Computer underground Digest Tue July 6 1999 Volume 11 : Issue 31

Computer underground Digest    Tue  6 July, 1999   Volume 11 : Issue 31
                           ISSN  1004-042X

       Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
       News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
       Archivist: Brendan Kehoe
       Croupy Editor:       Etaion Shrdlu, III
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Cu Digest Homepage: http://www.soci.niu.edu/~cudigest

CONTENTS, #11.31 (Tue, 6 July, 1999)

File 1--Last of the "Third Voice" posts and clearing out the backlog
File 2--Third Voice - a few comments...
File 3--Third Voice, was Re: Web Sites Defaced; Webmasters Unaware
File 4--Re: Third Voice - a response
File 5--Re: Cu Digest #11.26, Weds 8 June 99
File 6--Third Voice and CritLink just providing long-needed balance.
File 7--Why use "Third Voice?" (from the website)
File 8--Cu Digest Header Info (unchanged since 10 Jan, 1999)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
   TO UNSUB OR CHANGE ADDRESS, SEE ADMINISTRAVIA IN CONCLUDING FILE

---------------------------------------------------------------------

Date: Wed, 07 Jul 99 22:24 CDT
From: Cu Digest Moderators 
Subject: File 1--Last of the "Third Voice" posts and clearing out the backlog

This issue clears the backlog of selected posts received last
month in response to the Third Voice commentary. Barrying

Because of the long hiatus between CuD issues in June,
a number of posts have been discarded either because they
are no long timely or because the backlog of posts required
some ruthless pruning. We apologize to contributors who
fell between the cracks.

------------------------------

Date: Wed, 9 Jun 1999 10:58:33 -0400 (EDT)
From: DTR 
Subject: File 2--Third Voice - a few comments...

Well I have been reading cudigest for a while now and I must say I've
become quite accustomed to seeing high quality relevant articles or issues
brought to light.  You will understand my disappointment then when I came
across an article in #11.26 titled
"Web Sites Defaced; Webmasters Unaware; Can't Stop It"

Wow.  What can I say.  This is such a piece of BS it's not even funny.
The author goes on to describe this terrible doomsday scenario whereby all
sorts of websites will be defaced without their owners consent or
knowledge.  In addition apparently we should all be worried that certain
hate groups will get online and try to spread their propoganda while
making fun of group X.

HELLO?

For one thing, never at ANY time is the original material altered in any
way.  Sure someone can mess around with a *COPY* of the material, JUST
LIKE THEY HAVE BEEN ABLE TO DO ALL ALONG.  You want to make fun of
whitehouse.gov?  Get a geocities page and store your spoofed copy.  Tell
your friends... haha, great fun.
In addition, in case the author of the article hasnt noticed, hate groups
are ALREADY present on the www.  What a big surprise - they know how to
use computers too.

Honestly.... how many people and/or companies are going to support a
product that serves up spoofed pages saying "NIGGAZ MUST DIE" or "GOD
HATES FAGS"????  If what the author predicts comes to pass then this
product will implode due to its uselessness and lack of information.

I have read enough y2k and virii doomsday stories that are pure BS but I
never expected this type of thing from such a reliable source as cudigest.
Please take more care in the future to edit this sort of useless drivel
out.

------------------------------

From: Wes_Morgan@DATABEAM.COM
Date: Wed, 9 Jun 1999 10:54:51 -0400
Subject: File 3--Third Voice, was Re: Web Sites Defaced; Webmasters Unaware

Patrick Townson wrote:
=From--TELECOM Digest Editor 
=Subject--Web Sites Defaced; Webmasters Unaware; Can't Stop It
= [...]
=What would you say if I told you there was now software available
=and being distributed which allows users to change the contents of
=a web site, adding their own remarks to it as desired,

I wouldn't say that they are "changing the contents," but that they are
annotating the page.  The use of Third Voice does nothing to your web
site/pages proper.

=and that
=there was *no way* the webmaster was able to prevent it; in fact
=the webmaster might not even be aware it was happening?

No argument on these points.

=Their browser application lets you mark up any web site you visit with
=your own commentary, anywhere on the page you feel like. *Your copy*
=of the page is then stored on a server at Third Voice.

My observations contradict this statement.  I've made specific tests of
Third Voice with a network capture/analysis.  As far as I can see, the
Third Voice client sends the following information to the Third Voice
server:

* The URL of the page being annotated
* The "anchor text" to which the annotation is attached (selected by the
end user)
* The text of the annotation/note

I see no other content being sent to the Third Voice server.

=Anytime you set your browser to some URL, a search is
=made of the server at Third Voice at the same time ...

True - the search key is the (encrypted) URL.

=if a copy of the page is found at Third Voice, then
=**that copy is sent to you instead of the one at the
=actual web site** and what you see is the marked up
=copy by whoever did it.

>From observed traffic, this does not seem to be the case.  The Third Voice
server returns the "anchor text" and the note text.  If the "anchor text"
is still present on the page, the page is displayed with a small "marker"
inserted immediately before the "anchor text."  I have not seen any other
page content served from the Third Voice server.

=If Third Voice does not have a copy of the page on file, then they
=just let you take the webmaster's actual copy instead, and they copy
=it from you.

Again, observed traffic data does not support this assertion.

=If it [the TV client - wm] finds a copy at Third Voice,
=then that is the copy you receive, however defaced or
=marked up it may be by the time you get around to looking
=at it.

This does not seem to be the case.  Thinking technically, it doesn't make
sense to store the entire page to anchor one note to one word/phrase/image;
the storage costs alone would be prohibitive!

=Third Voice users will have sort of their own
='secret club'; they will see a web site with
=whatever comments and remarks, however crude
=or ignorant they may be, which were embedded there
=by other Third Voice users. Everyone else just
=stays in the dark about it.

Defining a "secret club" as a membership of "anyone who loads the plugin"
seems inherently contradictory.

=   1. Your page gets marked up by users with their own commentaries
=      and you cannot stop them from doing it;

Why is this a bad thing?  I've already learned quite a few good things via
Third Voice (commentaries on bad sales/support experiences, hardware
compatibility notes from Linux users, "responsible opposing viewpoints" on
political sites, etc.)  Is there noise?  Sure.  Does it still have value?
Absolutely.

=   2. You cannot see what they did unless you use the Third Voice
=      browser application to 'review' their work, and even if you
=      do see it you are helpless to stop it.

This is accurate.  Personally, I think that TV should provide a service by
which a webmaster could simply enter their URL(s) and see a list of notes
tied to their page(s).  This capability already exists at the user level
(TV users can go to www.thirdvoice.com and obtain a list of their
group/public notes), so it shouldn't be too difficult to set up an overall
per-page query.  I've just suggested this to thirdvoice via their feedback
address .

=   3. User asks for your page, but gets it served from the cgi-bin
=      or whatever of Third Voice instead.

>From my observations, this seems inaccurate.  I have seen *no* page
content, other than the "anchor text" mentioned above, sent from the Third
Voice server.

=According to Third Voice, they will check to see if you changed your
=page or not before sending their copy of it. If your page is newer,
=then your copy will be the one delivered. This is necessary since they
=want to make certain that user 'commentaries' about your site stay in
=the same place on the screen where the user originally put them, etc.

>From whom at Third Voice were you told this?  I've read their entire site,
and I don't see anything close to this assertion.  From what I've seen, the
TV client submits the URL, receives the "anchor text" and note text, and
does the "is the anchor still there" test *on your local browser*,
rewriting the page 'on the fly' to add note markers for those notes whose
anchors are still on the page.  Notes whose anchor text is no longer on the
page are available, but are listed as "unattached" and do not display note
markers.

=I guess you could sub-title this, 'Users get revenge on webmasters
=by marking up their sites for all other users to see', and I have a
=feeling a few people are going to say that this is taking the
=concept of 'free speech' just a bit too far.

How so?  At worst, this could be characterized as digital graffiti;
however, it should be noted that no changes are made to your actual web
page (i.e. the HTML source on your machine is not compromised); instead,
each user is customizing *their view* of your page by using the Third Voice
server.  This would seem to negate any trespass/defacement argument.  If we
turn to a copyright/derivative-work argument (disclaimer: I am not an
attorney, but have discussed ThirdVoice with several attorneys),
modifications for personal/individual use fall under the 'fair use'
exception of the Copyright Act.  I'm wondering what actual harm/damage is
being done by the technology itself.

=Third Voice users will be anonymous. The only registration required
=to get your free browser application is by going to their web site
=and giving them some name and email address, of someone, somewhere,
=and maybe you are not a very good typist and got the address wrong.

This is a concern, especially in light of recent legal activity concerning
Yahoo! discussion boards, ISPs subpoenaed for user identification, and the
like.  I'm not sure that Third Voice would survive a 'due diligence' test,
if it ever came down to brass tacks.

=Enter a name and email address, download your free software on the
=spot, install it on your browser (a simple job which takes five
=minutes or less total) and get busy defacing the web sites of your
=choice so that other passers-by can see and appreciate your work.

Even with this lack of identification/authentication, I'm not sure that the
argument will stand a test.  Anonymous speech has a long history of
protection in the US.  It will be interesting to see how this plays out in
international jurisdictions.

=       An anti-abortion web site is visited in large numbers by
=       pro-choice people who completely render the site useless
=       for its intended audience.

I'm going to point out the obvious fix - toggle Third Voice on/off as
necessary.  I do this all the time, especially when using search engines.
Once I narrow my search to a few highly relevant sites, I'll turn TV back
on to see if anyone has annotated the site.  It's a 2-second action to
toggle TV - a right-click in the browser window, select "Toggle Third Voice
On/Off," confirm, and it's off.

=       Ditto in reverse of course; some anti-abortion people are
=       as hateful and mean-spirited as you can find anywhere.

So making the same tool available to all simply levels the playing field?

=       Sites which are usually family-oriented discover suddenly
=       they have become x-rated based on pornographic comments
=       added to their pages.

I'll readily admit that parents should be concerned with their children's
potential use of Third Voice.  I wouldn't recommend it to kids; then,
again, there are quite a few online resources that I wouldn't recommend to
kids.

=       Anti-government extremists should have a great time with
=       whitehouse.gov and other federal agency web sites.

A quick look at  reveals 12 Third Voice notes on
the home page, ranging from activist (comment on Gore 2000 and Milosevic)
to irrelevant (an ad for the latest version of ICQ) to inappropriate
(sex/Monica jokes).

=       Of course, editors and columnists at {New York Times}
=       are likely to go spastic when they find out how free
=       speech really works, and discover 'editorials from the
=       people' written all over their web site.

Personally, I hope that an entity like the NYT *does* bring a suit against
Third Voice.  Even reading the charges would be interesting; I'm having a
difficult time thinking of charges that wouldn't be dismissed on first
examination.

=So anyway, for further reading on this latest challenge to the
=net, take a look at:
=
=       http://www.wired.com/news/news/technology/story/19722.html

Actually, you should read this article with Third Voice installed and
enabled; there are some excellent TV comments to be read.

=Is there anything at all webmasters can do to prevent this desecration
=of their sites? Not a lot; it seems now it is the users' turn to
=abuse the webmaster rather than the other way around, if news reports
=are to be believed.

Any tool can be abused.  While I have certainly seen some distasteful TV
comments, the signal-to-noise ratio has been excellent to date.  The Wired
article mentions that TV wants users to report notes with "inappropriate
content," and states that TV will remove such notes.  A TV user suggested
(in a note, obviously) that TV should consider moderation, along the lines
of that practiced by slashdot.org.

=If the Third Voice server does not find your page
=exactly the way it was the last time it looked, my
=understanding is it will not serve up its bastardized
=version.

My observations seem to indicate that the TV client simply retrieves the
"anchor text" and looks for that.  If I anchor a note to, say, your
navigation panel, you'll be hardpressed to do anything about it.

=Also, the Third Voice browser application may be sending out
=its own navigator.strings, i.e. identifying itself, but I do not
=know that for sure.

It does not.  The webserver only sees the user's browser identifying itself
as IE 4.  The TV plugin doesn't contact the web site; rather, it contacts
the TV server, picks up the notes, and merges the notes with the content
received from the website.

=If they send a transparent overlay of
=just things users have done to the page,

In my observations, this is exactly what happens; it's important to note,
however, that the "overlay" is done by your local broswer/client, not the
TV server proper, thus bringing into the legal realm of personal use.

=you cannot very well get them on copyright
=violations, nor can you get them for mis-
=representing your page and your work

I believe that you're right on target here.

=Anyway webmasters, pass the word around, and get yourself a copy of
=the Third Voice browser application so that if nothing else you can
=see what they are saying about you behind your back. Users started
=picking up the patch as of last weekend.

If this sort of "user annotation" is a concern, you should also visit
, which has been doing the exact same thing (albeit
with a more cumbersome process) for quite some time.

--Wes

------------------------------

Date: Wed, 9 Jun 1999 09:19:15 -0700 (PDT)
From: "J. M. Lassen" 
Subject: File 4--Re: Third Voice - a response

I find the concept of Third Voice very amusing, and not very threatening
-- After All, A user has to make the conscious descicion to
install third voice -- the article in Last issue's CuD made it sound as
if Microsoft was forcing all IE users to install this plug in.

If a user finds another browser's commentary annoying or distasteful, just
unplug third voice.  Web Masters should care less about this, because the
vast majority of their serious customers/viewers simply won't bother with
this plug in...  My own site may be 'bastardized' by my competitors and
hate groups, but I am confident that my customers (who make the
conscious descionsion to install Third Voice) will know that someone
that goes through the hassle of 'commenting' on my sight probably has an
agenda of some sort... Just as I have an agenda when I put my sight up.

oh wow... scary.  Free Speech. "Who is going to help all those poor dumb
endusers out there who can't tell the difference between my site and some
elses commentary about my site..."  Web Masters should avoid making the
same egocentric assumptions about their prodduct that editors at mass
media outlets have been making since the inception of the net.

------------------------------

Date: Wed, 09 Jun 1999 15:04:21 -0400
From: Joe Clark 
Subject: File 5--Re: Cu Digest #11.26, Weds 8 June 99

"Cu Digest (tk0jut2@mvs.cso.niu.edu)" wrote:

> USERS NOW CAN GO TO A WEB SITE, DEFACE THE PAGE SECRETLY, HAVE WHAT
> THEY DID VIEWABLE BY OTHER USERS, WITHOUT THE WEBMASTER EVEN KNOWING
> THAT IT HAPPENED, AND HELPLESS TO CORRECT IT OR STOP IT IN ANY EVENT!
>
> What would you say if I told you there was now software available
> and being distributed which allows users to change the contents of
> a web site, adding their own remarks to it as desired, and that

[snip]

> Their browser application lets you mark up any web site you visit with
> your own commentary, anywhere on the page you feel like. *Your copy*

[snip]

>    1. Your page gets marked up by users with their own commentaries
>       and you cannot stop them from doing it;

[snip]

I've been hearing about this app lately -- and, while still not sure how
I feel about it, I can't help thinking that inflammatory and possibly
misleading statements like the above can't much help the debate.

The websites I create are files stored on webservers.  Unless Third
Voice can hack the server, no one is writing anything "on my site",
anymore than a user who selects a different standard font in their
browser is changing my site.  They're not "changing the contents" of my
website or "marking it up" in any way, shape or form.

On the other hand, a more valid objection is that TV is in effect a
framed view of my site, adding secondary information I may not know
about or want.  I can see an objection based on that argument.

I can also see an objection that most users -- already clueless about,
say, the difference between Edit | Find and Search the Web -- won't know
(or care) that the TV comments aren't "part of" the site.

Yet the strident warnings I've seen push the "it will modify your site"
button hard.  Whassupwitdat?  I can't help thinking Milady doth protest
too much.  Madison Ave types worried that the type of info the Better
Business Bureau provides will now be even *closer* than a phone call
away?

Sure, I'd hate to think that somewhere out there someone's griping about
my site and I can't see it.  But that's no doubt ALREADY going on; I'm
probably on more than one "Check out this sucky page: " list of
links.  It's called public commentary.

Third Voice may be the latest Death of the Net: Film at Eleven, but
could we at least cut the inflammatory stuff?  Why not look hard at the
possibility of someone influencing, broadly, the tenor of website
commentary to influence web-clueless public opinion in negative ways?
For example: IE, CyberSitter, et cetera ad nauseum.

Joe

--
Joseph S. Clark              http://mailer.fsu.edu/~jsclark
   information architecture | usability | visual design

Office of Technology Integration * Florida State University

------------------------------

Date: 14 Jun 1999 17:04:21 GMT
From: peter@TARONGA.COM(Peter da Silva)
Subject: File 6--Third Voice and CritLink just providing long-needed balance.

>USERS NOW CAN GO TO A WEB SITE, DEFACE THE PAGE SECRETLY, HAVE WHAT
>THEY DID VIEWABLE BY OTHER USERS, WITHOUT THE WEBMASTER EVEN KNOWING
>THAT IT HAPPENED, AND HELPLESS TO CORRECT IT OR STOP IT IN ANY EVENT!

Users can now go to a web site and read published commentary about that site
without it being filtered through that site's spin doctors. The same openness
and public feedback that's been the norm on Usenet, and has made Usenet so
valuable, is now available on the web!

The original promise of Hypertext as envisioned by Vannevar Bush in 1945
is now finally available. I suppose that like every opportunity some people
will see it as a threat.

The first such service was CritLink, a web-based system funded by the
Foresight Institute, at http://crit.org/ . Third Voice, a plug-in only
available for Internet Explorer, is a relative newcomer.

You can see Vannevar Bush's original article in The Atlantic at
http://crit.org/http://www.theatlantic.com/unbound/flashbks/computer/bushf.htm
and my article explaining why I believe this is so important at
http://www.taronga.com/~peter/io/harlan.html .

>What would you say if I told you there was now software available
>and being distributed which allows users to change the contents of
>a web site, adding their own remarks to it as desired, and that
>there was *no way* the webmaster was able to prevent it; in fact
>the webmaster might not even be aware it was happening?

I'd say you're engaging in scare-mongering. Both Third Voice and CritSuite
simply maintain an external database of comments on web sites, that users
can voluntarily read. The web site itself is untouched.

>       An anti-abortion web site is visited in large numbers by
>       pro-choice people who completely render the site useless
>       for its intended audience.

If the user interface of Third Voice is that poorly implemented, then they
should be criticized for producing shoddy software. I can't use Third Voice,
but CritSuite certainly demonstrates that it's possibly to implement markup
without that problem.

In any case, a user can turn off Third Voice when they visit that site.

>Is there anything at all webmasters can do to prevent this desecration
>of their sites?

Generate your pages from a CGI which randomly reorganizes the page on each
fetch to make it harder for them to fit their markup in. Have multiple
versions of the page and cycle them through to get the same result. Block
the address of Third Voice's server from your web pages.

>The other thing you might be able to do is if Third Voice does indeed
>serve the actual page, and not just a 'transparent overlay' of user's
>remarks is copyright your page and forbid its being served from any
>location other than your own.

That's going to hurt web caches and anonymizer services.

------------------------------

Date: Sun, 13 Jun 1999 14:20:49 -0500 (CDT)
From: Jim Thomas 
Subject: File 7--Why use "Third Voice?" (from the website)

((CuD MODERATORS' NOTE: Belatedly, these will be the final
comments on Third Voice this go-'round. Here is an excerpt from
the Third Voice Web site that summarizes the utility of the
service)).

            Third Voice About Us Help Demo Why Use Third Voice?


Why use Third Voice?

   Here are just a few examples:

                                                           Download Now!

   News
     * Post thoughts about news articles.

   Education
     * Post their commentary on Web pages to underscore important
       elements in the text, to distinguish fact from opinion or to
       provide additional background information.

   Fun
     * Organize a treasure hunt on the Web; Post clues in notes hidden on
       Web pages.
     * Collect "signatures" from colleagues before sending off an
       electronic card to the recipient.

   Personal Productivity
     * Bookmark and annotate pages.
     * Save passwords for different Web services.

   Office Productivity
     * Share comments and analysis of vendor and competitor information
       found on the Web.
     * Use for group collaboration for Intranet pages.

   Business
     * Use client to increase traffic and stickiness by fostering
       discussions about content on your site.
     * Add helpful comments to companies' customer support materials.

   Shopping
     * Build a consumer's report, offering their own opinions about
       products and services.
     * Save order number or shipping information on e-commerce sites.

   Personal Finance
     * Record balance of online bank accounts, outstanding bills or
       mortgage information.

   Vacation Planning
     * When planning a vacation, ask other users for their travel tips to
       specific locations.
     * Create a group note to schedule flights, book hotels and set-up
       meeting times.

   Real Estate
     * On sites where users have posted they are looking to rent or buy
       real estate, land lords and sellers can update users when property
       becomes available.
     _________________________________________________________________

                        Add Third Voice To Your Site
          Home | About Us | My Notes | My Groups | Download | Help

                     Copyright  1999 Third Voice, Inc.

------------------------------

Date: Sun, 10 Jan 1999 22:51:01 CST
From: CuD Moderators 
Subject: File 8--Cu Digest Header Info (unchanged since 10 Jan, 1999)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send post with this in the "Subject:: line:

     SUBSCRIBE CU-DIGEST
Send the message to:   cu-digest-request@weber.ucsd.edu

DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS.

The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
Send it to  CU-DIGEST-REQUEST@WEBER.UCSD.EDU
(NOTE: The address you unsub must correspond to your From: line)

The mailing list is automated, so no human lies at the other end.

CuD is readily accessible from the Net:
  UNITED STATES: ftp.etext.org (206.252.8.100) in /pub/CuD/CuD
    Web-accessible from: http://www.etext.org/CuD/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         ftp.warwick.ac.uk in pub/cud/ (United Kingdom)


The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu/~cudigest/

Readers wishing to auto-set their browsers to receive the
latest issue of CuD can point to:
  http://www.soci.niu.edu/~cudigest/latest.txt

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #11.31
************************************

<--">Return to the Cu Digest homepage

Page maintained by: Jim Thomas - cudigest@sun.soci.niu.edu