is to rely on someone else (MPAA or an affiliate) to spider
> >>> the torrent

[ NNSquad ] Re: Speculation, how AT&T can implement "copyright filtering" without wiretapping/dpi...

[Lauren Weinstein]

> As I understand it, this list was formed in reaction to Comcast being 
> caught red-handed ... engaging in responsible network management. If 
> it's meant to be a piracy rights forum, I was mislead.

As the primary instigator of this project, I can state that while
Comcast's repeatedly denying that they were manipulating P2P traffic
until they were caught "red-handed" helped to speed things along,
NNSquad is actually a direct outgrowth of my GIMAA proposal that
predates the Comcast story by a couple of weeks I believe:  
( http://lauren.vortex.com/archive/000303.html )

As for the rest of the comments quoted below, I'll just say two words here
for now:

  >> Due Process <<

--Lauren--
NNSquad Moderator

 - - -

> It's important, I think, for us to distinguish legitimate and 
> illegitimate forms of traffic control, as well as to identify the 
> innocent victims of over-zealous enforcement of copyrights and all that.
> 
> Large-scale piracy is a problem that cries out for a technical solution. 
> The problem is too blatant to ignore and we all bear the costs of it. If 
> half of residential broadband's capacity is devoted to stolen material, 
> cleaning up these networks makes more available to the rest of us at 
> lower cost. It can only help, as long as it's done right.
> 
> The EFF argued with me at NN2008 that pirates would resort to crypto and 
> all that to avoid detection, but that bird doesn't fly. In order to 
> collude with someone you don't know to pirate MS Office, you need a 
> rendezvous system of some kind, If that system is heavily cloaked to 
> avoid detection it will be ineffective. The movement of piracy toward 
> cloaked systems actually serves the aims of the content owners even 
> better than immediate blocking or post-hoc prosecution. They want this 
> sort of thing not to happen at all, naturally, but are willing to accept 
> that a certain amount is unavoidable.
> 
> The level of piracy we have today with Mininova, The Pirate's Bay and 
> their kin is so blatant we can't really expect the content owners to do 
> nothing about it.
> 
> RB
> 
> Edward Almasy wrote:
> > On Jan 28, 2008, at 4:32 AM, Richard Bennett wrote:
> >> There is a risk of unfair shut-offs, but it's very, very small and 
> >> can be dealt with after the fact in some reasonable way.
> >
> > I would suggest that the very existence of NNSquad belies this 
> > argument.  It's likely that few if any on this list are spammers, 
> > however most here have been directly affected in one fashion or 
> > another by anti-spammer measures, and I would suspect many of us are 
> > here in part because of the prospect of similar unfair measures being 
> > introduced.
> >
> > Ed
> >
> >
> >

[ NNSquad ] U2 Manager wants ISP Filters, says Silicon Valley Hippies to Blame!

[Lauren Weinstein]

"U2's manager yesterday called on artists to join him in forcing the
 "hippy" technology and internet executives he blames for the
 collapse of the music industry to help save it.

http://music.guardian.co.uk/news/story/0,,2248544,00.html

I seriously needed a laugh today.  Thanks Paul!

--Lauren--
NNSquad Moderator


   

[ NNSquad ] Verizon: "We don't want to inspect bits ... "

[Lauren Weinstein]

> 
> http://www.news.com/8301-10784_3-9861402-7.html
> 
> Apparently not all carriers are so eager to start playing with 
> intermediary liability.

Just to emphasize the point -- and to give credit where credit is 
due -- the comments by Verizon Executive Vice President Tom Tauke are
very important.  Most notably:

   -- "... we really don't want to assume the role of being police on
   the Internet."

   -- Concerns that "pirated content" filtering could morph into 
  all manner of other monitoring responsibilities (child porn?
  gambling?)

   -- A preference for the DMCA notification regime

   -- "We don't want to get into the business of inspecting the
   bits and figuring out what is and is not appropriate traffic."

--Lauren--
NNSquad Moderator

[ NNSquad ] Confusion between R. A. Clarke and R. N. Clarke in earlier message

[Lauren Weinstein]

It has been pointed out that in a recent message to this list from Bob
Frankston ( http://www.nnsquad.org/archives/nnsquad/msg00473.html), he
apparently confused meeting attendee Richard N. Clarke of AT&T, with
intelligence and security expert Richard A. Clarke.  It was Richard N.
Clarke who spoke at a recent meeting discussing network neutrality issues,
not Richard A. Clarke.

However, Richard A. Clarke is indeed involved in debates where he has staked
out rather controversial positions related to privacy, online IDs, "closed"
Internet(s), and other associated issues, as per the link in Bob's
original message.

--Lauren--
NNSquad Moderator

[ NNSquad ] Re: AT&T Filtering Plan Violates BellSouth Merger

[Lauren Weinstein]

> >3) connect their choice of legal devices that DO NOT HARM THE  
> > NETWORK;  [emphasis added]
> 
> If AT&T does go forward with their plan, it seems likely that this  
> portion of the agreement may be used to justify their actions.  

Such an argument might get some play if based solely on traffic
characteristics, but a considerable gulf will exist between any legit
"traffic shaping" concepts vs. actual blocking of user connections.
This issue is problematic enough, but will become vastly more
questionable if such decisions are based on the particular content
of data, not just on their traffic behaviors.  At that point, the
obvious retort will be that the actual concern is not protecting the
network, but rather -- for example -- protecting MPAA and RIAA
interests.  

> This makes efforts to accurately characterize network filtering more  
> important than ever;  the more people who have tools in their hands to  
> see first-hand the effects of filtering, the more likely it is that  
> Comcast, AT&T, etc will be forced to be above board about any  
> mechanisms they deploy, and the more likely there is to be meaningful  
> public discussion and debate about these issues.

I hope to very shortly announce early beta availability of the first
NNSquad software tool for such purposes.

--Lauren--
NNSquad Moderator

[ NNSquad ] More on Verizon's rejection of AT&T's attitude toward filtering

[Lauren Weinstein]

http://bits.blogs.nytimes.com/2008/02/05/verizon-rejects-hollywoods-call-to-aid-piracy-fight/index.html

[ NNSquad ] Re: More on Verizon's rejection of AT&T's attitude toward filtering

[Lauren Weinstein]

However, it should be noted again that there's a push in Europe --
and signs of a push starting here in the U.S. -- for legislation to
require content monitoring/filtering (or at least an *attempt* at
these, since we know that their "effectiveness" will be ultimately
limited, as we've previously discussed) regardless of any given ISP's
own stand on the issue today.

--Lauren--
NNSquad Moderator

 - - -

> A few years ago Ivan Seidenberg spoke at the Massachusetts Software Council
> and I had a chance to ask him if Verizon could make money in the pure data
> business without added services. He said yes and I think he really believes
> it.
> 
> This is in sharp contrast with the real ATT which, upon buying MediaOne,
> said that it deserved a percentage of the commerce done over its network.
> [EMAIL PROTECTED] debacle seems to have been based on this assumption. This
> attitude seems to be part of SBC (faux ATT) as Whiteacre's comments (to
> Steve Levy originally) showed when his "deserving" attitude created so much
> controversy. 
> 
> Perhaps there are real difference between ATT and Verizon.
> 
> Alas, I don't think that the pure data business is viable in the absence of
> scarcity but that's another topic. For now I'm glad Verizon does believe
> there's a business in bits.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Lauren Weinstein
> Sent: Wednesday, February 06, 2008 00:00
> To: nnsquad@nnsquad.org
> Subject: [ NNSquad ] More on Verizon's rejection of AT&T's attitude toward
> filtering
> 
> 
> http://bits.blogs.nytimes.com/2008/02/05/verizon-rejects-hollywoods-call-to-
> aid-piracy-fight/index.html
> 

[ NNSquad ] Verizon in perspective

[Lauren Weinstein]

The statements from Verizon expressing a lack of interest in
AT&T-style content filtering are very welcome, and there have
been other positive moves by Verizon, but we should keep things
in perspective whenever possible.

On the positive front, we also have Verizon Wireless' "any device,
any app" service level statements (though pricing details have yet
to be announced for this as far as I know).  The practical
competitive impact is somewhat unclear -- AT&T/Cingular has long
pretty much allowed any compatible GSM device on their wireless
network and seems to be application transparent in my experience.

There are indications that Verizon Wireless has been loosening their
notoriously restrictive terms of service (a detailed discussion
is at: http://wifinetnews.com/archives/008047.html ).  This is an
interesting development, especially given that Verizon Wireless has
also been traditionally very restrictive on device capabilities,
even blocking bluetooth local file access capabilities on some
devices, for example.

There have been some recent negatives for Verizon, such as the
controversy over their initial refusal to let an abortion-rights
group run a text messaging campaign (Verizon backed off when this
became a significant media story).  There's also the issue of Verizon
deploying mistyped domain names DNS redirection in a manner
reminiscent in some ways of VeriSign's much criticized Site Finder
service.

So overall, while it appears that Verizon is moving in a positive
direction in some key respects -- and again their stance against
content filtering is a very good sign -- we should keep in mind that
there are complex and changing dynamics in play (including political
ones) that will require continuous appraisal.

--Lauren--
NNSquad Moderator

[ NNSquad ] Re: More on Verizon's rejection of AT&T's attitude toward filtering

[Lauren Weinstein]

> this is like the printer who claims that he should get a share of the  
> revenues from the book he printed as opposed to profit based on the  
> cost of printing.
> v

Indeed, and this is made worse by the fact that anticompetitive
factors can creep in through a variety of vectors.  

The bandwidth caps, tiers, and surcharges now being contemplated by
various ISPs become especially problematic when viewed in terms of
ISPs' own provision of data intensive content (e.g. video and movie
services) that would *not* be subject to the ISP-dictated bandwidth
constraints placed on external Internet traffic and similar external
services.

The potentially anticompetitive aspects of this situation are obvious 
and dramatic.

--Lauren--
NNSquad Moderator

[ NNSquad ] RIAA: To thwart encryption, put filters on PCs or DSL/Cable modems

[Lauren Weinstein]

Rather than get into a detailed analysis of the intellectual
property control approaches bandied about by the RIAA as per the
link below, I'll simply note for now the technical term that best
encompasses the totality of the mechanisms being described:

   "WACKO" (a wholly-owned subsidiary of Fantasyland)

http://arstechnica.com/news.ars/post/20080207-riaa-boss-spyware-could-solve-the-encryption-problem.html

--Lauren--
NNSquad Moderator

[ NNSquad ] AP: Demand for Video Reshaping Internet

[Lauren Weinstein]

http://ap.google.com/article/ALeqM5grNBGWli-Sh6_vIAzZIKpqD8N-AQD8UOACN80

--Lauren--
NNSquad Moderator

[ NNSquad ] "Deep Packet Inspection" Trade Group

[Lauren Weinstein]

Greetings.  Here's a site that many of you might find interesting.
I just received a note of introduction from the Executive Director
of what I would characterize as a "Deep Packet Inspection" (DPI)
trade organization, which apparently went online at the end of 2007:
"dPacket.org": http://www.dpacket.org

Given the heated controversies (here on this list and elsewhere) over
the various manners in which such technologies can be and are being
used (and in some cases, abused) by ISPs, you might wish to take a
look at how the DPI industry is presenting themselves, their
efforts, and their point of view.

--Lauren--
NNSquad Moderator

[ NNSquad ] Push Continues for Mandated Internet Access Bans

[Lauren Weinstein]

Greetings.  It's reported that while ISPs are still hoping for
voluntary agreements, there is a push onward in the surveillance
society of the United Kingdom to terminate the Internet access of
file sharers declared to be downloading in an illegal manner
(however this might be defined by the MPAA, RIAA, and cohort groups,
one would assume).  

This "London Times" article notes some of the practical issues
involved:
http://timesonline.co.uk/tol/news/tech_and_web/the_web/article3353387.ece

Without getting into the details of such proposals here, I find
myself increasingly concerned about the very concept of people being
"Banned From the Internet" -- and what the ramifications of such
bans would be.

Since a user tossed from one ISP would presumably try to move to
another (where real ISP competition exists, anyway) it would seem
that such bans would not be "effective" unless a "banned user
blacklist" were in place, and even then we can assume that such
users will attempt to find other public or private access points, or
resort to using open Wi-Fi access points (a technology issue that
the article above does note).

Until recently, the only Internet access bans I've heard of being
proposed or implmented are court-ordered for particular high-profile
hackers, child molesters, and the like.  Even these would often be
highly problematic if they *were* somehow completely effective.

The reason is simple.  Internet access is rapidly becoming a
foundational utility in our modern societies, like ordinary voice
telephone service has been for decades.  Ever increasing numbers of
commercial and government functions -- and all manner of necessary
information services of course -- depend primarily or completely on
Internet access, even as non-Net alternatives dwindle or are
surcharged.

Unless we wish to create an entire new underclass of "Netless
Persons" unable to function on par with most members of society -- a
situation that would be sure to bring with it a range of unintended
negative consequences for society itself -- we should think long and
hard about whether or not the concept of banning persons from the
Net makes any more sense than ordering that someone live without
basic phone service or even electricity.  

--Lauren--
NNSquad Moderator

[ NNSquad ] AP: Markey introduces new Network Neutrality legislation

[Lauren Weinstein]

http://www.telegram.com/article/20080213/APF/802130714

--Lauren--
NNSquad Moderator

[ NNSquad ] From UK Guardian -- Net Neutrality as The Matrix Pill Choice

[Lauren Weinstein]

http://commentisfree.guardian.co.uk/craig_aaron/2008/02/a_tough_pill_to_swallow.html

--Lauren--
NNSquad Moderator

[ NNSquad ] Competitive Enterprise Institute Blasts Network Neutrality via FCC Comments

[Lauren Weinstein]

  --- Forwarded message begins ---

NEWS RELEASE
CEI Files Comments on "Net Neutrality"

Contact: 
Richard Morrison, 202.331.2273

CEI Files Comments on "Net Neutrality"
Urges FCC to Let Network Practices Evolve in the Market 

Washington, D.C., February 13, 2008—Today the Competitive Enterprise
Institute filed public comments with the Federal Communications Commission,
urging the commissioners not to regulate the speed and pricing of traffic
across broadband networks. CEI’s comments emphasized the problems with
locking in a regulatory structure that would slow investment, innovation
and growth in such a rapidly evolving industry.

"Nothing important can be known today about proper pricing and routing of
content on the networks of tomorrow; nothing can be gained and a lot can be
lost by prescribing it now, or imposing conditions on how producers make
their decisions or disclose information," said CEI Vice President for
Policy and Director of Technology Policy Wayne Crews. "In fact, most of the
allegedly problematic behaviors cited by the FCC actually signify healthy
economic activity, whether carried out by access providers or content
providers."

Proponents of regulating broadband traffic argue that all content should
be delivered with the same speed, a concept that has been called "network
neutrality." They fear that not regulating network owners will leave the
Internet at the mercy of a few large companies. The source of the practical
problems that worry them, however, is often not a lack of competition per
se, but the many legal and regulatory barriers to wider broadband
deployment related to franchise, zoning, and environmental concerns.

"Fundamentally, net neutrality rests upon the fallacy that infrastructure
and content companies are naturally at odds, and that competition and
customer service thus require political force. In reality, the sides are
being driven—even coaxed—into this unnatural conflict by a highly
charged political environment that hews to a flawed philosophy of how
network wealth is created," said Crews.

Read the full text of CEI’s comments to the Federal Communications
Commission here: http://www.cei.org/gencon/027,06411.cfm.

###

CEI is a non-profit, non-partisan public policy group dedicated to the
principles of free enterprise and limited government. For more information
about CEI, please visit our website at www.cei.org.
 

This message was sent by: Competitive Enterprise Institute, 1001 Connecticut 
Ave NW
Suite 1250, Washington, DC 20036

  --- Forwarded message ends ---

[ NNSquad ] Widespread Public Interest in Network Neutrality

[Lauren Weinstein]

There definitely seems to be increasingly wide public interest in network
neutrality issues, and not just from the "usual suspects" in the techie
community.  

The ongoing FCC proceedings re Comcast, regardless of their outcome,
have clearly pushed the topic to a new level, as have other recent
Internet-related events.  One sign of this -- that I've seen over
the last couple of days in particular -- is messages I've received
in response to that AP article that I noted here a couple of days ago
("Demand for Video Reshaping Internet" -- the same article referenced in:
http://lauren.vortex.com/archive/000369.html ).

What I neglected to mention in the original posting is that the AP
article specifically discusses our NNSquad efforts.  There has
been a gratifying surge of people making queries and reading the
NNSquad discussion archives.

Of particular note are the folks who have written to say that they
are just "ordinary" Internet users without technical expertise, but
that they'd still like to be involved with NNSquad if possible since
they're now genuinely worried about various network neutrality
issues.  Network neutrality concerns appear to have gone seriously
mainstream.

This also emphasizes the goal of NNSquad-related software ultimately
including modes that are as turnkey as possible, so that anyone who
wishes to participate will be able to do so without being a
networking or computer expert.  Broad involvement by large numbers
of Internet users around the world is key.

But without a doubt the rising level of public attention and interest
that we're seeing now regarding network neutrality is a good sign
in and of itself.

--Lauren--
NNSquad Moderator

[ NNSquad ] UK ISPs Balk at Proposed Internet Monitoring Role

[Lauren Weinstein]

"The industry association for net providers said legal and technical
 barriers prohibit them from being anything other than a 'mere
 conduit'."

http://news.bbc.co.uk/1/hi/technology/7246403.stm

--Lauren--
NNSquad Moderator

[ NNSquad ] As predicted: The BitTorrent vs. "traffic shaping" arms race

[Lauren Weinstein]

As predicted, P2P extensions to thwart ISP "traffic shaping" and
"RST injections" are in development.  We can assume that ISPs will
attempt to deploy countermeasures, then the P2P folks will ratchet
up another level, and ... well, we may well end up with the Internet
version of the Cold War's wasteful and dangerous Mutally Assured
Destruction (MAD).  There's gotta be a better way, folks.

 "The goal of this new type of encryption (or obfuscation) is to
  prevent ISPs from blocking or disrupting BitTorrent traffic 
  connections that span between the receiver of a tracker response and
  any peer IP-port appearing in that tracker response, according to
  the proposal.

  This extension directly addresses a known attack on the BitTorrent
  protocol performed by some deployed network hardware."

http://torrentfreak.com/bittorrent-devs-introduce-comcast-busting-encryption-080215/

--Lauren--
NNSquad Moderator

[ NNSquad ] TV's Transition to the Internet ... vs. Bandwidth

[Lauren Weinstein]

Greetings.  This "Los Angeles Times" article:

http://www.latimes.com/business/la-fi-webtv18feb18,0,5939575.story

is typical of many which discuss a possible future of vast Internet-delivered
television programming, but neglect to mention a key issue -- how would
ISPs react -- some of whom would be in direct competition with such
programming from outside sources -- as bandwidth requirements increase?

Whether we're talking about a P2P user or a family of four each
watching a different HD-equivalent channel, odds are that in the
relatively near future, the typical consumer data usage pattern will
exhibit a much higher level of continuous Internet access
utilization than we see today.  

Since the local cable or phone company would obviously prefer that
you watch TV via their own video service offerings, are we heading
toward an inevitable clash between ISP Internet bandwidth
management/caps and a vastly expanded universe of competing high
data rate external video choices?

--Lauren--
NNSquad Moderator

[ NNSquad ] Port 25 spoofing and e-mail security/privacy issues

[Lauren Weinstein]

Greetings.  Over on the NNSquad Forum, there's a query from a reader
regarding ISPs who are reportedly spoofing SMTP port 25 to divert input
e-mail traffic to the ISPs' own servers, preventing the e-mail from reaching
the addressed customer e-mail input servers
( http://forums.pfir.org/main/messages/714/828.html?1203372718 ).

While this particular person appears not to be especially troubled by this
behavior, such diversions could trigger obvious security and privacy
concerns.

While I've heard of this sort of spoofing taking place in limited
circumstances such as hotel Internet access networks and the like, I'd
appreciate input from the readership regarding any broader
implementations of such spoofing, especially by major ISPs.

Thanks.

--Lauren--
NNSquad Moderator

[ NNSquad ] Subscriber lawsuit filed against Comcast re P2P throttling

[Lauren Weinstein]

http://arstechnica.com/news.ars/post/20080220-disgruntled-customer-sues-comcast-over-p2p-throttling.html

--Lauren--
NNSquad Moderator

[ NNSquad ] Canada: Proposed $5/mo ISP Subscriber Surcharge to Pay Music Industry

[Lauren Weinstein]

http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20080221/song_downloads_AM_080221/20080221?hub=TopStories

The most interesting line in this article is:

   "Less than 2 per cent of activity on the Internet is authorized
activity. So that 40 billion downloads is 98 per cent of what 
goes on ..."

And the source of this statistic is ... ?  Oh well, never mind,
it sounds impressive, anyway.

--Lauren--
NNSquad Moderator

[ NNSquad ] Messages regarding Internet video and other high traffic applications

[Lauren Weinstein]

Greetings.  In response to Bob Frankston's recent posting about the
initial choppiness he saw on a 2 Mbps video stream over his FiOS
connection, a flurry of responses to and from him were cc'd to this
list.  Rather than post them all here, I'm going to summarize a few
key points that I believe are most relevant:

Bob wondered if Verizon might be detecting that the stream was video
and treating it in a particular manner based on that determination.

Brett Glass replied with: "And so you're complaining?  Be glad.
Many ISPs would cut off or throttle a stream that heavy."  
(Brett, could you provide us with contacts at any ISPs -- other than 
your own of course -- that we can contact to better understand the basis
of your apparently categorical assertion?  Thanks.)

Bob suggested that a 2 Mbps stream isn't all that heavy by today's
standards.

I agree that this is increasingly the case.  Full screen SD and "HD"
video streams are becoming more common on many sites for streaming
to PCs.  Also, a number of consumer devices -- some of which compete
directly with ISP TV/movie offerings -- will stream and/or download
considerably faster.  TiVo HD seems to take around half the
available bandwidth up to 10 Mbps at least.  A number of
specialized movie downloading boxes are now on the market with
similar characteristics.  As these devices penetrate into more homes
and are more widely used, P2P may have a lot of high bandwidth
company.

And on that topic, Brett noted an article at The Register related to
non-P2P applications and their ISP impacts: 
http://www.theregister.co.uk/2008/02/20/iplayer_isps_broke/

Warren Kumari wrote that any number of factors other than
ISP-specific actions targeting video could have been responsible for
the effects that Bob saw, and mentioned that while technically
auto-bandwidth rerouting could be involved, that's almost certainly
not what's going on in this case.  I agree with Warren on both
points.

And so it goes ...

--Lauren--
NNSquad Moderator

[ NNSquad ] Great Firewall of China (from IP)

[Lauren Weinstein]

--- Forwarded Message

From: David Farber <[EMAIL PROTECTED]>
To: "ip" <[EMAIL PROTECTED]>
Date: Mon, 25 Feb 2008 08:25:59 -0800
Subject: [IP] Good article on the Great Firewall of China (The Atlantic)



From: Richard Forno [EMAIL PROTECTED]
Sent: Monday, February 25, 2008 10:26 AM
To: David Farber
Subject: Good article on the Great Firewall of China (The Atlantic)

James Fallows in the Atlantic Magazine has a great in-depth article on the
Great Firewall of China from last month's issue:

http://www.theatlantic.com/doc/200803/chinese-firewall


Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


--- End of Forwarded Message

[ NNSquad ] Pakistan YouTube block routing changes disrupt YouTube worldwide

[Lauren Weinstein]

This story hasn't seen much mainstream media play yet.  Apparently
the means chosen by Pakistan's ISPs to conform to their government's
attempt to block their people's access to "religiously offensive"
video materials -- low level routing changes -- managed to disrupt
YouTube access worldwide over the weekend, with effects in some areas
still apparently continuing.  All details are not entirely clear
at this time.

http://slashdot.org/article.pl?sid=08/02/25/1322252

--Lauren--
NNSquad Moderator

[ NNSquad ] The Dilemma of Tiers and Competition

[Lauren Weinstein]

The issue of service tiers with typical consumer and small business 
Internet access is an interesting one.  For most commodities that you
purchase, you know pretty well for sure if you're getting what
you pay for.  A gallon of water is easy to measure.

But even though most ISPs are constantly working to upsell their
subscribers to "super fast, extreme, turbo, lightning speed" service
levels, it's not so clear what those really mean if ISPs feel free
to throttle traffic on an arbitrary and often secretive basis.

And again, the issue of outside services competing with ISP video
delivery offerings comes directly into play.  You may have heard
that the next-gen DVD "war" is over -- HD DVD is dead, and Blu-ray
wins.  But the same articles discussing this outcome often suggest
that all forms of DVDs are on the way out, to be replaced by
Internet downloads and streaming.

What mechanisms exist to give us confidence that ISP traffic
throttling and shaping won't be deployed in ways that (purposefully
or not) make such external services uneconomical or impractical for
subscribers, vs. ISPs' own competing PPV services that won't be
subject to such throttling or caps?

I have yet to hear suggested a fully realistic and practical
solution to this dilemma.

--Lauren--
NNSquad Moderator

[ NNSquad ] Reports from FCC Net Neutrality Meeting

[Lauren Weinstein]

Greetings.  First-hand reports from the FCC's Boston Net Neutrality
meeting are welcome (subject to the usual moderation, of course).
Media reports are noting that Chairman Martin seemed amenable to
*possible* actions, but also are suggesting that any significant
actions are not likely to be very quick in coming.

Here's a link to the "Washington Post" take:

http://www.washingtonpost.com/wp-dyn/content/article/2008/02/25/AR2008022502817.html

--Lauren--
NNSquad Moderator

[ NNSquad ] Review of FCC Boston Meeting (with two great photos!) [from IP]

[Lauren Weinstein]

--- Forwarded Message

From: David Farber <[EMAIL PROTECTED]>
To: "ip" <[EMAIL PROTECTED]>
Date: Tue, 26 Feb 2008 04:47:25 -0800
Subject: [IP] Re:FCC Hearing today (Monday, 25-02-2008)



From: Christopher Herot [EMAIL PROTECTED]
Sent: Tuesday, February 26, 2008 7:41 AM
To: David Farber
Subject: RE: [IP] FCC Hearing today (Monday, 25-02-2008)

The discussion avoided the rancor that has often been seen in the
network neutrality debates.  In fact the term hardly was used at
all.  The tone of the room was that network operators have the
right, if not the obligation, to manage the traffic on their
networks, but the way Comcast went about it was all wrong - from
forging packets to lying about it.

I put a longer description, including a photo of David Reed holding
up a "packet" and of Kevin Martin listening intently to Bob
Frankston at

http://herot.typepad.com/cherot/2008/02/fcc-en-banc-hea.html

/cfh

[...]

--- End of Forwarded Message

[ NNSquad ] Pakistan access to YouTube restored after "blasphemous" vid removed

[Lauren Weinstein]

Greetings.  Reportedly Google buckled on this one.  It seems that
to get videos removed from YouTube you don't need to be a rights
holder -- being a religious zealot will suffice.  But specific
religions and images aside, and given that "blasphemy" is in the
mind of the beholder, these sorts of actions seem quite risky on
Google's part, and would seem to open the door to exactly the sort
of ongoing hands-on, value-based, micromanaged content control that
I've been led to believe was what Google sincerely wished to avoid.  

We know that DMCA orders will pull videos, but exactly how much
blasphemy is required to zap vids that offend you, but to which you
have no rights?

Anyway, here's the story, including comment on the ramifications of
the associated routing fiasco:

http://ap.google.com/article/ALeqM5hhJjQR54kRIJrZR6Cz3EAjYHnivAD8V217300

--Lauren--
NNSquad Moderator

[ NNSquad ] Pakistan, YouTube, Google, and No Simple Answers

[Lauren Weinstein]

The Pakistan/YouTube story brings together a number of different
elements that touch on Network Neutrality (and what I might call
"content neutrality") in various ways that are useful to examine
further, even though we may stray away from the central network
neutrality focus momentarily.

First, I'll offer a comment regarding my use of the term "religious
zealots" relating to take-down demands at YouTube.  No quibbling --
as far as I'm concerned anyone who wishes to block the entire planet
from seeing material that one religious group feels is distasteful or
blasphemous (for religious reasons) is a zealot.  It makes no
difference if we're talking about any of the world's major religions
or the "Slackers" at the Church of the SubGenius -- the same
standards apply.

Now, if a country wants to *try* block their population from certain
Internet materials, that may be their right, however ineffective
such efforts will ultimately be 
( http://lauren.vortex.com/archive/000229.html ).

But when those efforts impinge on the rights and access of everyone
else, we enter an unacceptable situation.  In the case of Pakistan's
disrupting YouTube routes globally, I'm perfectly willing to accept
the explanation that this was a combination of error and fundamental
routing vulnerabilities.  The latter in particular is a topic for
another time.

But the fact that Google reportedly pulled down the video in
question that triggered this entire situation is of much greater
concern.  The fact that this video could be seen as violating
particular YouTube rules is notable, but questions of the equality,
"neutrality," and global impact of those very rules are of even more
import.

I appreciate -- in fact I applaud -- the need for Google to be
responsible with their sites' contents.  But we repeatedly see a
double standard in this regard that is increasingly difficult to
fathom.

If you show up at Google with a DMCA take down order, you generally
get a rapid response.  This is understandable -- DMCA is the law --
at least at the moment.  

But it's far less clear why Google should permit religious demands
to (attempt) to censor material globally as reportedly occurred in
this situation.  Pakistan's laws and religious sensibilities don't
trump the rest of the world's rights, nor should any country have a
veto over what other countries' populations can access.

This situation is made all the more perplexing by Google's routine
refusal in most cases to act in instances of *individuals* being
defamed or otherwise damaged by Web sites that prosper solely on the
basis of high-ranking Google search results.  I've made a number of
past proposals relating to this area (e.g. "Search Engine Dispute
Notifications: Request For Comments" - 
( http://lauren.vortex.com/archive/000253.html and linked items), plus
I've previously discussed how Google has made an initial step in a
relevant positive direction relating to news sources ("Google Takes
First Key Step Toward Search Dispute Resolutions" -
http://lauren.vortex.com/archive/000267.html ).

However, for the vast majority of conventional (non-news source) Web
pages in Google search result listings, concerned parties have no
effective mechanism to comment or otherwise flag results to indicate
that serious disputes are in progress, so they effectively have no
recourse.

This then is the dichotomy.  Certain classes of content and
complaints result in action from Google, and others simply do not.

What's particularly depressing about this situation is that -- in my
opinion -- Google appreciates that this is a problem, but feels that
they can't risk really dealing with it.  In fact, I've
discussed some of these issues face-to-face with various Google
folks (especially in the context of my "Urgent Call For a Google 
At-Large Public Ombudsman" -
( http://lauren.vortex.com/archive/000251.html ) and I've come away
with the strong impression that they felt both sympathetic and
impotent in this instance.

Google impotent?  A contradiction in terms?  Not really.  My sense is
that they are very concerned that if they opened the door broadly to
these kinds of complaints, they'd be flooded with aggrieved parties
and be essentially paralyzed as a result.

I definitely do agree that there are serious scalability issues that
impact on these matters, but I don't feel that these issues present
intractable problems, and I don't consider the alternative of the
status quo to be acceptable.

However, these are all of course decisions for Google to make, and my
effective influence over events up at the Googleplex is nil.

What this all boils down to is that these are complex situations with
few clear-cut, off-the-shelf answers waiting to be plucked.  But we
can try to work our way through them to the best of our abilities,
and ideally with as little animosity and as much good will as possible.

--Lauren--
NNSquad Moderator

[ NNSquad ] BitTorrent bandwidth usage (from IP)

[Lauren Weinstein]

From: David Farber <[EMAIL PROTECTED]>
To: "ip" <[EMAIL PROTECTED]>
Date: Wed, 27 Feb 2008 06:23:28 -0800
Subject: [IP] Two positions at  FCC Comcast Hearing


From: Brad Templeton [EMAIL PROTECTED]
Sent: Tuesday, February 26, 2008 6:50 PM
To: David Farber
Cc: ip
Subject: Re: [IP] Two positions at  FCC Comcast Hearing

> Note: Richard Bennett who was an expert panelist 
> at yesterday?s hearings informed me that BianRosa claimed that BitTorrent 
> didn?t exceed the contracted limit.  That however ignores the explicit ?no 
> server? clause in the terms of service and no broadband service was built to 
> be fully saturated 24×7.  This is why commercial grade T1 lines that offer 
> less than half the speed of broadband connections costing 8 times less are 
> $400 per month.
>

Actually, the prime reason T1s cost that much is the overpriced local loop.
When purchased at well-connected data centers, megabits of saturated bandwidth
are a great deal cheaper than the price quoted.

However, I feel it is important to point out that nobody denies that P2P
applications, especially Bittorrent, generate a lot of bandwidth usage,
more than most or all other applications.   This is not news of any kind.
(I am a director of BitTorrent Inc, which develops P2P software, though not
acting as a spokesman.)

There will always be low-usage applications, and high-usage applications,
and I think it's safe to claim there will always be a highest-use appliciation
which goes far, far beyond the average.

In this case, with BitTorrent, users trade their spare upstream
bandwidth -- which in many cases, such as the typical DSL ISP is otherwise
going unused and wasted -- to other users in exchange for their
upstream bandwidth in return.   (Or, in a "pay it forward/golden rule" 
situation,
they sometimes just do it out of philanthropy or in the hope of promoting a 
system
where they will be rewarded later.)  It is commonly incorrectly stated that
this is done to benefit the 3rd party (such as ubuntu.com) but the trade is
really mostly among the users.   The seed gets no means to reward tit for tat.

What is often missed is the question really comes out of this concept of
the user having spare upstream bandwidth.   Most ISPs sell a flat rate,
upstream package and as such the bandwidth is sold to the customer and
is theirs to use to further their usage of the internet.   In the case
of DSL, the upstream is truly otherwise unused and is lost forever if not
used.  With DOCSIS and wireless ISPs this is not as true.

Some ISPs want to claim you don't really have any spare bandwidth to trade,
that they didn't really sell it to you, that it is theirs, not yours,
in spite of what they advertise.   If so, there have been calls for them
to be clear in their advertising about these limits.

However there remains a deeper issue.  As I noted, there will always be
a heavy-use application at the flat end of the bell curve.  The 90-10 rule
will probably always apply.   Should we be concerned with a regimen that
wishes to "solve" that "problem" by beating down at whatever new
innovation becomes popular enough to be the heavy user, with 
application-specific
tricks such as protocol detection and forged resets?   Where does this
lead us?

Many value an internet where the smarts are in the "ends" and people come
up with clever new apps that use bandwidth to meet user desires.
In this case, people want big files.   Yes, because Bittorrent is the best
technology for publishing big files, it is used by infringers -- why would
they not seek out the best like everybody else -- but big files will be
sent, both for legit and infringing uses.   When a P2P cloud gets large
and has people exchanging data within a LAN, it actually reduces the bandwidth
load on an ISP compared to the traditional central server "hub and spoke"
approach.

So let's not argue about who is using the most bandwidth, but instead decide
how to set up an internet where there will always be a heavy bandwidth
user, and how to regulate that, if it needs regulation at all.

---
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

[ NNSquad ] FCC paths to Internet network management? (from IP)

[Lauren Weinstein]

From: David Farber <[EMAIL PROTECTED]>
To: "ip" <[EMAIL PROTECTED]>
Subject: [IP] the FCC and Comcast  - a query from your editor
Date: Wed, 27 Feb 2008 09:35:28 -0500

I have heard endless suggestions that the FCC stop what many consider  
improper network management practices by Comcast .. As a former Chief  
Technologist of the FCC I have some understanding of the level of  
technical competence and deapth at the FCC and some understanding of  
the process they and the companies they regulate go through to enforce  
regulations -- long and painful and often producing the opposite  
results intended.

So lets get down to details. What exactly do you want to FCC to do  
about network management. Details -- not just enforce NN -- that is a  
motherhood statement. Details and then  maybe the conversation can get  
meaningful.

---
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

[ NNSquad ] Re: Pakistan access toYouTube restored after "blasphemous"vid removed

[Lauren Weinstein]

The fact that states (or countries) assert that they have such "long
arm" rights is a whole world away from being able to enforce them.
Even within the U.S., such enforcement is often highly problematic,
internationally much more so.

Obviously if we're going to operate on the basis that everything
that offends groups in any part of the world will be deleted
globally from YouTube (or wherever), we could end up with a lowest
common denominator of content where an old episode of "Leave It to
Beaver" would be banned.  As various groups see such successful 
take-downs, they will only become emboldened to make more demands.

The primary issue for Google and other players in this space isn't
international legal action, but international business and access.
This is both understandable and explicit -- Google has been very
clear that access considerations have driven its participation in the
Chinese censorship system, apparently (judging from public
statements) against their founder's own best instincts.  

I don't necessarily condemn such actions out of hand -- there is a
valid argument to be made that having access -- even censored 
access -- brings significant longer-term benefits to these populations, 
but let's at least be direct about what's going on and what tradeoffs
are involved.

The Chinese case is very different from what we're talking about in
terms of the Pakistan video take-down.  The censored version of
Google offered to the Chinese is not also forced upon the rest of
the world as the only Google choice.  The removal of a video from
YouTube globally does force that choice on everyone, everywhere.
That other copies are of course available from other sites isn't the
matter of concern here, the question is the appropriateness of the
action in the first place.

In "Search Engine Dispute Notifications: Request For Comments" 
( http://lauren.vortex.com/archive/000253.html ) I proposed a framework
for the *carefully controlled and managed* insertions of "dispute
notifications" on search results to help deal with such
controversies on Google's main search engine.  

I will now propose that a similar concept could be applied to
services such as YouTube, as a preferred alternative to global video
take-downs.  That is, instead of being able to easily demand that a
video be expunged from YouTube (for other than DMCA-related
reasons), a procedure would be in place to tag the associated video
in a manner that would display the noted objections to that material,
and could even be used by national authorities to impose regional or
local blocking (distasteful as this is) without affecting the rest
of the planet's rights to view the video in question if they wish.  

Actual global take-downs would be much more limited, e.g. to
clear-cut DMCA and universally egregious materials such as child
abuse-related videos and the like, which are far less likely to
create value judgment dilemmas for the services involved.

I am increasingly convinced that the careful and controlled tagging
of videos, search results, etc. in such manners could be a useful
compromise between "no action" and "global censorship" -- and while I
understand that such tagging systems would be non-trivial to
implement and manage, they seem on their face to be far more
desirable and fair than any obvious alternatives.

--Lauren--
NNSquad Moderator

 - - -

> --=_Part_23566_26389270.1204086627061
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
> 
> On Tue, Feb 26, 2008 at 6:32 PM, Barry Gold <[EMAIL PROTECTED]>
> wrote:
> 
> > Fred Reimer wrote:
> >
> > > Personally, I think Google/YouTube's response WAS appropriate.  They ar=
> e
> > > just following the law.
> >
> > Google is a California corporation.  They are legally required to comply
> > with US and California law.  They are under no obligation to follow the
> > law in any other country, except to the extent that they find it to
> > their advantage to do so.
> >
> >
> 
> Not so.  Many states employ "long arm statutes" which permit them to go
> after entities that are not inside the territorial borders of thier state.
> I would think other countries may see it the same way.
> 
> Virginia State Code
> 
> *=A7 8.01-328.1.*   When personal jurisdiction over person may be exercised=
> .
> 
> A. A court may exercise personal jurisdiction over a person, who acts
> directly or by an agent, as to a cause of action arising from the person's:
> 
> [Irrelevant parts deleted]
> 
> B. Using a computer or computer network located in the Commonwealth
> shall constitute an act in the Commonwealth. For purposes of this
> subsection, "use" and "computer network" shall have the same meanings as
> those contained in =A7 18.2-152.2.
> 
> C. When jurisdiction over a person is based solely upon this section,
> only a cause of action arising from acts enumerated in this section may be
> asserted against him; however, nothing conta

[ NNSquad ] British ISPs to sell their subscribers' Web browsing data

[Lauren Weinstein]

Pretty much speaks for itself:

http://www.theregister.co.uk/2008/02/25/phorm_isp_advertising/

As the old song said, "How low, can you go?"  As far as I'm
concerned, ISPs should never engage in such transfers of information
except perhaps on an explicit OPT-IN basis.  The article notes that
no decision on opt-out vs. opt-in has yet been made.  The very fact
that opt-in isn't a given illuminates the mindsets involved.

--Lauren--
NNSquad Moderator

[ NNSquad ] Global ISP content filtering information (from IP)

[Lauren Weinstein]

--- Forwarded Message


From: Seth Finkelstein [EMAIL PROTECTED]
Sent: Wednesday, February 27, 2008 4:39 PM
To: David Farber; ip
Subject: libertus.net - ISP Censorware "Voluntary" / Mandatory

ISP "Voluntary" / Mandatory Filtering
http://libertus.net/censor/ispfiltering-gl.html

"This page contains information about ISP-level filtering systems
implemented, by various ISPs in various countries, to prevent
accidental access to child sexual abuse material on web pages/sites.
It has been researched and produced in the context of the Australian
Federal Labor Government's 2008 "plan" to mandate that Australian ISPs
block access to a vastly larger type and quantity of web pages."

- --
Seth Finkelstein  Consulting Programmer  http://sethf.com
Infothought blog - http://sethf.com/infothought/blog/
Interview: http://sethf.com/essays/major/greplaw-interview.php

[ NNSquad ] Re: FCC paths to Internet network management? (from IP)

[Lauren Weinstein]

Brett Glass says: "Sixth, there should be no obfuscation of P2P."

B!  Sorry, no can do, at least if we're talking about some sort
of enforced ban.  I'm personally not a user of P2P currently, but I
reserve the right to encrypt any or all of my Internet traffic for
security and privacy purposes as I see fit, and most security
consultants worth their salt recommend encrypting as much as
possible, given the nature of the Internet today.

Any moves to ban the "obfuscation" of P2P could easily lead us down
the path toward other sorts of obfuscation and encryption bans, and too
many of us remember the Clipper Chip War to go down that road 
quietly.  ("You fought in the Clipper Chip War?")

Now, if we're talking about a purely voluntary approach leading
to a truce of some sort, that's a different matter.

But as far as I'm concerned enforced "obfuscation bans" are D.O.A.

--Lauren--
NNSquad Moderator

[ NNSquad ] Re: FCC paths to Internet network management? (from IP)

[Lauren Weinstein]

The following is my personal opinion, not a statement on behalf
of NNSquad.

At the risk of sounding a bit like Bob Frankston, I don't accept the
premise that ISPs have any intrinsic right to monitor my
applications and micromanage my use of the Internet, beyond flow
control as necessary to keep their networks healthy.  Even the fact
that a user is choosing to run application A or application B can be
viewed as an element of content that should be none of the ISPs'
business.

Even if users choose to run 24/7 VPNs, with all applications layered
within those encrypted channels, ISPs' main concerns should be that
those subscribers' bandwidth usage stays within their contractual
limits and that their overall throughput is managed to the extent
necessary to avoid unfair impacts on other subscribers or the network
itself.

This implies that any subscriber should be able to run servers if
they wish.  If a subscriber were determined to be engaging in
illegal activities or actions that were disrupting other users (e.g.
spam), they would be subject to appropriate actions, of course, but
it's inappropriate to treat subscribers as if they were
untrustworthy crooks on an a priori basis.  

"Disrupting other users" by this definition doesn't include the
simple running of protocols that make heavy use of subscribed
circuits.  If ISPs have a problem with user throughput, they should
be able to throttle the speed (not block!) as necessary.  But such
throttling rules should be spelled out clearly, so that when a person
pays for a circuit of a specific advertised "up to this speed," they 
have some clue as to what they're actually paying for.

This all doesn't address the problem of how to avoid ISPs managing
bandwidth in ways that favor their own entertainment and related
delivery systems over outside services, but that's another story.

--Lauren--
NNSquad Moderator

 - - -

> At 10:48 PM 2/28/2008, Lauren Weinstein wrote:
>  
> 
> >Brett Glass says: "Sixth, there should be no obfuscation of P2P."
> >
> >B!  Sorry, no can do, at least if we're talking about some sort
> >of enforced ban.  I'm personally not a user of P2P currently, but I
> >reserve the right to encrypt any or all of my Internet traffic for
> >security and privacy purposes as I see fit, and most security
> >consultants worth their salt recommend encrypting as much as
> >possible, given the nature of the Internet today.
> 
> Encrypt the content if you will, but if you try to obfuscate the
> fact that you are DOING P2P, in violation of a contract you made
> with your ISP, you are being dishonest. And if you announce from
> the start your intent to be dishonest, then there can never be
> a truce, much less a mutually beneficial agreement. And you will
> be exactly the kind of customer whom we will be glad to send
> packing. We like doing business honestly, with honest people.
> 
> --Brett Glass
> 

[ NNSquad ] Richard Bennett (from "The Register"): FCC Hearing, Sandvine, Comcast

[Lauren Weinstein]

Richard presents a spirited defense of Comcast, Sandvine, and
aggressive ISP control of the Internet, while seemingly
characterizing Comcast as the victim of a Star Chamber. 

http://www.theregister.co.uk/2008/02/28/bennett_fcc_neutrality_hearing/print.html

"For the love of God, Montressor!"

--Lauren--
NNSquad Moderator

[ NNSquad ] Competition

[Lauren Weinstein]

Just as a point of interest, there are readers of this list in some
parts of the world who are laughing themselves silly at some of the
arguments we see here.

Why?  Because they realize that if there was broad competition in
the Internet access industry in the U.S., especially if wholesale and
retail components were *effectively* decoupled so that the range of
options were available here that are available in various other
countries, many of these other problems would vanish, or at least be
significantly reduced.  U.S. Internet users by and large don't have
a clue about how incredibly limited and primitive their choices are
here.  They simply don't know that there's better possible.

The essential problem with letting ISPs make these decisions in 
our largely unregulated environment is that most Internet users have
few options (some have none!) when it comes to alternatives to ISP
policies with which they don't agree.

Voting with your feet is impossible if effective competition is
so limited that your feet are cut off.

--Lauren--
NNSquad Moderator

[ NNSquad ] Google and ISPs

[Lauren Weinstein]

--- Forwarded Message

From: Lauren Weinstein <[EMAIL PROTECTED]>
To: Brett Glass <[EMAIL PROTECTED]>
cc: Barry Gold <[EMAIL PROTECTED]>
Subject: Re: [ NNSquad ] Re: FCC paths to Internet network management? (from 
IP) 
Date: Fri, 29 Feb 2008 22:25:36 -0800

Golly, I didn't realize that you were such an expert on Google, Brett.

And your certainty about so many complex issues, from your own
rights vs. the powers of regulators, to how courts will rule on
complicated technical issues, is sort of refreshing in a
bible-thumping kind of way.

But your own analysis notwithstanding, both Google's public
statements and my own sources suggested strongly that Google was 
"not amused" by the Rogers message insertion experiments (experiments
which I originally revealed last December in:
http://lauren.vortex.com/archive/000337.html ).  Other unofficial
statements implied that they hoped ISPs would decide not to proceed
with broad deployment of such systems, which could render the need
for legal action moot.  

But if ISPs plow forward anyway, Google's actions in this regard
will be theirs to determine -- not yours, or mine.  I will however
offer two free truisms:

1) Some of the smartest people I've ever known are now at Google.
   It's unwise in the extreme to *ever* underestimate Google.

2) Google is very protective of their brand -- as I would be if
   I were in their position.  But that being said, anybody outside
   of Google who really believes that they have such a handle on
   Google's strategic planning that they can predict Google's future
   actions with any degree of certainty is a fool.

- --Lauren--
NNSquad Moderator

  - - -

> At 04:17 PM 2/29/2008, Barry Gold wrote:
>  
> >Google will _make_ it their business, in one of several ways.  One option, 
> >of course, is the courts.  Their pages are copyright (at least, the logos 
> >and lay
> out are, and I suspect a compilation copyright would apply to the 
> information).  Read up on "derivative works".  
> 
> Google is too smart to pursue such a suit. 
> 
> First of all, it'd lose. A window with two things in it -- a notice and a Web 
> page -- is not a derivative work any more than a desktop with two windows on 
> it
> , or a framed Web page, or for that matter a shop window with two books in 
> it, is.
> 
> Secondly, Google is not in the business of harassing or antagonizing ISPs and 
> would be ill advised to do so. ISPs are their customers and their way of 
> reachi
> ng the rest of the world. Google -- which wants to avoid becoming an ISP 
> itself -- needs them as allies.
> 
> Thirdly, Google would lose a big advantage if ISPs were required to allow 
> P2P. Right now, Vuze, Inc. is trying to compete with YouTube without buying 
> the sor
> t of pipes that Google can afford. It's doing this by stealing the bandwidth 
> from users' ISPs. If ISPs are required to allow this theft, Google loses its 
> edg
> e.
> 
> Finally, Google has more important fish to fry. It needs to fend off 
> Microsoft.
> 
> --Brett Glass
> 

--- End of Forwarded Message

[ NNSquad ] ISP Web browsing data mining controversy grows in the UK

[Lauren Weinstein]

--- Forwarded Message

The Phorm files
All yer data pimping news in one place
By Team Register 
Published Friday 29th February 2008 16:03 GMT
http://www.theregister.co.uk/2008/02/29/phorm_roundup/

We've had a busy week digging into the deals signed by BT, Virgin
Media and Carphone Warehouse to report your browsing habits to Phorm,
a new advertising company.

There's shedloads of questions left to answer. Did BT lie over its
involvement with the firm last year? When you opt-out, just how
"out" exactly will you be? The list is long.  []

But for now, here's the state of our knowledge on what must rank as
one of the most interesting and important developments in the
internet privacy game for some years.

ISP data deal with former 'spyware' boss triggers privacy fears
http://www.theregister.co.uk/2008/02/25/phorm_isp_advertising/
More than ten million customers of the UK's three largest ISPs will
have their browsing habits sold to a company with roots in the murky
world of spyware.

BT pimped customer web data to advertisers last summer
http://www.theregister.co.uk/2008/02/27/bt_phorm_121media_summer_2007/
BT's servers were secretly passing data on subscribers to its "new"
advertising partner as long ago as last summer, though the companies
refused to acknowledge any relationship at the time.

Broadband big boys waiting on data pimping
http://www.theregister.co.uk/2008/02/29/phorm_broadband_isp_targets/
Phorm, the advertising company that wants to pay your ISP to hand
over information on which websites you visit, has convinced the UK's
three largest providers to trust it, but regulators and the rest of
the industry are less impressed.

How Phorm plans to tap your internet connection
http://www.theregister.co.uk/2008/02/29/phorm_documents/
Internal BT documents obtained by The Register for the first time
provide solid technical information on how data from millions of BT,
Virgin Media and Carphone Warehouse customers will be pumped into a
new advertising system.

We are interviewing Phorm's CIO Marc Burgess next week. Send us your
questions to the usual address. 

comments posted -- Post a new comment
http://www.theregister.co.uk/2008/02/29/phorm_roundup/comments/

 

--Lauren--
NNSquad Moderator

[ NNSquad ] Re: Competition

[Lauren Weinstein]

I believe that there are various ways to look at this.  From the standpoint
of the average Internet user, their window on the Net is whichever
entity bills them.  

This chart from Public Knowledge is instructive:
http://www.publicknowledge.org/pdf/uk-isp-20070905.html

It lists almost 30 firms, and far more service packages, offering
Internet access to the same location in the U.K. -- a clear result
of the effective unbundling of wholesale and retail in the access
marketplace.  How many of these guys will stay in business long?
Hard to predict, but does any location in the U.S. even come close
to having access to such a range of choices?

Of course, all these firms haven't run their own wires.  There's
satellite and DSL and Cable, but unlike in the U.S. where the
dominant powers gamed Congress and the FCC to minimize wholesale
access and competitive risk, other countries have embraced it.

Even if we take the view that access services are a natural
monopoly, that leaves us with the question of who should be running
the ball game.  Bob Frankston asserts that communities should own
their own Internet infrastructure as utilities -- he'd cut most ISPs
as they exist today out of the game entirely (my interpretation of
his position).

Frankly, there's much to admire in that scenario if we take the long
view, but I'm unconvinced that it's broadly realistic in the short
term for most areas, so I tend to concentrate on incremental
(though very much non-trivial) improvements to the current status quo.  

But where we are right now, with extremely limited Internet access
choices for most U.S. Internet users, combined with ISPs who are
treating their networks like individual, technological fiefdoms,
is likely not viable indefinitely.  

When Internet access for most consumers was mostly a perk, a toy, a
novelty, this didn't matter so much.  But transparent and neutral
Internet access is rapidly becoming a *necessity* of modern life.  

As some ISPs continue to push the envelope in terms of inspecting,
manipulating, controlling, inserting, and blocking data, they are
increasingly raising the risk of major consumer, legislative, and
regulatory pushback. 

Internet users won't accept being played as fools indefinitely.

--Lauren--
NNSquad Moderator

 - - -

> Lauren-
> 
> For once, I agree with everything you said in your note. The
> monopolistic foothold of legacy carriers (RBOCs) in the access market
> is a difficult problem in the US. But I'd like to point out that it's
> not the only problem.
> 
> I assume that everybody here wants their Net connectivity and
> bandwidth to cost less. Naturally, as consumers we want the cheapest
> price for the most product we can get. This is why we (the collective
> we, not necessarily you or me of course...) buy Chinese goods from
> Walmart despite the fact that it puts smaller shops out of business,
> the longer-term effect of trade deficit on our economy, etc. In a
> similar situation, consumer-oriented ISPs and the carriers that serve
> them have experienced downward pressure on their prices.
> 
> If you look at prices in the carrier-wholesale market for bandwidth
> you'll see that they've been falling for quite some time. Even if they
> stabilize at today's rates (as some suggest) they're now at the point
> where a service provider has to operate at significant scale to make
> any money. And even then it doesn't have a very attractive return on
> investment. So there aren't any significant new entrants to the
> market. And existing players are increasingly merging and/or looking
> for ways to provide "value-added" services. From an economist's point
> of view, the market is in a consolidation phase. And ultimately it's
> our fault for wanting lower prices.
> 
> So... Are network services in the US a natural monopoly? If so, then
> isn't the access issue moot? I'm earnestly interested in hearing
> thoughts on this, because it seems like this illustrates the future of
> the network business and is at the root of the network neutrality
> issue.
> 
> -Benson
> 
> 
> On 2/29/08, Lauren Weinstein <[EMAIL PROTECTED]> wrote:
> > Just as a point of interest, there are readers of this list in some
> >  parts of the world who are laughing themselves silly at some of the
> >  arguments we see here.
> >
> >  Why?  Because they realize that if there was broad competition in
> >  the Internet access industry in the U.S., especially if wholesale and
> >  retail components were *effectively* decoupled so that the range of
> >  options were available here that are available in various other
> >  countries, many of these other problems would vanish, or at least be
> >  significantly reduced.  U.S. Internet us

[ NNSquad ] Canadian Heritage Committee urges Net Neutrality Rules

[Lauren Weinstein]

http://www.cbc.ca/technology/story/2008/02/29/tech-cbcnet.html

--Lauren--
NNSquad Moderator

[ NNSquad ] Topic change on Fred Reimer's message

[Lauren Weinstein]

Fred's recent message came through with a subject formatting problem
which has been corrected in the NNSquad Archive, new subject is:

EU Parliament treating Internet censorship as trade barrier

--Lauren--
NNSquad Moderator

[ NNSquad ] L.A. Times: FCC may hold another hearing regarding Comcast, NN, etc.

[Lauren Weinstein]

http://www.latimes.com/business/la-fi-lazarus2mar02,0,413965.column

"... Last week, the company caused another stir when it paid
 passers-by to fill seats at a contentious Federal Communications
 Commission hearing where critics turned out in droves to complain
 about surreptitious tampering with their online activities."

"... One of the first to spot the problem was former Los Angeles
 resident Robb Topolski, who now works as a software engineer in
 Oregon. When not picking apart computer systems, Topolski, 44,
 sings in a barbershop quartet and collects rare examples of the
 music.

 He tried to make his collection available via peer-to-peer
 networks, services that allow people to share content by
 connecting their computers online. Repeatedly, though,
 Topolski, a Comcast customer, found the connections being
 mysteriously terminated."


--Lauren--
NNSquad Moderator

[ NNSquad ] Tighter moderation policy -- Reminder re NNSquad Forum

[Lauren Weinstein]

Greetings.  Those few persons who have suggested to me that I
moderate this list too tightly will likely be disappointed, but I
hope that the majority of you will be pleased by the following.

While you never see the messages that are submitted to the list and
not distributed, the volume of such submissions that consist primarily
of often short back and forth arguing, cc'd to the list but not
appropriate for the list, has been rising sharply.

Even with messages that I do send out, I often have to deal with 
"I want to have the last word" submissions that will not meaningfully
advance discussions to areas where we haven't previously tread.

While I attempt to keep the dialogue balanced over the long run, not
every message is appropriate for a chain of "Romulan Right of
Statement" replies, and there are many busy people on this list who
simply do not have time for too much low signal/noise bickering. 

Therefore, while I will of course continue to forward messages that
I believe to be of general interest to the readership overall, I must
request that most of the spirited, more argumentative messages move
over to the NNSquad Forum ( http://www.nnsquad.org/forum ) which
exists specifically for this purpose and for other higher volume
traffic.  

I realize that most everyone prefers the soapbox of the mailing
list, but I really do have to draw the line on this, especially
since fairly soon we'll hopefully be moving more into an operational
phase rather than a purely discussion phase.

While the Forum is moderated, it is moderated with a much lighter hand,
and in general anything that is relevant, legal, and polite is fair
game there.  You can read and post anonymously, but if you're registered
you can also receive messages and reply to messages via e-mail, so you'd
only typically have to use the Web interface to start new threads.

Again, the NNSquad Forum URL is: http://www.nnsquad.org/forum .

Moving forward, a wider variety of messages submitted to the mailing
list are likely to receive "Good message for Forum" rejects, but
these are not thumbs-down evaluations on the messages' contents 
per se, but simply statements that the messages in question are more
appropriate for the Forum.  Particularly interesting or informative
Forum threads will naturally be noted in the mailing list.

Thanks in advance for your cooperation with this policy.

--Lauren--
NNSquad Moderator

[ NNSquad ] Japanese bandwidth throttling (from IP)

[Lauren Weinstein]

--- Forwarded Message

From: David Farber <[EMAIL PROTECTED]>
To: "ip" <[EMAIL PROTECTED]>
Date: Tue, 4 Mar 2008 00:54:10 -0800
Subject: [IP] restricted Internet usage in Japan, and IPv6 problems from NTT


From: Rod Van Meter [EMAIL PROTECTED]
Sent: Monday, March 03, 2008 8:49 PM
To: David Farber
Subject: restricted Internet usage in Japan, and IPv6 problems from NTT

Dave, for IP, if you wish...

>From today's Daily Yomiuri:
http://www.yomiuri.co.jp/dy/national/20080303TDY01302.htm

About 40 percent of Internet providers restrict communication by heavy
users to prevent Internet jams, slowing down communication speeds as
information flow increases, according to a survey by the Japan Internet
Providers Association.



Of the 276 respondents, 69 companies said they restricted information
flow through their lines. A total of 106 companies, including those that
rent lines from infrastructure owners, impose such restrictions.
Twenty-nine companies said they were planning to take similar measures.



However, 26 of the 69 companies said they had received complaints from
heavy users about slower communication speed.

Of the 69 companies, 64 said such restrictions had proved effective.
They said the communication speed of all users had improved and the
number of complaints from nonheavy users had decreased.

According to an Internal Affairs and Communications Ministry estimate,
the volume of domestic data flow per second through communication lines
increased 2.5 times over the past three years. The daily volume is now
equal to that carried on about 2 million DVDs.



At our house, we have FLETS Gigabit family type as our circuit, and IIJ
as our ISP.  The gigabit family type is 100Mbps first hop, 1Gbps second
hop, shared among up to 32 houses.  I've never noticed any restrictions
or problems, but then, our house doesn't qualify as "heavy" by their
standards -- we download the occasional Fedora DVD image, upload a few
megabytes of photos a day, but that's it -- no BitTorrent, no video over
the web (Yahoo!BB, for example, pushes a lot of video to their
customers), etc.


As long as I'm writing, I've recently encountered a problem with IPv6 at
our house: my laptop always has v6 enabled, which works great when I'm
on campus, and used to be ignored at home, since I don't have v6 at home
(yet; IIJ used to charge a lot of money (couple of hundred bucks a
month) for v6 service since it was a "business" service rather than
home, but they probably don't any more -- I should check).

However, recently NTT has started providing Router Advertisements and
Neighbor Discovery for v6 on our home network -- despite the fact that
they provide the *circuit*, not the *IP* service!  My laptop picks up
the prefix, and dutifully tries to use it, to no avail -- they
advertise, but they don't forward packets :-(.  I have to wait minutes
while my SSH and other sessions time out and switch to v4.

Word from others here (though I haven't yet gotten around to complaining
to NTT) is that NTT uses IPv6 for management, and for dedicated
appliances, such as a video set top box they might sell you.

Obviously, not very many people are running with IPv6 enabled on their
machines yet (or, alternatively, are configured to prefer v4 and so
haven't noticed), or NTT would be drowning in complaints.

--Rod



- ---
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


--- End of Forwarded Message

[ NNSquad ] DNS Shutdown Orders vs. Free Speech

[Lauren Weinstein]

[ From IP ]

--- Forwarded Message

From: David Farber <[EMAIL PROTECTED]>
To: "ip" <[EMAIL PROTECTED]>
Date: Wed, 5 Mar 2008 03:30:01 -0800
Subject: [IP] A Wave of the Watch List, and Speech Disappears


From: Tom Cross [EMAIL PROTECTED]
Sent: Tuesday, March 04, 2008 8:08 PM
To: David Farber
Subject: A Wave of the Watch List, and Speech Disappears

For IP:

Should US trade embargoes apply to DNS registrars, where the activity
being prohibited is primarily speech?

http://www.nytimes.com/2008/03/04/us/04bar.html

By ADAM LIPTAK
Published: March 4, 2008
Steve Marshall is an English travel agent. He lives in Spain, and he
sells trips to Europeans who want to go to sunny places, including
Cuba. In October, about 80 of his Web sites stopped working, thanks
to the United States government...

It turned out, though, that Mr. Marshall's Web sites had been put on
a Treasury Department blacklist and, as a consequence, his American
domain name registrar, eNom Inc., had disabled them. Mr. Marshall
said eNom told him it did so after a call from the Treasury
Department; the company, based in Bellevue, Wash., says it learned
that the sites were on the blacklist through a blog.

Either way, there is no dispute that eNom shut down Mr. Marshall's
sites without notifying him and has refused to release the domain
names to him

Susan Crawford, a visiting law professor at Yale and a leading
authority on Internet law, said the fact that many large domain name
registrars are based in the United States gives the Treasury's Office
of Foreign Assets Control, or OFAC, control "over a great deal of
speech" none of which may be actually hosted in the U.S., about the
U.S. or conflicting with any U.S. rights.

"OFAC apparently has the power to order that this speech disappear,"
Professor Crawford said...

---
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

--

[ NNSquad ] Japan Network Neutrality Report

[Lauren Weinstein]

[ from IP ]

--- Forwarded Message

From: David Farber <[EMAIL PROTECTED]>
To: "ip" <[EMAIL PROTECTED]>
Date: Wed, 5 Mar 2008 08:29:55 -0800
Subject: [IP] Informal translation of Report on Network Neutrality  Working

Net Neutrality WG Report from MIC

This is an “informal” translation of the Report [PDF] of the
Working Group on Network Neutrality, held by the Ministry of
Internal Affairs and Communications (MIC) of Japan published in
September 20 2007.


It is licensed under a Creative Commons Attribution 3.0 License.

http://www.ni.tama.ac.jp/e/NetNeutralityRep F.pdf

[ Note, the space character in the URL above is necessary!
    -- Lauren Weinstein
   NNSquad Moderator ]
 

- ---
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


--- End of Forwarded Message

[ NNSquad ] Re: Civil Rights Groups Wants P2P Throttling to Preserve Rights (or something like that)

[Lauren Weinstein]

Well, I didn't exactly say "spammers deserve jail, not blocking," but
the point is that the world seems to have pretty much reached a
consensus that there isn't such a thing as legit spam.  And in fact,
I have nothing at all against blocking spammers.  My concern is when
ISPs treat most subscribers as "potential spammers" and prevent them
from running their own servers, forcing them through ISP mail servers,
making cert-authenticated STARTTLS crypto impossible, and so on.
Block and boil spammers, fine.  Block innocents because they *might*
spam -- unacceptable.  Now of course, most of the ISPs who do this
sort of preventative blocking will be glad to unblock you, so long
as you *pay them more* to get to a higher service tier.  Money
talks, eh?

--Lauren--
NNSquad Moderator

>   While blocking spam is a worthy cause, "owners" of network components 
> blocking things at will is a slippery slope.
> 
> What if Microsoft decides tweak their Windows DNS client to forge 
> replies redirecting "google.com" to their own search engine. I may own 
> my computer, but Microsoft owns the windows code. If I don't like it, I 
> can go to their competition ;-). Or my Linksys router (again, I may own 
> the hardware but Cisco owns the code) "helps" my bandwidth even more by 
> blocking my non-Cisco "SIP" VoIP serivice (Cisco uses SCCP VoIP, the 
> rest of the world uses SIP).
> 
> Meanwhile my ISP, having gotten away with blocking BitTorrent, might 
> block any VoIP service other than the one they sell. Coupled with Cisco 
> SIP stomping, above, this means no VoIP for me. And my Realtek 
> (Taiwanese) Ethernet NIC start dropping any packet with a destination IP 
> mapped to Yahoo (in retaliation for Yahoo helping the mainland Chinese). 
> And Firefox refuses to link to MSN. There go all my search engines.
> 
> Eventually nobody can reach anything. The whole Idea of Internetworking 
> is (or was) that all these parts should should make a best effort to 
> forward all traffic, not pick and choose. Blocking should only be done 
> as a last resort, with the express informed consent of the end users of 
> the network. My ISP blocks spam, but I'm aware of this and free to 
> unblock it anytime I want. I assume Brett's customers have the same 
> option. As Lauren pointed out, senders of spam deserve jail, not blocking.
> 
> -JB-
> 
> Brett Glass wrote:
> > At 10:19 AM 3/5/2008, Vint Cerf wrote:
> >  
> >   
> >> Are you saying that your service is private and therefore you can decide 
> >> what I can and cannot send through it?
> >> 
> >
> > Yes. For example, I can tell you that you cannot spam.
> >
> > --Brett Glass
> >
> >   
> -- 
> John Bartas - Director of Network Engineering
> Packet Island, Inc. www.packetisland.com
> [EMAIL PROTECTED]
> cell: 408-857-0605
> 

[ NNSquad ] Avoiding unfair ISP bandwidth manipulations

[Lauren Weinstein]

Greetings.  I've been spending considerable time trying to come up
with a way to assure consumers that their ISPs aren't manipulating
bandwidth tiers, caps, etc. to favor ISPs' own entertainment and
other content delivery systems over outside Internet-delivered
competition.

This is a tough nut to crack, but I have one approach that may hold
some possibilities.

I agree with Vint Cerf that the logical and fairest way for ISPs to
manage bandwidth to balance and protect their networks is through 
protocol-insensitive means -- make sure that customers stay within
reasonable average/total throughput limits, without attempting to make
application-based value judgments.  

But even this is problematic if ISPs can arbitrarily reserve most of
their bandwidth for their own entertainment services that directly
compete with services which must be delivered over the same wires or
fiber, with the external competition being subject to bandwidth caps
and throttling, etc.

Question: Would this problem be mitigated if all IP-based traffic,
other perhaps than basic not-on-demand, non-PPV TV, were subject to
the same bandwidth caps and other limitations?  That is, if an ISP
were cajoled or required to treat its own offerings that competed
directly with external services as being subject to the same monthly
bandwidth caps, throughput throttling, etc., what would be the
effects?

No doubt the telecoms will tell us that this will stifle innovation
and investment, make bandwidth caps impractical, and poison the
environment for generations to come.  But is any of that 
necessarily true?

I do not here propose a mechanism or plan for moving toward a system
like that I describe above.  But so far, I haven't seen or heard
another proposal to address this dilemma, though I'd welcome them.

--Lauren--
NNSquad Moderator

[ NNSquad ] Must Read: China's "Golden Shield Project"

[Lauren Weinstein]

  [ From IP ]

--- Forwarded Message

From: David Farber <[EMAIL PROTECTED]>
To: "ip" <[EMAIL PROTECTED]>
Date: Wed, 5 Mar 2008 16:45:23 -0800
Subject: [IP] How China controls their Internet users



From: Andreas Ramos [EMAIL PROTECTED]
Sent: Wednesday, March 05, 2008 12:01 PM
To: David Farber; ip
Subject: How China controls their Internet users

Article at TheAtlantic.com on China's control of the Internet for Chinese
users:

http://www.theatlantic.com/doc/200803/chinese-firewall

yrs,
andreas
www.andreas.com


- ---
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


--- End of Forwarded Message

[ NNSquad ] Re: Avoiding unfair ISP bandwidth manipulations

[Lauren Weinstein]

Note that I suggested an exemption for: "basic not-on-demand,
non-PPV TV" -- which would apply whether delivered via IP or some
other means.  And I carefully didn't include "blocking" in my list
of bandwidth management techniques that would be "harmonized" under
such a system, though I should have made that even more explicit.
Service-based blocking of that sort would be inappropriate from
the word go.

It is certainly true that upstream and peering issues would need to
be considered, and to the extent that multicast or other techniques
are used that minimize duplication of content toward the end user,
competing external unicast traffic may be more consumptive of
resources (depending on the program and traffic mix).

But at the end of the day we're still faced with a couple of key
issues.  One, various large U.S. ISPs appear to be reserving the
bulk of their bandwidth for their own content, squeezing external
Internet access into what's left and then complaining about
subscriber overuse or misuse.  Secondly, if ISP customers can buy a PPV
movie for $3 from their ISP, or $3 plus burn up a significant
proportion of their month's Internet allocation from an external
competitor (even if the competitor offers a higher quality product)
it's pretty clear what the typical choice will be.

Since so many of these decision factors are held to be proprietary by
ISPs, it's difficult to get beyond the guessing stage with much of
this without hard facts, which is to the advantage of the ISPs and
the disadvantage of competitors and customers.

--Lauren--
NNSquad Moderator

 - - -

> On Mar 5, 2008, at 5:53 PM, Lauren Weinstein wrote:
> >
> > Question: Would this problem be mitigated if all IP-based traffic,
> > other perhaps than basic not-on-demand, non-PPV TV, were subject to
> > the same bandwidth caps and other limitations?  That is, if an ISP
> > were cajoled or required to treat its own offerings that competed
> > directly with external services as being subject to the same monthly
> > bandwidth caps, throughput throttling, etc., what would be the
> > effects?
> 
> Presumably the bandwidth used by the ISP's own services costs less to  
> deliver because it stays within the ISP's network and doesn't go over  
> the backbone. If the purpose of network management is to control  
> transit costs, it makes sense to treat internal traffic differently.  
> If the goal is managing last-mile congestion, it is logical that all  
> traffic over the last mile should be treated equally.
> 
> I think such a rule would penalize service providers who use an all- 
> IP architecture (like U-Verse) while leaving a big loophole for the  
> cablecos, since it would exempt all their video from bandwidth  
> management.
> 
> None of the internal services that I know of use any substantial  
> upstream bandwidth or P2P, so such a rule could be used to whitewash  
> network discrimination practices. e.g. "We're not unfairly blocking  
> our competitors' P2P traffic, because we also block our own P2P  
> traffic!"
> 
> Wes Felter - [EMAIL PROTECTED] - http://felter.org/wesley/
> 

[ NNSquad ] UK ISPs to Spy on Google Users (and Others)

[Lauren Weinstein]

 UK ISPs to Spy on Google Users (and Others)

http://lauren.vortex.com/archive/000375.html


Greetings.  Given the CCTV surveillance fetish in the UK these days,
it seems somehow sickly appropriate that British ISPs are in the
forefront when it comes to spying on the content of their
subscribers' Web browsing -- and it appears that Google users are in
the bull's-eye.

Most of the related media attention so far has revolved around the
manner in which the three largest UK ISPs have gone to bed with
"Phorm" -- toward the goal of monetizing Web browsing habits of
subscribers and providing targeted ads
( http://www.theregister.co.uk/2008/02/29/phorm_roundup/ ).

Of course, there's a lot "soothing" promotional blather on the BT
site claiming that the data collected regarding the sites that you
visit is quickly deleted or anonymized.  And while officially the
ISPs claim that they haven't made a decision about opt-out vs.
opt-in, the current British Telecom limited deployment -- they call the
"service" "Webwise" ( http://webwise.bt.com/webwise/index.html )
and promote it as mainly an anti-phishing system -- appears to be
opt-out (requiring either maintaining a special cookie in your
browser or blocking all cookies from a particular site).

Third-party tracking of the Web sites that you visit is bad enough,
but Webwise (and presumably the other incarnations of the Phorm
system) go one big step farther -- they actually *spy* on your
Web content and extract for their own use the search terms that you
enter into search engines:

   "We [Webwise] use the website address, keywords and search terms
from the page viewed to match a category or area of interest
(e.g., travel or finance)."

Given that the vast majority of searches these days are conducted
with Google, it's obvious that this ISP-based system will be
attempting to monetize the vast number of search transactions
between users and Google, in a technical manner that seems eerily
similar to wiretapping.

This is unbelievably intrusive and unacceptable, except perhaps on a
fully-informed opt-in basis.  When I use a search engine -- let's
say Google -- I am expressing an implicit belief that my search data
will not be abused or misused by Google.  I have made no such
determinations regarding any use in any manner of this search query
data by ISPs or their partners. 

I'm communicating with Google.  Period.  I don't care if the ISPs
claim that the data is quickly discarded, or anonymized so well that
it looks like an iPhone that's been put through a blender 
( http://youtube.com/watch?v=qg1ckCkm8YI ), nobody but Google and I
have any rights to those search terms!

And we all know that search keywords can be very sensitive.  Names,
addresses, social security numbers (sloppy, but people do it),
searches for new words to be used for domains or product names --
all manner of personally and commercially sensitive information can
be found in search query data.  

Anyone who tried this stunt on such a basis with physical mail or
phone calls they'd probably land in prison.  But ISPs are
increasingly pushing the envelope in terms of spying on and even
altering subscriber Web traffic.  This latest example is utterly
beyond the pale, and it's hard to see how such abusive behavior can
continue to pass legal muster indefinitely.

If subscribers wish to opt-in to such systems with a full
understanding of what's involved -- well, I wouldn't recommend it
but that's their choice.  However, if these systems are fully
deployed in a manner that requires subscribers to opt-out to avoid
having their communications with Google and other search engines
being intercepted, then I foresee some very angry subscribers, and a
particular search services giant who will likely be anything but
amused.

--Lauren--
Lauren Weinstein
[EMAIL PROTECTED] or [EMAIL PROTECTED] 
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren 
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org 
Co-Founder, NNSquad 
   - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com 
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com 

[ NNSquad ] "Tripwires" to detect Web page tampering, etc.

[Lauren Weinstein]

  [ From IP ]

  [ This technology was brought to my attention sometime back and is
indeed interesting.  There are a number of complex related
issues, and it's perhaps unclear at this stage to what extent a
javascript-requiring detection system would be most applicable
vs., for example, end-to-end encryption (i.e. detection vs.
prevention of tampering, especially if ISPs assert that their
page modifications are completely legal).

   -- Lauren Weinstein
  NNSquad Moderator ]


--- Forwarded Message

From: David Farber <[EMAIL PROTECTED]>
To: "ip" <[EMAIL PROTECTED]>
Subject: [IP] Stanford -- Building a Safer Web: Web Tripwires and a New Browser
Date: Fri, 7 Mar 2008 09:24:13 -0500


Begin forwarded message:

From: [EMAIL PROTECTED]
Date: March 7, 2008 12:39:35 AM EST
To: [EMAIL PROTECTED]
Subject: [EE CS Colloq] Building a Safer Web: Web Tripwires and a New  
Browser * 4:15PM, Wed March 12, 2008 in Gates B03
Reply-To: [EMAIL PROTECTED]

 Stanford EE Computer Systems Colloquium
4:15PM, Wednesday, March 12, 2008
HP Auditorium, Gates Computer Science Building B01
   http://ee380.stanford.edu

Topic:   Building a Safer Web: Web Tripwires and a New Browser
 Architecture

Speaker:  Charles Reis
  University of Washington

About the talk:

Web content has shifted from simple documents to active programs,
but web protocols and browsers have not evolved adequately to
support them. As a result, safety problems in web sites and web
browsers now regularly make headlines, from browser exploits to
ISPs that modify web pages. In this talk, I will discuss my
research into improving the security and reliability of web
content and browsers.

For most of this talk, I will focus on one particular problem:
the ability for intermediaries to modify web content in-flight.
Our recent measurement study shows that many clients now receive
web pages that have been altered before reaching the browser. The
changes range from injected advertisements to popup blocking code
to malware, often affecting the user's privacy and security. Some
of these changes introduce bugs and even vulnerabilities into the
pages they modify. Most sites are unwilling to switch to SSL for
reasons of cost and performance, so I will show how web servers
can use "web tripwires" to detect in-flight page changes with
inexpensive JavaScript code.

After this, I will talk more broadly about my research on web
browser security, focusing on the deficiencies of today's web as
an application platform. Starting from my prior work on
BrowserShield, I will show how we need a safer architecture for
running programs within the browser. Like an operating system,
this new architecture will need effective mechanisms to define,
isolate, and enforce policies on these web programs.

Slides:

There is no downloadable version of the slides for this talk
available at this time.

About the speaker:

Charles Reis is a PhD student in the Department of Computer
Science & Engineering at the University of Washington, studying
with Steve Gribble and Hank Levy. His current research focuses on
improving the security and reliability of web content and web
browsers. In the past, he has also worked on models of wireless
interference with David Wetherall. Charles received a B.A. and an
M.S. in Computer Science from Rice University, where he worked
with Corky Cartwright and Peter Druschel. At Rice, Charles was
the second lead developer for DrJava, a widely used educational
programming environment.

ABOUT THE COLLOQUIUM:

See the Colloquium website, http://ee380.stanford.edu, for scheduled
speakers, FAQ, and additional information.  Stanford and SCPD students
can enroll in EE380 for one unit of credit.  Anyone is welcome to  
attend;
talks are webcast live and archived for on-demand viewing over the web.

MAILING LIST INFORMATION:

This announcement is sent to multiple mailing lists. If you are signed
up on our private EE380 list you can remove yourself using the widget
at the upper left hand corner of the Colloquium web page. Other lists
have other management protocols.

[ NNSquad ] VoIP Spam (SPIT) on the rise

[Lauren Weinstein]

http://www.voip-news.com/feature/voip-spam-spit-030408/

--Lauren--
NNSquad Moderator

[ NNSquad ] Moderation policy (and previous message from Brett Glass)

[Lauren Weinstein]

Greetings.  Since posting Brett Glass' "P2P == Airliner Bombs"
analogy message a short time ago, I've already received a pile of
messages asking why I sent it through, since Brett has indeed made
the same kind of blanket statements about P2P so many times
previously here.  As it happens, Brett is among the persons with the
most messages ever posted on the list.  Admittedly, he claims
censorship since I don't send through many of his messages (and
since he usually submits a response to most other messages, press
releases, meeting announcements, or other texts that say anything
neutral or positive about P2P or any kind of regulation of ISPs,
that's a lot of messages).

But there are also other persons who claim censorship when I
don't put through their messages (some of which retort Brett), which
if published would of course generate another reply from Brett, which
would trigger yet another reply and so on and so on ...

But basically, the policy I try to follow is fairly simple.
Comments that add to the existing discussion in terms of bringing
out new points are likely to go through.  Messages that consist
mainly of soapbox talking points that have been covered here many
times before, e.g. "All P2P is bad" or "No P2P ever causes ISPs any
problems," and so on are unlikely to pass muster.

Obviously these determinations are not an exact science, but I
believe that anyone looking over the archives of this list would
likely determine that all sides of the arguments are fairly well
represented, and that Brett's assertion that this group is
conducting a "vendetta" against him is inaccurate.

However, Brett has also complained that some readers of this list
apparently send him nasty direct e-mail in response to some of his
postings here.  Such e-mail is definitely uncalled-for.  Though
Brett does tend toward the dramatic and sweeping generalizations,
that's no excuse for being impolite in messages to him, and I'd ask
that however heated the arguments get we still keep things on a civil
level.

Many persons have asked me to "ban" Brett from this list and/or
complain loudly to me about his postings that do go through.  I have
no interest in banning anyone, and will continue to use my best
judgment about which messages (from anyone) go through.

In respect to Brett's "airliner bomb" message, I called his comment
"interesting" -- and sent it through -- not because I thought it had
any validity (obviously I think it's a ridiculous comparison) but
because it demonstrates the depth of emotion that gets tangled up in
these topics, especially when persons' feel that possible changes in
the regulatory landscape might negatively affect their livelihood.  

And indeed, Network Neutrality is not a purely technical issue, and
has real impacts -- as do ISP business decisions in their role as
the only portals to Internet resources for most consumers.

In any case, I always welcome e-mailed comments on moderation
policies, but my sense from responses to date is that the
overwhelming majority of the readership is relatively satisifed with
the current policy and level of discourse.

Thanks as always.

Let's move on.

--Lauren--
NNSquad Moderator

[ NNSquad ] Re: Moderation policy (and previous message from Brett Glass)

[Lauren Weinstein]

Let's get past the airline bomb analogy.  A bomb's sole purpose is
to destroy and terrorize, and whatever "damage" is done by P2P is
ancillary to P2P's purpose, not P2P's purpose itself.  When someone
triggers a purposeful DDoS attack, that's damage for damage's sake.

But Brett's concern about VoIP liability is a valid one, though I
tend approach the question from a different angle.  The trend in the
VoIP industry seems to be toward disclaiming any responsibility for
handling emergency calls reliably -- in some cases I've even seen
stickers on VoIP phones warning that they shouldn't be used for
emergency purposes.   

Much of this issue has revolved around E-911 capability problems,
but concerns about VoIP availability under heavy load (either due to
the emergency itself or other factors, such as overall Internet
traffic characteristics at any given point in time) have increasingly
been noted.

Since most Internet access networks are not engineered to traditional
telco POTS availability standards, the risks of emergency calls on
most consumer or enterpise VoIP systems can be considerable.  For
that matter, in serious regional emergencies, even conventional POTS
can fail.  Having lived in L.A. my entire life, I can testify to the
range of riots, fires, landslides, earthquakes, and other
biblically-inspired disasters locally where I've seen all my phone
and Internet circuits go down.  And that's not counting the guy
who ran his car off the street and sheered away my local B-box.

Which brings us to an interesting question.  Is it even reasonable
to be considering the use of VoIP for emergency calls in the current
Internet environment, given the wide variety of factors that come
into play (including but not limited to QoS considerations)?

--Lauren--
NNSquad Moderator


 - - -

Brett Glass wrote:
> Yes, I know that to some who don't operate networks for a living the 
> analogy might seem "over the top." But it's not. Just as a bomb is 
> destructive and can hurt innocent people, P2P is destructive to networks
> and hurts innocent users. And, yes, there can be harm to life and limb, 
> because people rely on VoIP to serve as their telephone. I worry, day 
> and night, that if I don't provide absolutely reliable service someone 
> will be hurt and that I will be held liable. This is no joking matter;
> networks MUST be reliable.
> 
> --Brett Glass
> 

[ NNSquad ] DynDns configuration and contact failures

[Lauren Weinstein]

Greetings.  If any dyndns users receive NNSquad messages
successfully (perhaps via aliases) I'd appreciate it if you'd ask
their postmaster (assuming they have one, see below) to contact me.
Mail to dyndns users on the NNSquad mailing list appears to be
failing with MX looping errors, and it's unclear if mail to
[EMAIL PROTECTED] was successful, given the stream of postmaster
recipient errors.  No contact by phone either as of yet.

Thanks.

--Lauren--
NNSquad Moderator

  - - -

Date:Wed, 12 Mar 2008 17:18:19 EDT
From:Mail Delivery System <[EMAIL PROTECTED]>
Subject: Mail delivery failed: returning message to sender
To:  [EMAIL PROTECTED]
X-Spam-Status: NO, hits=0.00 required=6.00

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  [EMAIL PROTECTED]
(ultimately generated from [EMAIL PROTECTED])
SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>:
host zimbra-01-bos.dyndns.com [63.208.196.49]:
550 5.1.1 <[EMAIL PROTECTED]>: Recipient address rejected:
zimbra-01-bos.dyndns.com
  [EMAIL PROTECTED]
(ultimately generated from [EMAIL PROTECTED])
SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>:
host zimbra-01-bos.dyndns.com [63.208.196.49]:
550 5.1.1 <[EMAIL PROTECTED]>:
Recipient address rejected: zimbra-01-bos.dyndns.com
  [EMAIL PROTECTED]
(ultimately generated from [EMAIL PROTECTED])
SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>:
host zimbra-01-bos.dyndns.com [63.208.196.49]:
550 5.1.1 <[EMAIL PROTECTED]>:
Recipient address rejected: zimbra-01-bos.dyndns.com
  [EMAIL PROTECTED]
(ultimately generated from [EMAIL PROTECTED])
SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>:
host zimbra-01-bos.dyndns.com [63.208.196.49]:
550 5.1.1 <[EMAIL PROTECTED]>: Recipient address rejected:
zimbra-01-bos.dyndns.com

[ NNSquad ] NY Times: Concerns over video traffic and Internet capacities

[Lauren Weinstein]

NY Times: Concerns over video traffic and Internet capacities

http://www.nytimes.com/2008/03/13/technology/13net.html

--Lauren--
NNSquad Moderator

[ NNSquad ] Re: BT [UK] calls for action on net speeds

[Lauren Weinstein]

One of the facets of my original GIMAA concept 
( http://lauren.vortex.com/archive/000303.html ) and carried over here
to the NNSquad project) is the development and wide deployment of
software to run on end-user systems that would (as just one factor
among a variety of NNSquad-relevant measurements) help to gather more 
accurate throughput and bandwidth data.  A key issue in most 
consumers' purchase of Internet access services is advertised
speed -- but what are they really getting for their money?

By using a vastly deployed end-user structure for such measurements
on essentially an opt-in P2P basis (rather than relying primarily on
subscriber-accessed central measurement servers) a more accurate
picture of such parameters over time should be possible (and these
distributed measurements can still be centrally coordinated 
for analysis and to minimize associated traffic loads).

--Lauren--
NNSquad Moderator


> Interesting article, as I know BT peers at linx with numerous folks. I 
> would like to hear more about the test criteria.
> 
> One thing that we (as techies and so on) even forget is that single 
> stream (session, tcp or otherwise) measurements of bandwidth are not 
> typically reliable.
> 
> MS windows up to and including windows XP, default IP stack tuning is 
> best suited to a 10Mbps shared (CSMA/CD) Ethernet low latency LAN. 
> Through a few minor settings changes, one can improve net performance by 
> 20% to as much as 50% depending on the usage profile of the user. (e.g. 
> you live on the east coast, but more of the websites you visit are in 
> the EU, or on the west coast, or you're 75% metric is less than 40ms 
> round trip).
> 
> Also, another limiting factor is the asymmetric nature of xDSL (and 
> cable) with "normal" (no p2p involved:-) ) activity, can lead to delay, 
> jitter, and dropping of packets which control the overall sequence. If 
> the sending end doesn't receive the next request for packets, they won't 
> be sent.  I had unending problems with VoIP and comcast when I would 
> simply send a 100k email while on the phone.
> 
> A decade ago, at AT&T worldnet, we built out a large dialup US 
> nationwide network. In direct response to traffic gaps (sub 500ms) our 
> own 'Customer QoS' measurements in the network indicated, we adjusted 
> our servers to provide a different window size, and a smaller MTU (IIRC, 
> we settled at 576bytes or so).  What this did for the typical dialup 
> customer, was to fill the gaps in their download of email or usenet 
> (remember usenet?) and effectively doubled throughput to our users, at 
> no additional expense to us.  Interestingly, I do similar tuning for my 
> own servers to either limit (according to bandwidth contract costs and 
> conditions) or speed up responses.
> 
> Similarly, your chosen settings (tuned or not) and the default 
> algorithms in control of your TCP stack significantly effect overall 
> performance and throughput. (note the default TCP algorithm in linux 2.6 
> kernel alone has been changed three times that I recall).
> 
> Try any of the speedtest sites out there from different computers (OS 
> type, or IP stack tuning) and you'll see statistically significant 
> performance differences between them on identical test criteria.
> 
> Best regards,
> andy
> 
> Russell Smiley wrote:
> > http://news.bbc.co.uk/go/rss/-/1/hi/technology/7292932.stm
> > 
> > "BT Wholesale, which supplies eight million people, said many customers
> > were disappointed by the mismatch between advertised and actual speeds.
> > 
> > An independent survey found that 15% of people who bought eight megabit
> > per second packages actually got the speed.
> > 
> > The firm said regulators needed to agree rules about how broadband
> > speeds could be sold to the public."
> > 

[ NNSquad ] NY Times: Verizon offers system to improve P2P transfers

[Lauren Weinstein]

NY Times: Verizon offers system to improve P2P transfers

http://www.nytimes.com/aponline/us/AP-P2P-Verizon.html

--Lauren--
NNSquad Moderator

[ NNSquad ] DNS Interception by ISPs (was Verizon P2P discussion)

[Lauren Weinstein]

OK, we need to get to the bottom of this.  Last I heard, Verizon
allowed subscribers to opt-out of their DNS redirection service
through the rather cumbersome technique of manually changing 
client DNS settings.  Can we confirm that this is no longer the
case, and that regardless of client DNS settings users' DNS requests are 
routed to Verizon's "diversion" Yahoo Search DNS servers?  If this
is indeed true, it is unacceptable, but we need the facts.

There are also reports that Time Warner has started DNS
redirection on RoadRunner here in Southern California
( http://slashdot.org/article.pl?sid=08/02/26/1741253 ), though
reportedly you can still change client DNS settings effectively, or
can opt-out of their various "value added" DNS services (including
what appears to be a default so-called "safe search" DNS lookup) via
this page at the moment: http://ww23.rr.com/prefs.php .

Any additional info regarding related Time Warner DNS behavior
would also be appreciated.  Thanks.

--Lauren--
NNSquad Moderator


> Kevin McArthur wrote:
> > Verizon does continue to set itself apart.
> >
> > The statement:
> >
> > "Pasko stressed, however, that Verizon wants to work with P2P 
> > companies that are focusing on delivery of legitimate media, like 
> > Pando -- not systems where anyone can upload anything, which usually 
> > means lots of pirated material."
> >
> > does strike me as having the potential to run into neutrality concerns 
> > when the carriers begin picking winners and losers in the P2P 
> > technology competition. As we all know, Bittorrent is open-source (and 
> > as a company, focused on legitimate media) while other solutions are 
> > either closed source or subject to content controls, patents and other 
> > nonsense. I'd hate to see the carriers giving competitive advantage to 
> > one but not the other just based upon their ownership of the gateway.
> >
> 
> Verizon DSL and FIOS service already has one dark stain when it comes to 
> neutrality.  They have a feature called "DNS Assistant" which is 
> designed to redirect web browsers to a Verizon/Yahoo search page in the 
> event they type in a URL for which the hostname does not resolve.  
> Verizon's DNS servers will reply with the IP addresses of their own 
> search engine rather than returning a correct negative response.  Up 
> until a few months ago it was possible to opt out of the DNS Assistant 
> service; however, the opt out capability has been removed.  After 
> talking to a number of sales, internal support, technical support, and 
> engineering personnel at Verizon, it became apparent that the marketing 
> department at Verizon initiated the policy change that led to the 
> removal of the DNS Assistant opt out capability.
> 
> The DNS Assistant service causes problems for VPN software, among other 
> things.
> 
> The message in both the Pando P2P announcment and the "DNS Assistant" 
> change is that marketing trumps everything else.
> 
> Kelly

[ NNSquad ] More info on ISP DNS redirections

[Lauren Weinstein]

I've received a number of replies to my request for more specific 
information regarding Verizon and Time Warner (RoadRunner) DNS
redirections/diversions.

Regarding Verizon (the forwarded message below best summarizes), it
appears that while Verizon has apparently removed the redirection
(to a Yahoo Search page) opt-out for their own routers supplied to
customers, it is still possible for users with enough understanding
of their systems to set their own recursive DNS server addresses.
So, for example, those persons running their own BIND, or using
services such as OpenDNS.org, reportedly can continue to do so
without interference at this time.  However, it appears that Verizon
has purposely "raised the bar" to make it less likely that ordinary
users will choose other than the Verizon-supplied Yahoo-diversion
DNS servers.

As for Time Warner/RoadRunner, I've received additional reports
indicating that diversion (via a wildcard record) is occurring in
other areas in addition to Southern California, but also that not
all areas in Southern California are so configured currently.
Indications so far are that the official RoadRunner opt-outs do work,
and it appears that, as in the Verizon case, there is nothing
currently stopping people from running their own BIND or directing
their client systems to other DNS services.

Frankly, I find default DNS diversion, even with opt-outs and
available workarounds, to be distasteful and annoying at best, and a
clear "camel's nose under the tent" in terms of potentially taking
advantage of subscribers, especially those who are unlikely to know
how to manipulate their own DNS settings.  These cases don't rise to
the obnoxiousness level of VeriSign's infamous "Site Finder"
service, but seem to be another step toward pushing the envelope ever
farther in the wrong direction.  If ISPs wish to provide such DNS
diversion services, they should be *opt-in* only.  But we all know
why they don't do that.

--Lauren--
NNSquad Moderator

--- Forwarded Message

From: Kelly Setzer <[EMAIL PROTECTED]>
To: Lauren Weinstein <[EMAIL PROTECTED]>
Subject: Re: [ NNSquad ]  DNS Interception by ISPs (was Verizon P2P discussion)
Date: Fri, 14 Mar 2008 20:45:44 -0500
References: <[EMAIL PROTECTED]>

Feel free to repost or reuse this as you see fit.

I confirmed that the opt out feature was removed with Verizon tech  
support and residential sales on March 6th.  They were unable to tell  
me when the opt out feature was removed.  I know that it was not  
working after Thanksgiving of 2007.  Previously, FIOS users had to  
modify their (Verizon supplied) router configuration to use alternate  
DNS servers that did not have the redirection feature.  Now, it is not  
possible to do that because DHCP leases are short and are not  
renewable.  In short, FIOS users *will* be assigned IP addresses in  
different subnets when their lease expires and will not be able to  
access Verizon DNS servers in another subnet.  FIOS users are required  
to accept DHCP-assigned DNS servers on the router, all of which have  
the redirection feature.

Supporting article: 
http://www.networkworld.com/news/2007/110907-verizon-redirects.html 
  (The timing mentioned in the article matches my observations.)

Verizon appears to have removed the FIOS-specific opt-out instructions  
from their support site.  There are three other examples remaining:

http://www22.verizon.com/ResidentialHelp/FiOSInternet/General%20Support/Getting%20Started/QuestionsOne/98552.htm

http://www22.verizon.com/ResidentialHelp/FiOSInternet/Troubleshooting/Connection%20Issues/QuestionsOne/86294.htm

http://www22.verizon.com/ResidentialHelp/FiOSInternet/Troubleshooting/Connection%20Issues/QuestionsOne/86295.htm


Based on my discussion with residential sales, the behavior is the  
same for both DSL and FIOS customers.  The only above-board solution  
is to get a statically-assigned IP address which is only available as  
part of the business class service.  Based on pricing that I received  
from Business sales on March 6th or 7th, that costs approximately $94/ 
mo in the DFW Texas area.  That is about twice the cost of residential  
FIOS service.  I did not ask for the price difference for DSL service.

The workaround is for FIOS/DSL customers to configure their own  
computer systems not to use their Verizon-supplied router as the local  
DNS server.  I have a local instance of bind running on my Macintosh.   
Verizon does not appear to interfere with recursive resolution.  My  
windows laptop also uses the Mac as a resolver.  I have also tested  
using opendns.org as a DNS resolver and that works fine.


Kelly

On Mar 14, 2008, at 11:56 AM, Lauren Weinstein wrote:

> OK, we need to get to the bottom of this.  Last I heard, Verizon
> allowed subscribers to opt-out of their DNS redirection service
> through the rather cumbersome technique of manually chan

[ NNSquad ] Re: More info on ISP DNS redirections

[Lauren Weinstein]

> It may be worse than that. If the diversion is really through
> fabricated DNS responses, applications such as email could be at
> risk. V

I agree.  Fabricated DNS responses affecting various applications was
one of the issues that was front and center with Site Finder, as we
all remember, with an implicit assumption in such implementations
that "only Web browsers matter" and that other applications negatively
affected by such DNS manipulations were assumed to be unimportant.

--Lauren--
NNSquad Moderator

> 
> - Original Message -
> From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> To: nnsquad@nnsquad.org 
> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Sent: Fri Mar 14 20:30:44 2008
> Subject: [ NNSquad ]  More info on ISP DNS redirections
> 
> I've received a number of replies to my request for more specific 
> information regarding Verizon and Time Warner (RoadRunner) DNS
> redirections/diversions.
> 
> Regarding Verizon (the forwarded message below best summarizes), it
> appears that while Verizon has apparently removed the redirection
> (to a Yahoo Search page) opt-out for their own routers supplied to
> customers, it is still possible for users with enough understanding
> of their systems to set their own recursive DNS server addresses.
> So, for example, those persons running their own BIND, or using
> services such as OpenDNS.org, reportedly can continue to do so
> without interference at this time.  However, it appears that Verizon
> has purposely "raised the bar" to make it less likely that ordinary
> users will choose other than the Verizon-supplied Yahoo-diversion
> DNS servers.
> 
> As for Time Warner/RoadRunner, I've received additional reports
> indicating that diversion (via a wildcard record) is occurring in
> other areas in addition to Southern California, but also that not
> all areas in Southern California are so configured currently.
> Indications so far are that the official RoadRunner opt-outs do work,
> and it appears that, as in the Verizon case, there is nothing
> currently stopping people from running their own BIND or directing
> their client systems to other DNS services.
> 
> Frankly, I find default DNS diversion, even with opt-outs and
> available workarounds, to be distasteful and annoying at best, and a
> clear "camel's nose under the tent" in terms of potentially taking
> advantage of subscribers, especially those who are unlikely to know
> how to manipulate their own DNS settings.  These cases don't rise to
> the obnoxiousness level of VeriSign's infamous "Site Finder"
> service, but seem to be another step toward pushing the envelope ever
> farther in the wrong direction.  If ISPs wish to provide such DNS
> diversion services, they should be *opt-in* only.  But we all know
> why they don't do that.
> 
> --Lauren--
> NNSquad Moderator
> 
> --- Forwarded Message
> 
> From: Kelly Setzer <[EMAIL PROTECTED]>
> To: Lauren Weinstein <[EMAIL PROTECTED]>
> Subject: Re: [ NNSquad ]  DNS Interception by ISPs (was Verizon P2P 
> discussion)
> Date: Fri, 14 Mar 2008 20:45:44 -0500
> References: <[EMAIL PROTECTED]>
> 
> Feel free to repost or reuse this as you see fit.
> 
> I confirmed that the opt out feature was removed with Verizon tech  
> support and residential sales on March 6th.  They were unable to tell  
> me when the opt out feature was removed.  I know that it was not  
> working after Thanksgiving of 2007.  Previously, FIOS users had to  
> modify their (Verizon supplied) router configuration to use alternate  
> DNS servers that did not have the redirection feature.  Now, it is not  
> possible to do that because DHCP leases are short and are not  
> renewable.  In short, FIOS users *will* be assigned IP addresses in  
> different subnets when their lease expires and will not be able to  
> access Verizon DNS servers in another subnet.  FIOS users are required  
> to accept DHCP-assigned DNS servers on the router, all of which have  
> the redirection feature.
> 
> Supporting article: 
> http://www.networkworld.com/news/2007/110907-verizon-redirects.html 
>   (The timing mentioned in the article matches my observations.)
> 
> Verizon appears to have removed the FIOS-specific opt-out instructions  
> from their support site.  There are three other examples remaining:
> 
> http://www22.verizon.com/ResidentialHelp/FiOSInternet/General%20Support/Getting%20Started/QuestionsOne/98552.htm
> 
> http://www22.verizon.com/ResidentialHelp/FiOSInternet/Troubleshooting/Connection%20Issues/QuestionsOne/86294.htm
> 
> http://www22.verizon.com/ResidentialHelp/FiOSInternet/Troubleshooting/Connection%20Issues/QuestionsOne/862

[ NNSquad ] DNS Redirection: The Plot Thickens

[Lauren Weinstein]

Well, responses continue to arrive from my query regarding DNS
redirection/diversion experiences.  Frankly, I'm receiving enough
conflicting data at this point regarding "non-standard" DNS behavior
(for TW, Verizon, and now HughesNet) that really definitive
statements regarding any of these will need to wait for a bit at
least.

A few facets seem clear though.  ISPs are rapidly deploying
DNS diversion "services" of various forms, sometimes as part of site
filtering services, but more often clearly as a monetization tool to
divert users to ISP-partnered search sites.  

The techniques being employed to this end seem to vary significantly,
as do opt-out procedures (when the latter are available -- these
sometimes involve setting a browser cookie, which of course would not
be effective for non-http applications).  The ability to set client
DNS settings directly to effectively bypass these systems also
appears to vary, and this is among the most conflicting of the
reports I've received so far on this topic.

ISPs also appear to vary widely in their willingness to publicize
the extent to which opt-outs are available, and in some cases are
seemingly providing incorrect information (e.g. Verizon, who
apparently recently removed the most visible pages explaining this,
and whose tech support is reportedly providing different callers
with wildly different stories about the DNS situation).

Also, in all cases that I've learned of so far, these "services" have
been implemented on a default, rather than opt-in basis, and there
are obviously many confused and upset subscribers attempting to
puzzle these issues out for themselves in various public forums.

More info to come, as warranted ...

--Lauren--
NNSquad Moderator

[ NNSquad ] DNS Diversion Test Available

[Lauren Weinstein]

Greetings.  After receiving a number of messages from persons asking
for a simple procedure to determine if their DNS queries were being
diverted, rather than actually reaching their specified DNS servers,
I've thrown together an extremely simple test that might be useful
for the moment.

Using your DNS query tool of choice (dig, nslookup, or ...), simply
query the zone:

  control.hq

at the DNS server:

  dns-test.nnsquad.org

Feel free to look at the full zone (AXFR) data if you wish, e.g.,
the shell command:

  dig @dns-test.nnsquad.org control.hq axfr

Since "control.hq" is obviously not a legitimate domain, you should
only receive the dummy data back for it if you are in direct contact
with the dns-test.nnsquad.org DNS server (assuming no devious
manual attempts to duplicate the data in outside DNS servers, and
I'll deal with that possibility later).

Again, this is just a quick hack, but please let me know if it
yields any interesting results.  Thanks.

--Lauren--
NNSquad Moderator

[ NNSquad ] Addendum on the DNS Diversion Test

[Lauren Weinstein]

A quick additional note: 

If you choose to try the DNS Diversion Test described in:

   http://www.nnsquad.org/archives/nnsquad/msg00735.html

it would be best to do some ordinary (UDP) DNS lookups, e.g.:

   dig @dns-test.nnsquad.org control.hq

as well as the zone lookup example that I showed in that earlier
message (which would be a TCP lookup).

Even when some DNS (port 53) services are being diverted, it is not
certain that both UDP and TCP would be subject to the same treatment,
so both should be tested.  Thanks again.

--Lauren--
NNSquad Moderator

[ NNSquad ] Early results of DNS diversion testing

[Lauren Weinstein]

Greetings.  Just FYI, I'm already getting messages from people
finding what appear to be unexpected DNS diversions from their
ISPs.  There is enough broad interest in this that I'm going to
write up a more comprehensive set of instructions for this
testing suitable for broader distribution, along with more info on
interpreting results.  Some people are finding that zone transfers
are working correctly, but ordinary DNS queries are apparently being
diverted, along with other combinations of results.

More to come.

--Lauren--
NNSquad Moderator

[ NNSquad ] Expected query output data for NNSquad DNS test zone

[Lauren Weinstein]

Greetings.  You can now find the expected output data for the NNSquad
"control.hq" DNS test zone ("control.hq" at DNS server
"dns-test.nnsquad.org") via:

   http://www.nnsquad.org/dns-test-zone-output.txt

This data will be changing at intervals so please always verify
any test results against the current data at this link.

Please also conduct both TCP and UDP DNS tests whenever possible, e.g:

TCP: dig @dns-test.nnsquad.org control.hq axfr

UDP: dig @dns-test.nnsquad.org control.hq
  or
 dig @dns-test.nnsquad.org aardvark.control.hq
  or
 dig @dns-test.nnsquad.org [other host entries]


For "dig" or "nslookup" tests properly conducted specifying the
"dns-test.nnsquad.org" DNS server, any variations from the ip
addresses shown via this link would tend to be "smoking gun"
indications of likely port 53 DNS diversions.  Please report all of
these to me.  Thanks.

--Lauren--
NNSquad Moderator

[ NNSquad ] HughesNet apparently diverting DNS UDP data

[Lauren Weinstein]

Greetings.  Early test results via the NNSquad test DNS zone are
strongly suggesting that HughesNet is intercepting and diverting
ordinary (UDP) DNS queries at the port 53 level.  AXFR (TCP) queries
do not appear to be similarly affected at this time.

Dig tests set to the dns-test.nnsquad.org DNS server, which should
have returned correct ip addresses, are instead returning (see dig
listing below) an ip address (e.g. 65.200.200.50) associated with
Paxfire, Inc. ( http://paxfire.com/ ):

   "The Paxfire Look-up Service enables a network operator who runs
his own DNS to generate significant revenue/profits from
searches conducted by end-users on his network.  Today a network
operator gets absolutely nothing for these searches.  Paxfire
can change all that for you today."

Also note below that the dig results claim to have come from the correct
dns-test.nnsquad.org server ip address:

;; SERVER: 67.119.61.35#53(67.119.61.35)

But this is untrue.  The returned host A record is falsified and not the 
correct record held by this server.

The associated "No such domain" DNS diversions lead to Yahoo Search
pages such as:

http://wwh.found-not-help.com/search?qo=www.weownyou.com

For Web browsing it is reportedly possible to opt-out of this
diversion to the Yahoo search page by maintaining a cookie (which of
course must be re-established on all associated Web browers whenever
cookies are cleared).  No opt-out appears possible for non-http
services.  It also seems likely that the cookie only prevents the
transfer to the Yahoo search page and probably doesn't affect the
underlying DNS UDP lookup diversion, but this has not been demonstrated
definitively at this time.

Dig test results follow from a representative HughesNet client system.
This is all based on the best information to this point -- additional
data and info will be reported as appropriate.

--Lauren--
NNSquad Moderator

 - - -

$ dig @dns-test.nnsquad.org smart.control.hq
 
 ; <<>> DiG 9.4.1-P1 <<>> @dns-test.nnsquad.org smart.control.hq
 ; (1 server found)
 ;; global options:  printcmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9855
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
 ;; QUESTION SECTION:
 ;smart.control.hq.  IN  A
 
 ;; ANSWER SECTION:
 smart.control.hq.   60  IN  A   65.200.200.50 <<- BUZZ! WRONG!
 
 ;; Query time: 866 msec
 ;; SERVER: 67.119.61.35#53(67.119.61.35)  <<- A LIE! RESULT NOT FROM HERE!
 ;; WHEN: Sun Mar 16 12:30:56 2008
 ;; MSG SIZE  rcvd: 50

[ NNSquad ] Testing Your Internet Connection for ISP DNS Diversions

[Lauren Weinstein]

 Testing Your Internet Connection for ISP DNS Diversions

   http://lauren.vortex.com/archive/000377.html


Greetings. Over at the Network Neutrality Squad, the issue of ISPs
intercepting and/or diverting DNS (Domain Name Service) lookups has
recently risen to the surface. Some tests that you can perform to
investigate this for yourself on your ISP are described below.

Increasingly, ISPs have been attempting to monetize users' Web
browsing in various ways, and steering them to ISP-partnered search
engines in cases of mistyped domain names and the like is just one
example of this activity.

There is a great deal of variation in how this is accomplished;
whether or not effective opt-outs are available; and how forthright,
opaque, or simply confused ISPs' tech support pages and people may
be regarding this matter.

Beyond the issue of shunting users to search engines of the ISPs'
own choosing, diversion of DNS requests can have significant
negative impacts on various applications, especially non-browsing
(non-http) applications. 

  [ ... ]

  [ Due to their length and detail, the full information and links
for the test procedures and accompanying explanations are
omitted here.  Please see the complete write-up at:

http://lauren.vortex.com/archive/000377.html

Thanks! ]

--Lauren--
Lauren Weinstein
[EMAIL PROTECTED] or [EMAIL PROTECTED] 
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren 
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org 
Co-Founder, NNSquad 
   - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com 
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com 

[ NNSquad ] Possible DNS diversion by Sprint EVDO

[Lauren Weinstein]

I have a solid report that strongly suggests port 53 DNS diversion by
Sprint EVDO, at least through one reseller.  I'd be particularly
interested in the results of other Sprint EVDO users running the
tests outlined in:

http://lauren.vortex.com/archive/000377.html

Please do not report if the tests do not suggest diversion, but for
all other results please include as much detail in your report as
possible.  Thanks.

--Lauren--
NNSquad Moderator