The Internet has a lot of content that you may not wish to stumble on when giving children access to it whether at home or in a public access computer scenario (Library, community group, Internet cafe etc).

Putting safeguards on a home computer can sometimes be beyond the knowledge of many parents who may prefer to have a specialist put user specific Internet filtering in place (as many Schools and businesses do) whilst some operating systems allow the set-up of child-friendly accounts that help put some safeguards in place to ease the worries of many parents or guardians.

Glubble is a free add on for the popular Firefox browser and its derivatives (Flock and Seamonkey primarily) that puts puts a child friendly set of rules and interfaces in place but allows the asking of permission from nominated family or guardian members  for sites and activities that may be blocked by the default access rules thus making it easy to individually customise.

A family noticeboard is available which lends the project a more human interface. Accounts can be set-up and tailored to each individual and changes can only be made via a password protected 'responsible adult' administrator account (provided the 'responsible adult' is not careless and shares the password).

Of course this kind of adult intervention would need to be used in association with the operating system user accounts configuration to perhaps stop the more technically knowledgeable children from just downloading an alternative browser in order to circumvent the well meaning protection put in place here.

Setting up parental controls in Microsoft Vista

In Mac OS X

Edubuntu-a child & education centric Linux solution

Random post__Blogs I Read__

The CLA press release clearly states that librarians were the advocates for internet filtering:

The initial impetus for the London Public Library filtering plan did not come from an outside group or from a group of employees, but from library management, on the grounds that extending filtering was necessary to protect against inadvertent exposure to inappropriate images. Although alternatives to filtering were suggested, such as reconfigured furniture arrangements, better use of privacy screens, and enforcement of existing rules of conduct, and intellectual freedom considerations were stressed, many influential community members and organizations supported filtering, and the issue remained contested at a series of London Public Library Board meetings

Toni Samek, Convenor of the Advisory Committee on Intellectual Freedom, said that the award will be presented at the CLA conference in Vancouver. Sam Trosow, Associate Professor at the University of Western Ontario, will organize some sort of celebratory event in London to recognize and honor the recipients.

This award is a great idea.  Most of my posts are about things that suck and erode intellectual freedom.  It's important to acknowledge when people stick their neck out, and do unpopular things to protect intellectual freedom.  I'm sure the London Public Library Board meetings were extremely uncomfortable and that this was a politically risky thing to stand up for.

I'm going to try and interview them, so if you have any questions you would like me to ask, please leave them in the comments section.

See previous posts:

internet filtering–boo, FIMS faculty–yay!

Filtering Adult Workstations @ London Public Library

London PL filtering update

History

• IIS 1.0, Windows NT 3.51 available as a free add-on
• IIS 2.0, Windows NT 4.0
• IIS 3.0, Windows NT 4.0 Service Pack 3
• IIS 4.0, Windows NT 4.0 Option Pack
• IIS 5.0, Windows 2000
• IIS 5.1, Windows XP Professional and Windows MCE
• IIS 6.0, Windows Server 2003 and Windows XP Professional x64 Edition
• IIS 7.0, Windows Server 2008 and Windows Vista

The first Microsoft-endorsed web server was a research project by the European Microsoft Windows NT Academic Centre (EMWAC), part of the University of Edinburgh in Scotland, and was distributed as freeware. However, since the EMWAC server was unable to scale sufficiently to handle the volume of traffic going to microsoft.com, Microsoft was forced to develop its own web server, IIS.

IIS was initially released as an additional set of Internet based services for Windows NT 3.51. IIS 2.0 followed adding support for the Windows NT 4.0 operating system and IIS 3.0 introduced the Active Server Pages dynamic scripting environment.

IIS 4.0 dropped support for the Gopher protocol and was bundled with Windows NT as a separate "Option Pack" CD-ROM.

The current shipping version of IIS is 7.0 for Windows Vista and Windows Server 2008, 6.0 for Windows Server 2003 and Windows XP Professional x64 Edition, and IIS 5.1 for Windows XP Professional. Windows XP has a restricted version of IIS 5.1 that supports only 10 simultaneous connections and a single web site. IIS 6.0 added support for IPv6. A FastCGI module is also available for IIS5.1, IIS6 and IIS7.

Windows Vista does not install IIS 7.0 by default, but it can be selected among the list of optionally installed components. IIS 7.0 is available in all editions of Windows Vista except Home Basic and Starter. IIS 7 on Vista does not limit the number of allowed connections, like IIS on XP did, but limits concurrent requests to 10 (Windows Vista Ultimate, Business, and Enterprise Editions) or 3 (Vista Home Premium). Additional requests are queued which hampers performance but they are not rejected like in XP which resulted in the 'server too busy' error message.

Security

Earlier versions of IIS were hit with a number of vulnerabilities, chief among them CA-2001-19 which led to the infamous Code Red worm. However, both versions 6.0 and 7.0 currently have no reported issues that affect them. In IIS 6.0, Microsoft has opted to change the behaviour of pre-installed ISAPI handlers, many of which were culprits in the vulnerabilities of 4.0 and 5.0, thus reducing the attack surface of IIS. In addition, IIS 6.0 added a feature called "Web Service Extensions" that prevents IIS from launching any program without explicit permission by an administrator. With the current release, IIS 7.0, the components were modularized, so that only the required components have to be installed, thus further reducing the attack surface. In addition, security features such as URLFiltering were added that rejects suspicious URLs based on a user defined rule set.

In IIS 5.1 and lower, by default all websites were run in-process and under the System account, a default Windows account with elevated rights. Under 6.0 all request handling processes have been brought under a Network Services account which has significantly fewer privileges. In particular this means that if there is an exploit in a feature or custom code, it wouldn't necessarily compromise the entire system given the sandboxed environment the worker processes run in. IIS 6.0 also contained a new kernel HTTP stack (http.sys) with a stricter HTTP request parser and response cache for both static and dynamic content.

Authentication Mechanisms

• IIS 5.0 and higher support the following authentication mechanisms:
• Basic access authentication
• Digest access authentication
• Integrated Windows Authentication
• .NET Passport Authentication
• Version 7.0

Debuting with Windows Vista, and also included in Windows Server 2008, IIS 7.0 features a modular architecture. Instead of a monolithic server which features all services, IIS 7 has a core web server engine. Modules offering specific functionality can be added to the engine to enable its features. The advantage of having this architecture is that only the features required can be enabled and that the functionalities can be extended by using custom modules.

IIS 7 will ship with a handful of modules, but Microsoft will make other modules available online. The following sets of modules are slated to ship with the server:

• HTTP Modules
• Security Modules
• Content Modules
• Compression Modules
• Caching Modules
• Logging and Diagnostics Modules

Writing extensions to IIS 7 using ISAPI has been deprecated in favour of the module API, which allows modules to be plugged in anywhere within the request processing pipeline. Much of IIS's own functionality is built on this API, and as such, developers will have much more control over a request process than was possible in prior versions. Modules can be written using C++, or using the HttpModule interface from a .NET Framework language. Modules can be loaded globally where the services provided by the module can affect all sites, or loaded on a per-site basis. IIS 7 has an integrated mode application pool where .NET modules are loaded into the pipeline using the module API, rather than ISAPI. As a result ASP.NET code can be used with all requests to the server. For applications requiring strict IIS 6.0 compatibility, the Classic application pool mode loads asp.NET as an ISAPI.

A significant change from previous versions of IIS is that all Web server configuration information is stored solely in XML configuration files, instead of in the metabase. The server has a global configuration file that provides defaults, and each virtual web's document root (and any subdirectory thereof) may contain a web.config containing settings that augment or override the defaults. Changes to these files take effect immediately. This marks a significant departure from previous versions whereby web interfaces, or machine administrator access, were required to change simple settings such as default document, active modules and security/authentication. It also eliminates the need to perform metabase synchronization between multiple servers in a farm of web servers.

IIS 7 also features a completely rewritten administration interface that takes advantage of modern MMC features such as task panes and asynchronous operation. Configuration of ASP.NET is more fully integrated into the administrative interface.

Other changes

• PICS content ratings, support for Microsoft Passport as well as server-side image maps are no longer included.
• Executing commands via server-side includes is no longer permitted.
• IISRESET -reboot has been removed.
• The CONVLOG tool, which converts IIS log files into NCSA format, has been removed.
• Support for enabling a folder for "Web Sharing" via the Windows Explorer interface has been removed.
• IIS Media Pack (see below), which allows IIS to be used as a bare-bones media server, without using Windows Media Services.
• New FTP module, that integrates with the new configuration store, as well as the new management environment.

IIS Media Pack

The IIS Media Pack is a set of free add-on modules for delivering digital audio and video files from an Internet Information Services 7.0 (IIS7) Web server. Download delivery from a Web server to media player software is often as a progressive download, which allows the end user's media player to quickly start rendering the media file even as the download is still in progress. Examples of media player software that will work with the IIS Media Pack include Adobe Flash Player, Apple QuickTime Player, RealNetworks RealPlayer, Microsoft Windows Media Player, and Microsoft Silverlight. The IIS Media Pack provides some of the cost savings and content control benefits of streaming media servers to Web server delivery of media files.

The first module, Bit Rate Throttling, was released to the general public on March 14, 2008. For media files, Bit Rate Throttling downloads the first few seconds of the file as fast as possible, allowing playback to begin very quickly, and then automatically detects the encoded bit rate of the file and meters out the rest of the download at that bit rate. If an end user stops playback before the end of the file, the server has only downloaded a few more seconds of file than were actually consumed, reducing bandwidth costs when compared to traditional send-and-forget HTTP downloads. Metering the delivery of media files also reduces overall bandwidth and CPU usage on the IIS server, freeing resources to serve a higher number of concurrent users. The following eleven media file formats are supported by default in the Bit Rate Throttling module: ASF, AVI, FLV, M4V, MOV, MP3, MP4, RM, RMVB, WMA, and WMV. Additional media file formats can be added using the IIS configuration system. Non-media files may also be throttled at a server-administrator-specified delivery rate.

The second module is called Web Playlists, and is now in its second Customer Technology Preview (CTP) release. This feature allows an IIS server administrator to specify a sequenced playback order for a set of media files without exposing the source URLs. Playback order and the ability to limit whether an end user can seek within or skip a file are controlled on the IIS server. The Web Playlists feature can also be used to dynamically generate personalized playlists for users.

Normally we need to request to unblock the sites. Then they agree to unblock them within 3 days. But we requested some sites to unblock last year, but not yet unblocked.

Now you can see the ineficiency of the University of Maratuwa web filtering unit. Due to the web filtering the net connection was become very slow. The ministry of education passed 2 MBPS net connection but University provides only 20 Kbps speed.

??????????...........................

 "The recommendations from ICANN will future proof the Internet so that it can be used and enjoyed for many generations to come," says Bloxx Managing Director, Eamonn Doyle. "However, we predict a land grab for these additional TLDs top level domains which will see a dramatic increase in the number of registered domains and URLs. This will be a significant challenge for first and second-generation web filtering suppliers whose products depend on keeping a URL database up-to-date."  

"The problem with first and second generation web filters is with the growth and turnover of the web, as soon as a URL database or "blacklist" is updated, it is out of date - - these new recommendations mean this problem has never been clearermore relevant," explains Doyle. "Third-generation filters, such as Bloxx Tru-View Technology, analyse and categorise sites on the fly and make an informed decision as to what risks are associated with accessing them, and are now clearly the only viable way to manage user access to the web."

 I agree this will create a lot more domain names, and more work for filtering companies .  When I was at N2H2, we dealt with "parked" domain names - names that were obviously being registered for future use in porn sites by automatically adding newly registered domain names with obviously pornographic words to our pornography category.  This would often later prove unnecessary because many of these registered domains would later to point existing porn sites, and we would block these with a single numeric IP entry.  I remember once seeing 5,000 pornographic domain names that pointed to a single IP.

UPDATE:  Websense's Security Labs Blog weighs in as well:

Back in 2004, ICANN implemented an "Add Grace Period" (AGP) policy to the registration of new domains. This effectively allowed for a five-day trial period of any newly registered domain. Abuse of this policy almost immediately sky-rocketed as the practice of "domain tasting" took off. Basically, domain tasters will register millions of domains, fill them all with advertisements and then return all domains which do not generate enough traffic just before the five-day grace period expires.

Bob Parsons, of GoDaddy.com, explained the problem best back in 2006: http://www.bobparsons.tv/DomainKiting.html.

Here in Websense Security Labs, we monitor the registration of all new domains, and we can personally attest to the problem caused by abuse of the AGP policy. The policy is not only abused to commit click-fraud. Fast-flux malware authors use the policy to freely register thousands of domains for use by their malware, making the subsequent tracking and shutdown of these domains a daunting task.

That should all end shortly: ICANN today approved a new policy that puts a severe damper on these domain tasters:

"[no] refund for any domain name deleted during the AGP that exceeds 10% of its net new registrations in that month, or fifty domain names, whichever is greater"

• For parents, Neil Rubenking in PC Magazine has a very good run down of "12 Tools to Keep Kids Safe Online," that covers not only traditional web filtering, but monitoring, time limits, and social networking controls. He selects Safe Eyes 5.0 as the editor's choice.
   
• Laptop Magazine looks at three filters, and declares Safe Eyes 5.0 the winner again. (I'll have to download Safe Eyes and check them out with the good buzz they are getting)
   
• For businesses, SC magazine has a round-up of 10 "Web Content Management Products." They name 8e6 their "Best Buy."
   
• Also for businesses, Computer Reseller News takes a look at 3 web security filters in "Mucking up Malware" and finds Sophos, a anti-virus vendor not normally associated with web filtering number 1.

On/around June 21, 2008, the Netsweeper central database will surpass 1 billion currently categorized URLs.   This is (one of) the critical differences of the Netsweeper filtering capability. And this capacity is accelerating.  We have just completed our full installation at BSNL the (largest) ISP in India.  Within 18 months, they estimate an additional 6 million users will average 30 searches, and 4 new URLs categorized per user, each day.  This will generate more than 24 million new URLs categorized each day. Our next billion should happen within the next 6 months. 

Is this credible?  The short answer is depending how you count, yes.  According to the latest figures on Wikipedia, the web in 2008 contains 100 million web sites with 63 billion pages.  So if you're counting  pages as URLs, the figure is entirely credible.  Netsweeper builds this database by maintaining a central database "in the cloud" that customers access, and using AI to automatically add unclassified URLs, as described on their website: 

To solve the traditional problems with purely list-based filters, Netsweeper developed a dynamic new approach. This approach uses a central database of categorized URLs. Each Netsweeper Policy server contains only the URLs accessed by the local users (students, patrons, employees, home users).  If a user visits a site that isn't in the local database, it is requested from the central database (CNS). The CNS provides the information about the requested site to the Policy server, which caches the information so as to be ready should the request be made again. This ensures that the Policy server only has relevant URLs in its cache. 

FYI, Netsweeper has it's own database look up service, which I've added to my list of now eight filter database look up services.

But there might be a .xxx domain. Advocates have been fighting for such a designation for years as a simple solution for alerting users and keeping children out of adult material. ICANN has continually turned them down, saying that it doesn't want to become a content regulator. But this new system would be "open to everyone," ICANN chief Paul Twomey told BBC News. 

 As a way to help protect children from pornography, the idea of an .XXX domain has been around since the late 1990s.  The idea is compelling: you put all the pornography in the .XXX domain, then you just set web browsers or filters to block all .XXX, and the problem is solved.  Unfortunately, it's not that simple, and .XXX won't work to make filters more effective. 

The reason .XXX won't work is because of the technology that underlies the Internet.  As many Internet users  know, underneath the familiar Fully Qualified Domain Name (FQDN) of www.SiteName.com is a unique Internet Protocol (IP) number like 192.168.1.1.  

Here's where the problem with blocking only .XXX name comes in.  If a web site like www.playboy.com correspondents directly with a numeric IP such as 216.163.137.3, the filter must block the numeric IP to be effective.  [Of course, some websites do not correspond directly to a single numeric IP, but rather share a numeric IP with multiple websites.  In these cases it is usually not necessary to block the numeric IP address.]

If the numeric IP is not blocked, it becomes trivial for a youngster to defeat filtering.  There are many websites on the Internet that for free will translate .com names into numeric IP address.  For example, visit http://centralops.net/co/DomainDossier.aspx  and enter WWW.PLAYBOY.COM and it returns 216.163.137.3.  Enter 216.163.137.3 into a browser, and you can access Playboy.  (Alternatively, you can just drop down to a command prompt in Windows and type in "Ping playboy.com" to get the numeric IP) 

For filtering companies, the bottom line is that .XXX won't make their jobs any easier.  Filtering companies can't just block all .XXX sites, because in addition to blocking www.porn-site.xxx they will have to block the numeric IP as well.  And that means tracking each .XXX porn site individually to find the numeric IP address, the same way filtering companies track .com porn sites.  And that's a big job.  The big filtering companies have millions of pornography sites.  So rather than making the jobs of filtering companies easier, the main impact a .XXX will have for filtering companies is to simply create more pornography sites for them to filter.

As laudable as the effort to end sexual exploitation of children is, the concept of blocking parts of the internet needs to be one small part of the overall effort. Simply blocking the alt section of Usenet is fundamentally misguided.

Let's take a less controversial example to see how the analysis works out: blocking spam servers. This is one approach which could be taken to controlling spam, and it's easy enough to add domain-level filtering to any anti-spam system. The two immediate problems are

1. People will simply register new domain names, hook up the old servers, and go back to business as usual
2. People will forge names on their servers in an attempt to impersonate legitimate sites and get the system to target the good server on their behalf.

I'm sure a security expert could think of a hundred different ways to abuse such a system. However, these examples represent two different paradigms for dealing with ISP level filtering. The first is to change venues. The second is to run a "false flag" operation to attack your opponents' web presence. We want neither, whether it's associated with spam or porn.
However, it's the first of those responses which makes the "filter alt" proposals so wrong. Rather than constantly force the purveyors of child pornography to change venues, we should be going into these places where we know it occurs, gather evidence on people who peddle it, and shut the problem down at its source. Just like spam servers and botnet operators can keep dancing around efforts to selectively shut down the electronic side of the operation, so can child porn purveyors.

There is no need to invoke Markov's inequality, higher order moments or convolutions. In fact all we have to do is to write the basic percentage closer filtering formula for $latex n$ equally weighted occluders $latex o_i$ and a receiver$latex r$

$latex \displaystyle\frac{1}{n}\sum_{i=1}^{n}H(o_i-r) &s=1$

The role of the step function $latex H(x) $ is to perform a depth test on all occluders, depth test results are then averaged together to obtain a filtered occlusion term. The are many ways to write $latex H(x) $ and a limit of exponential functions guarantees a fast convergence:

$latex \displaystyle H(o_i-r) = \lim_{k \to +\infty} \frac{e^{ko_i}}{e^{ko_i}+e^{kr}} &s=1$

We can rewrite the original PCF equation as:

$latex \begin{array}{ccc} \displaystyle\frac{1}{n}\sum_{i=1}^{n}H(o_i-r)&=&\displaystyle\frac{1}{n}\sum_{i=1}^{n}\lim_{k \to +\infty} \frac{e^{ko_i}}{e^{ko_i}+e^{kr}} \\ &=&\displaystyle\lim_{k \to +\infty}\frac{1}{ne^{kr}}\sum_{i=1}^{n}\frac{e^{ko_i}}{e^{k(o_i - r)}+1} &s=1\end{array}$

If we make the hypothesis that our shadow receiver is planar within the filtering window we are also implicitly assuming that the receiver is the most distant occluder (otherwise it might occlude itself, which can't happen given our initial hypothesis), thus we have $latex r > o_i$.
Armed with this new assumption we observe that the term $latex e^{k(o_i - r)} $ quickly converges to zero for all occluders:

$latex \begin{array}{ccc} \displaystyle\lim_{k \to +\infty}\frac{1}{ne^{kr}}\sum_{i=1}^{n}\frac{e^{ko_i}}{e^{k(o_i - r)}+1} &\approx&\displaystyle\lim_{k \to +\infty}\frac{1}{ne^{kr}}\sum_{i=1}^{n}e^{ko_i} \\ &\equiv&\displaystyle\lim_{k \to +\infty}\frac{E[e^{ko}]}{e^{kr}} \\ &s=1\end{array}$

As we already know $latex k$ controls the sharpness of our step function approximation and can be used to fake soft shadows. Ultimately we can drop the limit and we obtain the ESM occlusion term formula:

$latex \displaystyle \frac{E[e^{ko}]}{e^{kr}}&s=2$

Exponential shadow maps can be seen as a very good approximation of a PCF filter when all the occluders are located in front of our receiver (no receiver self shadowing within the filtering window). There's not much else to add, if not that this new derivation clearly shows the limits of this technique and that any future improvements will necessarily be based on a relaxed version of the planar receiver hypothesis. 

For unknown reasons some old and buggy ESM test code was distributed with ShaderX6. You can grab here the FxComposer 2.0 sample code that was meant to be originally released with the book.

So comes today's announcement that CyberPatrol has acquired a small filtering company, Emerald Technologies, based in Orlando Florida: 

Newly Formed CyberPatrol LLC Acquires Emerald Technology, Inc.
Dramatically Increased Parental Controls Filtering Capabilities, Web Filtering products now available for SMBs and Networked Environments

Enola, PA......June 12, 2008.........Newly formed CyberPatrol LLC today announced that it has acquired Emerald Technology, Inc. Emerald Technology's proprietary filtering technology will be used in CyberPatrol's Parental Controls software. Called SiteCAT, the core technology and unique content filtering engine will enhance the blocking and filtering capabilities of the existing CyberPatrol Parental Controls product. CyberPatrol will continue to sell and support Emerald Technology's current products under the CyberPatrol brand. Jason Short PhD, founder and President of Emerald Technology and Michael McDonald, software engineer have joined the CyberPatrol LLC organization. Dr. Short heads up the research department as vice‐president of research

Sounds like they've got a big database they'll deliver primarily "over the cloud" to more than just consumers:

Emerald's filtering technology continuously crawls and scans both new and existing domains. By continuously scanning the internet, new domains are detected, classified and immediately added to a database that is used to power CyberPatrol Parental Controls. This proprietary database contains information on 22 million domains that represent over 200 million web pages. This data has been segregated into 43 different categories. The database contains both known safe sites as well as sites to be blocked. The entire Internet is crawled every 45‐ 60 days and updates are immediately made and available to CyberPatrol customers.

Here's my filter tip: Expect the worst. That way you can avoid situations like tonight.

So there I was doing ~23mph between stationary traffic. All was right in the world and I was hungry and looking forward to my tea. I approached a bus on my left and a car on my right.

Then out of fecking no-where, a small Peugeot 206 appears, blocking the space between the bus and the car. Now it wasn't like the car slowly edged it's way out and looked. No, the car bombed it across our 2 lanes, then stopped, looked left and then carried on in the opposite direction.

I have no idea how I managed to stop, and my brakes aren't what you would call sharp, but instinct took over and I managed to stop in about 12ft. As I came to an abrupt standstill I looked to see how close I was from this guys rear arch; 1cm.

1 unbelievably , amazingly close centimeter.

I sat for a second to let my brain catch up and then sat some more. The guy in the Peugeot was totally clueless and continued to look left, only realising that there was a man sitting in a white helmet staring at him when he started to drive away.

Now some may say that I shouldn't be filtering and that it was my own fault. Some may say I was going to fast. I disagree with both statements and add that I did fabulously well to avoid an accident and should actually get a medal for it...

As I put my bike in to gear and started to pull away I could feel the slight sensation of adrenaline, but unlike all near misses and actual accidents that I have had, the adrenaline was a vague sensation and disappeared within minutes of the incident. I then carried on my way as if nothing had happened. Amazing. This now however throws up a few questions:

Have I done so many miles now that I am able to calmly and efficiently deal with anything that gets thrown in my direction or;

Have I done so many miles now that I am numbed to the whole motorcycle/danger thing?

Whatevet the answer is, I know one thing: I was able to quickly, efficiently and safely stop my motorcycle from ~23mph in 12ft, with absolutely no warning whatsoever and cause no commotion at all.

I F*CKING ROCK!

Advertising networks gained momentum too. Everyone trying to get a piece of the Social Networking Walhalla harassing the user (that's you) with advertisement. $ BLN dollar valuations of companies who's main objective is to get those advertisement dollars rolling. The user gets his service for free, but as a result he has to put up with advertisement. That has got to be by far the worst nightmare of any Marketeer right? You have a potential customer, according to all of the semantic and contextual data the Social Networking site has collected for you. You show this potential customer an advertisement, making sure it fits the profile. Only to discover that this potential customer does the same thing he did in more traditional media, he ignores it. It is the catch 22 of web 2.0. Everyone trapped in the FREE business model where advertisement money is pumped around but the only one paying the bill is the advertiser who doesn't get much value for his dear advertisement budgets. The social networking site is the laughing third party who collects the dollars. It's a business model that can't hold up much longer. At some point the advertiser should be doing his math and discover that he is paying an awful lot of money for social experiments that aren't very effective. The nature of the business model is what is wrong with it. It is a business model based upon lock-in, upon force instead of freedom. You get a free service so you MUST put up with advertisement.

There is no end to the optimism of both web entrepreneurs and advertisers when it comes to the promises of web 2.0. Advertising, uhm I mean engaging with you customers, being able to use contextual and semantic information to serve him even better. The Über social graph is already being build by Facebook and the likes. And once the user is being tracked and traced across every destination he goes, the exploitation of that data surely will lead to the promised land.

The data collection going on on the web is immense. It is nearly impossible to visualise the amounts of data being collected by Google and everyone else. I'm betting the actual web and it's data is probably an infinite small fraction of what is being stored on data hogging servers around the world. I can understand why it is being done (given what I just said above). But I can't help but feel that it's a rush to fool's gold. I haven't seen a computer algorithm yet that has mastered free choice. I don't know any data profiling scheme that can make people behave like their profiles suggest.  Human nature isn't that simple. That doesn't mean no one is going to make a lot of money on this. I'm just saying that I doubt that all of this profiling will provide the advertisement world much benefits. You can't make me like your message, just because the data says so.

We see this behavior now already. Even though this data analysis is in it's infancy and much better algorithms will be thought of. Ever clicked on a Facebook ad served to you? Well, not many have. Ever bought some product because when it got in the way of you interacting with a friend, you thought, "hey, that's convenient, gotta get me one of those". It just doesn't work that way.

I tried out the Friendfeed recommendation that has just launched and the Friendfeed community is wild about. It will serve you the "best" of Friendfeed of the last day, week or month. Using it brought me 2 important lessons:

1. I gotta get me some friends that aren't Friendfeed fanatics. Almost every recommendation was a piece of content or discussion concerning this tool. Man these early adapters aren't doing Friendfeed any favor with it. Hailing their trumpets, predicting the conquering of the entire world with a tool. Idiots in my opinion. Friendfeed is just a tool, and a nice one. But they are on to the same data collection I talked about earlier. Instead of just computer alogrithms, they try to use friends recommendations and discussions to filter out the important stuff. Too bad 90% of the discussion on Frienfeed is about Friendfeed itself. That data collection isn't going anywhere for a while (Crossing the chasm is pretty difficult isn't it). Or maybe it's just me and my Friendfeed friends, I don't know.
2. I gotta get me some friends that aren't discussing the "downfall" of Twitter. Yep, that is where the other pieces of content were talking about. Same early adopters. Same boring stuff. Morons of course. The early adopters might have jumped the Friendfeed wagon,  Twitter is king of 140 characters. They don't have to come up with noise filters, ranking algorithms, friends recommendations, semantic data collectors, or anything of the sort. They aren't in the business of data collection and serving advertisement on that data. They are in the field of interaction. And interaction is the only thing that matters in web 2.0. Social Media consumption, creation, participation, it is all interaction. Sure they have stability issues and an angry early adapters mob against them. But they rule the 140 character world, and given the $ 1Bln spent in mobile SMS in 2007 I say Twitter has a better chance of becoming a successful social utility than Friendfeed.

I don't like the sitting back and let the feeds come to you mechanism anyway. RSS has brought us really great ways to distribute content. But it has also killed the adventuring sprrit of the web user. Instead of wandering around this marvelous world of content and people waiting to interact, we sit back and let the feeds bring it to us. Such a waist of creative processes, of discovery. And such an incredible noise generator. We are screaming for noise filters, ranking algorithms, trust filters (who the hell thinks up this stuff), all to get a grip on the never stopping river of information flowing to us via RSS feeds.

Honestly, I don't need filters to trust people, to know who ranks high or low, to know who is producing great content or noise. And I have serious doubts that ANY consumer outside the top web elite is dealing with that problem either. RSS is convenient but lazy. It brings you everything you always wanted, and a whole lot of noise with it. It needs noise filters, raking algorithms and all that other stuff. Computer algorithms telling me what to like or not. RSS is unintentional, it is sharing because we can. If there is no intent in sharing it pretty quickly becomes less valuable. That is why we all still love it to get an old fashioned letter or postcard in the mail. It is intentional and therefore so much more valuable. Try subscribing to less RSS feeds if you keep complaining about noise. It will solve your problem instantly.

I always have felt the Internet should evolve around you. Making you and the things you want to do most important. Not the data hogging, or the social graph. But that doesn't mean that you can sit back and enjoy the ride. It also implies that you have a responsibility in this. You have to be willing to look around, to discover, to make choices. Not just let that RSS juice flow to you. I'm convinced it will work out in the end.

The way RSS is used now is a bit like us reading great books on well known museums. It's fine.  But actually discovering a new museum, going there, seeing the things that are there, engaging, talking about it, that is where the value really is. And that is more valuable than any RSS feed I could possibly imagine. Friendfeed may be the early adopter king of RSS feeds for now. They are there to collect data, to see if a new kind of "Google" can arise out of social media. And I suspect they will be digging in the same hole where all social networks are digging into. But it's content right now is a museum we have all seen already. And the discussions of the early adopters are running around in circles right now.

But Twitter is the king of 140 characters. They don't need all that. They support a basic human need. They need more stability and a well executed business plan. But these 140 characters will be infinitely more valuable to us than any RSS feed with comments and likes will ever be.

KidZui is a kid-safe browser made available in March for those willing to pay a monthly subscription fee ($5/mo to start and $10/mo thereafter). For whatever reason, KidZui has decided to abandon this group and join the wider web by offering its product for free - at least for most of its functionality. Premium memberships are now only necessary for users who want to access an extended set of features, such as extra tags for content and themes for decorating pages. On the parenting side of things, the paid features include more sophisticated activity reports and email updates. These memberships have been cut in half, so it only costs $5/mo or $50/yr.

 I've always been a fan of "walled gardens" - protected portions of the web that restrict all but approved portions of the Internet for grade school and pre-school kids.  The difficulty has always been building a workable business model around this great idea.  Over the years, a number of these efforts have been tried and failed because they couldn't make money.  I've got reference material on several of these in my page on defunct filtering products, and they include EdView (ceased operations in 2000) and Internet Safari ( discontinued 2002).  These companies can't seem to get a critical mass of parents to pay for the service to make it profitable. 

But I think KidZui may finally be on to something, by combing a walled garden with charging for premium content for other features.  Club Penguin and WebKinz have shown that parents (like me - my kids love WebKinz) can be badgered into paying a subscription fee - if the content is compelling enough.

More than half of all households with internet access have no blocking software or other controls over online access. The number of households using such safety provisions has declined since 2005, both for households with 8-11 year olds (55% down to 50%) and those with 12-15 year olds (51% down to 43%) . The main reason for parents not having such controls is their belief in their child's ability to self-regulate their internet behaviour (54% of parents of 8-11s and 72% of parents of 12-15s).

This compares to  an increase by parents in the US, according to Pew Internet & Life Study, which found in 2006 that, "that 54% of families now use filtering software, up from 41% in 2000."

Symantec is developing a Web-based service that will let parents control almost all aspects of their child's Internet activity from anywhere in the world. The rising use of instant-messaging programs and social-networking sites by children has posed new challenges to parents seeking to prevent kids' access to inappropriate content or contact with creepy online adults. A demo seen by IDG on Friday showed the application gives parents sweeping control over their child's activity. It can be configured so a parent must approve adding a new person to a buddy list on an instant-messaging program. Search terms can be monitored as well as content posted on social-networking sites. The application doesn't have a formal product name as of yet, said Con Mallon, product marketing director for Symantec's consumer division in Europe, on Friday. 

Many traditional home Internet safety products  that do a good job of web and e-mail filtering are still catching up to the Web 2.0 world of Social Networking and the different set of concerns it raises for parents.  Today's Internet safety tools don't yet offer granular controls for filtering and monitoring social networking sites by parents, so many online safety advocates, such as Enough is Enough, recommend minors not participate in social networking sites.  Getnetwise.org is by far the best online resource for parents seeking filtering tools, and it's searchable tools database doesn't contain social networking controls yet, but look for this change in the next 12-18 months:

As this testimony will demonstrate, due to the dynamic nature of the ICT sector and the complexities of the existing regulatory environment, legal regimes cannot adequately address the dilemmas posed by the rise of global filtering, censorship, and surveillance practices worldwide, and are unlikely to be capable of doing so in the near term. Furthermore, the proposals currently being considered could be harmful in the long run, by forcing organizations out of foreign countries altogether or by requiring them to break local laws. At this moment of dynamic change, it would be premature to act now with blunt legislation. Rather, there are several activities which the US government could support and contribute to, such as constructive policy engagement, collaborative learning, multi-stakeholder input and commitment, further technological innovation, and user empowerment, that could have immediate impact not only on our understanding of the landscape, but on our ability to positively contribute to protecting the human rights that are at risk.

Palfrey goes on to helpfully describe the complex nature of the topic, and is spot on that blunt instrument legislation will not be helpful, and that industry best practices approach is the way to go:

It is important that any legislation not be tailored so broadly as to attempt to confront every issue and actor with one set of rules, but neither should the law address one set of issues and ignore the others. A better approach is to promote the learning and deeper understanding that would lay the foundation for future legislation, ideally in conjunction with the aforementioned Principles process.

ROYAL OAK -- A divided city commission passed an ordinance Monday ordering the Royal Oak public library to install filters on all but one computer in the adult section of the library.

Children's computers already have software designed to block pornographic materials. By a 4-3 vote Monday, the commission mandated the installation of filters in the adult area despite new policies by the library staff that require users to show identification and sign their names before using a computer. In February, Royal Oak police arrested a man accused of viewing child pornography on a library computer in the adult computer lab on the first floor

Cisco Systems, seeking to penetrate the Chinese market, prepared an internal marketing presentation in which it appeared to be willing to assist the Chinese Ministry of Public Security in its goal of "combating Falun Gong evil cult and other hostile elements," according to a translation of a document obtained by congressional investigators. The Cisco presentation will take center stage today at a hearing of the Senate Judiciary Committee on the Global Internet Freedom Act, which aims to defeat Internet censorship. The Washington Post obtained a copy of the presentation, the authenticity of which was confirmed by Cisco. 

I used to do the PR for Secure Computing, which sells web filtering to the government of Saudi Arabia and other places in the Middle East.  Our position was that we were selling the same filtering software we sold to the U.S. Army, General Electric, and United Airlines and lots of other places, and it's the customer's choice how to deploy.  Where I felt it would cross the line would be to actively aid a government in suppressing a particular social, political, or religious point of view.  Let's say Secure Computing was actively creating a list of sites criticizing the Saudi government and supplying it to them - that would have crossed the line, and I was never aware of anything like this happening when I was at Secure Computing.  I haven't seen Cisco's PowerPoint, but it sounds like it may have crossed that line.

Here are whitelisting instructions for some of the major email service providers. The minimum we suggest they do is to add the 'from' email address (username@domain) into their email system's address book.  

Please insert the From address you are whitelisting for username@domain.com using the instructions below:

AOL

Add the "From address" you want to receive mailings from to your AOL address book:

1. Click the "Mail Options" menu and select "Address Book".
2. Inside the "Address Book" window, click the "Add" button.
3. Inside the "Address Card for New Contact" window cut and paste username@domain.com into the "Other E-Mail" field.
4. Make our From address the "Primary E-Mail" address by checking the associated check box to the right of it.
5. Click the "Save" button.

If the mailing is in your SPAM Folder, you can open the email and click the "This Is Not Spam" button.

Gmail

Add the From address you want to receive mailings from to your Gmail Contacts List:

1. Click "Contacts" along the left side of any Gmail page.
2. Click "Create Contact".
3. Copy and paste username@domain.com into the primary email address dialog box.
4. Click "Save".

If the mailing is in your SPAM folder, check the box next to the mailing and click the "Not Spam" button along the top.

Hotmail

Add the From address you want to receive mailings from to your Hotmail Safe List:

1. Open your mailbox and click “Options” (upper right hand corner).
2. Click the “Junk E-Mail Protection” link.
3. Select the “Safe List” link.
4. Copy and paste username@domain.com into the dialog box titled “Type an address or domain”.
5. Click the “Add” button next to the dialog box.

If the mailing is in your "Junk E-Mail Folder", open the email and click the "Not Junk" button. 

You should also check that the mailing's email address is not in your Blocked Senders list.  You can find your Blocked Senders list by following the directions above and going to "Blocked Senders List" instead of "Safe List".  If you see the mailing's from address on this list, select it and click the Remove button. 

Mozilla Thunderbird

Add the From address you want to receive mailings from to your Thunderbird Address Book and configure your Junk Mail Controls to white list your address book.

Add an address into your Personal Address Book:

1. Click the "Address Book" button.
2. Make sure the Personal Address Book is highlighted.
3. Click the "New Card" button.
4. Under the "Contact" tab, copy and paste username@domain.com into the Email dialog box.
5. Click "OK".

White list your Personal Address Book:

1. From the main drop down menu, select "Tools -< Junk Mail Controls..."
2. This will launch the Junk Mail Controls window that has two tabs: Settings and Adaptive Filter
3. Under the Settings tab, update the "White Lists" module by selecting Personal Address Book from the pull down menu and then check mark the box next to "Do not mark messages as junk mail".
4. Click "OK".

If the mailing is in your junk folder, right-click the mailing and choose "Mark -< As Not Junk".

Netscape Mail

Set up a filter to redirect the mailing you want to receive into your inbox:

1. From the Edit drop down menu, select "Message Filters".
2. Click "New", and give the new filter a name (e.g. "Whitelist").
3. Change the drop down on the left to "sender" and the one in the middle to "is".
4. Copy and paste username@domain.com into the box on the right.
5. Make the bottom two drop downs "Move to folder" and "Inbox".
6. Click "OK".
7. Make sure that your new filter is located at the top of the Message Filter list so it is run before any spam filter.

Outlook 2003

Add the address you want to receive mailings from to your Safe Senders list:

1. On the Tools menu, click "Options".
2. On the Preferences tab, click "Junk E-mail".
3. On the Safe Senders tab, click "Add".
4. In the Add address box, copy and paste in username@domain.com and click OK.

If you are using a different version of Outlook you can add the mailers From address to your Address Book. This can be done by opening the email, right clicking the From address, and selecting "Add To Contacts". You can also access your Address Book via the tools drop down menu.

Yahoo

Set up a filter to redirect the mailing you want to receive in your inbox:

1. Open your mailbox and click on "Mail Options" (upper right hand corner).
2. Select "Filters" under the Management column.
3. Click the "Add" button on the Filters page.
4. In the "From header:" row, make the drop down "contains" and put the mailer's from address username@domain.com   in the box.
5. At the bottom of the page Click the "Choose Folder" pull down menu and select "Inbox".
6. Click the "Add Filter" button.

If the mailing is in your Yahoo Bulk Folder open the email and click the "Not Spam" button. You should also check that the mailing's email address is not in your "Blocked Addresses" list.  You can find your "Blocked Addresses" list by clicking "Mail Options" and then clicking the "Blocked Addresses" link under the Spam column.  If you see the mailing's from address on this list, select it and click the "Remove Block" button. 

Others

The most common way to whitelist an address is to add it to your address book, white list, or safe list.  There is no universal way to whitelist an address, so if this is not an option, you will have to consult the help section associated with your email application.  They should have instructions on how to whitelist an address there.

For more information on Applied Info Group's database and email marketing service capabilities, please contact Mitch Rubin, President of Applied Info Group at 908-241-7007 or by email at info@appliedinfogroup.com. Visit www.appliedinfogroup.com to learn more.

Apparantly, this hasn't gone down very well with the Iranians. Many see this as "inept and over-prescriptive filtering", which I tend to agree. To a large extent at least.. I feel that the "protecting our people from content that could potentially corrupt young minds" thing is a whole lot of crap. I believe that majority of us are mature and discerning enough to make a judgement call ourselves and having someone to tell us what not to do is just gonna create more of the rebellious streak in us. And to the minority that needs their impressionable minds looked after, thats just part and parcel of life. Evil lurks wherever Good goes.. thats a fact of life, thats history and if young impressionable minds could cause crimes, murders and wars centuries ago, I don't think internet filtering will be of much help to these poor souls anyway... but thats just my point of view...

Setting my POV aside, this issue however, draws a fairly interesting comparison when you put it side-by-side China. The Chinese are obviously saying YES (then again, the recent Sichuan earthquake hints at a NO) but the Iranians are saying NO... to essentially the same thing...  But reading through the different articles online, the same old feeling hits me... Why bother if its a right or wrong? What matters most is obviously what the people of the nation wants. Do they want internet filtering or not should be the crux of the question, not whether it is right or wrong, should or shouldn't, need or needn't.

If it is what the nation's people want, then its obviously a right, should and need, vice versa. I mean, yes, to a certain degree, some people might not know whats good and bad for them, but I would think majority of the people do. We keep talking anout how culture shapes our thoughts, our actions and our beliefs, so shouldn't we let it shape how the internet should or should not work for us? Shouldn't we be leaving these decisions for the people to decide, as a collective whole, as a nation instead of imposing our views and expectations on them?

Just a thought...
Grace

The ruling parties will introduce legislation for Internet service providers to block access to child pornography sites with major providers in favor of the move, sources said.  A project team of Liberal Democratic Party and New Komeito members will draw up a bill to revise the law prohibiting child pornography after the Golden Week holiday period. It will aim to have the bill passed by the Diet in the current session, the sources said.  If such a revision passes the Diet, it will be the first measure involving the legal blocking of specific Web sites, albeit in the form of a nonbinding guideline. 

This is an ongoing trend that isn't going away, as it's hard to defend not filtering child pornography.  This is an ongoing problem with the global Internet when you have certain countries (particularly in Eastern Europe) who are lazy about shutting down sites involved in criminal activity, including child porn.  The interesting question is - where does this lead?