Tag Archives: nz

DNC NZ submission

The DNC has proposed a new policy for .nz WHOIS data which unfortunately does not in my view address the current issues with lack of privacy of the .nz namespace. The following is my submission on the matter.

Dear DNC,

I have strong concerns with the proposed policy changes to .nz WHOIS information and am writing to request you reconsider your stance on publication of WHOIS information.

#1: Refuting requirement of public information for IT and business related contact

My background is working in IT and I manage around 600 domains for a large NZ organisation. This would imply that WHOIS data would be useful, as per your public good statement, however I don’t find this to be correct.

My use cases tend to be one of the following:

1. A requirement to get a malicious (phishing, malware, etc) site taken down.

2. Contacting a domain owner to request a purchase of their domain.

3. A legal issue (eg copyright infringement, trademarks, defamation).

4. Determining if my employer actually owns the domain marketing is trying to use today. :-)

Of the above:

1. In this case, I would generally contact the service provider of the hosting anyway since the owners of such domains tend to be unreliable or unsure how to even fix the issue. Service providers tend to have a higher level of maturity of pulling such content quickly. The service provider details can be determined via IP-address lookup and finding the hosting provider from there, rather than relying on the technical contact information which often is just the same as the registrant and doesn’t reflect the actual company hosting the site. All the registrant information is not required to complete this requirement, although email is always good for a courtesy heads up.

2. Email is satisfactory for this. Address & phone is not required.

3. Given any legal issue is handled by a solicitor, a legal request could be filed with DNC to release the private ownership information in the event that the email address of the domain owner was non responsive.

4. Accurate owner name is more than enough.

#2: Internet Abuse

I publish a non-interesting and non-controversial personal blog. I don’t belong to any minorities ethnic groups. I’m born in NZ. I’m well off. I’m male. The point being that I don’t generally attract any kind of abuse or harassment that is sadly delivered to some members of the online community.

However even I end up receiving abuse relating to my online presence on occasion in the form of anonymous abusive emails. This doesn’t phase me personally, but if I was in one of the many online minorities that can (and still do) suffer real-word physical abuses, I might not be so blasé knowing that it doesn’t take much to suddenly turn up at my home and throw abuse in person.

It’s also extremely easy for an online debate to result in a real world incident. It isn’t hard to trace a person’s social media comments to their blog/website and from there, their real world address. Nobody likes angry morons abusing them at 2am outside their house with a tire iron about their Twitter post.

#3. Cold-blooded targeting

I’ve discussed my needs as an IT professional for WHOIS data, the issue of internet abuse. Finally I wish to point out the issue of exposing one’s address publicly when we consider what a smart, malicious player can do with the information.

* With a target’s date of birth (thanks Facebook!) and their address (thanks DNC policy!) you’re in the position to fake someone’s identity for a number of NZ organisations including insurance and medical whom use these two (weak) forms of validation.

* Tweet a picture of your coffee at Mojo this morning? Excellent, your house is probably unoccupied for 8 hours, I need a new TV.

* Posting blogs about your amazing international trip? Should be a couple good weeks to take advantage of this – need a couch to go with that TV.

* Mentioned you have a young daughter? Time to wait for them at your address after school events and intercept there. Its not hard to be “Uncle Bob from the UK to take you for candy” when you have address, names, habits thanks to the combined forces of real world location and social media disclosure.

Not exposing information that doesn’t need to be public is a text-book infosec best practise to prevent social engineering type attacks. We (try to be) cautious around what we tell outsiders because lots of small bits of information becomes very powerful very quickly. Yet we’re happy for people to slap their real world home address on the internet for anyone to take advantage of because no harm could come of this?

To sum up, I request the DNC please reconsider this proposed policy and:

1. Restrict the publication of physical address and phone numbers for all private nz domains. This information has little real use and offer avenues for very disturbing and intrusive abuse and targeting. At least email abuse can be deleted from the comfort of your couch.

2. Retain the requirement for a name and contact email address to be public.However permit the publicly displayed named to be a pseudonym to preserve privacy for users whom consider themselves at risk, with the owner’s real/legal name to be held by DNC for legal contact situations.

I have no concerns if DNC was to keep business-owned domain information public. Ltd companies director contact details are already publicly available via the companies registry, and most business-owned domains simply list their place of business and their reception phone number which doesn’t expose any particular person. My concern is the lack of privacy for New Zealanders rather than businesses.

Thank you for reading. I am happy for this submission to be public.

regards.

Jethro

SMStoXMPP

Having moved to AU means that I now have two cell phones – one with my AU SIM card and another with my NZ SIM card which I keep around in order to receive the odd message from friends/contacts back home and far too many calls from telemarketers.

I didn’t want to have to carry around a second mobile and the cost of having a phone on roaming in AU makes it undesirably expensive to keep in touch with anyone via SMS messaging, so went looking for a solution that would let me get my SMS messages from my phone to my laptop and phone in a more accessible form.

I considered purchasing an SMS gateway device, but they tend to be quite expensive and I’d still have to get some system in place for getting messages from the device to me in an accessible form.

Instead I realised that I could use one of the many older Android cellphones that I have lying around as a gateway device with the right software. The ability to run software makes them completely flexible and with WiFi and 3G data options, it would be entirely possible to leave one in NZ and take advantage of the cheaper connectivity costs to send SMS back to people from within the country.

I was able to use an off-the-shelf application “SMS Gateway” to turn the phone into an SMS gateway, with the option of sending/receiving SMS messages via HTTP or SMTP/POP3.

However emails aren’t the best way to send and reply to SMS messages, particularly if your mail client decides to dump in a whole bunch of MIME data. I decided on a more refined approach and ended up writing a program called “SMStoXMPP“.

Like the name suggestions, SMStoXMPP is lightweight PHP-based SMS to XMPP (Jabber) bi-directional gateway application which receives messages from an SMS gateway device/application and relays them to the target user via XMPP instant messages. The user can then reply via XMPP and have the message delivered via the gateway to the original user.

For me this solves a major issue and means I can leave my NZ cell phone at my flat or even potentially back in NZ and get SMS on my laptop or phone via XMPP no matter where I am or what SIM card I’m on.

smstoxmpp_layout

To make conversations even easier, SMStoXMP does lookups of the phone numbers against any CardDAV address book (such as Google Contacts) and displays your chosen name for the contact. It even provides search functions to make it even easier to find someone to chat to.

Chatting with various contacts via SMStoXMPP with Pidgin as a client.

Chatting with various contacts via SMStoXMPP with Pidgin as a client.

I’ve released version 1.0.0 today, along with documentation for installing, configuring gateways and documentation on how to write your own gateways if you wish to add support for other applications.

Generally it’s pretty stable and works well – there are a few enhancements I want to make to the code and a few bits that are a bit messy, but the major requirements of not leaking memory and being reliably able to send and receive messages have been met. :-)

Whilst I’ve only written support for the one Android phone base gateway, I’m working on getting a USB GSM modem to work which would also be a good solution for anyone with a home server.

It would also be trivial to write in support for one of the many online HTTP SMS gateways that exist if you wanted a way to send messages to people and didn’t care about using your existing phone number.

 

Porting to 2degrees

Having been a long-suffering victim of poor experiences with performance on Vodafone’s data network in NZ and expensive pricing, I’ve now shifted to NZ’s third and youngest mobile provider, 2degrees.

Upgrade from 32k to 128k of SIM memory, woot! ;-)

Two major incentives – firstly unhappiness at Vodafone’s 3G data performance and secondly, unhappiness at the fact that my personal telecommunications expenses are around $350 per month (welcome to NZ, land of expensive comms) and seeking to reduce these somewhat.

I was originally paying $59 a month for my Vodafone service – 120mins, 250 SMS and 300MB data (although boosted to 3GB due to a grandfathered plan promotion). It was pretty good deal when it came out, I signed onto the plan when the first Android phone in NZ launched (HTC Magic) and good data plans for mobiles that didn’t cost a fortune were kind of a new thing.

With 2degrees, I’ve now dropped my bill down to $39 a month, which provides 220mins, 2500 SMS, 100MB data, plus an additional 1GB data bonus for the next 12 months.

There’s a bit of a loss on datacap size, down from Vodafone’s 3GB, but my smartphone and laptop use no more than 1GB all up when combined in regular use, so it’s not really going to impact me.

I also went and dropped the Telecom XT data SIM in my laptop – whilst convenient and bloody fast data, it wasn’t worth the cost for how often I need it – and I can’t really justify when my phone can pair and share the 1.3GB of monthly data it has.

Number porting went very smoothly – after requesting the port online with 2degrees, I got a txt about 3 hrs later confirming it was complete. 2degrees even went to the effort of informing Vodafone and having them close my account which was handy.

It’s been going great since, so far I haven’t encountered any cell towers dropping ~90% of packet data without anybody at Vodafone noticing yet and performance seems speedy and reliable.

Infact the performance of the 2degreees network around Auckland actually beats my DSL at times, especially for the upload, which is pretty tragic. :-/

Sadly the results for 3G performance are sometimes better than my ADSL :-/

I haven’t gone on a rural trip since moving to 2degrees, but it should be just as good as I used to get with Vodafone, as 2degrees uses Vodafone for roaming when outside of their own network zones.

Their plans certainly seem popular – I’ve had at least 2 other friends move to 2degrees, even if you want expensive smartphones, it’s often cheaper to buy the phone outright and use 2degrees no-term monthly than to sign with Telecom or Vodafone due to the savings in plan costs over 24 months, not to mention freedom and flexibility to change plans.

Rugby World Cup Dates

Not particularly looking forwards to the Rugby World Cup, being held in New Zealand this year – especially the after game celebrations that will undoubtedly take place.

Incase you’re wondering when, RWC starts on 9 September and ends 23 October – I went and made a list of games for the three cities I’m likely to be in during the time, so I know when to avoid the CBD/travel there, as much as possible:

Wellington
11 September 2011
17 September 2011
23 September 2011
25 September 2011
1 October 2011
2 October 2011
8 October 2011
9 October 2011

Napier
18 September 2011
27 September 2011

Auckland
9 September 2011
10 September 2011
11 September 2011
17 September 2011
22 September 2011
24 September 2011
25 September 2011
30 September 2011
1 October 2011
9 October 2011
15 October 2011
16 October 2011
21 October 2011
23 October 2011

Hastings Roadtrip!

At the request of @splatdevil, I’ve headed up to Hastings for the weekend to be with her during a difficult personal time.

I always like an excuse for a roadtrip, the Wellington to Hastings drive is pretty nice and isn’t too long at only 4 hours.

Interesting statistics from the trip:

  • $30~ fuel consumption in Toyota Starlet 1.3l petrol car
  • 800ml coke consumed.
  • 1 chip in wind screen. Going to be a hassle to go and have that fixed now :-(
  • 2 wrong turns.
  • 1 fuel stop.
  • 0 toilet/snack stops.
  • >9000 angry swear words at traffic queues whilst trying to depart Wellington on a Friday afternoon.
  • 6 uses of the over taking lane
  • 4 sets of roadworks.
  • 1 police car on traffic duties.
  • 3 ambulances, only 1 active.