Now I don't know how much of this change was due to my public shaming of their security posture, maybe they were going to get their act together afterward anyway. Who knows. However, what I do know for sure is that I got this DM from someone not long after that post got media attention (reproduced with their permission):

Hi Troy, I just want to say thanks for your blog post on the Natwest HTTPS issue you found that the BBC picked up on. I head up the SEO team at a Media agency for a different bank and was hitting my head against a wall trying to communicate this exact thing to them after they too had a non secure public site separate from their online banking. The quote the BBC must have asked from them prompted the change to happen overnight, something their WebDev team assured me would cost hundreds of thousands of pounds and at least a year to implement! I was hitting my head against the desk for 6 months before that so a virtual handshake of thanks from my behalf! Thanks!

But instead of picking a side, researchers said, the trolls and bots they programmed hurled insults at both pro- and anti-vaccine advocates. Their only intent, the study concluded, seemed to be to raise the level of hostility.

“You see this pattern,” said David A. Broniatowski, a computer engineer at George Washington University and lead author of the study, which was published Thursday in the American Journal of Public Health. “On guns, or race, these accounts take opposite sides in lots of debates. They’re about sowing discord.”

Manish is definitely aware of how he and his other fraandship-seekers are perceived by Western women. But he says, “It’s a difficult problem to solve because men speaking to women they aren’t married to — or who aren’t in their families — isn’t usually allowed.” In fact, he later tells me that he’s spoken to very few women in his life, and that the internet has finally allowed him and others like him to speak to women without being worried about their parents or family finding out.

It’s this inexperience with women that leaves them defaulting to what they know best: “What we see in movies, [especially] Western movies.”

“We think if we talk about sex, or we try to act like people we see in films, we will be like them,” Manish explains. “So then, we get [upset] and confused when we’re blocked, or when these girls don’t talk back to us.”

Still, Manish and his friends are undeterred. Blocked or not, rejected or not, they continue to spend hours on other people’s Facebook and Twitter profiles, imagining what their lives are like — and how those lives could be theirs one day. “I will still go to America, or maybe London!” he says as we finish up our Skype call. “Soon, I will go. I do not want to stay here. I want to see the world. By [talking] to you, I’m already doing that.”

This package provides a function to anonymize IP addresses keeping their prefix consistency. This program is based on the paper "Prefix-Preserving IP Address Anonymization: Measurement-based Security Evaluation and a New Cryptography-based Scheme" written by Jun Xu, Jinliang Fan, Mostafa H. Ammar, and Sue B. Moon. The detailed explanation can be found in [Xu2002]. This package supports both IPv4 and IPv6 anonymization.

For the past little while, I've been working on a piece about Toronto's relationship to the alt-right, especially the "manosphere." Unfortunately that research has become relevant. I'm going to share as much as I can here for people who may not be familiar with these movements.

We know that no company, regardless of size, can be trusted with this information. We KNOW it will not stay private, our photos of our partners genitals and tax documents will become public either deliberately or accidentally.

We know that any company that tries to buck this trend can't be trusted, and even if they are completely, absolutely transparent, it doesn't matter because we will wake up one day to discover they were purchased at 2 AM and the data transfer /already started/

We represent billions in revenue but they hold our info in escrow and that means we don't have enough money to buy their loyalty, because a business considers business money more real than person money.

“We have passed the fail-safe point,” McNamee said. “I don’t think we can get back to the Silicon Valley that I loved. At this point we just have to save America.”

Due to a persistent vagueness in targets and refusal to respond to the best arguments presented by those she loosely groups together, Nagle does not provide the thoroughgoing and immanent treatment of the left which would be required to achieve the profound intervention she clearly intended. Nor does she grapple with the difficult implications figures like Greer (with her transphobic campaign against a vulnerable colleague) and Milo (with his direct advocacy for the nativist and carceral state) present for free speech absolutists. And indeed, the blurring their specifically shared transphobia causes for distinguishing between left and right wing social analysis.

In genre terms, Nagle’s writing is best described as travel writing for internet culture. Kill All Normies provides a string of curios and oddities (from neo-nazi cults, to inscrutably gendered teenagers) to an audience expected to find them unfamiliar, and titillating. Nagle attempts to cast herself as an aloof and wry explorer, but at various points her commitments become all too clear. Nagle implicitly casts her reader as the eponymous normies, overlooking those of us who live through lives with transgenders, in the wake of colonialism, despite invisible disabilities (including depression), and all the rest.

This is both a shame and a missed opportunity, because the deadly violence the Alt-Right has proven itself capable of is in urgent need of evaluation, but so too are the very real dysfunctions which afflict the left (both online and IRL). After this book patient, discerning, explanatory, and immanent readings of internet culture remain sorely needed. The best that can be said for Kill All Normies is, as the old meme goes, “An attempt was made.”

In 2015, Reddit closed several subreddits—foremost among them r/fatpeoplehate and r/CoonTown—due to violations of Reddit’s anti-harassment policy. However, the effectiveness of banning as a moderation approach remains unclear: banning might diminish hateful behavior, or it may relocate such behavior to different parts of the site.

We study the ban of r/fatpeoplehate and r/CoonTown in terms of its effect on both participating users and affected subreddits. Working from over 100M Reddit posts and comments, we generate hate speech lexicons to examine variations in hate speech usage via causal inference methods. We find that the ban worked for Reddit. More accounts than expected discontinued using the site; those that stayed drastically decreased their hate speech usage—by at least 80%. Though many subreddits saw an influx of r/fatpeoplehate and r/CoonTown “migrants,” those subreddits saw no significant changes in hate speech usage. In other words, other subreddits did not inherit the problem. We conclude by reflecting on the apparent success of the ban, discussing implications for online moderation, Reddit and internet communities more broadly.

As a child, he was into maths and geometry, the middle child with one sister 10 years older and another 10 years younger. “I heard about this incredible new thing called the internet,” he says, adding how, aged 12, he saw an advert for the Paris science museum where you could try the internet for free. “There were 15 computers and you queued to have an hour free if you bought an entry ticket. I bought an annual pass to the museum and every Saturday and Sunday I’d travel from one side of Paris to the other to get on the internet and see what it was about. I’d go on Yahoo, chat with people on the other side of the world. I didn’t speak great English then so it wasn’t brilliant chat ...”

We built the commercial internet by mastering techniques of persuasion and surveillance that we’ve extended to billions of people, including essentially the entire population of the Western democracies. But admitting that this tool of social control might be conducive to authoritarianism is not something we’re ready to face. After all, we're good people. We like freedom. How could we have built tools that subvert it?

As Upton Sinclair said, “It is difficult to get a man to understand something, when his salary depends on his not understanding it.”

I contend that there are structural reasons to worry about the role of the tech industry in American political life, and that we have only a brief window of time in which to fix this.

When it seemed that the service provider couldn’t sink any lower, they opted to hold Riot to a ‘lag ransom’. Following Riot’s complaints regarding the inexplicable lag the player base were experiencing, TWC offered to magically solve the issue, a hardball tactic to which Riot finally admitted defeat in August of 2015. Before the deal was finalised, lag and data-packet loss for League of Legends players were far above the standards Riot was aiming for. Miraculously, after the two tech companies reached an unpleasant deal, the numbers improved.

The recent movement to get all traffic encrypted has of course been great for the Internet. But the use of encryption in these protocols is different than in TLS. In TLS, the goal was to ensure the privacy and integrity of the payload. It's almost axiomatic that third parties should not be able to read or modify the web page you're loading over HTTPS. QUIC and TOU go further. They encrypt the control information, not just the payload. This provides no meaningful privacy or security benefits.

Instead the apparent goal is to break the back of middleboxes [0]. The idea is that TCP can't evolve due to middleboxes and is pretty much fully ossified. They interfere with connections in all kinds of ways, like stripping away unknown TCP options or dropping packets with unknown TCP options or with specific rare TCP flags set. The possibilities for breakage are endless, and any protocol extensions have to jump through a lot of hoops to try to minimize the damage.

We can't easily fix the already broken devices, we can't easily stop more broken devices from being shipped and we can't easily guarantee that we can fix future devices that end up broken. The only solution I see working at all is to require ISPs to cut people off, and that's going to involve a great deal of pain. The harsh reality is that this is almost certainly just the tip of the iceberg, and things are going to get much worse before they get any better.

Events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach. More than 20 years after Gilmore first coined [his] turn of phrase, his most notable quotable has effectively been inverted — “Censorship can in fact route around the Internet.” The Internet can’t route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity.

Because this was a novel iteration of online anti-Semitic culture, to the normie media it was worthy of deeply concerned coverage that likely gave a bunch of anti-Semites, trolls, and anti-Semitic trolls exactly the attention and visibility they craved. All without any of them having to prove they were actually involved, meaningfully, in anti-Semitic politics. That’s just a lot of power to give to a group of anonymous online idiots without at least knowing how many of them are 15-year-old dweebs rather than, you know, actual Nazis. [...]

In the long run, as journalistic coverage of the internet is increasingly done by people with at least a baseline understanding of web culture, that coverage will improve. For now, though, things are grim: It’s hard not to feel like journalists and politicos are effectively being led around on a leash by a group of anonymous online idiots, many of whom don’t really believe in anything.

But there’s lots in this legislation that should scare the public far more. For example, the proposal that the legislation should allow the retention of “superfluous data” gathered in the course of an investigation, which is a direct contravention of the ECJ’s demand that surveillance must be targeted and data held must be specifically relevant, not a trawl to be stored for later perusal “just in case”.
Or the claim that interception and retention of data, and access to it, will only be in cases of the most serious crime or terrorism threats. Oh, please. This was, and remains, the supposed basis for our existing, ECJ-invalidated legislation. Yet, as last year’s Gsoc investigation into Garda leaks revealed, it turns out a number of interconnected pieces of national legislation allow at least 10 different agencies access to retained data, including Gsoc, the Competition Authority, local authorities and the Irish Medicines Board.

After studying other e-voting systems around the world, the team was particularly alarmed by the Estonian I-voting system. It has serious design weaknesses that are exacerbated by weak operational management. It has been built on assumptions which are outdated and do not reflect the contemporary reality of state-level attacks and sophisticated cybercrime. These problems stem from fundamental architectural problems that cannot be resolved with quick fixes or interim steps. While we believe e-government has many promising uses, the Estonian I-voting system carries grave risks — elections could be stolen, disrupted, or cast into disrepute. In light of these problems, our urgent recommendation is that to maintain the integrity of the Estonian electoral process, use of the Estonian I-voting system should be immediately discontinued.

So, there you have it: Blocking is necessary, except it is not. Safeguards need to be implemented, except they don’t need to be. This approach is legal, except it isn’t. The text is based on the Child Exploitation Directive, except it isn’t. Is this really how we are going to create credible legislation on terrorism?

This site is a companion effort to the techarchives website, except it is less well-researched, and is primarily a personal view of the development of the Internet in Ireland by your humble author, Niall Murphy.

an online home for stories from Ireland – stories about the country’s long and convoluted relationship with information technology. It aims to gather information on the most significant aspects of this relationship, to compile archives on the selected themes, and to store the assembled records for the benefit of future generations.

A collection of bits and pieces of Internet history. Focusing somewhat (but not exclusively) on: (a) the 1980s, when I first started using the Internet, and: (b) Ireland.

The AWS edge network has points of presence in more than 50 locations. Today, it is used to distribute content via Amazon CloudFront and to provide rapid responses to DNS queries made to Amazon Route 53. With today’s announcement, the edge network also helps to accelerate data transfers in to and out of Amazon S3. It will be of particular benefit to you if you are transferring data across or between continents, have a fast Internet connection, use large objects, or have a lot of content to upload.

You can think of the edge network as a bridge between your upload point (your desktop or your on-premises data center) and the target bucket. After you enable this feature for a bucket (by checking a checkbox in the AWS Management Console), you simply change the bucket’s endpoint to the form BUCKET_NAME.s3-accelerate.amazonaws.com. No other configuration changes are necessary! After you do this, your TCP connections will be routed to the best AWS edge location based on latency.  Transfer Acceleration will then send your uploads back to S3 over the AWS-managed backbone network using optimized network protocols, persistent connections from edge to origin, fully-open send and receive windows, and so forth.

Wikimedia and Facebook have given Angolans free access to their websites, but not to the rest of the internet. So, naturally, Angolans have started hiding pirated movies and music in Wikipedia articles and linking to them on closed Facebook groups, creating a totally free and clandestine file sharing network in a country where mobile internet data is extremely expensive.

The Internet is structured to be an open communications medium. This
openness is one of the key underpinnings of Internet innovation, but
it can also allow communications that may be viewed as undesirable by
certain parties. Thus, as the Internet has grown, so have mechanisms
to limit the extent and impact of abusive or objectionable
communications. Recently, there has been an increasing emphasis on
"blocking" and "filtering", the active prevention of such
communications. This document examines several technical approaches
to Internet blocking and filtering in terms of their alignment with
the overall Internet architecture. When it is possible to do so, the
approach to blocking and filtering that is most coherent with the
Internet architecture is to inform endpoints about potentially
undesirable services, so that the communicants can avoid engaging in
abusive or objectionable communications. We observe that certain
filtering and blocking approaches can cause unintended consequences
to third parties, and we discuss the limits of efficacy of various
approaches.

There are very valid technical reasons many of the biggest sites on the Internet have not adopted them. Twitter use HTTP/2 + polling, Facebook and Gmail use Long Polling. Saying WebSockets are the only way and the way of the future, is wrongheaded. HTTP/2 may end up winning this battle due to the huge amount of WebSocket connections web browsers allow, and HTTP/3 may unify the protocols

It appears that more mechanically intensive champions are more affected by latency, while tankier champions or those with point-and-click abilities are less affected by latency.

In the end, sheer political fatigue may have played a major part in undermining net neutrality in the EU. However, the battle is not quite over. As Anne Jellema, CEO of the Web Foundation, which was established by Berners-Lee in 2009, notes in her response to today's EU vote: "The European Parliament is essentially tossing a hot potato to the Body of European Regulators, national regulators and the courts, who will have to decide how these spectacularly unclear rules will be implemented. The onus is now on these groups to heed the call of hundreds of thousands of concerned citizens and prevent a two-speed Internet."

uses the techniques invented by the authors of Paris-traceroute to enumerate the paths of ECMP flow-based load balancing, but introduces a new technique for NAT detection.

'I went to school with Bill. He's a nice guy. But making him immortal is not going to make life better for anyone in my city. It will just exacerbate the rent crisis.'

News of the ban caused a furore on Indian social media, with several senior politicians and members of civil society expressing their opposition to the move. The Indian government said that it was merely complying with the Supreme Court order and was committed to the freedom of communication on the Internet. "I reject with contempt the charge that it is a Talibani government, as being said by some of the critics. Our government supports free media, respects communication on social media and has respected freedom of communication always," Mr Prasad told PTI.

WB: By the late 80s the IANA [the Internet Assigned Numbers Authority, set up in 1988 to manage global IP address allocations] was trying to get all those countries that were trying to join the internet to use the ISO 3166 standard for country codes. It was used for all sorts of things — you see it on cars, “GB” for the UK. [...]

At that point, we’re faced with a problem that Jon Postel would like to have changed it to .gb to be consistent with the rest of the world. Whereas .uk had already been established, with a few tens of thousands of domain names with .uk on them. I remember chairing one of the JANET net workshops that were held every year, and the Northern Irish were adamant that they were part of the UK — so the consensus was, we’d try and keep .uk, we’d park .gb and not use it.

PK: I didn’t particularly want to change to .gb because I was responsible for Northern Ireland as well. And what’s more, there was a certain question as to whether a research group in the US should be allowed to tell the British what to do. So this argy-bargy continued for a little while and, in the meantime, one of my clients was the Ministry of Defence, and they decided they couldn’t wait this long, and they decided I was going to lose the battle, and so bits of MOD went over to .gb — I didn’t care, as I was running .gb and .uk in any case.

Based on our testing, this makes our Happy Eyeballs implementation go from roughly 50/50 IPv4/IPv6 in iOS 8 and Yosemite to ~99% IPv6 in iOS 9 and El Capitan betas. While our previous implementation from four years ago was designed to select the connection with lowest latency no matter what, we agree that the Internet has changed since then and reports indicate that biasing towards IPv6 is now beneficial for our customers: IPv6 is now mainstream instead of being an exception, there are less broken IPv6 tunnels, IPv4 carrier-grade NATs are increasing in numbers, and throughput may even be better on average over IPv6.

curl -s http://checkip.amazonaws.com/

If you're not immersed in the naming business you may find the jargon in it hard to understand. The basic upshot is this: the IPC believes that the mechanisms that were enacted to protect trademark holders during the deluge of new TLD rollouts are being gamed by the .SUCKS TLD operator to extort inflated fees from trademark holders.

Conducting such a widespread attack clearly demonstrates the weaponization of the Chinese Internet to co-opt arbitrary computers across the web and outside of China to achieve China’s policy ends.  The repurposing of the devices of unwitting users in foreign jurisdictions for covert attacks in the interests of one country’s national priorities is a dangerous precedent — contrary to international norms and in violation of widespread domestic laws prohibiting the unauthorized use of computing and networked systems.

In post-Soviet Russia, you don’t make memes. Memes make (or unmake?) you. That is, at least, the only conclusion we can draw from an announcement made this week by Russia’s three-year-old media agency/Internet censor Roskomnadzor, which made it illegal to publish any Internet meme that depicts a public figure in a way that has nothing to do with his “personality.”

Barlow once wrote that “trusting the government with your privacy is like having a Peeping Tom install your window blinds.” But the Barlovian focus on government overreach leaves its author and other libertarians blind to the same encroachments on our autonomy from the private sector. The bold and romantic techno-utopian ideals of “A Declaration” no longer need to be fought for, because they’re already gone.

Have you ever made a phone call, sent an email, or, you know, used the internet? Of course you have!

Chances are, at some point over the past decade, your communications were swept up by the U.S. National Security Agency. The NSA then shares information with the UK Government's intelligence agency GCHQ by default. A recent court ruling found that this sharing was unlawful. But no one could find out if their records were collected and then illegally shared between these two agencies… until now!

Because of our recent victory against the UK intelligence agency in court, now anyone in the world — yes, ANYONE, including you — can find out if GCHQ illegally received information about you from the NSA. Join our campaign by entering your details below to find out if GCHQ illegally spied on you, and confirm via the email we send you. We'll then go to court demanding that they finally come clean on unlawful surveillance.

One insider at a major US technology firm told the Guardian that “politicians are fond of asking why it is that tech companies don’t base themselves in the UK” ... “I think if you’re saying that encryption is the problem, at a time when consumers and businesses see encryption as a very necessary part of trust online, that’s a very indicative point of view.”

This unrealistically accurate system will generate 1 billion false alarms for every real terrorist plot it uncovers. Every day of every year, the police will have to investigate 27 million potential plots in order to find the one real terrorist plot per month. Raise that false-positive accuracy to an absurd 99.9999 percent and you're still chasing 2,750 false alarms per day -- but that will inevitably raise your false negatives, and you're going to miss some of those 10 real plots.

Newly designed protocols should prefer encryption to cleartext operation. There may be exceptions to this default, but it is important to recognize that protocols do not operate in isolation.  Information leaked by one protocol can be made part of a more substantial body of information by cross-correlation of traffic observation.  There are protocols which may as a result require encryption on the Internet even when it would not be a requirement for that protocol operating in isolation.

We recommend that encryption be deployed throughout the protocol stack since there is not a single place within the stack where all kinds of communication can be protected.

This is due in part to huge growth in the data volumes and data traffic that is transported over our network, which has exceeded our forecasted growth. We are making a number of improvements to our international connectivity which will add significant capacity and this work will be completed in the next two or three weeks.

Perceiving the different ways in which players approached the game led Bartle to consider whether MMO players could be classified according to type. "A group of admins was having an argument about what people wanted out of a MUD in about 1990," he recalls. "This began a 200-long email chain over a period of six months. Eventually I went through everybody's answers and categorised them. I discovered there were four types of MMO player. I published some short versions of them then, when the journal of MUD research came out I wrote it up as a paper."

The so-called Bartle test, which classifies MMO players as Achievers, Explorers, Socialisers or Killers (or a mixture thereof) according to their play-style remains in widespread use today. Bartle believes that you need a healthy mix of all dominant types in order to maintain a successful MMO ecosystem. "If you have a game full of Achievers (players for whom advancement through a game is the primary goal) the people who arrive at the bottom level won't continue to play because everyone is better than them," he explains. "This removes the bottom tier and, over time, all of the bottom tiers leave through irritation. But if you have Socialisers in the mix they don't care about levelling up and all of that. So the lowest Achievers can look down on the Socialisers and the Socialisers don't care. If you're just making the game for Achievers it will corrode from the bottom. All MMOs have this insulating layer, even if the developers don't understand why it's there."

Last year we interviewed Oleg Moskalenko and presented the rfc5766-turn-server project, which is a free open source and extremely popular implementation of TURN and STURN server. A few months later we even discovered Amazon is using this project to power its Mayday service. Since then, a number of features beyond the original RFC 5766 have been defined at the IETF and a new open-source project was born: the coTURN project.

"O Cormac, grandson of Conn", said Carbery, "What is the worst pleading and arguing?" "Not hard to tell", said Cormac. "Contending against knowledge, contending without proofs, taking refuge in bad language, a stiff delivery, a muttering speech, hair-splitting, uncertain proofs, despising books, turning against custom, shifting one's pleading, inciting the mob, blowing one's own trumpet, shouting at the top of one's voice."

Unfortunately for us, the traditional and most widespread method for clock synchronisation (NTP) has been caught up in a DDoS issue which has recently caused some ISPs to start blocking all NTP communication. [....] Because the DDoS attacks are so widespread, and the lack of obvious commercial pressure to fix the issue, it’s possible that the days of using NTP as a mechanism for setting clocks may well be numbered. Luckily for us there is a small but growing project that replaces it.

tlsdate was started by Jacob Appelbaum of the Tor project in 2012, making use of the SSL handshake in order to extract time from a remote server, and its usage is on the rise. [....] Since we started encountering these problems, we’ve incorporated tlsdate into an over-the-air update, and have successfully started using this in situations where NTP is blocked.

In its briefs filed last week, the US government said that content stored online doesn't enjoy the same type of Fourth Amendment protections as data stored in the physical world. The government cited (PDF) the Stored Communications Act (SCA), a President Ronald Reagan-era regulation.

On Friday Russia's parliament passed a law "which bans online businesses from storing personal data of Russian citizens on servers located abroad[.] ... According to ITAR-TASS, the changes to existing legislation will come into effect in September 2016, and apply to email services, social networks and search engines, including the likes of Facebook and Google. Domain names or net addresses not complying with regulations will be put on a blacklist maintained by Roskomnadzor (the Federal Supervision Agency for Information Technologies and Communications), the organisation which already has the powers to take down websites suspected of copyright infringement without a court order. In the case of non-compliance, Roskomnadzor will be able to impose 'sanctions,' and even instruct local Internet Service Providers (ISPs) to cut off access to the offending resource."