I strongly suggest being aware of legal issues in your jurisdiction before attempting to obtain any of the publications mentioned in this blog post.
Someone once asked me why I’ve never read the Anarchist’s Cookbook.
- I’m not interested
- I can’t be bothered
- I don’t want to go to prison in the UK
Today it came to light that the Terrorism Act has been used in a particularly ironic way.
A local 25 year old man from Bolton, Greater Manchester area suffered a break in and handed some CCTV images to police on a memory stick. Whilst investigating they found some other information on the device which
contained details about the toxin ricin, assassination and torture techniques and instructions for making improvised explosive devices.
There is also some other evidence a letter, a photo of him holding a gun in Pakistan, an alleged “shopping list” which I accept may be deciding factors in the case, however a large amount of the press surrounding the case are focusing on the information he had.
Handily, the press has named the information as some documents known as “Improvised Munitions Handbook and Unconventional Warfare Devices and Techniques”.
I didn’t feel any need to “look inside” said book or buy it. I’m confident in Amazon enough to believe that both are possible and confident enough in the operational parts of the UK justice system that looking at it could cause me considerably more trouble than it’s worth.
Who in their right might would publish such books you might ask? It must be some anarchist terror group right?
Actually, it’s “Pentagon Publishing” – aka the US Army/The Department of Defence.
So let’s be clear here: a UK citizen has been jailed for two years for downloading a pirated version of a publicly available allied armed force’s US Army field manual.
Should people expect to get charged for reading the Wikileaks Afgan War Logs on the basis they may come across some descriptions that could be useful for nefarious purposes?
When I was a child my parents gave me a copy of “The SAS Survival Guide” (published by Collins GEM). This contains lots of animal trap designs and deadfalls that could easily take out humans I guess (and it states this in big warning letters). Perhaps
Frankly, from a personal point of view, I’m not interested interested in reading or acquiring military manuals etc. In fact I’m largely pacifistic, however it’s not that I feel there should be a second amendment style right to bear firearms in the UK; quite the opposite. It’s ridiculously hypocritical to jail someone on the basis of publicly available information obtained from an allied military force.
Who says that hiking has nothing to do with digital rights? Today I walked up Bowfell in the Lake District (from Dungeon Ghyll, Langdale) in the beautiful snow!
Any analogue or digital boys and girls are more than welcome to come hiking sometimes and chat about their thoughts and concerns. Hiking transcends usual boundaries.
I am very tired now thoug; as my friend Zhelyo said,
“Being alive can be too much fun sometimes!”
On the 1st of March, I will start my fifth year of blogging. It’s had various incarnations over the years and I did have a website before that, but I thought this not-very-impressive birthday deserved a bit of a celebration.
“Well Tim”, you smugly point out, “shouldn’t your Happy-Birthday-To-Me post be on the first of March, not sometime in, what is this, January?!”
I thought, possibly, just possibly, I could be more interesting than a self-congratulatory post on a predictable date.
Therefore, I want to post a blog post, everyday, for the month of February. What’s more, I want to challenge my friends, my colleagues … neighbours … pets etc to join me.
- Your blog must be public
- Virals/Images/Videos posts are allowed, but only if you comment somehow on the content.
- 1 post per day, for 28 days of February, by the same person
A: Why not? Being able to write coherently, repeatedly is a valuable skill. Doing it on your own can be boring/lonely. Knowing other people are also having to rush for the 23:59 deadline is somewhat warming.
Q: Your blog posts are already boring? Why do you want to write more?
A: I’m glad you want to find out more. Click here.
Today we found out that O2 had screwed up their mobile internet proxy settings quite epically and had sent customer phone numbers to millions of websites, worldwide, as a matter of process, presumably by accident.
We already know this from the fantastic investigative works of O2 customer and twitter user Lew Peckover, a 28 year old web systems administrator working in the field for 10 years.
To be able to downscale images, insert things into HTML pages etc. O2 must route your web queries through a HTTP proxy. As well as the things mentioned above, the proxy is adding an extra HTTP Header to outgoing requests. This header contains your mobile number.
Lew created a website to let people see this in action; let’s look at an example:
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3
Accept-Encoding: gzip, deflate
From the top line we can read information about the device and browser, from lines 2-4 we can read about how the phone is setup and what kind of content it likes to recieve and then, there it is, the header that contains your phone number.
As various MVNO‘s like Tesco and GiffGaff use O2′s technical backbone, they’re also affected, though it’s suspect that it’s not affecting all users.
So the big questions I can imagine people are asking now:
Who has my mobile number? Will I receive loads of nusiance calls? Does Facebook/Google/Microsoft/Your Mum have my mobile number?
Short answer: Theoretically any website one has visited recently on your O2 phone will have received it. They probably didn’t know they’d received it though and I suspect probably didn’t think to save it. I’d doubt that anyone will have acquired anyone’s phone number via this message, however, clearly it’s quite an epic security failure because the oppotunity for this happening is high.
Did this happen on purpose?
Short speculation: I highly doubt it. I suspect the issue occurred because O2 wants to track which customer is responsible for traffic as it goes into their land of HTTP proxies so I suspect they have a rule to use DPI to insert this header into each query – it’s an unique key that they can track to every customer. I suspect the way it’s supposed to work is that on the way out of their cluster of web proxies (doing censorship, image rescaling, etc) they should have a rule to remove the header and thus pass all the HTTP requests up to the internet unmodified. My suggestion is that someone probably misconfigured the rule to “look for this header and remove it”, probably by misspelling the rule they were looking for. It’s an easy sysadmin mistake to make.
Shouldn’t O2 have policies in place to deal prevent stuff like this?
Oh yes. I’m sure they do. I’m sure they have change control systems that I could write novels about. Stuff still slips through though. Was this preventable? Almost certainly, but only O2 knows for sure.
What are O2 saying about this?
Well, I’m sure we’re going to see a mediastorm, some big O2 apology and some PR theatre where someone apologies to 02 and twitter is awash with complaints.
However, currently, some numpty at O2 twitter support thought the following response would make sense:
Hi Lewis. The mobile number in the HTML is linked to how the site determines that your browsing from a mobile device #O2Guru
No, you are not a guru. Lines 1-4 of the header do that. Look at line 5. Yep – there’s the issue.
Currently they’re saying it’s their “top priority” and they are “looking into it as we speak” aka they’re frantically paging technical guys and working out how to write the press release; basically the first few scenes of the PR theatre.
What should O2 do?
Well, all they can do is fix it, try not to do it again and apologise profusely to their customers.
What’s the legal perspective?
I’m not a lawyer, however I think that the Information Commissioner’s Office should look into the incident with regards to compliance with the Data Protection Act 1998. The ICO should deal with the case as they see fit.
Is new legislation needed to prevent this from happening again?
No. This looks a lot like a technical mistake. In my opinion, the DPA covers this well enough and if anything should be given extra teeth, it should be the ICO in being able to investigate things like this.
How does this affect you, Tim?
Well, I’m not an O2 customer, but this could very well have been any mobile network carrier, anywhere in the world. I’m interested in how this will play out and obviously I’m concerned about the theoretical potential implications, even though personally, I think the actual risk, is relatively low. I’d be quite peed off if this had happened to me.
How can I check if it’s been fixed?
Visit this website on your phone. Do you see your mobile number at all? If yes, it’s still broken, if no, it’s fixed.
In reference to Labour MP Tom Harris forced to resign as Twitter tsar
So we can wave good bye to MP Tom Harris as the “Government’s New Media advisor”. I’m not quite sure what that means, but I’m guessing it’s some kind of nominal position resignation to save face.
So for just a second, forget what you think of Labour, the SNP, Scottish Independance, whether you like Tom Harris etc and let’s just concentrate on what actually happened, because it’s actually quite interesting.
Tom Harris took the well know Downfall/”Hitler reacts to” meme which rose to prominence in 2009 (described here on KnowYourMeme) and did a version about Alex Salmond/Scottish Independence.
He is being criticised for subtitling the video so that Hitler is a parody of Alex Salmond. I think the key word here is parody - it’s not a actually footage of Hitler himself – it’s a clip from a film – with actors – that has been re-subtitled millions of times before. The Telegraph even did a whole article including links to 20 of the best parodies.
If The Telegraph – an organisation not well known for edgy or deliberately controversial reporting – can view it as a style of humour to share with their readers, is it really worth the storm in a teacup this has become?
Tom Harris’s clip is quite a dull and tedious version of a worn out internet meme and I think I’d agree with the SNP spokesperson who said it was “silly and negative” but I still dispute it’s reasonable grounds for a sacking or a public kicking. The key point is that actually it’s not the spoof of Alex Salmond as Hitler that makes the video negative but because of the content of the subtitles.
An interesting fact that no one seems to have drawn upon yet, is how the clip is quite clearly casual Copyright Infringement. Under the Digital Economy Act, Tom Harris would quite be eligible for disconnection if he persisted in uploading copyrighted content without a licence another two times so it’s good to know he doesn’t support the bill. Oh wait, actually he abstained, which is pretty much a green flag of approval.
The technology which allowed internet memes to become mainstream, also brought with it, it’s own set of laws. Perhaps if Tom Harris had known of Godwin’s Law, then then he’d have known that this wasn’t a wise move:
there is a tradition in many newsgroups and other Internet discussion forums that once such a comparison is made, the thread is finished and whoever mentioned the Nazis has automatically lost whatever debate was in progress
Footnote: Tom Harris & I have sparred in the past. I think he is doing a really good job at trying to unseat himself – which is a shame because The Internet seems to be one of the only things he “gets”.