Daily Archives: February 23, 2023

Africa’s internet registry could fail, warns head of ARIN – dodgy fellah scheming involved

Posted on by

The African Network Information Centre (AFRINIC) has no board, no CEO, has sometimes been close to not being able to pay its staff, could fail, and other regional internet registries have therefore expressed interest in funding its ongoing activities, according to John Curran, president and CEO of the American Registry for Internet Numbers (ARIN).

Curran offered that view of AFRINIC’s affairs during a talk at the NANOG 87 event on February 14 that was posted to YouTube. In it, he explains that legal action means AFRINIC has not been able to constitute a board and has no CEO – the previous officeholder resigned in November 2022. Without a functioning board, AFRINIC can’t appoint a new leader or even conduct meetings to implement workarounds that allow it to appoint additional directors.

“That’s a bad situation,” Curran said, because “goal one of running an organization is not to lose the ability to govern the organization.”

Curran said AFRINIC is fulfilling its functions, but is “presently ungoverned” so “that kind of makes it hard to respond to court issues … because you literally don’t have anyone who can represent the organization.”

Attempts to have courts recognize temporary officers have failed.

Curran said this situation was unforeseen by those who established global internet governance services, so it is hard for entities like the Number Resource Organization – the coordinating body for the world’s Regional Internet Registries (RIRs) – to intervene.

Other RIRs have therefore offered operational financial support, Curran explained, to ensure that AFRINIC can pay its staff.

“At the present moment (i.e. this week), AFRINIC is able and paying its staff,” he said.

“But we’re kind of on a week-to-week basis with AFRINIC right now,” he added. “I’m literally telling you AFRINIC could have a significant operational failure led by governance failure or a court-led governance event that could cause it to be non-operational.”

“We hope that AFRINIC will find its way back into proper governance and be fine but we’re planning for a number of contingencies,” Curran suggested, among them how to create a new body to replace AFRINIC.

How did we get here and what’s the APNIC connection?

AFRINIC has experienced years of strife, but its current problems stem from litigation launched by an entity called Cloud Innovation Limited that was assigned several million IP addresses by the Registry.

The Registry later alleged those addresses had been misused – an accusation which Cloud Innovation contested in Mauritius – the nation in which AFRINIC is based.

That litigation is ongoing.

Lu Heng, the CEO of Cloud Innovation, has told The Register AFRINIC’s complaints are unfounded. Lu is also CEO of a Hong-Kong based IP address leasing and management company called Larus, which is a partner of Cloud Innovation. Larus is in turn connected to the Larus Foundation – an organization Lu Heng has described as “my NGO focuses on internet governance education.”

In an October 2022 talk, Curran mentioned [PDF] another source of trouble for the African registry: a “public relations campaign against AFRINIC by the Number Resource Society (NRS).”

NRS is an entity that claims to represent “everyone who has a shared interest in preserving the stability of the internet.”

The organization has taken an interest in the current elections at the Asia Pacific Network Information Centre (APNIC) by endorsing candidates for vacant executive council positions. One of those candidates is Lu Heng. Another works for Larus, and a third works for the Larus Foundation.

APNIC yesterday announced it has appointed external lawyers to consider possible code of conduct breaches by unnamed candidates.

Lu Heng responded with a post pointing out that APNIC’s chief counsel once worked at the law firm APNIC has appointed, and asserted that the choice of that firm is improper.

Interestingly, The Register has discovered that the NRS’s website once listed Larus’s Hong Kong address as its own location.

Lu Heng told The Register “Larus is a member of NRS and supports its work” but has not responded to subsequent questions about whether that support extends to providing it with premises.

The Register has since discovered a Wayback Machine snapshot of the NRS’s Contact Us page on which the written address info@nrs.help is coded as a mailto link to info@larus.foundation – the NGO Lu Heng describes as his own entity, and which shares a name with one of the companies he leads.

As the inclusion of a Larus Foundation email address suggests a link between Lu Heng and the NRS, we have asked him to explain why that address was once present on the NRS website.

We have also asked Lu if Larus staff have undertaken any work – paid or unpaid – for NRS.

He has not addressed either question in his responses.

The Register has also contacted the other NRS-endorsed candidates for the APNIC election, as well as an individual named “John Smith” identified as the organization’s press contact, and written to the info@nrs.help email address. None of those efforts have yielded a response. Calls to Mr Smith’s telephone number produce only a recorded message that connection attempts have failed and we should check the number.

If you know more, contact the author using this form. ®

Source: Africa’s internet registry could fail, warns head of ARIN • The Register

Microsoft feels free to edit websites you browse: begs people to stick to Edge on Chrome download page

Posted on by

Microsoft Edge has been spotted inserting a banner into the Chrome download page on Google.com begging people to stick with the Windows giant’s browser.

As noted this week by Neowin, an attempt to download and install Chrome Canary using Edge Canary – both experimental browser builds – led to the presentation in the Edge browser window of a banner graphic celebrating the merits of Edge.

Screenshot of Edge injecting an anti-Chrome banner ad into Chrome download page

Screenshot of Edge injecting an anti-Chrome banner ad into Google.com’s Chrome download page … Source: Chris Frantz

“Microsoft Edge runs on the same technology as Chrome, with the added trust of Microsoft,” the banner proclaims atop a button labeled “Browse securely now.”

This was on a Google web page, google.com/chrome/canary/thank-you.html, and it’s not clear how this ad surfaced. Edge appears to display the banner by itself when the user surfs to the Chrome download page on Google.com, which is just a little bit aggressive.

Microsoft did not immediately respond to a request to explain the promotion and the mechanics behind it.

The ad does not appear to have been delivered through normal ad servers based on its page placement. There’s debate among those discussing the banner online whether the ad consists of code injected by Edge into Google’s webpage, which would make it detectable and removable as part of the Document Object Model.

It has also been suggested that the ad may come from Edge as an interface element that’s stacked atop the rendered web page. We believe this is the case.

An individual familiar with browser development confirmed to The Register that he could reproduce the ad, which was said to be written in HTML but wasn’t placed “in” the page. He described the ad as its own browser window that, surprisingly, was viewable with Edge’s “Inspect” option for viewing source code.

Our source speculated the ad was implemented in a way that pushes down the “Content area” – the space where loaded web pages get rendered – to make space for a second rendering area that holds the ad.

The main content area and the ad content area do not interact with each other – they exist in separate worlds, so to speak. But the presence of the ad content area can be inferred by checking the main window’s innerHeight and outerHeight parameters.

Given two browser windows, one with the ad and one without, the main window with the ad will have an innerHeight value that’s less than a similarly sized window without the ad. The difference in the two measurements should correspond to the height of the ad content area.

Similar behavior can be found when visiting the Chrome Web Store using Microsoft Edge on macOS: the Chrome Web Store page is topped by an Edge banner that states, “Now you can add extensions from the Chrome Web Store to Microsoft Edge,” followed by a boxed button that says, “Allow extensions from other stores.”

[…]

Source: Microsoft begs people to stick to Edge after Chrome download • The Register

Wait, what the fuck is MS doing a) monitoring where I am browsing and b) changing what it looks like when I get there?!

Google’s Play Store Privacy Labels Are a ‘Total Failure:’ Study

Posted on by

[…]

“There are two main problems here,” Mozilla’s Caltrider said. “The first problem is Google only requires the information in labels to be self-reported. So, fingers crossed, because it’s the honor system, and it turns out that most labels seem to be misleading.”

Google promises to make apps fix problems it finds in the labels, and threatens to ban apps that don’t get in compliance. But the company has never provided any details about how it polices apps. Google said it’s vigilant about enforcement but didn’t give any details about its enforcement process, and didn’t respond to a question about any enforcement actions it’s taken in the past.

[…]

Of course, Google could just read the privacy policies where apps spell out these practices, like Mozilla did, but there’s a bigger issue at play. These apps may not even be breaking Google’s privacy label rules, because those rules are so relaxed that “they let companies lie,” Caltrider said.

“That’s the second problem. Google’s own rules for what data practices you have to disclose are a joke,” Caltrider said. “The guidelines for the labels make them useless.”

If you go looking at Google’s rules for the data safety labels, which are buried deep in a cascading series of help menus, you’ll learn that there is a long list of things that you don’t have to tell your users about. In other words, you can say you don’t collect data or share it with third parties, while you do in fact collect data and share it with third parties.

For example, apps don’t have to disclose data sharing it if they have “consent” to share the data from users, or if they’re sharing the data with “service providers,” or if the data is “anonymized” (which is nonsense), or if the data is being shared for “specific legal purposes.” There are similar exceptions for what counts as data collection. Those loopholes are so big you could fill up a truck with data and drive it right on through.

[…]

Source: Google’s Play Store Privacy Labels Are a ‘Total Failure:’ Study

Which goes to show again, walled garden app stores really are no better than just downloading stuff from the internet, unless you’re the owner of the walled garden and collect 30% revenue for doing basically not much.

AI-created images lose U.S. copyrights in test for new technology

Posted on by

Images in a graphic novel that were created using the artificial-intelligence system Midjourney should not have been granted copyright protection, the U.S. Copyright Office said in a letter seen by Reuters.

“Zarya of the Dawn” author Kris Kashtanova is entitled to a copyright for the parts of the book Kashtanova wrote and arranged, but not for the images produced by Midjourney, the office said in its letter, dated Tuesday.

The decision is one of the first by a U.S. court or agency on the scope of copyright protection for works created with AI, and comes amid the meteoric rise of generative AI software like Midjourney, Dall-E and ChatGPT.

The Copyright Office said in its letter that it would reissue its registration for “Zarya of the Dawn” to omit images that “are not the product of human authorship” and therefore cannot be copyrighted.

The Copyright Office had no comment on the decision.

Kashtanova on Wednesday called it “great news” that the office allowed copyright protection for the novel’s story and the way the images were arranged, which Kashtanova said “covers a lot of uses for the people in the AI art community.”

Kashtanova said they were considering how best to press ahead with the argument that the images themselves were a “direct expression of my creativity and therefore copyrightable.”

Midjourney general counsel Max Sills said the decision was “a great victory for Kris, Midjourney, and artists,” and that the Copyright Office is “clearly saying that if an artist exerts creative control over an image generating tool like Midjourney …the output is protectable.”

Midjourney is an AI-based system that generates images based on text prompts entered by users. Kashtanova wrote the text of “Zarya of the Dawn,” and Midjourney created the book’s images based on prompts.

The Copyright Office told Kashtanova in October it would reconsider the book’s copyright registration because the application did not disclose Midjourney’s role.

The office said on Tuesday that it would grant copyright protection for the book’s text and the way Kashtanova selected and arranged its elements. But it said Kashtanova was not the “master mind” behind the images themselves.

“The fact that Midjourney’s specific output cannot be predicted by users makes Midjourney different for copyright purposes than other tools used by artists,” the letter said.

Source: AI-created images lose U.S. copyrights in test for new technology | Reuters

I am not sure why they are calling this a victory, as the court is basically reiterating that what she created is hers and what an AI created cannot be copyrighted by her or by the AI itself. That’s a loss for the AI.