Opera has released an early version of a browser-based sharing and collaboration service called Unite, which has been criticized by some security experts as having a level of protection that is too low.
Opera Unite, an application platform that turns the user's PC into a Web server, was unveiled in an alpha version by the Norwegian company on Tuesday. Components of the browser-based service include file sharing, photo sharing, a shared media player, a chat lounge, and the ability to run Web sites hosted on the user's PC.
While the user hosting the content needs to be running a particular version of Opera 10 for Windows, Mac, and Linux, those viewing the content can do so from within any browser, including Internet Explorer or Firefox.
Opera is trying to encourage developers to create new applications that use Opera Unite. "It all happens through the browser, so no additional software has to be downloaded, and it will work wherever Opera works (Windows, Mac, Linux and later mobile phones and other devices)," Opera product analyst Lawrence Eng wrote in a blog post on Tuesday. "Opera provides the platform and you provide the applications -- what you create is limited only by your imagination."
Eng referred to the initial Opera Unite applications as "just simple demos" and said the platform would allow for "a whole new class of social software on the Web ... [where] people can all connect directly without needing middlemen who control third-party servers." He also said the service will, in time, work on mobile phones and other devices, as well as on desktop computers.
The content is shared via Opera Unite by people sending other people URLs, and the security for protecting access to the content relies entirely on passwords. However, there are two ways to do this, and one method has been criticized by analysts as potentially posing a security risk.
When a person (the host) wants to share content, there are two options: either send a URL that leads to the host's personal landing page on Opera Unite, or send a URL that links to the application within Opera Unite that relates to the content they want to share.
With the first option, the host must send the viewer a password generated by Opera Unite for them to access the application. With the second option, the URL includes the password at the end, so it is in plain view if the URL is inadvertently shared. Also, with the second option, anyone who sees the URL does not need any further details to view the content, as clicking on the link will take them directly there.
"Be a bit cautious"
A spokeswoman for Opera confirmed to ZDNet UK on Tuesday that there is no encryption involved in the Opera Unite.
Asked whether the platform could be used by someone to access data on the host's PC that the host had not chosen to share, the spokeswoman said: "Definitely not -- unless they're a hacker."
"Opera Unite has been tested by a number of people within Opera, so the more people we have using the service, the more we'll know about the service itself," the spokeswoman added. "At this point, [you should] be a bit cautious in the files you're sharing -- only share amongst people you trust."
Greg Day, a McAfee principal security analyst, said Opera Unite was a "smart idea, going back to people self-hosting," and said there was "some value [from a security perspective], insofar as you are in control of your own data." However, he said there are also security risks associated with the approach.
"The [negative] is you have to have enough security integrated into the technology, or have the personal knowledge to put that security in around the technology," Day warned. "The logical evolution of services like Facebook was about simplifying the process, so you rely on a third party who, in theory, has the expertise to host on your behalf and keep it secure."
Andy Buss, a senior analyst at Canalys, said security based on the distribution of passwords was "an avenue to disaster."
"If there is no transport-layer security, it is easy to intercept the information being transported," Buss said. "This will need to be looked at as an option."
Another potential problem is related to intellectual-property violations, where hosts might illegally store copyrighted content on their PC and then distribute this via Opera Unite. Buss predicted that security and copyright issues will be a challenge for the next generation of internet applications, which will move a lot of activity now done on PCs to cloud-based services. "These services are required and useful, but they have to be as secure as possible," Buss said.
Asked about the copyright issue, Opera's spokeswoman said that if a user was found to be distributing copyrighted material, Opera would ask the user to remove the content and, if the person did not comply, would block the account. "This would only happen if the matter was brought to Opera's attention, as Opera does not monitor your data," the spokeswoman added.
Related story: Speedy Opera 10 beta reconfigures as Web suite
David Meyer of ZDNet UK reported from London.
The U.K.'s Virgin Media could start suspending persistent file sharers on a temporary basis, using information provided to it by Universal Music.
The ISP announced on Monday that it would, before Christmas, launch an all-you-can-eat music download service for its users, based on a monthly subscription fee. The tracks will all be DRM-free.
"In parallel, the two companies will be working together to protect Universal Music's intellectual property and drive a material reduction in the unauthorized distribution of its repertoire across Virgin Media's network," a statement read. "This will involve implementing a range of different strategies to educate file sharers about online piracy and to raise awareness of legal alternatives. They include, as a last resort for persistent offenders, a temporary suspension of internet access."
Virgin pointed out that "no customers will be permanently disconnected and the process will not depend on network monitoring or interception of customer traffic by Virgin Media."
A spokeswoman for Virgin told ZDNet UK on Monday that the suspensions "could be as little as five minutes, an hour or a day." She said the idea of suspensions was very much in the process of being worked out -- they may not even happen -- and would only be launched on a "trial" basis.
As for how Virgin will know which persistent file sharers it should be suspending, the spokeswoman said this knowledge would be derived from information coming from the record company.
Universal will use technology from the Danish antipiracy firm DTecNet to scour file-sharing networks -- not Virgin's own network -- and log the IP addresses of "persistent" file sharers, along with the time of the transfers in question. That information will go back to Virgin, who will use it to identify the file sharer and begin warning them of possible action that could be taken against them.
DTecNet has already been working with U.K. content companies for some time to do much the same thing, and is also working with RIAA in the United States.
Virgin's spokeswoman did not give any further details of the number of warnings a persistent file sharer would get, the exact pricing of the music service (although ZDNet UK understands it will be somewhere around the cost of two CDs a month) or which other record companies Virgin is in talks with regarding a similar service.
For the latest on the the furious debate going on about file sharing and Net neutrality in Europe right now, check out this story we posted last week.
David Meyer of ZDNet UK reported from London.
AOL's Edwin Aoki
(Credit: ZDNet UK)Edwin Aoki is a technology fellow at AOL, and an alumnus of Apple and of Netscape, where he worked on enterprise products as well as the Communicator browser.
On Thursday, Aoki spoke at the Future Of Web Apps conference in London, alongside figures such as Digg's Kevin Rose and Facebook's Mark Zuckerberg. He urged developers to create applications out of passion and for the community, rather than just doing it for money.
ZDNet.co.uk spoke to Aoki just after his speech, to talk about the impact Web applications have had in the enterprise and what trends are emerging.
In the speech you just gave, you suggested that developers should develop applications out of passion, rather than for money. Is this not an idea that is more applicable to the consumer, rather than the enterprise, developer community?
Aoki: Folks have been able to take whatever their passion or their expertise is and apply the technology to writing that, or to disseminating that, through whatever organization their interest is in. We see that a lot in nonprofits, but we also see that a lot in the enterprise.
Wikis are a great example of a technology that often comes in because some folks inside the enterprise want a more efficient way of spreading knowledge and information, and all of a sudden it becomes this great corporate resource. Messaging is another example of something that, we found at our AIM network, often starts with people wanting to have a better way to communicate inside the enterprise. They bring that in, and all of a sudden they find it's a way they can communicate not only inside the intranet, but also with customers and suppliers as well.
I think it is one of these things where the ubiquity and the low cost and the ease of deployment of these technologies really is the supreme environment where you can bring that into an enterprise, just as you can bring that to consumers or even a non-profit.
Those are examples where a trend started in the consumer sector and moved into the enterprise. Is that going to continue?
Aoki: I think that enterprise software is a slightly different beast. I used to do some of that in my time at Netscape and typically they have fairly long sales cycles, they're centrally administered, they are deployed by an enterprise IT department on behalf of a company, and a lot of those folks are starting to embrace those technologies and bring that in on a corporate level as well.
But I think the rapidity of adoption really does start with individuals. It may start from a consumer focus, and it may start from more of a professional focus, but the common thread is that it does tend to start with a person or a small team or a department that is really interested in deploying that technology.
How much do you think the global financial crisis is going to hit the developer community?
Aoki: We're already starting to see, in some sense, the capital markets and some of the venture funding start to be more cautious. Certainly in (Silicon) Valley, there is still an outgrowth of the lessons learned during the first dot-com bust. People are being a lot more cautious. They're scrutinizing the balance sheet a little bit more; they're looking more for those revenue ideas.
At the same time, a lot of the things I was talking about are fueled really not out of money, and they don't cost that much money to start. Both within AOL and with a number of the folks here at the conference, they just start something on a weekend. And they say well, they'd love to just try out how that works. And they find that it's an idea that catches on, and it's an idea that resonates with people, and all of a sudden they're writing something that is larger than they imagined it would be.
We had products that were launched that way in AOL, from the initiative of an individual engineer. We've had enterprise initiatives that have launched that way, because somebody said there's got to be a better way to...whatever.
Such as?
Aoki: Well, I mentioned wikis earlier. Our internal wiki was started by one of our engineers as a way to incorporate a more decentralized approach to documenting the kinds of things that we do. It's been completely embraced by the organization--hundreds of thousands of pages--and it's now an IT-supported function. We have an internal search agent that goes through our intranet that helps aggregate and organize all the information from our myriad sites--that was an employee-started function.
A lot of these things start off as an idea and all of a sudden the organization realizes, hey, this is really helping, this is a great productivity boost. How can we bring this in, how can we help manage that, how can we incorporate it into our corporate systems and bring that into our security and enterprise policies in a way that's not going to stifle that innovation, but in a way that's going to help it grow and help nurture that.
A lot of organizations have been very cool on social-networking sites such as Facebook. How will social networking win over the enterprise crowd, given that many such sites don't yet have the perceived longevity of instant-messaging applications?
Aoki: Social networking--whether it's Facebook or LinkedIn or any specific instance of it--the notion of the social network is going to stick around. You mentioned instant messaging and, if you reduce that back to its bare bones, you have a social graph, that's just graphed through that buddy list there. And that morphed into the Facebooks and LinkedIns of the world, where you're able to check that and see that a little more transparently. That will morph into something else again, I'm sure, as our understanding of those technologies matures.
So it's there. It's something that's part of that. IBM did a study, again looking at wikis in particular, in terms of the number of people that contribute to a wiki and the number of people that are really involved in that. You can trace domain knowledge through that, by looking at who it is contributing to an area, who the comments are coming from, where the edits are going. Wikipedia has a similar phenomenon on the global consumer web.
But again, that also forms a sort of social network, because you're able to understand who your domain experts are in a particular area. If you feed that out onto a graph, you have some additional metadata on your organization there.
So I do think that those kinds of things will evolve organically out of the way technology is used, and frankly I don't think that we know how that will manifest.
A number of organizations have tried to have these social networks on the intranet, creating internal social networks. I don't know that that works unless you have a very large organization, because the value of a social network is in being able to tease out some of these relationships that aren't necessarily obvious. If you have 25 people and know what everybody does and what their skills are, a social network isn't going to layer a whole lot more on top of that.
But for larger enterprises or geographically distributed enterprises, they can have a lot of opportunities where that network is able to expose information that's not necessarily obvious. And I think that IT organizations will realize that and understand that there's value there.
Perhaps one reason instant messaging became more acceptable in organizations was that the networks became interoperable. But this is still not the case with social networking. How important do you think interoperability and the portability of personal data between sites will be? We haven't yet seen the fruits of initiatives such as OpenSocial, for instance.
Aoki: Not yet, but these things take time. There's been a number of folks who have been working very hard on data-portability standards and protocols. Obviously there's that balance between what you want to expose and (conceal), and there are privacy concerns about that, making sure that we have iron-clad authentication and authorization that goes with that.
We talk a lot about data portability and its need, and it's clearly an important aspect for the industry, but it's easy to overlook how deep that rabbit-hole goes sometimes. In order to have good data portability, you need to have strong authorization. In order to have that, you need to have a strong notion of authentication, and in order to have strong authentication, you need to have identity management that everybody agrees on. These are frankly initiatives that people have been working on for the best part of the last decade.
I think that it will come--it's really important--but really what we're starting to see is the depth of how much there is to solve.
David Meyer of ZDNet UK reported from London.
Click here for ongoing coverage from CNET News, 'Tough times for tech'
Microsoft has always been rather strident on the topic of copyright infringement, as you may have noticed, which makes tale of its "Iconic Britain" photo contest all the more astonishing.
The competition was designed as part of the marketing campaign around Windows Live Image Search, with Nikon as the prize partner. Unlike most photographic competitions, which tend to involve photographers submitting their own work (crazy, I know), this one invited entrants to search for other people's online pictures, then submit the ones they felt were iconic British stuff, in the hope of winning a Nikon camera. As for the photographers themselves, they get nada--not even a link-back to their site or a credit of their name.
Spotted the problem yet?
Inevitably, the reality of this situation hit the photographic community, following which the feces really hit the fan. Here's a particularly entertaining thread on Flickr, in which members vent at the fact that their photos--many of which had been set for private viewing only--had been scraped by Microsoft and pulled over, creditless, to Microsoft's servers. Amusingly, some of the scraped "entries" were of iconic British landscapes such as that of, er, Tennessee.
The Pro-Imaging Web site went knocking on Microsoft's door, and got this response:
It is always very important to Microsoft that we respect the intellectual property rights of others, and we regret that this specific marketing program fell short regarding our own very high standards. We are grateful to Pro-Imaging for raising its concerns about the use of photographers' works on the Iconic Britain website. We have since taken steps to obtain the rights to use every image to be featured in the subsequent stages of the Iconic Britain competition. We also welcome the invitation by Pro-Imaging to discuss with them best practices when using photographs in similar competitions.
Note the phrasing: "taken steps to obtain the rights." We approached Microsoft on this point today, and were assured that the competition's final stage--planned but as yet without a date--would feature photographs for which Microsoft is "currently obtaining the copyrights." Yep, that means it still doesn't have the rights. With goodwill like that, what a shocker!
As for Nikon, it's pulled out of the competition in what I would like to think was disgust. Here's its statement:
Nikon UK would like to confirm that it has formally withdrawn its support from Microsoft's Iconic Britain competition. This is due to the feedback and concerns raised by photographers and entrants surrounding the competition mechanic that was developed and promoted by Microsoft. As the camera prizes that were on offer have already been won, Nikon will fulfill its commitment to these winners, however it will not be associated with the competition going forward.
Again, note the phrasing. It seems to me that the prizes Nikon refers to were for early stages of the competition, and someone else is going to have to provide the prizes for the grand finale, whenever that takes place.
Weirdly, the competition Web site (featuring what look to be poorly edited pictures of Nikon cameras that no longer bear the Nikon logo) still says the final round of voting will close on 14 August (two days from now), despite the fact that that round of voting doesn't seem to have actually started yet.
What else? Oh yes, at one point the competition seems to have decided everyone was a winner. Heck--why not?
A final point of interest regards the judges for the competition. We can fairly assume that Nikon's judge, Simon Coleman, has now fled the judging process, but what of the remaining three judges? These would be Mike Selby, editorial director of the Rex Features stock agency, and--most splendidly--Brian Blessed and Joanna Lumley. No word yet as to whether they're still involved.
It's all a very bizarre story, and particularly outrageous coming from Microsoft--a company we thought knew a thing or two about digital rights. We have asked them how this all managed to slip through the net (a question that was met with 15 seconds of stony silence from Microsoft's PR when I tried it over the phone--let's see if e-mail works!), and will of course let you know as soon as we hear back.
UPDATE: Selby, Blessed, and Lumley are all still judges, Microsoft just told us. They still refuse to explain how they (Microsoft) screwed up so badly, though.
David Meyer of ZDNet UK reported from London.
- prev
- 1
- next
