Public Information Research
[Jan. 30, 2013] My out-of-town friend Daniel Brandt for years was a one-person intelligence operation, compiling a data base on the Central Intelligence Agency, covert action and government conspiracies. Later he became a critic of abuses of power by Google, Wikipedia and now a little-known company called CloudFlare.
He created a searchable data base of more than 100,000 names of people linked to the Central Intelligence Agency, covert operations and governmental conspiracies, based on indexing of more than 700 books and many thousands of articles in newspapers and magazines. If you wanted to know what there was to know on the public record about, say, James Angleton or Dan Mitrione, you could search Daniel’s data base and find pretty much everything that was publicly known. Click on Olliegate for an example of how that worked. Daniel put the NameBase index on a web site in 1995, with articles and book reviews on intelligence related subjects. Click on Counterpunch for a 2003 interview of Daniel Brandt about NameBase.
Daniel Brandt became a leading monitor and critic of Google and Wikipedia, and published his findings on his Google Watch and Wikipedia Watch web sites. He pointed out, among other things, how Google keeps files on everyone who uses Google, recording every search and every transaction, and how Wikipedia runs articles that are not only inaccurate, but libelous, without liability. Click on WikiScandal for the story of how John Seigenthaler, a respected civil rights lawyer and newspaper publisher, was falsely accused in a Wikipedia article of being a suspect in the Kennedy assassination.
The article doesn’t tell how Daniel used his Internet skills to track down the culprit, who was shielded by Wikipedia. Seigenthaler forgave him.
As an alternative to Google, Daniel Brandt started a service called Scroogle, which enabled users to do Google searches without revealing any personal information to Google. Last year Daniel’s web sites were all taken down by malicious DDOS (distributed denial of service attacks). About the same time Google was finally blocking Scroogle more efficiently than it had before, so Scroogle was retired after a run of se
Daniel is still on the Internet
with five sites. NameBase Book Index is the old NameBase web site, of interest mainly for the archive of book reviews and articles therein. CIA on Campus is a collection of articles about the activities of secret intelligence agencies on campuses. These articles are of more than historical interest. Nothing has happened to limit the activities of intelligence agencies since these articles were written.
The Great Google Book Grab provides articles and information about Google and copyright issues. Wikipedia Watch is a continuation of Daniel’s original Wikipedia Watch site.
CloudFlare Watch is his newest site.
[Feb. 2, 2013] I asked Daniel to explain in layman’s terms just what was so significant about CloudFlare. He answered as follows.
Thanks, Phil, for your invitation to write about what I’m trying to do with my new site, CloudFlare-Watch.org.
You are right — this CloudFlare-Watch stuff is much too technical. To confuse it more, CloudFlare is not a hosting provider, but merely a DNS provider (domain name system). This is why CloudFlare tries to claim that they are unable to exercise any authority over content, since they do not host content for anyone.
However, it is impossible to get to a website without going through DNS. If you deleted the records for a domain that uses CloudFlare’s nameservers, that site becomes unreachable within minutes. Moreover, CloudFlare actually does cache some of their customer’s pages on their servers, in order to speed up access. They currently claim that half a million domains are using their nameservers. They offer several levels of service, and the lowest level is free of charge.
You asked about laws, which instantly means that one has to make a huge number of distinctions. The DMCA (Digital Millennium Copyright Act) applies to sites hosted in the U.S. Probably over half of CloudFlare’s clients are hosted in other countries, even if the person creating the content is still in the U.S. The DMCA only covers copyright, and only
covers providers in the U.S. Thankfully, CloudFlare is headquartered in San Francisco, which means that they try to make it appear that they are minimally cooperating with DMCA requirements. I believe that they are not doing this in good faith, and I provide evidence of this on my site.
Child porn, on the other hand, is universally illegal, which makes it easier to prosecute. Even here, you have to identify the hosting provider and hope that this provider will hand over the identity of the person operating and hiding behind the server. In the U.S., a hosting provider will cooperate with the FBI if it involves child porn because they don’t want any servers seized at their data centers. If the FBI wanted to play tough, they could haul off a few extra racks of servers just to be sure they get it all. This would mean that many innocent customer sites in that data center would go down, and stay down.
But what about providers in other countries? Will you need a court order to get anywhere? You might even discover that the hosting provider is hidden behind a chain of “tunneling” servers in one or more countries. From the point of view of an FBI agent, this means that you have to deal with authorities in various places — Romania, Ukraine, etc., just to work your way toward identifying the perp. That’s a huge amount of work.
Defamation? Forget it. The laws are all over the place, and these are mostly civil laws, which means that you don’t have the assistance of law enforcement. Your chances of identifying the person you need to sue are minimal. Are you rich enough to sue someone in another country, even if you are lucky enough to find them?
At the corporate level, everything is even more confused. In 1996, the Communications Decency Act in the U.S. (Section 230) granted immunity to providers that host content, but do not create or monitor content. The federal law trumps all state laws in the U.S. Criminal laws are not affected, and copyright is handled by the DMCA, but that still leaves room for lots of nastiness on the web that is difficult to address.
Other countries see things differently. Google, for example, has court orders against them in Japan, Italy, Spain, Australia, and Argentina, based on search results that those courts have ruled are defamatory. Google can ignore them by pointing out that the relevant content is not based in that country. What’s the judge going to do, block all of Google? Hardly. That would be a career-killer. Google basically does not respond to defamation complaints at all, even when it involves content on their servers (blogspot.com, YouTube, etc.) as opposed to mere search results. For search results, Google consistently pretends that the algorithm did it, and they are not to blame — as if the algorithm was not created by Google’s engineers, and cannot not be fixed by those same engineers! Google knows this, but they’re too busy laughing all the way to the bank.
CloudFlare thrives in a legal gray area that was already gray even before they came along. They are exploiting this. Cyberwars are happening. You may think this is movie fiction and hype, but it’s not. CloudFlare is a cyberwar profiteer. They deliberately attract both sides in this war — the cyber criminals as well as the cyber victims. My new CloudFlare-Watch site is trying to sound the alarm so that CloudFlare’s chances of getting a second round of venture funding are diminished. It feels like I’m a voice in the wilderness — everyone else is hyping CloudFlare as much as possible.
But I’m used to it. I was the first Google critic at a time when webmasters ridiculed me on forums for arguing that Google was saving everything they could get on everyone (Google-watch.org started in 2002). I remember one whiz-kid webmaster who argued that you couldn’t possibly fit much information into a little cookie. I tried to explain that all you need in a cookie is a globally-unique ID of maybe 20 characters, and that this ID is what is used to reference all your information. The actual data on you is kept offline somewhere in the Googleplex, and you don’t get to see it. He couldn’t grasp what I was saying.
Much bigger fish than I are trying to tame Google these days, and this means that I can retire from Google criticism. Google’s search engine emerged into public consciousness around 2000, which was two years after they incorporated. In 2001 I noticed that there were some nagging questions that needed to be addressed, such as Google’s cookie that had an expiration date of 2038. I knew your hard disk wouldn’t last that long, but this wasn’t about hard disks. Rather, it was an important clue to Google’s state of mind about user privacy. It turned out that I was right.
Now it’s time to concentrate on CloudFlare, which is less than three years old, before it becomes the next web monster. The basic problem I have with CloudFlare is that it offers one more way to hide the location and identity of your hosting provider, and it’s easy and free to use.
I believe in privacy for passive web users. For example, someone who is doing research on Google deserves privacy, and that’s why I ran Scroogle for seven years. But what about web publishers? Anyone who publishes information on the web that can affect other people should not be allowed to hide behind a screen name, or behind CloudFlare, or behind VPNs (virtual private network or “tunneling” servers), or hide by cherry-picking a provider in whatever country they choose.
People who publish content that can affect others should use their real names so that they can be held accountable. Everyone who uses CloudFlare’s nameservers is some sort of web publisher, and CloudFlare should reveal the IP addresses of their hosting providers without any questions asked. They should have a search box on their home page that spits out the IP addresses with date stamps for every domain that uses their nameservers.
The problem, from CloudFlare’s perspective, is that this would mean that half of their clients would disappear overnight. It would mean that their hype about protection against DDoS (distributed denial of service) attacks would be null and void, because the attackers could now target the original provider. And cyber-criminals who use CloudFlare to hide would have to go elsewhere.
Their entire package of hype would fall apart. All that would be left of CloudFlare is a DNS and caching service, which would not be nearly as enticing. It would, however, be much more socially responsible.
— Daniel Brandt
[July 14, 2014] Daniel has renamed the CloudFlare-Watch site CrimeFlare, with the option to expand coverage to other companies in the future. Click on Times of Israel for a report on CloudFlare and Public Information Research. The CIA on Campus, Great Google Book Grab and Wikipedia Watch sites are no longer active.
[July 18, 2016] CIA on Campus is in fact active.