Recherche avancée

Sur d’autres sites (15997)

• GDPR Compliance Checklist : A Detailed Walkthrough

  14 septembre 2023, par Erin — GDPR

  As digital transformation drives global economies, data has become a valuable currency to businesses of all shapes and sizes. As a result, the complex issue of data privacy is often in the spotlight.

  The General Data Protection Regulation (GDPR) is the key legal framework in the European Union to protect individual privacy and regulate business data handling. 

  Compliance with the GDPR is not just a legal mandate, it’s also good business. An 86% majority of users want more control over their data and 47% of users have switched providers over data privacy concerns.

  To help guide your business decisions around user privacy, this article will cover the key principles of GDPR, including a comprehensive GDPR compliance checklist.

  The key principles and requirements of GDPR

  Before we can translate GDPR’s objectives into practical steps, let’s begin with the defining features and key principles.

  GDPR : An overview

  The GDPR bolsters and unifies data protection standards for everyone within the EU. Enacted in 2018, it represented a seismic shift for companies and public authorities alike in protecting personal information. Its primary objective is to offer greater control to individuals over their data and to hold organisations accountable for its protection.

  GDPR establishes a legal framework that mandates corporate compliance with key principles to ensure user data security, transparency and choice. It sets the terms for your organisation’s privacy practices and the landscape of legal obligations you must navigate in data handling. 

  Key principles of GDPR

  There are seven core principles pivotal to GDPR compliance, which provide a roadmap for ethical and legal data practices.

  

  • Lawfulness, fairness and transparency : This principle demands lawful and fair processing of personal data. Companies should be transparent about their data processing activities, providing clear information in an accessible form.
  • Purpose limitation : Personal data should be collected for explicit, legitimate purposes and not further processed in a way incompatible with those purposes. This demands careful planning of data processing activities.
  • Data minimisation : Companies should only collect personal data that are necessary for their specified purposes, as anything more than this is illegal. This principle emphasises the importance of limiting scope, rather than performing blanket data collection.
  • Accuracy : This principle calls for maintaining data that is accurate, up-to-date and not misleading. Regular internal audits and updates are crucial to following this principle.
  • Storage limitation : Personal data should only be kept for as long as necessary for the purposes for which it was collected. This underscores the need for a detailed retention policy in your GDPR compliance efforts.
  • Integrity and confidentiality : Companies should protect personal data from unauthorised or unlawful processing and accidental loss or damage. Your organisation’s technical security measures play a vital role in this.
  • Accountability : Organisations should be able to demonstrate their compliance with GDPR principles. This underscores the importance of records of processing activities and regular audits as part of your compliance checklist.

  The importance of GDPR compliance for businesses

  Embracing GDPR compliance isn’t merely a matter of avoiding penalties — it’s a commitment to principles that reflect integrity, transparency and respect for personal data. At Matomo, we champion these principles, empowering companies with powerful and compliant web analytics. We make the compliance journey accessible and straightforward, making sure website analytics aligns with legal obligations and ethical practices.

  The implications of non-compliance

  It’s easy to highlight the dramatic fines imposed on tech giants such as Google and Meta. However, it’s essential to recognise that GDPR compliance extends to all companies, including small businesses — for whom even smaller fines can have a significant impact.

  The implications of non-compliance aren’t limited to financial penalties alone, either. Failing to meet obligations can tarnish reputations, erode trust and hinder business activities. Non-compliance could lead to a breach of privacy policy, causing a ripple effect that may be challenging to overcome.

  The potential benefits of being GDPR compliant

  Adhering to GDPR regulations is more than a checkbox on a form — it’s a comprehensive approach to handling personal data responsibly. It fosters trust, opens doors to European customers and builds enduring relationships with individuals whose rights are protected. In fulfilling these obligations and practices, businesses not only meet legal requirements but also foster a culture of ethical conduct and business success.

  Comprehensive GDPR compliance checklist

  Ensuring GDPR compliance may seem like a complex task, but this detailed checklist will simplify your journey. From consent management to data security, we’ve got you covered.

  

  Establish personal data collection and consent management

  When it comes to GDPR compliance, not all consent is created equal. Two distinct forms exist : explicit consent and implied consent. But what exactly sets them apart, and why does it matter to your organisational measures ?

  Explicit consent from users means that the individual has unequivocally agreed to the processing of personal data. It’s an unambiguous agreement, often obtained through a deliberate action like ticking a box. Details are paramount, as the person giving consent must be fully informed about the processing activities.

  • Inform clearly : Use plain language to explain how data will be used and be transparent about processing practices.
  • Obtain active agreement : Use forms or checkboxes (not pre-ticked boxes) to ensure active participation and that you are obtaining explicit user consent.
  • Document it : Keep records of consent, including when and how it was obtained, as a crucial part of your compliance efforts.
  • Facilitate withdrawal : Use consent mechanisms that allow for easy withdrawal of consent for users who decide to opt out.
  • Manage consent forms : Tools like Matomo’s Consent Management Platform can provide accessible forms that not only enhance transparency but also empower individuals, allowing them to feel in control of their details and rights.

  Facilitate data subject rights and access requests

  GDPR emphasises individual rights by empowering users with control over their personal data processing. Here’s a succinct breakdown :

  • Know the rights of individuals : GDPR outlines individual rights such as data access, error rectification, erasure and data portability, allowing individuals to guide how their details are used, processed or shared.
  • Simplify complying with access requests : Companies must respond to access requests efficiently, usually within one month, without undue delay, reflecting organisational measures of respect.
  • Employ ethical and compliant digital analytics : As a leader in ethical web analytics, Matomo subtly aids in compliance efforts, protecting privacy without compromising functionality.

  These practices align with a modern understanding of privacy, emphasising more than legal obligations. By employing Matomo, companies simplify the processing of access requests, which fosters transparency and user control over personal data.

  Implement clear data privacy practices

  Data privacy and consent mechanisms are key tools for compliance. Crafting a comprehensive privacy policy helps protect individuals’ rights and provides integrity in personal data processing. Designing sites and applications with data protection in mind ensures your compliance from the ground-up.

  • Create an easy to understand privacy policy : Create a clear, GDPR-compliant privacy policy that details processing activities, storage limitations and organisational measures, all in plain language. 

  By implementing these steps, companies not only adhere to their legal obligations but also foster an inclusive community that values privacy and ethics. Whether you’re an IT professional or marketer, Matomo’s platform can guide you through the maze of GDPR complexities, inspiring positive change towards responsible data handling.

  Implement data storage limitations and robust security

  Data storage and security are foundational elements of compliance efforts. Companies must foster a proactive approach to preventing data breaches by understanding potential cyberthreats and enforcing appropriate security controls across applications and infrastructures.

  

  • Implement storage limitations : Define limitations on time and scope to avert undue retention and protect personal details.
  • Embrace technical security : Utilise secure processes like encryption, access controls, firewalls and so on, bolstering protection by design.
  • Establish a comprehensive security policy : Align security practices with privacy laws and regulations, including GDPR.
  • React swiftly to personal data breaches : A security breach requires an immediate response, without undue delay, to honour legal obligations and maintain customer trust. Develop a plan for notifying supervisory authorities and affected individuals promptly in the event of a personal data breach.

  Security measures for personal data are about more than just fulfilling legal obligations — they’re about building a safe and ethical digital ecosystem that instils confidence in customers.

  Keep cross-border data transfers in mind

  Cross-border data transfers present a unique challenge, with increased complexity due to varying data privacy laws across regions. You must understand the respective regulations of participating countries and align your compliance practices appropriately to respect all that are relevant to your organisation. 

  For example, data privacy laws in the US are generally more lax than the GDPR so US companies taking on EU customers must hold themselves to a higher standard, with stricter controls placed on their data processing practices.

  • Evaluate third-party services : For companies utilising global networks of third-party services, be sure to select providers that maintain ongoing knowledge and vigilance towards privacy law compliance. Platforms like Matomo that innately prioritise transparency and privacy, have implemented robust security measures, and document transfers diligently are worth considering. 

  Conduct internal audits and compliance checks

  Compliance is not a “one and done” setup, but an ongoing journey requiring regular internal audits. Systems settings can drift over time, and datasets can become increasingly complex as companies scale. Human error happens, too. Audits identify gaps in your compliance efforts to guide actionable improvements. 

  • Conduct regular audits : Stay proactive with internal audits and systematic monitoring, adapting policies to align with privacy laws. Clarity in privacy notices and cookie banners fosters confidence, while regular assessments ensure alignment with GDPR requirements.
  • Ensure transparency : Platforms like Matomo simplify audits, offering valuable insights and support for ethical web analytics and transparency. The right platform can increase visibility and make generating your reports easier. Integrating these processes guarantees GDPR-aligned measures while emphasising data ownership and customer-centric values.
  • Educate and train staff : Engage in ongoing staff education and training on GDPR compliance, privacy policies, and their related responsibilities.

  

  Case study : GDPR compliance in action

  Achieving compliance with the General Data Protection Regulation (GDPR) stands as a paramount concern for businesses worldwide. Both small and large companies have embarked on this journey, implementing measures and revising privacy policies to conform to these regulations.

  Typeform

  Based in Ireland, Typeform, a company dealing with online forms, took GDPR compliance very seriously. Here’s how they achieved it :

  1. Conducting a data protection impact assessment (DPIA) : This vital step helped them assess personal data breach risks and enabled systematic monitoring of potential challenges.
  2. Implementing technical and organisational measures : Security measures such as encryption, access control and drafting a security policy reinforced their personal data processing mechanisms.
  3. Revamping privacy policy : They transformed their privacy policy with accessible, plain language, making it clear and user-friendly.
  4. Appointing a data protection officer (DPO) : This aligned with their core activities and strengthened their compliance efforts.

  The benefits for Typeform were profound :

  • Enhanced customer trust and confidence
  • Reduced risk of fines and penalties
  • Bolstered data security and privacy
  • Improved brand reputation, positioning them favourably among European customers

  Ensuring GDPR Compliance with Matomo Analytics

  Matomo is more than just an analytics platform ; it is a trusted guide in the realm of data privacy. Our mission is to empower users with full data ownership, fostering an inclusive digital community built on trust and transparency. Our suite of features has been meticulously designed to align with GDPR regulations, ensuring that businesses can navigate the complexities of compliance with ease and confidence.

  1. Data Anonymisation

  Matomo’s focus on ethical digital analytics means the platform allows for the anonymisation of user data, ensuring that individual identities remain protected.

  2. Robust GDPR Management

  Beyond just a GDPR Manager, Matomo provides an encompassing framework to streamline compliance activities. From managing user consent to meticulous record-keeping of processing activities, Matomo ensures you are always a step ahead.

  3. User Empowerment with Opt-Out Capabilities

  Matomo respects user choices. The platform offers users an easy way to opt-out of all tracking, giving them control over their data.

  4. First-party Cookies as the Standard

  By using first-party cookies by default, Matomo ensures data remains with the website owner, minimising potential breaches or misuse.

  5. Transparent Data Collection Practices

  Users have the right to know their data. With Matomo, they can view the exact data being collected, reinforcing a transparent relationship between businesses and their users.

  6. Visitor Data Management

  Upon request, Matomo offers capabilities to delete visitor data, aligning with the GDPR’s right to be forgotten.

  7. Data Ownership and Privacy Assurance

  Unlike other web analytics platforms, with Matomo, you retain full ownership of your data and can rest assured that it is not being used for other purposes such as advertising.

  8. IP Anonymisation

  Protecting user location details, Matomo anonymises IP addresses, adding an additional layer of privacy.

  9. Customisable Data Visualisation

  Recognising that not all data is essential, Matomo allows the disabling of visitor logs and profiles, giving businesses the flexibility to decide what data they track.

  By taking a holistic approach to GDPR compliance, Matomo streamlines the processes for you and ensures you follow the legal and ethical best practices.

  

  Start your GDPR compliance journey today

  The global focus on data privacy requires using a GDPR compliance checklist. With 137 countries implementing data protection laws (UN), companies must align with international standards. Compliance, after all, goes beyond avoiding breaches— it’s about upholding privacy and building trust.

  As your trusted guide, Matomo invites you on this GDPR journey. With us, you’ll uphold privacy obligations and manage your processing activities effectively. Compliance isn’t a one-time task but a continuous journey to enhance practices and align with individual rights. Start this vital journey with Matomo today. Try it free for 21-days. No credit card required.

  Disclaimer

  We are not lawyers and don’t claim to be. The information provided here is to help give an introduction to GDPR. We encourage every business and website to take data privacy seriously and discuss these issues with your lawyer if you have any concerns.

• Organic Traffic : What It Is and How to Increase It

  19 septembre 2023, par Erin — Analytics Tips

  Organic traffic can be a website’s most valuable source of visitors. But it can also be the hardest form of traffic to acquire. While paid ads can generate traffic almost instantly, you need to invest time and energy into growing traffic from search engines.

  And it all starts with understanding exactly what organic traffic is. 

  If you want to understand what organic traffic is, how to measure it and how to generate more of it, then this article is for you.

  What is organic traffic ?

  Organic traffic is the visitors your website receives from the unpaid results on search engines like Google, Bing and DuckDuckGo. 

  The higher your website ranks in the search engine results pages and the more search terms your website ranks for, the more organic traffic your site will receive. 

  Organic traffic is highly valued by marketers, partly because it has a much higher clickthrough rate than PPC ads. Research shows the top organic result has a 39.8% CTR compared to just 2.1% for paid ads.

  

  So, while you can pay to appear at the top of search engines (using a platform like Google Ads, for instance), you probably won’t receive as much traffic as you would if you were to rank organically in the same search engine.

  What other types of traffic are there ? 

  Organic traffic isn’t the only type of traffic your website can get. You can also receive traffic from the following channels :

  Direct

  People familiar with your site may visit it directly, either by entering your URL into their browser or accessing it through a bookmarked link ; both scenarios are counted as direct traffic.

  Social

  Social traffic includes visits to your website from a social media platform. For example, if someone shares a link to your website on Facebook, any user who clicks on it will be counted as social traffic. 

  Websites

  Social media isn’t the only way for someone to share a link to your website. Any time a visitor finds your website by clicking on a link on another website, it will be counted as “websites”. This is also known as referral traffic on some analytics platforms. 

  Campaign

  Campaign traffic encompasses both paid and unpaid traffic sources. Paid sources include advertising on search engines and social media (also known as PPC or pay-per-click), as well as collaborations with influencers and sponsorships. Unpaid sources, such as your organisation’s email newsletters, cross-promotions with other businesses and other similar methods, are also part of this mix. 

  In simpler terms, it’s the traffic you deliberately direct to your site, and you utilise campaign tracking URLs to measure how these efforts impact your ROI.

  A word on multi-touch attribution

  If you are interested in learning more about types of traffic to track conversions, then it’s important to understand multi-touch attribution. The truth is most customers won’t just use a single traffic channel to find your website. In reality, the modern customer journey has multiple touchpoints, and customers may first find your site through an ad and then search for more about your brand on Google before going directly to your website. 

  

  You are at risk of under or overestimating the effectiveness of a marketing channel without using multi-touch attribution tracking. With this marketing analytics model, you can accurately weigh the impact of every channel and allocate budgets accordingly. 

  What are the benefits of organic traffic ?

  Getting more organic traffic is a common marketing goal for many companies. And it’s not surprising why. There’s a lot to love about organic traffic. 

  For starters, it’s arguably the most cost-effective traffic your site can receive. You will still need to pay to create and distribute organic content (whether it’s a blog post or product page). You don’t need to pay for it to show up in a search engine. You continue to get value from organic traffic long after you’ve created the page, too. A good piece of organic content can receive high volumes of monthly visitors for years. That’s a stark difference from paid ads, where traffic stops as soon as you turn off the ad. 

  It also puts your website in front of a massive audience, with Google alone processing over 3.5 billion searches every day. There’s a good chance that if your target audience is looking for a solution to their problems, they start with Google. 

  Organic traffic is fantastic at building brand awareness. Usually, users aren’t searching for a specific brand or company. They are searching for informational keywords (“how to brew the perfect cup of coffee”) or unbranded transactional keywords (“best home workout machine”). In both cases, customers can use search engines to become aware of your brand. 

  Finally, organic traffic brings in high-quality leads at every marketing funnel stage. Because users are searching for informational and transactional keywords, your site can receive visits from buyers at every stage of the marketing funnel, giving you multiple chances to convert them and helping to increase the number of touch points you have.

  How to check your website’s organic traffic

  You don’t need to complete complex calculations to determine your site’s organic traffic. A web analytics solution like Matomo will accurately measure your site’s organic traffic. 

  In Matomo, on the left-hand sidebar, you can access organic traffic data by clicking Acquisition and then selecting All Channels.

  

  You’ll find a detailed breakdown of all traffic sources, including organic traffic, within the specified timeframe. The report is set to the current day by default, but you can view organic traffic metrics over a day, week, month, year or a date range of your choice.

  If you want to take things further, you can get a detailed view of organic visitors by creating a custom report for “Visitors from Search Engines only.” By creating a custom report with the segment “Channel Type is search”, you’ll be able to combine other metrics like average actions per visit, bounce rate, goal conversions, etc., to create a comprehensive report on your organic traffic and the behavior of these visitors.

  Matomo also lets you integrate Google, Bing and Yahoo search consoles directly into your Matomo Analytics to monitor keyword performance.

  How to increase organic traffic

  Follow these six tips if you want to increase the web traffic you get organically from search engines. 

  Create more and better content

  Here’s the reality : Most websites don’t get much traffic from Google. Only 40% of sites rank on the first page, and just 23% sit in the top three results. 

  Let’s take quality first. The best content tends to rise to the top of search engines. That’s because it gets shared more, receives more backlinks and gets more user engagement. So, if you want to appear at the top of Google results, creating mediocre content probably won’t cut it. You need to go above and beyond what is already there. 

  But you can’t just create one fantastic piece of content and expect to receive thousands of visitors. You need multiple pages targeting as many search terms as possible. The more pages search engines index, the more opportunities you have to rank. Or, to put it another way, the more shots you take, the greater your chances of scoring. 

  Use keyword research tools

  While creating great content is essential, you want to ensure that content targets the right keywords. These keywords receive a suitable amount of traffic and are easy to rank for. 

  Keyword research tools like Ahrefs of Semrush are the easiest way to find high-traffic topics to write about. Specifically, you want to aim for long-tail keywords. These are search terms that contain three or more words. Think “Nike men’s basketball shoe” rather than “basketball shoe.”

  

  As you can see, long tail keywords have a lower monthly search volume (250 vs. 1,100 using the example above) than broad terms but are much easier to rank for (14 vs. 41 Keyword Difficulty).

  

  While the above tools can help you find new topics to write about, Matomo’s Search Engine Keywords Performance plugin can help highlight topics you have already covered that could be expanded.

  

  The plugin automatically connects to APIs from all significant search engines and imports all the keywords people search for when clicking on your websites into your Matomo report. 

  If you find a cluster of keywords on the same topic that generates a lot of visitors, it may be worth creating even more content on that topic. Similarly, if there’s a topic you think you have covered but isn’t generating much traffic, you can look at revising and refreshing your existing content to try to rank higher. 

  Build high-quality backlinks

  Backlinks are arguably the most important Google ranking factor and the primary way Google assesses the authoritativeness of your site and content. Backlinks strongly and positively correlate with traffic — at least according to 67.5% of respondents in a uSERP industry survey. 

  There are plenty of ways you can create high-quality backlinks that Google loves. Strategies include :

  • Creating and promoting the best content about a given topic
  • Guest posting on high-authority websites
  • Building relationships with other websites

  Ensure you avoid building low-quality spam links at all costs — such as private blog networks (PBNs), forum and comment spam links and directory links. These links won’t help your content to rank higher, and Google may even penalise your entire site if you build them. 

  Find and fix any technical Search Engine Optimisation (SEO) issues

  Search engines like Google need to be able to quickly and accurately crawl and index your website to rank your content. Unfortunately, many sites suffer from technical issues that impede search engine bots. 

  The good news is that certain tools make these issues easy to spot. Take the Matomo SEO Web Vitals feature, for instance. This lets you track a set of core web vital metrics, including :

  • Page Speed Score
  • First Contentful Paint (FCP)
  • Final Input Delay (FID)
  • Last Contentful Paint (LCP)
  • Cumulative Layout Shift (CLS)

  Take things even further by identifying major bugs and issues with your site. Crashes and other issues that impact user experience can also hurt your SEO and organic traffic efforts — so it’s best to eliminate them as soon as they occur. 

  

  Use Matomo’s Crash Analytics feature to get precise bug location information as well as the user’s interactions that triggered, the device they were using, etc. Scheduled reporting and alerts allow you to automate this task and instantly detect bugs as soon as they occur.

  Improve your on-page SEO

  As well as fixing technical issues, you should spend time optimising specific elements of your website to improve how it ranks in search engines. 

  There are several on-page elements you should optimise :

  • Image alt tags
  • URLs
  • Headings
  • Title tags
  • Internal links

  Your goal should be to include a target keyword in each element above. For example, your URL should be something like yoursite.com/keyword.

  It’s best to err on the side of caution here. Avoid adding too many keywords to each of these elements. This is called keyword stuffing, and Google may slap your site with a penalty. 

  Track your content’s performance

  One final way to increase organic traffic is to use an analytics platform to understand what content needs improving and which pages can be removed.

  

  Use an analytics platform like Matomo to see which pages generate the most organic traffic and which lag behind. This can help you prioritise your SEO efforts while highlighting pages that add no value. These pages can be completely revamped, redirected to another page or removed if appropriate. 

  Conclusion

  Organic traffic is arguably the most valuable traffic source your site can acquire. It is essential to monitor organic traffic levels and take steps to increase your organic traffic. 

  A good analytics platform can help you do both. Matomo’s powerful, open-source web analytics solution protects your data and your users’ privacy, while providing the SEO tools you need to send your organic traffic levels soaring. 

  Start a free 21-day trial now, no credit card required.

• Reverse Engineering Italian Literature

  1er juillet 2014, par Multimedia Mike — Reverse Engineering

  Some time ago, Diego “Flameeyes” Pettenò tried his hand at reverse engineering a set of really old CD-ROMs containing even older Italian literature. The goal of this RE endeavor would be to extract the useful literature along with any structural metadata (chapters, etc.) and convert it to a more open format suitable for publication at, e.g., Project Gutenberg or Archive.org.

  Unfortunately, the structure of the data thwarted the more simplistic analysis attempts (like inspecting for blocks of textual data). This will require deeper RE techniques. Further frustrating the effort, however, is the fact that the binaries that implement the reading program are written for the now-archaic Windows 3.1 operating system.

  In pursuit of this RE goal, I recently thought of a way to glean more intelligence using DOSBox.

  Prior Work
  There are 6 discs in the full set (distributed along with 6 sequential issues of a print magazine named L’Espresso). Analysis of the contents of the various discs reveals that many of the files are the same on each disc. It was straightforward to identify the set of files which are unique on each disc. This set of files all end with the extension “LZn”, where n = 1..6 depending on the disc number. Further, the root directory of each disc has a file indicating the sequence number (1..6) of the CD. Obviously, these are the interesting targets.

  The LZ file extensions stand out to an individual skilled in the art of compression– could it be a variation of the venerable LZ compression ? That’s actually unlikely because LZ — also seen as LIZ — stands for Letteratura Italiana Zanichelli (Zanichelli’s Italian Literature).

  The Unix ‘file’ command was of limited utility, unable to plausibly identify any of the files.

  Progress was stalled.

  Saying Hello To An Old Frenemy
  I have been showing this screenshot to younger coworkers to see if any of them recognize it :

  
  
  

  Not a single one has seen it before. Senior computer citizen status : Confirmed.

  I recently watched an Ancient DOS Games video about Windows 3.1 games. This episode showed Windows 3.1 running under DOSBox. I had heard this was possible but that it took a little work to get running. I had a hunch that someone else had probably already done the hard stuff so I took to the BitTorrent networks and quickly found a download that had the goods ready to go– a directory of Windows 3.1 files that just had to be dropped into a DOSBox directory and they would be ready to run.

  Aside : Running OS software procured from a BitTorrent network ? Isn’t that an insane security nightmare ? I’m not too worried since it effectively runs under a sandboxed virtual machine, courtesy of DOSBox. I suppose there’s the risk of trojan’d OS software infecting binaries that eventually leave the sandbox.

  Using DOSBox Like ‘strace’
  strace is a tool available on some Unix systems, including Linux, which is able to monitor the system calls that a program makes. In reverse engineering contexts, it can be useful to monitor an opaque, binary program to see the names of the files it opens and how many bytes it reads, and from which locations. I have written examples of this before (wow, almost 10 years ago to the day ; now I feel old for the second time in this post).

  Here’s the pitch : Make DOSBox perform as strace in order to serve as a platform for reverse engineering Windows 3.1 applications. I formed a mental model about how DOSBox operates — abstracted file system classes with methods for opening and reading files — and then jumped into the source code. Sure enough, the code was exactly as I suspected and a few strategic print statements gave me the data I was looking for.

  Eventually, I even took to running DOSBox under the GNU Debugger (GDB). This hasn’t proven especially useful yet, but it has led to an absurd level of nesting :

  
  
  

  The target application runs under Windows 3.1, which is running under DOSBox, which is running under GDB. This led to a crazy situation in which DOSBox had the mouse focus when a GDB breakpoint was triggered. At this point, DOSBox had all desktop input focus and couldn’t surrender it because it wasn’t running. I had no way to interact with the Linux desktop and had to reboot the computer. The next time, I took care to only use the keyboard to navigate the application and trigger the breakpoint and not allow DOSBox to consume the mouse focus.

  New Intelligence
  
  By instrumenting the local file class (virtual HD files) and the ISO file class (CD-ROM files), I was able to watch which programs and dynamic libraries are loaded and which data files the code cares about. I was able to narrow down the fact that the most interesting programs are called LEGGENDO.EXE (‘reading’) and LEGGENDA.EXE (‘legend’ ; this has been a great Italian lesson as well as RE puzzle). The first calls the latter, which displays this view of the data we are trying to get at :

  
  
  

  When first run, the program takes an interest in a file called DBBIBLIO (‘database library’, I suspect) :

  === Read(’LIZ98\DBBIBLIO.LZ1’) : req 337 bytes ; read 337 bytes from pos 0x0
  === Read(’LIZ98\DBBIBLIO.LZ1’) : req 337 bytes ; read 337 bytes from pos 0x151
  === Read(’LIZ98\DBBIBLIO.LZ1’) : req 337 bytes ; read 337 bytes from pos 0x2A2
  [...]
  

  While we were unable to sort out all of the data files in our cursory investigation, a few things were obvious. The structure of this file looked to contain 336-byte records. Turns out I was off by 1– the records are actually 337 bytes each. The count of records read from disc is equal to the number of items shown in the UI.

  Next, the program is interested in a few more files :

  *** isoFile() : ’DEPOSITO\BLOKCTC.LZ1’, offset 0x27D6000, 2911488 bytes large
  === Read(’DEPOSITO\BLOKCTC.LZ1’) : req 96 bytes ; read 96 bytes from pos 0x0
  *** isoFile() : ’DEPOSITO\BLOKCTX0.LZ1’, offset 0x2A9D000, 17152 bytes large
  === Read(’DEPOSITO\BLOKCTX0.LZ1’) : req 128 bytes ; read 128 bytes from pos 0x0
  === Seek(’DEPOSITO\BLOKCTX0.LZ1’) : seek 384 (0x180) bytes, type 0
  === Read(’DEPOSITO\BLOKCTX0.LZ1’) : req 256 bytes ; read 256 bytes from pos 0x180
  === Seek(’DEPOSITO\BLOKCTC.LZ1’) : seek 1152 (0x480) bytes, type 0
  === Read(’DEPOSITO\BLOKCTC.LZ1’) : req 32 bytes ; read 32 bytes from pos 0x480
  === Read(’DEPOSITO\BLOKCTC.LZ1’) : req 1504 bytes ; read 1504 bytes from pos 0x4A0
  [...]

  Eventually, it becomes obvious that BLOKCTC has the juicy meat. There are 32-byte records followed by variable-length encoded text sections. Since there is no text to be found in these files, the text is either compressed, encrypted, or both. Some rough counting (the program seems to disable copy/paste, which thwarts more precise counting), indicates that the text size is larger than the data chunks being read from disc, so compression seems likely. Encryption isn’t out of the question (especially since the program deems it necessary to disable copy and pasting of this public domain literary data), and if it’s in use, that means the key is being read from one of these files.

  Blocked On Disassembly
  So I’m a bit blocked right now. I know exactly where the data lives, but it’s clear that I need to reverse engineer some binary code. The big problem is that I have no idea how to disassemble Windows 3.1 binaries. These are NE-type executable files. Disassemblers abound for MZ files (MS-DOS executables) and PE files (executables for Windows 95 and beyond). NE files get no respect. It’s difficult (but not impossible) to even find data about the format anymore, and details are incomplete. It should be noted, however, the DOSBox-as-strace method described here lends insight into how Windows 3.1 processes NE-type EXEs. You can’t get any more authoritative than that.

  So far, I have tried the freeware version of IDA Pro. Unfortunately, I haven’t been able to get the program to work on my Windows machine for a long time. Even if I could, I can’t find any evidence that it actually supports NE files (the free version specifically mentions MZ and PE, but does not mention NE or LE).

  I found an old copy of Borland’s beloved Turbo Assembler and Debugger package. It has Turbo Debugger for Windows, both regular and 32-bit versions. Unfortunately, the normal version just hangs Windows 3.1 in DOSBox. The 32-bit Turbo Debugger loads just fine but can’t load the NE file.

  I’ve also wondered if DOSBox contains any advanced features for trapping program execution and disassembling. I haven’t looked too deeply into this yet.

  Future Work
  NE files seem to be the executable format that time forgot. I have a crazy brainstorm about repacking NE files as MZ executables so that they could be taken apart with an MZ disassembler. But this will take some experimenting.

  If anyone else has any ideas about ripping open these binaries, I would appreciate hearing them.

  And I guess I shouldn’t be too surprised to learn that all the literature in this corpus is already freely available and easily downloadable anyway. But you shouldn’t be too surprised if that doesn’t discourage me from trying to crack the format that’s keeping this particular copy of the data locked up.