Not since the release of Windows Vista has such a poorly designed, expensively developed, non-mandatory but strongly encouraged, scenically sounding piece of software created such a buzz as has Green Dam Youth Escort.
The new was-said-to-be-mandatory-but-now-isn’t-and-maybe-never-was software, produced for the Chinese Government as a way to protect the world’s most massive population from the evils of fairer skin tones, has everyone up in arms.
Having said my piece on the matter, I thought I would offer up a summary of the latest Green Dam Youth Escort developments since last week’s panic-enduced reporting announcement that it would be mandatory on all new Chinese PCs as of July 1st.
1. Poor programming causing security issues
June 11, 2009–The Computer Science & Engineering Division of the University of Michigan analyzed the software and found that anyone using it is basically putting his personal information and computer security on a platter for malicious Web sites.
“We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any Web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.
We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.”
June 17, 2009–Jiangmin, a large Chinese antivirus software developer, backs up the U. of M. crew’s analysis (source: ChinaTechNews):
“The company said that the loophole exists in the filtering function of the software. If users open some specially set Web pages when the filtering function is active, the loophole will appear in the buffer of the relevant module. Taking advantage of this loophole, hackers can reportedly place trojans on these Web pages and spread viruses. Computers attacked by virus will have the risks of serious information leak or remotely controlled by hackers.”
2. Chinese Netizens’ criticisms
According to polls on China’s top portals, more than 80 percent object to the software being preinstalled on their new PCs. An anti-Green Dam petition was created at the cleverly domained www.lssw365.org (the official Green Dam Youth Escort site’s domain is www.lssw365.net).
Additionally, Li Fangping, a Beijing-based rights lawyer who made a name for himself during the milk scandal last fall, has sent a request to the Ministry of Industry and Information (MIIT) inquiring into the software, its reasons for development and the legal basis behind requiring it be preinstalled (source).
A good portion of the anger about the software is not just directed at the potential invasion of privacy or censorship, but rather questioning why it cost nearly 42 million yuan (about US$6 million) of tax payer money to develop software that was overwhelmingly unwanted.
But the best, or at least most interesting, criticisms have come from creative Netizens who have put their imaginations to the task with some satirical and humorously artistic creations protesting the intrusive software, including a whole series of “Green Dam Girl (???)” cartoons, like this one:
Green Dam Girl, badged with the River Crab emblem, and carrying Green Dam Youth Escort bunny mascots and a "sealed-off" banner.
4. Protection from spiritual movements and pig porn
And while praise for the product is a bit short on the ground, some have argued that principally it has the right idea. The staff at ChinaTechNews argued earlier this week that the software is a necessary step in getting China’s horribly under-secured Internet under control.
“In China, the effect of thousands of computers which do not have properly installed security software has already caused mass outages and Internet disruptions. Chinese domain name service registrar DNSPod last month reported activities that affected its services and caused network outages in various provinces; Internet users in Jiangsu, Anhui, Guangxi, Henan, Gansu, and Zhejiang reported that they suffered slow Internet speeds or were unable to visit some Web sites. Green Dam stops porn, but it has the potential to truly aid users from visiting other potentially unsafe areas on the Web.”
But for that to happen, the software actually needs to be secure, which if you’ll refer back to point number one above, it seems it isn’t.
What’s more, despite repeated claims that it is not at all intended for political censorship by the software’s developer, as well as various high-ups in Beijing, there have been claims that Chinese hackers have accessed Green Dam‘s keyword blacklist and it contains 2,700 some-odd terms related to pornography, and an additional 6,500 that are “politically sensitive”.
And if that wasn’t enough to make everyone using the software scramble for the “uninstall” command, it doesn’t even block porn properly! The software uses an algorithm that analyzes skin-colored images combined with facial (snicker, snicker) recognition software to determine what is porn and what isn’t. But like anything that you leave a robot to figure out, they’re bound to mess it up. Stupid robots.
Somewhat famously now, it has been reported that the software is quite comfortable with 10-year-olds looking at pornography as long as the objects of their gaze are of the “darker” skinned variety (which Green Dam ignores), while all kids hoping to find images of, say, pigs or Garfield, will be denied.
Piggy porn, according to the Green Dam software
5. Crafted from stolen code and data
So, we have an unwanted piece of software billed to the taxpayer for the pricey sum of US$6 million, that instead of securing the cleanliness of your child’s Internet experience, blocks images of pigs and cats while leaving your computer and its data open to malicious attacks.
But wait, it gets more amusing worse. It turns out that large amounts of the software’s data libraries were lifted verbatim from the censorship program CyberSitter by Solid Oak Software Inc., violating that company’s copyright. Additionally, Green Dam primarily uses OpenCV, an open source computer vision product (that technically should be blamed for the piggy mixup above). Use of OpenCV requires adherence to its BSD license, a fact that Green Dam developers have neglected to do–which is sad really, because it’s a hugely open license and doesn’t take much to meet the neccessary requirements.
6. Monitoring your every move long after it’s “gone”
The Wikileaks.org article linked to above also explained in its analysis of the software that Green Dam Youth Escort doesn’t just stop your Internet browser from visiting skin-showing Web sites, it also monitors a large number of other applications on your computer.
Should you happen to enter any of the 2,700 pornographic words or 6,500 politically sensitive ones, the program shuts down without so much as a “we’re not even going to save that for you” warning. Apparently, kids aren’t allowed to write any dirty emails, either.
A list of the programs being monitored in the current version of Green Dam can be found here–virtually all common PC word processors, text editors, office suites, email clients, instant messaging programs and browsers are being watched.
Fortunately, if you’ve had the bad luck to get a new PC with this garbage preinstalled, you can just uninstall it, right? Well, so says the company. However, according to a computer expert, only the user interface is disabled when using the Green Dam uninstaller: “About half of Green Dam‘s 110 system files continued to reside in the computer. After restarting the computer, Green Dam‘s screening program is running actively in the background.” It should be stated though, that this information comes from The Epoch Times, a creditable source only in its own mind.
And so, that about sums it up. Green Dam Youth Escort–it doesn’t do what it should, it does what it shouldn’t, it’s made from stolen software, and it’s despised by the people for whom it was built and paid for by.
To borrow a phrase from the always au courant Imagethief—Green Dam Youth Escort is, in short, crapware.