Windows 8 - Deeper Impressions

[Tripredacus]

Things certainly may have changed in the past 13 years or so, but I can offer this perspective. I had previously worked at an ISP, but they did not (to my knowledge) have any automatic filter/alarm type system. Their process required a report from another person, a complaint or some other such correspondence from another ISP or corporation.

So a complaint could be made against a person suspected of some illegal type activity. What happens then is that the customer's account gets flagged to the abuse department. If said customer were to call into customer service or support, even for an unrelated issue (for example they may have a service outage and not be aware they are being investigated) the alert would appear to the phone rep and they would not be allowed to talk to the customer. The rep would read from the screen informing the customer they are being investigated for abuse of service and tell them the phone number to call that department.

Now, once a customer is flagged as such (at least then) the abuse department certainly would have access to a customer's emails. Not specifically a user's mailbox as the mail server has many places one can see another's email without logging into an account. A user's mail could be seen in the mail exchanger, the "sorting server" that puts emails in the correct accounts. I would imagine, if situations were dire enough, that a password reset could be done on the account in order to access the inbox... presuming mail is set to be left on the server. In the case of webmail, it is always set to be on the server, although I am not certain how trashed items are handled.

Even so, there were also at least 3 months worth of tape backup of everyone's email. If a criminal investigation is warranted, a user's email history can be restored and inspected. Of course, the ISP or email provider isn't allowed to do things on their own. Only law enforcement can permit the provider to do these things. In the case of a mail filter that searches for phrases or whatever, that would be an apparatus provided by law enforcement for the provider to use. That being said, it is technically possible for certain people at the provider to access any user's email if they so desire, although it would be a cause for termination.

[NoelC]

 it is technically possible for certain people at the provider to access any user's email if they so desire, although it would be a cause for termination.

 

And no technical person would ever think that they could get away with doing technical things like reading data files on a Unix system without being caught.

 

Would they? 

 

-Noel

[Formfiller]

I find child porn abhorrent, but scanning all email for possible crime right out of police-state 101. As Jaclaz said: Why not scan for murders while we are at it? I am sure some algorithm could be made to detect hitman keywords. And while we are still at it: Why not scan for fraud, theft, adultery as well? Once that cat is out of the bag, you won't put it back in anymore. I can already see the cascading arguments forming: "We need to scan for fraud, because fraud can lead to ruined existences, and ruined existences to murder".

 

But on the other hand is almost like a fair collective punishment. The governments and corporations have spent tons of money on internet infrastructure and almost all the major websites are free of charge to boot, as are the cloud services. Yet the public took all these freebies for granted and never thought twice about the hidden cost of it all.

 

Of course we gradually learn that all this wasn't so free after all. The morlocks deep down in the server-caverns now want their share of the surface dwellers and I almost can't blame them.

Edited August 8, 2014 by Formfiller

[jaclaz]

Trip has brought the issue a little sideways from what I meant.

Terms of service abuse is one thing, CP is another (and it is in most countries a crime).

 

Point is not about UNauthorized access (though technically feasible, either leaving or not leaving traces of it) to someone's e-mail(s) or mailbox, but rather about authorized access and extents of this access, and by whom is this access performed.

 

The theoretical procedure for a digital forensic investigator, at least  in the US, read this thread (one of the two stickies on Forensic Focus Forum "General" section):

http://www.forensicfocus.com/Forums/viewtopic/t=1431/

is quite simple:

If - while doing forensic (or data recovery) work - you happen to find even a single image that you suspect could represent Child Pornography, you should immediately stop whatever you are doing and call the Police and Federals, that will seize the storage device and any copy you have made of it.

 

In the UK, though seemingly "softer", there are similar provisions.

 

Since the view and possession of a CP image happens "by accident" and while doing some professional activity, civilians (computer technicians and similar) are generally - as long as they report the matter in a timely fashion - held safe from prosecution.

 

Of course different states may have different provisions, see:

http://www.ndaa.org/pdf/Mandatory%20Reporting%20of%20Child%20Abuse%20and%20Neglect-Nov2011.pdf

 

As I see it, verifying whether an "automatic alarm" was triggered correctly or by mistake would imply checking the actual contents of something that is ALREADY likely to contain CP, it is not anymore an accident (unless of course the "automatic alarm" is way off and has - say - 99% of false positives), it is more like a concrete possibility.  

 

 

Now, the process of "manual review" of the "automatically triggered as suspect" e-mails or mailboxes is something that someone must do, i.e. in practice someone is employed to commit on a daily basis one or more crimes connected to CP.

 

While it is largely possible that the good MS or Google guys managed to get by a Court some form of specific exoneration from prosecution, all the good LE guys (which are actually authorized -within limits - to deal with this material in connection with an investigation or trial) have a specific training and psychological assistance, see this (the other sticky on Forensic Focus Forum "General" section):

http://www.forensicfocus.com/Forums/viewtopic/t=2329/

it is not something that you may allow an intern or a non fully trained, not fully cleared and deemed psychologically suitable to do as a job.

 

So, the question remains, Who are the watchers?

 

jaclaz

[Tripredacus]

Trip has brought the issue a little sideways from what I meant.

Terms of service abuse is one thing, CP is another (and it is in most countries a crime).

It is a point of view difference. The provider is not allowed to enforce the law, that is the job of the police. I used blanket statements and examples in what I wrote. To the provider, committing a crime is violation of the terms of service.

Regarding this particular story, I suspect that the provider was not actively watching the user's activity (although the system should backup everything anyways) and was told to retrieve the data due to a tip or ongoing investigation into that person's activities for whatever reason. It could have specifically been for the published reason, or they could have been under investigation for something else. Who knows!

But interesting how you point out, that the employee at the email provider may also be in violation of the law by looking for these illegal emails! It reminds me of a small town nearby where it is (or was) both illegal to back out or back into your driveway.

[JorgeA]

Seriously, there is a point to be very attentive to.

 

I personally believe that there are few more revolting crimes than abusing of children or dealing with child pornography, but of course it is just where the bar has been set.

 

So, it is morally acceptable that someone peeks in your baggage for "safety reasons" (or in the post package you sent), like for bombs/explosives/weapons when you travel by air, it is morally acceptable to forfait your privacy in order to protect the environment having custom officers checking everything in your baggage when you land in (say) Australia of organic nature that may be infected with any kind of virus/biological threat against which the under-down environment has no defense, and it is also  morally acceptable that in order to prevent direct or indirect children exploitation there is someone peeking in your baggage (or - by the same token - e-mails).

 

But what about murders?

Aren't they a serious crime?

Shouldn't society do whatever technically possible to check that noone is planning the murder of another human being?

 

You've just explained the logic of totalitarianism very clearly. Following the logic, before we know it we have 1984. (If I had any novelistic skills, I would be of a mind to write a "prequel" to Orwell's book, describing how Winston Smith's world came to be. As they say, the road to h*!! is paved with good intentions.)

 

Once one accepts the internal logic of this thought process (because X is bad, we need to be able to nose around and make sure you're not doing it), all of our rights and freedoms are eventually threatened by the excuse that "you MIGHT be doing X." It's a neurotic attitude, rationalized by the fact that yes, sometimes somebody does do it -- like the inscription on the hypochondriac's tombstone: "I told you I was sick!" 

 

That's why IMO the way to attack that logic is from the outside, not accepting the connection between premise and conclusion, and observing that the cure is worse than the disease.

 

 

You don't travel by plane, I believe.

 

Matter of fact, I avoid it as much as possible. It used to be a pleasure to fly, now you get treated like a suspect or worse.

 

Your countryman (a few centuries removed ) Dante Alighieri famously had the sign above the gates of the Inferno, "Abandon All Hope, Ye Who Enter Here." Over the entrances to airports there should now be signs that read, "Abandon All Rights, Ye Who Enter Here."

 

--JorgeA

Edited August 8, 2014 by JorgeA

[JorgeA]

And speaking of this stuff --

 

China tightens grip on instant messaging services

 

Beijing says it has confirmed terrorism-related information circulated through Kakao Talk and Line, the South Korean official said. It was not clear how Beijing had access to messages between users of the two services, which are private and seen only by the participants.

 

Chinese authorities gave no information about which terrorists might use the message services, the official said. He declined to give more details.

 

In May, the government launched a one-month crackdown on instant messaging services to stop what it called the "infiltration of hostile forces." Authorities said it targeted people spreading rumors and information about violence, terrorism or pornography.

 

The campaign targeted public accounts on services including WeChat in China, a mobile message service run by Tencent Holdings Ltd., which has surged in popularity in the last two years.

 

The freedom-squeezing process in action.

 

"Our information management does not allow for any blank space. It would be regulated later or sooner, and it is only a matter of time," said Hu Yong, professor in the School of Journalism and Communication at Peking University and an expert on the Internet.

 

The public accounts have created a new venue for information-sharing, and now "the government needs to block the content which it deems 'harmful,'" Hu said.

 

--JorgeA

 

[JorgeA]

And coming back closer to on-topic:

 

Microsoft posts its worst-ever quarterly Surface loss

 

Microsoft’s Surface range of tablets has posted its worst single quarter loss since its launch leaving analysts to question whether the fledgling slate is still a viable option for the company.

 

Two separate sets of figures show that the Surface line of slates ended up posting negative gross margins for the final quarter of FY2014 and the experiment has ended up costing Microsoft $1.73 billion since it first launched.

 

Score another one for the abomination that is Metro.

 

--JorgeA

 

[JorgeA]

More good news:

 

Windows 9 (Threshold): The Charms bar as you know it will no longer exist on the desktop

 

Today, WinBeta can exclusively reveal that the Charms bar is going away for desktop users. No longer will Charms be accessible by navigating to either the top or bottom right of your screen. [...]

 

 

Microsoft's Windows 'Threshold' expected to add virtual desktops, drop charms

 

Winbeta suggested that Microsoft might eliminate the Charms Bar for desktop users, not tablet users. But my sources say the Charms Bar will be going away completely for all desktop, laptop and tablet users with Threshold.

 

Existing "modern" Windows 8 apps will get title bars that include menus that have the charms components listed. [...]

 

--JorgeA

 

[NoelC]

 

 the experiment has ended up costing Microsoft $1.73 billion since it first launched.

 

Score another one for the abomination that is Metro.

 

 

What I want to know is how, in the same Dilbert world where some poor employee has to write a tome of justification to get a company to buy him a new computer (and probably not even a very good one) with which to do his job, some executive gets to embark on such a gargantuan turkey of a project and stick with it for SO long.  Then walk away with hundreds of millions of dollars himself (presumably for doing such hard work).

 

Why aren't there arrests?

 

-Noel

[jaclaz]

@Trip

I mean crime as crime (meaning #1):

http://dictionary.reference.com/browse/crime/

 

A crime is prosecuted under criminal Law by the State.

 

A violation of terms of service is - before anything else - a civil matter, that may additionally involve a crime.

 

The first is something the provider may react directly to by suspending service, cashing the deposit (if any), suing the violator, etc., all in all it is about money.

The second is something that the police or competent State agency will take care of, and it is mainly about sending violators to prison and protecting other people from their criminal actions.

 

jaclaz

[JorgeA]

Hackers, hacked:

 

FinFisher Government Spy Software Secrets Revealed by Hackers

 

--JorgeA

 

[JorgeA]

In other cyberprivacy and surveillance news:

 

John McAfee at Def Con: Don’t Use Smartphones

 

On the subjects of privacy and security, McAfee said smartphones are spying on American consumers, who don’t bother to read user agreements. “The most promising privacy thing is stupid phones,” he said. “I’m dumping all my smart phones.”

 

 

Fear and Loathing Over Russia’s Anonymous Wi-Fi Ban

 

Russia this week ordered users of public Wi-Fi networks to identify themselves in order to access the internet, causing confusion among officials and providers and alarming users already worried by growing state control over the web.

 

The move, approved this week by government order, was the latest in a series of measures imposed this year to tighten internet regulation. While some European countries have similar requirements, civil-rights advocates say its application in Russia is more worrisome.

 

“If you look at it in in the context of everything else that has been going on in the area of Internet regulation in Russia lately—the blogger law, the ban on keeping data of Russian Internet users on foreign servers— this is perceived as a threat by the Russian Internet community,” said Tanya Lokshina, Russian program director at Human Rights Watch, referring to new regulations imposed on bloggers and restrictions on offshore storage of data.

 

--JorgeA

 

[JorgeA]

Win Phone 7 users aghast Microsoft axed Skype for their phones

 

Owners of Windows Phone 7 smartphones are apoplectic that Skype no longer works on their devices.

 

Commenting on the official Skype support forum, affected users say they're in disbelief at Microsoft's decision to not only stop support for Skype, but go further and make it unusable on their smartphones.

 

A number of those complaining are heavy Skype users, so losing access to it from their Windows Phone 7 devices is crippling to their daily work and life.

 

To make matters worse, these people find themselves unable to upgrade their smartphones to Windows Phone 8 or 8.1, because Windows Phone 7 devices don't support the newer OS. So in order to use Skype from a mobile phone they'll have to change their devices.

 

Microsoft is bidding strongly to become the anti-Dale Carnegie. Their own motivational guidebook could be titled, How to Lose Friends and Negatively Influence People.

 

Way to go, folks. I am SO glad I never bought one of your Windows Phones.

 

--JorgeA

 

[JorgeA]

And while we're on THAT subject   ...

 

Microsoft to drop support for older versions of Internet Explorer

 

Starting January 12, 2016, Microsoft is changing its list of supported Windows configurations. Effective that date, the company said in an announcement today, “only the most recent version of Internet Explorer available for a supported operating system will receive technical support and security updates.”

 

Support for the five-year-old Internet Explorer 8 will be dropped completely for Windows desktop and server releases. On mainstream PCs, Internet Explorer goes into the same bucket as Windows XP, which reached its end-of-support date in April 2014. Microsoft will not release security updates for Internet Explorer 8 on desktop versions of Windows after the first Patch Tuesday of 2016 (security updates for Internet Explorer 8 will continue to be available after the cutoff date for a handful of embedded operating systems).

 

I tried IE10/11 and I found it much harder to find the scrollbar button on the right, which used to be a distinct 3D image but in recent IE versions has become a solid rectangle that's hard to pick out at a glance from its surroundings (no matter what solid color I give it, and solid colors are apparently the only options).

 

And on my Vista systems I'm hanging on to IE 7 or 8, which I find much more visually appealing, in addition to the fact that -- unlike later versions -- they offer a status bar at the bottom that gives useful information. (Sadly, Classic Shell doesn't or can't restore all of the status bar's features.)

 

So now they're trying to herd everyone into IE11. Hmm -- I can't stand the dingy look of Chrome and its UI imitators like the new Firefox. OTOH, Pale Moon hasn't been a resounding success on my systems as it has problems printing Adobe PDFs (they often come out as garbage) and for whatever reason (I've spent far too much time researching this on the PM forums) it has trouble playing a lot of videos. So ultimately I will have to settle for a mediocre browser experience from somebody. FF with the Classic Theme Restorer might be the least unaccceptable option.

 

Another halfway acceptable approach would be for the Classic Shell folks to create a 3D scrollbar button, but to judge from the lack of response (one way or the other) to such requests on their forum, they appear to have zero interest in this particular UI improvement. (It would be nice if they'd at least comment on it.)

 

--JorgeA