Just a quick note to say that the three Staggering Stories Podcast team members that were due to holiday in Egypt (those being Adam, Fake Keith and Real Keith – plus two others not ever heard in the podcast) have arrived safely.

In fact we could go so far as to say we are having a great (but exhausting) time of it right now!

Here’s a few quick photos taken with my new camera. These are the JPEG versions without any kind of editing. At some point I’ll bring the RAW files into a tool to improve them.  Right click and ‘View Image’ to see them without the browser/Wordpress forced image resizing that gives those nice jaggies…

Adam (me) going native.

Luxor Temple – it’s tall!

Three of the great pyramids at Cairo

The Spinx with pyramids in the background (all arty and sunsetty!)

The Nile at dusk.

With our recent podcast now published, I have a few days before I need to think about the next one or the August (for September!) Staggering Stories update.

That being the case I find myself looking, once again, at a site visual redesign. My current efforts are a bit of a shock to the eyes, it will probably need to be toned down a bit! Much more work is outstanding on that job, not least the actual implementation on 400 odd html files…

Onto my other quick subject, though – social networking sites. Yesterday afternoon I was looking at the ex-Outpost Gallifrey forum and the SFX forum to post announcements on the Podcast 26 release. On at least one of those sites I was beaten to it by one of my fellow Staggering Stories friends. At the bottom of her post she put a link to the Staggering Stories Facebook site. Now I’ve been resistant to the MySpaces and Facebooks of this world for some time, it all seemed a bit pointless and a bit faddish. The past year I’ve been particularly resistant to Facebook after seeing someone publicly vilified (very publicly) for a jokey Facebook profile (that was actually done by a friend of theirs.) Is it time I relented, though? Can I sit by and not be part of that Staggering Stories facebook group? Probably not. That cracking sound you hear is probably leading to an imminent cave in!

The other Social Networking thing I’m currently investigating is Twitter. Yes, I’ve already created a Twitter account, AdamJPurcell. Just quickly, what’s Twitter? According to the ever amazing Wikipedia (more popular than the Celestial Home Care Omnibus):

Twitter is a free social networking and micro-blogging service that allows its users (also known as twits) to send updates (otherwise known as tweets) which are text-based posts of up to 140 characters in length.

Why? It is just a way to add a bit more life to the Staggering Stories site. I can post saying that we are about to start recording a podcast. I can tell people that I’m working on the next update. Even tell them about Sci Fi type things I’m doing or have just found out about. Of course I can do this ‘micro-blogging’ direct on my new mobile phone, too.

Will this Twitter idea really catch on with me? Maybe. Maybe not. Who knows. An interesting experiment.

Just a quick note to anyone out there how may be interested. Some of the Staggering Stories team will be attending the Royal Albert Hall Prom number 13 (Music from Doctor Who) this Sunday (27th July 2008)!

I am greatly looking forward to it. We missed out on getting tickets to the Cardiff event a couple of years ago but this time we’ve managed to wrangle it somehow (or was it just plain luck?!) I will be there in a Staggering Stories T-Shirt (dress code permitting!) and I hope at least one other of our number might do the same (hint, hint!) If you see us wandering around like idiots (we know no other way) then feel free to accost us and say hi (but not HAI! in Pertwee fashion, please!)

Expect a full report of goings on (including talk of that scene filmed by Tennant especially for the event) in the next podcast and probably in a more considered way by form of a written article to appear in the end of August main site update (see main site www.StaggeringStories.net).

We hope to see you there!

The whole Phorm debate has died down a little recently. It’s still coming coming, though, as are similar systems throughout the world. A while back I promised I’d note down some tools that I use to help protect my privacy online so you might do the same. So, here is my current setup:

• Firefox
• The best place to start with online privacy and safety is, I find, to use the Firefox Web Browser. The list of advantages over the default (on Windows) Internet Explorer browser are far too numerous for me to list here. The main point is that Firefox is just more secure. It also has a very good Extensions framework that we can use to plug in any manner of Add-Ons, such as:

• CookieCuller
• The all too numerous advert and web user tracking firms all use web browser cookies to remember who you are. A cookie is basically a tiny little text file that is saved on your computer by a website. The web is non-stateful, in other words every page request you make is unique and unassociated with any other. Think of the web as someone with no short term memory. You are on a walrus cleaning kit shop web site, you browse to the product that is correct for your particular walrus (it might have especially leathery skin). You click on ‘buy’. This causes the page to refresh, i.e. the web server serves another page to your browser. The web server knows what you’ve just clicked, as it is directly responding to it, so it can show you your new item in your basket. Click ‘check out’ and, whoops, your cleaning kit has gone! Why? Because it only knows about your last action, namely clicking ‘check out’. It has forgotten about the ‘buy’ you clicked the time before – it has no memory, it can only respond to your current action. That’s where cookies come in. The web server might assign you a unique ID (often a fantastically long random number). The web server can then request that cookie from your browser every time a page needs to be built. The server can then store, usually in a database on its end, a history of your actions. When it sees your cookie it knows who you are, can look you up in its database and can thereby remember what you’ve done already. Incredibly useful and even essential for many sites.
• The problem is that adware firms and tracking firms (often one and the same) can also use cookies to remember who you are. Almost all major websites now havew third party tracking junk on their webpages. Phorm also uses this technique to remember who you are (and, even, remember who you are and that you’ve ‘opted out’ of being tracked!) The obvious solution to this is to either block or automatically delete these cookies. That’s where CookieCuller comes in. It’s a Firefox extension that enhances the already built in cookie control options. With the default Firefox cookie support you can already ban cookies from sites that you choose (the likes of advertising.com, phorm.com, oix.com, adrevolver.com, webtrendslive.com, and so forth). That’s great if you are sure about banning those cookies outright and keep an eye on new cookies that appear (Firefox ‘Preferences’, ‘Privacy’ section, ‘Cookies’ tab, ‘View Cookies’). An alternative, or as a supplement in my case, is to use CookieCuller to automatically delete cookies when starting up Firefox each time. They can still see what you do over that Firefox usage session but next time you use Firefox they won’t realise you are the same person, you’ll be automatically assigned a new unique ID as your last one is gone. Install CookieCuller, perform the necessary Firefox restart, go to the ‘Tools’ menu, ‘Extensions’, select ‘CookieCuller’, press the ‘Preferences’ button and check the ‘Delete unprotected cookies at startup’ box. There you have it, those firms that have been tracking you for months will no longer be able to do that day to day. You can also ‘protect’ certain cookies from the automatic chop (such as any Staggering Stories cookies – we’re not tracking you, honest!) so you aren’t forever having to type in your usernames and logins to some sites that remember such things. See the ‘Tools’, ‘CookieCuller’ main preferences page for that.

• Adblock or Adblock Plus
• Another couple of Firefox extensions. They both serve the same purpose: removing those irritating adverts. Small unobtrusive adverts aren’t normally a problem. However, these days many pages come plastered with dozens of irritating flashing images, jumping all over the place. I not only don’t like looking at them but I outright don’t trust them, at best they might be trying to track me, at worst they might be trying to install malware on my system. The best option is to stop them downloading to my machine at all. Saves bandwidth (pages load quicker), saves my sanity from the crazy flashiness and protects me from any nastiness. Either Adblock or Adblock Plus will help with this. Personally I still use Adblock (it’s simpler but, as I recall of Adblock Plus, requires more work to maintain than its Plus variant). You can try out both (one at a time!) to see which you prefer. The original Adblock provides a list of elements on the page, such as images and javascript, along with where they came from. Usually these adverts come from another site than the one you are visiting and are therefore very easy to spot in the list. You can then simply always block from that advert bureau site (which, when you’ve encountered most of the major bureaus, will clean up the majority of all sites for you – there are only so many advert peddlers that most sites use).

• TOR
• This is a big leap from Firefox and add-ons, even I rarely use it. TOR stands for The Onion Router. All of the above ideas still pass pages and other data through your ISP’s systems in a fashion they can intercept. Your ISP still knows where you are going online and, potentially, what you are reading/watching and buying. I say potentially as some sites, particularly shops during the check-out phase, do encrypt the traffic so no one else can read it. They can still see where you are, however. The only way to avoid your ISP being able to snoop on your privacy is to encrypt all of the traffic on your computer before it goes out to your ISP, including the name/URL of your destinations. But how can your ISP send your requests onto the correct site when they don’t know where you want to connect? That’s where an onion routing network comes in. Think of an onion, any onion. In the centre is your data – the web page you are trying to read or data you are sending back to the web server. Around that are multiple layers of encryption. A series of machines, as part of the TOR network, are out on the Internet waiting for your traffic. You have a layer of encryption for each machine. Your computer sends the onion to the first computer in it’s list. That computer, and only that computer, can decrypt the first layer. Inside it sees another layer and an instruction of the next TOR computer to send the diminished onion on to. The next TOR computer does the same, passing on to the next computer and so on. Finally the onion will have only one layer left, it strips it off by decrypting it. There it finds the now unencrypted centre of the onion which may be, for example, a request for a web page. The machine grabs that page on your behalf (the web site not knowing that the TOR machine requesting the page isn’t where it will ultimately go). Then it creates a new onion that is sent on a reverse path back to you.
• The upshot of all this is that the ISP only sees encrypted traffic into the TOR network and has no idea the route through the TOR network it might take and especially not the final destination. Likewise the final destination doesn’t know the true source of the traffic, only the IP address of the exit point of the TOR network you are currently using (it is a random path, including entry and exit point, each session). Clever stuff. Not perfectly secure and I haven’t explained it particularly well or accurately but it will certainly stop your ISP and their Phorm buddies invading your online privacy. It is also often a little slow, for obvious reasons. That’s why I rarely use it but then Phorm isn’t active on Virgin Media yet (so far as we know…) It also requires a special proxy to be installed on your computer (or local network) and configuration of your web browser(s) to use it. It may well be worth all the trouble in the future, though…

That’s all the tools I currently use to stop strangers snooping on me (or, at least, make it a lot more difficult). Take this as a starting position, a place to begin your understanding. Everyone should have an understanding of the privacy tools on offer. I once heard someone equate your ISP to your doctor. Both know a lot of private details about you. Wouldn’t you be horrified to hear your doctor is selling those details to third parties? Potentially your ISP knows even more sensitive information about you. They should treat ‘patient’ confidentially with even more care. Instead they really are looking to betray those confidences for money. Don’t let them.

If you’ve got nothing to hide then you’ve got nothing to worry about. So say those who wish to intrude on our lives in so many varied and insidious ways. It’s an argument that, on the face of it, is hard to counter.

Phorm is the new Internet monitoring system that is about to be installed on about 90% of all UK broadband lines. British Telecom, Virgin Media and Carphone Warehouse have done a deal with this Phorm outfit that will see all regular web traffic pass through servers Phorm have provided. A unique ID will be assigned to your computer in the form of a web browser cookie. Every web page you then go to will be categorised and put against your unique profile in the Phorm system. This profile will be used to target adverts at you.

Such ‘consumer profiling’ is not new. Every shop loyalty card you have is all about building a profile of you. Of course the difference between what type of tea you buy and what you do online is vast. Do you do Internet banking? Do you use web based email? Do you run a blog? Social networking sites? Ever looked up medical advice? Car or home insurance? Forums? Wikipedia searches? Online shopping? The list can go on and on. Still got nothing to hide?

We’ve all heard stories of people having their identity stolen simply by people looking through their rubbish. We are all warned to shred important documents instead of just bin them intact. At least with our rubbish we can be fairly confident that the local authorities aren’t systematically sifting it to build up a picture of who everyone is (that would be a massive manual task that simply could no remain hidden, even conspiracy theorists must surely agree). The difference with Phorm is that we absolutely do know they are sifting through our online activities and there is almost certainly a lot more to be learnt from it than could ever be determined by our refuse. That’s their business model – find out all they can about us. It is, in effect, a wiretap on our Internet usage. How about now, still nothing to hide?

Public outrage has prompted Carphone Warehouse to promise an ‘opt-in’ for this service. BT and Virgin Media have made no such promise, so we assume the standard ‘opt-out’ mechanism will be used – you will be tracked unless you specifically opt out. What’s more in both scenarios it is still less than clear what this will mean on a hardware level. It currently appears that either way your traffic will go through a Phorm provided computer, the difference is that we are told that someone who has opted-out (or not opted in, in the case of Carphone Warehouse) will have their activities ignored. For many people this is not good enough, they don’t want their traffic going anywhere near Phorm computers. Not surprising, given that 121Media (the people behind Phorm) have in the past been accused of distributing spyware. Many Anti-Virus companies are also publicly considering classing the Phorm identity cookie as adware and automatically blocking it. Of course this doesn’t stop the traffic from entering the black box Phorm computers.

How much money is 121Media paying BT, Virgin Media and Carphone Warehouse? How can we trust these people as our ISPs, selling their customers activities to a third party? Is this just the beginning of a nasty trend? It is almost unbelievable that they’d take money to install third party computers between their customers and the wider Internet. All regular web traffic passing through Phorm, without exception. Big brother in a box that the Russian 121media own and administer remotely. It beggars belief. It speaks volumes as to value they put on their customers privacy. How can they ever be trusted again?

There is much more to be said on this yet. The limitations of the Phorm spying (both claimed and the certain (as in https should always be immune)). The potential ways around it. The legal questions the whole thing raises – does this constitute illegal ‘interception’ under the Regulation of Investigatory Powers Act 2000 (RIPA)?

More information can be found via the ever useful Wikipedia Phorm page. The BBC News Phorm coverage is also pretty good. The Register is probably the most vocal on Phorm news.

Certainly sign the Phorm Petition on the 10 Downing Street website, while you still can (before it expires I mean, I’m not suggesting that the new Phorm systems would ever block access to such protest sites…)

In future you may have to be very careful where you go on the Internet, even accidentally…