Mattel Dislikes Being Embarrassed (UPDATED)

A few weeks ago we ran Keep It Legal to Embarrass Big Companies , detailing Peacefire's decryption of X-Stop's blacklist. Then just a few days ago, we noted that CyberPatrol's encrypted list had also been cracked. Well, Mattel, the maker of CyberPatrol and a Big Company, decided it didn't like to be embarrassed -- so it's filing suit against the coders in Canada and Sweden. In addition to demanding the removal of the decryption utility, Mattel is also seeking the logfiles of the Swedish ISP that hosts the decryption utility, to identify everyone who has downloaded it to date. Update: 03/16 6:50 PM EDT by J : Today's news was filled with Mattel's PR lies about their suit. Analysis follows.

Update: 03/16 6:50 PM EDT by J : The problems started with the AP story (cited above). The decryption software posted by the activists was described as "a method for kids to deduce their parents' password and access [pornographic] Web sites."

This was the spin that Mattel's PR people put on the story. They surely didn't want the news media reporting that activists had posted software that exposes their secret, hidden blacklist to the light of day. That wouldn't sound so good - it might get people to ask "why are these blacklists encrypted at all?"

Instead, Mattel's PR decided to say that the decryption software allows kids to view pornography. Predictable - this is the same smear that's always dragged out - but the media swallowed it uncritically. (The AP story was repeated on cnet, and everywhere else that uses the AP feed.)

Even the normally-critical Declan McCullagh wrote a story for Wired whose opening sentence was corporate propaganda. "Toy-maker Mattel has sued two programmers who revealed how to circumvent its CyberPatrol blocking software." Thankfully, the rest of his article gave the full story.

Mattel is not upset about CPHack's minor feature of circumventing the program when installed. Peacefire has been distributing their own instructions to disable Cyber Patrol for months now, and hasn't been sued. (They're pretty simple instructions, too.)

Mattel is upset that people can see the flaws in their software which were previously hidden by encryption. They want to continue selling bad software and will use the full force of law to prevent you from learning how bad it is. Legal papers have already been served and the proceedings will presumably begin shortly. Stay tuned - and don't trust press releases.

One small point , was Re:huh?

[Anonymous Coward]

Which implies that the software must be crackable, however good your programmers were.

Yes, but one of the points that the article deals with at some length is the fact that Mattel used a totally sub-standard encryption algorithm. For a start, they didn't bother to salt the hashe's.

So parents shouldn't allow kids to browse the net unattended?

That's a rather broard question.

My response to it is - those parents who keep screaming about all of the porn/bomb recipies/drug recipies on the net and who keep pertitioning politicians to pass laws to restrict my right to view and read what I wish to should be forced to supervise their kids.

The reason why I have this attitude is simple - it isn't my job to supervise their kids and from what I have seen to date, the parents who scream the loudest about this subject are the ones who seem most likely to neglect their kids and let them run wild.

Consider the converse as a point in case - my sister and brother in law take turns to supervise their kids net useage. They act in a responsible manner. Because of this, they can't understand why some of the other parent in their neighbourhood keep screaming about the internet. To them it's a non-issue.

As to any other interpretaion of the issue beyond this one, you will need to be more specific.

Re:Block porn, allow the KKK

[Anonymous Coward]

You must be really boring in bed - porn is legal in Holland, and they're some of the best people at sex in Europe. Porn is nearly completely illegal in Ireland, and the majority of people there don't do anything other than missionary.

A lot of porn is quite educational, and soft porn/erotica can be aesthetically pleasing - check it out some time.

You dont get it. Legal is irrelevant. Threats work

[Anonymous Coward]

You may do something that is perfectly legal, reverse engineer some product, attempt to export strong crypto, create a fake modem server that DIVX will accept. But it being legal doesn't matter. Big corps and gov't can litigate you directly into hell. And once they do so, it doesn't matter anymore who is right. *YOU* are faced with years to decades long court proceedings, many thousand times your annual salary in legal bills, harassment, investigations, etc. Got a life? Not anymore. Need to pay bills? You're already in debt for the next 1000 years. You don't even have time to hold a job. And you are required to appear in a court of courts far, far away from where you live. Can you addord this too? In short, you lose. So, to escape hell, you *WILL* accept whatever plea bargin bone the other side throws at you. And by doing so, you admit guilt, and help build case law and legal precedent that makes it easier for the corps and gov't to sue and quash the next guy. i.e., you help hurt your own cause bu assisting the destruction of the next free thinker. You have been assimilated. Did I miss something here?

Re:Warning: Disinformation!

[Anonymous Coward]

And the common "their encryption sucks, it's their fault" argument is trash. If someone breaks into your house because they could smash down your door, is it your fault that you didn't have steel bars?

I don't think this analogy quite sticks. Cyberpatrol isn't analogous to one person's house -- it's a product that's being marketed as secure but really isn't, as Skala and Jansson have demonstrated.

If a company was marketing a "break-and-enter-resistant" house, but someone exposed a flaw in the design that allowed intruders to get in through a basement window, it would be prudent to publish those findings so that consumers would be warned about this weakness.

The last few issues of Crypto-gram, Bruce Schneier's monthly cryptography newsletter, have discussed the ethics of the publication of security flaws. Back-issues can be found at www.counterpane.com [counterpane.com].

Re:Block porn, allow the KKK

[Anonymous Coward]

What the US considers "children" are already well withing breading age in most parts of the world. Of course how many 13 yrs get knocked up every year in the US. Keep in mind that to may Americans, any info abotu birth control is well over the "porn" line.

Ever notice how its always the American geeks that aren't getting laid?

Re:Block porn, allow the KKK

[Anonymous Coward]

Oh, yes. Of course. How could I be so silly? There's no way that porn could be considered speech by some people, or vice versa, and it's perfectly clear to everyone exactly what is porn and what isn't. Thanks for shedding your shining light of wisdom upon this discussion.

Re:Clarify one thing...

[J. J. Ramsey]

"I mean, shouldn't they at least be viewable from within an administrative section of the program that requires passwords and what not to get into?"

Yes, they should. :^)

"Or is it because the corporations don't want people seeing all their mistakes and what not in the list?"

I say that's the reason right there.

No way Sweden's legal system agrees on this

[Caine]

There's no way Sweden's legal system or ISP will agree on this. If they do I'll be severly shocked. In my younger days I was stupid enough to do some cracking, and eventually I got sloppy and caught. But even when facing legal actions my ISP did not release it's logs with me. So if they comply with this, it will be quite a new turn.

Other headlines

[sjames]

So Mattel feels violated because of a program that lists their blocked sites? Claims copyright infringement? Their case is similar to these headlines I hope to never see:

Random House sues all public and private Schools! In an unusual move today, Random House has filed suit against all public and private elementry schools alleging that by teaching students to read and write, they are enabling plagerism and other copyright infringements on a massive scale.

Ford Motor Company sues Pinto victims. By having accidents and reporting on the outcome, they are engaging in illegal reverse engineering Ford says. Ford's representitives also maintain that, "Reporting a mechanical failure is also a clear violation of our new licensing agreement". The case is expected to go to court as soon as the defendants are discharged from the hospital or buried.

Re:You owe me!

[sjames]

You owe me a new sarcasm detector.

The check is in the mail.

You don't have a lie detector do you?

Not Yahoo, AP

[Joe Rumsey]

Way to keep neutral, Yahoo.

Just to a pick a nit, Yahoo just picks up stories straight from The Associated Press. Blame AP/Ted Brides (the author) for the slanted journalism. You'll find the exact same story on any number of sites that carry the AP wire.

Re:What about the DCMA?

[acb]

The DeCSS decision suggests that the encryption research exemption places the burden of proof on defendants to prove that they are legitimate researchers (and not warez kiddies or troublemakers).

Re:Yet again...

[acb]

We've talked about this before, but I think it's time to get serious about writing a canopener to extract files from InstallShield and similar SEA utilities without displaying, reading or parsing the license. It can't be that hard, and it would kill off the click-wrap license BS completely.

Not to mention get anyone touching or linking to it sued into debtor's prison.

Re:Super mirror

[acb]

You can bet that, if political pressure didn't work, and economic sanctions didn't either, they'd drop a laser-guided glide bomb on the server one night, and say that it was distributing child pornography or something. Those who said otherwise would soon be merged in the public eye with the Waco conspiracy theorists and black-helicopter nuts. (There are so many strains of paranoia out there, nobody would notice another one.)

My Mirror

[dew]

The textual document is now also mirrored at http://david.weekly.org/code/cp4break.ht ml [weekly.org].

David E. Weekly [weekly.org]

Politics and law

[N8F8]

Be glad you don't live in a country where the entire legal system goes belly-up for big business at the drop of a dime.

Re:Let Mattel know what you think...

[Jeffrey Baker]

I just testes all four of those addresses and waited ten minutes. No bounces, so I suspect either they all work, or they have configured a catch-all address.

Good work!

Mirrors of the disputed content.

[Apuleius]

http://www.mit.edu/~ocschwar/ ... :

cp4break.html
cp4break.zip
cph1_rev.c
cphack.exe
cndecode.c

On US soil, no less.

Re:Everyone who has downloaded it

[waldoj]

I disabled logging on my mirror [waldo.net]. If Mattel comes knocking on my door, I can honestly say that I don't have a damned clue of how many people downloaded the program, or who, or what IP, or anything.

I recommend that everybody else running a mirror do the same.

Re:Add me to the log

[waldoj]

I think that web sites against censorware should find a way to detect a censorware product and display a banner, instead of the requested page, indicating that the site does not support censorware and the website can not be viewed if you're using a censorware filter. Then perhaps parents may be forced to (re)consider the product.

On one of my sites, Curfew.Org [curfew.org], I've done something close to this. Curfew.Org is all about how to fight youth curfews of a legal nature. 99% of the people looking at my site are from .edus or or from .k12.state.us. Of them, 25% of them are behind censorware proxies. So I put up a little message that lets them know that they're being censored.

I wrote mine in PHP. As you can see, it's grossly simple:

$remotehostname = gethostbyaddr($REMOTE_ADDR);
if (ereg ("bess-proxy", $remotehostname)) {
echo("You're being censored!");
}

This only works for proxies, and this is just the Bess [n2h2.com] section. You could insert this, and add other proxy names, and put a more useful message up. (I took out the full paragraph for brevity.)

Anyhow, steal this highly-advanced code and use it on your own site!

Re:mirrors!

[waldoj]

And at http://cp.waldo.net/ [waldo.net].

If I only had the time...

[UncleRoger]

This looks like absolutely fascinating stuff. Unfortunately, I don't have time to read through it and really get into it, much as I'd like to.

What I do (did) have time to do was to go to the site and download the software. That way, if Mattel succeeds in getting the list of IP's that downloaded the software, they'll have one more person to track down and try to bully.

Just think if everyone who reads slashdot did the same... It would sure cost them a pretty penny to have the lawyers track everyone down, send them notices, etc. It wouldn't take long before the postage and legal fees would far outstrip any profits they might get from selling their software.

cp4break.zip mirrored

[Kris_J]

I'm hosting the cp4break package on an Australian server. You can have frames [optusnet.com.au] or no frames [optusnet.com.au]. Look at the bottom of the page in the software section. You'll also find links to DeCSS/Livid, unf*ck & software to copy MP3 files off the old Rios. Feel free to link. My Geocities version of the page also contains links to the copies on the Australian server; mp3.krisjohn.net [krisjohn.net]. Enjoy.

Re:A Censor's Story

[Kris_J]

It's a shame that the censorware marketplace battle revolves around the block list, because there are so many other attributes to a program that make it better or worse than another. Ease of installation, upgrade paths, service, stability, integration - heaps of things.

Why can't the block list be an open-sourced ratings system and each one of the censorware products is simply a front end / way of implementing the list?

Re:This law does nothing for me as a consumer

[Kris_J]

As a computer support guy I occasionally get asked, by parents, what they should do about protecting their children from things like porn on the Internet. My number one suggestion is to put the computer in a central, clearly visible location so that anyone passing buy can see what's on the screen. The look on their face after that revelation is hilarious.

Other than that I recommend that they spend time with their kids, educating them on the ways of the world. I also tell them that their kids will always find a way around any technological "solution". They usually walk away very happy.

Re:I see their point... sort of.

[Kris_J]

If you broke into their offices, stole something used in the development of, but not deployment of, a product you would be invading their privacy and stealing their stuff. But if your local council is using public funds to enforce, or even just support, filtering in public access libraries then you're at least entitled to see what's being blocked. Personally, I belive that no public body should be allowed to install censorware with a secret way of filtering content - god only knows what hidden agendas find their way into such products. Control the information and you control the population.

Here's my mirror of all this, and more...

[Pig Hogger]

in my .sig

--

Re:Mattel????????

[ralphclark]

I intend to boycott Mattel products (I have two small children aged 4 and 6, who use a LOT of Mattel products). I want to write to Mattel to explain this but I can't find any useful email address on their web site. Does anybody know such an email address?

Consciousness is not what it thinks it is
Thought exists only as an abstraction

Re:A Censor's Story

[ralphclark]

I intend to boycott Mattel products (I have two small children aged 4 and 6, who use a LOT of Mattel products).

I want to write to Mattel to explain this but I can't find any useful email address on their web site. Does anybody know such an email address?

I posted the above question elsewhere, I know, I only wanted to maximise my chances of getting a reply.

Consciousness is not what it thinks it is
Thought exists only as an abstraction

Re:The block list

[BJH]

That would be a VERY BAD IDEA. It would give Mattel further grounds for suing for breach of copyright. These guys are doing it the right way - distributing the tools for converting the database to plain text and then leaving it up to the user to decide whether they have a legal right to see the content.

Re:I see their point... sort of.

[jms]

Decrypting their list, after all, is kind of an invasion of their corporate privacy.

Corporate privacy? Where did this concept come from? This is a breach of corporate secrecy -- a busted trade secret. They failed to adaquately protect their trade secret, and now it has been revealed. There are no privacy issues involved here.

But what do they really expect to gain from the ISP's log files?

This is a public relations move. By aggressively going after the ISP, they are creating the impression that the release of the list-decrypting software was an illegal action, when it wasn't.

Picking a nit ...

[FreeUser]

We deserve this.

No, we don't. No one does.

I know, I tend to blurt out the same untruth as well when I'm feeling emotional about something (e.g. "the USA diserves the oppression it will get if this censorship continues!").

We do not deserve to lose our rights ,irrespective of how involved we are in teaching others and promoting our political and social values, or not. If I chose to be a hermit with a keyboard, I am entitled to the same rights as someone who is out in the limelight, day in and day out, working to protect those same rights.

No one deserves to lose their rights, for any reason, much less laziness.

That having been said, losing one's liberties is a natural consiquence of laziness. Not because it is deserved, any more than a victim of an airline accident in the Andes deserves to starve, but simply because that is the nature of things.

I know I'm nitpicking, but I grow wearing of hearing "we deserve this, they deserve that," as though the atrocity which came about as a consiquence of something is somehow justified, when it simply is not.

That having been said, I agree 100% with your prescription: get involved and get others involved. Failure to do so will have the undeserved consiquence of our losing our rights and our liberties.

Re:The World is America's Bitch

[FreeUser]

A citizen of a theoretically democratic country exhorting citizens of other countries to stop his country, so he has a place to escape to when things get bad ---- something is very, very wrong with the picture.

As the one who made the statement you refer to, I couldn't agree more. Something is very, very wrong here, indeed.

Hence the diatribe with the provocative subject line. :-)

Re:Real information

[redhog]

Isn't it only a problem if the encryption scheme is clamed to be a _copy_ protection scheme? Which the stupid filter producers doesn't claim (They claim it's a security against children viewing porn). At least this should hold as long as you don't _distribute_ the database, only a decoder for it (thus people has to buy the database in order to decrypt and read it), thus the filter producers have got their money.
--The knowledge that you are an idiot, is what distinguishes you from one.

Re:Logs are useless.

[Bryan Andersen]

This is what proxy servers are for... :)

I once didn't like the idea of using proxy servers between me and the web but they do have their uses.

Re:Real information

[Bryan Andersen]

Aren't databases copyrightable? If they are, breaking this encryption is illegal under the DMCA, since the information encrypted is copyrighted. If it's not, well, there's nothing to worry about.

Only if it can be shown that significant creative effort went into their making. I doubt an automatically generated list of questionable sites could qualify. The problem is the testing of this in court. That costs $$$.

Mirrored.

[arcade]

My little mirror [kvinesdal.com].

Of course, everything there is downloadable from the swedish site, but its important to get it mirrored fast.


--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet

Re:Mirrors of the disputed content.

[arcade]

http://arcade.kvinesdal.com/cyberpatro l.html [kvinesdal.com]

My little contribution. :)
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet

Re:Don't use mirrors!

[arcade]

Download from the source, but do make mirrors! Just don't download from them .. yet !

Mirror it all over the net!


--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet

Re:Mirrors of the disputed content.

[QuMa]

Ok, here's my link: cphack.exe [chello.nl]

Re:Add me to the log

[warpeightbot]

Microsystems also asked the judge to order the Swedish Internet company where the bypass utility is published to turn over records identifying everyone who visited the Web site or downloaded the program.

Knee-Jerk response: I went and downloaded the application straight away. What the hell do they think they're going to do with the logs? Should I expect a Mattel-In-Black to arrive at my front door in the early hours?

OK, people, what are we going to really do about this thing?

If I were those Swedish dudes, my logs, if any, would be a figment of Mattel's imagination. "Don't run'em, your honor. Violation of privacy." In other words, Bork you very much, Mattel. If, of course, it ever came to that; if I were the Swedish ambassador, I'd be giving that judge the dipolmatic finger when it came to any half-baked ideas of extradition.... Maybe it'll teach our American bureaucracy a thing or two about soveriegnity. They need to learn that.

OK, now the hard part. How do we as geeks, the denizens of cyberspace, prevail upon Mattel to BUTT OUT of our millieu? Bigger question: How do we enforce the idea that, barring outright thievery or violation of a contract, there is free speech in cyberspace (barring the "printing press" rule i.e. no free speech if you don't own the box)?

I don't have an answer to that, but we need a way or three to lean on Mattel, MPAA, the Imperial Federal Government dominant in North America, and anyone else who gets in our way. (Hear that, BorgieBill?) Whining on here won't do it.

OK, guys, suggestions?

Re:How is this free speech?

[WNight]

Dismantling something (a car or software) and pulling out trade secrets isn't IP theft. Neither is publishing these secrets. The whole idea is that trade secrets have no protection.

The only way dissemination of trade secrets becomes illegal is if they are stolen, by stealing documents, or other information from the company. Simply reverse engineering the device is perfectly legal.

If a company wants protection for their trade secrets, they should patent the damn things, that's why patents were invented, to grant a legal monopoly in trade for making the information public.

But, either way, by reverse engineering, or reading a patent, the information is available for public consumption. If it's patented, you just can't use it.

But, a list of sites can't be patented, I don't think even the moronic US patent office could do something that stupid.

If the list is autogenerated, or is ruled to not be creative, then it isn't copy protected.

But, that doesn't matter. The encryption isn't designed to make the product hard to copy, the whole thing can be easily pirated. The encryption was used to prevent users and competitors from seeing what they block. That way people can't complain about all the misblocked sites.

But, they can't encrypt the data in such a way that it can't be viewed. As long as the software needs to decrypt it to check for a match, they can't encrypt it in such a way that the hacker can't simply replicate whatever the software does. They could use a one-way hash, like unix passwords (all good password systems, actually) which would be unreversible, but this is probably beyond their skill. (Mattel isn't a company known for great software, and their software sounds like the bottom of the barrel anyways.)

Re:Warning: Disinformation!

[WNight]

Considering that there's no law against deleting log files unless they're subponeaed, it's not breaking the law.

Mattel only WANTS to view the logs, that has no legal force until they actually bribe a judge, or in this case, bribe a foreign judge.

Until that point, the log files are just another text file, which could be deleted to save space.

Re:Warning: Disinformation!

[WNight]

Good advice. Just don't log, or delete the logs in rotation. That way they can't recover anything.

But, don't forget that Mattel isn't the court. If Mattel wants the logs, you can delete them. Until they get around to asking the court, it's just the wishes of some company.

If they had sued you and then you went around removing evidence, it wouldn't go so well for you. But if you're a neutral third party they just might think of suing, you have no reason to keep those logs, especially if they might contain private information.

Mattel????????

[delmoi]

Microsystems Software Inc. of Framingham, Mass., which sells the widely used Cyber Patrol,

Acourding to the artical, the Suit is being filed by Microsystems Software... Not Mattel, infact the string "Mattel" doesn't even appear in the artical whatsoever (case insensitive). Now this may be an outside peice of information that the author just happend to know, but from this it really dosn't look like Mattel ether makes this product or is filing suit. Do you have any backup that says it is Mattel?

Re:Bright kid

[powerlord]

This is actually based on a story I remember reading in High School lit (unfortunately I don't remember the story :(

Re:Bright kid

[0xdeadbeef]

There was a (new, late '80s) Twilight Zone story where these kids are preparing for a big test, kind of like the SAT. They're real excited because passing this test allows them to use telephones and have adult rights. The parents of one child are really worried about their particularly bright son, and there are subtle hints that this is a bigger deal than is evident to the kids. It ends with a call to the parents, saying that he finished the test, and oh, btw, where would you like his body interred?

(See, they were living in a police state, a particularly subtle and nasty one. The test weeds out potential troublemakers).

Excellent Article

[sbeitzel]

I read the article/paper and found it to be very well-written. Not only do Jansson and Skala present tools for cracking CyberPatrol's weak encryption, but they explain why the encryption is weak. They also take us on their journey as they reverse-engineer the file formats and the encryption algorithm. That part alone makes this paper a valuable educational resource.

huh?

[Haven]

So this is basically saying that a kid can download an exploit that will let him see porn.

Well, we have to shutdown rootshell.com and censor 2600 when they post code for exploits.

This is insane. If you write crap code and people crack your software (I don't mean warez), you should get better programmers. This is nonsense. How many little kids would know how to do this? If the parents really cared they would be in the room with the kids while they were browsing the net.

Re:Real information

[mpe]

Save your breaking and entering analogies for piracy. This was an act of free speech consumers have a right to know what they are paying for.

The US motor industry is probably regretting that current attitudes wern't arround a few decades ago. Then they could have put that "anoying" Mr Nader behind bars. This is simply another version of "consumer journalism", exposing a product as being of poor qualityi, poor workmanship and barely able to carry out it's intended purpose.

This encryption scheme is not a method to stop piracy or digital theft.

For all anyone knows a commercial competitor could have "ripped off" this list ages ago.

Re:Putting on Abestos suit

[gorilla]

I don't have a problem with you choosing to use blocking software on your own computer. However, I think that you should have the right to be able to see what is block and what's not blocked, and to correct the mistakes on the list.

I do have a problem with libraries using blocking software, as they have traditionally been strong proponents of free speech, and this is a dangerous precedent to set.

Re:Picking a nit ...

[Malcontent]

You are right. We don't deserve it but we got it coming to us. It is our fault to some degree.

Re:I see no problem here

[DaveHowe]

If your child is bright enough to find the crack to cyber patrol on the web, download/run it, and beat your pathetic attempt at stopping that child from seeing whats really out there then you have little to worry about. You kid is smart, able to think for themself, aware of political censorship (you) and somewhat rebellious. All are admirable qualities!!
Unfortunately, you are overlooking the "script kiddie" (no, that wasn't an intentional pun) effect - Cut-down "find admin password only" copies of this code will already be being passed from hand to hand in schools - as the geekier kids that ARE capable of finding, downloading and so altering this code experiment with buying a bit of peer-group respect with their talents.
--

Re:I see no problem here

[cgadd]

> Yet another poster who is not paying attention to the article, it's details,
> or the facts in general. This program only exposes the contents of the
> cyber.not list, it doesn't allow anyone to circumvent it's 'protections'

Wrong! I'm running the app right here in front of me. It clearly displays the Admin and deputy passwords, which will let anyone bypass the protection....

Re:Real information

[cgadd]

> This encryption scheme is not a method to stop piracy or digital theft.
> It has one reason for existance, which is to keep people from knowing what
> sites and what rules are used to block sites.

Actually, I bet it's to make sure that people need to keep paying the makers of Cyber Patrol for new/updated lists every couple months. If the format is public and easily read/written, then someone could publish a free list of domains for use with the software.

Re:Warning: Disinformation!

[goldmeer]

Assuming that a subponea is granted, and there is a extridation (?sp) treaty in place (is there) then is is not difficult for the non-US government to serve the subponea on behalf of the US government. It's also not difficult for the non-US government agency to charge you with the local version of destruction of evidence.

BTW: IANAL

But I just wanted to make sure that everyone is clear, once you have been served a subponea, deletion of the logfile is punishable. I wouldn't be suprised to hear that your system backups are subponead as well if they are to subponea your logs.

Re:Warning: Disinformation!

[goldmeer]

If I were them the first thing I would do is delete all my log files. I don't believe in giving out information like that to anyone when those people aren't technically doing anything illegal.

You do realize that dcestroying subponeaed documents (yes, log files are electronic documents) is a punishible offense, don't you.

Of course, you can choose to disobey any law that you really want, can't you

Re:Logs are useless.

[goldmeer]

if you do that enough, everybody in the world will have it by around the 8th generation

Naaa, It'll just mean that I'll get it sent to me 545 times...

Besides, I hate chain e-mail. I mean I HATE chain e-mail.

We all know that

[Lew Pitcher]

• Might makes Right
• ,
• US law applies to the entire world
• ,
• He who has the gold makes the rules
• , and
• Perception is everything, substance is nothing

It never ceases to amaze me that we abrogate our freedoms because some corporation wants us to. I am also continuiously astounded at the attitude that most people have of "some one else should take care of it".

The people who buy blocking software are "letting someone else take care of" their children's access to the internet. Are they also letting "someone else take care of" their discipline, or their education, or their meals, or their housing? Probably.

It's a sad, selfish world we live in.

Re:Real information

[Cramer]

Maybe, but they aren't distributing their database. At most, they have described a schema.

just block the crack

[eries]

Hey, why don't they just the crack host to their list of blocked siteZ?

Want to work at Transmeta? Hedgefund.net? Priceline?

Re:Warning: Disinformation!

[Ticker]

Yahoo did not write the article. It was written by the Associated Press.

Re:Mirrors of the disputed content.

[shub]

I have put up a mirror at http://www.shub-internet.org/cp4/cp4 break.html [shub-internet.org].
--
Brad Knowles

A Censor's Story

[harhar]

This morning after clicking on the Mattel/Cyber-Patrol story, I found myself in a rather novel position. I had moderator points, and I work for Mattel. And I censor images and text for them. And I read slashdot regularly. Quite an interesting position, non? By the way, I do not speak for my company in any capacity, all opinions and ideas expressed here are my own.

I am one of the people who looks over the immense number of graphics that we put into Printshop, Printmaster & ClickArt. I specifically look for corrupted images and images that may be offensive. Offensive images may be racist in nature, or may be derogatory towards women, or maybe too mature for those who might use our product. The reason we take those out is that the majority of the people who buy these products do not want these images in there. What disturbs me the most when I find a racist image, is the thought of young person in the ethnic group portrayed seeing that image and not liking themselves because they saw it. Childhood and adolescence is hard enough. Parents who buy these products do not want their children to find mature graphics. And I am sure that many women who buy this product would take issue with being portrayed in the old stereotypical ways.

This said, I still harbor very many doubts about censorship in general. I think that adults should be able to look for and find any information that they want or need. I also think that artists and the media should be able to freely produce whatever they see fit to make. And be able to show it in public. But parents should be able to restrict the information that their children receive. And that is what the filters do. Schools are institutions that exist specifically to teach people. The selection of a textbook can be construed as an act of censorship because of the difference in political leanings and depth & scope of textbooks. I cannot see what the issue is if K-12 schools want to restrict what students can use the network connection for. Looking up pr0n can be considered an educational experience, but it is not the kind schools are intended to impart. Colleges are a different matter all together, often times a big part of the experience of going to college is finding out who you are, and free(!beer) information access should be considered an integral part of the process.

But there is still the issue of wrongly blocked sites. And this is probably the biggest problem with filter software. There is a need for quick resolution and correction of wrongly blocked sites.

Thank you for your time.

Re:Mattel????????

[Jim Tyre]

Acourding to the artical, the Suit is being filed by Microsystems Software... Not Mattel, infact the string "Mattel" doesn't even appear in the artical whatsoever (case insensitive). Now this may be an outside peice of information that the author just happend to know, but from this it really dosn't look like Mattel ether makes this product or is filing suit. Do you have any backup that says it is Mattel?

Cyber Patrol, Inc. was bought by Microsystems.

Microsystems was bought by The Learning Company.

The Learning Company was bought by Mattel.

LawSuit-Happy Americans try to police the world

[yuriwho]

<rant>
All these lawsuits by American companies against poor little foreigners (regular joes who post stuff on their sites) are really starting to piss me off. Americans (and American companies) think they are the police to the world not only in military matters but in internet matters too. These companies are using the intimidation of lawsuits to prevent freespeech elsewhere in the world. Even if the lawsuits are frivolous and based on the law in the defendants country, they are picking people who do not have the financial wherewithall to defend themselves, leading to court precedents that hurt everyone who follows. One of the most flagrant examples of this type of American attempt to impose their laws on foreign soil is the Helms-Burton act which would allow americans to sue foreign companies that have benefitted from properties that had formerly been American in another country. The bill was primarily aimed at Cuba (don't even get me started on that one) but affected any property worldwide that had once been American! Imagine if the Brittish were passing laws like this, they'd be able to sue most of countries in the industrialized nations. I'm not sure what the outcome of the act was (hopefully squashed) but the essense of it live on in lawsuits like this one.

The system of law in the US must be curtailed! It is out of control with $$$-hunters

</rant>

Re:Warning: Disinformation!

[B'Trey]

This story is from the AP. Yahoo! simply reprinted it. I just sent this email to feedback@ap.org:

A story entitled "Software Co. Sues Hackers" by TED BRIDIS, AP Technology Writer, appeared on Yahoo! News (http://dailynews.yahoo.com/h/ap/20000315/tc/inter net_decency_hackers_1.html). The first line of the story reads:

"A company that makes popular software to block children from pornographic Internet sites filed an unusual lawsuit late Wednesday against two computer experts who developed a method for kids to deduce their parents' password and access those Web sites."

This line is grossly misleading . Cyber Patrol, the software in question, is a filter program which prevents access to web sites which it deems unsuitable. Microsystems Software refuses to release specific info about which sites are blocked, or the specific criteria which it uses to determine those sites. If Cyber Patrol were used solely in private homes by parents to limit browsing by their own children, this would not be a problem. There are legal movements underway, however, to require use of such software in public libraries and other places of public internet access. When these programs are used to restrict public browsing, the public has a right to know which sites are being censored and why. Cursory use of the software shows that it blocks numerous sites which are not pornographic, such as sites on breast cancer, gay rights and birth control. If Microsystems Software will not release this information, it leaves the public no choice but to seek it via reverse engineering of the software itself.

To present the software which decrypts the list of blocked sites as simply and solely a tool to allow children to circumvent the protections is simplistic, unfair and ignores the much deeper issues involved. Such oversimplifications are a violation of journalistic integrity for an organization which purports to report the news fairly and without bias.

A SLAPP case?

[Animats]

Mattel is a California company. It might be possible to use the California anti-SLAPP act [casp.net] against them.

Re:Warning: Disinformation!

[Anomalous Canard]

Not a good idea. If a court expresses interest in a piece of information you have and you destroy it before the court decides whether you have to hand it over, you could be found guilty of destroying evidence, obstructing justice or contempt of court. It is better not to have the information stored in the first place.

Anomalous: inconsistent with or deviating from what is usual, normal, or expected

Re:It IS unethical to crack the code!

[Anomalous Canard]

Let's discuss illegal and unethical seperately.

Is it illegal to decrypt the code (in the US)? I think not. The terms of the license agreement that restrict reverse-engineering are, IMHO, unenforceable because they attempt to restrict rights granted by Federal Copyright law by a contract of adhesion.

Is it illegal to distribute a tool that decrypts the list? I don't think that the DCMA applies because I don't think that there is a copyrightable interest in the list of sites. It is purely informative and functional and not creative despite the effort ("sweat of the brow" in copyright parlance) that has gone into creating it.

Is it unethical to decrypt the code? You are not bound by a coerced promise. I think that the ethics of the decryption depends on the intent of your decryption. I think that someone who purchases the software has a right to know what they have purchased. I don't think that it is ethical to do so with the intent of creating a competing product. Can this information be distributed? I think that there are public policy issues which need to be informed of how this software does its job. I think it behooves us that the information be distributed so that the public decisions that need to be made can be made in an informaed manner.

Anomalous: inconsistent with or deviating from what is usual, normal, or expected

Re:LawSuit-Happy Americans try to police the world

[Anomalous Canard]

And now to something completely different: F***!

Would some kind soul please explain to us poor ignorant non-native english speakers why this word is so bad? For some reason americans tend to go ballistic when this word is used. Yes, it is a 'naughty' one, but this is the real world, remember? If I used something similar in danish when communicating, people would at most consider me immature and probably just ignore me.

Because Americans are fundamentally prudes (pun intended). I censored the word because this reply is going to be sent over a company network.

Anomalous: inconsistent with or deviating from what is usual, normal, or expected

Re:LawSuit-Happy Americans try to police the world

[Anomalous Canard]

The modern English language is the result of a head-on collision between two other languages: Anglo-Saxon (with Germanic roots), and Norman French (Latin roots).

Sorry, thank you for playing. Jesse Sheidlower, author of the book _The F-Word_ says in his Word of the Day [randomhouse.com] site (back when the WotD site was *his* and not "the Mavens'", but that's a rant for another day.)

Words related to the English f*ck are found in a number of Germanic languages, including Norwegian, Swedish, Dutch, and (probably) German. These words all have sexual meanings as well as meanings like 'to strike' or 'to thrust'. There have been various attempts made to connect these words to words in other, more distantly related languages, but none of these attempts have been convincing, due to complicated linguistic factors beyond the scope of our discussion.

The first example of any of these words is actually in English itself, in the late fifteenth century (thus well past the Anglo-Saxon period), when f*ck appears, encyphered, in a brief English passage in a Latin satirical poem. The cypher suggests that the word was already considered taboo.

Anomalous: inconsistent with or deviating from what is usual, normal, or expected

Clarify one thing...

[MysticOne]

Could someone clarify something for me? Why does EVERY Net Censoring product out there have encrypted software lists? I mean, shouldn't they at least be viewable from within an administrative section of the program that requires passwords and what not to get into? Or is it because the corporations don't want people seeing all their mistakes and what not in the list?

Short code please

[GeHa]

Please keep the source code small on these decoders people; the court might wants to save on paper when printing it as "exhibit A" for our attention.

Re:LawSuit-Happy Americans try to police the world

[Anonymous Coward]

Lately I have developed my own personal theory as to why american compagnies (and their government) do things like this: They are not used to dealing directly with foreigners.

This may sound strange, but I actually believe this to be the case. Even though the US society is probably the most diversified one you can think of, the US population appears to be sadly lacking when it comes to understanding and accepting different cultural ways of doing things.

• Recently I saw a program on Discovery, where NASA had arranged 'cultural exchange' meetings, so that their engineers, who will work on the International Space Station, could learn the fine points in socializing with foreigners. Apparently the Japanese/American combination is an especially difficult one, but Eastern Europe/American is problematic as well. Expect a russian to ask how much you earn in a year during casual conversation...
• 5 years ago McDonalds [mcdonalds.com] sued a man here in Denmark for calling himself and his tiny sausage shop for McAllan (he had been a wiskey collector for decades). Ultimately the danish supreme court made a ruling [www.ipb.dk] (in Danish) in favoir of McAllan, which can be interpreted as 'you must be kidding?'. It should be noted that the danish media were unanimously on the side of McAllan.
• Whenever an american megacorp buys a danish compagny, they almost always make headlines when they try and dictate new employee policies without first discussing the new rules with the people on the floor. 'From today smoking will only take place outside the buildings.' is definitely not the danish way of approaching a sensitive problem. Nor is asking for what is considered sensitive personal data, like health or economich status, during job interviews.

I could go on, but you get the picture. Basically 'the american way' is often the source for much headshaking and/or laughter over here I am sad to say. I mean, how would you react if you were told that a society existed where 90.000 children were killed or injured by gunshots each year, and where major law firms waste huge amounts of energy on cataloguing all faults in *all* the pavements in New York, so they can later document negligence on the part of The City of New York when people trip over their own feet?

The most amusing part about the Mattel case is, that the information they are trying to get hold of from the Swedish ISP probably doesn't even exist, and even if it did, it wouldn't help much. I have downloaded the CPHack code together with everyone else and their mother, and I cannot be traced. When asked my ISP has responded in their FAQ that they don't even keep logs of what contents which person download, neither through their dialup connection, nor from webpages they host. This kind of data is considered covered by the danish laws of the right to personal privacy. If a (danish) court ruled that *I* personally probably was doing something illegal, then *I* could be the subject of surveillance when online. Danish ISPs as a rule only log just enough information to be able to bill the right persons, that is all. I believe this to be the case in Sweden too, because they are even more restrictive when it comes to public access to 'sensitive' personal information. So, Mattel, you will at best loose track of me at a specific dial-in pool at one of the largest ISPs in Denmark. Good luck!

So now I am waiting for something like the DeCSS case to surface here in Denmark. I am in contact with a journalist of a small but very influential newspaper, and I have talked about these issues with him. He nearly keeled over when I explained the background for the DeCSS brouhaha in Norway. He didn't think they would have been able to get away with that here in Denmark or even in Norway for that matter, but apparently MPAA was able to put a lot of pressure on some insecure public officials up there. He has assured me that a 'Danish police abides US Court ruling' type headline would definitely be interesing, though a particular case should be examined carefully before going to press, of course. Will be interesting to see the outcome of the DeCSS case.

And now to something completely different: Fuck!

Would some kind sould please explain to us poor ignorant non-native english speakers why this word is so bad? For some reason americans tend to go ballistic when this word is used. Yes, it is a 'naughty' one, but this is the real world, remember? If I used something similar in danish when communicating, people would at most consider me immature and probably just ignore me.

a sack of lawyers

[xeno]

Yet another company flounders about, trying to bludgeon people into submission by hitting them with a sack of lawyers. Are Sweden and Canada within US court jurisdiction? Exposing what a tool does can't possibly be illegal (but exposing how it does it, or providing a tool to defeat it might be, if the hero/perps are within US jurisdiction.) How utterly silly. If Mattel had just shut up and wiped the egg off their faces, they would see little or no real damage to their revinue stream. Instead, they make a big deal out of it, make a futile attempt to squelch the exposure, and end up with a situation where several orders of magnitude more people download the code, tell their friends about it, and generally make it publicly known that Cyberpatrol and their ilk are ineffective at best, and an affront to American civil liberties -- potentially tanking the revinue stream. How is it that such a big organization can't muster the collective brain cells and foresight to see beyond the tip of their corporate nose?

As a side note, do the authors *want* the code mirrored, or just distributed directly? I'll have to look again, but I didn't see a license in the code. Obviously the code and essay make it clear that it's a protest on principle, but it'd be nice to know the desired propogation.

J

Need for Freenet

[Ray Dassen]

Some of the time, I think projects like Freenet [sourceforge.net] are only for the extreme paranoid. (The Freenet technology would be a great way to distribute this type of information in a way that defeats attempts at censorship)

The rest of the time I read about Echelon, big company bully tactics, the great firewall of China and censoring Fahrenheit 451 and start to wonder if the paranoid aren't actually a cabal that tries to look ridiculous in order for us "normal" people not to notice that they're the only ones seeing the true situation.

Add me to the log

[Kris_J]

Microsystems also asked the judge to order the Swedish Internet company where the bypass utility is published to turn over records identifying everyone who visited the Web site or downloaded the program.

Knee-Jerk response: I went and downloaded the application straight away. What the hell do they think they're going to do with the logs? Should I expect a Mattel-In-Black to arrive at my front door in the early hours?

The hideous truth is that we're exactly the sorts of people that censorware advocates are trying to protect the children from - intelligent, progressive, think-for-ourselves - we're a major risk to the estabished order.

I think that web sites against censorware should find a way to detect a censorware product and display a banner, instead of the requested page, indicating that the site does not support censorware and the website can not be viewed if you're using a censorware filter. Then perhaps parents may be forced to (re)consider the product.

Hmmm...

[BJH]

Personally, I think they want the logs so that they can add the list of sites involved to those blocked by their software. Then they can say that they're doing it to prevent kids from downloading this "dangerous" piece of "contraband".

Make it clear to censorware users they are out!

[FreeUser]

I think that web sites against censorware should find a way to detect a censorware product and display a banner, instead of the requested page, indicating that the site does not support censorware and the website can not be viewed if you're using a censorware filter.

This is an excellent suggestion for a partial technical solution to a technical / political problem!

Assuming censorware can be identified by an http daemon, getting a large percentage of web maintainers to "self-block" their content from users of censorware could have a very interestin impact. Imagine an adults ire when they discover an ever growing number of legitimate sites they want to access have refused to deliver their content because of the censorware they installed on their children's behalf. Instead they get a banner berating them for using the product (perhaps with relevant links to anti-censorware sites which they discover to their dismay are censored!). Although it is unrealistic to expect
sites like Yahoo (aptly named, c.f. "yahoos" in Gulliver's Travels) and Google to join in, these big sites rely in no small part on the smaller, personal, and useful sites many of us maintain for our respective comminities. By "freezing out" the censorware users we become not only a large voice against such products, but an evergrowing incentive for people to drop the use of the offending filters.

Alternatively, for those who find cutting off censorware users entirely to be too draconian, one could set up a banner page the censorware user is forced to confront and (at least the first time) read, before continuing to the actual content. Idaelly such a banner page would include links to anti-censorware site and reputable news sites documenting their abuses. After having seen the message once they would of course click through quickly without reading, but that doesn't matter for two reasons: (1) They will have read the message at least once and (2) the message will be reiterated on a subliminal level every time they see such a banner, even if they don't read it explicitly. For the same reason you see Coke and Nike logos plastered everywhere, seeing educational, anti-censorware logos everywhere will have an effect.

Finally, if the censorware products censore a growing number of legitimate sites for displaying such a page and/or logo, this will merely add even fuel to the argument that using such software is much more dangerous to the children one is trying to protect than the so-called harmful material one is trying to protect them against, both by cutting them off from important resources and education materials and because of the distortion its politically/economically motivated censorship has on the public discourse and the ability of its customers to form their own opinions in an informed manner.

In short, I like your idea very much. While not a panacea, it provides the possibility for confronting censorware users with the tradeoff they have made in a very "in-your face" way. The more sites to take this stance, the more they would either be confronted with the cold facts of the choice they have made, or the less usable the net becomes to them because of the software they are using. Either would tend to put people off form continuing its use, which is a net positive for the net as a whole.

If any apache/html gurus out there could toss together a quick 'howto' to accomplish this I would be happy to support it at our site. Alas, I am too buried with work right now to dig into this and impliment it right now myself (call me lazy if you will, though swamped and exhausted would be closer to the truth).

Yet again...

[iCEBaLM]

Yet again companies are trying to get US law enforced on other soveriegn nations. This parallels the ICraveTV and DeCSS fiascos, not to mention brings up the legality of "click wrap" licenses.

Obviously the US court has no jurisdiction, but will render a verdict anyways. I just have to wonder how US citizens like their tax payer money being spent on operating courts whose judgement has no relevance? This would piss me off to no end if I were american.

-- iCEBaLM

Re:Real information

[reptilian]

Aren't databases copyrightable? If they are, breaking this encryption is illegal under the DMCA, since the information encrypted is copyrighted. If it's not, well, there's nothing to worry about.

Man's unique agony as a species consists in his perpetual conflict between the desire to stand out and the need to blend in.

Everyone who has downloaded it

[My Third Account]

It would be a herculean effort to track down everyone who downloaded it based on IP addresses and times.

Not to mention a GROSS misuse of logs, and a GROSS disregard for privacy.

You'd think they just downloaded crack cocaine or something, you can't just track down people because you think they downloaded something YOU DON'T LIKE.

Re:Warning: Disinformation!

[Dirtside]

Others have posted this as well, but none quite properly, so I will again:

And the common "their encryption sucks, it's their fault" argument is trash. If someone breaks into your house because they could smash down your door, is it your fault that you didn't have steel bars? It's a question of whether or not reverse engineering like this is legal, not a "you suck, get better" situation.

Your analogy is false. Look at it this way. If I buy a safe, and fill it with secret documents, and then SELL YOU THE SAFE without giving you a key or the combination, how can I logically complain if you break into the safe? Manipulating data that you have legally acquired is not even CLOSE to being the same thing as breaking and entering, as you would have us believe. This is a common argument when these things come up, and it is always false.

Re:Yet again...

[aqua]

We've talked about this before, but I think it's time to get serious about writing a canopener to extract files from InstallShield and similar SEA utilities without displaying, reading or parsing the license. It can't be that hard, and it would kill off the click-wrap license BS completely.

Hence, "by clicking OK you agree" would fall back to "by using this software you agree," and the latter's perfectly fine, since plenty of reverse engineering can be done without ever running a piece of software.

The World is America's Bitch

[FreeUser]

DCMA is AFIK a USA thing... We can do anything we want in whatever country we live in, provided we don't break the law where we live.

Tell that to the US courts who feel no compunction whatsoever is handing down injunctions against people in other countries for activities which, obviously to any casual observer, do not concern the aforementioned courts in the least (c.f. DeCSS, etoy.com).

Tell that to the US special agents who routinely kidnap people abroad, bringing them over to the United States to stand trial under US laws, often for activities or behavior which was committed outside of the US and therefor outside of US jurisdiction.

Tell that to the US Army, which on more than one occasion has invaded a country for violation of US Law (remember Panama and Noriega?), completely at odds with both international law and international norms.

Tell that to the IMF, the World Bank, and the WTO, who can coerce with extreme economic threats any government (including, ironically, the US) legislation of nearly any kind under the argument that trade is "unfairly restricted" otherwise. Definitions are deliberately vague, changing to fit the political agenda of the moment.

Most of all, tell that to the Politicians whose hubris in ordering such actions threatens to destroy not just the external victims of their intoxication with power, but the US itself.

Not that they'll listen. After all, if they won't even listen to their own people (and from personal experience I can assure you they don't), they certainly won't listen to a bunch of durn' pinko commie bedwettin' ferrener's anyway. Still, the more voices added to the chorus, the more difficulty they'll have in ignoring it, over time.

Much more importantly, tell your governments to start standing up to the US and stop being our lapdogs! After all, if we lose the battle to stop and reverse the hemorrage of civil liberties here, it would be nice to have somewhere to escape to, in order to fight again another day. If your governments continue to behave as an extention of our own, this option won't exist and the downward spiral and attrition of civil rights and liberties may well reach an irreversable point.

Re:The block list

[eddy]

You will have to get one of the freely available test versions of Cyber Patrol (try www.cyberpatrol.com) and install it. The package includes an old list, so you'll have to run the 'update CyberNOT' procedure to get the latest. After that, you can save it away and uninstall CP, keeping the 'cyber.not' file.

Re:Everyone who has downloaded it

[Bald Wookie]

Simple solution for the log files... Encrypt them. Give Mattel a taste of their own medicine.

I would like to suggest ROT-13 as an appropriate method. That's probably enough to keep them busy for years.

-BW

Re:Short code please

[Black Parrot]

> Please keep the source code small on these decoders people; the court might wants to save on paper when printing it as "exhibit A" for our attention.

Yeah, and it needs to fit on a T-shirt, too!

--

We deserve this.

[Malcontent]

I was talking with my wife earlier today about issues like DeCSS and DMCA adn she was shocked that she did not know any of this stuff was going on. I said that I did not expect her and other non-geek population at large to be very informed about such a narrow (albeit important) topic. She then said then we get just what we deserve. She suggested htat we email everybody we know and educate them about these topics. Having thought about this for a while I agree with her. We tend to look down on the "ordinary" american and dismiss them but as long as we don't get them involved we are powerless. I suppose it would help if the geek community was a little more political too but we seem all too happy to bury our noses in our monitors and pretend this is all going to get better on it's own.

Step 1. Get organized
Step 2. Recruit your neighbor.
Step 3. Get involved

Or else forget about it.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: encrypted lists and false positives

[TMB]

Why does EVERY Net Censoring product out there have encrypted software lists?

Because there's a sizable (if misguided) market for censorware, there are quite a few companies vying for that market all of whom consider their prime asset to be their blocked site list, and if there were a plain text copy of one company's list, it would be very easy for every other censorware company to add every site in that list to their own, this negating the original company's advantage.

Now why a company wouldn't think that a list with 75% false positives (assuming that's typical - it might or might not be) isn't considered a liability is very interesting: They get less shit for a false positive than for a false negative. Virtually all censorware products have ways of overriding both. So imagine the two scenarios:

1. Child tries to visit www.perfectlyinnocentsite.com and gets unfairly blocked. They call Parent over, who overrides it. What are the chances that Parent complains to Censorware Company? Pretty low.
2. Child tries to visit www.hardcorepornsexandhatespeech.com and is not blocked. Parent happens to wander by, sees material which they think ought to be blocked, and goes ballistic. Of course they add it to a blocked list, but now what are the chances that they complain to Censorware Company? Much much higher

Because of this, censorware companies feel that the larger list they have, the better, no matter where that list comes from. And therefore they try to protect their list from being stolen by encrypting it. Badly.

So that's why. I know it doesn't make any sense, but that's the rationale.

[TMB]

Warning: Disinformation!

[Syn.Terra]

Look at this opening statement:

A company that makes popular software to block children from pornographic Internet sites filed an unusual lawsuit late Wednesday against two computer experts who developed a method for kids to deduce their parents' password and access those Web sites.

Anyone else notice the disinformation in this? The censorware doesn't just block children, it blocks everyone. They're making it sound like the people who cracked the encryption are promoting children seeing porn instead of promoting the anti-censorship movement. Way to keep neutral, Yahoo.

But then see this:

Microsystems also asked the judge to order the Swedish Internet company where the bypass utility is published to turn over records identifying everyone who visited the Web site or downloaded the program.

Um, why? The only reason I can possibly think of, which is pretty paranoid, is that Microsystems plans on using this as data, to say "hey, look how many people can now see porn whenever they want to, instead of letting us decide what is decent for them!" If you want to get really paranoid, you can say Microsystems wants to track who downloaded it and say "sorry, you've gotta get rid of that program", but I'm not sure how far you can trace IP addresses...

And the common "their encryption sucks, it's their fault" argument is trash. If someone breaks into your house because they could smash down your door, is it your fault that you didn't have steel bars? It's a question of whether or not reverse engineering like this is legal, not a "you suck, get better" situation.

------------

Real information

[|deity|]

And the common "their encryption sucks, it's their fault" argument is trash. If someone breaks into your house because they could smash down your door, is it your fault that you didn't have steel bars? It's a question of whether or not reverse engineering like this is legal, not a "you suck, get better" situation.

What has happened here is that someone did an expert(at least compared to the people that did the programming) analysis of a cryptographic aproach. Something that is specifically allowed under US law.

Save your breaking and entering analogies for piracy. This was an act of free speech consumers have a right to know what they are paying for. The list of blocked sites should not be encrypted with anything more powerfull then a simple shift cipher to keep children from looking at the list in a text browser. The person that bought the program has the *RIGHT* to know what sites are being blocked.

This encryption scheme is not a method to stop piracy or digital theft. It has one reason for existance, which is to keep people from knowing what sites and what rules are used to block sites. Reverse engineering is completely legal. Therefor if they don't want to see their precious list fall into the wrong hands they should use a decent encryption algorithm.

Re:mirrors!

[karmatrip]

Already done. [myip.org]

Re:peacefire down?

[Anonymous Coward]

A couple of points that may be relevant (I'm Matthew Skala, one of the defendants, but this information should speak for itself):

1. We didn't post the Cyber Patrol block list. We posted a utility that can cryptographically attack the block list. In order to read the decrypted block list, a user would have to already have a copy of Cyber Patrol, which they can't get from us. Our posting does not contain material from Cyber Patrol, except for a few lines of hex dump and assembly code embedded in the essay we wrote explaining the break.

2. Although we sympathise with Peacefire and think they are fine people, we are not Peacefire. Peacefire deserves credit and blame for many things, but not for this particular project. We did this independently of them. It wasn't a Peacefire project.

Block porn, allow the KKK

[simpleguy]

I was cusious and downloaded a tool to decrypt blockfiles from peacefire. I was able to decrypt a 4 mb blocklist which resulted in a >10mb plaintext file full of URLS.

Just for the fun, I tried grep'ping for the most known porn site and they were all there.

Strangely enough, I looked for known URLS of the Ku Kluxx Klan, none showed up.

Yeah! Porn is bad, kids should not know about sex!
Lets inculcate them racism and hate instead.

This law does nothing for me as a consumer

[PotatoHead]

I just read this, and am enraged at the very thought of this litigation. I am a parent, and thought for a while about using some of this software because my time to surf with my kids is limited. I never did it though because it goes against everything that I believe about parenting. Those that hide things from their kids only ensure that their kids will hear it from somebody else, and that their values are not the same. Why even go there? Any smart parent will deal with the issue and give their kids the support that they need to make smart decisions. The software is nothing more than a cop out.

Given that I would not use this sort of software, I still have to say that parents that do choose this (lazy!) path have a clear right to understand what it is they are getting for their money. How else are they going to know? Type in a bunch of URLs and see if they are blocked? Maybe if they typed in a lot of them they would understand what was being done. Heck if they thought about it for a while, they probably could just deduce the rule sets based on the content of the blocked sites! Would this then be reverse engineering? I hardly see that as being illegal. I think the DMCA only serves to empower the corporations with the ability to keep their customers stupid. The chances of any group of parents doing this is almost none. Who's interest is best represented here? Not mine!

This decryption is a service to me and reinforces my decision not to use this type of software. There are many ways around this sort of thing anyway. Some of the easier ones that I can think of are easily within the abilities of smart children that I know. Information like this flies through the kid network faster than you think. If one of them really wants to know, I don't think that this sort of software will stop them for long. Just one kid wanting to be popular or cool with a printer could print the content, and the methods of getting it and show it off at school. Give that a few weeks and pretty soon almost all of them who want to see will. Simple. The only ones that can have an effect on this are the parents.

We deserve the right of full-disclosure on any technology that can have this much impact on our lives. How will this happen if it can't be verified. Trust our goverment to handle it? Not bloody likely.

Who can we write to? I am beginning to realize that this is going to be a long battle. Fight it or become just another dumb computer USER.

Oh, the irony.

[Black Parrot]

If Mattel is so keen on keeping children ignorant about their sexual destiny, why does their famous doll scale up to have a Vegas showgirl's legs and doubly implanted breasts? And a wardrobe to show it.

That's the drill, Mattel! Teach little girls to want to grow up to be sex objects, but make sure they don't know what the "sex" part is about until they do grow up.

--

I see no problem here

[yuriwho]

If your child is bright enough to find the crack to cyber patrol on the web, download/run it, and beat your pathetic attempt at stopping that child from seeing whats really out there then you have little to worry about. You kid is smart, able to think for themself, aware of political censorship (you) and somewhat rebellious. All are admirable qualities!!

Congratulate your child for seeing through your silly attempt, and having graduated to the level of being able to view the real world for themselves.
Your kid will trust you so much more when you trust them. (vice versa works too)