Stancle had been accused of creating a Facebook profile belonging to a nonexistent teenage girl and then, between approximately the spring of 2007 and November of 2008, using it to convince more than 30 of his male classmates to send in nude photos or videos of themselves.

Stancl then reportedly threatened to post the photos or videos on the Internet if they didn’t engage in some sort of sexual activity with him. At least seven of them have said they were coerced into sex acts, which Stancl documented with a cell phone camera.

Stancl’s victims were teenage boys focused on sex — not exactly the world’s clearest thinkers. Even so, I find it remarkable that multiple people would:

1. Send nude photographs of themselves to a stranger.
2. Be so concerned about those photographs getting published online that they would submit to sexual blackmail.
3. Allow the results of their sexual blackmail to be photographed.

Literally — WTF??

Please take a look. (And please overlook the UI at those links.  It’s been embarrasingly bad, especially in the matter of bullet points, ever since I started blogging there, and this month it got a lot worse. I’m sorry.)

Then please help, by advancing your take on these ideas by any means at your disposal.  It’s going to take years to get all this right.  Freedom hangs in the balance.  We need to start NOW.

Discussion is also underway on Slashdot.

Issues of privacy and liberty take at least five forms:

• Censorship
• Admissible evidence in court
• Admissible evidence in investigations (not exactly the same thing)
• The consequences of damaging information leaks from the government to the private sector
• Potential chill on useful technologies (e.g., electronic health records) caused by any of the other four kinds of issue

Taken together, that amounts to much of the Bill of Rights – or other countries’ equivalents – plus a whole lot of life-saving technology on the side. I.e., it’s more than huge.

That’s from a detailed recent post that ends with a call to action:

Please join me in raising awareness. Blog yourself. Send email to those who might have influence. Or – and this one’s really easy – just go to the suggestion page at www.change.gov and help draw the incoming Administration’s attention toward these crucial issues.

Please, please do at least one of those things. There’s still enough time for freedom to be preserved, since the worst practical threats are still some years off. But if it doesn’t happen during an Obama Administration, when will it happen, in the United States or the rest of the world? The time to make a difference is now.

• A high-end “proxy”-style firewall, which was widely used in the US intelligence and defense communities
• A two-factor authentication division
• A censorware division that, for example, had run Saudi Arabia’s web censorship since the late 1990s
• A firewall-on-a-board OEM deal with 3COM

The short idea was in large part that the firewall-on-a-board idea had caused great overoptimism, stoked by the company. On further digging, I found that CEO John McNulty’s resume, as stated for example in Secure Computing’s SEC filings, seemed inconsistent with his resume as stated in SEC filings of his prior employer. Nobody seemed to care much about correcting that, however.

I quickly stopped doing business with the investment research firm in question, and nothing came of the investment project. But I wasn’t surprised when, in its very first batch of Reg FD enforcement actions, the SEC slapped Secure Computing and McNulty.

Secure Computing has subsequently made a lot of acquisitions and divestitures. I have no doubt many of the products deserve to live on, and almsot all of the people working on them deserve jobs making that happen. Even so, I’m glad to see the company itself going out of existence. And I’d guess it’s no coincidence that Secure is selling out less than half a year after McNulty’s much-belated resignation as CEO.

Yes, clearly IronPort’s reputation data is part of the prize for Cisco. …

An interesting question is what will happen (if anything) with SpamCop. IronPort deliberately ran SpamCop at arm’s length as a matter of policy. I wonder if Cisco will maintain that policy. SpamCop is of course part of the raw data feeding into SenderBase, along with the data phoned home by the IronPort boxes.

As we’ve seen with the BlackSpider acquisition by SurfControl, spam control companies that aggregate lots of data about spam sources are valuable, for reasons in addition to spam control. If a zombie is sending spam, it’s also probably a potential source of other bad stuff, such as worms and DDoS connections.

Quite possibly, one of Cisco’s goals (dreams?) for this acquisition is to put a whole lot of sender policing into the network infrastructure. Mainly, that’s a good thing — but like most kinds of internet policing, that technology also has the potential for abuse.

In that vein, I note that the Ferris guys say Ironport’s big competitor was Ciphertrust, acquired by Secure Computing. Well, in my opinion Secure Computing are bad guys, or at least were as of my research a few years ago. They have long helped enforce nationwide Web censorship in Saudi Arabia; they got dinged by the SEC for early for CEO stock hyping/selective disclosure; they in my opinion were guilty of a lot more hyping than that; and for the cherry on top of this ethical sundae, CEO John McNulty has a resume in Secure’s SEC filings that is inconsistent with the SEC filings of a previous employer.

Anonymizer’s methods are surprisingly straightforward. They make available an anonymous proxy server and, when the Chinese government blocks access to its URL, distribute a new URL on a daily e-mail list. Apparently, the mean time to blockage used to be months, and now is down to a couple of days. Lance claims to have already worked out prepared (undisclosed) tricks prepared for when the mean time to blockage drops so low — e.g., less than a day – that current techniques stop working.

I would guess that one of these tricks is to distribute different proxy URLs to different list subscribers, making it hard for the Chinese government to block them all … especially since the subscribers whose URLs did get blocked would quickly be dropped from the list. One bonus to this hypothetical approach is that they could use all sorts of standard spammer techniques to punch the e-mails themselves through any filters. The only truly reliable way to block spam is to identify it via the call-to-action part. But if you’re sending different URLs to different people, that makes call-to-action identification and blocking hard.

Still, there’s a scaling problem. Right now they only reach 10s of 1000s of Chinese citizens. It’s hard to see how they could get through to a really large fraction of the population without leaving themselves open to standard spam-blocking techniques. What’s more, there’s no compelling technical reason China couldn’t block 100s, 1000s or even 10s of 1000s new URLs each day on a quick-response basis.

That said, Anonymizer’s heart and head both seem to be in the right respective places. What Lance told me doesn’t go nearly as far as my Operation Peking Duck proposal, but it’s in the same direction, right down to requiring the Chinese citizens to have a secure piece of client software, and hoping the authorities don’t criminalize the very act of running that software, or defeat it via a spyware blocker. More fundamentally, he seems to understand that he can’t win long-term without being, in his great phrase, a “freedom spammer.” Indeed, right now a significant fraction of the e-mail list subscribers are actually spam recipients, to provide legal cover should anybody get into trouble simply for being on the list.

1. Provide anonymity services to ordinary individuals.
2. Provide anonymity services to enterprises (aka enterprise sneakiness support).
3. Help people get through the national firewalls in Iran and China.

For the record: They’re profitable, only ever took about $2 ½ million in mainly angel funding, get 70% of their revenue from enterprises (an increasing percentage even though the consumer stuff is growing to), and are paid by Voice of America for their Iran work but do China on a pro bono basis.

The consumer service, for an annual fee of $20-40 or so, is designed to reduce the marketing-related hassle of using the internet. If you need to give out an e-mail address, you can use a pseudonymous one, from which Anonymizer will re-route mail to your main address – until such time as you shut it down, because that particular address is attracting spam or other unwanted traffic. They also work to make you untraceable via IP address or cookies, protect you from spyware, and so on.

Is this worth the hassle for an individual to use? Well, I hate getting 100+ spam/day, but given how widely published my main e-mail address is, new sign-ups are the least of my problems. But if you’re an enterprise, it’s a whole other matter. That’s because enterprises have lots of reasons to be sneaky. These reasons fall into two major categories.

First, enterprises have a lot of legitimate reasons for concealing their interest in a subject. If they’re going after a bad guy – hacker, fraudster, whatever – it’s good not to be spotted. If they’re so much as checking out a possible merger target, it’s good not to be spotted. AOL accounts and the like will do the job too – but if you’re a professional snoop, having a professional cloaking device makes sense.

Second, there are cases where web sites are automatically configured to defeat snooping. Lance cited a number of cases – hackers again, trademark infringers, and so on. Most interesting, however, are the enterprises who engage in hardcore automated price-checking. It wouldn’t be unreasonable for an airline or major online retailer to fire off hundreds of thousands of competitive price inquiries daily – and for competitors to detect that and try to feed incorrect information back.

How big is this need? Lance assures me that he has commercial customers – not just government/intelligence – with low thousands of seats each, paying low hundreds per seat per year. But does that go far beyond a few obvious-suspect airlines and the like, plus a few top-tier Fortune-50-type brand owners? I don’t know.

One subject I forgot to ask about – and a hat-tip goes to Linda for raising the question after I got off the phone: Why isn’t this sneakiness-enabling technology a boon to bad guys too? Offhand, I couldn’t think of anything Anonymizer provides to crooks that isn’t simply provided by consumer free e-mail, encryption, and the like – unless they’re mega-spammers, and then they don’t need Anonymizer anyway because they have their botnets to conceal their identities. Still, I’m e-mailing Lance for follow-up, and will ask him to address the point in the comment thread below.

Some interesting aspects of enterprise deployments – they’re subscription-priced, they’re appliance-based, and the appliance is just a Juniper/Netscreen box configured to route traffic through Anonymizer’s servers. (Usually, at least – I get the impression they’ve tried other vendors’ boxes, but are mainly standardized on Netscreen.)

As for their penetration of the Great Firewall of China — that’s too important to bury this far down. I’ll write a separate post for it.

The contents of your online communications, as well as other information about you as an AOL Network user, may be accessed and disclosed in response to legal process (for example, a court order, search warrant or subpoena); in other circumstances in which AOL believes the AOL Network is being used in the commission of a crime; when we have a good faith belief that there is an emergency that poses a threat to the safety of you or another person; or when necessary either to protect the rights or property of AOL, the AOL Network or its affiliated providers, or for us to render the service you have requested.

We consider your use of the Service, including the content of your communications, to be private. We do not routinely monitor your communications or disclose information about your communications to anyone. However, we may monitor your communications and disclose information about you, including the content of your communications, if we consider it necessary to: (1) comply with the law or to respond to legal process; (2) ensure your compliance with this contract; or (3) protect the rights, property, or interests of Microsoft, its employees, its customers, or the public.

EDIT: I can’t find anything at all about content privacy on the Yahoo! Messenger privacy page.

Richard, however, goes further, thinking that Google could succeed in PCs used mainly to run word processing, spreadsheets, etc.. His arguments include:

• Google has a well-regarded brand name. Check.
• Google might be able to make them cheaply, and even if they couldn’t, they could contract out the manufacture. Check.
• Google wouldn’t be burdened with Microsoft bloatware, and hence could make really cheap PCs. Hmm. There’s some truth to that, although it also is the case that some of that bloat provides actual functionality. And there might be more actual functionality in the future – e.g., speech recognition.
• Google is great at UIs, and could fix UIs like desktop Linux’s. Umm, I’m not sure Google is particularly great at UIs. But anybody with a decent usability lab should be able to turn out something that is, well, usable. Besides, if you ask my fellow posters on Slashdot, there isn’t anything wrong with Linux’s UI anyway.
• Their SaaS nature gives Google’s apps a big leg up on Microsoft Office. Hmm. First of all, to the extent you keep data on Google servers, you have to worry about Big Brother. The way things are going, that’s not a concern to dismiss lightly, no matter what your home country may be. That potentially major detail aside, SaaS is goodness. But it would take some pretty clever marketing to convince consumers it was an actual advantage. What’s more, the most obvious area of advantage – collaboration – is one that will also immediately bring privacy concerns to the fore. Assuming consumers actually care about privacy, of course …

As for Google’s ability to execute – well, they’re doing a very mixed job with the Google search appliance. At the high end of the market, it’s a joke, in terms of functionality and marketing alike. But in Microsoft-like manner, it’s eating into the low end due to its price and the company’s reputation.

So I’m not sure where I come down on this, except to ask – is the PC even the right device to think about? Or would a mobile device – video/music player, etc. – make more sense?