August 26th, 2015
Since the 1930s, people have said, “There ain’t no such thing as a free lunch,” and this certainly applies to “free” information on the Internet. If you haven’t paid to read an article (or are not reading an article for which a library has paid for your access), chances are very high that the web page containing the article is festooned with all kinds of advertisements angling for your money. Some of the most intrusive ads are pop-up ads, and many people and web browsers use blocking software to stop such ads. Two weeks ago, PageFair, a provider of counter ad block solutions for publishers, released their annual report documenting the increasing use of ad blockers. Is this a problem?
- The digital media industry needs to react to ad blockers … or else (Columbia Journalism Review | Michael Rosenwald) “This is an exciting and chaotic time in digital news. Innovators like BuzzFeed and Vox are rising, old stalwarts like The New York Times and The Washington Post are finding massive new audiences online, and global online ad revenue continues to rise, reaching nearly $180 billion last year. But analysts say the rise of ad blocking threatens the entire industry—the free sites that rely exclusively on ads, as well as the paywalled outlets that rely on ads to compensate for the vast majority of internet users who refuse to pay for news.”
- Ad blockers and the nuisance at the heart of the modern web (New York Times | Farhad Manjoo) “Nearly 200 million people worldwide regularly block ads, the report said, and the number is growing fast, increasing 41 percent globally in the last year. Today ad-blocking is mostly restricted to desktop web browsers. But iOS 9, Apple’s latest mobile operating system, will include support for ad blockers when it becomes available in the fall.”
- What the ad blocker debate reveals (Monday Note | Jean-Louis Gassée) “You can’t blame the browser, it’s the way the system has evolved in the Web advertising race to the bottom. Back when physical newspapers were still vital, advertising space was limited and thus prices were well-behaved and constant. No such thing on the Web, where the ‘ad inventory’ tends to infinity. As a result, prices fall, sites need more ads to stay afloat, and they must consent to exploitative practices.”
- The ethics of modern web ad-blocking (Marco.org | Marco Arment) “Web ads are dramatically different from prior ad media, though — rather than just being printed on paper or inserted into a broadcast, web ads are software. They run arbitrary code on your computer, which can (and usually does) collect and send data about you and your behavior back to the advertisers and publishers. And there’s so much consolidation amongst ad networks and analytics providers that they can easily track your behavior across multiple sites, building a creepily accurate and deep profile of your personal information and private business.”
Articles from Ohio Web Library:
August 25th, 2015
We are about to hear a lot of hype and hoopla about 5G wireless. If the rollout of 4G is any indication, wireless carriers will start making claims about their 5G networks before 5G is even officially available. There will be talk about increased capability for the Internet of Things, including self-driving cars and the ability to watch super high definition video on your tablet, maybe while your car drives itself. But before any of these promises can come to pass, a lot of groundwork must be done, including assigning and selling wireless spectrum for 5G. Some of the lower-frequency spectrum could come very close to the unassigned TV spectrum currently used for the TV Whitespace connections that some libraries are using.
- IMT-2020 is the future of mobile — but you can keep calling it 5G (PC World | Stephen Lawson) “The International Telecommunication Union (ITU) has decided to call the next-generation cellular system IMT-2020. That name may have a hard time catching up with ‘5G,’ a tag that’s been applied to just about every future mobile technology in the works: Googling ‘5G mobile’ brings up 12.9 million results. But it’s a clear sign of progress toward the concrete. Where there’s a bureaucratic-sounding numeric acronym, can a formal standard be far behind? The ITU now has an answer to that question, too. It’s set a timeline that calls for the standard to be finished in 2020. Hence the name, which follows in the footsteps of IMT-2000 (3G) and IMT-Advanced (4G).”
- The promise of 5G (TechCrunch | Hossein Moiin) “There are several technical hurdles to overcome, and the biggest is for the industry and the world’s governments to work together to develop a standard for 5G. Setting a standard will allow multiple devices, multiple networks and multiple users (humans/machines/drones/robots/phones/wearables) to access the network and its data in a consistent way, eliminating the need for humans to intervene. Additionally, allocation of more radio spectrum is vital to meet increased demand for capacity and data rates beyond 2020.”
- Leading towards next generation “5G” mobile services (Official FCC Blog | Tom Wheeler) “The NPRM [Notice of Proposed Rulemaking] will focus on developing a flexible regulatory framework that will allow maximum use of higher-frequency bands by a wide variety of providers, whether the service they provide is mobile, fixed, or satellite. I anticipate that we will explore a range of regulatory strategies depending on the specifics of each proposed higher-frequency band, including licensed, unlicensed, and hybrid shared models. In addition, as an implementation of existing flexible rules, I foresee lower-frequency bands playing a role in 5G. For example, the timing of the incentive auction makes the 600 MHz band a prime candidate for deployment of a wide-area 5G coverage layer. In much the same way that 700 MHz paved the way for America’s world-leading deployment of 4G, so could 600 MHz accelerate U.S. deployment of 5G.”
- The race to 5G: Inside the fight for the future of mobile as we know it (TechRepublic | Jo Best) “‘An additional challenge will be to find a globally harmonised band for 5G roaming since all suitable spectrum is already in use in one or another part of the world,’ said Thibaut Kleiner, head of the European Commission’s CONNECT (Communications Networks, Content, and Technology) Directorate-General. One solution to the spectrum crunch could be to look beyond the lower-frequency spectrum — between 700MHz and 2.6GHz — used by most carriers today, and move towards higher spectrum bands such as 6GHz, 28GHz, and 38GHz. At the top end, beyond 30GHz, these extremely high frequency bands are known as millimetre wave. Bringing those bands into use is both one of the most exciting, and least guaranteed, areas of 5G development.”
Articles from Ohio Web Library:
August 25th, 2015
As we all know, the Internet contains a lot of bleak and nasty stuff, and some of the bleakest and nastiest is child pornography. For almost two decades, the Internet Watch Foundation, an English charity, has worked to combat criminal material on the Internet, and most recently has focused on minimizing the availability of images of child sexual abuse. Now Google, Facebook, and Twitter have agreed to use the IWF database of images identified as child pornography and block those images from their web services. The IMF has sometimes been criticized for being too aggressive in its policing efforts, and no one is naive enough to believe that this new partnership will end child pornography, but it seems like it might have the potential to help.
- Google, Facebook, and Twitter have a new strategy to ban images of child abuse (Motherboard | Kari Paul) “The companies are tapping into a database created by the Internet Watch Foundation (IWF) that uses hashing technology to identify and block child sex abuse images. The system works by running an illicit photo through an algorithm that creates a unique digital fingerprint for it. The hash is then added to the database that can identify the image if it is uploaded by another user, allowing the companies to detect and remove it without viewing the image itself.”
- Hash List “could be game-changer” in the global fight against child sexual abuse images online (Internet Watch Foundation) “Not to be confused with a ‘hash tag’, a hash is a digital fingerprint of an image. There are billions of images on the internet and by creating a digital fingerprint of a single image, you can pluck it out, like finding a needle in a haystack. IWF will automatically begin creating three types of hashes to meet the needs of the online industry. It will create PhotoDNA (technology developed by Microsoft), MD5 and SHA-1 hashes.”
- Facebook, Google and Twitter block ‘hash list’ of child porn images (The Telegraph | Sophie Curtis) “The IWF said many internet companies can make use of the hash list, including those that provide services such as the upload, storage or search of images, filtering services, hosting services, social media and chat services, data centres and connectivity services. The hash list is constantly growing, and has the potential to reach millions of hashes of images. The IWF claims to remove around 500 web addresses containing child sexual abuse material every day, with one web address containing up to thousands of images.”
- Cambridgeshire’s Internet Watch Foundation launches “hash list” in bid to rid web of abuse images (Cambridge News | Florence Snead) “All five companies involved in the scheme’s first stage, which started last week, were already IWF members but if all goes well it could be rolled out to other members within a matter of months. The next step would be to approach organisations worldwide, who do not currently work with the IWF. The charity is keen to work with more image hosting companies which are at particular risk of being targeted by people putting such media online.”
Articles from Ohio Web Library:
- The politics of Internet filtering: The United Kingdom and Germany in a comparative perspective. (Politics, Feb. 2014, p.58-71 | Ben Wagner)
- Robust image hashing via colour vector angles and discrete wavelet transform. (IET Image Processing, March 2014, p.142-149 | Zhenjun Tang, Yumin Dai, Xianquan Zhang, Liyan Huang, and Fan Yang)
- Perceptual image hashing using local entropies and DWT. (Imaging Science Journal, Feb. 2013, p.241-251 | Z.J. Tang, X.Q. Zhang, Y.M. Dai, and W.W. Lan)
August 5th, 2015
About eleven months ago, we devoted a 4cast post to Tor, leading off with a Boing Boing article by Alison Macrina about libraries in Massachusetts using the Tor browser to protect patron privacy. Ms. Macrina is the founder and director of the Library Freedom Project, which last week announced a new initiative to establish Tor exit relays in libraries, “to help libraries protect internet freedom.” The whole point of Tor is to provide online anonymity, so things like browsing habits cannot be tracked. Ironically, however, several articles also published last week reported on findings that Tor browsing currently may not be totally anonymous after all.
- Tor exit relays in libraries: a new LFP project (Library Freedom Project | Alison Macrina and Nima Fatemi) “When a user opens the Tor Browser and navigates to a website, her traffic is bounced over three relays, scrambling her traffic with three layers of encryption, making her original IP address undetectable. The exit relay is the last relay in this circuit, the one that talks to the public internet. Fast, stable exit relays are vital to the strength of the Tor network. Non-exit relays – guards, middle relays, and bridges – are also important to the Tor network, but exit nodes are the most needed, and libraries can afford some of the legal exposure that comes with an exit.”
- Crypto activists announce vision for Tor exit relay in every library (Ars Technica | Cyrus Farivar) “‘Librarians see the value as soon as you say “privacy protecting technology,”’ Alison Macrina of the LFP told Ars via encrypted chat. ‘When we get into the basics of free software and cryptography, they are hooked.’ For now, the LFP has only managed to set up a middle relay—one of the three major types of relays in a library in New Hampshire, but hopes that after further testing it can be upgraded to an exit relay in about a month.”
- Shoring up Tor (MIT News | Larry Hardesty) “During the establishment of a circuit, computers on the Tor network have to pass a lot of data back and forth. The researchers showed that simply by looking for patterns in the number of packets passing in each direction through a guard, machine-learning algorithms could, with 99 percent accuracy, determine whether the circuit was an ordinary Web-browsing circuit, an introduction-point circuit, or a rendezvous-point circuit. Breaking Tor’s encryption wasn’t necessary. Furthermore, by using a Tor-enabled computer to connect to a range of different hidden services, they showed that a similar analysis of traffic patterns could identify those services with 88 percent accuracy. That means that an adversary who lucked into the position of guard for a computer hosting a hidden service, could, with 88 percent certainty, identify it as the service’s host.
- MIT researchers figure out how to break Tor anonymity without cracking encryption (ExtremeTech | Ryan Whitwam) “This is only possible because the attacker is running the entry node the victim is connected to. However, the entry node is selected randomly for each session. The attacker would need to run a lot of guard nodes to identify a significant number of connections and it would be very hard to target a specific user. The fix for this attack is actually pretty simple. The Tor network needs to start sending dummy packets that make all requests look the same.”
Articles from Ohio Web Library:
July 29th, 2015
Last week, while this blog was scaring you with tales of hackers-for-hire, the Google folks were presenting some interesting security practices research [pdf] at the Symposium on Usable Privacy and Security (SOUPS) in Ottawa, Canada. The researchers conducted a survey of 231 security “experts,” defined as someone who had at least five years experience working in or studying computer security, and 294 non-experts recruited through Amazon’s Mechanical Turk. There were some very clear differences between the responses of the experts and the non-experts.
- What amateurs can learn from security pros about staying safe online (Ars Technica | Dan Goodin) “A survey found stark discrepancies in the ways the two groups reported keeping themselves secure. Non security experts listed the top security practice as using antivirus software, followed by using strong passwords, changing passwords frequently, visiting only known websites, and not sharing personal information. Security experts, by contrast, listed the top practice as installing software updates, followed by using unique passwords, using two-factor authentication, choosing strong passwords, and using a password manager.”
- New research: Comparing how security experts and non-experts stay safe online (Google Online Security Blog | Iulia Ion, Rob Reeder, and Sunny Consolvo) “More broadly, our findings highlight fundamental misunderstandings about basic online security practices. Software updates, for example, are the seatbelts of online security; they make you safer, period. And yet, many non-experts not only overlook these as a best practice, but also mistakenly worry that software updates are a security risk.”
- Trying to keep your data safe? You’re probably doing it wrong (NPR All Tech Considered | Aarti Shahani) “There’s a similarly stark gap when it comes to antivirus — the software that has long been hailed as the all-purpose cleaner, the rubbing alcohol of the Internet. Forty-two percent of the non-experts surveyed say products like McAfee and Norton are key. But among the experts like [Gerhard] Eschelbeck [Google Vice President for Security Engineering], just 7 percent agree. ‘Antivirus has absolutely its place. But it’s not like the only one solution that people can and should rely upon,’ Eschelbeck says.”
- Online security: How the experts keep safe (InformationWeek | Thomas Claburn) “A third point of differentiation between security experts and non-experts is the use of two-factor authentication. Eighty-nine percent of security experts polled said they used two-factor authentication, compared to 69% of non-experts. Some 12% of non-experts said they didn’t know whether they use two-factor authentication – which probably means they don’t.”
Articles from Ohio Web Library:
July 22nd, 2015
Hacking into the computer files of a company or government agency often is not a very lucrative occupation, unless the hacker has some way to convert stolen information to cash. So a current trend seems to be for hackers or hacker groups to sell their services, before the hack, to someone who wants specific information. The business side of hacking has been highlighted in some recent news reports, like news about the Hacking Team company being hacked themselves, and the takedown of the Darkode forum for hackers. You may think that libraries are safe from this kind of cyber crime (why attack a library?), but by that logic, we also should not be seeing denial of service attacks on libraries – yet we are.
- Hackers on demand (Fast Company | Steven Melendez) “At Hackers List, for instance, hackers bid on projects in a manner similar to other contract-work marketplaces like Elance. Those in the market for hackers can post jobs for free, or pay extra to have their listings displayed more prominently. Hackers generally pay a $3 fee to bid on projects, and users are also charged for sending messages. The site provides an escrow mechanism to ensure vendors get paid only when the hacking’s done.”
- Hackers for hire: How online forums make cybercrime easier than ever (Washington Post | Andrea Peterson) “These forums and black markets offering physical goods as well as digital services – such as the now defunct Silk Road – have helped drive the popularity of cybercrime, because the sites contain almost everything someone would need to get into hacking for profit, [Raj] Samani [of Intel Security] said. Even those without technical knowledge can visit the forums or black markets and hire people to do the individual components of a scam – or outsource it altogether in a subcontractor-style set up, he said.”
- Sophisticated hacker group strikes for profit, not politics (Top Tech News | Jef Cozza) “Almost as unnerving as Morpho’s habit of targeting enterprise assets is its familiarity with the inner workings of its victims. The group has successfully compromised commonly used e-mail servers such as Microsoft Exchange and Lotus Domino, according to Symantec. It has also targeted enterprise content management systems, where it could have gained access to valuable documents such as financial records, product descriptions, and legal documents. And unlike attacks by other hacker groups suspected of working for the Chinese, Russian, or North Korean governments, Morpho’s malware tools are well documented in fluent English.”
- Hacker for hire (ITWeb | Jon Tullett) “Managing consultant [Tyrone Erasmus] at security specialist firm MWR InfoSecurity, he and his teams are hired to audit their clients’ security, mimicking the behaviour of criminal syndicates that are after the same valuable details: financial systems, intellectual property and trade secrets. ‘I’m a bad guy who plays by good guy rules,’ he proclaims, with a nearly straight face. Since the ‘70s and ‘80s, when hackers like Kevin Mitnick and John Draper burst onto the scene, corporate information security has improved greatly, it’s far stronger and…haha. Just kidding. ‘We have a 100-percent success rate,’ Erasmus says, deadpan.”
Articles from Ohio Web Library:
July 15th, 2015
You have likely heard of Bitcoins, but may not have heard too much about blockchain, the technology that makes Bitcoins work. Blockchain is very difficult to explain in just a sentence or two. For a quick summary, try the first Ohio Web Library article cited at the end of this post, or if you want more information, the second article is pretty good. Essentially, blockchain replaces a centralized authority with distributed authority, and this idea is finding applications beyond just cryptocurrency. It has the potential to be used in ways that could impact libraries, such as identity verification, copyright verification, and document preservation.
- Everledger is using blockchain to combat fraud, starting with diamonds (TechCrunch | Natasha Lomas) “Interesting uses of blockchain technology outside the cryptocurrency space continue cropping up. Just this month Ascribe raised $2 million in seed funding for its ‘notary and timestamp for intellectual property and creative works’, which uses the blockchain to store and sign digital images — creating an immutable record of their existence and enabling copyright to be enforced on digital artworks. While back at Disrupt New York’s startup battlefield in May there was ShoCard, a digital identity startup which stores personal identity credentials on the blockchain.”
- Blockchain technology: The key to secure online voting (Bitcoin Magazine | Matthew Daniel) “Just as Bitcoin users make transactions by sending the digital currency to the recipient’s digital wallet, blockchain voting systems involve creating wallets for each candidate or option in an election. All voters are then allocated a digital ‘coin’ that represents one vote, which they can cast by sending their ‘coin’ to the wallet of their choice. As in a bitcoin transaction, the entire process is recorded in the blockchain public ledger, meaning that unlike most current elections, a voter can verify that his or her vote was actually counted.”
- This man says he can save Reddit with the spirit of Bitcoin (Wired | Kevin Montgomery) “By leveraging bitcoin’s technology, a new blockchain-based system could ensure that content cannot be retroactively removed. Instead, it would simply be up to operators of nodes, or endpoints which display data from the distributed database, to choose which information they wish to hide. If any person was upset with which information that an operator was suppressing, they could merely switch to using another competing node or start their own.”
- Blockchain technology will transform the practice of law (Bloomberg BNA | Joe Dewey and Shawn Amuial) “While this technology is only in its infancy, its application to business is developing at a rapid pace. With Goldman Sachs, Nasdaq and many other leading financial firms and companies investing hundreds of millions of dollars into blockchain technologies, one thing is clear — the lasting legacy of the blockchain is likely to be far greater than Bitcoin or any other single cryptocurrency.”
Articles from Ohio Web Library:
July 8th, 2015
There must be something about summertime that triggers interest in software tools to manage Wi-Fi networks, because in the last couple of months we’ve seen several articles on this topic. We’ve cited four of these articles in today’s 4cast, all of them dealing with Wi-Fi analysis tools that are free. You will see a lot of these tools mentioned in more than one article, of course, but the descriptions and discussion of what each tool is good for may help you decide which ones to put in your Wi-Fi toolbox. And in some cases, these may be tools you hope someone else does not have in their toolbox.
- 8 free WiFi analyzers (Network Computing | Ericka Chickowski) “There are additional, lesser known free options, and we’ve assembled the best of them here. Check them out if you’re interested in delving into a specific aspect of wireless performance, planning access point placement, seeking out rogue networks, or you just want a cool, slick interface.”
- 7 free Wi-Fi stumbling and surveying tools for Windows and Mac (Network World | Eric Geier) “Each of these tools gives you the basic wireless details: SSIDs, signal strength, channels, MAC addresses, and security status. Some can even reveal ‘hidden’ or non-broadcasted SSIDs, display the noise levels, or display statistics on successful and failed packets of your wireless connection. Two of the tools include Wi-Fi password cracking tools as well, useful for educational or penetration testing purposes.”
- Free wireless survey software (TCAT Shelbyville – Technical Blog) “It is important to perform a wi-fi survey so that you can determine not only the perfect place to locate your access point or bridge but to gain an understanding of the channel co-existence challenge you may face. With wireless access points in surrounding neighborhoods and businesses, you will need to perform a survey by walking around and mapping out the BSAs (Basic Service Area) of wireless that surrounds you and your organization.”
- 13 popular wireless hacking tools (InfoSec Institute | Pavitra Shandkhdhar) “Sometimes when you are on a network, you also want to check what is happening on the network. This happens mostly in big organizations, when an employer wants to check who is doing what in the network. For these things, there are a few network hacking tools available that let users analyze packets and see what other users are doing.”
Articles from Ohio Web Library:
July 1st, 2015
Warning: This 4cast posting is going to get technical. But hang with us a minute, with a little bit of introductory information, we can probably get through this. In recent years, there has been a tendency for programmers to write “native apps” for a particular piece of hardware, especially a particular smartphone operating system, so they could make the device do complex things online that would not happen smoothly in a web browser built to run on any operating system. So the announcement last week that the major web browsers have come together to develop a new web language that can allow browsers to perform as well as native apps was big news for programmers, and could very well lead to a simpler, more standardized web experience for the rest of us, too.
- The secret alliance that could give the Web a massive speed boost (CNET | Stephen Shankland) “Today, it’s not unusual to run processor-taxing programs as native apps on your tablet, phone or PC – for example, Adobe’s photo-editing software Lightroom. But running a browser-based alternative, such as Pics.io, has its advantages. A programmer, for instance, can write one Web-based app and have it run on any operating system, since you need only the browser. That programmer liberation could help loosen the grip that Apple and Google have on the technology industry today with their iOS and Android operating systems, where native apps rule.”
Articles from Ohio Web Library:
June 24th, 2015
Ancestry Library Edition, which has been part of the Ohio Web Library since July 2011, is one of the most popular statewide library databases, generating over 3 million public library user searches a year (and another 1.3 million from school and college libraries), despite the fact that it is the only Ohio Web Library resource that requires people to go to their library to use it. This on-site requirement stems from Ancestry.com’s business agreement with ProQuest – the Ancestry Library Edition vendor – which did not allow at-home access under any circumstances; that would have reduced Ancestry.com’s sales to individuals. Recent news about a possible sale of Ancestry.com is a good excuse for us to take a look at the history of the company and this business of selling online genealogy information.
- About me (Paul Allen blog) “My biggest claim to fame comes from co-founding Ancestry.com in 1997 (again with Dan Taggart) and launching the MyFamily.com web site in 1998. I was the company CEO for the first year, where we actually achieved positive cash flow as an internet subscription company before raising outside capital. Then we hired my brother Curt Allen, who led the company as we raised $90.5 million in venture capital. We tried to go public in 2000 but missed the window.”
- Permira to buy Ancestry.com for $1.6 billion [October 2012] (New York Times | Mark Scott) “The agreement comes three years after Ancestry.com raised $100 million in an initial public offering. The site, which allows individuals to trace their heritage, has customers in 15 countries, though the majority of its users are based in the United States, Canada, Britain and Australia. The deal will be a welcome reprieve for the site, which has struggled since becoming a publicly listed company. After hitting a $45 high in 2011, its stock price has tumbled to around $29 on concerns that consumers are reducing their spending because of the economic crisis.”
- Exclusive: Genealogy website Ancestry.com explores sale: sources (Reuters | Liana B. Baker And Greg Roumeliotis) “Permira Advisers LLC, the buyout firm that owns most of privately held Ancestry, has hired investment banks to run an auction for the company, the people said this week. The sources asked not to be identified because the sale process is confidential. Permira declined to comment, while an Ancestry spokeswoman did not respond to a request for comment. Based in Provo, Utah, Ancestry has a database of more than 15 billion historical records and more than 2.1 million paying subscribers. Subscription fees accounted for 83 percent of its total revenue of $619.6 million last year.”
- HeritageQuest Online now provides data from Ancestry (Eastman’s Own Genealogy Newsletter | Dick Eastman) “HeritageQuest Online (a division of ProQuest) has supplied genealogy information to libraries for years. […] HeritageQuest Online has now announced that the genealogy information within its service is being replaced with information from Ancestry.com. Indeed, I logged onto my local public library’s web site this morning, went to the HeritageQuest Online database, and performed a search for an elusive great-great-grandfather of mine. When a census page appeared on the screen it looked clearer than what I have seen before and it also had an Ancestry logo in the upper-left corner.”
Articles from Ohio Web Library: