CloudFlare Claims Most Activity from Tor Is Malicious

June 28, 2016

Different sources suggest varying levels of malicious activity on Tor. Tech Insider shared an article responding to recent claims about Tor made by CloudFlare. The article, entitled, Google Search has a secret feature that shouts animal noises at you, offers information about CloudFlare’s perspective and that of the Tor Project. CloudFlare reports most requests from Tor, 94 percent, are “malicious” and the Tor Project has responded by requesting evidence to justify the claim. Those involved in the Tor Project have a hunch the 94 percent figure stems from CloudFlare attributing the label of “malicious” to any IP address that has ever sent spam. The article continues,

“We’re interested in hearing CloudFlare’s explanation of how they arrived at the 94% figure and why they choose to block so much legitimate Tor traffic. While we wait to hear from CloudFlare, here’s what we know: 1) CloudFlare uses an IP reputation system to assign scores to IP addresses that generate malicious traffic. In their blog post, they mentioned obtaining data from Project Honey Pot, in addition to their own systems. Project Honey Pot has an IP reputation system that causes IP addresses to be labeled as “malicious” if they ever send spam to a select set of diagnostic machines that are not normally in use. CloudFlare has not described the nature of the IP reputation systems they use in any detail.”

This article raises some interesting points, but also alludes to more universal problems with making sense of any information published online. An epistemology about technology, and many areas of study, is like chasing a moving target. Knowledge about technology is complicated by the relationship between technology and information dissemination. The important questions are what does one know about Tor and how does one know about it?


Megan Feil, June 28, 2016

Sponsored by, publisher of the CyberOSINT monograph

LinkedIn: The Thought Leader Misfire

June 2, 2016

I read “News Use Across Social Media Platforms 2016.” No big surprises, just confirmation of what our research has pegged. Almost two thirds in the Pew sample get their “news” from Facebook. You can read the summary and get a sense of the angst trigger the data make available to those in “real” news outfits.

What I noted is a different point. In the write up, LinkedIn users do not get their news from LinkedIn. On an upside note, the number of LinkedIn users who use the social networking service for news rose to 19 percent from 13 percent in 2013. That growth suggests that the effort to make LinkedIn a go to system for high value information is have modest impact.

Compared with Reddit and Facebook, LinkedIn ranks near YouTube and Vine in the must have information about compelling events.

LinkedIn seems to have trimmed back the volume of spam sent to me. I asked LinkedIn’s help desk this question:

What do I need to do to be notified of new  posts to the groups I follow?

After several days of waiting, I still don’t know the answer. My hunch is that LinkedIn’s interface twiddling and workflow massaging is more interested in upselling me. Too bad. Every once in a while, the groups I follow produce “real news.”

From my vantage point in Harrod’s Creek, I thought LinkedIn had a chance to become more important in the must have information business. Right now, LinkedIn which operates Slideshare, has flailed. Perhaps the effort will pay off. Right now, I see a missed easy lay up or even an own goal.

Stephen E Arnold, June 2, 2016

Quote to Note: What Silicon Valley Hates

June 1, 2016

I read the Gray Lady’s write up about the shoot out between some high profile people and outfits. You can get the details in “Tech Titans Raise Their Guard, Pushing Back Against News Media.” The addled goose is interested in the behavior of real journalists and the folks with money, influence, and legal eagles. Eagles have been known to snack on geese.

Here’s the quote I noted:

“The possibility that Gawker may have to post a bond for $50 million or more just to be able to pursue its right to appeal the jury’s verdict raises serious concerns about press freedom,” Lynn Oberlander, general counsel for First Look, said in a statement.

The Constitution thing again. Troublesome for sure. Paying for placement may be the answer. That’s journalism too I surmise.

Stephen E Arnold, June 1, 2016

Paid Posts and PageRank

May 27, 2016

Google users rely on the search engine’s quality-assurance algorithm, PageRank, to serve up the links most relevant to their query. Blogger and Google engineer Matt Cutts declares, reasonably enough, that “Paid Posts Should Not Affect Search Engines.” His employer, on the other hand, has long disagreed with this stance. Cutts concedes:

“We do take the subject of paid posts seriously and take action on them. In fact, we recently finished going through hundreds of ‘empty review’ reports — thank you for that feedback! That means that now is a great time to send us reports of link buyers or sellers that violate our guidelines. We use that information to improve our algorithms, but we also look through that feedback manually to find and follow leads.”

Well, that’s nice to know. However, Cutts emphasizes, no matter how rigorous the quality assurance, there is good reason users may not want paid posts to make it through PageRank at all. He explains:

“If you are searching for information about brain cancer or radiosurgery, you probably don’t want a company buying links in an attempt to show up higher in search engines. Other paid posts might not be as starkly life-or-death, but they can still pollute the ecology of the web. Marshall Kirkpatrick makes a similar point over at ReadWriteWeb. His argument is as simple as it is short: ‘Blogging is a beautiful thing. The prospect of this young media being overrun with “pay for play” pseudo-shilling is not an attractive one to us.’ I really can’t think of a better way to say it, so I’ll stop there.”


Cynthia Murrell, May 27, 2016

Sponsored by, publisher of the CyberOSINT monograph

The Guardian Adheres to Principles

May 20, 2016

In the 1930s, Britain’s newspaper the Guardian was founded, through a generous family’s endowment, on the ideas of an unfettered press and free access to information. In continued pursuit of these goals, the publication has maintained a paywall-free online presence, despite declining online-advertising revenue. That choice has cost them, we learn from the piece, ”Guardian Bet Shows Digital Risks” at USA Today. Writer Michael Wolff explains:

“In order to underwrite the costs of this transformation, most of the trust’s income-producing investments have been liquidated in recent years in order to keep cash on hand — more than a billion dollars.

“In effect, the Guardian saw itself as departing the newspaper business and competing with new digital news providers like BuzzFeed and Vox and Vice Media, each raising ever-more capital from investors with which to finance their growth. The Guardian — unlike most other newspapers that are struggling to make it in the digital world without benefit of access to outside capital — could use the interest generated by its massive trust to indefinitely deficit-finance its growth. At a mere 4% return, that would mean it could lose more than $40 million a year and be no worse for wear.

“But … the cost of digital growth mounted as digital advertising revenue declined. And with zero interest rates, there has been, practically speaking, no return on cash. Hence, the Guardian’s never-run-out endowment has plunged by more than 12% since the summer and, suddenly looking at a finite life cycle, the Guardian will now have to implement another transition: shrinking rather than expanding.”

The Guardian’s troubles point to a larger issue, writes Wolff; no one has been able to figure out a sustainable business model for digital news. For its part, the Guardian still plans to avoid a paywall, but will try to coax assorted fees from its users. We shall see how that works out.


Cynthia Murrell, May 20, 2016

Sponsored by, publisher of the CyberOSINT monograph




Half of Online News Produced by Just Ten Publishers

May 19, 2016

The wide-open Internet was supposed to be a counterweight to the consolidation of news media into fewer and fewer hands. Now, though, PublishersDaily reports that “10 Publishers Account for Half of All Online News.” The article cites a recent study from SimilarWeb, which examined 2015’s top online news publishers, on both mobile and desktop platforms. Writer Erik Sass summarizes:

“Overall, the top 10 publishers — together owning around 60 news sites — account for 47% of total online traffic to news content last year, with the next-biggest 140 publishers accounting for most of the other half, SimilarWeb found.

“The biggest online news publisher for the U.S. audience was MSN, owner of, with just over 27 billion combined page views across mobile and desktop, followed by Disney Media Networks, owner of ESPN and ABC News, with 25.9 billion.

“Time Warner, owner of CNN and Bleacher Report, had 14.8 billion, followed by Yahoo with 10.3 billion, and Time, Inc. with 10.2 billion.

“A bit further down the totem poll were CBS Corp., owner of, with 9.9 billion combined page views; NBC Universal, with 9.5 billion; Matt Drudge, with 8.5 billion; Advance Publications, with 8 billion; and Fox Entertainment Group, owner of Fox News, with 7.9 billion.”

Sass goes on to cover page views for specific publications and outlines which outfits are leading in mobile. Interestingly, it seems smaller publishers are doing especially well on mobile platforms. See the write-up for more details.


Cynthia Murrell, May 19, 2016

Sponsored by, publisher of the CyberOSINT monograph


The Trials, Tribulations, and Party Anecdotes Of “Edge Case” Names

May 16, 2016

The article titled These Unlucky People Have Names That Break Computers on BBC Future delves into the strange world of “edge cases” or people with unexpected or problematic names that reveal glitches in the most commonplace systems that those of us named “Smith” or “Jones” take for granted. Consider Jennifer Null, the Virginia woman who can’t book a plane ticket or complete her taxes without extensive phone calls and headaches. The article says,

“But to any programmer, it’s painfully easy to see why “Null” could cause problems for a database. This is because the word “null” is often inserted into database fields to indicate that there is no data there. Now and again, system administrators have to try and fix the problem for people who are actually named “Null” – but the issue is rare and sometimes surprisingly difficult to solve.”

It may be tricky to find people with names like Null. Because of the nature of the controls related to names, issues generally arise for people like Null on systems where it actually does matter, like government forms. This is not an issue unique to the US, either. One Patrick McKenzie, an American programmer living in Japan, has run into regular difficulties because of the length of his last name. But that is nothing compared to Janice Keihanaikukauakahihulihe’ekahaunaele, a Hawaiian woman who championed for more flexibility in name length restrictions for state ID cards.


Chelsea Kerwin, May 16, 2016

Sponsored by, publisher of the CyberOSINT monograph


The Most Dangerous Writing App Will Delete Your Work If You Stop Typing, for Free

May 2, 2016

The article on The Verge titled The Most Dangerous Writing App Lets You Delete All of Your Work For Free speculates on the difficulties and hubris of charging money for technology that someone can clone and offer for free. Manuel Ebert’s The Most Dangerous Writing App offers a self-detonating notebook that you trigger if you stop typing. The article explains,

“Ebert’s service appears to be a repackaging of Flowstate, a $15 Mac app released back in January that functions in a nearly identical way. He even calls it The Most Dangerous Writing App, which is a direct reference to the words displayed on Flowstate creator Overman’s website. The difference: Ebert’s app is free, which could help it take off among the admittedly niche community of writers looking for self-deleting online notebooks.”

One such community that comes to mind is that of the creative writers. Many writers, and poets in particular, rely on exercises akin to the philosophy of The Most Dangerous Writing App: don’t let your pen leave the page, even if you are just writing nonsense. Adding higher stakes to the process might be an interesting twist, especially for those writers who believe that just as the nonsense begins, truth and significance are unlocked.


Chelsea Kerwin, May 2, 2016

Sponsored by, publisher of the CyberOSINT monograph

New York Times: Editorial Quality in Action

April 22, 2016

On April 14, 2016, I flipped through my dead tree copy of the New York Times. You know. The newspaper which is struggling to sell more copies than McPaper. What first caught my eye was this advertisement for a dead tree book called “ The New York Times Manual of Style and Usage: The Official Style guide Used by the Writers and Editors of the World’s Most Authoritative News Organization. I assume this manual was produced by “real” journalists and editors. I am not familiar with this book, although I was aware of its existence. The addled goose uses the style set forth in the classic Tressler Christ circa 1958. Oh, you may be able to read a version of the New York Times story at this link. Keep in mind that you may have to pay pay pay.


I noted in the very same edition of the dead tree edition of the New York Times this write up about a football (soccer) match. I know that the “real” journalists working in Midtown are probably not into the European Cup if there is a Starbuck’s nearby.

I noted this interesting stylistic touch:


I spotted two paragraphs which are mostly the same. I assume that the new edition of the Style and Usage volume is okay with duplicate passages. It is tough to determine which is the “correct” paragraph.

Tressler Christ, as I recall, suggested that writing the same passage twice in a row was not a good move in 1958. The reality of the cost conscious New York Times may be that it is okay to pontificate and then duplicate content.

Nifty. I will try this some time.

Nifty. I will try this some time.

Nifty. I will try this some time.

Nifty. I will try this some time.

See. Not annoying annoying annoying at all.

Stephen E Arnold, April 22, 2016

FBI Runs Child Porn Website to Take down Child Porn Website

April 12, 2016

The article on MotherBoard titled How The FBI Located Suspected Administrator of the Dark Web’s Largest Child Porn Site provides a comprehensive overview of the events that led to the FBI being accused of “outrageous conduct” for operating a child pornography site for just under two weeks in February of 2015 in order to take down Playpen, a dark web child porn service. The article states,

“In order to locate these users in the real world, the agency took control of Playpen and operated it from February 20 to March 4 in 2015, deploying a hacking tool to identify visitorsof the site. The FBI hacked computers in the US, Greece, Chile, and likely elsewhere.

But, in identifying at least two high ranking members of Playpen, and possibly one other, the FBI relied on information provided by a foreign law enforcement agency (FLA), according to court documents.”

Since the dial-up era, child pornographers have made use of the Internet. The story of comedian Barry Crimmins exposing numerous child pornographers who were using AOL’s early chat rooms to share their pictures is a revealing look at that company’s eagerness to turn a blind eye. In spite of this capitulation, the dark web is the current haven for such activities, and the February 2015 hacking project was the largest one yet.




Chelsea Kerwin, April 12, 2016

Sponsored by, publisher of the CyberOSINT monograph

« Previous PageNext Page »