(A Javascript-enabled browser is required to email me.)
Tasty logo & award

   TBTF Log

This is the TBTF Log, an experiment in reporting important breaking news in a very timely way. The TBTF newsletter continues unchanged. The most recent issue is TBTF for 2000-04-19: Dot-communist.

About this Web log.
Link using this permanent URL.
Previous weeks' logs table of contents.

Saturday, May 20, 2000

5/20/2000 5:41:49 PM

  • Should you register to vote in ICANN's board elections? Read Michael Froomkin's article if you care whether or not ICANN ever hears any voices that don't represent large corporate interests. Then register for at-large ICANN membership (required to vote in the upcoming elections). The way the nominating process is set up now (in theory subject to change after community input), it will be devilishly difficult for an independent candidate -- one not approved by the ICANN-dominated nominating committee -- to make it onto the ballot. The Nominating Committee makes its selections between now and July 20, and the self-nomination process runs from July 20 to August 20. Voting begins September 20.

    Thanks to TBTF Irregular Ted Byfield for forwarding this pointer.

Friday, May 19, 2000

5/19/2000 8:40:16 PM

  • ICANN unilaterally invoicing ccTLDs. Long-simmering tension between ICANN and the historical regime of country-code top-level domains is beginning to boil. Last week TBTF's man on the ccTLD front, Irregular Ant Brooks <ant at hivemind dot net>, sent this note from Fay Howard of CENTR, the Council of European National Top-Level Domain Registries.
      Last year Willie Black of Nominet UK circulated a report to the
      ccTLD list on the outcome of the ICANN Task Force on Funding for the
      year 1999-2000. This envisaged the ccTLD community as a whole
      providing some 35% of the income budget of ICANN amounting to
      $1.49M. He also suggested a possible self-select banding structure
      where the larger ccTLDs would pay more and this included a small
      "starter" band of $1. We all strongly rejected the idea of any link
      between payments and the number of Domains Registered.
      In addition, ICANN staff were present at a CENTR General Assembly
      meeting in December 1999 at which several of the CENTR members
      agreed to make one-off donations pending ICANN's clarification of
      the services they would be providing in return for the funding.
      You will now have seen that ICANN have issued invoices to all ccTLDs
      based on a Domain Name tax model. This situation was discussed by
      the CENTR Executive Committee who have recommended to the CENTR
      members that the ICANN model and associated invoice be rejected.
      They re-iterated that the voluntary banding model be the basis for
      donations to ICANN for the year 1999/2000 and will be progressing
      the details at their meeting in June.
      CENTR Excom strongly urges all ccTLDs to reject the Domain Name tax
      model and not to respond to the invoices received. Acceptance could
      prejudice your rights in the future.
    Now Brooks writes live from the RIPE conference in Budapest with this paraphrase of the comments of ICANN CEO Mike Roberts on the issue:
      In most jurisdictions, only properly constituted government bodies
      can implement a tax -- ICANN is not such a body, so the ccTLD fees
      are not a tax. If the fees proposed by ICANN's staff are not a tax,
      what are they?
      There are a number of possible ways of allocating the fees agreed by
      the funding task force amongst the ccTLDs. ICANN wants the ccTLD
      community to decide how best to do this, but after waiting for six
      months for a proposal from the ccTLD community, ICANN staff felt
      that they had to proceed with some sort of funding model.
      ICANN decided to use the same model recommended by and implemented
      for the gTLDs, but this model may not be appropriate for the ccTLD
      community. ICANN is open to counter-proposals from the ccTLD
      community for a better way of allocating the funds.

5/19/2000 5:33:53 PM

  • Real / NetZip "Download Demon" is spyware. The current number of the Privacy Forum contains the unwelcome intelligence that RealNetworks, despite all its past privacy woes, has plunged into the spyware racket. Real bought NetZip (when did that happen?), and now a NetZip utility called Download Demon silently rides along with Real Media downloads. Lauren Weinstein reports that Download Demon, virus-like, quietly installs itself when you install whatever Real software you thought you were buying into, and makes itself the default FTP agent invoked by your browser.

    Download Demon then proceeds to report back to home base the name and URL of every file you transfer. All "anonymously," of course.

    It turns out that Download Demon has a privacy policy -- subject to change without notice, of course -- though you would ordinarily have no reason to go looking for it.

    Here's Weinstein's take on this cavalier attitude towards user privacy:

    The "trust us, it's anonymous, you have nothing to be concerned about" philosophy expounded in so many complex commercial privacy policies might satisfy Alfred E. Neuman ("What, me worry?") of "Mad Magazine" fame, but seems increasingly inadequate for the rest of us.

    I've had it with Real. In my experience, with every release their products get more bloated and intrusive and more likely to freeze up or crash my machine. Perhaps their increasing reliance on sleazy, privacy-abusing marketing tactics is the company's desperate reaction to getting Netscaped by Microsoft. I wish they would just gracefully admit defeat and go sell themselves to America Online.

Wednesday, May 17, 2000

5/17/2000 4:11:30 PM

Monday, May 15, 2000

5/15/2000 2:09:52 PM

  • Bughunters been busy. Bennett Haselton is on a roll. Here are four security or privacy bugs he has found and publicized over the last 9 days. For the final bug, MSIE's "open Cookie Jar," Haselton worked with Jamie McCarthy.

    • Fri, 5 May 2000
      Local JavaScript Security Hole
      A security hole in Internet Explorer 4.x and 5.x that lets a malicious Web site steal passwords, email addresses, browsing history, real names of visitors, and other information simply by loading a Web site into a user's browser

    • Tue, 9 May 2000
      Fake Mail Form Security Hole
      A method for intercepting passwords used at free Web-based email services including Yahoo Mail, USA.net, and MailExcite

    • Wed, 10 May 2000
      JavaScript-In-Attachment Attack
      A backdoor in HotMail that lets you break in to any HotMail account, by sending the person an email with an HTML file attached to the message

    • Thu, 11 May 2000
      Open Cookie Jar
      A way for a Web site to read all cookies stored by Internet Explorer -- including cookies that were never intended to be visible to a third-party Web page.

About this Web log

email address

Subscribe   Unsubscribe

This venue represents an experiment in more timely and less "cooked" TBTF news coverage. You'll read here things that came through my desktop machine mere minutes before. The TBTF Log replaces the Tasty Bit of the Day feature.

You can receive a collected week's worth of TBTF Log items by email every Sunday evening; simply fill out the form.

Do you value this service?

Be a TBTF Benefactor
The email and Web editions of Tasty Bits from the Technology Front represent my best effort to present engaging, cogent news and analysis on what matters to the life of the Net. The TBTF newsletter will continue as before.


Powered by Blogger

Copyright 1994-2023 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.