For and against: DDoS attacks as a legitimate form of protest?

Many students and I would argue that yes, distributed or non-distributed denial-of-service attacks are a legitimate form of protest.

The British media has been inundated with news of student protests erupting after the government voted to treble tuition fees for new students starting in the 2012 academic year. Though all media from around the world have focused also on the Wikileaks scandal, which continues to put pressure on governments and their efforts around the world.

The two can overlap. The problem is that most students and political activists of my age are unaware of this mechanism of airing our disdain.

A distributed denial-of-service attack is when hundreds or thousands of people at one time use an application to target their own broadband bandwidth to pummel a certain server, often a web server hosting a website, to overload it with information causing it to shut down.

In practice, you download a small application, follow the instructions made available by means of viral marketing spreading and you ping; you ping until your heart’s content.

• Read more: MPAA down, RIAA next: An e-protest over piracy
• Read more: The Global Cyber War Hacks and Attacks Scorecard
• Related: DDoS: How to take down WikiLeaks, MasterCard
• Related: Poll: What’s your take on Wikileaks?

I am neither condoning nor supporting the use of denial-of-service attacks, but one has to wonder whether the evolution and the speed of the Web has placed certain priorities higher than others when resorting to means of protest.

In a recent poll undertaken by the Between the Lines bloggers, though results are still coming in and polls are yet to change, at the time of publication most do not believe denial-of-service attacks are a legitimate form of protest. I think the readers are wrong.

So let’s just run through some basic pro’s and con’s to see if you can be persuaded otherwise:

Reasons for:

• In some places, protesting is illegal without a court order or police authorisation;
• It takes less people to actually ‘protest’ depending on the size of the target you are hitting;
• Street protests are often not listened to: politicians though accountable to the electorate often do as their party whips decide;
• Street protests do sometimes turn into violence, bringing the entire protest into disrepute.
• When operated virally, they are incredibly easy to organise and are ’simpler’, essentially.

Reasons against:

• It’s may be illegal in your country;
• In some cases it’s too easy to perform a DDoS attack against a small victim, and the numbers do not justify the wider feeling;
• Street protests give a greater accurate portrayal of the angeragainst a particular issue;
• Websites are often very resilient and can be up again as soon as the denial-of-service attack stops.
• A lot of students don’t have very fast broadband, and communal living makes bandwidth hungry students angry.

Whether or not you consider it to be a legitimate form of protest, suited for the twenty-first century, it still makes one hell of a noise.

Do you consider DDoS’ing a legitimate form of protest?

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

Google Chrome for business: It's ready for you, even if you're not ready for it

Google’s Chrome browser is ready for the workplace, updated and enhanced so that IT folks can not only deploy it on office computers but can also starting testing those Web apps - just in case the company is thinking about switching to the Chrome OS platform when it goes live next year.

That’s the bigger message in an announcement today about enhancements to the Chrome browser. In a post on its Enterprise blog, the company wrote:

…Chrome offers controls that enable IT administrators to easily configure and deploy the browser on Windows, Mac, and Linux according to their business requirements. We’ve created an MSI installer that enables businesses who use standard deployment tools to install Chrome for all their managed users. We’ve also added support for managed group policy with a list of policies and a set of templates that allow administrators to easily customize browser settings to manage security and privacy.

The selling point: businesses can take advantage of “improved security and web application performance” without breaking the bank on other expensive software licenses or new hardware. Who could say no to something like that?

More importantly, though, Google seems to be trying to lure businesses into a Chrome environment before the big rollout of Chrome OS next year. At an event last week, the company showcased the OS and even started a pilot program to hand out free Chrome-powered notebooks so that real users - consumers, businesses, bloggers like me - to startputting Chrome OS through some early tests.

The jury is still out on whether Chrome OS - and the browser-only Chrome notebooks due out in mid-2011 - will gain any real traction against Microsoft’s Windows, Apple’s Mac OS X or Linux. But Google is being proactive about trying to get businesses to start thinking about alternative operating systems and Google’s take on Web-based applications.

Google suggests that companies interested in deploying these features will be ahead of the game - but the one that’s really ahead of the game here is Google, which hopes to get business customers interested in a technology that’s not even available yet.

China dotcom giant launches English language service

Will you QQ? The popular Chinese instant message service is launching in English, French and Japanese.

"We're looking to expand our reach outside of China to get involved with people who are interested in China."

Already QQ has users in 212 countries, most of who come from the U.S. and Europe, Violo told CNN. Tencent has partnered with popular English-language web sites in China -- such as travel provider CTrip and state-run newspaper China Daily -- to draw more traffic from overseas consumers.

"And if you want to instant message someone living in China, you have access to 92 percent of the online population here," Violo said.

The company is also working on a partnership with Canada-based StumbleUpon, a content discovery service company. QQi hopes to have "between 7 and 10 million subscribers" by September, Violo said.

A beta version, released last year targeting expatriates living in China, has 2 million subscribers.

Tencent is not the only Chinese Internet company with international ambitions. Baidu, China's largest search engine, launched a search service in Japan several years ago.

The company has plans to expand into other regions, including Latin America, the Middle East and Southeast Asia, according to Baidu spokesperson Kaiser Kuo.

"We are looking at markets where Google is not dominant," Kuo said. "Our preference is for markets with languages that are not Latin-based, so we have a leg up there."

In November, Baidu CEO Robin Li said he hoped that in 10 years, the Chinese search giant would become a household name in 50 percent of the world.

With Chinese Internet companies' plans to do business abroad also come challenges that analysts say they are unsure China's domestic web giants will ultimately ever be able to overcome.

The obstacles relate to the Internet censorship policies inside China that require companies to monitor and remove sensitive content from websites and block user behavior deemed inappropriate, political or otherwise.

"This is one of the key issues for all of these really rich Chinese Internet companies trying to go overseas," Bill Bishop, a Beijing-based independent media consultant, said.

"When they go into developing markets, it is one thing (because) there is a less sophisticated user base. When they go into the United States, they are carrying a huge amount of baggage and Google added a few tons to that baggage last year."

Read more on Google in China

Companies, like Tencent, have no choice but to follow Chinese Internet law or be shut down. Tencent, for example, blocks chats or posts containing sensitive words from its servers.

"For sure, I think all of the chats are monitored by QQ," Lu Gang, co-founder of OpenWeb.Asia, a working group focusing on the Asian Internet industry.

"If you type in sensitive key words, the messaging will be blocked. I think more and more people realize the problem, but still no one will give up QQ because it is part of the Internet culture in China. If you are not using it, you will lose lots of contacts in your social life."

Most recently the company was involved in a high profile dispute with Qihoo 360, China's largest antivirus software provider, which alleged Tencent was scanning private data of its more than 600 million users. Tencent denied the allegations.

"This whole Qihoo 360 case only raises people's level of suspicion," Bill Bishop said.

"Tencent may feel it is a great company but what matters is if they can convince users they are safe and now that bar has been raised significantly."

Violo said he believes this can be done.

"Most people don't realize that QQ is a very large multinational that is listed on the stock exchange and has thousands of shareholders," the QQi project manager said.

"Everything needs to be transparent. Of course we are in China so the government can put pressure on the company, and of course we have to comply with certain subjects, which are sensible in China. But if you are not planning a coup d'état against the Chinese government using QQ, then QQ is a safe thing."

Online WikiLeaks game is a hit

In "WikiLeaks: The Game," players become Julian Assange and try to steal documents from President Obama.

(CNN) -- A computer-game parody of the much-talked-about WikiLeaks saga has made a splash online.

In the online game, players assume the role of WikiLeaks founder and outsized personality Julian Assange hiding behind President Obama's desk in the Oval Office.

Using their mouse, players must manipulate the Assange character to smuggle secret documents from Obama's laptop onto a USB drive as the president dozes off. Those who fail are treated to a juicy presidential sound bite and a mock story planted in the newspaper.

More than a million people have visited the website for "WikiLeaks: The Game" since it was posted five days ago, developer Sebastiaan Moeys, 21, told ABC News.

"Just like governmental attempts to quash WikiLeaks, the game is harder than it looks," wrote Alexia Tsotsis on the tech-news blog TechCrunch. "I've played it five times and I still haven't won."

Game developers have been quick in recent years to capitalize on the popularity of prominent news events.

Satirical animated games have spoofed Tiger Woods' extramarital scandal, the Hudson River plane landing, the Chilean mine rescueand the rescue of a ship captain from Somali pirates.

Artists reimagine Facebook's new profile pages

Alexandre Oudin of Paris is credited as a pioneer of this new type of Facebook profile art.

(CNN) -- Facebook unveiled a redesign of its profile pages earlier this month that rearranged users' personal info and photos into a streamlined layout.

But some enterprising designers have taken the revamp one step further, turning their Facebook profiles into creative works of art.

The site's new page design was intended to more prominently display recently uploaded photos that tell a story about the user's life, said Facebook engineer Josh Wiseman in a blog post.

Where most users saw a rigid presentation of one profile photo next to five smaller, uniform thumbnails, some saw potential. The websiteReface.me has organized a page with some of its favorite profile-page reimaginings, which it calls "profile hacks."

Alexandre Oudin, who works at a consulting firm in Paris, has been credited by many bloggers as the pioneer of this young art phenomenon.

Oudin's main profile picture is of the right side of his face. Each of the five thumbnails are to-scale pieces of his eyes, nose and hair. Together, they form a stunning composite of his face.

"I used Photoshop and played a little bit with Facebook's privacy settings," Oudin told CNN in a message on -- where else? -- Facebook. "Just wanted to have fun with the new profile."

His example sparked several copycats.

Nelson Caparas, who lives in the Philippines, hacked together a similar project, showing his ear in the main picture and his eyes and a floral backdrop in the smaller shots.

"Right after seeing Mr. Alexandre Oudin's brilliant idea, I couldn't resist trying," Caparas wrote in a message. "It can be tricky too with the privacy settings and profile information so you really have to take a lot of time to perfect it."

For a more ridiculous take on the profile effect, Ouri Stopek's shows a picture of a little person named Super Kidi burning cars by firing lasers from his eyes. Stopek, who develops a French auction site, used to be a painter and said he leveraged some of his old techniques for the project.

Vlad Hernandez, a Web designer from Calgary, Canada, spotted the trend early on a technology blog and gave his own face composite a shot.

"I love learning new things," Hernandez wrote in a message. "In my business, the more I know, the better. It makes me stand out to my peers and prospective clients."

For many, this type of unconventional project is a creative outlet. "I definitely did this for the sake of art," Caparas wrote.

Privacy Courtesy of an Internet Police State? Thanks but No Thanks

While the objective of anti-tracking legislation would be similar to that of the Do Not Call List, those seeking to apply this model to the Internet seem to be ignoring two important facts: 1) This is not 2003, and 2) Monitoring telephone calls is a lot easier than keeping tabs on Internet traffic. In fact, one of the things the Congressional hearings on this matter revealed is there currently is no reliable way of ensuring compliance with a do-not-track law.

We've been hearing a lot lately from people who think it's time to start policing the Internet.

Last week, the U.S. Congress began holding hearings to determine whether it should outlaw the practice of tracking Internet users' browsing habits. Meanwhile, the European Union started exploring the possibility of trying to make Google (Nasdaq: GOOG) change its method of delivering search results.
The people leading most efforts to put legal curbs on Internet-based businesses profess to be to be acting out of a desire to protect consumers. They want to shield us from the evils of cyberspace -- all those trackers lurking in the background of websites, waiting for just the right moment to feed us ads for things we shouldn't be buying.
As a frequent Internet user, I'm glad to know that someone has my back. However, I question the wisdom of trying to turn the Internet into a police state, primarily because I don't think it's possible to regulate the Internet in a way that would benefit the average user.
Consider the prospect of prohibiting the tracking of users' browsing habits. The current suggested method for doing that for doing that is to create something called a "Do Not Track List." Not surprisingly, this proposal has been likened to the law passed in 2003 that allows consumers to stop telemarketers from intruding on their quiet time simply by signing up to have their phone number placed in a National Do Not Call Registry.
That law has worked well for consumers. I signed up for the list, and now the only time I'm bothered by unwelcome telephone solicitations is during political campaign season. (How those calls got exempted from the ban is a subject for another column.)

No Way to Ensure Compliance

While the objective of anti-tracking legislation would be similar to that of the Do Not Call List -- to protect consumers from what at least are perceived be to unwelcome intrusions -- those seeking to apply this model to the Internet seem to be ignoring two important facts: 1) This is not 2003, and 2) Monitoring telephone calls is a lot easier than keeping tabs on Internet traffic.
In fact, one of the things the Congressional hearings on this matter revealed is there currently is no reliable way of ensuring compliance with a do-not-track law. The most plausible approach seems to be a method developed by a Stanford University research team that calls for embedding a header in your Web browser that transmits a signal telling all the sites that you visit that you don't want to be tracked.
It wouldn't take much for users to embed these headers in their browsers, but it won't do any good unless all website operators adopt corresponding technology that listens for the do-not-track signal. Who's going to make sure that technology is present -- and always turned on -- across the entire Internet?
Regulators might have an easier time imposing restrictions on Google's actions in the search arena, but I'm not sure they should even bother. This is an issue because Google is being accused of manipulating search results to the favor of its own services.

Arguing Over Search Results

These accusations are being leveled by companies that rely on Google's search engine to push customers their way, and now find themselves, in effect, competing with new services -- such as a health website -- that Google is creating to expand its own revenue stream.
Obviously, there's a lot at stake here for both Google and its competitors/customers. Two thirds of the people conducting Internet searches in the U.S. use Google's engine. In some European countries, that number is 90 percent, which explains why EU regulators are so interested in this situation. If Google is, indeed, manipulating search results to its advantage, it could be causing European companies a substantial amount of business.
Google argues that its engine generates the best set of results for users, and that's the case even when those results put Google's own services at the top of the page.
I don't know enough about the inner workings of Google -- or search technology in general -- to know whether Google is manipulating results for its own advantage. However, I do know that if enough users feel they are not getting objective answers to their search queries, they will start using other search engines.
Regulators concerned about how big Google is getting also should be aware of the natural evolution of technology companies.
Tech companies typically become successful because they hit on a new idea that quickly becomes wildly popular -- Apple (Nasdaq: AAPL) and Facebook are primary examples. That success also usually breeds competitors, and it's normally only a matter of time before one or more of those competitors establishes a solid foothold in the market. Apple is experiencing that now, with Android phones eating away at the iPhone lead in the smartphone space.
At some point, the market itself will spawn a real competitor to Google. If consumers don't like Google's business practices, that competitor will emerge sooner rather than later. So, there really is no reason for the government to start sticking its nose into our Internet browsers.

Army to Enlist Smartphones for Active Duty

When one thinks of equipping soldiers for the battlefield, the delicate glassy casing on an iPhone doesn't seem ideally suited for the job. Yet the Army plans to equip every soldier with an iPhone or Android smartphone early next year. Many smartphone vendors are positioned to make adjustments for the rugged needs of a war zone, says 451 Group's Chris Hazelton, making them more durable, as well as waterproof, windproof and dustproof.

The U.S. Army wants to start issuing smartphones as part of each solder's basic equipment, the Army Times reported on Sunday. It plans to begin fielding smartphones, network equipment and applications in February to the first Army brigade under a combat team modernization program. In addition to smartphones, the Army will be testing other electronic devices that may be useful to troops.

The Army reportedly plans to roll out wireless Common Access Card readers for the iPhone in January and for Android phones in April, according to the report. The goal is to give solders secure access to their email, contacts and calendars.

Smartphones Go to War

In a war zone, smartphones would allow soldiers to view real-time intelligence and video from unmanned systems overhead, the Army Times article notes. Soldiers would also be able to track friends and enemies on a dynamic map. Before the devices are ready for war duty, the Army plans to work through securing the data and the network.
The Army's fielding plan includes fitting commercial phones into antenna sleeves and linking them to the network via a patchwork of ground stations and airborne nodes, according to the paper.
The Army also reportedly plans to provide phone service and a monthly budget for apps. The Army is exploring the idea of creating a portal with apps that are sanctioned and secure. Some apps will be optional, while others will be categorized "must-load."
In tests, the Army found soldiers with smartphones were more likely to collect and share data, reported the Army Times. The sharing included texting as well as taking pictures on patrol and sending them back to command.
The Army did not respond to TechNewsWorld's request for comments by press time.

The New Computer

In recent years, the Army has turned laptops into wearable computers. The smartphone will likely become a more convenient replacement.
"These smartphone devices are almost as powerful as laptops were a couple years ago," Chris Hazelton, research director for mobile and wireless at the 451 Group, told TechNewsWorld. "If my computer needs are mapping, text messaging, email or specific custom applications, smartphones do well with that right off the shelf. They have GPS, multitasking and network capabilities. This Army program highlights the overall trend of smartphones evolving so rapidly, they will replace desktops in many government settings."
The harsh environment of a war zone could present challenges to the reliability of standard smartphones. Many smartphone vendors, however, are positioned to make adjustments.
"The smartphone vendors are very familiar with rugged needs. Symbol is focused on ruggedized devices, and they're owned by Motorola," said Hazelton. "The ruggedized versions of smartphones are devices that can be dropped from several feet. They're waterproof, windproof, dustproof. There are standards in place for different uses of the devices. If you have explosives and combustibles, you need to have a device that won't cause sparks."

Securing War Zone Communications

The Army is exploring ways to keep the network from getting jammed or shut down by the enemy in a war zone.
"Typically, in the field, this always presents a problem, because an enemy could easily knock out communications by destroying a cell tower," Allen Nogee, principal analyst for wireless technology at In-Stat, told TechNewsWorld. "The solution to this is a mesh network where each soldier in the field is a potential base station to another soldier."
The Army will also have to keep the phones from revealing the soldier's location.
"Is there a means for keeping each phone user from being a homing device for a bomb?" wondered Nogee.
"A cell phone, like any other transmitter, is basically a device which broadcasts 'I am here.' That might not be something you'd like the enemy to know. Usually a mesh network can help here also," he explained, "because transmitter power can be lower, as you only need to communicate to the nearest other person rather than a cell tower."

Person of the Year: Zuckerberg Put a Human Face on Technology

The frequently lampooned, scorned, but perhaps most of all envied Mark Zuckerberg has notched another success, becoming Time magazine's "Person of the Year" for turning the world into one big social network. "Facebook has humanized technology," said Debbie DeGabrielle, chief marketing officer for Visible Technologies. "It's put a personal touch into technology, and that's significant."

Mark Zuckerberg, the 26-year-old CEO of Facebook, was named Time magazine's Person of the Year on Wednesday. Time argued the importance of Zuckerberg and Facebook saying, "Facebook has merged with the social fabric of American life, and not just American but human life: nearly half of all Americans have a Facebook account, but 70 percent of Facebook users live outside the United States."

Few technology leaders before him have cracked Time's Person of the Year. "You" got the honor in 2006 -- "you" as in YouTube generation. Another Harvard dropout -- Microsoft(Nasdaq: MSFT) founder Bill Gates -- got it in 2005, but he was one of a group of "Good Samaritans" recognized for their philanthropy. Amazon.com (Nasdaq: AMZN) CEO and founder Jeff Bezos was named in 1999. The personal computer was crowned in 1982.

Zuckerberg's Year

This has been quite a year for Zuckerberg. "The Social Network," which roughly tells the story of Facebook's creation, was a hit that is showing up on top-10 lists for best movie. Zuckerberg pooh-pooh'ed its accuracy, especially the implication that he launched Facebook as a reaction to getting dumped by a girl. He did concede the movie got his clothes right.
Facebook has had a great year as well. On July 21, the network added its 500-millionth friend.
Zuckerberg accepted the distinction of Person of the Year, saying it is "an honor and recognition of how our little team is building something that hundreds of millions of people want to use to make the world more open and connected."

Up From a Dorm Room

Facebook was an unlikely success. In 2004, when Zuckerberg took a friend's idea and built it into a website targeted for Harvard students, there were already two sites that facilitated friends getting together online: Friendster and MySpace. Why did Facebook take off if it wasn't delivering anything truly new?
"What they did with Facebook is analogous to what Apple (Nasdaq: AAPL) did with the iPod," Charles King, principal analyst at Pund-IT, told TechNewsWorld. "It was a pretty crowded market, but Apple took it two steps further than anyone had done. They said 'we can do it better,' and they did. Facebook did the same thing."
Facebook took venture capital dollars early on, but it remains private. Though Zuckerberg started the company in a Harvard dorm room, he was soon convinced to move to Palo Alto where technology talent was easy to find.

New Big Kid on the Net

In seven short years, Facebook has pushed Web giants to the side and become an important player.
"Zuckerberg has been a controversial character, as well a successful one, so it's an interesting choice by Time," said King. "We've seen a huge uptick in social networking in the past year or 18 months. By sheer numbers, Facebook and social networking have pushedGoogle (Nasdaq: GOOG) into second place in many people's minds."
It would be hard to overestimate the impact Facebook has had on how people interact through the Internet.
"Social networking is the 2010 equivalent of what AOL was to the internet in 1997 or 1998," said King. "AOL is tarnished, but in that day it was the gold standard. It will be interesting to see what the next gold rush will look."

It's Not Just Personal, It's Business

Half a billion friends on Facebook makes for quite a business market. Facebook's size has made the social network a deep pond for marketing.
"Facebook started as a friend and family site, but now it has real value for corporations, and not just as a profile space," Debbie DeGabrielle, chief marketing officer for Visible Technologies, told TechNewsWorld.
"On Facebook, you don't have to drive anyone anywhere," she said. "You can join the conversation that is already happening. It's remarkably powerful. For dollars spent, social networking offers a high return on investment."
Part of Facebook's attraction to corporations is its friendly feel.
"It has changed the business model in how a corporation can engage with prospective customers as well as current customers," said DeGabrielle. "Facebook has humanized technology. It's put a personal touch into technology, and that's significant."

Why Richard Stallman Takes No Shine to Chrome

Chrome, the new operating system Google is currently testing, will push users into careless computing habits and give them far less control over their data, according to Free Software Foundation President Richard Stallman. Though it may be based on Linux, "Google Chrome is not free software in the sense of free and open source software," the FSF's Matt Lee told TechNewsWorld.

If anyone had doubts that Richard Stallman dislikes Google's (Nasdaq: GOOG) new Chrome OS, he laid them to rest in an interview with the Guardian Tuesday.

The Chrome OS will push people into careless computing by forcing them to store their data in the cloud, said Stallman, who's the founder and president of the Free Software Foundation.
Further, users don't have a legal right to their data if it's stored on a company's servers, Stallman suggested.
His comments come just days after Google launched a preview of the Chrome OS in San Francisco.

Looking at the Chrome OS Darkly

The fact that Chrome OS is largely Web-based perturbs Stallman because a great amount of users' data will be stored on Google's cloud.
That would let the police access the data without needing to notify the data's owner, he said. They may not even need to show a search warrant to the company storing consumers' data on its servers, Stallman contended.
The U.S. government is encouraging people to go on the cloud because it can seize that data without the need for a search warrant, he suggested.
Further, even though Chrome OS is based on GNU/Linux, it falls short of most Linux distros because it's delivered without the usual applications and is set up to make it difficult for users to install apps, Stallman stated.

Shiny New OSes Don't Generate Love

Stallman couldn't respond to requests for comment by press time because he's in Libya, his assistant, Jeanne Rasata, told LinuxInsider.
However, Matt Lee, the Free Software Foundation's campaign manager, fielded questions on Stallman's behalf.
"Google Chrome is not free software in the sense of free and open source software," Lee told TechNewsWorld. "It's proprietary. While there's GNU/Linux lurking in the background, users can't install apps or change anything on the machine."
That may be just what Google intended. When unveiling the preview of Google Chrome OS, Sunder Pichai, vice president of product management for the OS, said today's operating systems are based on the idea that applications can be trusted to modify the system and that users can be trusted to install applications that are trustworthy, but those are bad assumptions.
Perhaps Google's trying to improve computer security for users -- software vendors have been grousing about users not following proper security practices.
However, "that's not acceptable," Lee stated. "It's nothing more than Google wishing to restrict how people can use their computers."
Google did not respond to requests for comment by press time.

Why the Cloud?

Why would people put their data on the cloud if they don't have control over it and it can be seized almost at will by the authorities, as Stallman contended?
"It's a matter of convenience," Lee suggested. "People aren't thinking about the implications of what it means to give up your data to a private company."
Typical applications a GNU/Linux operating system should come with that are lacking in Google Chrome OS are KDE, Gimp and Thunderbird, Lee said.
Granted, users can run their computers without these apps, but "you really want to be able to do things on your computer in native fashion," Lee opined. "For example, if you're editing a photograph on the cloud, every edit would be saved, and you'd have hundreds, or thousands, of copies of the photograph you wouldn't have control over."
The rules surrounding data ownership in the cloud are not clear, and government protection is almost non-existent, Rob Enderle, principal analyst at the Enderle Group, told LinuxInsider.
"Information could be shared without the owner's permission and lost," Enderle pointed out. "If you're sending this information to a company whose clear goal is to provide access to information, the privacy risk would be off the chart."
Material on Google's services has minimal protection because Google's business model is to provide this information in exchange for ad revenues, Enderle pointed out. Further, the cloud allows for the use of resources across geographic lines, and protection of data depends on local laws, which could differ vastly in different countries, he said.
"Currently there's little regulation protecting people using free cloud services, and companies like Google figure that, since these services are free, people should be happy with what they get," Enderle said.
"In some ways, Google and other advertising-based providers are more like a fence who has eliminated the thief in that they're paid for selling information that would otherwise belong to the user," Enderle opined. "They don't steal it, the user gives it to them voluntarily, but Google gets the cash."

FBI Poked Spy Hole in OpenBSD, Says Former Contractor

The U.S. Federal Bureau of Investigation enticed a handful of developers to create a secret backdoor in the network stack of OpenBSD, according to a message from Gregory Perry, who claims to have had knowledge of the project for several years. Critics say certain parts of Perry's story don't add up, but others say a backdoor going unnoticed for years isn't out of the question.

Allegations surfaced Tuesday that the FBI put backdoors into the network stack ofOpenBSD.

They were made by a Gregory Perry, who claimed to be chief technology officer of NETSEC, a government contractor.
The allegations were emailed to Theo de Raadt, founder of OpenBSD.
de Raadt sent it on to the OpenBSD community, stating he wouldn't speak to Perry about the issue and suggesting the community can take whatever action it sees fit.

Perry's Claims

Perry alleged that while he was the chief technology officer at NETSEC about a decade ago, he did some consulting for the FBI's GSA Technical Support Center.
The FBI implemented some backdoors and side channel key leaking mechanisms into the OpenBSD Crypto Framework, Perry claimed. This was to monitor the site-to-site virtual private network (VPN) encryption system implemented by the Executive Office for United States Attorneys, Perry said. Now that his non-disclosure agreement has expired, he claimed, he's free to share the secret.
Perry claimed several developers were responsible for those backdoors and urged de Raadt to review code written by Wright and other developers. He also alleged that "inside FBI folks" are advocating the use of OpenBSD for implementing VPNs and firewalls.
Neither Perry nor the FBI responded to requests for comment by press time.

The Mystery of the Perry

Perry's something of an enigma -- GoVirtual Education, the company he now claims to be CEO of, could not be immediately spotted using a direct Google (Nasdaq: GOOG) search for the name.
The website of NETSEC, the company of which he claimed to have been CTO 10 years ago, has been archived, and attempts to contact it through the site failed.
NETSEC claims to have been a professional services firm dealing with security architecture and engineering, among other things. It also claimed to have provided a 24/7 computer emergency response team capability to the Executive Office of the United States Attorneys for three years.

The Perry Cloud of Uncertainty

Perry's allegations may be unfounded, Chris Wysopal, cofounder and CTO of Veracode, told TechNewsWorld.
"There's a few things that don't make sense," Wysopal pointed out. "One is that, if the government had a contract with an organization to put in a backdoor, that would be a government secret that wouldn't expire after a certain amount of time. So I can't see how an NDA about this would expire."
On the other hand, if backdoors had been inserted into the crypto framework, they'd be difficult to detect.
"You need to do an in-depth analysis line by line of the code and look for different side effects that the code might have," Wysopal explained. "If you're not a crypto expert, I don't think you'd find the backdoor by just eyeballing the code," he added.
However, there's a chance that Perry's allegations might have some truth to them.
"There have been rumors since the early '80s that the National Security Agency had a backdoor into the DES encryption algorithm," Bill Roth, executive vice president at LogLogic, told TechNewsWorld. "So it's not surprising that the U.S. government or indeed any government would do this. What's surprising is that we hadn't head about it sooner."
Perhaps developers were blinded by their specialist expertise so they couldn't see the backdoor code, Charles King, principal at Pund-IT, suggested.
"Few developers examine protocols beyond their bailiwicks," King explained.

What About the Open Source Community?

Perry's comments have led many developers to begin auditing the OpenBSD IPSEC stack, King told TechNewsWorld. However, no one has confirmed the existence of any backdoors so far, he added.
"Coming in the midst of the controversy surrounding WikiLeaks, I expect this issue to spark vigorous dialog and debate, but it would be a mistake to paint it in simplistic black and white terms," King warned.
On the other hand, OpenBSD is one of the smaller OS distributions. "Other operating environments, including Linux, Windows, FreeBSD and OS X offer similar functionality," King pointed out.
Indeed, some open source software vendors said they don't even use the OpenBSD Crypto Framework.
"We don't use that library at all, so it has no impact on us directly," Meghan Gill, a spokesperson for 10gen, which offers the MongoDB open source non-relational database, told TechNewsWorld.
"Mozilla does not use OpenBSD or their crypto stack," Mozilla Foundation spokesperson Melissa Shapiro told TechNewsWorld.
The OpenBSD Foundation stepped away from the issue of backdoors when contacted for comment.
"The OpenBSD Foundation does not and cannot speak for or on behalf of the OpenBSD project, related projects, or the individuals in the communities of the projects in any way," foundation spokesperson Kenneth Westerback told TechNewsWorld.
The foundation did not exist at the time the backdoor project was allegedly launched, Westerback added.
"Berkeley Systems Distribution is a version of Unix that's been out since the late '70s," LogLogic's Roth pointed out. There could have been many changes made to the source code in that time, he said.