Daily Archives: August 13, 2021

The End Of Ownership: How Big Companies Are Trying To Turn Everyone Into Renters

Posted on by

We’ve talked a lot on Techdirt about the end of ownership, and how companies have increasingly been reaching deep into products that you thought you bought to modify them… or even destroy them. Much of this originated in the copyright space, in which modern copyright law (somewhat ridiculously) gave the power to copyright holders to break products that people had “bought.” Of course, the legacy copyright players like to conveniently change their language on whether or not you’re buying something or simply “licensing” it temporarily based on what’s most convenient (i.e., what makes them the most money) at the time.

Over at the Nation, Maria Bustillos, recently wrote about how legacy companies — especially in the publishing world — are trying to take away the concept of book ownership and only let people rent books. A little over a year ago, picking up an idea first highlighted by law professor Brian Frye, we highlighted how much copyright holders want to be landlords. They don’t want to sell products to you. They want to retain an excessive level of control and power over it — and to make you keep paying for stuff you thought you bought. They want those monopoly rents.

As Bustillos points out, the copyright holders are making things disappear, including “ownership.”

Maybe you’ve noticed how things keep disappearing—or stop working—when you “buy” them online from big platforms like Netflix and Amazon, Microsoft and Apple. You can watch their movies and use their software and read their books—but only until they decide to pull the plug. You don’t actually own these things—you can only rent them. But the titanic amount of cultural information available at any given moment makes it very easy to let that detail slide. We just move on to the next thing, and the next, without realizing that we don’t—and, increasingly, can’t—own our media for keeps.

And while most of the focus on this space has been around music and movies, it’s happening to books as well:

Unfortunately, today’s mega-publishers and book distributors have glommed on to the notion of “expiring” media, and they would like to normalize that temporary, YouTube-style notion of a “library.” That’s why, last summer, four of the world’s largest publishers sued the Internet Archive over its National Emergency Library, a temporary program of the Internet Archive’s Open Library intended to make books available to the millions of students in quarantine during the pandemic. Even though the Internet Archive closed the National Emergency Library in response to the lawsuit, the publishers refused to stand down; what their lawsuit really seeks is the closing of the whole Open Library, and the destruction of its contents. (The suit is ongoing and is expected to resume later this year.) A close reading of the lawsuit indicates that what these publishers are looking to achieve is an end to the private ownership of books—not only for the Internet Archive but for everyone.

[…]

The big publishers and other large copyright holders always insist that they’re “protecting artists.” That’s almost never the case. They regularly destroy and suppress creativity and art with their abuse of copyright law. Culture shouldn’t have to be rented, especially when the landlords don’t care one bit about the underlying art or cultural impact.

Source: The End Of Ownership: How Big Companies Are Trying To Turn Everyone Into Renters | Techdirt

Boffins propose Pretty Good Phone Privacy to end pretty invasive location data harvesting by telcos

Posted on by

[…] In “Pretty Good Phone Privacy,” [PDF] a paper scheduled to be presented on Thursday at the Usenix Security Symposium, Schmitt and Barath Raghavan, assistant professor of computer science at the University of Southern California, describe a way to re-engineer the mobile network software stack so that it doesn’t betray the location of mobile network customers.

“It’s always been thought that since cell towers need to talk to phones then all users have to accept the status quo in which mobile operators track our every movement and sell the data to data brokers (as has been extensively reported),” said Schmitt. “We show how it’s possible to protect users’ mobile privacy while at the same time providing normal connectivity, and to do so without changing any of the hardware in mobile networks.”

In recent years, mobile carriers have been routinely selling and leaking location data, to the detriment of customer privacy. Efforts to alter the status quo have been hampered by an uneven regulatory landscape, the resistance of data brokers that profit from the status quo, and the assumption that cellular network architecture requires knowing where customers are located.

[…]

The purpose of Pretty Good Phone Privacy (PGPP) is to avoid using a unique identifier for authenticating customers and granting access to the network. It’s a technology that allows a Mobile Virtual Network Operator (MVNO) to issue SIM cards with identical SUPIs for every subscriber because the SUPI is only used to assess the validity of the SIM card. The PGPP network can then assign an IP address and a GUTI (Globally Unique Temporary Identifier) that can change in subsequent sessions, without telling the MVNO where the customer is located.

“We decouple network connectivity from authentication and billing, which allows the carrier to run Next Generation Core (NGC) services that are unaware of the identity or location of their users but while still authenticating them for network use,” the paper explains. “Our architectural change allows us to nullify the value of the user’s SUPI, an often targeted identifier in the cellular ecosystem, as a unique identifier.”

[…]

Its primary focus is defending against the surreptitious sale of location data by network providers.

[…]

Schmitt argues PGPP will help mobile operators comply with current and emerging data privacy regulations in US states like California, Colorado, and Virginia, and post-GDPR rules in Europe

Source: Boffins propose Pretty Good Phone Privacy to end pretty invasive location data harvesting by telcos • The Register

Hackers return around half of stolen $600 million in Poly Network hack

Posted on by

Hackers have returned nearly half of the $600 million they stole in what’s likely to be one of the biggest cryptocurrency thefts ever.

The cybercriminals exploited a vulnerability in Poly Network, a platform that looks to connect different blockchains so that they can work together.

Poly Network disclosed the attack Tuesday and asked to establish communication with the hackers, urging them to “return the hacked assets.”

[…]

In a strange turn of events Wednesday, the hackers began returning some of the funds they stole.

They sent a message to Poly Network embedded in a cryptocurrency transaction saying they were “ready to return” the funds. The DeFi platform responded requesting the money be sent to three crypto addresses.

As of 7 a.m. London time, more than $4.8 million had been returned to the Poly Network addresses. By 11 a.m. ET, about $258 million had been sent back.

[…]

Source: Cryptocurrency theft: Hackers steal $600 million in Poly Network hack

Apple App Store, Google Play Store Targeted by Open App Markets Act

Posted on by

The Open App Markets Act, which is being spearheaded by Sens. Richard Blumenthal, and Marsha Blackburn, is designed to crack down on some of the scummiest tactics tech players use to rule their respective app ecosystems, while giving users the power to download the apps they want, from the app stores they want, without retaliation.

“For years, Apple and Google have squashed competitors and kept consumers in the dark—pocketing hefty windfalls while acting as supposedly benevolent gatekeepers of this multibillion-dollar market,” Blumenthal told the Wall Street Journal. As he put it, this bill is tailor-made to “break these tech giants’ ironclad grip open the app economy to new competitors and give mobile users more control over their own devices.”

The antitrust issues facing both of these companies—along with fellow tech giants like Facebook and Amazon—have come to a boiling point on Capitol Hill over the past year. We’ve seen lawmakers roll out bill after bill meant to target some of the most lucrative monopolies these companies hold: Amazon’s marketplace, Facebook’s collection of platforms, and, of course, Apple and Google’s respective app stores. Last month, three dozen state attorneys general levied a fresh antitrust suit against Google for the Play Store fees forced on app developers. Meanwhile, Apple is still in a heated legal battle with Epic Games over its own mandated commissions, which can take up to 30% from every in-app purchase users make.

Blumenthal and Blackburn target these fees specifically. The bill would prohibit app stores from requiring that developers use their payment systems, for example. It would also prevent app stores from retaliating against developers who try to implement payment systems of their own, which is the exact scenario that got Epic booted from the App Store last summer.

On top of this, the bill would require that devices allow app sideloading by default. Google’s allowed this practice for a while, but this month started taking steps to narrow the publishing formats developers could use. Apple hardware, meanwhile, has never been sideload-friendly—a choice that’s meant to uphold the “privacy initiatives” baked into the App Store, according to Apple CEO Tim Cook.

Here are some other practices outlawed by the Open App Markets Act: Apple, Google, or any other app store owner would be barred from using a developer’s proprietary app intel to develop their own competing product. They’d also be barred from applying ranking algorithms that rank their own apps over those of their competitors. Users, meanwhile, would (finally) need to be given choices of the app store they can use on their device, instead of being pigeonholed into Apple’s App Store or Google’s Play Store.

Like all bills, this new legislation still needs to go through the regulatory churn before it has any hope of passing, and it might look like a very different set of rules by the time it finally does. But at this point, antitrust action is going to come for these companies whether they like it or not.

Source: Apple App Store, Google Play Store Targeted by Open App Markets Act

I have been talking about this since early in 2019 and it’s great to see all the action around this

Amazon Drops Policy claiming ownership of Games made by employees After Work Hours

Posted on by

Amazon.com Inc. withdrew a set of staff guidelines that claimed ownership rights to video games made by employees after work hours and dictated how they could distribute them, according to a company email reviewed by Bloomberg.

[…]

The old policies mandated that employees of the games division who were moonlighting on projects would need to use Amazon products, such as Amazon Web Services, and sell their games on Amazon digital stores. It also gave the company “a royalty free, worldwide, fully paid-up, perpetual, transferable license” to intellectual property rights of any games developed by its employees.

[…]

The games division has struggled practically since its inception in 2012 and can hardly afford another reputational hit. It has never released a successful game, and some current and former employees have placed the blame with Frazzini. Bloomberg reported in January that Frazzini had hired veteran game developers and executives but largely dismissed or ignored their advice.

Source: Amazon Drops ‘Draconian’ Policy on Making Games After Work Hours – Bloomberg

So tbh if they can’t make games during work hours, what difference is it that their incompentence after work hours can’t be sold outside of Amazon. Or are the employees ripping the Amazon Games division off?

China stops networked vehicle data going offshore under new infosec rules

Posted on by

China has drafted new rules required of its autonomous and networked vehicle builders.

Data security is front and centre in the rules, with manufacturers required to store data generated by cars – and describing their drivers – within China. Data is allowed to go offshore, but only after government scrutiny.

Manufacturers are also required to name a chief of network security, who gets the job of ensuring autonomous vehicles can’t fall victim to cyber attacks. Made-in-China auto-autos are also required to be monitored to detect security issues.

Over-the-air upgrades are another requirement, with vehicle owners to be offered verbose information about the purpose of software updates, the time required to install them, and the status of upgrades.

Behind the wheel, drivers must be informed about the vehicle’s capabilities and the responsibilities that rest on their human shoulders. All autonomous vehicles will be required to detect when a driver’s hands leave the wheel, and to detect when it’s best to cede control to a human.

If an autonomous vehicle’s guidance systems fail, it must be able to hand back control.

[…]

Source: China stops networked vehicle data going offshore under new infosec rules • The Register

And again China is doing what the EU and US should be doing to a certain extent.

Have you made sure you have changed these Google Pay privacy settings?

Posted on by

Google Pay is an online paying system and digital wallet that makes it easy to buy anything on your mobile device or with your mobile device. But if you’re concerned about what Google is doing with all your data (which you probably should be), Google doesn’t make it easy for Google Pay has some secret settings to manage your settings.

 

A report from Bleeping Computer shows that privacy settings aren’t available through the main Google Pay setting page that is accessible through the navigation sidebar.

The URL for that settings page is:

https://pay.google.com/payments/u/0/home#settings

 

On that page, users can change general settings like address and payment users.

But if users want to change privacy settings, they have to go to a separate page:

https://pay.google.com/payments/u/0/home?page=privacySettings#privacySettings

 

On that screen, users can adjust all the same settings available on the other settings page, but they can also address three additional privacy settings—controlling whether Google Pay is allowed to share account information, personal information, and creditworthiness.

Here’s the full language of those three options:

-Allow Google Payment Corporation to share third party creditworthiness information about you with other companies owned and controlled by Google LLC for their everyday business purposes.

-Allow your personal information to be used by other companies owned and controlled by Google LLC to market to you. Opting out here does not impact whether other companies owned and controlled by Google LLC can market to you based on information you provide to them outside of Google Payment Corporation.

-Allow Google LLC or its affiliates to inform a third party merchant, whose site or app you visit, whether you have a Google Payments account that can be used for payment to that merchant. Opting out may impact your ability to use Google Payments to transact with certain third party merchants.

 

According to Bleeping Computer, the default of Google Pay is to enable all the above settings. In order to opt out, users have to go to the special URL that is not accessible through the navigation bar.

As the Reddit post that inspired the Bleeping Computer report claims, this discrepancy makes it appear that Google Pay is hiding its privacy options. “Google is not walking the talk when it claims to make it easy for their users to control the privacy and use of their own data,” the Redditor surmised.

A Google spokesperson told Gizmodo they’re working to make the privacy settings more accessible. “The different settings views described here are an issue resulting from a previous software update and we are working to fix this right away so that these privacy settings are always visible on pay.google.com,” the spokesperson told Gizmodo.

“All users are currently able to access these privacy settings via the ‘Google Payments privacy settings page’ link in the Google Pay privacy notice.”

In the meantime, here’s that link again for the privacy settings. Go ahead and uncheck those three boxes, if you feel so inclined.

Source: How To Find Google Pay’s Hidden Privacy Settings

Here’s hoping that my bank can set up it’s own version of Google Pay instead of integrating with it. I definitely don’t want Google or Apple getting their grubby little paws on my financial data.

create virtual cards to pay with online with Privacy

Posted on by

Protect your card details and your money by creating virtual cards at each place you spend online, or for each purchase

Create single-use cards that close themselves automatically

browser extension to create and auto-fill card numbers at checkout

Privacy Cards put the control in your hands when you make a purchase online. Business or personal, one-time or subscription, now you decide who can charge your card, how much, how often, and you can close a card any time

Source: Privacy – Smarter Payments