LOPPSI 2 et autres lois en I après DADVSI, HADOPI…

Après la loi DADVSI (2006, déjà caduque), la HADOPI qui lui fait suite (devra faire la preuve de son efficacité, non avérée, depuis le 1er janvier 2010, mais les ayants-droit ne se font probablement guère d’illusion), aujourd’hui a été votée à l’assemblée la nouvelle loi dite “LOPPSI” qui comprend un volet complétant l’arsenal juridique des lois Internet :

PROJET DE LOI d’orientation et de programmation pour la performance de la sécurité intérieure :

Conformément à l’engagement de la ministre de l’intérieur, le présent projet d’article met à la charge des fournisseurs d’accès à Internet l’obligation d’empêcher l’accès des utilisateurs aux contenus illicites. La liste des sites dont il convient d’interdire l’accès leur sera communiquée sous la forme d’un arrêté du ministre de l’intérieur. En pratique, l’OCLCTIC transmettra au FAI les données utiles par voie dématérialisée. Les FAI auront le libre choix des technologies de blocage selon leurs infrastructures.

(voir aussi un article complet sur les mesures de LOPPSI 2 sur lemonde.fr)

Les FAI seraient financièrement dédommagés des coûts de mise en oeuvre du filtrage par l’autorité publique.

Il y a plusieurs choses à noter en l’occurrence.

Continue reading LOPPSI 2 et autres lois en I après DADVSI, HADOPI…

Google Buzz start-up requesters update

Apparently the Google Buzz team is very hard at work (on a week-end break!) to fix some of the more blatant problems with Buzz initialization, see their post titled A new Buzz start-up experience based on your feedback; including a nice apology at the end regarding the panic.

My gut feeling is that there are still way too many opt-out things. List visibility, for one: opt-out still does not feel quite right to me; it is too easy for people to not care at first and regret it only when it’s too late. The obvious fact that leaked information can’t be unleaked should be taken into account.

Also, one of the core problems, clearly separating contacts vs friends, apparently remains. I’ll need to retry Buzz someday to see how it feels after this update.

Update: see also Google Buzz – anatomy of a slow motion train wreck, a very good analysis of what happened and things to expect. I share the feeling about the shift in privacy habits that Google (or should I say, some people at Google, but from where I stand that is irrelevant) are trying to shove down our throats.

Update: the mainstream press is getting angry, too. Furious John Naughton article in The Guardian, quoting:

In the real world, the devil is in the details. In cyberspace, it’s in the defaults. And the default settings in Buzz are so crass that one cannot imagine they are the product of corporate carelessness.

The Google boys are smart and know exactly what they’re doing. They’ve been enviously watching the stupendous growth of Twitter and Facebook and wondering how Google can cut them off at the knees before they become really unstoppable – which brings us back to Microsoft.

Update: another article, Buzz: Google Needs Better ‘People Skills’: (this one I find slightly unfair, albeit not totally undeserved)

Given the option, Google’s choice for default settings were what benefited Google the most, not what best protected its consumers.[…]

Privacy, however, impacts everything Google does. That the company could get Buzz privacy so terribly wrong is reason for serious concern.

Google needs to learn when to put people first and technology second.pdate:

Continue reading Google Buzz start-up requesters update

Google Buzz privacy debacle

So… as I said just 2 days ago, I tried Buzz.

And as I also said, « certainly missed a boatload of things and got some wrong ». Famous last words. How right I was !

I tried Buzz just like half the planet actually, which I didn’t realize until yesterday, when I found my Gmail account spammed by people I never heard about before, replying on my buzzes or writing buzzes I received or subscribing to my stuff.

I was panic-struck, just like the rest of the planet. That was the main theme of the comments I saw: « I’m panicking, are you? » « Oh yes I am, but who are you and how come you write this in my Buzz? ».

It somehow found the feed to this blog. I still haven’t quite figured out how; maybe that’s my fault, maybe not; anyway I validated it. I’m glad I wasn’t using Blogger, sorry but I’ve got enough knives planted in my back at the moment.

I did what everybody did yesterday evening: shut down all the incoming feeds, deleted posts and/or comments (“did I write something to my contacts that’s not for public consumption?”), tried to shut down everything outgoing, checked out all my subscribers, and tried to figure out how the damn thing decides that something should be visible or not visible, by others from me or by me from others. I’m still freaked out.

I still think this stuff makes Facebook look like amateur privacy violators by comparison. Even the quote by Eric Schmidt about privacy looks like a detail now (even though it was right-on).

The major, enormous psychological (not technical) error is that this was placed in the Gmail account; something you typically expect to be private. Putting there stuff that’s geared to be broadcast all over the place, in a opt-out way (second major error: everything is public by default, and you can’t ever revert to private after publishing, your only bet is to delete), is a tragically bad, bad, bad idea. Third error, fuzzy rules (recommendations? I’m not even sure) allowing buzzes to skip over contact boundaries.

By putting Buzz inside of Gmail, Google probably wanted to drive up adoption. Well done, it’s adopted all over the place with posts and comments and blog posts and tweet guts spilled everywhere, aggregated, resent, accessible without your knowledge. What a sorry mess. Evil? Still not sure about that. Ill-considered, that’s for sure.

Fourth, but not least, error — but is that really an error? Looks like a strategy, really –, Google confuses public availability with right-to-broadcast. My buzzes or blog posts being public does not mean that I want Google to spam these to contacts of contacts of contacts.

I’ll have to wait until the dust settles in my mind to know whether I really want to use this stuff. It’ll remain anyway as one of my most creepy experiences of late.

Already we see blog posts everywhere flowing about people who’ve unknowingly leaked private information to bosses, ex-husbands and so on. Too many to mention.

Update: Sixth error, the blocking of followers is not real security over leakage. It’s cleaning up after the fact (see the blog post linked-to above).

Update (21h41): Seventh error, and now (since when? since Buzz? No idea whatsoever, seems new since it also appears on my buzzes now) my Orkut photograph has been imported to my Gmail profile and appears to all my chat contacts. I never asked for that… it’s a photograph of me at the age of 3 months! Never meant to be visible in Gmail.

Eight error: so obvious I missed it… the followers/followee list is public by default “Display the list of people I’m following and people following me”. Which means you have a privacy leak in your contact list, since that’s where the followers come from.

This is insane. I think Google really has jumped the shark, this time. I’m out of Buzz for the foreseeable future.

Update (23h38): additional thoughts in relation to the above… Google apparently doesn’t realize that mail contacts (many kinds of people) are very different from friends in a social network; the contact or chat list may look like a friends list functionally, but they do not contain the same kind of people and do not serve the same purpose. It’s obvious if you look at  who’s in your own respective lists. A lot of confusion stems from that. Google is trying to “Facebookize” the Gmail ecosystem and the fit just can’t be good. Maybe that’s a cultural problem.

Update (0h06): an idea I just got. If the Buzz follower/followee lists actually were new lists, treated like real friends lists starting from zero (i.e. not based on any contact list, not even with a pre-filled checkbox list), with a reciprocal acknowledge just like in social networks, the user would really be more in control, with the actual feeling of starting up his own, separate network.

Z5300, toujours jeunes

Un matin récent, j’avais pour mission de traverser les étendues sauvages et inexplorées du sud-ouest de la région parisienne.

Pour apporter un peu de piment à cette échappée, la neige avait décidé de tomber résolument quoiqu’avec sa douceur coutumière.

Me voilà donc à 8h55 sur le quai 10 de la gare Montparnasse. La rame qui va assurer le train que je dois prendre, prévu à 8h58, arrive à quai avec 2 minutes de retard sur sa mission précédente, emplie de voyageurs : une unité double de Z5300, celles qu’on appelle les petits gris.

Continue reading Z5300, toujours jeunes

Google Buzz

Okay. I’ve just learned I’m the proud and lucky (thanks to my guardian angel) owner of a Google Buzz account.

What is it? Actually, I’m still trying to figure that out exactly.

Try to imagine Google Talk (chat) extended with bits of Twitter (followers and followees, but that’s not how they’re called) and geolocation, integrated within Google Mail with an interface that’s slightly reminiscent of Google Wave presented in a blogpost-like format (there has to be a RSS feed somewhere underneath, but I didn’t find it); with possible post upvoting as in Digg or Reddit (but no downvoting).

And you can also mix in stuff from Picasa, Google Reader, Twitter itself, Flickr or blogs.

The above looks like a web 2.0 keyword soup; this is a good reflection of my first impression 🙂

That’s what I was able to gather after using it for 5 minutes. I certainly missed a boatload of things and got some wrong.

Android pattern locking: a horror story

45 seconds of play, ~5 hours of desperate hacking.

A few days ago, my 4 year old daughter was playing with my mobile phone running Android 1.6. To let her play with the screen while avoiding any mishap, I locked the phone. It was obviously not enough, she instantly found the MENU key to unlock it.

So I had the brilliant idea to put on a locking pattern, the pretty method used on Android to really lock the screen.

After 5 unsuccessful tries, which my daughter reached in about 15 seconds, the pattern unlocking incurs a 30-second guard delay. I decided that the game was too risky (I found out later there’s also a 20-try hard limit, but we didn’t reach it) and took my phone back.

There, I had another brilliantly fatal idea: I clicked on the “forgot the unlock pattern” button which just appeared, just out of curiosity to see what would happen next. The phone asked for my Gmail account and password. I filled the requested information, but it didn’t unlock the phone; apparently this is a known Android bug that I didn’t know about. And, contrary to what I naively assumed, there was no way to get back to the unlock pattern screen. I rebooted the phone. No change, no escape.

Then it dawned on me that I was 600 kilometers away from home, for almost a full week, without all my computer tools. And I was locked out of my own phone.

Continue reading Android pattern locking: a horror story

voie libre ou appel système