Saturday, May 10, 2008

ISPs in Singapore blocking BitTorrent traffic

There has been a considerable amount of controversy over the practice of some ISPs in the U.S. to limit or block traffic. The target is typically VOIP or BitTorrent, and the excuse is that it is overloading their networks.

This brings up the obvious question of why you would be in a business if you don't intend to supply the service you are supposedly selling.

A group calling itself the "max planck institute for software systems" has created a web site and Java applet that allows you to test your connection to see if traffic is being blocked. A fair number of people from Singapore have used the test, and the results are in:

We found widespread blocking of BitTorrent transfers only in the U.S. and Singapore. Interestingly, even within these countries, blocking was observed by hosts belonging to a handful of large ISPs.

I tried the test using my connection which is (barely) served by Starhub Maxonline. The results show that traffic was not blocked, but the throughput speeds are pathetic. The results are as follows:

Is BitTorrent traffic on a well-known BitTorrent port (6881) throttled?

* The BitTorrent upload (seeding) worked. Our tool was successful in uploading data using the BitTorrent protocol.

* The BitTorrent download worked. Our tool was successful in downloading data using the BitTorrent protocol.

* There's no indication that your ISP rate limits your BitTorrent downloads. In our tests a TCP download achieved minimal 39 Kbps while a BitTorrent download achieved maximal 26 Kbps.

The good news is that the BitTorrent protocol is not being actively blocked. The bad news is the terrible speed achieved. What is supposed to be an 8 Mbps service is delivering 39 Kbps.

Starhub continues to under-provision international bandwidth into Singapore. Local speeds can and do achieve the advertised numbers, but try and access anything outside Singapore and you might as well be on dial-up.

Friday, May 09, 2008

OCBC Securities - All your incomes are belong to us

Our series on great moments in abusive legal terms and conditions visits with the fine folks at OCBC Securities.

The 54 page document that governs doing business with OCBC can be found here.

I bring to your attention a couple of gems. The first is Clause 17.

17. Investment of Monies received

(a) You agree that OSPL shall be entitled to retain all of the interest earned from the maintenance of any monies standing to the credit of any Account; and

(b) You agree that OSPL shall be entitled to retain all of the returns from the investment of monies received on your Account. Such investment of monies shall be carried out in accordance with the SFA.

which suggests that leaving money with these folks is unlikely to result in any gain - except for OCBC.

Clause 24 deals with OCBC's obligations to protect your personal information. Somewhat predictably, one is forced to agree to OCBC's right to disclose your data to third parties under a number of different circumstances. There are nine (9) of these, and then we get to the final nail in the coffin of privacy.

24. Consent to disclosure

(a) You hereby expressly authorise and permit OSPL and each of its officers to divulge, reveal or disclose any or all of your particulars of your Account, including but not limited to your information relating to any transaction or dealings between you and OSPL;-

(x) any other person or entity at any time:-

(1) which OSPL or any officer in good faith considers appropriate for any purpose in connection with these terms and conditions; or

(2) where such particulars of your Account was inadvertently divulged, revealed or disclosed to/or accessed by such persons or entities through no willful default of OSPL or relevant officer

This is pretty good stuff. Ignoring the bad grammar (your Account was), as a customer you basically agree that even if OCBC completely screws up and loses your data, has it stolen, compromised or otherwise purloined, they are off the hook.

Lawyers 2, Customers 0

Thursday, May 08, 2008

UOB does it again

Credit crisis not withstanding, the banks and brokers have been up to their old tricks with bizarre and egregious terms and conditions buried in the fine print of forms.

Our example today comes courtesy of UOB. They are proud of their two factor authentication (required by the regulator) for Internet banking, which they trumpet on their home page. However, it seems the pride is tempered somewhat by fear.

If a customer applies to have their password changed, something one should do routinely as a good security practice, the following piece of legalese forms part of the agreement:

"In consideration of the Bank issuing to me a replacement Password, I confirm that I remain responsible for all transactions made with my old or deactivated Password"

Yes folks, UOB has managed to legally defeat the whole purpose of changing your password. Even if someone uses a deactivated or old password, you are responsible. One quick question for the brain trust at UOB - How does a password continue to function if it has been deactivated?

As a customer, I wonder just what kind of a computer department UOB is running if they require legal protection from deactivated passwords.