I think the comment from one Home Office spokesman “It is hard to see why anyone would want to access the information on the chip.” says more about the fundamental lack of understanding of the problems with RFID-enabled passports than anything else.

Whilst the spokesman rightly goes on to mention that the information stored on the RFID chip is exactly the same as that printed on the passport itself, he avoids, either deliebrately or accidentally, the underlying problem: If the passport can be read electronically, that means there’s less need for the actual data printed in the passport to be checked, especially when trying to meet targets for processing travellers.

So, as soon as passport controls are put in place where all that is required is a valid RFID passport, which is not checked, then cloning passports becomes incredibly valuable, as it allows you to travel across borders as someone else, without having to have a very good passport forgery – all you actually need is a clonded RFID chip.

In any place where this type of checking becomes the norm, what’s the likelyhood of being stopped and asked to show a real passport?

Of course, if passport control stations retain human operators, who check that the photograph on the RFID chip matches the person standing in front of them, all someone needs to do is clone the RFID data and exchange the digital photo for a matching one, and you immediately have someone else’s details with your photo, and you can move through passport control quickly and easily.

Still, since it only takes 5 minutes to clone an ePassport now, so I guess you could do it whilst standing in line at the airport and become whomever you like.

There are reasons to like Valve Software’s Steam service. It makes buying and delivering new software easy. It lets you find friends you want to play with. And I’m sure a lot of other good things as well.

However, I don’t like Steam. I don’t like Steam to the point where I no longer want my Steam account.

My major criticism of Steam harks back to the release of Half Life 2. I bought the game using a credit card from a reputable high street store. In fact, I still have the original game box, DVD and receipt. The only problem is, Valve thinks I’m a pirate. And the only way to prove I’m not a pirate, that I bought my game legitimately, is to let Valve’s Steam software rummage around on my hard drive to ‘verify’ and ‘enable’ my game.

I know nothing will ever be done to change this, far too many people have acquiesced and Steam is far too ingrained amongst gamers to ever be changed to remove the automatic assumption that a person who buys a Valve game is not a pirate. Which is why I have chosen to never buy or play a game that uses Steam.

However, this does leave me in the position of still having a Steam account, which I did use to ‘verify’ and ‘enable’ the copy of Half Life 2 I bought on my credit card from a reputable high street store. I had to prove to Valve I wasn’t a pirate if I wanted to play their game.

Once I had finished with the game, I contacted Valve to have my account deleted, as I had no wish for them to retain any of my details, including my email address, and I had no use for the Steam account any longer.

One of the responses I got was frankly ludicrous:

As steam is a free product, you cannot cancel the account. You can disable the account by uninstalling
it.

What has being a free product got to do with cancelling an account?

It took several emails, and an assumption on the part of Steam’s support staff that I was trying to reset CounterStrike CD keys (which tells me they didn’t check my Steam account, which would have shown that I did not have any CounterStrike CD keys associated with the account.

I finally received the following email on September 24, 2004, after cc’ing Gabe Newell into the discussion – it says a lot when you have to include the company CEO in a support query to actually have your request read and dealt with:

Dear Tom, per your multiple requests I am disabling your Steam account efective imediatelly, remember that
this will not allow you to receive any emails from Steam including account/password recovery emails or have
access to your account.

If you have any more questions feel free to contact Steam Support.

The other day I saw my copy of Half Life 2 (which I can no longer play, as I’ve had to re-install my Windows OS several times) and thought I’d check out my Steam account to see if Valve had actually disabled it as I requested (something I really should have done at the time).

Of course, the first thing that happened was I was able to log straight into the account that Valve claimed had been disabled.

So I read through the Valve and Steam website again, and tried contacting Valve through the usual channels. I emailed SteamSupport (which timed out), and I emailed Privacy. Interestingly, the email given in the Privacy Policy as a contact point if you have concerns over privacy and the way your data is handled results in this auto-response:

Thank you for contacting Valve. This email address is monitored, however due to the volume of email we
get daily, you may not necessarily get a direct response.

So, if I have a concern over privacy, they may check the email inbox eventually?

I guess I need to go back to SteamSupport and create a new account just to have the old account disabled? After all, despite assurances from Valve that the account had been disabled, it appears that in reality it has been active and useable for more than two years.

And given Valve’s disinterest in actually dealing with privacy issues, what recourse do I have if the account is used fraudulently? From what I have been able to discover, I have no resource at all – I can’t even take the basic step of protecting my own data by requesting the account be disabled so that no-one, not even me, can use it. And should I actually want my details removed – well, that’s just not possible – after all, it’s a free service…

Valve, Steam, Half Life 2, Privacy, Identity Management

I’ve come up against an interesting problem: O2’s email servers are stripping out attached 3GP videos, transcoding them to a lower quality (but higher file size) AVI, attaching the AVI and sending the email on to the recipient with a link back to O2’s website in certain situations:

You have received a Media Message
This Media Message has been sent using an O2 camera phone.

Click here to view this message online[...]

I spent an incredible amount of time on hold to customer support playing chinese whispers with a very helpful lady who knew nothing about my problem, but had to relay everything while I was on hold as the technical support department wouldn’t originally speak directly to me.

So, here’s what I was told, in order, by the helpful lady (relaying from Tech Support):

O2’s email servers have a 300Kb limit
Funny – the .3gp is 102Kb, but the attached transcoded AVI is 200Kb

You phone is doing the conversion before it’s sent
Then why do O2 have a copy of the original, full-resolution .3gp on their server? If my phone’s doing the conversion, then the converted file would be sent.

You didn’t have WAP settings turned on on your account.
So how come I’ve been using the WAP service for the past couple of months whilst I test Pitch?

And what does having WAP settings turned on on my account have to do with sending an email?

What I’ve also discovered:
Even though I run my own IMAP server, and can receive email quite happily, I am not allowed to use my IMAP server to send email – all outgoing email has to go through O2’s outgoing SMTP server – which means any outgoing email is not being sent from my server, and the headers reflect this – not an ideal situation.

There’s also no way I can find out why this is happening, as technical support didn’t seem to know why I couldn’t make a port 25 connection to my mail server. Given that I can quite happily connect to port 25 on O2’s mail server, this tells me that the connection is being blocked, which is a real pain.

Conclusion:
It appears some newer phones are hiding the fact that you are sending something as a media message, making it appear as if you are sending an email instead.

So if you want to send someone a mobile video by email, make sure you’re actually sending it via email and not as a media message.

Pitch is Live! It actually went live last week, and now here’s the official press release:

Social Networking Goes Mobile with Pitch

Pitch launches new mobile entertainment community with free content

20 November 2006 — Pitch, the UK’s first advertising-funded mobile content provider, today launched a brand new service offering users a fully-interactive entertainment community on their mobile handsets. Bringing the Web 2.0 social networking phenomenon to the mobile phone, Pitch’s new service features instant messaging, photo and video upload and sharing as well as access to an exciting new online community.

The new service will run alongside Pitch’s existing advertising-funded mobile content offer, so that in addition to free mobile content (videos, games, ringtones, screensavers and wallpapers) Pitch customers can enjoy a suite of social networking applications on their mobile phone.

Through the new service, Pitch customers can build their own mobile home page, complete with a unique user name (PitchTag) and inbox, allowing them to send messages to friends or groups, as well as participating in real time group chat with other Pitch members. Thus users can create and join interest groups, enabling them to stay in touch with old friends or meet new people with similar interests – all through their mobile phones. Pitch does not charge for this service, so the only costs users incur come from data charges, making instant communication significantly cheaper than sending a text through a network operator.

Creating a PitchTag tag allows a person or even a brand to promote their Pitch mobile space anywhere. Texting the tag to the Pitch short code (for example ‘Yourname’ to 87000) delivers an instant hyperlink straight to a specific home page. In addition, Pitch members can upload and share as many pictures and videos as they like, through the unlimited Pitch Albums feature.

A web application of Pitch, to follow in December, will complete the service, allowing customers to use and manage their Pitch profile from both PC and mobile.

Pitch CEO Lourens de Beer commented: “Web-based social networking is being embraced worldwide as the ultimate next-generation lifestyle tool, with a myriad of different applications and creative opportunities for individuals to express themselves and their opinions, interacting with each other in a unique space. For the first time, Pitch brings bring all the benefits of personalised social networking to the mobile handset, a medium perfectly-suited to this phenomenon. The mobile phone has taken next step in becoming the ultimate and indispensable social communication tool.”

This has pretty much been my entire life for the past 3 months…

I think the title says it all. I know I’ve not been posting much (well, at all) for a while, but this really deserves a mention..

A story in today’s Guardian reveals that a team of researchers cracked the protection on the UK’s new biometric RFID passports in 48 hours, using less than £200 of over-the-counter electronics equipment.

“If you can read the chip, then you can clone it,” [Lukas Grunwald, founder of DN-Systems Enterprise Solutions in Germany] says. “You could use this to clone a passport that would exploit the system to illegally enter another country.”

Here’s a link to BoingBoing’s coverage as well…

Microsoft released the final version of Internet Explorer 7 for Windows XP SP2 today, so I downloaded it to check it out. However, despite using a fully validated, up-to-date and corporately-licensed version of Windows XP, IE7 insisted that my machine was not validated and I needed to validate again.

Is this a precursor of things to come? Will every new piece of software decide that my machien isn’t validated and force me to re-validate every time?

I’ve just run into some unbelievably expensive Internet access charges to make use of hotel WiFi. In the middle of London, where the price of a 2Mb ADSL line tops out at about £10 a month for residential and maybe £30 a month for business with unlimited data trasnfer, the hotel I am staying in is charging £9.99 per 24 hour period for access to a shared 2Mb ADSL connection. That’s £300 a month, or ten times what a normal business ADSL line will cost.

Either the company providing the billing solution is charging them a fortune, or the hotel has discovered a cash-cow – after all, three customers using the Internet service once pays the month’s ADSL bills, and anything over this is pure profit. It’s actually cheaper, given the amount of work I am doing on the Internet at the moment, to use my 3G mobile phone as a connection device than to use the hotel’s shared WiFi.

There’s an interesting article over on Ars Technica today about the recently released SiN: Episodes and piracy.

Within three hours of the release of Ritual’s SiN Episodes Emergence, the game was pirated and up on the ‘Net; releasing it on Steam had little effect on piracy, at least initially. When a bug in the game was discovered, Ritual patched it and released the update via Steam… and that update was applied to the game slyly, in the background. Users who had paid for the game received the update. Those who had pirated the game didn’t, but that didn’t stop them from complaining to customer support.

The issue of the cost of providing support is very briefly touched on in the article, since of course there are costs involved in providing this support.

One of the side effects of our own GTIP service is that it equally applies and provides support to all copies of game, legitimate or not, and equally generates revenue from all copies of a game, legitimate or not, so companies can continue to earn money from a game even if it is pirated. They may not make the full retail cost of the game back, but at least some of the cost can be mitigated.

How does it do this? The service is a pure question/answer service, and is not tied electronically or functionally to any particular game, and there is no ‘vailidity check’ made. The service is entirely seperate from the actual, physical game, and is an information service. It just happens that each answer sent to a question generates income, regardless of why the question was asked.

Another side effect of this seperation is that it also generates revenue from second hand games, rental game and games no longer available for sale, and can help to achieve a higher return on a title, as well as improving customer relations by ensuring that customers always get a personal response to their questions.

OK, end of sales pitch. But it also shows that providing customer support doesn’t have to be a loss.

A while ago I complained about Sky penalising existing customers who wanted to upgrade services, especially going to something potentially useful like Sky+. Well, it sees Sky have had a change of heart, and have introduced some parity into the pricing. It is now exactly the same cost to upgrade to Sky+ as it is to get Sky+ as a new customer.

The cost breaks down, for both new and existing customers, as:
Equipment: £99
Subscription £10 (unless you already have some premium channels.)
Installation: £60 (although I have no idea what this charge is for, but it is apparently mandatory unless you already have multiroom)

Although, looking through the site it appears that pricing is all over the place. One page suggests that the box is £199, not £99, another suggests it’s £89 with multiroom or £49 without…

Ewan at SMS Text News emailed we a while back with a few questions for his series of mobile interviews, so naturally I answered. Well, he’s posted the interview with a very flattering introduction. I feel quite embarassed :)