I opened a PayPal dispute and they closed it because it had been longer than 45 days since I bought it. Some stuff takes nearly that long just to arrive from China! As usual PayPal are cocks.

I left the seller negative feedback because he refused to accept a return. I asked Santander about a charge-back but they refused too, the asshats.

An interesting article.

Summary: Using power fluctuations in the national grid police claim to be able to date a recording precisely. The fluctuations affect any mains connected equipment, and allegedly even battery powered devices.

The police seem to love this kind of highly dubious forensic evidence. Let’s look at their record.

Fingerprints – not unique and never a perfect match like on TV, in fact matching is very much an art. Unreliable.

DNA – started out as a 1 in 1,000,000,000 chance of a sample matching two people, now it turns out that even with a good sample it’s more like 1 in 1,000,000 (i.e. 60 other people in the UK match).

DNA amplification – taking a small sample of DNA and build it up. The Omagh bombing trial collapsed after it was revealed to be bunk.

Firearms residue – a single spec was enough to convict Barry George until it was revealed that it was worthless as evidence. An innocent man spends years in jail.

CCTV – video evidence is powerful and solves crimes, except that most of the time it doesn’t.

Lie detectors – need I even go into them?

http://spawnlinux.dyndns.org/Bliss-Box/technical.html

It violates my copyright on some of the images such as the schematic and connector diagrams. It also violates the GPL by using V-USB and not publishing the relevant code. Chances are it probably uses some of my GPL’ed code, and the author admitted that it is based off some of Ralph’s code too (also GPL).

I emailed the guy but he is refusing to give any attribution, publish anything or provide any links back to the relevant sites.

Since he used his own server in dyndns I tracked him back to somewhere in Florida, using Warner Cable via Road Runner. I have sent complains to both of them.

amimojo:

This should not really come as a surprise to anyone. Like all evidence that has to be interpreted, the interpretation can be flawed.

Shows like CSI have computers getting an exact match on fingerprints and DNA, but the real world is not like that. Fingerprint matching is entirely subjective and the print recovered from a crime scene is rarely a nice clean one like they show on TV. DNA often has to be manipulated before a match can be made (due to the sample found at the scene being too small or of poor quality) and even then it often matches more than one person.

Even when you do get a match, it’s not proof that someone was at a specific place because DNA and fingerprints can easily be transferred. Someone broke in to my car a few years ago and despite there being fingerprints the police decided not to prosecute because they were on the outside of the car and the accused could just claim he lent on it on his way home from the pub.

There have been a few cases where fingerprint and DNA evidence have been challenged in the UK courts and shown to be unreliable, with innocent people spending years in jail before being cleared. Yet, the police seem to have started asking for everyone in the area of a crime to “volunteer” their DNA. Presumably if you don’t “volunteer” you become a suspect.

The idea that handwriting is any more unique than those two and at all reliable is laughable.

abigsmurf:

There was a good article here (or possibly some other social news type site) about the inherent flaw in DNA databases and the weight given to DNA evidence.

The theory goes like this: the chances of getting a false positive on a part sample are something like 1/50million. You have 50 million people on the database. This means You’d expect a false positive on every search. If you’re unlucky enough to live close enough to a crime to have committed it, you could easily find yourself in court.

You’ll then have to defend yourself based on a 1 in 50 million probability to a jury who won’t understand the statistics. If you haven’t got a solid alibi, it would be a tough thing to do.

There’s probably a good Terry Pratchett quote about 1 in a million chances to be used here.

amimojo:

An excellent point well made.

There is also danger of a match being made on another member of your family, but you being the one somehow tied to the case (in the same city or something) and so you get arrested. Siblings have close enough DNA that such matches can apparently be made.

I question the “1 in 50 million” statistic too. It’s far too simplistic, as there are different ways of collecting and matching DNA. Also, so-called experts have been wrong about this sort of thing in the past. Remember that poor woman who spent years in jail because some idiot said that there was a “1 in a million” chance of having three children all die of cot-death?

A quick overview of what we are up against. In the UK the following is recorded:

• Every IP address assigned to an internet connection
• Every web site visited
• Every email address sent from and sent to and time of sending
• Every instant messenger screen name
• Time and destination of every instant message
• IP address at the time of every website/email/IM access
• Every phone number dialled from and to, time of call and duration
• Location to within a few feet of any mobile phones at time of call
• All mobile cell information related to a mobile phone (e.g. times and locations, so they know where your phone is whenever it’s turned on)
• Postal data, basically what is written on the outside of any letter/package
• Vehicle location, recorded by CCTV cameras with automatic numberplate recognition

Other information is probably kept too. The police also have the capability to record phone conversations (and probably email/IM as well), and turn any phone that is turned on into a listening device (bug). Presumably if they did this with your mobile phone you would notice the battery draining pretty fast though. (Source: http://en.wikipedia.org/wiki/Telecommunications_data_retention

Basically, it’s a modern high-tech surveillance society, and now the police are looking at trying to hack people’s PCs/wifi and trying to install viruses on target computers.

The first line of defence is your home network. It needs to have a secure firewall. Due to the possibility of there being flaws or backdoors in commercial routers, it’s probably best to use a well tested open source router such a m0n0wall or pfSense. If you have wifi, it needs to be secured with WPA2 and a very strong password (i.e. at least 60 characters, and a mix of upper/lowercase letters, numbers and punctuation.)

Physical security of your PC is important. Make sure you can see the back of it, so that if someone installed a hardware keylogger you would spot it.

You need to harden your OS from attack. Obviously using a strong password is a start, but really you need to use TrueCrypt to encrypt your entire HDD. Since you can be forced to reveal your password or face two years in prison, you should use TrueCrypt’s hidden OS feature and set up a dummy OS you can reveal the password for. Since there is no way to prove that there is a hidden OS, you are protected. Be sure to make the dummy OS look realistic – it needs to have files saved on it, applications installed, the web browser used. You should use it at least once a week to keep file access dates current. If possible, it should be used for non-sensitive use regularly.

There is are vulnerabilities in TrueCrypt if the attacker has physical access to your PC. Firewire and PCMCIA ports can be used to dump the computer’s memory and recover the encryption key, as well as read files off the HDD. It is therefore necessary to disable Firewire and PCMCIA ports. I have seen devices that exploit this vulnerability in use. You should also disable the Windows “autorun” feature on all drives to prevent similar attacks via CDs or USB flash memory. The workstation should remain locked when not in use, and require a password to unlock. The system should be powered down as often as possible.

In theory if an attacker has access to the machine while an encrypted OS is loaded, they could recover the key from the computer’s RAM, either by rebooting it into a special Linux OS or by removing the RAM and placing it in another PC. The best defence against this is to prevent the attacker gaining access to the key in RAM by performing an emergency shut-down (i.e. press the power button). TrueCrypt will clear the key on shut-down. Setting the BIOS to do a full memory test and setting a BIOS password do it cannot be disabled will erase the key during the POST cycle. None of this is foolproof.

An alternative method would be to use an OS that leaves no traces on the PC for sensitive things, such as a Linux Live CD. TrueCrypt could be used for data storage, with the above issues in mind.

Securing the OS against police viruses and keyloggers is vitally important. Up to date anti-virus software from a non-UK company (e.g. Avira) is essential. Never open email attachments. Use a secure browser such as Firefox, with Java/Javascript/Flash/etc disabled. Make sure your PC has it’s own firewall as your network may be penetrated, either via WiFi or another virus infected PC.

For accessing the internet, at a minimum you should use a VPN service terminating in a less draconian country. Relakks seems to be a possibility. Using Tor is also a good idea. Any internet related software needs to be carefully checked for security. Using open source software is a good idea. Remember to validate any checksums available on downloads.

At all times remember that all communications and movements of your mobile phone and car are being monitored. CCTV is everywhere, and virtually unavoidable. Plausible deniability is the key. Try to avoid anything that can create a paper trail for police fishing expeditions. If you think you details may have been compromised (e.g. bank details, identity theft) report it immediately – the police usually don’t bother to check but it will be of vital importance in court.

Even if you do all this, all it takes is to be in the wrong place at the wrong time to have your life destroyed:

‘I was falsely branded a paedophile’ (BBC News)
Police witness on perjury charge (Men’s Aid)
Student researching al-Qaida tactics held for six days (Guardian Online)
A hard look at file-sharing evidence (BBC News)
Judge rules out child porn charge (BBC News)
Four suicides in child porn case (BBC News – most of the accused were later cleared)

Natually the spokesman for Liberty they had on was worried, pointing out the huge civil liberties issues when a man (remember, all paedophiles are men) cannot go to a public park on his own. The members of the public who rang in only seemed to care about protecting their kids though, which while understandable does bring me to the point (finally) of this post: it seems like most people are too stupid to think for themselves.

There is a lot of hysteria thanks to newspapers using paedophiles are boogy men, hiding in every bush and outside every school, ready to snatch a child away. Of course, most victims are abused by someone they know, not grabbed off the street. Would a paedophile be so stupid as to go into a public park, surrounded by adults and masses of CCTV, and try to snatch or lure a child away? It just doesn’t happen that way, and it should really be obvious to anyone who has thought a little bit about it and bothered to find out the most basic facts.

The result is the kind of idiots who called the show today, more than happy to throw away basic freedoms for a little bit of extra cotton wool to wrap their kids in. One poor caller had apparently been sitting in his van outside a park, eating lunch when a man shouted “pervert” at him. It makes you wonder, if a paedophile really did do something to draw attention to themselves, would anyone try to stop them for fear of being branded one too simply by going near a child? If you saw a child on their own in the street, crying and looking for their parents, would you help them or would you be scared of some idiot thinking you were trying to abduct them?

I know I would think twice.

The real problem is that the majority of people don’t seem to see a problem with things like this. They just hear “paedo” and will accept anything, no matter how draconian. It’s not just crimes against children though, it’s just about everything. The BBC Have Your Say pages are full of Daily Mail reading dipshits who can’t seem to tell some journalists rantings from fiction – they appear totally disconnected from reality, unaware of the situation in the real world and unable to understand or consider opposing points of view because the arguments don’t fit into their skewed world view. Worse than that, it seems like a lot of them are not even capable of rational, logical thought – they simply cannot work an idea or argument through in their own minds.

Maybe I’m being pessimistic and there is some huge, silent majority who are not like that, but all the evidence suggests otherwise. The Sun and the Mail are the two most popular papers in the UK. Speaking to random people seems to back this up. Not very scientific but the people who have presumably done some scientific research on the general public – the political parties – seem to agree too judging by their policies.

I wish I could see a way out of this, but it’s difficult. I think a lot of the problem stems from us never having had a revolution, only a half-arsed civil war that was based on religion rather than ideals of freedom and equality. Maybe people are no less stupid in other countries… Well, okay, maybe not that much cleverer, shall we say, but because they have cultural ideals they can at least try to move things in the right direction.

The tech discovered two criminals on the database with remarkably similar DNA, close enough in fact to satisfy a court of a match in most cases. One was white, the other black. She went on to discover nearly 1000 more matching pairs.

Police in the UK are still using discredited Low Copy Number DNA evidence, despite it being the cause of the collapse of the Omagh bomb trial. In that case there were also two people that the DNA pointed too, one of whom was a schoolboy living in England.

Claims that the chances of a false DNA match are billions to one are now clearly discredited, yet the police carry on using DNA in this way and relying on it in court. Unsurprisingly, lawyers are now starting to demand extensive database searches and finding their own expert witnesses to counter this. Like fingerprint evidence, it appears that soon DNA evidence will be reduced in importance and police will have to rely on other, more traditional forms of proof when bringing a case.

It will be interesting to see the outcome of the Barry George re-trial too – yet again, forensic evidence (a single particle of gunpowder) has been overstated at trial.

http://petitions.pm.gov.uk/3partyccs/

Currently, you are not protected by your credit card company when paying for stuff with a credit card using PayPal, which basically means when buying anything with credit card on eBay too.

The problem is that by using PayPal, it ends up being two separate transactions. First, you send the money from your credit card to PayPal which is one transaction. Then PayPal send the money to the seller, which is a separate transaction. As banks are only required by the banking code to investigate transactions you participate in, if there is a problem with the item or seller they won’t help.

The petition asks for this loophole to be closed, so that banks are forced to properly deal with PayPal issues. Since PayPal themselves basically make it impossible to resolve anything properly through their own system, I think it’s important that you can ask your bank for assistance or to do a chargeback.

Many people simply respond with rather extreme cases, demanding answers to questions such as “can I see your credit card records then?” or “would you mind having cameras in every room of your house, including the bathroom?” These kinds of arguments are not that helpful, because they don’t show why some limited surveillance by government agents (police, secret services, even local councils) is not acceptable. The typical argument is that if some small loss of privacy (and privacy itself is a horribly undefined and vague word) then it should not be a problem for anyone not trying to conceal illegal behaviour.

Privacy is not really about hiding potentially bad things like crimes though. Humans are social creatures, and it is easily demonstrated that surveillance causes “chilling effects” – people change their lawful behaviour, despite not having done anything wrong or there being much theoretical likelihood of potentially embarrassing information being exposed to the public.

A good example would be the recent case involving Kevin Bankston, a smoker. Google has been photographing streets in the US and then allowing people to browse the photos on the web. Those who have nothing to hide should have no fear of this, since their lawful actions in public should not be a problem for them. However, Mr. Bankston has been keeping the fact that he was a smoker secret from his family, and Google exposed him. Smoking is perfectly legal, of course. In the UK similar schemes have been tried, such as allowing people to view local CCTV on their televisions at home.

Because of surveillance, people are often not willing to say or do things they otherwise might. That is not just a loss for the individual, it’s a loss for society as free speech and the free flow of ideas is harmed, as is freedom to engage in any lawful activity one chooses. For example, a person might wish to protest against the cult of Scientology, but doing so will certainly invite extra surveillance such as having CCTV cameras pointed at you and the police pointing cameras at you. The police could potentially monitor your phone calls or email, just to make sure you are not planning any illegal action.

Compare this with East Germany of Soviet Russia. Even people behaving legally were constantly monitored, which resulted in oppression of political expression and freedom. In theory, those people should have nothing to hide, but surveillance is akin to investigation and like it or not does affect the way people behave and think. Fear that information may be erroneously recorded or misinterpreted, saved and used against an individual at a later date is unfortunately both strong and real.

Much information gathered on individuals cannot be challenged or even viewed by that individual. The Police National Computer is an obvious example. It certainly contains many errors, but no individual has the right to examine the data held about them or to have errors corrected.

Worse still, technology makes aggregation – the combination of many small bits of information – much easier. People argue that giving up small items of information should not be of concern to someone with nothing to hide, but in combination these many small pieces can be used to build up a detailed picture of an individual, and infer even more. Such information is now being used to try and predict behaviour in the future, and it is pretty hard to refute potential future actions.

How data is handled and used is also a big issue. Taking national ID cards as an example, it is not clear who will have access to data on them and how it will be used. For example, should Blockbuster be allowed to require an ID card as the only acceptable proof of ID? How will NHS staff be prevented from checking to see if a particular person ever had an STD and leaking that information to the press or that persons friends?

What if you campaign in favour of choice for women seeking abortions, and your address is made known to pro-life campaigners who then turn up at your house to protest and harass you? You broke now laws, have nothing to “hide”, but expect a certain degree of privacy when it comes to private details such as address.

The question of oversight and accountability is key here. The government and acquire virtually any information they want if they can show good reason for needing it, such as investigation of a crime. The police have the power to obtain normally private information in certain circumstances, as do many other bodies for whom the information is pertinent (social benefit agencies, for example). The key is that generally they must show a non-trivial reason for needing the information, such as strong suspicion of a crime.

7840503105526216071103157865574030473816135816274075
6659995647367689887704190271686800028652662117436767
3277367311120646735130020647991793716906378068496038
1695401876427914616971423241556196069007992684776810
7140421413129977448963987771460202578977180817576301
0637945407349920630842274701733252363545567191751200
8418817060739478022487892365696480484556391288052670
8409265757194997631649105684044991085523359617979771
5537165589804778865387221835889651966246386788137233
1462875349602216664841504764233358486811183290582291
5278275287922576877967530552582820747972639422108865
3395380485315505521832314901913360126089945951144684
5540895433481351775188493888336736897213647236632858
513568396609123

(C) 2008 MoJo. Creative Commons Licence. By using this number you agree to the licence.

This number is a prime, and the decimal representation of a PNG image file that I created, and is copyright me. It’s quite a nice number I think, ending in a rather satisfying 1-2-3.

I figured, since some companies think they can own a number, I guess I can too and it would be cool to have one! What companies am I talking about? Well, the AACS LA for one, who apparently own 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0. Here’s a picture of their property:

The RGB values of the bands represent the number, plus C0 on the end. That number also happens to be one of the cryptographic keys used for the DRM on the now obsolete HD-DVD discs.

Actually, they don’t own copyright on the image above, but then again it is an image representing their copyrighted number in a different form (like writing it in a different language). If I write “するだけ” (Just Do It(TM)), does that infringe Nike’s copyright even though it’s in a different format? Well, actually Just Do It(TM) is a trademark, but it was the first thing that came to mind…

I think really the issue here is that copyright law is not really adapted to the digital age. For a start, anything you can store on a computer can be represented by a number. When you download files from BitTorrent, you are really just downloading a big number. Encryption keys are numbers too, as the AACS LA knows, but it’s somewhat unlikely that they could claim ownership of a number…

In fact, under the US DMCA law, there are quite a few possibly illegal numbers. The DeCSS program, for example, which decrypts DVDs and is outlawed by the DMCA can be represented by the following prime number:

4856507896573978293098418946942861377074420873513579
2401965207366869851340104723744696879743992611751097
3777701027447528049058831384037549709987909653955227
0117121570259746669932402268345966196060348517424977
3584685188556745702571254749996482194184655710084119
0862597169479707991520048667099759235960613207259737
9799361886063169144735883002453369727818139147979555
1339994939488289984691783610018259789010316019618350
3434489568705384520853804584241565482488933380474758
7112833959896852232544608408971119771276941207958624
4054716132100500645982017696177180947811362200272344
8272249323259547234688002927776497906148129840428345
7201463489685471690823547378356619721862249694316227
1666393905543024156473292485524899122573946654862714
0482117138124388217717602984125524464744505583462814
4883356319027253195904392838737640739168912579240550
1562088978716337599910788708490815909754801928576845
1988596305323823490558092032999603234471140776019847
1635311617130785760848622363702835701049612595681846
7859653331007701799161467447254927283348691600064758
5917462781212690073518309241530106302893295665843662
0008004767789679843820907976198594936463093805863367
2146969597502796877120572499666698056145338207412031
5933770309949152746918356593762102220068126798273445
7609380203044791227749809179559383871210005887666892
5844870047077255249706044465212713040432118261010359
1186476662963858495087448497373476861420880529443

Anyway, remember to list me as the source if you use my number. Thanks.