Folks, you might be interested in checking out a network monitoring
tool we launched today, Netalyzr. It's a Java applet you can run by
surfing to netalyzr.com. It aims to measure a bunch of the properties of
and end user's network access, particularly looking for transparent
modifications (e.g., hidden proxies), connectivity restrictions, and some
security issues (e.g., whether the DNS resolver is vulnerable to the
Kaminsky attack).
We've had several thousand users run it today so far, so you may be hearing
about reports your customers have gotten from it. You can see a sample
report at:
http://netalyzr.icsi.berkeley.edu/restore/id=example-session
- Vern
didn't want to spring for a cert for that eh? www.startssl.com ... hey
lookie! free certs!
Why no privacy policy? Or am I just partially blind? Is an answer in
a FAQ legally binding?
~Chris
Why no privacy policy? Or am I just partially blind? Is an answer in
a FAQ legally binding?
sure, we need a privacy policy that can be arbitrarily changed with no
notice just as we have for ...
randy
sure, we need a privacy policy that can be arbitrarily changed with no
... previous ...
notice just as we have for ...
... everything !!!
exactly. so was the question a troll, a red herring, or just a rant?
randy
I guess it was just a rant, I like to know more specifically how folks
intend to use data before I hand it over - and I like that promise to
be at least theoretically enforceable. I am far from a lawyer but it
is my understanding that an official pp is much more substantive and
binding than a single FAQ answer -- especially in the eyes of the FTC.
Yes policies can be changed but I can follow those changes and stop
using the service/tool/etc if I don't like the changes.
If you are saying that the policy can be changed after the fact to
allow uses of the data for purposes or in manners other than those
originally stated, I think you are wrong, see the 2004 case between
the FTC and Gateway Learning as one example I know of off hand:
Howard Beales, Director of the FTC’s Bureau of Consumer Protection.
“You can change the rules but not after the game has been played.”
(http://www.ftc.gov/opa/2004/07/gateway.shtm)
I will grant you that in this case the data being collected is
probably not that sensitive, but the access to my computer is - to me
at least. I for one would have used the tool immediately had there
been an acceptable PP or other TOS in place but without it I
hesitate... So I figured I would bring it up.
~Chris
PS - if you are interested in TOS related stuff, might be worthwhile
to check out http://www.tosback.org/timeline.php a new project
launched by the EFF (no affiliation, just fyi)
sure, we need a privacy policy that can be arbitrarily changed with no
... previous ...
notice just as we have for ...
... everything !!!
exactly. so was the question a troll, a red herring, or just a rant?
If you are saying that the policy can be changed
i am saying all this is specious.
if you don't like it, don't use it. i have been using vern's stuff for
15 years or so, and trust him vastly more than i trust 94.3% of all the
other services you trust.
randy
imho, I believe you are being a little bit paranoid with a tool released
by folks that have been trusted in the community for ages.
As Randy said, if you don't like it or don't feel comfortable with it,
don't use it.
BTW, have you ever notified or made public what do you do with
the response of each single ping you sent ?
You ICMP packets are invading my privacy !!! 
Cheers
i am saying all this is specious.
What is really suspect is www.netalyzr.com is registered via GoDaddy and DomainsByProxy. The IP resolves in Berkeley's IP space, but the reverse DNS name is roland.icir.org.
Why the hidden registration? I realize Educause won't register a .com for you, but do you really need to be obtuse about who owns the domain? Also .. the Netalyzr project isn't even listed on the "projects" page at www.icir.org.
Cheers,
Michael Holstein
Cleveland State University
i am saying all this is specious.
What is really suspect is www.netalyzr.com is registered via GoDaddy and
DomainsByProxy. The IP resolves in Berkeley's IP space, but the reverse
DNS name is roland.icir.org.
Why the hidden registration?
if you knew anything about icir, vern, berkeley, ... you would have a
clue.
as it is, you don't. so anything sounds like black helicopters.
i have work to do, so will be dropping out of this ever so exciting and
informative conversation.
randy
Probably so and it was not my intention to attack Vern, Berkley, ICIR
nor infer that they were not trustworthy. Just pointing out a
possible place for improvement from my view.
~Chris