ret/SYN: CERT Security Advisory Newsletter - April 3, 1997

Simon Garfunkel, noted internet security expert and erstwhile singing duo, discusses what it is about the new odor technology that doesn't smell quite right


"Logic is a wreath of pretty flowers, that smell bad!" - Mr. Spock

"Something's rotten in Denmark..." - Hamlet
(otp://pewww.elsinore.dk/~hamlet)

In the rush to leap into the world of new untested technology where angels rightly fear to tread, there is always the danger that in this flurry of excitement, someone will do something that really stinks. Nowhere has this been more true than in the area of odor tranmission over the web, using the newly adopted OTP (Olfactory Transfer Protocol).

"Once users have associated odor files embedded in web pages with applicable applications, or installed the appropriate plug-ins to emit odors directly from the browser," says internet odor security consultant Victor Stench, "they have little or no control over how their desktop is going to smell."

One user, Stench reports, had three browser sessions going on simultaneously, one directed at a licorice company, another looking at a manufacturer of house paint, and a third pointing to a local zoo's website. All three sites made extensive use of embedded odors on their pages. "He could no longer use his PC after that," says Stench, "not because it crashed or because the system was damaged, but because no one wanted to go near it for months!"

But it isn't just a matter of prioritizing and filtering multiple incoming odors. "Some odors aren't what they say they are," notes Stench. "You think you're downloading a bouquet of flowers, when what you're about to get is a pile of cow dung. And once you've downloaded cow dung, you're kind of stuck with it."

The issue of authentication of signed odors is a serious one. No one has stepped forward to be a central provider of odor authentication service. The AROMA (Advanced Real-time Olfactory Message Authentication) protocol was developed concurrently with OTP, but no one currently offers a service that certifies the origin of all odors transmitted via the web. "It's not a job I would want!" Stench remarked, "though I'm sure you could find people who would eagerly take it."

Some corporate installations have put up "odorwalls" to keep unwanted odors out. Naturally, as with any limitation on the usability of users' Internet connections, this limits the usability of users' Internet connections. John Cherry Cola of the Odor Frontier Foundation (OFF) is concerned that users are being told what they can and can't smell. "Just because an odor is considered 'offensive' by some people doesn't mean that I shouldn't be allowed to smell it. Freedom of smell is guaranteed in the Constitution, and any effort to limit it on the Internet is doomed to failure."

Still, many people would prefer to place limits on odor transmission via the Internet, limits that prevent offensive odors from being smelled, particularly by unsupervised children. Software packages like CyberSniffer and Nose Patrol act to filter out "undesirable" odors before they reach the desktop. Others prefer a hardware solution, installing Dr. Schill's OdorEaters directly into their modems and routers.