digital knowledge. digital culture. digital memory.

24.12.07

NORAD tracks Santa over Fiji


New to this blog? Why not subscribe to its feed or sign up for free email updates?

That's right, NORAD tracked Father Christmas by RADAR leaving the North Pole, then servicing Eastern Siberia, followed by the Marshal Islands, and then over our island home at around 9:30 pm Fiji Time. This year, NORAD is providing two interfaces to their Santa tracking. The one depicted below using Google Maps and...


This one using a Google Earth KMZ file constructed by NORAD (get their KMZ here).


Maybe next year we will be able to go on a ridealong with Santa using Google VR? Happy holidays!

Blogged with Flock

17.12.07

Secret messages - thinking about cryptology


New to this blog? Why not subscribe to its feed or sign up for free email updates?

The history of secrecy is as old as the history of ideas. Whether for reasons of war, religion, power, jealousy, or, of course, love, people of every culture have always found reasons to keep secrets. Of course, keeping a secret is not difficult until you try to communicate it to someone else. What if someone overhears you whispering the secret? Or worse, what if the secret message is intercepted by an assailant and does not even reach the intended recipient?

Simple model for secure communication between Alice and Bob with adversary Eve attempting to view the romantic missive

Historical attempts to foil Eve's efforts have fallen into three categories:
  • Physically secure the message from access to all except its intended recipients. This could include hand delivering a love note to your sweetie at school, hiring a bonded courier to transport contract drafts burned on CDs to your business partner, or hiring an armored car to take a bank vault combination to the main branch for safe keeping. In other words, do not let Eve get her hands on it.
  • Use steganography - Conceal the message in some other innocuous message. This includes communicating messages in innocent looking classified adds in the newspaper, hiding digital signals in what sounds like background noise on telephone calls, or embed messages in otherwise normal JPEGs, MP3, or other files using steghide. [try it!] In other words, do not let Eve know that a secret is being transmitted.
  • Mathematically encrypt the message in such a way that it is difficult for an adversary to recover the original message even if she gains access to the entire encrypted message. In other words, even if Eve gets the message, make it difficult for her to decode it. An early example is a method used by Julius Caesar to protect military orders. Now, message encryption has become a sophisticated military practice and is the cornerstone of the modern banking and e-commerce industries. It is the greatest asset of political activists in oppressive regimes and the scourge of law enforcement and national security forces when fighting online threats.
It is this final approach - the mathematical approach to protecting information, the field of cryptology - that I would like to investigate in the next few blog posts. How does it work? What if criminals or enemies of the state use it?

Icons by: Mark James
Photo by: dirtyfeet

4.12.07

Google wants you to inform on evil websites


New to this blog? Why not subscribe to its feed or sign up for free email updates?


The Google Online Security Blog posted an update to the monsterous corporation's ongoing battle against malware and made the following plea to well-meaning web surfers:

Currently, we know of hundreds of thousands of websites that attempt to infect people's computers with malware. Unfortunately, we also know that there are more malware sites out there. This is where we need your help in filling in the gaps. If you come across a site that is hosting malware, we now have an easy way for you to let us know about it. If you come across a site that is hosting malware, please fill out this short form. Help us keep the internet safe, and report sites that distribute malware.
[Help us fill in the gaps!, Google Online Security Blog, November 29, 2007]
I have confession to make. The first thing that occurred to me when I read this was: this sounds like a great opportunity for online revenge! Fiji's interim government could report the Solivakasama blog, elusive freedom blogger Captain Intelligentsiya could inform on the RFMF site, Fiji's literacy-challenged community could report Paradise Not Found. And it would not have to stop there! The Unwired mavericks could report the ATH duo Kidanet and Connect's sites, Monopoly-buster Inkk could inform on the Vodafone site, the Oceanic hot-heads could report Webmasters, and Channel 2 (if Channel 2 even still exists?) could hit Fiji TV.

Let's hear it for Google's continuing ability to stick to their "do no evil" corporate motto by encouraging us to be informers! The truth is the average Internet user cannot accurately identify a malware site any better than Shiasta Shameem can play ice hockey.

Photo by: Zeet Jones

Blogged with Flock

3.12.07

USP art exhibit - UPDATE: new date


New to this blog? Why not subscribe to its feed or sign up for free email updates?

UPDATE: The opening with the refreshments has moved to December 6th at 5:30pm.

Art exhibit that is open to all - and note the free refreshments. I'll be there and would love to meet some more of the Fiji blogging community.

Blogged with Flock

28.11.07

Online freedom baby, yeah!


New to this blog? Why not subscribe to its feed or sign up for free email updates?


I was surprised to see Everyone's guide to by-passing Internet censorship for citizens worldwide as the first item under Information Management on UNESCO's Open Training Platform - an online repository of open license training materials.

To quote from the source:

This guide is meant to introduce non-technical users to Internet censorship circumvention technologies, and help them choose which of them best suits their circumstances and needs.

Everyone's guide to by-passing Internet censorship for citizens worldwide is a great guide for those who want to use the Internet anonymously, or circumvent filtering on their LAN or WAN, or help others to circumvent filtering in their country or organization, or all three. It contains clearly worded advice and has URLs for numerous free and commercial solutions including, to name but a few:
Internet users who desire freedom of expression and intellectual freedom should read this guide. Similarly, law enforcement organizations should read this guide as the same tools and tactics are used by online criminals.

Photo by: Norma Desmond

21.11.07

RIP HnC: another renegade blog bites the dust


New to this blog? Why not subscribe to its feed or sign up for free email updates?

sour tears by a shot in the dark
Another notorious anti-interim government blog goes offline. Hyde and Seek, which went live in May of 2007, seems to have taken itself offline within the last several hours after around 400 posts and thousands of comments.
Wordpress blog deletedAs with the death of WFC, rumors abound about whether or not the bloggers took the site down willingly or unwillingly. If you want to see how the site looked in June and July of 2007, there are three pages captured by the Internet Archive's Way Back Machine.

No doubt, a blog or two will take hnc's place.

Photo by: a shot in the dark

Blogged with Flock

20.11.07

USA and Fiji are "nations of lawbreakers"


New to this blog? Why not subscribe to its feed or sign up for free email updates?

Criminals by Dr John2005Let's be honest, it is difficult to spend $5 to rent a DVD for a day when you can own it for $1. Every year, hundreds of thousands of Fijians chose the $1 option. A FAVIA press release (with no supporting evidence whatsoever) claims that, "Fiji's piracy rate is about 98%." These numbers were rolling around in my head as I read a recent article by Nate Anderson on ars technica about a country that has chosen a very different path from Fiji when it comes to copyright.

Tehranian's paper points out just how pervasive copyright has become in our lives. Simply checking one's e-mail and including the full text in response could be a violation of copyright. So could a tattoo on Tehranian's shoulder of Captain Caveman—and potential damages escalate when Tehranian takes off his shirt at the university pool and engages in public performance of an unauthorized copyrighted work.

Singing "Happy Birthday" [and Happy Long-Life -cht] at a restaurant (unauthorized public performance) and capturing the event on a video camera (unauthorized reproduction) could increase his liability, and that's to say nothing of the copyrighted artwork hanging on the wall behind the dinner table (also captured without authorization by the camera). Tehranian calculates his yearly liability at $4.5 billion...

What better way could there be to create a nation of constant lawbreakers than to instill in that nation a contempt for its own laws? And what better way to instill contempt than to hand out rights so broad that most Americans simply find them absurd?
[Overly-broad copyright law has made USA a "nation of infringers", ars technica, Novemebr 19, 2007]
The USA has created a nation of constant lawbreakers by handing out absurd rights to copyright holders combined with millions of dollars of public money spent on enforcement. Fiji has created a nation of lawbreakers through a complete failure to enforce almost any rights of copyright holders.

Having unenforced laws in place for the sake of meeting Fiji's WIPO commitments (is there another reason?) may be doing more harm than good. In a nation who's elite has consistently had difficulty with the rule of law for the past twenty years, breach of copyright has become every man and woman's opportunity to join in the tradition of trampling on one of the nation's fundamental institutions. Is this really what we want for our beloved Fiji? Is this really what we want to teach our children?

My advice to the country: Either repeal the 1999 Copyright Act or figure out a way to enforce it.

Photo by: Dr John2005

Blogged with Flock

Do you read your server logs?


New to this blog? Why not subscribe to its feed or sign up for free email updates?

Cardboard PC? by kenwood
Do you read your server logs? I admit that I only read them rarely. Let's face it, they are pretty dull and repetitive. Most sensible administrators - those who do not find reading syslogs eight times a day to be rewarding - will use some sort of log monitoring tool to let them know if anything interesting is going on. My favorite would be logwatch and I have also used swatch in the past. However, these and other fine tools, even after very careful and time consuming configuration, are prone to raising alarms when there is really nothing to see. And these false positives lead, over time, to the never cry wolf syndrome. You just stop listening to the alarms. Or you configure the monitoring tool to ignore potentially interesting information just to shut it up.

One of the systems that I am responsible for is an old Compaq/HP Tru64 Unix box. Tru64 has among its features an alarm that is tripped if too many log entries are made to the system binary log in a short period of time. Recently, we received this alarm stating that over 500 log entries had been made in a one minute period. I immediately thought that one of the drives was dying a most unwelcome death again. However, when I checked the log, it turned out that some IP at a Spanish university (names withheld to protect the guilty) had made over 1000 attempts to brute force the root password via ssh in a two minute period (try THC-Hydra). Of course, root logins via ssh were disabled (check your sshd.conf) and the root password is very strong anyway so no harm was done.

But an attack is an attack and even if revenge is not possible, at least some action should be taken to reduce the likelihood of reoccurence. How can you do that? Let the attacker and the attacker's ISP know that you detected the attack and are motivated enough to do something about it. Hackers, whether pimply-faced script kiddiez or hardened criminals, are lazy and risk-averse and prefer to go after easy prey. If you detected this attack, you might detect others in the future. If you write a complaint email, you might call the police or at least your lawyer next time. How do you find your assailant's ISP? Through the controversial whois database.

After a couple of whois queries (try Sam Spade if you don't want to use the command line), I was able to contact the abuse email of the assailant's institution. Within 24 hours, they acknowledged receipt of my email. Within 48 hours they sent me an email stating that they had contacted the owner of the offending IP and were closing the trouble ticket. While I would like to have seen the assailant suffer in front of my own eyes, this is probably the best resolution that I could hope for. After all, the break in was not successful and no damage was done other than wasting my time - not to mention the fact that Fiji has no cybercrime legislation nor has a computer crime (or attempted computer crime) ever gone before Fiji's courts.

Photo by: kenwood

Blogged with Flock

7.11.07

Wow! The Quick Links are great!


New to this blog? Why not subscribe to its feed or sign up for free email updates?


While I have not had time to write a great deal in recent weeks, I have tried to keep you on top of interesting ICT stories from Fiji and around the world with the dfiji Quick Links which you can see on the right hand side of this blog or via the RSS feed.

A few interesting recent Quick Links include:

  • The Oceanic blog comments on gross financial mismanagement at USP in response to a lengthy article in Islands Business magazine. It is unfortunate that the hard working students and staff at USP are already experiencing the aftermath of recent disastrous financial decisions.
  • The O'Reilly Radar blog draws a comparison between libraries and the Oink music site that was recently taken offline by law enforcement.
  • The Fiji Times reports that new telecom licenses will be granted in Fiji some time on November. Creating genuine competition - not just competition between companies in the ATH family - would be a real boon for Fijian consumers.
How do I manage these great Quick Links? I use the free del.icio.us bookmark management and sharing site.

Photo by: splorp

25.10.07

A brief history of library technology in the South Pacific


New to this blog? Why not subscribe to its feed or sign up for free email updates?


Lately, I have been thinking about library technology in the South Pacific region. This is mainly due to the fact that I was supposed to have submitted a paper on the subject to the new CODE4LIB journal about a week ago (don't worry editors, I'm still writing!). I though it might help to think aloud and to give anyone out there a chance to correct my facts or put me onto new ones. Feedback is appreciated - please leave a comment below.

While the details are lost to history, libraries arrived to stay in the South Pacific along with the first missionaries. These early libraries in the region existed solely to support mission activities, especially education in mission schools. In 1909, the Carnegie Foundation built what is now the Suva City Library (no website, sigh), marking the first permanent presence of public libraries in the region. Towards the end of the colonial period larger libraries were established to support the work of large academic institutions such as the University of Papua New Guinea (found in 1965) and the University of the South Pacific (USP) (founded in 1968). More recently, international development funds have invested in the establishment of national libraries in the South Pacific such as the Cook Islands National Library (founded in 1993) and older national libraries in countries such as the Solomon Islands, Tuvalu, and Kiribati. It is worth noting that in some South Pacific countries, one large institution may serve as the de facto national library - for example, the Nelson Memorial Public Library in Samoa or the USP Library in Fiji.

But what of library technology? The few academic libraries in the region that predate the digital era certainly had the experience of card catalogues and all of the related trappings (In fact, many of the automated libraries in the region maintain these venerable artifacts after years of success with their system) and most small libraries in the region rely on the card or other manual instruments as the key tool for library operations. Computers came to the larger South Pacific libraries quite early - USP library went live with their first system in 1988. This was a VAX based Urika system similar to many employed throughout the developed world. Library automation eventually reached a substantial proportion of small and medium libraries in the region through UNESCO's promotion of the free CDS/ISIS library management system in the 1990s.

Around the turn of the millennium a very successful sales and marketing drive took advantage of the frustration with CDS/ISIS in the region - many countries lacked the required expertise to keep it operating - and replaced many CDS/ISIS installs with the commercial DB/TextWorks system running on Windows PCs. However, this approach also soon began to show weaknesses. While DB/TextWorks is reliable and easy to use, most South Pacific libraries lack the funding to purchase support and upgrades for the system. In addition, most libraries in the region purchased versions of DB/TextWorks that do not provide what are now seen as fundamental library system features such as the ability to import/export MARC, Z39.50/SRU support, and provision of web search (a.k.a. web OPAC). This has lead UNESCO to begin seeding the free open source Koha library system into major regional libraries in 2006. I have been fortunate to be involved in the two UNESCO funded Koha installations to date.

Of course, the world of library technology now extends far beyond the main systems that run our libraries, variously called library management systems (LMSs) or integrated library systems (ILSs). Library technology now gets into everything from remote database and Internet access, printing and photocopying, security technologies, self-checkout, online reference services (synchronous or asynchronous), meta-searching, link resolution, and too many more to name. It is safe to generalize that in the South Pacific, only the largest libraries utilize significant technologies beyond cards and an LMS; and even the largest libraries in the region are significantly behind comparable institutions in Australia and New Zealand when it comes to library technology beyond the core system.

Photo by: libraryman

12.10.07

Trust and DE


New to this blog? Why not subscribe to its feed or sign up for free email updates?

[Note to readers: Robert Martin and I have been having a blog2blog discussion about what he terms digital existence. You can see the start of the conversation here.]

You raised one point in your last post that fascinates me - audited Internet services. Before I get to that let me dispense with a couple other discussion points in no particular order.

Regarding Hushmail you wrote,

Since I am paranoid about my personal information, a better solution for my web mail might be something like Hushmail, which both Chris and I have used in the past. I stopped using Hushmail because you did, Chris, so maybe you can explain why you stopped using it.
[Crypto and DE, The Life and Times of Robert W. Martin. October 2, 2007]
This question really takes me down memory lane. Not only does it remind me of many years as a Hushmail user, but it also reminds me of what remains to this day my two most popular blog posts ever. This pair of posts on security and AJAX in March of 2005 still garner a few hits daily according to my vanity web monitoring. These posts have even been sighted, somewhat unflatteringly, in an IEEE conference address by Michael Sonntag, and in the O'Reilly book Ajax Design Patterns in connection with the Host-Proof-Hosting pattern. It is kind of cool as it is the only time in my life that my name is going to appear inside of an O'Reilly book other than when I scribble my name inside my own copies. In these posts, I discuss a general solution to using AJAX to provide cryptographic services, including digital signatures and cryptographic timestamps, to web applications. I also dissect the Java applet-based architecture of Hushmail as an illustration.

Anyway, why did I stop using Hushmail? Two reasons. First, the Java applet-based version of Hushmail that was available in those days (now they have a version that does not require Java) did not work through most corporate firewalls, which was a serious inconvenience to me. Second, from a pure usability stand point, other less secure email services such as gmail, yahoo mail and hotmail all left Hushmail behind in the dust. Still, it is fascinating that with the Java applet version of Hushmail, even the lead Hushmail sys admin could not decrypt my email. I have to claim ignorance on how the non-Java version of Hushmail operates.

You also wrote,
Your differential risk analysis did a good job pointing out that the two areas of concern are the mail client and the mail server. I agree that a well-chosen mail client and a well-chosen browser are arguably equivalent from a security point of view. The issue that comes to mind though is that your DE access point of choice might not offer a well-chosen browser.
[Crypto and DE, The Life and Times of Robert W. Martin. October 2, 2007]
Upon reflection, I missed a jarringly crucial point because my analysis factored out threats that are common to both scenarios under discussion: forget the mail server, can you trust your access point? From keystroke loggers to corrupt Java virtual machines, the permutations of potential threats to your privacy and security at the access point are countless. Cryptography has great potential to protect your messages across untrusted networks, and even on untrusted mail/data servers, but the access point is your encryptor/decryptor! How can you rely on cryptography when your encryptor/decrypto cannot be trusted?

Perhaps you have already suggested the answer in your previous post, "Someone like Gmail could help assuage my fears and increase my level of trust with them if they offered an audit service." If we take this notion one step further, you could also have audited Internet cafes or even audited shared workstations at the office. This workstation audit could provide some assurance that the workstation is free of malware, has no hardware keystroke loggers installed, and that the browser(s) and OS seem to be standard and unmodified at a certain patch level.

Similarly, your idea of audited webmail servers, and by extension other servers as well, is brilliant. One can imagine webmail and remote storage firms providing audited personal information access logs, and submitting periodic security audits and operational audits which would be published by trustworthy auditors in the public domain for all to scrutinize. (Note: I have always felt that credit bureaus ought to operate this way as well, but that is another topic.)

How would this be done? Who would the auditors be? Is there enough market pressure to compel webmail firms to submit to these invasive audits?

Photo by: michele pedrolli

5.10.07

Internet safety in Islands Business magazine


New to this blog? Why not subscribe to its feed or sign up for free email updates?


The October issue of Islands Business carries a very good cover story on Internet safety in the Pacific. There are some excellent comments from Rajnesh Singh, president of PICISOC:

"What is required in the Pacific is a structured user-education and awareness programme," said Rajnesh Singh, parent, IT specialist and chairman of the Pacific Islands Chapter of the Internet Society (PICISOC), a network of individuals interested in the development of the Internet in the Pacific islands. "At the PICISOC annual conference, PacINET, we have run Internet safety sessions in the past and these continue to be a common theme in recent conferences."

"Many (non-Pacific) countries have set up rather successful Internet safety groups which have done much to educate users on the dangers that exist and actions that can be followed to counter them. With the continuing proliferation of the Internet in the Pacific, we perhaps need to do the same, not as governmental 'control' but as a multi-stakeholder group initiative supported by governments."

Singh further suggested the review of computer/ICT curriculum in schools in the early stages so Internet safety issues can be covered.
[Cover story: the net and children, Islands Business, October, 2007]
There are also a few quotes from my recent Internet safety post such as the steps to creating an Internet safe home:
On dfiji.blogspot.com, the blogger Hammond-Thrasher offered a simple programme for Pacific parents to follow to help them supervise their children’s online activities—
  • Step One: Choose a location for the family computer where you spend a lot of time, such as the kitchen or the TV room. Face the computer screen so that you can keep an eye on what is going on.
  • Step Two: Spend time online with your child. Find a few minutes every day to sit down with your children and surf a sports website, see what’s new on Hi5, type a letter to a relative, organise family photographs online, or update the family blog.
  • Step Three: Talk to your children about their online activities. Talk about the dangers they need to watch out for—use foreign news reports of online crimes involving children.
Credit to Dionisia Tabureguci and Islands Business for dragging this important issue into the light. Now I ask this question, how can we create a long-lasting Internet safety program in Fiji?
Photo by: djringer

4.10.07

Shed a tear for WFC


New to this blog? Why not subscribe to its feed or sign up for free email updates?


Big news in the Fiji blogoshere, notorious anti-government blog Why Fiji's Crying is offline. The Wordpress notice claims that the site was taken down by the authors. According to the metablog site technorati, the last post on WFC was approximately 48 days ago. There are no signs that this is an act of Internet censorship, although conspiracy theories abound.

If you are feeling nostalgic or just wondering what exactly RFC was, there are a few pages captured on the Internet Archive Way Back Machine. I have also written critically about WFC on at least one occasion.

Photo by: a short in the dark

25.9.07

webmail and low bandwidth DE


New to this blog? Why not subscribe to its feed or sign up for free email updates?


In my last blog2blog post to Robert W Martin, I asked him to explain why he wants to live his life online without needing his own equipment - something he calls digital existence.

You gave a pretty decent answer, Rob. For me, one of the most powerful motives for seeking digital existence is that it is now technically conceivable to overcome the security concerns inherent in hardware independence. This point was hammered home by your comment on your experience with electronic health records. If Alberta Health and Wellness can provide secure remote access to legally protected patient records, certainly it is possible to provide secure (or at least secure enough) remote access to my CV drafts, letters to the power company, and weiqi game records?

Digital existence has a different attraction in the South Pacific. If I had to characterize computer use in this part of the world it would be as follows:

  • There is a large cohort of older, wealthy, professionals who are heavy Internet users at home and at work; they can afford the high price of connectivity
  • There is a larger cohort of young users who have very little disposable income
  • This younger cohort are primarily unsophisticated but passionate users of low bandwidth social computing - hi5, bebo, facebook, free sms gateways to local mobile phone companies, and photo sharing sites
  • This younger cohort would love to share files and video as well, but the slow and/or expensive connections in the region make this impractical - you can almost hear a chant of I want my youtube
  • This younger cohort does not own their own computers nor do they typically have Internet connections at home - they rely on Internet cafés, computer labs at educational institutions, and their workplace to get online
In short, 20-somethings in the South Pacific are living low-bandwidth digital existence right now. However, they are doing so with very little understanding if the privacy and security ramifications of their activities.

So, with that, time for some the paranoia. When we started this, you asked, "can you really trust webmail?" A great question. Let's examine this with a little differential risk analysis. If you were going to send me an email, the list of locations where your message falls under threat would be as follows:
    The traditional POP3/IMAP (i.e. Outlook Express) scenario:
    Rob's POP3/IMAP client, Rob's PC, Rob's LAN, Internet, Rob's mail server, followed by the Internet again and then into an area influenced by my email choices.
And the webmail scenario looks like this:
    The webmail (i.e. gmail, yahoo, or hotmail) scenario:
    Rob's browser, Rob's PC. Rob's LAN, Internet, Rob's webmail host, followed by the Internet again and then into an area influenced by my email choices.
Let's agree that the risks inherent in your message traversing your PC, your (possibly wireless) LAN, the Internet, and my email-sphere-of-influence are common to both scenarios and mention them no further. Let's focus on the two legs of the journey that differ:
  • POP3/IMAP client vs. browser
  • the POP3/IMAP/SMTP mail server vs. the webmail server (which includes SMTP of course)
Looking at the clients, I think a well chosen mail client is no more or less secure than a well chosen browser. Both can operate with or without SSL/TLS (if supported by the server), both can render HTML and can execute Javascript, and both are extendible with various privacy and security enhancing plug-ins. They differ in that the mail client saves all of your mail on a local drive, which is great if you are the only user or a machine but terrible if the machine is used by multiple users. I suppose you could rig your mail client to store your mail on a removable device.

The browser, on the other hand, will often write some or all of your webmail fetched mail to cache - especially on a shared computer where you do not control the settings . Even once the cache is cleared, your mail may linger until some cryptographic disk wiping takes place, unless you cache to a removable device. Also, your browser would be vulnerable to session hijacking attacks that would not impact a mail client. For machine independent secure emailing, a thumb drive mounted mail client and a thumb drive mounted browser (see xb browser) are probably equally good, but having a thumb drive feels like cheating when the point was to have no hardware of your own. If you disallow thumb drives, the browser seems to come out ahead in the digital existence balance.

Looking at the servers, both traditional POP3/IMAP/SMTP servers and webmail server's can archive some or all of your email after it has been sent or received, including messages that you have deleted. Perhaps the difference is that webmail servers are guaranteed to have a copy of all of your mail, and it will be all indexed and ready for searching by:
  • you
  • any data mining software
  • any advertising (think gmail) software
  • any unscrupulous sysadmin
  • any criminal who gains access to this juicy repository of information
  • any government agent with a warrant (Patriot Act or otherwise)
Still the use from anywhere nature of webmail is invaluable to the goal of digital existence. So the conversation naturally moves towards cryptography...

Photo by: nico.cavallotto

20.9.07

Debating digital existence


New to this blog? Why not subscribe to its feed or sign up for free email updates?


My buddy Robert W Martin (not the guy in the picture) wants to live his life online. But he wants to do it without owning any of his own hardware. To readers in Fiji, this may sound like a yaqona induced fantasy, but Rob lives in a large city in Canada. For about CDN$40 (FJ$60) per month, he gets a connection at home at a speed of about 512kb/s, up and down, with no practical usage limit. At work, his connection may be as fast as 1Mb/s and similarly fast connections are available at numerous Internet cafes for anywhere from free to CDN$5 (FJ$7.50) per hour, not to mention various mobile networking options with various speeds and prices.

With affordable and fast connectivity like this, all he needs to do is get a free webmail account, an online office application service like Google Docs, a file vault, maybe a photo hosting site, and then a bunch of IM and P2P accounts and he's set, right? But here's the problem, like most security professionals, he's paranoid.

He calls his quest the search for digital existence:

This means not having a computer of my own. No desktop, no laptop, not even a wifi-connected smartphone. I want to exist online and experience the richness of the web without having to own any hardware. My access will be through public access terminals and Internet cafes, and by borrowing bandwidth from work, friends and family.[Digital existence revisited, The life and times of Robert W Martin]
Rob has invited me to hammer through some of the difficult questions with him in a blog2blog conversation.

Rob, you suggested that we address these questions:
  • Can you really trust webmail?
  • Do you really want your files hosted online?
  • How much encryption do you need?
  • Do you need your own access device (keyboard, computer, PDA, etc.) or can you trust public computers?
Good ideas, but first I want to know why. Why do you want to live on the net without your own hardware? Why do you want digital existence?

Photo by: Cayusa

19.9.07

Koha library system live in Samoa


New to this blog? Why not subscribe to its feed or sign up for free email updates?


My blogging has been interrupted recently by some development work in Samoa. Here is an announcement of the fruit of my labours. I hope to write up my experiences over the next few days into a story of a high tech development project in the South Pacific - a roller-coaster ride that almost goes off the rails!

September 18, 2007
Dear UNESCO Apia colleagues, Pacific Libraries, and UNESCO National Commissions

The UNESCO Apia Communication & Information Sector would like to invite you to preview the new website for the Samoa Nelson Memorial Public Library.

The temporary website address is: http://202.4.48.191/ (the final address will be http://www.???.ws)

The website is based on the full-featured Koha Library Management System (LMS) that allows for the online publication of the Nelson Library’s entire catalogue of 40,000+ titles including an extensive Pacific collection. In future, members will be able to reserve titles online.

Basic Google/online searches on Samoa/Pacific publications will highlight the Library’s website significantly increasing the awareness of the titles and knowledge contained at the Library, increasing physical and virtual visits and academic collaboration, and very importantly identifying and highlighting rare and valuable titles.

It is the Vision of the CI Sector to empower Pacific Islanders with ICT skills to access, create, preserve and share knowledge. The development of viable, dynamic websites for National Libraries is a key result area for the Sector.

Libraries possess an immeasurable wealth of knowledge especially on the Pacific and it is critical that the knowledge is made available online, that capacity building and support is provided to library staff for sustainability, and that the Library website is widely promoted for awareness, use of the knowledge and continual development of the Library.

The Sector deployed Koha for the Cook Islands National Library in 2006 and we hope to deploy Koha for at least 1 PIC National Library per year focusing on LDC and vulnerable member states.

We would greatly appreciate your comments.

Regards,
Abel Caine

Adviser for Communication & Information
UNESCO Office for the Pacific States
PO Box 615
Apia, Samoa

7.9.07

Is blogging a dead issue in Fiji?


New to this blog? Why not subscribe to its feed or sign up for free email updates?


I have had a lot of fun blogging about blogging in Fiji. (You can relive all dfiji blog blogging here!) It is fascinating for me to see the interplay of blogs, Fiji's military, and the anti-interim-government movement. Now that we have returned to martial law for the second time this year, I am wondering if blogs will re-emerge as a major political issue?

  • Will any "big name" renegade bloggers get caught?
  • Will the anti-military blogs return to inciting violence?
  • Will the truly pro-democracy anonymous bloggers denounce their anti-democratic anonymous compatriots, or will they remain united against a common foe?
  • Will the government actively block any blogs?
  • Will opposition to the interim government take root in other online forums such as Facebook or Hi5?
It will be interesting to see what transpires - in between watching rugby matches, of course.
Photo by: Elena!

1.9.07

The blessings of digital silence


New to this blog? Why not subscribe to its feed or sign up for free email updates?


Other than being he home to the Banded Iguana, one of the facts about Fiji is relative digital isolation. If you work on the USP Laucala campus, you've got a pretty fast connection but at the cost of serious usage limits - proxied web connections, blocked ports, content filtering, etc. If you are a wealthy individual or organization, you can procure enough bandwidth in Fiji to make your cousins in neighboring island nations blush. But it is not possible (or at least practical) to get the kind of affordable residential broadband here that has made YouTube a household word and daily pass-time in households in North America, Europe, and South and East Asia.

Internet access in Fiji is also severely constrained by geography. Once you leave the urban centres, your options for access rapidly diminish until you are eventually left with the PC in the lobby of the nearest FJ$500 a night resort as your last uh... resort.

Still, it is refreshing to take a break from the piles of emails, rss feeds, online games, and carpal tunnel syndrome and spend some time in non-virtual reality and interact with other entities without mediation by the TCP/IP protocol suite. It's actually pretty nice.

Back in a few days...



Photos by amkhoslaand YXO

27.8.07

Fiji geek t-shirts


New to this blog? Why not subscribe to its feed or sign up for free email updates?

Every geek subculture needs its own iconic gear - and Fiji's geeks should not be left out. Below are Digital Fiji's ideas for our new age of ICT attire. If you like these, we'll figure out a way to get them made locally.

Fans of the classic American "got milk?" advertising campaign followed by the thinkgeek "got root" t-shirt will appreciate the localized version below.




But if alliteration is more your thing, you will like this one.




Another localization of a timeless geek classic! If you cannot get enough of "all your base are belong to us", you will really like this fijified version complete with a little local txt speak.




We all know that food safety is not everything that it could be in Fiji, that's why those who stumble out of the nightclubs for a dalo, chop, and sausage with an egg on top deserve this badge of honor.




Digital Fiji is proud to keep it real. Now you can tell the world that you stand by your words too - even if you keep three or four anonymous accounts just in case!




The boys at Failed Paradise did not think this would catch on as Fiji's geek catch phrase, but I am still campaigning for it!

22.8.07

Security and Pacific technology policy


New to this blog? Why not subscribe to its feed or sign up for free email updates?

The following is derived from my workshop on Information Security at PacINET 2007. My slides are available on SlideShare.

Historically speaking, information security is not new. There is evidence of people protecting and, of course, attacking information, information systems, and the flow of information in all cultures as far back as there is a written record. If we take early missionary accounts in Fiji, for example, we find that access to spiritual information was a closely protected monopoly of a priestly class. The confidentiality, integrity, and availability of information from the world beyond – which included extremely valuable information about the weather, the future, the correct course of action, the afterlife, and many other things – was strictly limited to established priests who held a close relationship with the local chief.

However, even pre-European-contact Fiji had its hackers. Living at the fringes of Vitian society were (and still are in remote areas) medicine men and witches who could also tap into spiritual information. Their status as relative social outsiders made them either an enemy or a counter-balance to the priestly information monopoly. Some witches and medicine men could even hack (I mean, influence) the spiritual world and alter the confidentiality, integrity, or availability of information available to priests by counteracting the priestly influence on the divine or by uttering counter-prophecies.

In European culture, information security has a solidly military origin dating back, at least, to Julius Caesar's encrypted military communications. What is commonly termed information security today is really the defensive aspect of information warfare – that is, the part of information warfare that is concerned with protecting information assets.

Of course, with the rise of the personal computer and the Internet in more recent history, information security has become much more than a military concern. With the growth of the so-called information economy has come an equal and predicable growth of information crime, leading to some staggering statistics including a 2005 estimate that the cost of computer crime in the USA exceeded the size of the combined economies of all the nations in the South Pacific.

I have been quoted in the past as saying that despite all of the fascinating mathematics and technology that underly modern infosec, information security is fundamentally about people. Certainly no one likes to have money stolen from them, but increasingly information security is about our privacy, our public personae, our collective identities, and even our fundamental rights. Fiji's anti-government bloggers are only able to voice their opinions due to the security mechanisms provided by their blog hosts which assure their anonymity. Whatever you think of their opinions, they are one of the few voices of opposition to Fiji's interim regime and are undoubtedly playing a role in shaping the future of Fiji and the region. Only time will tell how large or small that role is.

Still, anonymous political activists everywhere should carefully follow the recent behavior of America's Internet giants, as they are not always on your side. The most striking example is the case of the activist Shi Tao who was essentially handed over to Chinese authorities by US-based Yahoo. Yahoo, and many other international firms, have agreed to cooperate with Chinese authorities – even at the expense of their individual customers – in order to gain access to the immense Chinese market.

Information security even has a role in protecting the function of entire nations. Take the case of Estonia, a small former Soviet republic on the coast of the Baltic Sea with a population of around 1.3 million people. In May this year, Estonia moved a certain Russian war memorial to a location more desirable to Estonians, which enraged many Russian nationals living both in and out of Estonia. Soon, blogs were posting instructions on how to wage a denial of service attack against Estonian institutions, and a little while later, this attack was in full swing. Numerous government and financial sector systems across the tiny maritime nation were brought to a stand still and international experts had to be flown in to curb what some described as an Internet riot. Should this story concern other, perhaps more tropical, small maritime nations who are rushing to get their citizens and institutions online? The answer is absolutely “yes”.

Still, one of the largest challenges facing information security today is the heady combination of social engineering and user ignorance. Many computer criminals have discovered that hacking just does not pay off as well as simply fooling people into giving up either their money (to help move funds out of Nigeria to help a poor window, for example) or enough information to get to their money. Wide spread user naiveté is widespread in the South Pacific. I have never received so many chain emails from friends and acquaintances since I came to Fiji – and I was part of the first wave of naive Internet users in Canada!

Technology policy makers in the South Pacific should indeed be worried by all of this. By joining the global information economy, the region is embarking on an enterprise that is as fraught with danger and as ripe with rewards as the great Pacific migrations of days past. Fortunately, it is not necessary to sail the seas blind – technology policy navigators need only look across the ocean to the experiences of other more wired nations to see what problems to expect and which solutions will be effective.

Photo by: bhikku

13.8.07

The Pacific Internet Conference commences


New to this blog? Why not subscribe to its feed or sign up for free email updates?

PacINET 2007 is underway in Honiara. I will be conducting a full-day workshop on Information Security on August 21st. The following press release makes it sound exciting - I am looking forward to it! (Due to unfortunate funding realities, I will only be attending the second half of the conference.)

PacINET 2007 NEWS

Sunday, 13 August 2007

Hundreds gather in Honiara for leading Pacific ICT meet

Some 200 local, regional and international delegates are expected in the Solomon Islands this week for PacINET 2007.

PacINET is the annual gathering of Information and Communications Technologies (ICT) experts organised by the Pacific Islands Chapter of the Internet Society (PICISOC).

The meeting is being held this year at the Forum Fisheries Agency (FFA) conference centre in Honiara, Solomon Islands, from the 15th to 21st August 2007, with the theme ‘National ICT Strategy Building.

“We have a record number of participants pre-registered to PacINET this year,” says PICISOC Chair, Rajnesh Singh.

“It is very encouraging to witness the development of ICTs in the Pacific increasingly becoming a priority, as reflected by the meeting’s participation, as well as by the range of pertinent issues to be covered by our agenda.”

PICISOC is an active chapter of Internet Society (ISOC), covering 22 Pacific island states and territories with a membership of over 400 individuals across the region. ISOC is a professional membership organisation with around 100 organisational and over 26,000 individual members in more than 180 countries.

Guest speakers at PacINET 2007 include John Crain, ICANN CTO and Dr Jimmie Rogers, Director General of the Secretariat of the Pacific Community (SPC). Dr Vinton G. Cerf , considered one of the fathers of the Internet and Vice President at Google, has also prepared a keynote message to participants via video.

A Pacific ICT Regulators’ Summit will be convened tomorrow (14th August) preceding the conference, supported by the Pacific Islands Forum Secretariat.

“It will be an opportunity for the overseas speakers to exchange information with the region’s policy makers,” explains Mr Singh.

Also on the side of the conference will be an Asia Pacific Top Level Domains (APTLD) association meeting, and an IPv6 Forum (IPv6 is the next generation Internet).

The main conference is split in two strains - policy and technical - where workshops will be conducted providing training to participants.

Some 30 participants at PacINET 2007 were sponsored to the meeting by Pacific Internet Partners (PIP), Pacific Islands Applied Geoscience Commission (SOPAC) and the Pacific Islands Forum Secretariat.

Comments from participants of PacINET 2006, held in Apia, Samoa, follow:

"It was such a privilege to be chosen by the conference chairman to be part of a panel during the "Internet Censorship" forum especially when someone like Dr Vinton G. Cerf is in the room" - Andrew Moliware, VANUATU.

"This has been a great opportunity for the Cook Islands and for me, in my work, has come at a very good time as I am writing the policy for ICT in education for the Cook Islands. " - Alexis Wolfgramm, COOK ISLANDS.

"Meeting Dr. Vinton Cerf was a privile ge. His vision for the Internet and interest in its development in the Pacific Region is motivating. The simplicity with which he explained this vision makes it easier for Pacific Islanders to comprehend ;the future development of the Internet and how we can embrace the technology and utilize it to our advantage." Christina Kuper Wini, SOLOMON ISLANDS.

"My area of most interest is how computers can be used with people with disabilities thus the presentation 'a day in the life of a enabled pacific village' that Mr Don Hollander gave at the Conference was very informative and enlightening and most relevant." Mary Raui, COOK ISLANDS.

"Discussions on IPv6 sparked a new area of interest for me. Although, it does not relate to my specific area of duty the knowledge gained from the tutorial conducted by APNIC's Miwa Fuji has certainly help me to attain a better understanding of this issue and be aware of the implications IPv6 will have on ICT globally and also in the Pacific Region." Lynnold Misifea Wini, SOLOMON ISLANDS.

"I found my conversations with John Crain the CEO of ICANN about DNS management and the imminent arrival of IP6 very instructive. The depth and scope of issues like Net Neutrality were also new to me, something that Vint Cerf emphasised also during his keynote. The presence of Digicel, and their presentation on their 'aggressive marketing strategy' was also provocative. " Robert Whelan – FIJI.


(Ends)

For more information, visit www.picisoc.org.

Photo by: sprbert

10.8.07

FAVIA puts on uniform to fight DVD pirates


New to this blog? Why not subscribe to its feed or sign up for free email updates?


In January of this year I wrote about the Fiji Audio Visual Industry Association's (VAVIA) DVD piracy media campaign. One reporter likened it to Bainamarama's "clean up" campaign,

The Fiji Audio Visual Industry Association [FAVIA] has followed the military in its clean-up campaign by tracking down illegal suppliers of Digital Video Disc's (DVD) in its fight to curb piracy in the country.
["Audio body fights piracy", Fiji Times, January 15, 2007]
As I reported at the time, this parallel between the activities of FAVIA and the RFMF was drawn by the press and not by FAVIA. In the intervening months, however, FAVIA's opinion of itself seems to have grown, culminating in FAVIA's claim to have participated in two raids against DVD retailers at Fiji Showcase last month.
The Fiji Audio Visual Industry Association president, Chris Caine said they confiscated the DVDs with the help of the police, which had the authority to carry out such raids.
[DVD movies confiscated, Fiji Times, July 22, 2007]
Caine confirmed the joint FAVIA-police nature of this raid in a subsequent Fiji Times article published yesterday.

Exactly when did it become acceptable for industry associations to actively participate - arm in arm - with police on police operations? FAVIA can and should make complaints to the police, consult with the police, lobby the police, and even pay for copyright law training sessions for the police, but confiscating alleged contraband "with the help of police" is overstepping their role. Further, despite the fact that the police did obtain proper warrants before conducting these raids, these statements create the impression that the police are serving the audio visual industry rather than impartially enforcing the law of the land.

Expect to hear more from FAVIA in coming weeks. FAVIA president Chris Caine, owner of IMDVD, seems poised to continue taking a hard line in its ongoing fight against DVD piracy and has issued a warning to DVD vendors, festival organizers, and would-be DVD buyers at the upcoming Hibiscus Festival:
"I understand the same vendors plan on having stalls during the Hibiscus festival and people have to be made aware that they, as buyers, are just as liable as the seller of breaching the Copyright Act, and so are the organisers of the festival."
[Seized DVD needs expert opinion, Fiji Times, August 9, 2007]
It is undeniable that Fiji's marketplace is currently dominated by pirated DVDs, a situation that must be endlessly frustrating for vendors of legitimate DVDs such as Caine. What do you do when the law is on your side but the alternative market controls over 90% of volume and provides your product at a fraction of your cost? One day FAVIA may successfully lobby the AG and the police to improve copyright enforcement in Fiji - but how will they convince buyers to rent a DVD for $5 a day when they can buy it for $1? By arresting them (with police help) at the DVD stalls at the Hibiscus festival?

Photo by: Cayusa

1.8.07

The reality of free wireless in Niue


New to this blog? Why not subscribe to its feed or sign up for free email updates?


In addition to OLPC, community wireless has been a topic of discussion in "development ICT" on the Pacific Internet Society (PICISOC) mailing list recently. I was interested to read an announcement pointed out on the list that reported the success of a free wireless Internet project in Niue.

Thanks to International Communication Technology (ICT) small and remote nations are not so remote anymore. The introduction of free, wireless internet services to all in the tiny Polynesian nation of Niue has reshaped the lives of close to 2,000 people living on the island. The vice chairman of South Pacific Internet Services, Franck Martin, says that access to the internet has made everyday life for Niueans easier. "ICTs are crucial (in regards) to improving the quality of life and to drive growth in the whole economy. Free wireless internet had had a vast impact on development in government sectors and poverty reduction," said Mr Martin. "People waited for days to talk to their families and loved ones abroad as there were defaults in the telephone and fax lines. But with free internet services, they can get in touch with them in seconds," Mr Martin said.
[Free wireless network reshapes lives in Niue, Islands Business, as it appeared August 1, 2007]

When I read this, it felt a little hinky to me - it simply sounds too good to be true. A quick search showed that the claims of aiding nearly 2,000 are a little exaggerated. According to the CIA Factbook, the 2007 population of Niue is 1,492. This may be an innocent mistake, but I kept digging.

It turns out that - to my surprise, if not yours - that Niue's free wireless Internet was announced over four years ago. Note the quote from former PICISOC chair, Richard St. Clair.
The Internet Users Society - Niue (IUS-N), today announced that it has launched the world's first free nation-wide WiFi Internet access service on the Polynesian island-nation of Niue. This new free wireless service which can be accessed by all Niue residents, tourists, government offices and business travelers, is being provided at no cost to the public or local government.

"WiFi is the prefect fit for the Island of Niue, where harsh weather conditions of rain, lightning, salt water, and high humidity cause major problems with underground copper lines," said Richard St Clair, Co-Founder and Technical Manager at The Internet Users Society - Niue and Chairman, Pacific Island Chapter ISOC. "And since WiFi is a license free technology by International Agreement, no license is needed either by the provider or the user."
[Polynesian Island of Niue the First Free Wireless Nation; Wireless HotSpot Launched in South Pacific Island of Niue, Business Wire, June 23, 2003]

Again, this sounds great! Why can't we have this in Suva?

Then a PICISOC member from Niue chimed in with the following reality check:
Currently the only thing being reshaped regarding access to the internet is my figure as there is no public transport here and the internet cafe (which is not free and only open between the hours of 9-3 and closes for up to an hour for lunch) is located 10 kilometers away from my village (removed to protect the innocent) where we have neither a land line for dial up or a wifi connection. A point to note is the "free" part comes after the $1600 NZ dollars each that 2 families in our area have paid for their connection. There is also a $25 one off registration fee for those that are fortunate enough to have access to a wifi-location. I have been in discussion with the users society here, through our local internet cafe and have been referred to the .nu owner in America (?) about information in regarding wifi being installed in our village as a community/village project, but have yet to receive any feedback.

I agree that access to the internet has a "vast impact on development in government sectors and poverty reduction" - for those that are fortunate enough to have access.

So it is too good to be true. Unless someone from Niue or ICT can counter this analysis?

Photo by: moblog

27.7.07

Internet 101 for media professionals


New to this blog? Why not subscribe to its feed or sign up for free email updates?

PRESS RELEASE/INVITATION TO ALL EDITORS

Editors may be interested in sending their reporters to attend a two-hour workshop/crash course to learn about Internet and Internet-related issues.

Why?

Internet has no doubt become the way of communication in modern day civilisation. According to one source of global statistics, ( www.internetworldstats.com ), Internet usage in Oceania (including Australia) exploded by 142% between
2000 to March 2007.

In Fiji, growth in Internet usage between 2000-March 2007 was 833.3%. This means more and more people – your readers and audience - are going "on-line". It also means they are going to get exposed to Internet-related issues.

ARE YOU PREPARED TO REPORT ON CYBER CRIMES WHEN THEY HAPPEN?
OR TELL YOU READERS ABOUT VoIP, IPV6, INTERNET BANKING, ETC, ETC?

The Pacific Islands Chapter of the Internet Society (PICISOC) invites you to ATTEND "INTERNET 101 FOR MEDIA PROFESSIONALS", A TWO HOUR WORKSHOP, FREE OF CHARGE, for media people interested in covering Internet-related issues. Learn what is the Internet anyway and why it is changing the way we think and do business.

This Workshop will be on Wednesday 1st August 2007 at the Forum Secretariat Committee Room A, Suva, Fiji, from 10am to 12pm.

This workshop has the support of the Forum Secretariat and SOPAC.

RSVP: Mue Bentley, MueB(at)forumsec(dot)org(dot)fj, tel: 3312600, Franck Martin franck(at)sopac(dot)org

Photo by: [hdy]**

25.7.07

Fiji Rugby Blog hits Wordpress list


New to this blog? Why not subscribe to its feed or sign up for free email updates?


For the second time this month (see here for the first), a Fiji blog has hit one of the top 100 lists of the blogging giant Wordpress. On July 14, 2007, the Fiji Rugby Blog, brainchild of columnist Rusiate Mataika, appeared in the 35th position in the Growing Blogs list.

They are wedged between a Swedish blog and a blog advocating the abolition of wealth. The Fiji Times had this to say:

This is a remarkable achievement spurred by the creative juices of local sports writer Rusiate Mataika and internationally renowned but locally based web design firm Webmedia Fiji.
[Fiji rugby blog gains momentum, Fiji Times, July 20, 2007]
Keep up the great work, Rusi!

Let me also give a little praise here to one of Fiji's "oldest" and most prolific bloggers. Gilbert Veisamasama, Jr has been running two very active blogs since January of 2006:These two blogs are invaluable sources of information that is difficult to find elsewhere. Check them out!

Photo by: huygens

21.7.07

Internet safety - are your kids safe online?


New to this blog? Why not subscribe to its feed or sign up for free email updates?

The reality

Internet safety is not really a hot topic for parents and educators in Fiji - but it should be. Like the streets of Suva, the Internet is home to schools, galleries and museums, sports, silly fun, libraries, shops, and everyday people having everyday conversations. And also like the streets of Suva, the good things on the Internet share space with foul language, crime, violence, prostitution, and just plain bad people. While adults may fend for themselves on the mean streets online, children deserve and need the protection of their parents and educators.

One study carried out on Internet using girls in New Zealand in 2001 drew chilling conclusions.
The girls were age 11-19 and all living in New Zealand when they completed the survey.
  • 68.5% were using the Internet most days.
  • 33.5% have had a personal face-to-face meeting with someone they met on the Internet.
  • 60% had done at least one potentially unsafe behaviour. (35.5% gave out personal information e.g. address/phone no., 26.5% sent a photo of themselves to someone they met, and 14.5% had posted a picture of themselves on the Net.)
  • 95.5% use the Internet at home, yet 75% state that their use of the Internet at home is only occasionally (37.5%) or never (37.5%) monitored by an adult.
  • 44.5% use the Internet at school, yet 58% state that their use of the Internet at school is monitored only occasionally (28.5%) or never (29.5%) by an adult.
  • 22.5% report having felt unsafe or threatened while using the Internet (most commonly from sexual threats)."
[The Internet Safety Group, Girls on the net, 2001]
Understanding the dangers

Parents and educators need to be aware of the three classes of threats faced by children online.
  1. Content threats - Content threats involve children being exposed to inappropriate or undesirable information, images, or digital audio/video recordings online. Such content ranges from pornography, violence, culturally objectionable ideas, or just plain incorrect information. For example, a child searching for information on "galleries" for a school project will find nudity and pornography.
  2. Social threats - Social threats involve children being exposed to phishing attempts (attempts by online criminals to collect personal information about Internet users), the growing problem of cyber-bullying, or worst of all, online sexual predators. For example, adults have posed as children in chat rooms in order to gain children's trust.
  3. Technical threats - Technical threats include inadvertently downloading computer viruses and spyware that can harm your computer and your data, leak personal information to online criminals, or allow criminals to take over your machine. For example, some computer viruses allow attackers to take control of your computer including reading all of your files and emails.
The solution

There are many software packages available claiming to keep kids safe (see here for a partial list), and parents and educators should utilize these as appropriate. However, and I cannot emphasize this too much, there is no substitute for a combination of supervision, education, and "street smarts".
  • Supervision - Supervised kids are safe kids. Parents should be actively involved in their children's Internet usage. See my three step home Internet safety program below.
  • Computer literacy - While a degree in Computing Science is not necessary, a fundamental understanding of computers, mobile phones, and the Internet can help children, parents, and teachers avoid many basic problems online. These would include: not visiting untrusted websites, not downloading files from untrusted sources, not opening email attachments from untrusted sources, not plugging your USB stick into untrusted computers, keeping your computer up-to-date with software patches, and operating and updating your anti-virus software, to name just a few fundamentals.
  • Information literacy - Information literacy refers to your ability locate information online, navigate to it, and ultimately evaluate its usefulness. This is a subtle skill that allows children and adults alike to see the difference between a fact and an opinion online, compare the information in two similar websites, understand the difference between a real person and a Hi5 persona, and how to find an expert on a subject. Information literacy also includes understanding how information can be properly used in order to avoid violating copyright law and charges of plagiarism at school.
  • Online street-smarts - Just as kids can learn to react safely to the pitfalls of urban living, parents and teachers can prepare children to react safely to the dangers of the Internet. Once shown how, even young children can identify chain letters, spam email, and even most common phishing scams. See my three rules of online street smarts below.

Further reading
Fortunately, the Internet is rich with resources on Internet safety. Here are few places to start:
  • NetSafe (http://www.netsafe.org.nz/) A New Zealand non-profit organization dedicated to providing Internet safety education.
  • The Family Online Safety Institute (http://www.fosi.org/) An international organization focused on Internet safety. FOSI manages a self-regulated Internet content filtering scheme formerly known as The Internet Content Rating Association.
  • i-SAFE Inc. (http://www.isafe.org/) A US organization promoting and coordinating a variety of Internet safety activities.


Photo by: richardmasoner