All Things Digital

Back in 2005, word on the street had it that the Mozilla Foundation was making as much as $30 million annually from the Google search box in its open-source Firefox Web browser.

Turns out, that number probably wasn’t too far off. According to an independent auditor’s report, Mozilla made $66.8 million in revenue in 2006, quite a bit of it from Google (GOOG). As former Mozilla Corp. CEO Mitchell Baker explained in a post to MozillaZine:

As in 2005 the vast majority of this revenue is associated with the search functionality in Mozilla Firefox, and the majority of that is from Google. The Firefox user base and search revenue have both increased from 2005. Search revenue increased at a lesser rate than Firefox usage growth as the rate of payment declines with volume. Other revenue sources were the Mozilla Store, public support and interest and other income on our assets.”

But those “other revenue sources” are piddling in comparison to Google’s contribution, which apparently accounts for a full 85% ($56 million or so) of Mozilla’s revenues.

So it’s supremely ironic then to hear Mozilla CEO John Lilly criticize Apple (AAPL) for distributing its Safari browser for Windows and OS X through its Software Update utility. “What Apple is doing now with their Apple Software Update on Windows is wrong,” Lilly said in a blog post on Friday. “It undermines the trust relationship great companies have with their customers, and that’s bad–not just for Apple, but for the security of the whole Web. … Apple has made it incredibly easy– he default, even–for users to install ride-along software that they didn’t ask for, and maybe didn’t want. This is wrong, and borders on malware distribution practices. It’s wrong because it undermines the trust that we’re all trying to build with users. Because it means that an update isn’t just an update, but is maybe something more. Because it ultimately undermines the safety of users on the Web by eroding that relationship. It’s a bad practice and should stop.”

Now, Lilly may have a point. But he’s hardly the best guy to be making it. As ZDnet’s Larry Dignan notes, Safari–like Firefox–features a Google search box, for which the search giant also presumably pays a placement fee. A sudden gain in market share for Safari at Firefox’s expense could have financial implications for Mozilla. “Let’s say Safari grabs 10% market share and Firefox falls to about 25%,” Dignan writes. “That’s fewer searches and less revenue for Mozilla. Sure, you can argue about whether Apple’s Safari move is above the board. You can also question the security implications and a bevy of other issues. But in the end, Apple’s Safari update and Mozilla’s reaction is like any other story. To truly understand it you have to follow the money.”

UPDATE: John Lilly wrote to me earlier today with a few comments about this post. Here’s what he had to say:

Hi John –

Wanted to follow up on your post just now about us and Apple and Google.

Take this for whatever it’s worth, but revenue and market share didn’t enter my mind when I posted. At Mozilla we obviously care about having enough resources to keep the lights on and pay people, and we care about having enough market share–because it means that we’ve built products that people really care about.

But competition is good and healthy, and essential. Without competition we’d all be in a pretty bad world–sort of like AT&T in the bad old days.

I’ve got zero issues with Apple using their channel to distribute other products–I think that’s a perfectly fine thing for them to do. What I worry about is that users need to trust the security updates they get from their vendors–because if they don’t–if they think there’s an ulterior motive other than keeping software up-to-date–that’s a problem for everyone.

Anyway, I respect your right to write what you think and to be skeptical of the motives of folks like me, but I do say sincerely that in this case, revenue has nothing to do with it.”

Facebook may be worth $15 billion after all–not in future advertising revenues (which are apparently suffering at the moment), but in future legal fees.

A CA security researcher reports that the
site’s controversial Beacon online ad system, which transforms member transactions on affiliate sites into product/service endorsements, collects information about member actions on affiliate sites even if they’ve opted out of Beacon and logged off from Facebook. Stefan Berteau, senior research engineer at CA’s Threat Research Group, explained how in a post to the CA Security Advisor Research Blog:

I created an account on epicurious.com and tried saving three recipes as favorites. The first recipe was saved while logged in to Facebook in the same browser session. An alert appeared allowing me to opt out of Facebook’s publishing this as a story on my feed, which I did. The second one was saved after I had closed the Facebook window but had not logged out or ended the browser session. The same alert appeared, and I opted out again, selecting ‘No thanks.’ I then closed the browser entirely and launched a new session. After confirming that I was not logged in to Facebook, I saved the third recipe. No alert appeared.

“I then checked the network traffic logs and was dismayed to find that in all three cases, data about where I was on Epicurious, what action I had just taken, and what my Facebook account name is [were] transmitted to Facebook. The first two cases involve the transmission of user data despite ‘No thanks’ having been selected on the opt-out dialog, and are causes for deep concern. They pale, however, in comparison to the third case, where Facebook was receiving data about my online habits while I was not logged in, and was doing so silently, without even alerting me to the cross-site communication.”

Unsettling, such data collection practices. Though Facebook, of course, claims they are all on the up-and-up and conducted with proper privacy safeguards. “When a Facebook user takes a Beacon-enabled action on a participating site, information is sent to Facebook in order for Facebook to operate Beacon technologically,” the company said in response to Berteau’s report. “If a Facebook user clicks ‘No, thanks’ on the partner-site notification, Facebook does not use the data and deletes it from its servers. Separately, before Facebook can determine whether the user is logged in, some data may be transferred from the participating site to Facebook. In those cases, Facebook does not associate the information with any individual user account, and deletes the data as well.”

(Photo via FSJ)

Add the personal details of most every child in the U.K. to the growing tally of sensitive consumer information misplaced by those entrusted with it. Because two CDs containing child benefit information on every family in Britain with a child under 16 have gone missing.

HM Revenue and Customs Chancellor Alistair Darling broke the news to the public in a statement to the House of Commons, met with gasps of incredulity from those in attendence.

… Two password-protected discs containing a full copy of HMRC’s entire data in relation to the payment of child benefit was sent to the NAO, by HMRC’s post system operated by the courier TNT. The package was not recorded or registered. Mr. Speaker, it appears the data has failed to reach the addressee in the NAO.

“… The missing information contains details of all child benefit recipients: records for 25 million individuals and 7.25 million families. These records include the recipient and their children’s names, addresses and dates of birth; it includes child-benefit numbers, national insurance numbers and, where relevant, bank or building society account details.”

Astonishing, eh? Even more so given that the package containing the CDs–which was never registered or recorded–was mailed Oct. 18.

Huzzah!

Lawmakers and politicians met news of the breach with well-practiced outrage. Said Shadow Chancellor George Osborne: “Let us be clear about the scale of this catastrophic mistake–the names, the addresses and the dates of birth of every child in the country are sitting on two computer discs that are apparently lost in the post, and the bank account details and national insurance numbers of 10 million parents, guardians and carers have gone missing. Half the country will be very anxious about the safety of their family and the security, and the whole country will be wondering how on earth the government allowed this to happen.”

Apple’s latest security updates include so many fixes that you might mistake them for a Windows Service Pack.

Among the 25 issues repaired in Leopard 10.5.1: a major one that resulted in a “potential data loss issue when moving files across partitions in the Finder” as well as other problems with Time Machine, Firewall, Back to My Mac, Airport and Mail.

The release of OS X 10.5.1 follows hot on the heels of OS X 10.4.11, Apple’s 11th and likely final update to Leopard’s predecessor, Tiger, which patched 41 vulnerabilities in the OS.

Though Apple hasn’t yet unveiled, or perhaps even developed, its strategy for integrating the iPhone with business software systems in a way that won’t give IT executives aneurysms, its plans to bring the device to the enterprise market appear to be going quite well. This in spite of dubious security folk and leery analysts like Gartner’s Ken Dulaney who once said: “We’re telling IT executives to not support it because Apple has no intentions of supporting (iPhone use in) the enterprise. This is basically a cellular iPod with some other capabilities and it’s important that it be recognized as such.”

Thing is, Apple likely does intend to support the iPhone in enterprise, and even if it doesn’t, a lot of people plan to use it there anyway. According to new research from IDC, 70% of the people who own or are planning to buy an iPhone intend to use the device as a business tool. “The results of our poll suggest a preference for both personal and business usage among those that own or plan to purchase an iPhone in the next 12 months,” said Sean Ryan, research analyst for IDC’s Mobile Enterprise Device Solutions. “This coincides with a growing trend in the proliferation and uptake of other converged mobile devices designed to meet both the business and consumer requirements of mobile workers.”

Like it or not, the iPhone is being “user pushed” into the enterprise space. As Mark Blowers, senior research analyst at Butler Group, noted this past summer, “With remote working becoming more popular, there will be increasing pressure on the IT department to integrate a growing number of different mobile devices with the existing infrastructure. The iPhone could well be another BlackBerry that the IT manager will be compelled to adopt.”

Conventional wisdom and Apple spin have long held Macs to be more reliable and more secure than PCs. But after reports of installation bugs, along with data loss and other problems in Mac OS X Leopard, some are beginning to ask: how much more reliable? How much more secure? Especially now that Apple has confirmed that OSX.RSPlug.A, a malicious new Trojan found on several pornography Web sites, can indeed compromise Macs running Mac OS X.

“We’ve been made aware that a small number of Web sites attempt to trick Mac OS X users to install malicious software on their Macs,” said Apple spokeswoman Lynn Fox. “Apple has a great track record for keeping Mac OS X users secure, and as always, we encourage people to install software only from trusted sources.”

And be sure to stay away from porn sites that require you to install software to view them.

So is OSX.RSPlug.A an anomaly or a harbinger of things to come? Security researcher Gadi Evron says it’s the latter. “Apple’s day has finally come, and Apple users are going to get hit hard,” Evron told Wired. “OS X is the new Windows 98. … It’s Mac season. The next two years will be interesting.”

If the 137 million Chinese who surf the Web weren’t already aware that online dissent is an impossibility, they will be soon.

Beginning Sept. 1, animated beat cops will begin patrolling the nation’s 13 top portals, warning citizens away from material the ruling Communist Party finds politically or morally threatening.

According to the Beijing Public Security Ministry, the Sanrio-esque characters will begin showing up on all sites that are registered with the government by the end of the year. “We will continue to promote new images of the virtual police and update our Internet security tips in an effort to make the image of the virtual police more user-friendly and more in tune with how Web surfers use the Internet,” it said.

Note: John Paczkowski is on vacation and won’t be writing or posting videos until he returns Monday.

To keep you abreast of tech news while he’s away, we’re compiling a daily digest of 10 must-read tech stories. We’re calling it the Tech 10 and it appears below.

1. As inevitable as death and taxes: YouTube, the world’s No. 1 video site, will begin placing ads in its videos, All Things Digital’s Kara Swisher reports. The animated advertising will appear no earlier than 15 seconds into a video, overlaid on the bottom fifth of the screen. Citing viewer revulsion, a YouTube product manager told NewTeeVee the site will not use the dreaded preroll or postroll.
2. Apple, leveraging its deal-brokering with AT&T stateside, has signed up European partners for iPhone sales and service. A report in the Financial Times notes that three telecoms–T-Mobile in Germany, Orange in France and O2 in the United Kingdom–will fork over 10% of the revenues made from iPhone calls and data transfers.



3. Stargazing earthlings will get a new perspective today, as Google unveils Sky, its view of the heavens from Earth. The New York Times reports that users will be able to zoom around to view millions of stars and galaxies, much as they do on a smaller scale with Google Earth.
4. Henri Richard, the very visible top sales officer of Advanced Micro Devices, is leaving the troubled chip maker. Confirming an earlier report on Hexus.net, Tom Krazit of CNET describes the executive vice president’s departure as a “significant development in what has been a disastrous year for AMD,” precipitated by its postponement of Barcelona, its quad-core server chip.
5. Regrouping years after the dot-com implosion, the online-trading business is in for some consolidation now that TD Ameritrade Holding Corp. and E*Trade Financial Corp. are holding merger talks. The Wall Street Journal is reporting that the potential union could create a single dominant force in what has been seen as a highly fragmented industry, with many small companies in the competitive fray.
6. Spotting potential in the social-networking trend, U.S. spy agencies plan to develop an information-sharing portal based on MySpace and Facebook. According to the Register, taxpayers, rather than advertisers, will foot the bill for the spook Web site.
7. Darkening the cloud of suspicion hanging over electronic-voting machines, California’s secretary of state has accused Election Systems & Software of selling about 1,000 uncertified electronic-voting machines to five California counties in 2006, according to IDG News Service. The state has instituted new security standards for all electronic-voting machines after a review sharply criticized the technology.
8. Reconsidering the upswing in PC gaming, Microsoft is bringing back its SideWinder line of peripheral equipment, starting in October with a new mouse, reports the Seattle Post-Intelligencer. The device will cost $79.95 and includes a wider scroll wheel, special buttons and other doodads for gameheads.
9. Joining the competition for the thinnest TV screen, Sharp is unveiling a 2-centimeter thick LCD screen. PC World reports that the prototype TV will get its signals via a high-speed wireless link, eliminating the need for a cable.



10. Talk about a cybervirus. Epidemiologists have found that studying an imaginary epidemic in an online game world could provide valuable clues to coping with the real thing. Writing about research published in the September issue of Lancet Infectious Diseases, ABC News reported that researchers from Tufts and the University of North Carolina are serious in applying the lessons of online epidemics (in particular, the “corrupted blood” that spread on World of Warcraft in 2005) to disease-control efforts worldwide.

–posted by Associate Editor John Sullivan

The access panel door on a Diebold AccuVote-TS voting machine–the door that protects the memory card that stores the votes and is the main barrier to the injection of a virus–can be opened with a standard key that is widely available on the Internet. The exact same key is used widely in office furniture, electronic equipment, jukeboxes and hotel minibars.”

–Princeton professor Ed Felten

With the presidential primary approaching, Diebold Election Systems is finally developing a voter-verified paper trail–of bad press. Earlier this week, the company made headlines when a team of investigators found fundamental security vulnerabilities in its touchscreen voting machines (as well as those of rivals Sequoia Voting Systems and Hart InterCivic).

Now it’s back in the news again, thanks to another government-ordered study that found its optical-scanning machines to be flawed as well. According to a report released by Florida Secretary of State Kurt Browning, Diebold’s AccuVote OS optical-scan voting devices could compromise the upcoming presidential primary elections in which they’re to be used. The machine’s “memory card can be preprogrammed to redistribute votes cast for selected candidates on that terminal, including swapping the votes for two candidates,” the report explains. “The attack can be carried out with low probability of detection, assuming that audit with paper ballots are infrequent and that programmed cards are not detected before use.”

An unsettling revelation for anyone concerned about this whole idea of “election integrity.” But never fear, Diebold has vowed to patch the vulnerabilities identified in the report by the Aug. 17 deadline given it by the state. If it doesn’t, it risks decertification, which some would argue might not be a bad idea at this point. Remember, Diebold is the company that designed its widely criticized electronic-voting systems, to be opened with a hotel minibar key and then posted a detailed photograph of that key to its online store.

It’s the company that can’t seem to safeguard its source code. It’s the company that evaded election transparency laws in North Carolina. And it’s the company that modified its machines without notifying election officials. Twice.