Japanese Government Reassures Free WiFi Providers Not Tap Users Messages

Japan’s Ministry of Internal Affairs and Communications(MIC) on April 4 issued two administrative directions around the constitutionally guaranteed secrecy of communication (=Tsuushin no Himitsu, in Japanese) against Connect Free and NTT Broadband Platform.

Both companies tried to offer free WiFi services at shops last December but got in troubles by suspicious behaviors when users connect the free WiFi stations.

Direction for Connect Free [J] pointed that the service collected user client’s MAC address and some social media account IDs “without prior consent”. (Asiajin’s report)

The other one for NTT Broadband Platform [J] said that the company blocked access for specific websites from the free WiFi spots “without due reasons”. The document did not specify the service name but it is likely Seven Spot [J], free WiFi spots available on Seven Eleven, Ito Yokado, Seibu and Denny’s chain-stores, which was complained to block Amazon Japan and Rakuten websites at launch, probably because they are rival on shopping.

Experiment: Can You Identify Twitter Users In Tokyo?

A Japanese column media Omocoro [J] ran an interesting test in Shibuya, one of the most crowded area in Tokyo. A writer Sebuyama tries to find a random person whose tweets show he/she is in Shibuya.

All 3 target were picked up from search by “Shibuya nau(=now in Shibuya)” on Twitter, which sometimes could be 30 times per minute. Sebuyama picked up Twitter users who carelessly tweeted where they are shopping, what they were eating. All three were using real photo of them on icons, which is rather minority in Japanese Twitter.

Although he could not catch the first target as she hopped too many shops in short time, he could find other two by icons, photos of shops and lunch, some physical description such like body height on their Twitter profile.

The third person was tracked easily because he attached Foursquare URLs (FYI – Shibuya is one of the most checked-in cities on Foursquare around the world). Both persons were shocked that the unknown guy suddenly approached and called them by Twitter name, told what they had just ate at lunch. Both said that they would change their icons, stop tweeting with private information, or even stop Twitter itself.

It is possible that this kind of thing happen if you expose your info lots, however, good amount of the site readers, then Japanese net/Twitter users seemed to be surprised and the column spread widely.

Privacy: How To Get Postal Address From Amazon Wish List

Amazon’s wish list is a list of products that you can publish on Amazon and ask people to purchase and send, a kind of donation feature. You are expected to be anonymous and still receive gifts, for example blog readers.

On January 18, a Twitter user @mopetsune explained how you can extract anyone’s real address if you know the wish list ID, without being known by the list owner.

The procedure he explained rapidly frightened Japanese web users who had published their wish-lists. I can tell that Japanese are more sensitive on their postal address known.

It was not the first time to be pointed out. In September 2011 a blog tyoro.exe tested and confirmed that the rumor on the web you can get the address of the wish-list owner by ordering other item (=not from the wish-list) on your store Market Place. With this, you will know the receiver’s address but s/he will know you know.

This time’s one added a procedure of canceling the original item from wish-list. Even only with the remained item from your store,you still can get the wish-list owner’s address.

Amazon has a setting of not sending gift on wish-list from third-party Market-place stores. It is reasonable that your address notified to the seller when you turn it on. However, according to this @mopetsune, on the procedure above, your address could be taken even if the setting is off.

I do not know if this trick works on Amazon in other countries. If it is the same and you want to avoid it, easy way is to remove “Ship-to Address” from wish-list setting.

According to @bulkneets, a well-known security authority, Amazon Japan seemed to fix the hole partially.

Young American Serial Entrepreneur Faces Harsh Criticism Over Free-By-Ads WiFi Service Privacy Issue

Kristopher Tate is an American-born serial entrepreneur who had appeared many times on TechCrunch by his photo-sharing start up Zooomr founded at his age of 17.

TechCrunch’s database had not tracked him later but he migrated to Tokyo with Zooomr with seeing more possibility in Japan and Japanese web in 2007, has been actively developing several services,

  • Keireki.jp [J] – business social networking service aimed at Japanese LinkedIn counterpart
  • am6 [J] – service adds a toolbar with social tools on your websites
  • Zenback [J] – blog widget provides Zemanta-like recommendation and social media parts, developed for Six Apart (TypePad and Movable Type company which is now Japan-based)

His latest product is ConnectFree [J], which offers free WiFi access points around the nation in exchange of displaying toolbar with ads. As Japan is known with comparatively poor WiFi environment because of widespread use of 3G data connection service, it sounds a good idea to add more free WiFi spots all around the nation with good incentive to shops and advertisers.

Tate leads the company ConnectFree as a CEO and Chief Development Officer and on October 26, the company made a big partnership [J] with Japan’s (and the world’s) largest printing company Dai Nippon Printing(DNP) to promote a WiFi system which enables to shops to offer free WiFi spot by inserting ConnectFree toolbar on user browsing pages.

However, calamity for them (or bless for consumers) began at night December 5, when a notable security researcher Hiromitsu Takagi appeared on a shop which serves ConnectFree WiFi and a good-looking case-study on the service site. With praising the dish, Takagi demonstrated and tweeted to his security-aware 11K followers how ConnectFree modified the original HTML codes of whatever websites you are browsing, with explaining that it collects and sends users MAC address, Twitter account name, Facebook account name to the ConnectFree server. It also replaced Amazon associate program links all with ConnectFree’s ID (which is not allowed by Amazon’s terms of use) and tracked accesses by ConnectFree’s Google Analytics account.

On a popular tweets curating service Togetter, Takagi’s and related tweets are summarized [J]. Takagi started tweets at 9:21 p.m. and he said he got a phone call at 12:50 a.m. from “ConnectFree president”, who must be Tate and according to tweets they talked over the phone about nearly an hour. At that point, Takagi’s tweets got great attentions on Japanese Twittersphere.

A half day later, 6th afternoon, the company issued an apology release [J] with its stopped all of MAC/Twitter/Facebook/Amazon/Google-Analytics manipulation. The release said that it collected those data but never used or handed them over to the third-parties. About Amazon affiliate modification, it told that it was experiment only at one shop (where Takagi ate at the night?), but after the release, some others reported on Twitter that they salvaged JavaScript file from their browser cache when they used ConnectFree about a month ago the Amazon-related code were there at other shops.


(Tate’s apology on his personal Twitter account)

After Asahi [J], Yomiuri [J], many more followers and Yahoo! Japan News [J] reported it, the word “ConnectFree” (in Japanese katakana notation) was ranked on the top 10 of trending words both on Twitter and Google today December 7.

According to Twitter users, ConnectFree’s company profile page [J] was observed to delete(“All except CEO disappeared”) and resume(“Some boards are back now”) some executives today.

DNP also announced immediate shut-down of ConnectFree WiFi services at its affiliating shops. Although I do not know how deep those other people were explained and understood what Tate was trying to do both in technically and ethically, the attitude of adults around the young foreign challenger is not so admirable.

[Update 2011-12-13]

Japan’s public broadcaster NHK reported it on its national news [J, movie on the linked page].

According to NHK, ConnectFree system was served at about 40 restaurants and hotels in greater Tokyo and Kwansai area. Japan Ministry of Internal Affairs and Communications(MIC) heard from ConnectFree as it could violate a law of Telecommunications Business Act(Denki Tsuushin Jigyou-hou, 電気通信事業法) which orders to keep privacy of communications.