A look at data retention and law enforcement
Ever since Cryptome was shutdown via a DMCA request by Microsoft, I have been itching to compile a small table that shows how long it should normally take before a popular online service deletes your account. This really applies to just American law enforcement officials, but I am certain that the rules for data retention are the same internationally barring any privacy laws.
So if you're looking to disappear or choose "the right service", this may be a handy little guide to show you how long it takes before your "private" data is deleted off of these systems. This is not a guide on how to delete your items off of these services for the purposes of thwarting law enforcement, but rather a guide to show you how these companies are engaging in data storage.
And for the record: I have been following Cryptome for years and if you're not making it a part of your daily digest, you should.
Rogers and their idiocy with Android
You think that the whole malarky with Rogers not paying HTC for upgrades to Android is bad? Look at the garbage that I have gone through with my newly-acquired HTC Dream. Why is it that the lone GSM provider in the country has the most inept managers and network technicians?
If Rogers was serious about a revolution with the HTC Dream, then this is certainly a hell of a one.
Ed (20:50 PDT): Added a section on Rogers' stupidity with Blackberries. Oi.
Great Clips violates your privacy!
A visit to a Great Clips location on the weekend proved to be an annoyance more than a necessity. Here's a letter of complaint I have sent to their corporate head office. I also forwarded copies to two other organizations to ensure that this matter is looked at.
Repost: I do not accept your forced firmware update
Being that I had to endure the bullshit that Rogers placed upon me with my HTC Dream, my friend, Luke had something to say:
Hello Rogers Communications Inc,
I do not accept the premise that you can disconnect my paid data service unless I install your firmware on my device.
I understand and appreciate that you want your customers to be running stable, secure, bug-free phone software/firmware. However, I do not accept your premise that the only path is for me to install your firmware when you say. My phone is a small computer. I'm sure we'd both agree that it would be ridiculous for your Internet Service Provider to mandate what operating system you ran on your home PC or laptop. This is essentially the same issue.
Right now, as a customer of your service I have two options:
1) Use the firmware you give me. If I bought my phone from you I have firmware that you've chosen. I do not have access to details (read: code) describing what it does, it has no regular update schedule, it is locked down (restricting my freedoms), it is extremely slow to receive security updates (eg: a critical 911 fix left un-fixed for 4 months), the update process is bulky and difficult and it does not receive community support to add new features and improve it.
OR
2) Install the firmware I want to use. I can gain administrative access to my phone, and then install custom firmware created by an active open source community. I have full access to the source code (meaning I can verify it as well as improve it), I regularly get new features and performance improvements, security updates are available within days of discovery (eg: the 911 GPS fix), has an amazing built-in firmware updater ("over the air") and has an extremely active community for support.
I assert that provided that my device functions correctly on your network, I should receive the service I pay for regardless of the software or firmware running on my device.
I would strongly advise all Rogers customers with HTC Magic or Dream phones to immediately take steps to remove the locked down Rogers firmware on their phone, and replace it with the high quality open source "Cyanogenmod" firmware. Rogers customers should attempt the process themselves, or get in touch with their local hackspace and ask if anyone can help.
Rogers, I will not assume any bad intent on your part with this update. You are new to this new world of next-generation phones (via Android), and likely do not yet have business processes in place to enable fast turnaround on security issues or the core abilities to quickly backport features and add new functionality to the firmware your customers use. It is great that you are fixing this GPS/911 bug (finally) for all your customers and pushing out a firmware update, but do not force this on customers that have had this issue fixed for months and are running much better, newer firmware.
Rogers, please focus on building a solid network and trying to give me the best data service at the best price.
Thanks,
Luke Closs
I hope to $deity that Rogers fulfils their statement to me of giving me a month's worth of data for free. I am also overlooking my existing contract to see if I should just as well leave the carrier.
And for the record: I didn't bother with the plan in my previous entry. I am going to wait for WIND's arrival here in Vancouver this upcoming June and then decide on what I'd like to do.
Dealing with Rogers in the face of the incoming WIND
Being that WIND is still about 4-6 months away from reaching here in Vancouver, my options for my choice of mobile phone carrier are still limited to Rogers, TELUS, and Bell. Fortunately, all three carriers are running UMTS networks in the city, but being that they have a triopoly, my ability to get a better deal is still quite limited.
However, it seems that Rogers will bend to keep me even though I am within contract.
It works like this: my plan compared to WIND's offerings is $20 more than it really should be. With the time remaining left in my contract, it would be only a few months to recoup the losses incurred by the early-exit. By explaining this to the the rep, she worked out the following for $10-less than what I am currently paying:
- 200 daytime minutes
- 1,000 evenings/weekends (starting at 7 PM)
- Rogers-to-Rogers calling
- Voicemail
- Caller ID
- 1 GB traffic (2x what I have now)
It works out to be slightly better than what I have now and is $10 cheaper. I also get twice the data that I had before.
How does this stack up to WIND? Well, what it means here is that while I will not necessarily get WIND features (such as 5 GB traffic limits and no overages charges, just traffic shaping), I won't have to spend as much staying with my current carrier. On top of that, Rogers is requesting that I extend my subscription by a year to get this sort of pricing.
The last part is making it a bit harder to jump. Do I stay with Rogers for a few more months until WIND makes it way here and then try again, or do I take a gamble and just stay put?
I believe that I will check out TELUS and see what they have to say also.
Security issue: WRT54G-series routers and improper setups
Back in the early part of this year, it was made aware that there is a worm that can infect routers, but now it seems to me that a related attack vector is possible if the router is mis-configured. In this case, it involves WRT54G-series routers that are capable of running DD-WRT (or anything related) and their ability to allow for tunnelling via SSH.
Simply put: the same exploit that the Psyb0t worm employs is easily doable by virtually anybody and can be done without having to scan for exploitable hosts on your own.
Can’t be at 26C3, but the next best thing!
Today, down at VHS:
While I cannot be with r0d3nt or RogueClown at 26C3: Here Be Dragons, I can at least be there in spirit by watching the (somewhat broken) stream.
Feel like joining in? Check this out.
My problem with the Olympics
I didn't want to go a whole month without a blog entry and there has been a huge cloud that has been hanging over my head with regards to the upcoming 2010 Winter Olympic games here in Vancouver. For most people, the excitement of the world watching our city display some excellent achievements in sporting activities has created a disconnect between what they think is going to happen and what is in fact reality.
Announcement: 9/11 Pager search is online!
Since Wikileaks has released a set of pager data from September 11th, 2001, I decided to create a simple search function that will allow you to search for keywords within the pager data.
You can try it out by clicking here. I encourage you to link to this if you find it interesting.
Here are some examples of data I found:
2001-09-11 11:46:34
Arch
[0900949]
ALPHA
butthen is heading home. Thinks maybe you can't get in the building so is going out. F16s have surrounded plane
2001-09-11 09:26:35
Arch
[0928548]
ALPHA
2Planes have crashed into World Trade Center Towers. Attempts to reach Intl. Ops. and UBOC contacts are underway. NewYork1 is currently pingable and viewable on the network. Will page as more information is avaliable. Kris 9/11/01
Note: UBOC (Union Bank of California) was in the north tower.
2001-09-11 10:18:25
Arch
[0959190]
ALPHA
#ePhoneBook@uboc|(From:Wayne) Lost Fed & CHIPS (building collapsed) Lea calling NCC to get a dial-up from MPK working, please follow **************************************************
2001-09-11 12:13:22
Metrocall
[1786392]
ALPHA
Frm:MGeorge Sub: sad Txt: Palestinian gunmen at refugee camps in Lebanon fired into the air to celebrate news of the attacks on major U.S. landmarks and offices.
2001-09-11 16:53:36
Arch
[0935569]
ALPHA
knasheed|Iowe you. VERY sorry for the firedrill. Good news. I'm getting a new sysem today and having my system re-imaged THIS week. This issue will be behind me by COB Friday. Again, pls accept my Karleton
Kind of a bad day to do a firedrill, hey?
Feel free to offer suggestions. I will be adding a few features as I go along.
Follow-up to my previous ScanLife entry
The day after my ScanLife write-up had appeared on this blog, I had received contact from David Javitch, Vice-President of Marketing at ScanBuy, Inc.
In said e-mail, he clarified a few things that I wondered about the software and even offered a chance to be in on future releases under the condition that I sign a non-disclosure agreement--I politely turned the offer down.