From WashingtonPost.com: In a First Amendment case with implications for everything from neighborhood e-mail lists to national newspapers, an Eastern Shore businessman argued to Maryland’s highest court yesterday that the host of an online forum should be forced to reveal the identities of people who posted allegedly defamatory comments.

It is the first time the Maryland Court of Appeals has confronted the question of online anonymity, an issue that has surfaced in state and federal courts over the past few years as blogs and other online forums have increasingly become part of the national discourse.

Leaving the issue of what differentiates libel from opinion, it’s important to remember that in the worst case, the aforementioned forum would be potentially obligated to reveal the poster’s pseudonym.  Not their identity.  For most of your online posting, a well thought out set of pseudonyms would be a great way of insulating yourself from somebody’s desire to silence you through seemingly legal means.

In other news from Slashdot: Esther Dyson, chairman of EDventure Holdings, describes anonymity on the Internet as similar to abortion: a bad practice that people should still have rights to. Calling anonymity one of the greatest disappointments of the Internet’s evolution, Dyson said: ‘I’m pro choice, but I think abortion is an unfortunate thing. I think the same thing about anonymity: Everybody should have the right to it, but it’s not something one wants to encourage.’

From where I sit, it doesn’t seem auspicious to make a comparison between anonymity and abortion.  While the former is a mostly theoretical discussion for most, the later is the kind of thing that gets people killed, or at the very least causes a kind of apoplectic reaction not usually seen in our day to day lives.

So let’s try a madlib experiment instead: I’m pro first amendment, but I think that having everyone freely expressing their opinions is an unfortunate thing.  I think the same thing about anonymity: Everybody should have their right to it, but it’s not something that one wants to encourage. Kind of takes the steam out of the argument, doesn’t it?.

Bottom line:  Yes, people do tend to be less, em, diplomatic when posting anonymously in online forums.  Much as they are at their less-than-best in their cars, staff break rooms, city streets, etc.  This is a part of being human that can’t be solved by requiring that people not post as Anonymous Cowards.

From wired.com: Hardly anyone runs a PC without known holes that hackers can exploit, a Danish security company reports. Of those who run the company’s free security-scanning tool, nearly half have more than 11 out-of-date programs.

Secunia Software’s Personal Software Inspector (PSI) checks programs installed on a user’s computer to see if the latest, patched version is installed. More than 98 percent of users had at least one program that wasn’t the latest version, the company found in a study of 20,000 users of its software.

Notice that the headline says “Most PCs...” I’ve always been a software minimalist and an advocate of preventative security.  You know, the smug “an ounce of prevention is worth a pound of cure” kind of guy.  That’s why I depend upon a pair of hardened Linux boxes for about 75% of my work on the VaultletSuite 2 Go, and on my OS X PowerBook for another 15% of my daily information gathering routine. For those of you out there keeping stats, that only leaves about 10% of my day for compatibility testing on other operating systems.

Even though I only use Windows XP and Vista exclusively in virtual machines (hosted on Linux) to test the VaultletSuite 2 Go, I’m still quite serious about keeping those disposable virtual installations squeaky clean.  After all, life is short, and my clients expect my software to work everywhere; they also count on me to have an informed opinion as to how to keep them and their Windows PCs safe and secure.

So I decided to take the challenge and see just how up-to-date my two minimalist virtual Windows installations were.  Good news: I scored 100% up to date on my Vista installation, and only had 1 out of date vulnerable component installed on my XP partition: the Flash ActiveX plugin for Internet Explorer.

Now, I ask you: if I am fastidious (bordering upon obsessive) about never using Internet Explorer for anything other than viewing VaultletSoft’s web pages and testing VaultletSuite applets, does that unpatched vulnerability really count?  In practical terms, no.  But just the same, I promptly enabled ActiveX, updated the Flash plugin, and then re-disabled ActiveX in Internet Explorer.  Upon finishing that 3 minute task, I re-ran the PSI and received my expected 100% up to date gold star.

That’s squeaky clean.

And another free, easy to use tool to help you keep your computing house in order too.

From Slashdot and Committee to Protect Journalists New York, December 4, 2008 - Reflecting the rising influence of online reporting and commentary, more Internet journalists are jailed worldwide today than journalists working in any other medium.

In its annual census of imprisoned journalists, released today, the Committee to Protect Journalists found that 45 percent of all media workers jailed worldwide are bloggers, Web-based reporters, or online editors. Online journalists represent the largest professional category for the first time in CPJ’s prison census.

While jailing an online journalist on charges unrelated to their work just to shut them up is definitely not a technology problem, it would still be wise for them to consider using anoymizing technologies such as Psiphon and Tor, among others

It’s easy for many of us to take for granted our ability to have and express an opinion. Others aren’t so lucky - they have to worry about dying for expressing theirs.

You can help by supporting the networks that make maintaining their anonymity possible.

From Yahoo!:  Lawmakers in Indonesia’s remote province of Papua have thrown their support behind a controversial bill requiring some HIV/AIDS patients to be implanted with microchips — part of extreme efforts to monitor the disease.

Local health workers and AIDS activists called the plan “abhorrent.”

“People with AIDS aren’t animals; we have to respect their rights,” said Tahi Ganyang Butarbutar, a prominent Papuan activist.

But legislator John Manangsang said by implanting small computer chips beneath the skin of “sexually aggressive” patients, authorities would be in a better position to identify, track and ultimately punish those who deliberately infect others with up to six months in jail or a $5,000 fine.

A few prickly questions come to mind quickly: Who gets to define “sexually aggressive”, and will this categorization include people whose only crime is having HIV/AIDS?  And finally, will there be any kind of legal protection (for the people who get tagged) against being scanned without their consent, being discriminated against, and/or persecuted (or physically abused) for the “Scarlet A” they will carry subcutaneously?

Beyond the belief that a patients’ right to privacy should be respected, I also have serious misgivings about the possible negative secondary effects of such an effort - it could very well drive those who suspect that they have HIV/AIDS underground so as to avoid being tagged with the “Scarlet A”.

And if that were to come to pass, that would indeed be a BadThing™ for all involved.

From Arstechnica: …documents obtained by civil liberties groups under a Freedom of Information Act request suggest that “triggerfish” technology can be used to pinpoint cell phones without involving cell phone providers at all.

Triggerfish, also known as cell-site simulators or digital analyzers, are nothing new: the technology was used in the 1990s to hunt down renowned hacker Kevin Mitnick. By posing as a cell tower, triggerfish trick nearby cell phones into transmitting their serial numbers, phone numbers, and other data to law enforcement.

It’s already been well documented that the microphone in cell phones can be used as remotely activated and controlled eavesdropping tool.  It’s also been commented that tech-savvy businesses and governments regularly prohibit carrying cell phones into important meetings.

Now, with this news, the best advice for those who might wish to have truly private conversations is to turn off the phone and remove the battery well before arriving at the meeting’s location.

Of course, it would be wise to sweep the meeting place for the olde-fashioned bugs too, but that’s another posting for another day.

From Wired: A 15-year-old Ohio girl was arrested earlier this month for sending nude photos of herself to other minors and was facing felony criminal charges for illegally using a minor in nudity-oriented material and for possession of criminal tools. If convicted, the teen could have been forced to register as a sexual offender annually for ten years.

This week the girl, a student at Licking Valley High School in Newark, Ohio, reached an undisclosed agreement with prosecutors to resolve the case. Details were not released, but the teen won’t have to register as a sex offender.

It’s a GoodThing™ common sense prevailed in this case, as the girl’s “self-portraits” weren’t taken by an adult with the intent of exploiting her, rather they were part of a [modern] teen-dating ritual.

In other [ancient] news from Cnet’s Police Blotter: Combine unsupervised teenagers, digital cameras and e-mail, and, given sufficient time, you’ll end up with risque photographs on a computer somewhere. There’s a problem with that: Technically, those images constitute child pornography.

The teenage couple were convicted on charges of disseminating child pornography, on the outside chance that neither [had] the “foresight or maturity” to make a reasonable estimation of the risks… [further, it was also] …said that transferring the images from a digital camera to a PC created innumerable problems: “The two computers (can) be hacked”.

Boy, that’s a stretch: “The two computers (can) be hacked”.  As long as the two minors weren’t being exploited by adults, then what happens in their video should be private.

From the no-theater-is-better-than-security-theater dept and the Atlantic: Airport security in America is a sham—“security theater” designed to make travelers feel better and catch stupid terrorists. Smart ones can get through security with fake boarding passes and all manner of prohibited items—as our correspondent did with ease.

Here’s the best part: the TSA appears to be aware of how ineffective their airport security programs really are.

Remember how both presidential candidates have been talking about cutting the oversized Federal Budget lately? Well gentlemen, grab your hatchets - I think there’s a least a couple billion dollars to be saved here.

From the when-it-rains-it-pours dept, LinuxWorld, and Slashdot: The Communications Data Bill (2008) will lead to the creation of a single, centralized database containing records of all e-mails sent, websites visited and mobile phones used by UK citizens.

On another front: “Defendants can’t deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled.”

There’s so much woolly thinking here that I don’t know where to start, so I’ll just dive in.

With regards to the news on surveillance, not only is such legislation burdensome to ISPs, but the “monster under the bed“, I mean the terrorists, will easily work around such a feeble minded idea.  Either that, or they’ll only catch the stupidest ones, whilst tossing everybody else’s privacy out the window.

With regards to passphrases and encryption keys, claiming that an encryption key is no different from a physical key is stunning leap of logic.  While the kind you use to unlock your door can exist as an entity unto itself (separately and apart from its owner), an encryption key only exists in the mind of its user and can only be “discovered” via a communication act.

If that’s the case, how then is revealing your encryption key passphrase not self-incriminating?

And who’s to prove otherwise when you say that you “don’t remember” when asked for it?

From NetworkWorld: This should be a vendor’s first rule when inviting 1,200 IT pros to a seminar about securing data and protecting personal information: Make sure you protect the personal information of the 1,200 professionals you’re trying to impress.

How did Verizon do in that regard on Tuesday? They failed miserably … and not just once.

In a period of three hours David Williams, technology coordinator for a Texas school district, received 14 e-mails promoting Verizon’s ‘Secure the Information. Secure the Infrastructure’ webinar series, and three e-mails promoting their ‘2008 Data Breach Investigations Report Road Show.’

The excessive volume of e-mail wasn’t the half of it, though.

“Considering their content (about data-breach seminars), I thought it very humorous that the TO: field of the e-mails contained over 1,200 e-mail addresses: 17 e-mails times 1,200 addresses equals more than 20,000 chances for leaks.”

Although the possible damage done is not as severe as it could have been in other cases (like “accidentally” exposing government whistle blower’s email addresses) it still had to be annoying as hell for the 1,200 recipients.

Nothing says “We’re highly trained professionals.  Trust us with your valuable information” like Cc’ing over 1,200 IT security professionals in one shot.

From the I-know-where-you-were-last-night dept and Slashdot: “Mozilla Labs has unveiled a new Add-on that allows Firefox to pinpoint your location based on Wi-Fi signals. The feature, called Geode, is a prototype for the location-tracking technology that will be built into the forthcoming Firefox 3.1. Geode is designed to work with websites that rely on knowing your location, such as mapping and geotagging services.

The prospect of Firefox having the ability to track your location raises obvious privacy fears. Mozilla insists users will remain in complete control. ‘With Geode, when a website requests your location a notification bar will ask how much information you want to give that site: your exact location, your neighbourhood, your city, or nothing at all,’ the Mozilla Labs blog claims.”

The first thing that pops into my head is that the default behavior of this add on should be to not do anything; The second one is that this add-on should not be bundled with the basic Firefox installation, or at the very least not installed without a user’s explicit consent.

And then there are the problems associated with entrusting a stranger(s) with a profit motive to hold your location data and hoping that they’ll defend unethical or illegal access to it.  That’s always a dicey proposition.

Given the above, I’d categorize this kind of location-based innovation as possibly maybe neato, but definitely not necessary.  At all.

Of course, that’s just one crusty olde farte’s opinion - one who’s survived quite nicely without this kind of gee-wizary and who actually remembers life before the internet.  Back when dinosaurs roamed the earth and there were enough pirates out there to stave off global warming…