I worked at EFF during that time, and this is a weird story that I’ve not heard before. EFF doesn’t let interns write blog posts (at least not with a lot of supervision) and certainly wouldn’t sack someone for getting something wrong — partly because that’s a terrible lesson to teach someone just starting out in law or activism, but also and more pragmatically it risks being a PR nightmare.
I concede it might be a mangled version of some other incident — EFF’s network neutrality policy during that time was /extremely/ subtle and we often struggled to express it without annoying some colleague organization or another. Do you remember any other details, or link to coverage of it?
So, I knew Aaron and I definitely would not presume to predict what he would have thought, but I’d point out there is a sizeable state space where he should never have been prosecuted, and scraping by others including large commercial companies should not prosecutable on the same grounds.
I repeat what Aaron’s friends and lawyers said at the time: we were going to fight that case, and we were going to win.
So, I was interested in this statement, and looked into it barely, and on one side, its conclusions were replicated in a number of other papers[1] (despite the headlines, three years after its publication, of a simple calculation error)[2]. I'll state that neither of these points are a slam-dunk if you're a member of one political side or another. If you're a believer in austerity, you'll look at the corroborating studies; if you think that was a bad policy choice, you can argue that they're all junk science, pushed out by supporters of the status quo.
I suspect what it narrowly shows though is that this isn't the same category of error as what's being discussed here.
I think one of the things that goes unmentioned in these discussions is that while the US gets a lot of attention for this kind of activity, it has also (historically) been in the forefront of criminalization and prosecution. I may be wrong, but don't know of any other jurisdiction that prosecuted insider trading before the Eighties, and the US has had a pattern of investigating and regulating this since the 30s.
I don't think that this is a particular form of exceptionalism, beyond the US having a longer tradition of widespread, retail-owned shares, and law-making around that fact.
But sometimes I wonder when people are criticising the US as a culture, they're often choosing as the baseline that should be respected standards that were also defined in a US cultural context. What this sometimes means is that in internal US culture these points are seen as something that is heavily discussed, because there was a point where it was democratically decided and therefore could be undecided in the same way, like corporate personhood, or money-as-speech. In the case of the criminalization "insider trading", there is lively debate about whether this is actually a "good thing". That can sound horrific externally, because of course insider trading is a bad thing. But someone decided to make that a bad thing, and -- for historical accident reasons -- the edges of that debate was largely defined within the US.
(This is mostly just barely-informed speculation: sometimes issues like this emerge in international fora, or start in another culture and quickly spread. But the cultural and financial dominance of the US in the last century or so really makes these things often a point of debate in American terms, and a fixed point elsewhere. I speak here as an immigrant to the US and also someone who is dipped in global policy work, rather than someone who is stating this as a good or a bad thing.)
A lot of the United States historical influence and soft power comes from it being a nation of rules and laws. The credibility of the country provided a perception that it was a stable place to store value (investment in treasuries, greenbacks, etc). When the government is facilitating insider trading out in the open (repeatedly), we’re losing a lot more than money due to fraud.
What parts of it were confusing? I think science fiction can be confusing if you haven’t read a lot of it, because part of its art is to try and set the scene in as compact way as possible, with a combination of cues that you can work out from their context or by reference (like “laminate” and “squarely” — yes, I had to look it up), and some are the puzzles that the rest of the story will resolve (who/what is Julia? What do they want?)
It’s ok if it’s not your thing. It’s like an emotional crossword puzzle.
This is fascinating; thank you for building it. (I also enjoyed watching the flurry of visitors as soon as my Let's Encrypt certificate got assigned. It's a Dark Forest out there!)
What would be the obvious reasons? (I'm not being flippant here -- I'm genuinely interested in what arguments people have to not allow servers on that network)
High concentration of technically inept users with hardware that no longer receives security updates and has plenty of well known easily exploitable vulnerabilities. Which naturally is used to run banking apps and travels with users close to 24/7 while tracking their location.
From a business perspective you'd want to charge extra. Just because you can, but also because you want to discourage excess bandwidth use. The internet APs the carriers sell get deprioritized relative to phones when necessary and the fine print generally forbids hosting any services (in noticeably stronger language than the wired ISPs I've had).
> From a business perspective you'd want to charge extra. Just because you can, but also because you want to discourage excess bandwidth use
Isn't that already the case with limited plans?
For example, mine has 40 GBs and I'm pretty sure it counts both upload and download, because I generally consume very little, except for one week when I was on holiday with no other internet access and wanted to upload my pictures to my home server and didn't otherwise use the phone more than usual.
Facebook would start listening on port X and and then their embedded SDK in other websites or app would query that IP and port, get their unique id, and track users much better.
The most common use case for mobile data servers is probably pwned cheap/old phones forming DDoS swarms. Pure P2P over internet is very rare on mobile, no sense not blocking ingress from the perspective of ISPs.
However for that having the phone's IP not reachable has at best marginal benefits. The DDoS itself is an outgoing connection, and for command and control having the compromised phone periodically fetch instructions from a server is simpler to implement than the phone offering a port where it is reachable to receive instructions
I kind of doubt this, as the rapidly changing nature of mobile IP addresses would mean that a periodic outbound connection would still be necessary to keep the attack up-to-date on the compromised devices current IP address. At that point, you may as well have the compromised device periodically poll an attacker-controlled server for instructions rather than jump through a bunch of hoops by getting things to work over inbound connections.
I think it should vary based on the type of service being provided. Truly mobile service, I think it can make sense to not allow servers. If its being sold as a home internet solution (a more fixed kind of plan), I think it should allow servers to at least some level of hosting services.
The main difference is there's usually limited airtime capacity for clients, especially highly mobile ones. A server could easily hog quite a bit of the airtime on the network serving traffic to people not even in the area, squeezing out the usefulness of the network for all the other highly mobile people in the area. This person moves around, pretty much doing the equivalent of swinging a wrecking ball to the network performance everywhere they go.
When its being sold as a fixed endpoint though, capacity plans can be more targeted to properly support this kind of client. They're staying put, so its easier to target that particular spot for more capacity.
The phone providers oversell bandwidth. They also limit the use of already purchased bandwidth when it gets legitimately used.
Similar to many industries, their business model is selling monthly usage, while simultaneously restricting the actual usage. They are not in the business of being an ISP for people running software on their phones.
I concede it might be a mangled version of some other incident — EFF’s network neutrality policy during that time was /extremely/ subtle and we often struggled to express it without annoying some colleague organization or another. Do you remember any other details, or link to coverage of it?
reply