1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 32.69 (2/2)

    From RISKS List Owner@21:1/5 to It appears that Bernie Cosell on Mon May 31 00:08:37 2021
    [continued from previous message]

    for all of Facebook for six weeks on such a topical matter. Given how few posts there are, I would also like to know how many of those posts were in
    fact part of those 30 anti-vaccine groups.

    In any event, generalizing from this to the entirety to Facebook, Instagram
    and Twitter is wholly improper.

    (Indeed, in the PDF, Instagram is in fact not investigated at all. It is mentioned as being a platform these individuals use, but the content was not examined - only Facebook and Twitter.)

    I think the large majority of the PDF is emotive activism to censorship, including an actual and fairly lengthy profile of each of the accused, with
    a small and I have to say I found rather confusingly presented, and rather unexplained (too many "we choose as representative") part being the investigation that was performed.

    There may be something in this, but taken as it is, right now, this seems to
    me to be a means to an end - indeed, not entirely unlike the very disinformation it seeks to discredit in others. The origin is the "Center
    for Countering Digital Hate", so we can imagine they're coming at this from
    a particular point of view.

    ------------------------------

    Date: Sat, 22 May 2021 05:01:55 +0000
    From: Jay Libove <libove@felines.org>
    Subject: Sharing lock-picking information on RISKS

    [was: Re: A mom panicked when her 4-year-old bought $2,600 in SpongeBob,
    Popsicles (RISKS-32.65)]

    Interesting note by PGN, and interesting comment be Bernie. My eyes barely twitched when I read the original post which described how to bypass the Washington Post paywall. (I just open WaPo articles in an
    InPrivate/Incognito browser and re-accept the cookie and "You have three
    free articles left" notice).

    Should we share information about how to pick locks? I'm pretty sure we do that. Every day, in announcing vulnerabilities and the devilishly clever technology steps taken to exploit them. And, even better, in a timeless
    SciFi way, by theorizing from where a next class of such vulnerabilities
    will come, and how they may be used (for good and ill).

    Of course, there's a responsible way to do that (and in my decades reading RISKS the posts here have always fallen on the responsible side; thank you, moderators).

    What constitutes responsible disclosure of "Site <X>'s paywall can be bypassed?"

    For that matter, what constitutes *ethics* in such a situation?

    I'm a paying subscriber to at least four major news publications across
    three countries on two continents, and on all of them I *still* have to repeatedly deal with cookie (re-)notices, to re-log in too frequently
    (despite the "remember me" box having been ticked), and to suffer a raft of other repetitive, intrusive technology and user experience design failures.

    Where is the ethos that says that, especially for the paying customer, site
    <X> has to do a good enough job to avoid repeatedly interfering with my paid
    use of their product, and stop wasting my time?

    Two wrongs don't make a right (Despite that sometimes three lefts do ...),
    but, NOT talking about the-secret-that-everyone-knows which isn't even so
    much a symptom of "I don't want to pay for it"-it is but really "it's broken and everyone knows it but why won't anyone actually fix it" .. is that even unethical, in fact? Or is it a needed prod to fix these services?

    With all that background, plus of course the broad availability of browser plugins, etc, meant explicitly to bypass paywalls, cookie banners, etc, I didn't see any reason why RISKS shouldn't allow such an item to be posted,
    and I'm unsurprised that the moderators didn't get much feedback about it.

    Bernie, I'm glad you raised it, because I think that a *risk* that maybe we haven't discussed enough in recent years is the aggregated societal cost in wasted time and increased stress from poor user experience caused by a combination of incompetence, excessive intent to continue selling (even to those who have already bought), and failures to understand/ excessive(?)
    fear of regulatory action provoking excessive "security" and "compliance" friction in daily Internet use.

    [This is a very useful response. I do not endorse schemes to get around
    paywalls. For many years, I have tried to invoke fair use and *not* to
    not run pay-walled items without seriously abridging them or PGN-ed-ing
    them into my own words, and encouraging interested readers to dig out the
    originals as appropriate. In running the original item, I was hoping to
    trigger some constructive discussion that is respectful of paywalls but
    also warning that we are increasingly living in a world where almost
    everything is becoming monetized. I am delighted with the responses from
    both Bernie and Jay. PGN]

    ------------------------------

    Date: Sat, 22 May 2021 12:09:13 +0100
    From: Martin Ward <martin@gkc.org.uk>
    Subject: NoScript is immoral? (Re: RISKS-32.69)

    I have been running NoScript to block all Javascript by default on all but a few websites for many years and have been reading the occasional article
    from the Washington Post for many years. I would not have even *known* about their javascript block if I hadn't run the experiment of turning off
    NoScript on the web site. Note that the Post hands out and displays the complete article, along with some javascript that waits a few moments, and
    then covers up the article with a request for a subscription. If the
    javascript is not executed, then the article is not covered up. For all I
    know, there may be dozens of other web sites that do the same!

    A real world analogy: The Washington Post says, "I have an article about
    XYZ, would you like to read it?", You reply "OK, I'll have a look at it".
    *The Washington Post* hands you the article and you start reading. Then *The Washington Post* hands you a piece of cardboard and says "Please cover the article I just gave you with this cardboard". You ask "Why?" and WP answers "So that I can ask you to pay me money to take the cardboard away
    again". You say "How about I just decide *not* to cover the article with the cardboard and carry on reading?". "THIEF!!!" Except in my case, I didn't
    even *hear* the request to cover the article with the card. Am I still a
    thief?

    Is it really morally wrong to choose *not* to execute by default every piece
    of code that is handed to you by any web site that you decide to visit?

    ------------------------------

    Date: 21 May 2021 21:50:31 -0400
    From: "John Levine" <johnl@iecc.com>
    Subject: Re: freemium for all, was A mom panicked

    It appears that Bernie Cosell <cosell@alum.mit.edu> said:

    How handy! We needed a forum on how to "share" things that we ought to pay >for. Next fun activity on RISKS -- how to get ATMs to spit out money.

    NB: I don't mean to start a fight but I don't think that kind of "help" is >appropriate for RISKS.

    For anyone familiar with the way that the web works, it should be obvious
    that freemium sites that let you view a few articles and then ask you to pay use a browser cookie to keep the article count. If you set your browser not
    to accept cookies from a site, there is no counter and in most cases you can see all the articles you want. A few sites are pickier and check to see if you're doing that, but mostly they don't bother, on the reasonable
    assumption that anyone trying that hard to bypass the paywall is unlikely
    ever to pay, and the harder they try to block freeloaders, the more likely they'll also accidentally block legit users.

    Those of us from the previous millennium remember software on copy protected floppy disks, same idea to allow some kinds of use typical of paying
    customers but not other kinds typical of non-payors. The software industry eventually stopped doing that, because the copy protection annoyed the legit users, and the people who might be deterred by copy protection were unlikely
    to turn into paying customers. There was even a plausible argument that a certain amount of copying led to more sales as people with illicit copies
    found they liked the software enough to pay for documentation (there were
    these paper things called "manuals") and support (using a now-forgotten kind
    of telephone that you couldn't lose because it was attached to the wall with
    a wire.)

    As I've noted before, newspaper reporters like to eat, and subscriptions are
    a big part of how they do that. So if you tweak your browser to bypass the paywall, that has nothing to do with "freedom". You're just being cheap.

    PS: Next rant: why I don't waste a lot of time chasing down pirate PDFs of
    my books. But when people write and say your book is expensive, send me a
    PDF for free, sorry, no, that's what libraries are for.

    ------------------------------

    Date: Mon, 24 May 2021 20:16:00 +0000
    From: David Roman <roman@hq.acm.org>
    Subject: June 2021 CACM Inside Risks column and video

    "The Risks of Election Believability (or Lack Thereof)," the Inside Risks column in the June 2021 Communications of the ACM (CACM), and its related video, by Rebecca T. Mercuri and Peter G. Neumann, have been published
    online at https://cacm.acm.org/magazines/2021/6/252836-the-risks-of-election-believability-or-lack-thereof/fulltext.
    The video alone is at https://vimeo.com/552504677.

    [David's ACM URLs are likely to be behind the ACM paywall. The article
    is also up on the Inside Risks website at
    http://www.csl.sri.com/neumann/insiderisks251.pdf
    PGN]

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.69
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)