It would be helpful to clarify what exactly you consider personally identifying information. Some major companies, for example, have claimed that IP addresses aren't personally identifying, which is in my opinion a load of hooey. If you're using somebody else's standard definition, you might want to link to it.

"Aggregate information" is similarly vague, for similar reasons.

Now, digressing: Actually, it's quite hard to pin these concepts down with much precision. In privacy research, particularly as related to health care, the concept of k-anonymity is often invoked: A disclosure system gives you k-anonymity if for every person whose info is aggregated in the release, there are at least k data points that the person could be. Unfortunately, no formal procedure to guarantee k-anonymity holds up in real-world circumstances (i.e., where external databases exist).

I doubt that Boingboing is sharing so much aggregate data as to endanger its users. But by describing its 'data aggregation' procedures in more detail, Boingboing would serve as an example to other sites.

How precisely would our nation's enemies go about plunging us into a state of chaos and havoc using a pair of nipple rings?

Someone (BoingBoing?) should sponsor contest for the best reader-submitted movie-plot threat involving an evil freedom-hater who manages to use her nipple rings (but no other contraband items) to attack our nation's airways. The prize could be a free piercing.

While people are making suggestions about features for the comment system, I'll make one of my own:

1) It would be really great if deleted posts left a gap in the post numbering. Since people tend to reference posts by number, it is unfortunate that deleting a post renumbers the entire thread and throws everybody's references off.

See Jamie Sue's comments in the TSA Nipple Ring Fiasco thread, currently numbered #26 and #27, for an example of the failure mode here.

Hi all, and thanks for the link!

Two things prospective students should be aware of:

1) The Tor Project is in Google Summer of Code 2008 under the umbrella of our friends at the EFF. So if you're looking down the organization list and not seeing Tor, that's why: click on the Electronic Frontier Foundation's project list instead.

2) In case Tor isn't your cup of tea, you should definitely consider the 100+ other organizations that have been accepted to the program this year. There are some really great projects on the list!

"Sucker" usually refers to a gullible person. I don't see what's so gullible about trusting your friends not to give you electric shocks.

The next time that someone argues, "What does it matter if my system is insecure? Nobody would want to hack it!" I shall point them to this story.

@BoinkBoink:

Suppose that a programmer in the 1980s negotiated a deal where his salary was lower than it might have been otherwise, but where he was supposed to get a percentage of shrinkwrap sales media. If, after online sales took off in the 90s and later, his bosses then told him that they weren't going to give him any money for those sales, I would think that any sensible programmer would demand a new contract.

(Now, there are good reasons that this kind of deal isn't the kind of deal that usually gets negotiated in software, and they're pretty interesting reasons. They say a lot about the difference between scripts and programs.)

@BentCorner:

What do you think of the writers' claims that the accounting practices of the studios are deliberately designed to make profitable shows seem unprofitable, in order to avoid paying out shares of the profits?

For example, according to John Bowman, the system that studios uses means that The Simpsons is not "profitable" by their calculations, despite having been. (See here.) If that's how the studios want to calculate profit, what kind of fool would take a share of the profit?

Let this be a lesson to the world: nobody had better make 5WPR look like a pack of fools who substitute spamming for proper relationship-based PR. Anyone who ignores this advice will soon learn the meaning of fear, as 5WPR makes themselves look like a pack of fools by spamming your clients instead of doing proper relationship-based PR.

Color me cynical, but I think that some of the PR people who are complaining about their addresses being posted are less concerned with getting spammed as they are with being outed as incompetents[*] who alienate the very people they're supposed to be reaching.

Chris's post is now the #1 Google hit for most of these addresses, and I bet they aren't very pleased with that.

[*] Yes, they do seem incompetent. As far as I can tell from googling around, some of these addresses have absolutely no tech-related press releases at all on google. Thus, they are either so bad at PR that they can't get a press release on a website listed on Google, or so bad at PR that they've been sending press releases with no tech angle to the editor of Wired.

Bour3@12: It sounds like, in your opinion, Churchill should have leaked to the Nazis the fact that he could read their encrypted communications.

After all, it would have made them feel that "they can no longer use [the airwaves] with impunity," right? And it would have "narrowed [their world], if only psychologically," right? Next to those, what's a few torpedoed convoys?

Of course, this would have been absurd then, and it's absurd now. When intelligent people's communications are compromised, they don't stop communicating: they switch to new communications channels, and take pains to make sure that their new channels are better than the old ones.

Or, in shorter words: Al-Qaeda lost a website. We lost an intelligence source. You're declaring victory. "More such victories and we will be undone."

(Digression begins: This isn't to say that it's never smart to let your adversary know that you've broken their communications. If Bob is using two systems, one of which Alice has broken somewhat and one of which Alice has penetrated completely, it is to Alice's advantage to let Bob know that she has broken the first system in hopes that Bob will switch to the second.

Nevertheless, I rather doubt that this is what's happening here. The compromised website was more or less completely open to the SITE institute, if I understand correctly. The only way a communication channel could be more compromised is if the CIA were running it themselves.)

What do giraffes fight about? Hierarchy? Territory? Mates? All of the above?

"Forbidden words" numbers eight through ten don't have English translations. Could anybody who knows Chinese post what they say?

@15: Actually, the Harvard Coop is so spelled, and has is pronounced (by locals) as a single syllable, rhyming with "soup". English is messy and spellings can change.

@88: "we have criminalized the act of confusing a police officer!"

My apologies for the sarcasm; a couple people have asked me offline what I meant, so I'll expand.

When policymakers tell the cops, "Be really careful and react to everything suspicious," then sometimes the cops will wind up reacting to dumb stuff that isn't really a danger at all. It's obvious: if you tell people to minimize false negatives, then false positives will increase (all other things being equal).

So, what should the cops do when they get a false positive? They could say, "Heck, it looked dangerous to _us_. Sorry for the inconvenience,
but for future reference: the kind of thing you were doing flips us out like crazy." Or on the other hand, they could arrest and pursue charges against the false positive, on the theory that if you did something that made the cops flip out, you must have been doing _something_ wrong.

They've been doing the latter.

Now of course, they don't call it "confusing the police". In Boston, it seems to be "possessing/producing a hoax device". As far as I can tell, in Boston a "hoax device" is "anything that a cop mistakes for a bomb." It's possible that in Joe Previtera's case (see 52 above), a "hoax device" is "whatever you happen to be carrying when a cop decides you're trouble."

If that doesn't stick, they also seem to charge the cop-confuser with "disturbing the peace" on the theory that it's your fault the cops freaked out and shut down the area. This is the only legal theory they tried on the poor New Haven hashers, but it seems to be what they're charging Star with as well.

It seems clear that Boston has a broader law enforcement initiative in place to prevent police error.

You see, to enforce the law, the police need to recognize crimes. But sometimes cops get confused, and think something's a dangerous crime when it isn't. These false positives are embarrassing and expensive. To prevent them, law enforcement is taking the obvious next step: we have criminalized the act of confusing a police officer!

Thanks to this brilliant innovation in law-enforcement policy, we'll never have a false arrest again: because if you're not guilty of whatever the cops thought you did when they arrested you, you'll at least be guilty of confusing them.