"No man chooses evil because it is evil; he only mistakes it for happiness, the good he seeks." -Mary Wollstonecraft A couple of weeks ago, there was a thread called "google & privacy" on the lib-techie mailing list Progressive Exchange, commenced with an innocent question about the search behemoth's ubiquitous IP tracking, and losing itself on the fringes of a trackless mire over the relative corporate responsibility of making profitable terms with the Chinese government. Google makes slick tools, and I've certainly left my own fingerprints all over their logs. But it's pretty surprising the degree to which many progressives are willing to let Google skate with no more accountability than its Wal-Mart-smiley slogan, "Don't Be Evil" -- or even, in criticism, to underscore some perceived failure of non-evilness as a matter for corporate ethos and little more.

Read more

DIA competitor Convio suffered a major security breach that unfolded publicly last week, as many readers may know. This post is well past its immediate news cycle, but we've quite understandably been asked in light of that event about our own security procedures as well, and wanted to put them on the record. For anyone unfamiliar with the story, the thumbnail version is that a compromised password enabled an intruder to download scores of Convio clients' lists ... and that those downloads included hundreds of thousands or millions of plain text (rather than encrypted) versions of ordinary users' passwords. The NTEN blog summarizes the affair here. Allan Benamer's initial alert -- and accompanying comment thread -- have a lot more. Any system could be hacked or compromised, of course; this is a risk all online providers face and strive to minimize -- we're doing the reflexive sympathetic wince over here that you do when someone on TV gets clobbered in a sensitive spot. But beyond the initial intrusion, the compromised passwords are the real problem. Since many users re-use the same passwords across many different systems -- including financial presences such as online banking, PayPal, amazon.com and the like -- it's potentially hugely damaging. So, most importantly for users of DemocracyInAction's Salsa platform: this particular aspect of the breach has not happened and could not happen in our system. We use, and always have used, industry-standard one-way encryption algorithms to protect passwords for all users and campaign managers. Neither intruders nor organization administrators nor users themselves can ever actually see even their own password.

Read more (14 comments)

At least the healing, back-to-fundraising process can begin in the bosom of YearlyKos, whose namesake shared these observations on FISA capitulation day:

We are a full-fledged partner in the progressive coalition ... with our allies in the labor movement, our friends in the issue groups, and our party leadership. ... [E]arly hostility – based on substantive differences – is now giving way to new respect and trust.

We in the club, yo! What's systematic, institutional betrayal if not a call for more and better Democrats?

Read more (6 comments)