What if Internet access on your mobile phone for one month cost you HK$ 14,000, or about US$ 1,800? The following story occurred in Hong Kong, but this is a problem common over much of the planet. As recently reported by the South China Morning Post (SCMP):

Mobile-phone users are facing big bills for internet services they thought were free, the consumer watchdog [Hong Kong Consumer Council] warned yesterday. One customer ran up a HK$14,000 bill in a month.

…

The complainant hit with a HK$14,000 bill told the watchdog he thought he was using free Wi-fi services to access the internet.

However, he claims his service provider connected him to the Net through its fee-paying service without warning him first.

“Charges for Web surfing catch out phone users”

South China Morning Post, June 17, 2008

Mobile networks face an important self-imposed obstacle: metered data service charges that are unclear, unrealistic, and often rather opaque to the consumer. While most companies now understand that promoting third generation mobile services requires clear and friendly flat rates, some operators still extract value from their customers the hard way, by selling them voice service plans with Internet access charged extra by the *byte. This is supposed to be the Internet age; regardless of whether the user in question understood he was on Wi-Fi or 3G or 2.5G, a 14,000 dollar bill is exorbitant from any point of view.

This is not a new occurrence. In the April 1, 2003 issue of the SCMP [unfortunately, the SCMP does not support direct linking to articles and requires a subscription] Neil Taylor reported on much the same topic:

… operators know that if their customers were to actually use data services to their fullest capacity, they might suddenly notice what over-priced luxuries these things are.

Last week, I spent three days with Sony Ericsson’s P800 smartphone….

And after three days of happy surfing, I received my phone bill.

If that HK$400 [US$ 51.41] GPRS charge had been for a month’s downloads, I might have been irritated. But I was appalled at what I was charged for three days of sporadic surfing.

By any measure, GPRS charges are extortionate. They are also confusing. Just as we saw with voice and Internet services, the operators appear to have conspired to make their charges as hard to compare as possible.

“Guinea-pig users losers with punishing GPRS charges”

South China Morning Post, April 1, 2003

Neil Taylor was writing about GPRS, the forerunner of 3G, but the business model sounds depressingly similar. Where is the incentive to get a 3G handset and subscription, one may ask? In the July 2005 issue of Receiver Magazine, Outblaze founder and CEO Yat Siu spelled out his view:

The 3G incentive
Serious mass usage of 3G applications will occur when service fees become fixed and subscriptions become attractive and affordable for most users. In Japan, for example, 3G brought about the development of a vibrant and active content download culture that emerged following attractive consumer pricing of 3G bandwidth. Some telecoms may resist the idea, but ultimately they should pay heed to the lesson learned from broadband: charging a service on a usage basis discourages subscription, and will generally limit utilization to early adopters and technophiles.

Many operators who rolled out 3G services erred in setting exorbitant pricing, thus discouraging regular consumers from utilizing expensive 3G bandwidth services. 3G downloads of products such as video streaming, applications, or large emails are fairly substantial and therefore incur a greater cost on a pay-per-use bandwidth model; clearly, this is discouraging to potential customers.

Yat Siu, in Receiver Magazine, July 2005

There is the argument that 3G network operators were fleeced by their governments, but regardless of who bears responsibility for high 3G prices, several operators used confusing metered pricing to transfer the high 3G entry costs to their customers. And that’s not the only way in which the consumer loses: the high and often confusing costs of 3G services keep adoption rates low and indirectly hamper 3G technology. Until the majority of operators offer attractive flat rate data usage plans as well as “common sense” plans that prevent gigantic Internet access charges, consumers in most of the world will continue to be confused and outraged at the end of the month. That is, if they make use of data services in the first place, which is something many people avoid.

This brings us to Wi-Fi: it’s cheap, available across a growing multitude of devices, supported by just about all operating systems, and growing fast. Consider FON, a network of hundreds of thousands of members around the world who share their bandwidth with other FON members. In Hong Kong FON coverage is getting quite good, and you’ll find a free FON signal at Starbucks, McDonald’s, and major shopping malls just to name a few. FON has even been reviewed by the government of Hong Kong.

Outblaze operates FON in Hong Kong and we might have a slight bias, but there are local alternatives in most cities. Although FON is a global service, in Hong Kong Y5Zone is fairly prevalent and well organized, with over 800 hotspots. PCCW also offers Wi-Fi around the city.

Service plans with hidden or secret rates simply cannot compete with affordable flat rates. We’ve seen the shift from metered to flat charges in traditional telephony, television, and fixed line Internet access; isn’t it time the latest generation mobile network operators modernized all their fee structures to match their handset line-ups? You too can help discourage those network operators who maintain confusing charges: just have your mobile device connect via Wi-Fi when you need the Internet, and avoid data service charges entirely. In a city like Hong Kong Wi-Fi is available at most locations, so you’ll avoid astronomical bills while sending an important message to your provider.

Hong Kong domains are the most dangerous in the world; this little factoid from a recent McAfee report generated quite a bit of media coverage, and even made TIME magazine’s top stories list (here is McAfee’s press release on the subject). But all is not as it seems, and aspects of the report may have been out of date before the report was even published.

McAfee’s study seems to be based on a year’s worth of data, and last year was a particularly bad year for the Hong Kong domain, thanks to a gang of botnet spammers registering thousands of domains under the .hk country code top level domain (ccTLD; a generic top level domain is a gTLD).

These domains were most likely registered using stolen credit cards, and contained bogus information in the “whois” records (which show domain ownership). The contact email address for each domain was usually an email address at a random free webmail site like Yahoo, Hotmail, or some of the Outblaze clients.

This certainly turned out to be a gigantic reputation problem for the .hk ccTLD - far more scam domains were being registered under .hk than legitimate domains. Even worse, these scam domains were being hosted on botnets (large networks of infectedPCs, remotely controlled by criminal gangs).

The .hk domains started turning up in spam for porn, fake prescription medication, phishing (identity theft) and many other illegal schemes such as “money mule recruitment”, where people are conned into running an “export agency” and unwittingly become conduits for money laundering and receivers of goods bought with stolen credit cards.

A botnet is a very large, highly failure-tolerant and distributed network. It is also international in nature, so that a child pornography website hosted on an infected PC in Hong Kong could turn up the very next minute on an infected laptop in Brazil. With distributed peer-to-peer botnets the domain name used by a botnet is sometimes its single point of failure.

Registrars (which provide domain registration services) and Registries (which administer gTLDs and ccTLDs) are therefore crucial to any attempt to mitigate botnets.

HKDNR, the registry for the .hk ccTLD, was initially slow to react to this problem, prompting antivirus and antiphishing researchers like Gary Warner (now Director of Research in Computer Forensics & Cybercrime at the University of Alabama at Birmingham) to declare a “crisis situation” in a March 2007 email to a mailing list that discusses phishing. In the email he accused HKDNR of inaction and insufficient response to the concerns of the antispam community.

HKDNR and the Hong Kong CERT (HKCERT) were accused of responding to complaints with canned letters that promised to investigate, but appeared to take no action at all. The response letters encouraged complainants from outside Hong Kong to “report the matter to their local law enforcement agencies”.

By late 2007, the number of .hk domains registered by scam artists numbered in the tens of thousands. Action by various groups (independent technologists, antispam block list providers, CERT teams, law enforcement and regulatory agencies) then seemed to convince HKDNR of the need to take immediate drastic action against scam domains registered in the .hk ccTLD.

As the Postmaster and Head of Anti-spam Operations for Outblaze, I contributed to the effort by providing a feed of several thousand .hk domains from spam reported on our network of 40 million hosted email users.

The results were astounding. Over 10,000 scam domains were terminated in a matter of days. Long term measures were also put in place, such as

• Credit card fraud prevention, including Verified by Visa (most of these scam domains were registered using stolen credit cards)
• Due diligence measures to detect fake domain registration
• Closer cooperation of HKDNR with relevant authorities and agencies.

International cooperation is vital for two reasons:

1. as an early warning when scam artists attempt to set up shop again
2. as a way to share best practices with groups, associations, government regulators, and law enforcement agencies working on the prevention of spam and cybercrime.

In a matter of days, the huge concentration of scammer domains in the .hk ccTLD scattered, shifting to other countries and ccTLDs. Some moved to China (as the McAfee report indicates, a large number of scammer domains still exist in .cn space) and others went onto .biz, .info, and even ccTLDs like .ma (Morocco).

The botnet problem is clearly international, and registrars and registries around the world are vulnerable to what HKDNR suffered last year. While it might be stale news in that HKDNR has already dealt with this problem, it serves as a reminder that botnet criminals are still out there and still causing trouble. Spam and cybercrime are hitting record levels and that there is a need for constant awareness and joint efforts to mitigate the menace that botnets have evolved into over the last few years.

I have written a long and detailed paper on botnet mitigation for the International Telecommunications Union (ITU) as part of the ITU’s Botnet Mitigation Toolkit. It discusses the threat that botnets pose to the worldwide community of Internet users, and describes an interlinked set of policy, technology, and civil society approaches to the problem of botnets. Most of what I have written in this blog entry is already present in the ITU paper, so I will stop here and encourage people reading this to glance at the paper as well. It is 100 pages long so probably not bedtime reading, but I’d still appreciate your comments!

Suresh Ramasubramanian

Postmaster and Head of Anti-spam Operations

Outblaze

On 12 May 2008, Wenchuan County in the Chinese province of Sichuan experienced one of the most violent earthquakes in history. With an epicentre located 90 Km from Chengdu and registering a 7.9 on the moment magnitude scale (roughly equal to the old Richter scale), buildings swayed in Shanghai and Beijing and the tremors were felt as far away as Thailand and Pakistan, thousands of kilometres distant. Imagine what happened at the epicentre.

At the time of writing the official death toll reported by Xinhua, the Chinese news agency, is well over 15,000 and rising. Thousands of people remain trapped in rubble - nearly 20,000 of them in Mianyang alone. Entire communities have been obliterated. As with other natural disasters, the initial cataclysmic event is only the beginning, and rescue workers must now fight against time and the elements in order to search for the missing, provide care and shelter for the injured, and stave off disease among the survivors.

Roads in Wenchuan County have been damaged, blocked, or destroyed, slowing relief efforts and in some cases preventing them entirely. Heavy rain and landslides also hamper the progress of rescuers. Thankfully, the danger from aftershocks is minimal, but it’s worth remembering that a previous earthquake of comparable energy in China, the 1976 Tangshan earthquake, caused the death of nearly a quarter of a million people (much more than that, depending on the statistics you use). Many of those victims were not killed during the earthquake, but instead died in the following days.

We can all help by donating to relief efforts, both as individuals and as companies. Remember, every little bit helps, especially when many tens of thousands of lives are at stake in the next few days. Outblaze donates to the Red Cross but all accredited relief agencies need your help now. Please donate and help to mitigate the effects of this natural disaster.

Some donation links

• Red Cross
• Red Cross Hong Kong donation page
• WorldVision
• China Digital Times provides information on donating directly to the Red Cross Society of China (the Red Cross China web site appears to be unavailable but you can donate using the information in the article)
• Give2Asia

Information

Red Cross Disaster Management updates

Information on how to donate was provided by Rebecca McKinnon, who has also set up a ‘chinaquake’ Pledge Fund - please join it.

The photograph in this post was found on the EastSouthWestNorth blog. These images provide an idea of the horror and suffering caused by this earthquake and are extremely disturbing.

Wikipedia page on the 2008 Sichuan Earthquake.

BBC tag for the latest news on China Earthquake.

Outblaze wishes all readers a happy Lunar/Chinese New Year and a very prosperous Year of the Rat for 2008!

Over the last week announcements of the Turner Entertainment and Outblaze project called TurnOut have generated quite a few questions. We’ve taken a video of Thomas Crampton video-interviewing Outblaze CEO and Founder Yat Siu a few days ago on the subject of this cooperation. Thomas Crampton is a former correspondent for the New York Times and the International Herald Tribune, currently working for Next Media Hong Kong and of course on his own blog.

Thomas came for a tour of our offices and to catch up on all the exciting work Outblaze and Outblaze sister companies are doing. We recorded the conversation about the Turner / Cartoon Network project in order to illuminate those who may have questions not addressed by the announcements of the last week.

The video is about 8 minutes long. In it, Yat Siu explains how TurnOut is bringing together Turner’s impressive library of brands and characters with Outblaze’s digital services to create compelling Web 2.0 offerings.

Turner Outblaze TurnOut Thomas Crampton Yat Siu
Turner Entertainment

Social media presents a rather attractive business proposition: provide your users with social services and let them generate content, traffic, and exposure for you. Last week (November 26-30) in Singapore I was restating this case in Outblaze’s bid for the Asia Pacific Information & Communication Technology Alliance Awards, one of the best and most comprehensive technology award schemes in the region and known more briefly as the APICTA Awards (see this site for more information). Our entry in the competition was OutblazeVideo, a white label hosted social video platform for portals and media companies.

To make a long story short - this event lasted most of the week - Outblaze won the APICTA Award in the category Tools & Infrastructure Application. I was there solo, and between all the cocktail receptions, networking events, exhibits, presentations, judging sessions and the excitement of victory I completely forgot to take photographs. I do have a picture of me with the award kindly sent in by Janice AuYeung and Karman Li of the Hong Kong Computer society (Janice and Karman, also in the picture, did a great job coordinating the Hong Kong delegation activities):

APICTA is a network of 16 Asian and Australasian countries and economies whose common goal is to increase awareness of information & communication technologies, stimulate ICT innovation and creativity, promote economic and trade relations, facilitate technology transfer, etc. Their yearly awards are among the most coveted by all manner of IT firms in the Eastern hemisphere.

(more…)

Outblaze is proud to be a major sponsor of the 3rd annual Chinese Blogger Conference, which was held in Beijing on November 3-4 2007.

Fon Hong Kong and Outblaze’s new service Blogarate are major sponsors.

(more…)

Open Source: live it and love it, as we’ve said since 1998. Outblaze CEO and Founder Yat Siu was interviewed by CIO Asia magazine on the region’s growing use of open source. Read the article here (October 2007 issue).

Extract:

Outblaze has a strong in-house programming capability and focuses on web technology, which is why it has profited from open source software ahead of most Asian enterprises. But the company’s success with open source may point to the future of Asian IT.