Recently in Privacy and Freedom Category

Everyone knows who you are

| No Comments

It's been way too long since I pointed out that on the internet, everyone (well, almost) knows who you are, no matter how hard you try to be "anonymous". Instead of writing up all concerns, I'll opt to provide a couple of links to articles by Bruce Schneier, one of the top security researchers of which the world has not enough.

Whether you read all of it, part of it, or none at all : don't come crying later on that you didn't know. That no one told you that your search queries would be stored, analyzed and shared. That Facebook would know who you are and what, where and how you buy offline, even though you are not a facebook user (by choice).

"Surveillance and Security Lessons From the Petraeus Scandal"

Facebook tracks you online even after you log out

I'm Being Followed: How Google--and 104 Other Companies--Are Tracking Me on the Web

If that's scary, I agree. Can you do something about it? Yes. Be Vigilant. Don't click on everything you see, read or get shoved in your face. Think twice. Think again.

Install some third party browser add ons that help you get rid of some of the trackers, web bugs or beacons. Here are a few worth considering.

Adblock Plus

And if you're really interested in privacy and concerns : Crypto-Gram

Too late when it's gone

| 1 Comment

Even though my mind may not yet be as clear as it normally is, I feel good enough to write about something that has been going through my head for the past day. In fact, this touches base with a topic I have been interested in for quite a couple of years now - feel free to browse other entries in these categories on this blog - which is privacy.

First of all, what is privacy? I can not give you the answer, because I feel privacy is a term that each and every one of us fills in differently, which makes it a very difficult topic to define for starters, but also difficult to discuss or reach common regulations regarding. What I would like to do however, is list a few recent incidents that all relate to privacy in some way or another - at least in my definition of privacy.

Tunesian Governement harvesting usernames and passwords

Search Ruling Makes Smartphone Security More Crucial

While the above incidents are governments restricting or hollowing out privacy, there are plenty examples where corporations do so.

Now, especially in the case of the first incident, where a drugs dealer is arrested for attempting to sell drugs to an undercover agent, and has his smart phone searched, you could think "of course! He's a criminal, he should be stopped and each and every method to find more criminals is good."

Now, imagine this situation : you're driving down the highway, with a broken tail light, a patrol pulls you over, checks the car and the office decides to take a look at your smart phone. Hey, you're a "criminal" since it's illegal to drive around with a broken tail light.

Still the same thing? Or maybe you think that you don't have anything to hide from anyone, because you are not doing anything wrong? That may very well be true, but privacy is not about doing wrong or right. It's about being able to do what you like without people interfering. It is not illegal to have $120,000 on your bank account, but do you feel comfortable with a stranger taking a peek onto the balance? It is not illegal to have photographs taken while you dress up as a manga character and get whipped silly by a woman dressed as a furry rabbit playing Beethoven while masturbating - how the hell do I even come up with these examples? - but do you feel comfortable having those photographs seen?

Privacy is a feeling. It seems all to natural and "there", until, one day, it no longer is. And by the time you miss it, it's way too late to take a few steps back. Be vigilant. Be aware what you share and whom you share it with. Respect others' privacy as you'd like yours to be respected. After all, my privacy ends, where yours begins.

I can suggest these sites and/or EFF projects :

Surveillance Self Defense project

To Link or Not to Link?

| No Comments

I've never been too keen on social networking tools or sites such as Facebook or netlog. Sure, I do agree that they have their value and probably are worth their while to some, but I consider the trade off between the privacy one gives up and the benefit their use may offer to be unbalanced.

However, after careful research I've created myself a profile at LinkedIn. Find it here : That's all I've got to say about it.

Limiting access

| 1 Comment

I spent last night with a redhead on my lap... the more I petted her, the more she purred and she really got into giving me kisses as well. Too bad it was the furry feline kind of redhead, and not the hot and sexy humanoid version.

I just decided to block an entire IP range from accessing my blog, due to some recent changes in policy that went into effect. While I'm very much for open access, not all views expressed here may be as accepted as I'd like them to be, nor is everyone as open minded about certain ideas and opinions. It's one thing to think an Ogre is ugly as hell and tell people so when they ask you about it... and then there's picking up a stick and poking an Ogre while yelling "you're ugly"... which is just plain stupid.

Anyway, I doubt that you'll be affected by the block, but if you are and think you shouldn't be, feel free to let me know.

Clothespin Questions


I just got back from the cinema where I saw "SM Rechter". For those unaware about the plot, the movie is based on a true story where a judge is convicted and stripped of all his rights and pension because he agreed to practice SM with his wife. She was the initiating party and asked him to perform these things on her. For the record, they are still living together and still very much in love, even though the judicial system chewed them up and spit them out for following their most intimate and private desires.

Doesn't it strike anyone as curious by the way that a search for the name Koen Aurrousseau or Magda De Herdt results in little to no information about the original case? Sure, back in the days internet wasn't used as much to blog or express opinions but I consider the case to be one of the most important in regards to invasion of privacy.

Anyway, the movie only makes my anger grow stronger, for how this couple has been treated, and for that reason I would like everyone to think really hard about a couple of things. I'm not even expecting feedback or a comment... the mere fact that you've given it a couple of minutes of your time is enough for now.

Question # 1 : Should laws exist to regulate all things in life, whether it is public, private or somewhere in between?

Question #2 : If these laws should exist, who would you consider capable to create those laws and where possible prosecute cases based upon them.

Question #3a : If a certain excess or an extreme case pops up, which is not yet covered by a law, would you want a law to be created in order to stop these excesses in the future?

Question #3b : Even if such a new law could also lead to prosecution of cases that are - for the time being - considered "acceptable" by a (silent) majority?

I think most of my readers already know what I think about the Aurrousseau case depicted in the movie, or how I feel about invasion of privacy and the continuing battle to safeguard the rights of the individual, free speech and free thinking. Anyway, I've left the answers to those same questions in a comment, so feel free to glance over them AFTER you've come up with your own :)

PS : If you come back from the movie and only recall seeing ropes, boobs and spanking, you've totally missed the point and I suggest you rent some bondage or SM movie that was created specifically to arouse you. The SM content is nothing but a clothespin that holds the much more prying and important underlying theme up : do we still have the right to decide about our own body for ourselves?

PS2 : not as unrelated as you may think in these days of digital imaging, video and communication - Surveillance Self-Defense (site created by EFF)

The UK was just scrapped from list of countries to possibly live one day, all because of this : Extreme Porn Law.

I don't think anyone has the right to decide what others should distasteful or illegal. It starts with laws such as this, then broadens to frowning (even more) on two men or women making love to each other and ends with the morality police standing next to your bed making sure that you are only getting your groove on with your (different sex) partner in missionary position with the lights out and as little pleasure as possible.

If I have sex, I want it to be as pleasant, dirty and messy as possible, with the full consent and approval of my partner of course.

So... there is only one answer to all this :

1984 - 2008: nothing's changed

| 1 Comment

An excerpt : "The German government yesterday passed a controversial anti-terror law that would grant police the power to monitor private residences, telephones and computers. Instead of tapping phones, they would be able to use video surveillance and even spy software to collect evidence. [snip]...[snip] The bill, called a building block for Germany's security architecture by interior minister Wolfgang Schäuble, still needs to be approved by the lower and upper chamber of the German parliament"

Full article at : German government approves plod-spyware law.

Also in Europe, this time in Sweden, they're trying to pass a law that would allow the FRA to monitor all incoming and outgoing communications, affecting all Internet traffic and all telephony traffic, meaning web surfing, e-mail, phone, and fax are affected, to mention but a few.

Domestic communications would also be fed through the FRA due to technical routing reasons. In effect they would be spying (or at least have the capability to do so) on domestic users, but also intercepting all e-mail traffic that for instance goes from England to Finland, as international routing often passes through various other countries before a packet reaches the final destination.

There seems to be little international concern over this proposed law so far, and there is even less information available in English. I'd like to refer you to a post by Rick Falkvinge, leader of the Swedish Pirate Party. Not the most objective party, I admit, but sometimes you have to work with what you've got.

You can contact a local or national politician, or you can support organizations that stand on the barricades for your privacy and online freedom every day. Visit the Electronic Frontier Foundation (EFF) or European Digital Rights (EDRI) website and support them, or learn how you can help.

I now pronounce you

| No Comments

I bet you were thinking Chuck and Larry, weren't you? Wrong guess :)

I now pronounce my main machine to be terminally ill, and practically deceased. While it was running rather stable last night with some extra cooling - thus strengthening my guess that some fan wasn't up to it's task anymore - today it shut down without any error and rebooted, twice. Sounds like something is seriously amiss, ain't it?

Anyway, I followed Hilda's "Zen Zen Zen" advice and flicked the power off, dropped a load of laundry in the washer and went to take a shower. No need to go crazy about something I saw coming. I managed to write a couple of CD's last night containing a bunch of things I'll need if I reinstall or move to another machine, and all (I think I got them all) my passwords are safely backed up as well, so till I have decided what to do with the old box, there is no need to stress about anything. Sure, access and reply to mail may be a bit slower, but all things considered, this ain't something that can't be resolved with some effort and focus.

Oh, because I can't stay away from privacy related topics, I'm pointing you to a complete set of instructions regarding preserving evidence on electronic devices to be followed by UK police officers at ACPO Guidelines for Computer Evidence (PDF format, 2.7MB). I do that not because I want you to know how to commit the perfect crime, but because it'll make you understand that traces are left everywhere and removing data may be practically impossible.

I know some of you dread my technical or privacy related posts, but if I didn't feel the absolute need to post about these topics, I probably wouldn't. However, privacy and freedom is something you only learn to value when it's taken away from you, so there is a need to vigilant about it.

How many of you know that laptops and other electronic devices can be searched when crossing borders? It happens frequently when entering the USA, but according to the article Crossing Borders with Laptops and PDAs it is also a common practice in other countries such as the UK.

While I didn't take all precautions while traveling with my laptop, it was (and remains) completely encrypted with a strong password and all content that wasn't needed specifically was removed before packing it.

While you should in fact wonder why it is that officials are allowed to search your devices - wouldn't that amount to reading your snail mail? - it may be too late to turn those regulations around, so you better come prepared.

Click Crime by Mark Rasch. Interesting article that might give us all a peek at what's heading our way. In case you don't feel like reading through it - damn you, lazy bastard :D - let me attempt to make it easy for you by giving a non technical example :

You get or find a leaflet that states : "car with keys in ignition can be found at <location>". If you actually go there, you are arrested for grand theft auto (not referring to the GTA4 game, lol), even though you only claim to have been there to take a peek, nothing else. Call it curiosity, call it stupidity, who knows? Maybe your intention was to actually drive off with the car. Now transpose that to the invitation to clicking an internet link that promises to lead to illegal content, and actually clicking it.

If you've even seen the movie "Minority Report" you may see where I think this is heading, and if you go a little further back, think "1984" by George Orwell.

While the article quite correctly states "as few in society are willing to be seen as coddling or protecting child pornographers", you must always remember that if you don't speak up when they take away the rights of someone else, who will speak up when they knock on your door?

I'm not defending pedophiles or condoning child abuse. However, in order to have freedom, you'll also see - to some extend - abuse of that freedom. Which would you value most : freedom and some abuse, or no freedom at all and hence no abuse. I value my freedom very highly and will gladly accept that some will abuse it. The day they take away my freedom (physical, mental, perception of it, whatever) is the day I head for my final check out.

Jumping on thin ice?


It's been a long and busy day, but in the end everything nicely fell in place. I'll sleep like a baby though (unfortunately, that doesn't mean I get to suck on nipples all night long, lol).

Fitna - the (controversial) movie about the Islam by Geert Wilders has been released and can be viewed on I'll be providig a direct link to the english version as well as a link to liveleak using the coral content distribution network, which would save them some bandwidth : Liveleak through CDN. If the latter works, please use that link.

If anyone wants to leave a comment that I'm promoting hate or anger from or towards certain social, religious or racial groups, feel free to do so. I am an avid supporter of free speech, and also support it when a message I don't agree with is being sent. I haven't seen the movie yet, so can't comment on it. If I find the time to actually watch it and write something about it, you'll be able to read it here.

Note : I also think that anything and everything should be allowed to become the subject of humor, even if it could be considered offensive to some. Feeling offended by something that is being said, written or depicted means you take yourself or your ideas too serious anyway. People don't make (good) jokes about things they don't understand, or at least have thought about. Humor can be subtle, in your face or extreme. Even if it seemingly makes fun of your beliefs, consider it a form of flattery. If your beliefs were unimportant, no one would bother making jokes about it.

All the ladies!

| No Comments

Hats off to you, Nash and Ash. Wait, it was Nadia and Ashley, lol. To answer your question Nadia, it's really quite simple : make sure people are informed about what is going on. Yes, it may appear to happen only in far far away countries (though Ash lives in the USA, so that should give you some idea how irrelevant geographical locations are in cases like this) but as you point out yourself : why wouldn't or couldn't it happen here?

Yes, the data protection regulations in most European countries are tighter and more secure opposed to those in the USA - for now. However, they are sliding as well and each precedent or case that remains unexposed or unchallenged chews off a tiny piece of the privacy and safeguards we have. Take a good look at the map displayed here and draw the conclusions yourself : map of surveillance countries around the world.

When is it too late? Is it when the thought police knocks on your door because you've unconsciously dreamed something that was forbidden? What if you didn't even know it was forbidden because no one could tell you that? Because the information itself was "classified"? Each and every one of us should draw the line where they feel comfortable, however, that is not how it works. Regulations and laws are often reactionary and based upon worst case scenarios that are all to often not even real threats but fabrications of a lobby that sees excellent opportunities to advance and positions themselves.

The best defense is information. Only people that are informed about what is going on and what the repercussions of their choices can be can make correct decisions. Getting fed dumbed down information with a twist depending on who's feeding you the info doesn't count. Right now the monitoring lobby biggest claim is : "if you have nothing to hide, what's the problem?" It is a very powerful and aggressive statement, even if it appears to be mellow and harmless. However, if you try answering that question, you'll feel that you are forced to defend yourself, forced to explain why you don't want to be monitored 24/7, and while doing so you sense that you may not be so innocent or such a good patriot as those asking you that question would like.

Next time I see you, I'll bring my copy of "Chatter" along so you can borrow and read it and you'll understand a bit better how essential these questions and choices actually are. The change in climate is not the only thing endangering the quality of life of our species.

To end this - much longer than anticipated entry - I'll leave you all with a statement that may symbolize the importance of electronic snooping and signal intelligence. Ask anyone who's home has been burglarized what's worse : "the invasion of privacy and their home", or "the actual material loss" incurred. Once you have figured that out for yourself, you will see the larger picture and why informing people is so important.

I actually only wanted to post how I feel today, in the form of some lyrics, but I got carried away, lol.

Now this looks like a job for me
So everybody, just follow me
Cause we need a little, controversy
Cause it feels so empty, without me
I said this looks like a job for me
So everybody, just follow me
Cause we need a little, controversy
Cause it feels so empty, without me

(without me - eminem)

I won't give up ;-)


I'm sure some of my readers may have seen the "I Refuse" rant I wrote a couple of days ago. Not totally unexpected no one bothered to comment on it, either because they didn't actually read it, didn't care, or didn't get why exactly this kind of stuff is important. Or maybe I was just ranting on and on boring everyone out of their skull.

Luckily, Bruce Schneier has a way with words and has a very good essay up about the topic. Give it a try people : Security vs. Privacy.

I refuse

| No Comments

to be scared. I refuse to be monitored. I demand that people and governments respect my privacy. Yes, I'm going to sound the alarm about privacy once again. Why? because it is so damn important!

First I'd like to point you all to a recent court decision that basically states that a "cease and desist" letter can be copyrighted. (slashdot article here : Court Says You Can Copyright a Cease-And-Desist Letter) For those of you not in the know, a cease and desist letter basically is used to shut down internet operations that are often critical of those serving the letter. Attorneys, law firms and the works love to send out these notices on behalf of their customers. In response, the party receiving the letter often published it online to show the world what the bullies were up to. Now a judge - with his head up his ass I assume - has ruled that the letter itself can be copyrighted, and thus not published without the sender agreeing to it. Sorry, but if I ever receive a letter that has a possible impact on my presence here, I'll damn well publish it for all to see. If that means I'd be breaking the law, so be it. Another case they can take me to court over. Don't let them get away with things like this, people! Did you know that is has become dangerous to actually report about insecure systems, publish reports or be a whistle blower? If we don't protect the people that aim to disclose information for the greater good, where does that leave us?

Secondly - and this may be even more worrying though not unsurprising to some - is the fact that the German police and government has actively been developing trojans to capture and decrypt Skype voice calls and communications. The documents relating to this matter are online at wikileaks (Skype and the Bavarian trojan in the middle) for everyone to see. Those who want to argue that the intelligence community of a country needs to adapt to the developments that occur in secure communication, are of course right. However, if planting trojans on suspect computers is the level they want to - or need to - lower themselves to, I have little confidence in their overall compliance with regulation and laws when it comes to privacy. I'll suggest you all to pick up a copy of "Chatter", or ask me to borrow my copy of the book and see where all this leads.

Bruce Schneier has said it before : refuse to be terrorized. Not only do I refuse to be terrorized, I also refuse to be monitored.

Nice, very nice

| No Comments

Linden Lab - creator of Second Life - sent me a mail yesterday that they will now (the law has been into effect from July 1st, 2007) be complying with EU tax regulations and charge my account accordingly. My Second Life just got 20.5% more expensive.

More information at the Official Linden Blog (Questions about VAT?), on my Second Life blog (virtualSecond Blog) and I submitted the story to slashdot.

Think, Verify, Send


As comments get less attention than regular entries, I've taken the liberty to turn Shava Nerad's comment into a full post, as he or she points out some very important points in regards to security on the internet, and not just when using tor. Thanks for the feedback and time, Shava!

Thanks for your defense of Tor! I need to point out that, although the Tor network was used in this case, probably millions of usernames and passwords are exposed on unencrypted wireless, daily, all over the world.

It is important, I think, to understand that you should never give a username and password to a web site that has an "http" address, only to "https" addresses. A connection through Tor can be encrypted end-to-end -- but only if one is communicating with a secure protocol -- https: or encrypted chat both would be examples of this.

We are very careful, usually, to only put a credit card into a web page that has a "lock" symbol in the corner of the browser window. Everyone should be equally careful never to give a username and password to a page that is not "locked" -- not secure.

You should at the least use different passwords for insecure accounts, like those at and (which ran the embassy story today), which ask you to give a username/password on an unencrypted link. But even this can open you up to people posting things you wouldn't wish to have said in your name.

It is only through understanding our security online -- through understanding tools such as Tor, and what https: means, and what a phishing attack is, and so on, that we can manage our risks online.

The last node through which traffic passes in the Tor network does not in fact need to pass data to the destination unencrypted -- if the origin and destination are using a protocol that supports encryption.

You wouldn't say that the people who make your backup software are at fault if they don't force you to back up your files regularly. We, like the backup software creator, warn people in our documentation that the protection of Tor is not foolproof without educated and disciplined use. And like backup software, if you don't use it right, it can do nothing to change what has already occurred.

We have advised, and continue to advise users of the Tor network to use encryption end-to-end whenever it is prudent and/or possible. But those end-to-end encrypted products (https, encrypted versions of email and chat) are available to the users in many forms -- it would not be proper for us to dictate what people should use, but only encourage them to take precautions.

Shava Nerad
Development Director
The Tor Project

Don't look away, read and learn!


While this may seem a bit of a technical entry again, I urge everyone even slightly interested in the internet, computers and communications to read on. In the long run, you will be affected whether you like it or not.

First, I'd like to point you to an article talking about the recent Storm Worm, a malicious piece of software that is believed to have created a gigantic bot net consisting of up to 10,000,000 machines. This puts a whole lot of processing power into the hands of people with less then honest intentions. In fact, the Storm botnet can easily withstand performance comparisons with super computers used for research purposes. Are you a part of it?

Then we get to the question : who has to clean up the mess? Are ISP's to allowed to intervene and cut the connection of infected machines on their network? Or are the users responsible to keep their machines clean and uninfected? What if they don't? My answer would be quick and decisive : infected machine on the network? Cut the connection and stop the spreading and attempts to infect others. That solves the short term problem, and forces the user to take action. Yes, they may pack up their bags and sign up with another ISP, but really... do you want infected machines on your network? I'd say no. Full article can be found here : ISPs turn blind eye to million-machine malware monster.

You may also have heard about a recent breach in security that spilled the login ID's and passwords of the email accounts of embassy personnel all over the world. Today he published details and admitted that he used the distributed anonymity service tor to accomplish his goals. Tor is nothing but a tool, it's not a virus, it's not spyware and it's not malicious. Don't blame the tool for being used maliciously. Think of it as a hammer. You can use it to drive nails into wood and build yourself a home, but you can also use it to break the glass of a car, to attack a bank runner or to kill someone. We don't go around yelling hammers should be illegal, do we?

With the recent mentioning of tor in the embassy e-mail heist and it being abused by the Storm Worm bot net as well (this time not as a tool, but rather by spreading an infected file posing to be the official tor software) I can see people getting concerned about tor, yet they know little about it. Let me assure you again : tor is not malicious! If you want to know and read more, go to the only official tor site at

Congratulations if you worked your way through all this, even if you skipped the articles I referred to. I'm glad that even if you don't agree with me, or only understood 10% of everything that I talked about, you are interested in privacy and security. With the ever growing interconnectedness of services, institutions and computers, the requirement to be aware of privacy concerns will only rise.

I came across an interesting service yesterday, and I think it will come in handy some day : Coral Content Distribution Network. It can help you access sites that are overloaded or over their bandwidth limits by going through a series of worldwide servers that retrieve information using peer-to-peer techniques, and thus only have to request the information from the originating server once. Mind you, it's only geared towards static sites (such as this one for instance) and won't help you to log in to your web mail account.

Want to try it? (original site) (through Coral CDN)

Indeed, it's as easy as typing "" behind the site you're trying to reach. Probably not all that useful for the average surfer, but I can definitely see the value of having this knowledge flowing through my synapses and storing it in my neurons for eternity.

Privacy and Disclosure

| No Comments

I will not be disclosing any more (or new) information on this blog in regard to some current issues and situations. If you feel you are on a need-to-know basis, ask me personally and you may even get an answer.

If you are someone that I don't consider to be part of that very small circle of people that need-to-know or with whom I feel fine sharing things, rumors or statements will be neither confirmed nor denied, but just ignored.

Take that


I don't like people being told what to do, how to behave or in generally be restrained. Sure enough, if you use the service(s) or servers of a third party provider, you are bound to play by their rules. I don't like rules, especially not if they are like this :

- we hold the copyright to all content provided by our users, and can redistribute, republish or reproduce it at our discretion
- we are god and can (and will) do anything we like with your account. We can ban you, remove your account,...

I believe in the freedom of speech, even if it voices opinions that oppose my views and beliefs. I dislike censoring, even if it means I am bound to run into things I may not agree with sooner or later. I can make my own decisions and choices - I ask from the world they respect those choices. I don't need you to accept them, or agree with them.

All of the above reasons are just a little part of why I've always ran my own (rented) server, where I do what I want and what I like (within legal boundaries, obviously, but that's matter for another discussion some day). I decided to provide someone I like very much with the same opportunities. No more rules, no more whining. All the power to the individual. You'll hear about it elsewhere when the time is right to know.

One down, lots to go

| No Comments

I don't know if anyone recalls how I absolutely despite spammers, and do everything in my power to make their life as difficult as possible. Today I received a letter from the FPS Economy, SMEs, Self-employed and Energy, which is the department that handles spam complaints filed by Belgian inhabitants in regards to spam sent by Belgian companies.

It was a complaint filed back in the stone age (December 8th 2005 to be correct) and it took a follow up mail from me to actually get feedback on the status of the case, but now I have another confirmed victory on my name : Mary Porcelijn Select BVBA was inspected for compliance with article 22 of the the Act of 11 March 2003 on certain legal aspects of information society services (aka "electronic commerce act"),and received an official warning for violation article 7, paragraphs 1 and 14.

I wonder which spammer will test my perseverance next?

Links : unsolicited electronic mail - Spamming : 24 Questions and Answers (PDF)

Who would have guessed?

| No Comments

An excerpt from the full article (link below) : ...DRM has become much more than that. It's now a behavioral modification scheme that permits this, prohibits that, monitors you, and auto-expires when. Oh, and sometimes you can to watch a video or listen to some music.

The basic point is that access control technologies are becoming more and more refined. To create new, desirable product markets (e.g., movies for portable digital devices), the studios have turned to DRM (and the law) to create the scarcity (illegality of ripping DVDs) needed to both create the need for it and sustain it. Rather than admit that this is what they're doing, they trot out bogus studies claiming that this is all caused by piracy. It's the classic nannying scheme: "Because some of you can't be trusted, everyone has to be treated this way." But everybody knows that this nanny is in it for her own interests.

Privately, Hollywood admits DRM isn't about piracy.

Skynet sucks (sequel 4567913347)


I'll have to look up my contract, but this I find this "press release" quite disturbing :

15/01/07 09:12

Dear News reader,

Given the amount of illegal content circulating in binary newsgroups, we have decided to stop hosting articles containing binary files (binaries) on our news servers ( as of 1 February, 2007. To enable you to keep following your favorite discussion topics, newsgroups publishing articles in plain text will still be available. The posting period of these articles will be extended to three months.

The NNTP service (protocol used to transmit news on the Internet), which
allows access to newsgroups hosted by third parties, will remain available. You will therefore be able to continue using the news servers (both public and private, paying and free of charge). You can easily find a list of these servers by conducting a search with your favorite search engine.

Thank you for your understanding.

If I recall correctly, I pay €57,05 a month for my internet which up to now included access to the skynet news server. Last year, they cut off access to hundreds of binary groups offering MP3's (of which some carried illegal material, but lots were perfectly legit as well) and from February 1st 2007 all binaries will be dropped. I think I'll have to ask them to lower my bill as well, as they'll be providing less service. Time to get in touch with them... or even drop them altogether!

Update : Scarlet has been considered and dropped - even their online support desk is unreachable. EVOnet seems interesting but is a little light on total traffic offered per month (15GB). So far EDPNet seems the best candidate to get my money as their ADSLMax 6 Dyn packet offers higher speeds (download and upload wise) and is cheaper when compared to my current Belgacom Skynet ADSL Plus plan. I've contacted them to check for availability of usenet and binaries.

No good.

| No Comments

Something to take into account

| No Comments

If you thought that VoIP calls over the internet were anonymous, think again. According to a recently published study, Tracking Anonymous Peer-to-Peer VoIP Calls on the Internet is possible by using a watermarking engine that changes the otherwise non-distinctive VoIP flow into a trackable unique stream by use of inter packet timing differences. I suggest you read the complete paper (PDF) to know all the nitty gritty details. If you have a hard time obtaining the paper, or the connection times out, use Google's cache.

Will this forever change how people use VoIP? I really doubt so, because even if less than 0.1% of the current VoIP users worldwide read this paper, it would be a huge success. Besides, reading the paper will only alert you to the possibility, but it won't fix or make your calls "untraceable". As long as third parties are able to come between you and the one you're calling, the VoIP stream can be watermarked and traced.

If you now think "but Skype encrypts all calls using 256 bit AES" you are correct, but missing the point. Encryption doesn't matter for this type of watermarking, as no one is trying to figure out what is being said, or what data is being transferred. This technique just proves computer A connected/talked to computer B at a certain time. Adding more encryption, or using an anonymizer network won't help.

I promise to post something "lighter to digest" over the weekend :)

The Californian appeal court decided on 26 May that online journalists and bloggers have the same right to protect their sources as all other journalists. The case was brought to court by Apple Computer demanding from a number of news website operators to reveal the source of confidential information posted about some of its products.

Initially the trial court had ruled in favour of Apple but the appeal court changed this decision stating that the defendants were protected by California's reporter's shield law, as well as the constitutional privilege against disclosure of confidential sources.

A major point in the case was whether the writers involved deserved the protection of the First Amendment and the sites involved could be considered a "newspaper, magazine or other periodical publication" as it is expressed by the law.

The Californian Court of Appeal's decision is considered as a major victory for press freedom. "This is a victory for the rights of journalists, be they online or offline journalists, and it's a victory for the public at large", said Kurt Opsahl, the staff attorney for the Electronic Frontier Foundation, the group that represented the journalists. "It protects the free flow of information to the press and from the press to the public".

Reporters Without Borders added: "The Californian appeal court's decision is historic because it gives a new legitimacy to bloggers. Even though they do not have press cards, they will henceforth have right of place in the world of news and information".

The case highlights the lack of precedents in the UK regarding the journalistic protection. The Contempt of Court Act of 1981 is an equivalent act protecting journalists and although the law does not provide absolute protection for sources, the court is required to decide whether the request for source identification is sufficiently in the public, justice or national security interest to over-ride a general presumption of source protection. Recent cases have tended to favour the journalist's right to protect his sources.

John MacKenzie, a Solicitor Advocate and partner with Pinsent Masons law firm suggested that the Contempt of Court Act is broad enough to cover operators of Internet news wires, blogs or other new media content.
(source : EDRI-gram newsletter Number 4.11, 7 June 2006)

Decision in Apple vs Does (20.05.2006)

Huge Win for Online Journalists' Source Protection (26.05.2006)

Court ruling protecting bloggers' sources hailed as historic (30.05.2006)

UK bloggers also likely to be Apple-proof (01.06.2006)

Value your freedom!

| No Comments

I'm sitting in my livingroom, having a cereal breakfast while entertaining Tai. After work I went over to J&M's place to take care of their three tigers and feed them.

In under 48 hours a new gun control law is going in effect in Belgium, seriously limiting which weapons are available to purchase freely. Even though I don't need a gun or a rifle, have no real reason to "want" one, as many people I've been thinking about buying one. I think that reaction comes from a "don't tell me what I can or can't do" sentiment because as I see it, one individual fucks up and kills 2 people, injuring a third one badly, and everyone pays for it by more limits being imposed. Sometimes it makes me feel as if we're all treated as babies in a kindergarten.

Is it obvious that I don't like being told what to do? I think I'm perfectly capable of deciding for myself what I want, need or like, and I don't need anyone telling me what's right or wrong, legal or illegal. That being said, I don't think I'll go out and buy a gun, not even to give the government the virtual middle finger. That would be plain stupid I think, but this issue runs deeper than I expected at first. What's next?

Mind you, this entry is not about being opposed to gun control laws, nor is it promoting weapons in any way. It's just the topic currently used to show that I value freedom and freedom of speech, freedom to decide, and likewise things very much. And it reminds me that tor has seen a new and improved stable release a couple of days ago. Go grab it!

For a couple weeks now, a contest has been promoted online, on a radio station, where people have the chance to win a house, valued at 600.000 euro. Not bad a prize, one may say, but when I was checking out the website and looking at all parties involved with the contest, something kept telling me joining this contest thing was a bad idea. Suddenly I noticed the name "Permesso", which rang a bell. Not because I know the people or the company behind the name, but because I immediately connected it to the english word "permission". And that... I didn't like.

I dug a little deeper and sure enough, Permesso is a Direct Marketing firm. They collect data and market stuff, so all the data a contestant enters online - or is requested later in the game, which I don't know for sure as I decided to back out - is worth hard cash to them. Enough to warrant a 600.000 house to be handed out? Probably, otherwise they wouldn't be having this competition in the first place.

Imagine yourself giving up a bunch of personal data and details for an odd chance to win a house. Sure, a house you could consider worth giving up your privacy for, but what is the actual chance you win? In the mean time, Permesso and the other parties involved, win with every contestant that enters, each time their pile of data grows, grows and grows. Am I suprised that people join things like this? Not really. In fact they had me fooled at first as well, until my radar picked up on the underlying implications. Is the whole thing a scam? No, it isn't. Is the balance between contestant and organiser good? Depending on how you value your privacy, it may be, or not be.

The offset of giving up my data in regard to the guaranteed benefits certainly wasn't worth it to me. And, going by this article All my personal details for chocolate? Go on then! most people just don't realize the value of personal data. Wise up people, please... And stop sending me spam, chain letters, "send to 10 friends and win free cinema tickets", "forward and win an ipod" or other spam collecting monstrosities like that. Keep on sending the porn though ;)


| No Comments

I've been keeping myself busy with these things lately - especially reading up, comparing, gathering information, asking questions :

- Fedora
- Tor and #tor on
- Dell Poweredge 1850

Eventually, these things should go on the box as well (if I ever decide to go ahead and get acquainted with a *nix system, buy that server, get a colo, maintain it and get it up and running) :

- freenet
- Mixminion Type III anonymous remailer

The hunt is on


I've been noticing some strange behaviour on my laptop lately, and when it happened again today, I decided to look into it. I'm working normally, and suddenly a small pop-up tells me my virusscanner is trying to access a certain IP adress using POP3, even though I'm not - as far as I'm aware - running any application that would need POP3 access at the time.

I quickly opened a command prompt and a netstat session did indeed confirm an attempt to reach an ip address linked to, which makes NO sense at all. I'm not in the UK, I'm not using a UK provider and no one I know is either. It only happens on the latptop, so my first idea was that someone is messing with my wireless link to the desktop machine. However, I've set up my link using WPA2 with a completely random and strong key, so that shouldn't be possible.

I could suspect tor, but there is no real reason to do so, apart from the fact that when this happened earlier, it stopped after I removed the application. However, when I check tor and the bandwidth it uses, there is no activity at all, which sounds right as it is not in use all the time. I only fire up tor and the proxies when I need some additional privacy, and the speed with which data arrives is less important. Is someone trying to use my installed tor client to send out mail? That again should be impossible since I have it configured as a client, not a server, and by default it doesn't allow POP3. My idea is that it ain't caused by tor.

I quickly ran my antivirus, spyware and adware tools to see if anything got past my defenses, but nothing has shown up so far. The firewall is up, the virusscanner is up to date, yet something tries to create a POP3 connection to a UK based host. Go figure.

Update : I have now finetuned my netstat capture to not only list the open connections and their state, but also which binary is responsable for creating them, sorted by protocol. This should be enough to find out more about the perpetrator. My e-mail scanner log files it under AutoPOP3, which really doesn't ring a bell. To be sure I've upped my default log information from medium to high, so I hope to get some more info.

If anyone happens to know where this mysterious POP3 connection to originates from, I'd be happy to find out. The IP address it tries to connect to is and the brand and model of the laptop is an Fujitsu-Siemens Amilo L7300. I must say that I've found similar questions from people online wondering why their AVG Mailscanner suddenly feels like connecting to foreign servers. To be continued, no doubt.

Note : I'm not running eMule, eDonkey, or any other filesharing programs, nor are they installed on my machine(s).

Update : Guess what. The PID of the offending program is 1264 in my case. I check the running processes and shows up? Tor. Crap. Off to read up and possibly talk to the developers of it. Solved : thanks to some volunteers in the #tor IRC channel ( the mystery was solved. Tor keeps some connections open and is the address of a dir server, which runs on port 110, thus is captured by my mailscanner. Whether I find it "wise" to run a dirserver on a port specified for mail remains to be seen, but the mystery is solved. Off to throw something in the donation bin for tor now...

Security, privacy and tools : updates

| No Comments

The following tools and programs that may help you stay anonymous and/or safeguard your privacy were recently updated :

tor (version (stable))
GnuPG (version (stable))
GPGShell (version 3.5)
JAP (version 00.05.022)

And, worth mentioning is a new cli version of n_map for windows : n_map (version 4.01)

Notice : As I was writing out this post and hit "preview" I received an 412 Precondition Failed error on my cgi script. A quick google for the error told me that it was most likely caused by a set of rules put in place by my host. I tinkered a bit with the entry, and soon found out that n_map triggered the rule, but after opening a helpdesk ticket, that was quickly taken care of.

I must admit that I was very wrong by posting my previous entry. HM does not censor their clients and they'll never will. I should really have given them the credit they've earned over the years, which I didn't in my hasty reply. Let it be clear that Hostingmatters totally rocks.

I'm ashamed of myself. Sorry, HM crew :(

E7/DI/2005/5422 - D.5518

| No Comments

While driving home - or maybe "traffic jamming home" would be a more accurate description - I had a wonderful rainbow in front of me. Very nice and it lifted my spirits even though they were not down. Funny how the little things can sometimes make life seem so much better, isn't it?

Another thing that always makes me happy is when I notice some windmills silently generating power on the waves of wind, and I always tell myself that it's going to be a good day or night depending on the time I see them. On the other hand, I make sure not to be pulled down when they're not spinning away. I believe it is a very good quality to be able to extract the best out of simple things and throw away the things that stand in the way.

For those of you wondering about the cryptic title, wonder no more. It's the reference to a letter I received today concerning that second spam complaint I filed last year. The letter is an acknowledgement of acceptance which also means my complaint has jumped through the first few hoops of the investigation and will be looked deeper into now. I can imagine them receiving thousands of complaints a year, and the majority of them probably being bogus or impossible to investigate or convict upon. That's why I carefully select which cases to report after having done quite some research myself. If I request for a case to be opened, I want it to be successful and to send a signal that cannot be ignored.

Strike one

| No Comments

Last year I filed a complaint against Budget Partners NV (a belgian company) for spamming (see Customs=Criminals). Today I received the outcome of my complaint and it's strike 1 for me. Allow me to copy/paste the text (in dutch) :

Betreft : uw klacht lastens de nv Budgetpartners, Bergensesteenweg 1149 b2 te 1070 Brussel.

Geachte heer,

Ik heb de eer u mede te delen dat, ingevolge uw klacht, door mijn diensten een onderzoek werd ingesteld bij de naamloze vennootschap Budgetpartners.

Het resultaat van dit onderzoek heeft aanleiding gegeven tot het opstellen van een proces-verbaal van waarschuwing ten laste van voormelde onderneming.

De Inspecteur-directeur,
J. Verhasselt.

In short, this means they received an official slap on the wrist, but have not been "convicted" or "fined".

Is this good? Yes! Though I believe that a slap on the wrist will not make a company change its policy, only fines high enough so that any profit from the policy is countered by a financial penalty will do so. All things considered, it is a victory for individuals and their right to privacy as well as a step towards getting rid of spam.

When technology haunts you


Can you imagine my utter suprise just a few minutes ago, when I popped a DVD into my Loomax X-50 DVD player and it asked me for a "parental control" security code? "What the fuck?!" was my first reaction, as I stared at the screen rather confused. I bought that DVD player somewhere early 2004 and it has never asked me to input any kind of security code.

Think think... where did I put that manual? Did I throw it away, and if not, where did I put it? As you may already have guessed, I was a tad bit more than just clueless. I've got tons of electronic devices and gadgets, and I'm a walking security code and password library, but the DVD players parental control code? Never heard of it!

Anyway, the default code is 3308 - just in case someone else hasn't got a clue where they put their manual - and I immediately went into the settings and turned off that parental controle crap. What suprises me most though is this :

Last night I played one of the Rockbitch DVDs, no problem. Today I watched Ali G's "Aii" containing slang words and references to "boning me Julie" that some conservative rightwing nutcase could probably find of questionable nature. No parental control lock or whatever pops up. I insert the good old and simply superb "The Blues Brothers" DVD, and bam : parental control kicks in. The blues must be a dangerous thing, and Aretha singing "Think", that must sound like the devil itself. Go figure!

That's my (xx)x-mas so far peeps : Ali G, The Blues Brothers and hunting down long lost manuals for parental control no one asked for. A happy 2006 to everyone!

I just do not understand some people

| No Comments

With a new vote about adoption rights for same sex parents coming up in the Parliament today (thursday, December 1st 2005) a Belgian group of conservative christians called "Actie voor het Gezin" has handed over a petition on tuesday, sporting 22.400 signatures of people opposed to same sex parents getting the same adoption rights as mixed couples. A Dutch article about it can be found here : Kamer ontvangt petitie tegen adoptie door holebikoppels.

If you support adoption because you think it's right, why limit the same options for others? Anyway, here's a great video ad reaction : Children raised.... (video by, hosted on Size : 3.9Mb. Format : MPEG)

Apparently, someone is trying to fuck with me online. Let me tell you this straight up and in your face : if I find out who is behind this, his or her life online will become very unpleasant, not to say impossible. I've tracked down "badasses" before and filed charges with positive outcome for me, and I won't hesitate to do it again. Every single mail, signup request, or "confirmation" I received so far will be reported, analysed and kept as proof. Better quit now before I get too annoyed, stalker.

/me goes into tracking and analysing mode, and remember : vengance is sweetest when served unannounced.

Rootkit + Digital Rights Management

| 1 Comment

If you come up with a blank stare when reading the words "DRM", or "rootkit", the following post may not be for you. If you are a concerned customer and value freedom, I suggest you keep reading.

Everyone knows record publishers have been pulling all kinds of strings to keep their CD's from being copied and pirated. To a certain level, I agree that no one benefits from listening to copied audio CD's, however I believe that most people will still go out and buy the original CD if they like the work and artists featured on it. A nice cover, extended leaflets and such just provide more incentive to do so. What I hate is people telling me what I can or can't do with goods I purchase. It has the same reaction on me as saying "you have to...". I don't have to do anything, period.

Likewise, if I buy a brand new audio CD and want to listen to it in my car, I should be able to do so. If I want to listen to it on my computer, I don't want to install extra software, players or listen to crippled audio tracks. It's my CD, so I decide what to do with it.

Enough for the subjective ranting, off to the technical side of things. DRM is a tool that prevents (or limits) the things you can do with you recently purchased CD. It won't prevent you from smashing it up, using it as a frisbee, or having your dog chew on it. I will however attempt to only play it on one cd player, prevent you from copying it, or even access the data on it without using vendor approved software. So much for a short intro on DRM. If you want to know more, check out wikipedia on DRM, or the collection of links and articles at EFF on DRM.

Rootkits... Usually connected to "evil", rootkits are receiving an increasing attention in the media, although most non-techies haven't picked up on them yet. A rootkit is software that will hide certain things from the user and the system itself. It's often used to install and hide malware, spy or adware onto a system. It's also used to create and maintain backdoors into computers without the knowledge from the owner. In short : rootkits hide things. Things that are hidden from you (the user/owner) make it hard to remove, or even analyse the possible implications. Does that explain in very simple wording what rootkits are? More (technical and specific) information can be found at Rootkits (wikipedia) or

So... where were we? Aha, yes, rootkits and DRM. Let's just combine the two, will we? You unsuspectedly pop your newly purchased audio CD into the CD player of your computer - you are reading this on your computer, right? - and an installer screen pops up. You click next and get the legal mumbo jumbo, next, next, next, back, up, next, cancel, next, OK. Now that was easy, wasn't it? Where's my damn music?!

Aaah... reboot, and there it is : a crappy player interface giving you access to your beloved new audiotracks. Wait, why can't I use my personal favorite audio player? Let's see... it doesn't even find the data on the CD, hm... Ah well, I gotta run so lets quickly make a copy of this CD so I can listen to it in my car. A place that's usually lethal for CD's, mind I say. What? No copy either? WTF!

You rip the CD from the player, throw it back in the jewelcase and head off to do more important things. When you get back home, you try using your own favorite music player again, and you fail. A copy still ain't possible, so you get annoyed and uninstall whatever crap was installed on your computer in the first place. Reboot, done! Enough of it, and that CD will probably end up somewhere at the bottom of your pile, because it could have been so much, but is so little.

End of story? Not if that was a Sony/BMG DRM CD, my friend. When you uninstall, the rootkit used to hide the DRM from the user, remains installed. And that same rootkit can - and will - be abused by other programs like spy and adware or viruses to hide themselves from the system. An up to date virusscanner? No good, as the virus is hidden from the system itself. Can you remove the rootkit yourself? Yes, but only if you ask the Sony/BMG techies for instructions*. (updated on 02/11/2005 to reflect new link)

Also see Removing Sony's CD 'rootkit' kills Windows (The Register) and Mark's Sysinternals Blog : Sony, Rootkits and Digital Rights Management Gone Too Far.

In a recent trial, an alleged speeder was acquitted and awarded AU$3,300 when the Roads and Traffic Authority couldn't prove that the evidence produced by a traffic camera was untampered with. The problem lies in the use of the MD5 encryption algorithm to store the time, date, speed, place and licenseplate of the offending vehicule caught on camera.

Chinese scientists had produced proof that it is perfectly possible to alter the protected data - for instance increase the speed - and still end up with the exact same MD5 key. Thus, having an MD5 key doesn't prove the data itself is authentic, nor that it hasn't been tampered with.

Security and encryption is good, but it can (and will) be used against you if you don't keep up to date and rely on it never being broken.

More about this story on and (requires registration).

Encrypted VoIP you say? Why do we need such a thing? Ain't that difficult? Just for Geeks? I've got nothing to hide! Am I paranoid?

Let's start off with the most difficult question : "why". As far as I'm concerned, there is no answer that has all the reasons you may be interested in it for, why I may be interested, or Jake or Ali down the road. We all have out reasons, even though one may not realize it until it's too late to turn back and do things differenly. If you write a letter - you know, those ancient things with real paper, ink or a pen and actual handwriting - and put it in an envelope, stamp it and drop it in the mailbox, you expect that to reach the destination without it being opened, read or tampered with, don't you. That's the way we've been doing it for years.

Let's take e-mail for example : you write a mail, send it almost instantly to the addressee and be done with it. However, just like in the postal system, your mail bounces through various servers and systems all over the world before it reaches the destination. While we can be - relatively - certain about the security and reliabilty of the established postal system, you have much less certainty about the validity, trustworthness and security of the many servers that accept and forward your e-mail. Pretty much anyone could read it, alter it, or discard it on the way, and in some cases you'd be nothing the wiser.

The same is possible with VoIP, as it's just an IP based protocol that uses servers that are not under your control to reach the destination. Sure, you may not have secrets to share - or so you think - and no one is interested in your boring life anyway, why would the waste time and money tapping your conversations?! Don't ask yourself those questions and just assume that someone, somewhere *is* interested in what you say, write or read.

So, I'm quite interested in what Phil Zimmermann, will have to say about his newest VoIP encryption project, as he presents it at a security conference next week. Check out the Wired article for more information : Privacy Guru Locks Down VOIP. Interesting words by Bruce Schneier on related matters, and The Register has also picked up info on the VoIP encryption : PGP inventor to debut VoIP crypto.

Things like this : Telus blocks union website are very good reasons why applications like JAP and tor exist, should be supported and maintained. If others start deciding what you can and can't access (also read censorship? Nah, we wouldn't dare), you will have to find ways around the censorship while the legality is checked and decided upon. And even in that case, I am not one to decide what others can or can't do, read or write, and I expect to get the same courtesy from society.

With new "anti-terrorism laws" being invoked daily and privacy being stripped away, minute after minute, it won't be long before we're being told where to sit, when to breathe and ultimately when to die.

The question is, will you accept it, or fight?

IFPI Belgium is at it again. They signed an agreement with ISPA Belgium that will lead to the following usenetgroups no longer being carried/supported/listed on ISP's that are members of ISPA :


Sure enough if I say censorship, they reply : these groups were carrying illegal content. Furthermore we are not censoring anything as the groups themselves still exist, we just don't have them on our servers anymore.

If 99% of all libraries in your country stop offering books that a group of people opposes too due to content or topic, would you agree? I can tell you right away that the answer "I don't care because I don't read those books/I'm not interested in those topics" is the wrong one! Today they're knocking nextdoor. When will you be woken up in the middle of the night and taken away? Will there be someone left to protest?

Update Notice : an updated release of tor has become available. New versions are (stable) and (alpha).

Monthly Archives


OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.2.3

About this Archive

This page is an archive of recent entries in the Privacy and Freedom category.

Politically Incorrect is the previous category.

Reviews is the next category.

Find recent content on the main index or look in the archives to find all content.