Feeds

'Guess what: If you use the internet, you’re the subject of experiments'

Plus: MS 'unclear how citizens will benefit' from ODF

QuoTW This was the week when Christian Rudder, co-founder of dating site OKCupid, told the whole world what idiots they were for not realising that everyone on the internet is messing with their minds.

In a blog post addressing his customers and the wider interwebs world, Rudder said:

We noticed recently that people didn’t like it when Facebook “experimented” with their news feed. Even the FTC is getting involved. Guess what, everybody: if you use the Internet, you’re the subject of hundreds of experiments at any given time, on every site. That’s how websites work.

But surely not your own dating site, with customers who trust you to find them a good perfect match, Rudder? Surely you’re not messing around with the awesome power of human lurvvve, are you? Hell yes he is. He goes on to enumerate a number of experiments the dating site has run on its users, that combine to a sad testament on humanity: to whit, dating sites won’t get any traffic if there are no pictures and folks reckon looks and personality are the same thing when it comes to rating dating profiles. He pointed out:

Essentially, the text is less than 10 per cent of what people think of you. So, your picture is worth that fabled thousand words, but your actual words are worth… almost nothing.

But don’t worry, concerned singletons. OkCupid totally does work, as long as the site both tells you that you’re a good match with someone and its algorithm thinks you are, you have a one in five chance of their initial message turning into a conversation. However:

If you have to choose only one or the other, the mere myth of compatibility works just as well as the truth. Thus the career of someone like Doctor Oz, in a nutshell. And, of course, to some degree, mine.

In Tor trouble this week, Russia’s Interior Ministry has posted a tender looking for folks willing to consider hacking into the anonymous network for the princely sum of $111,000. The government wants a company to figure out a reliable way of decrypting data over the network, as long as they’re rated to do secret work. The tender said:

[We seek parties to] study the possibility of obtaining technical information about users (user equipment) TOR anonymous network.

Meanwhile, the Tor Project warned its users that they’d already been subjected to a subtle attack earlier this year aimed at figuring out their activities on the network. The project explained:

In July 4 2014 we found a group of relays that we assume were trying to deanonymise users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.

The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4. While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.

Unfortunately, it's still unclear what "affected" includes. We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up).

The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely.

The hack bears a resemblance to the one that was supposed to be described in a Black Hat conference presentation, which was pulled on the advice of lawyers at Carnegie-Mellon University, where the talk was due to take place. However, neither the uni nor the researchers have said anything, so it’s unclear if it’s the same thing.

Blighty’s government brought a tear to Microsoft’s eye this week when it chose the Open Document Format for the default UK.gov file format. From this week forth, all electronic documents produced and used by Whitehall and other government agencies will have to be ODF, annoying Redmond since it backs its own Office Open XML or possibly a combo of the two. The software giant sniffed:

Microsoft believes it is unproven and unclear how UK citizens will benefit from the government's decision.

In another branch of Blighty’s government, a Lords subcommittee condemned the EU’s Court of Justice ruling on the "right to be forgotten" as "unreasonable and unworkable". The EU subcommittee on Home Affairs, Health and Education said it totally supported the government’s general stance that erasing data off the web at folks’ request was barmy and shouldn’t be in the updated data privacy regulations. It also said the current requirement courtesy of the court just wasn’t working out. Committee chair Baroness Prashar said:

Although this was a short inquiry, it is crystal clear that the neither the 1995 Directive, nor the CJEU’s interpretation of it reflects the incredible advancement in technology that we see today, over 20 years since the Directive was drafted. Anyone anywhere in the world now has information at the touch of a button, and that includes detailed personal information about people in all countries of the globe.

And even if it was a workable solution, corporations shouldn’t be in charge of what stays on the net:

It is wrong in principle to leave search engines themselves the task of deciding whether to delete information or not, based on vague, ambiguous and unhelpful criteria, and we heard from witnesses how uncomfortable they are with the idea of a commercial company sitting in judgment on issues like that.

We think there is a very strong argument that, in the new Regulation, search engines should not be classed as data controllers, and therefore not liable as ‘owners’ of the information they are linking to.

We also do not believe that individuals should have a right to have links to accurate and lawfully available information about them removed, simply because they do not like what is said.

And finally, a leopard interrupted classes at the Indian Institute of Technology in Bombay this week when it chased a dog onto the campus and couldn't be found for days. Students were forced to stay home while the forest department attempted to capture the beast, but after four days, they reckoned it must have wandered off by itself. Professor Rashmi Uday Kumar said:

After searching the entire premises, the forest department has concluded that it has moved out of the campus which it had entered Wednesday.

There was some speculation that being a techie-in-training was a bit too much for the big cat:

Or possibly that it was expelled from uni for improper behaviour:

Ba-boom, tish. ®

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.