I think the comment from one Home Office spokesman “It is hard to see why anyone would want to access the information on the chip.” says more about the fundamental lack of understanding of the problems with RFID-enabled passports than anything else.

Whilst the spokesman rightly goes on to mention that the information stored on the RFID chip is exactly the same as that printed on the passport itself, he avoids, either deliebrately or accidentally, the underlying problem: If the passport can be read electronically, that means there’s less need for the actual data printed in the passport to be checked, especially when trying to meet targets for processing travellers.

So, as soon as passport controls are put in place where all that is required is a valid RFID passport, which is not checked, then cloning passports becomes incredibly valuable, as it allows you to travel across borders as someone else, without having to have a very good passport forgery - all you actually need is a clonded RFID chip.

In any place where this type of checking becomes the norm, what’s the likelyhood of being stopped and asked to show a real passport?

Of course, if passport control stations retain human operators, who check that the photograph on the RFID chip matches the person standing in front of them, all someone needs to do is clone the RFID data and exchange the digital photo for a matching one, and you immediately have someone else’s details with your photo, and you can move through passport control quickly and easily.

Still, since it only takes 5 minutes to clone an ePassport now, so I guess you could do it whilst standing in line at the airport and become whomever you like.

There are reasons to like Valve Software’s Steam service. It makes buying and delivering new software easy. It lets you find friends you want to play with. And I’m sure a lot of other good things as well.

However, I don’t like Steam. I don’t like Steam to the point where I no longer want my Steam account.

My major criticism of Steam harks back to the release of Half Life 2. I bought the game using a credit card from a reputable high street store. In fact, I still have the original game box, DVD and receipt. The only problem is, Valve thinks I’m a pirate. And the only way to prove I’m not a pirate, that I bought my game legitimately, is to let Valve’s Steam software rummage around on my hard drive to ‘verify’ and ‘enable’ my game.

I know nothing will ever be done to change this, far too many people have acquiesced and Steam is far too ingrained amongst gamers to ever be changed to remove the automatic assumption that a person who buys a Valve game is not a pirate. Which is why I have chosen to never buy or play a game that uses Steam.

However, this does leave me in the position of still having a Steam account, which I did use to ‘verify’ and ‘enable’ the copy of Half Life 2 I bought on my credit card from a reputable high street store. I had to prove to Valve I wasn’t a pirate if I wanted to play their game.

Once I had finished with the game, I contacted Valve to have my account deleted, as I had no wish for them to retain any of my details, including my email address, and I had no use for the Steam account any longer.

One of the responses I got was frankly ludicrous:

As steam is a free product, you cannot cancel the account. You can disable the account by uninstalling
it.

What has being a free product got to do with cancelling an account?

It took several emails, and an assumption on the part of Steam’s support staff that I was trying to reset CounterStrike CD keys (which tells me they didn’t check my Steam account, which would have shown that I did not have any CounterStrike CD keys associated with the account.

I finally received the following email on September 24, 2004, after cc’ing Gabe Newell into the discussion - it says a lot when you have to include the company CEO in a support query to actually have your request read and dealt with:

Dear Tom, per your multiple requests I am disabling your Steam account efective imediatelly, remember that
this will not allow you to receive any emails from Steam including account/password recovery emails or have
access to your account.

If you have any more questions feel free to contact Steam Support.

The other day I saw my copy of Half Life 2 (which I can no longer play, as I’ve had to re-install my Windows OS several times) and thought I’d check out my Steam account to see if Valve had actually disabled it as I requested (something I really should have done at the time).

Of course, the first thing that happened was I was able to log straight into the account that Valve claimed had been disabled.

So I read through the Valve and Steam website again, and tried contacting Valve through the usual channels. I emailed SteamSupport (which timed out), and I emailed Privacy. Interestingly, the email given in the Privacy Policy as a contact point if you have concerns over privacy and the way your data is handled results in this auto-response:

Thank you for contacting Valve. This email address is monitored, however due to the volume of email we
get daily, you may not necessarily get a direct response.

So, if I have a concern over privacy, they may check the email inbox eventually?

I guess I need to go back to SteamSupport and create a new account just to have the old account disabled? After all, despite assurances from Valve that the account had been disabled, it appears that in reality it has been active and useable for more than two years.

And given Valve’s disinterest in actually dealing with privacy issues, what recourse do I have if the account is used fraudulently? From what I have been able to discover, I have no resource at all - I can’t even take the basic step of protecting my own data by requesting the account be disabled so that no-one, not even me, can use it. And should I actually want my details removed - well, that’s just not possible - after all, it’s a free service…

Technorati Tags: Valve, Steam, Half Life 2, Privacy, Identity Management

I’ve come up against an interesting problem: O2’s email servers are stripping out attached 3GP videos, transcoding them to a lower quality (but higher file size) AVI, attaching the AVI and sending the email on to the recipient with a link back to O2’s website in certain situations:

You have received a Media Message
This Media Message has been sent using an O2 camera phone.

Click here to view this message online[…]

I spent an incredible amount of time on hold to customer support playing chinese whispers with a very helpful lady who knew nothing about my problem, but had to relay everything while I was on hold as the technical support department wouldn’t originally speak directly to me.

So, here’s what I was told, in order, by the helpful lady (relaying from Tech Support):

O2’s email servers have a 300Kb limit
Funny - the .3gp is 102Kb, but the attached transcoded AVI is 200Kb

You phone is doing the conversion before it’s sent
Then why do O2 have a copy of the original, full-resolution .3gp on their server? If my phone’s doing the conversion, then the converted file would be sent.

You didn’t have WAP settings turned on on your account.
So how come I’ve been using the WAP service for the past couple of months whilst I test Pitch?

And what does having WAP settings turned on on my account have to do with sending an email?

What I’ve also discovered:
Even though I run my own IMAP server, and can receive email quite happily, I am not allowed to use my IMAP server to send email - all outgoing email has to go through O2’s outgoing SMTP server - which means any outgoing email is not being sent from my server, and the headers reflect this - not an ideal situation.

There’s also no way I can find out why this is happening, as technical support didn’t seem to know why I couldn’t make a port 25 connection to my mail server. Given that I can quite happily connect to port 25 on O2’s mail server, this tells me that the connection is being blocked, which is a real pain.

Conclusion:
It appears some newer phones are hiding the fact that you are sending something as a media message, making it appear as if you are sending an email instead.

So if you want to send someone a mobile video by email, make sure you’re actually sending it via email and not as a media message.