The Linkielist

Linking ideas with the world

The Linkielist

Category Archives: Global Domination

Open-source projects glibc and gnulib look to sever copyright ties with Free Software Foundation

Posted on by

The GNU C Library (glibc) and GNU Portability Library (gnulib) are laying the groundwork to divorce themselves from the troubled Free Software Foundation by removing the requirement for copyright assignment.

This move follows in the footsteps of the same shift by the GNU Compiler Collection (GCC) on 2 June.

Like many projects under the GNU umbrella, glibc and gnulib – the GNU Project’s C standard library and a collection of subroutines designed to ease cross-platform porting respectively – allow anyone to contribute code. Those doing so are asked to assign copyright to the Free Software Foundation – for now, at least.

[…]

“The changes to accept patches with or without FSF copyright assignment would be effective on August 2nd, and would apply to all open branches.”

[…]

Andrew Katz, managing partner and head of tech and IP at Moorcrofts Corporate Law, said of the move: “My view is that the GPL is sufficient in itself. For GPL, licence in = licence out seems to be the fairest approach from both the developers’ and the project’s perspective, and it means that, ultimately, the developers remain in control of their code.

“Recent questions about governance of the FSF (specifically, concerning RMS’s departure and reinstatement) may cause people to be concerned about the quality of that governance as regards licensing decisions. Assigning copyright to an organisation requires a significant amount of trust, and developers may understandably be concerned that trusting a third party (whether a business or a not-for-profit) presents a greater risk than retaining their own rights in the code.”

Source: Open-source projects glibc and gnulib look to sever copyright ties with Free Software Foundation • The Register

House introduces five antitrust bills targeting Apple, Google, Facebook and Amazon

Posted on by

Lawmakers in the House have introduced five new bills that would place significant limits on major tech companies, including Apple, Google, Facebook and Amazon.The proposed legislation is part of a broader effort to step up antitrust enforcement against tech giants.The bills would place new limits on the companies’ ability to acquire new business and change how they treat their own services compared with competitors.

“From Amazon and Facebook to Google and Apple, it is clear that these unregulated tech giants have become too big to care and too powerful to ever put people over profit,” Rep. Pramila Jayapal said in a statement. “By reasserting the power of Congress, our landmark bipartisan bills rein in anti-competitive behavior, prevent monopolistic practices, and restore fairness and competition while finally leveling the playing field and allowing innovation to thrive.”

The bills include:

Notably, the bills have bipartisan support, as limiting the power of big tech platforms has been a rare source of bipartisan agreement in Congress. Though the bills don’t name individual companies, the legislation could have a significant impact on Facebook, Google, Amazon and Apple, which have faced increasing scrutiny from Congress over their business practices and market dominance.

Source: House introduces five antitrust bills targeting Apple, Google, Facebook and Amazon | Engadget

Apple and Microsoft Say They Had No Idea Trump-Era DOJ Requested Data on Political Rivals

Posted on by

Apple didn’t know the Department of Justice was requesting metadata of Democratic lawmakers when it complied with a subpoena during a Trump-era leak investigation, CNBC reports. And it wasn’t the only tech giant tapped in these probes: Microsoft confirmed Friday it received a similar subpoena for a congressional staffer’s personal email account. Both companies were under DOJ gag orders preventing them from notifying the affected users for years.

These instances are part of a growing list of questionable shit the DOJ carried out under former President Donald Trump amid his crusade to crack down on government leakers. The agency also quietly went after phone and email records of journalists at the Washington Post, CNN, and the New York Times to uncover their sources, none of whom were notified until last month.

On Thursday, a New York Times report revealed that a Trump-led DOJ seized records from two Democrats on the House Intelligence Committee who were frequently targeted in the president’s tantrums: California Representatives Eric Swalwell and Adam Schiff (Schiff now chairs the committee). The subpoena extended to at least a dozen people connected to them, including aides, family members, and one minor, in an attempt to identify sources related to news reports on Trump’s contacts with Russia. All told, prosecutors found zero evidence in this seized data, but their efforts have prompted the Justice Department’s inspector general to launch an inquiry into the agency’s handling of leak investigations during the Trump administration.

[…]

Source: Apple and Microsoft Say They Had No Idea Trump-Era DOJ Requested Data on Political Rivals

European Commission Betrays Internet Users By Cravenly Introducing Huge Loophole For Copyright Companies In Upload Filter Guidance

Posted on by

As a recent Techdirt article noted, the European Commission was obliged to issue “guidance” on how to implement the infamous Article 17 upload filters required by the EU’s Copyright Directive. It delayed doing so, evidently hoping that the adviser to the EU’s top court, the Court of Justice of the European Union (CJEU), would release his opinion on Poland’s attempt to get Article 17 struck down before the European Commission revealed its one-sided advice. That little gambit failed when the Advocate General announced that he would publish his opinion after the deadline for the release of the guidance. The European Commission has finally provided its advisory document on Article 17 and, as expected, it contains a real stinker of an idea. The best analysis of what the Commission has done, and why it is so disgraceful comes from Julia Reda and Paul Keller on the Kluwer Copyright Blog. Although Article 17 effectively made upload filters mandatory, it also included some (weak) protections for users, to allow people to upload copyright material for legal uses such as memes, parody, criticism etc. without being blocked. The copyright industry naturally hates any protections for users, and has persuaded the European Commission to eviscerate them:

According to the final guidance, rightholders can easily circumvent the principle that automatic blocking should be limited to manifestly infringing uses by “earmarking” content the “unauthorised online availability of which could cause significant economic harm to them” when requesting the blocking of those works. Uploads that include protected content thus “earmarked” do not benefit from the ex-ante protections for likely legitimate uses. The guidance does not establish any qualitative or quantitative requirements for rightholders to earmark their content. The mechanism is not limited to specific types of works, categories of rightholders, release windows, or any other objective criteria that could limit the application of this loophole.

The requirements that copyright companies must meet are so weak that it is probably inevitable that they will claim most uploads “could cause significant economic harm”, and should therefore be earmarked. Here’s what happens then: before it can be posted online, every earmarked upload requires a “rapid” human review of whether it is infringing or not. Leaving aside the fact that it is very hard for legal judgements to be both “rapid” and correct, there’s also the problem that copyright companies will earmark millions of uploads (just look at DMCA notices), making it infeasible to carry out proper review. But the European Commission also says that if online platforms fail to carry out a human review of everything that is earmarked, and allow some unchecked items to be posted, they will lose their liability protection:

this means that service providers face the risk of losing the liability protections afforded to them by art. 17(4) unless they apply ex-ante human review to all uploads earmarked by rightholders as merely having the potential to “cause significant economic harm”. This imposes a heavy burden on platform operators. Under these conditions rational service providers will have to revert to automatically blocking all uploads containing earmarked content at upload. The scenario described in the guidance is therefore identical to an implementation without safeguards: Platforms have no other choice but to block every upload that contains parts of a work that rightholders have told them is highly valuable.

Thus the already unsatisfactory user rights contained in Article 17 are rendered null and void because of the impossibility of following the European Commission’s new guidance. That’s evidently the result of recent lobbying from the copyright companies, since none of this was present in previous drafts of the guidance. Not content with making obligatory the upload filters that they swore would not be required, copyright maximalists now want to take away what few protections remain for users, thus ensuring that practically all legal uses of copyright material — including memes — are likely to be automatically blocked.

The Kluwer Copyright blog post points out that this approach was not at all necessary. As Techdirt reported a couple of weeks ago, Germany has managed to come up with an implementation of Article 17 that preserves most user rights, even if it is by no means perfect. The European Commission, by contrast, has cravenly given what the copyright industry has demanded, and effectively stripped out those rights. But this cowardly move may backfire. Reda and Keller explain:

the Commission does not provide any justification or rationale why users’ fundamental rights do not apply in situations where rightholders claim that there is the potential for them to suffer significant economic harm. It’s hard to imagine that the CJEU will consider that the version of the guidance published today provides meaningful protection for users’ rights when it has to determine the compliance of the directive with fundamental rights [in the case brought by Poland]. The Commission appears to be acutely aware of this as well and so it has wisely included the following disclaimer in the introductory section of the guidance (emphasis ours):

“The judgment of the Court of Justice of the European Union in the case C-401/192 will have implications for the implementation by the Member States of Article 17 and for the guidance. The guidance may need to be reviewed following that judgment“.

In the end this may turn out to be the most meaningful sentence in the entire guidance.

It would be a fitting punishment for betraying the 450 million citizens the European Commission is supposed to serve, but rarely does, if this final overreach causes upload filters to be thrown out completely.

Source: European Commission Betrays Internet Users By Cravenly Introducing Huge Loophole For Copyright Companies In Upload Filter Guidance | Techdirt

Google to adapt its ad technology after France hands it a $267 million fine

Posted on by

Google has agreed to pay a €220 million ($267 million) fine and change its ad practices after France’s competition authority found it had abused its dominant online ad position. Following a 2019 complaint by News Corp. and French newspaper Le Figaro, France ruled that Google was favoring its own advertising services to the detriment of rivals.

[…]

In a blog post, Google explained how it planned to change its ad rules by offering publishers “increased flexibility” by improving interoperability between its ad manager and third-party ad servers. “Also, we are reaffirming that we will not limit Ad Manager publishers from negotiating specific terms or pricing directly with other sell-side platforms.”

Google’s ad division has faced scrutiny from French regulators in the past. In 2019, the watchdog fined Google €150 million ($167 million) for opaque and unpredictable advertising rules after it suspended the Google Ads account of a French company without notice. Google has also clashed with regulators and publishers in the nation over the use of snippets of content in its news section.

Source: Google to adapt its ad technology after France hands it a $267 million fine | Engadget

Apple’s tightly controlled App Store is teeming with scams

Posted on by

Apple chief executive Tim Cook has long argued it needs to control app distribution on iPhones, otherwise the App Store would turn into “a flea market.”

But among the 1.8 million apps on the App Store, scams are hiding in plain sight. Customers for several VPN apps, which allegedly protect users’ data, complained in Apple App Store reviews that the apps told users their devices have been infected by a virus to dupe them into downloading and paying for software they don’t need. A QR code reader app that remains on the store tricks customers into paying $4.99 a week for a service that is now included in the camera app of the iPhone. Some apps fraudulently present themselves as being from major brands such as Amazon and Samsung.

Of the highest 1,000 grossing apps on the App Store, nearly two percent are scams, according to an analysis by The Washington Post. And those apps have bilked consumers out of an estimated $48 million during the time they’ve been on the App Store, according to market research firm Appfigures. The scale of the problem has never before been reported. What’s more, Apple profits from these apps because it takes a cut of up to a 30 percent of all revenue generated through the App Store. Even more common, according to The Post’s analysis, are “fleeceware” apps that use inauthentic customer reviews to move up in the App Store rankings and give apps a sense of legitimacy to convince customers to pay higher prices for a service usually offered elsewhere with higher legitimate customer reviews.

Two-thirds of the 18 apps The Post flagged to Apple were removed from the App Store.

[…]

Apple has long maintained that its exclusive control of the App Store is essential to protecting customers, and it only lets the best apps on its system. But Apple’s monopoly over how consumers access apps on iPhones can actually create an environment that gives customers a false sense of safety, according to experts. Because Apple doesn’t face any major competition and so many consumers are locked into using the App Store on iPhones, there’s little incentive for Apple to spend money on improving it, experts say.

[…]

Apple unwittingly may be aiding the most sophisticated scammers by eliminating so many of the less competent ones during its app review process, said Miles, who co-authored a paper called “The Economics of Scams.”

[…]

Apple has argued that it is the only company with the resources and know-how to police the App Store. In the trial that Epic Games, the maker of the popular video game “Fortnite,” brought against Apple last month for alleged abuse of its monopoly power, Apple’s central defense was that competition would loosen protections against unwanted apps that pose security risks to customers. The federal judge in the case said she may issue a verdict by August.

The prevalence of scams on Apple’s App Store played a key role at trial. Apple’s lawyers were so focused on the company’s role in making the App Store safe that Epic’s attorneys accused them of trying to scare the court into a ruling in favor of Apple. In other internal emails unearthed during trial that date as far back as 2013, Apple’s Phil Schiller, who runs the App Store, expressed dismay when fraudulent apps made it past App Store review.

After a rip-off version of the Temple Run video game became the top-rated app, according to Schiller’s email exchange, he sent an irate message to two other Apple executives responsible for the store. “Remember our talking about finding bad apps with low ratings? Remember our talk about becoming the ‘Nordstroms’ of stores in quality of service? How does an obvious rip off of the super popular Temple Run, with no screenshots, garbage marketing text, and almost all 1-star ratings become the #1 free app on the store?” Schiller asked his team. “Is no one reviewing these apps? Is no one minding the store?” Apple declined to make Schiller available to comment. At trial, Schiller defended the safety of the app store on the stand. The app review process is “the best way we could come up with … to make it safe and fair.”

Eric Friedman, head of Apple’s Fraud Engineering Algorithms and Risk unit, or FEAR, said that Apple’s screening process is “more like the pretty lady who greets you with a lei at the Hawaiian airport than the drug sniffing dog,” according to a 2016 internal email uncovered during the Epic Games trial. Apple employs a 500-person App Review team, which sifts through submissions from developers. “App Review is bringing a plastic butter knife to a gun fight,” Friedman wrote in another email.

[…]

Though the App Store ratings section is filled with customer complaints referring to apps as scams, there is no way for Apple customers to report this to Apple, other than reaching out to a regular Apple customer service representative. Apple used to have a button, just under the ratings and reviews section in the App Store, that said “report a problem,” which allowed users to report inappropriate apps. Based on discussions among Apple customers on Apple’s own website, the feature was removed some time around 2016.

[…]

 

Source: Apple’s tightly controlled App Store is teeming with scams – Anchorage Daily News

Apple settles with student after authorized repair workers leaked her naked pics to her Facebook page. Apple blocks Right to repair for danger by unauthorised parties. Hmm.

Posted on by

Apple has paid a multimillion-dollar settlement to an unnamed Oregon college student after one of its outsourced repair facilities posted explicit pictures and videos of her to her Facebook page.

According to legal documents obtained by The Telegraph, the incident occurred in 2016 at a Pegatron-owned repair centre in Sacramento, California. The student had mailed in her device to have an unspecified fault fixed.

While it was at the facility, two technicians published a series of photographs showing the complainant unclothed to her Facebook account, as well as a “sex video.” The complaint said the post was made in a way that impersonated the victim, and was only removed after friends informed her of its existence.

The two men responsible were fired after an investigation. It is not known if the culprits faced criminal charges.

Much of the details of the case, as well as the exact size of the settlement, were sealed. Lawyers for the plaintiff sought a $5m payout. The settlement included non-disclosure provisions that prevented the student from revealing details about the case, or the exact size of the compensation.

Counsel for the victim threatened to sue for infliction of emotional distress, as well as invasion of privacy. The filings show they warned Apple that any lawsuit would result in inevitable negative publicity for the company.

Pegatron settled with the victim separately, per the filings.

In its fight against the right to repair, Apple has argued that allowing independent third-party businesses to service its computers and smartphones would present an unacceptable risk to user privacy and security.

This incident, which occurred at the facilities of an authorised contractor, has undercut that argument somewhat.

It follows a similar incident in November 2019, where a Genius Bar employee texted himself an explicit image taken from an iPhone he was repairing. After the victim complained, the employee was fired.

[…]

Source: Apple settles with student after authorized repair workers leaked her naked pics to her Facebook page • The Register

Bing Censors Image Search for ‘Tank Man’ Even in US

Posted on by

Bing, the search engine owned by Microsoft, is not displaying image results for a search for “Tank man,” even when searching from the United States. The apparent censorship comes on the anniversary of China’s violent crackdown on protests in Tiananmen Square in 1989.

“There are no results for tank man,” the Bing website reads after searching for the term. “Tank man” relates to the infamous image of a single protester standing in front of a line of Chinese tanks during the crackdown.

China censors and blocks distribution of discussion of tank man and Tiananmen Square more generally. This year, anniversary events in Hong Kong have dwindled in size after authorities banned a vigil.

tankman.png

Image: A screenshot of the search results.

Bing displays ordinary, non-image search results for tank man when searching from a U.S. IP address; the issue only impacts the images and videos tabs. Google, for its part, displays both when connecting from the same IP address.

[…]

Source: Bing Censors Image Search for ‘Tank Man’ Even in US

Google, Facebook, Chaos Computer Club join forces to oppose German state spyware

Posted on by

Plans by the German government to allow the police to deploy malware on any target’s devices, and force the tech world to help them, has run into some opposition, funnily enough.

In an open letter this month, the Chaos Computer Club – along with Google, Facebook, and others – said they are against proposals to dramatically expand the use of so-called state trojans, aka government-made spyware, in Germany. Under planned legislation, even people not suspected of committing a crime can be infected, and service providers will be forced to help. Plus all German spy agencies will be allowed to infiltrate people’s electronics and communications.

The proposals bypass the whole issue of backdooring or weakening encryption that American politicians seem fixated on. Once you have root access on a person’s computer or handheld, the the device can be an open book, encryption or not.

“The proposals are so absurd that all of the experts invited to the committee hearing in the Bundestag sharply criticized the ideas,” the CCC said.

“Even Facebook and Google – so far not positively recognized as pioneers of privacy – speak out vehemently against the project. Protect security and trust online – against an unlimited expansion of surveillance and for the protection of encryption.”

Source: Google, Facebook, Chaos Computer Club join forces to oppose German state spyware • The Register

Google reportedly made it harder to find Android privacy settings

Posted on by

Google’s approach to Android privacy is coming under fire following revelations from Arizona’s antitrust lawsuit over phone tracking. As Insider reports, freshly unredacted documents in the case suggest Google made Android privacy settings harder to find. When Google tested OS releases that surfaced privacy features, the company reportedly saw greater use of those features as a “problem” and aimed to put them deeper into the menu system.

The tech giant also “successfully pressured” phone brands like LG to bury location settings as they were popular, according to Arizona’s attorneys. Google personnel further acknowledged that it was difficult to stop the company from determining your home and work locations, and complained that there was “no way” to give third-party apps your location without also handing them to Google.

[…]

Source: Google reportedly made it harder to find Android privacy settings | Engadget

WhatsApp Won’t Limit Functionality if You Refuse Privacy Policy – for now. But it will pester you about it.

Posted on by

WhatsApp initially threatened to revoke core functions for users that refused to accept its controversial new privacy policy, only to walk back the severity of those consequences earlier this month amid international backlash, and now, it’s doing away with them altogether (for the time being, at least).

In a reversal, the company clarified on Friday that it won’t restrict any functionality even if you haven’t accepted the app’s updated privacy policy yet, TNW reports.

“Given recent discussions with various authorities and privacy experts, we want to make clear that we will not limit the functionality of how WhatsApp works for those who have not yet accepted the update,” a WhatsApp spokesperson said in a statement to the Verge. They added that this is the plan moving forward indefinitely.

In an update to the company’s FAQ page, WhatsApp clarifies that no users will have their accounts deleted or lose functionality if they don’t accept the new policies. That being said, WhatsApp will still send these users reminders to update “from time to time,” WhatsApp told the Verge. On its support page, WhatsApp claims that the majority of users who have seen the update have accepted.

Source: WhatsApp Won’t Limit Functionality if You Refuse Privacy Policy

Creepy Social Media Face Stealing firm Clearview hit with complaints in France, Austria, Italy, Greece and the UK

Posted on by

Data rights groups have filed complaints in the UK, France, Austria, Greece and Italy against Clearview AI, claiming its scraped and searchable database of biometric profiles breaches both the EU and UK General Data Protection Regulation (GDPR).

The facial recognition company, which is based in the US, claims to have “the largest known database of 3+ billion facial images”. Clearview AI’s facial recognition tool is trained on images harvested from YouTube, Facebook, Twitter and attempts to match faces fed into its machine learning software with results from its multi-billion picture database. The business then provides a link to the place it found the “match”.

Google, Twitter, Facebook and even Venmo all sent cease and desist letters to Clearview AI last year asking that it stop scraping people’s photos from their websites. The firm’s CEO defended its business model at the time by saying: “Google can pull in information from all different websites. So if it’s public and it’s out there and could be inside Google’s search engine, it can be inside ours as well.”

The US firm was sued last year by the American Civil Liberties Union. The ACLU also sued the US Department of Homeland Security and its law enforcement agencies last month for failing to respond to Freedom of Information Act requests about their use of Clearview’s tech.

[…]

Back in January this year, [PDF], Chaos Computer Club member Matthias Marx managed to get Clearview to delete the hash value representing his biometric profile – although not the actual images or metadata – after filing a complaint with the Hamburg data protection authorities.

The decision by the Hamburg DPA was that Clearview AI had added his biometric profile to its searchable database without his knowledge or consent. It did not order the deletion of the photographs, however.

“It is long known that Clearview AI has not only me, but many, probably thousands of Europeans in its illegal face database. An order by the European data protection authorities to remove the faces of all Europeans is long overdue,” Marx told The Reg via email. “It is not a solution that every person has to file [their] own complaint.”

[…]

 

Source: Facial recog firm Clearview hit with complaints in France, Austria, Italy, Greece and the UK • The Register

The New Sonos One SL Reminds Us That Smart Devices Have a Shelf Life, forces you to spying S2 update

Posted on by

[…]

if you’re thinking of buying a new One SL, you ought to keep in mind that it’ll only work with the newer Sonos S2 app.

This won’t be a problem for every Sonos owner, especially if you bought all your Sonos devices in the past year or two. It might be an issue, however, if you’re still operating a mix of newer and older Sonos hardware. Namely, the “legacy” Sonos products that were “killed off” last year. Those legacy gadgets will only work with the S1 app, and although Sonos committed to providing updates for these devices, controlling a mix of legacy and current Sonos gadgets isn’t possible on the S2 app.

[…]

Source: The New Sonos One SL Reminds Us That Smart Devices Have a Shelf Life

You can’t roll back from the old update which basically only seems to add rounded corners to backgrounds and break in dark mode – except that you allow Sonos to spy on you through the built in microphone with S2.

Redditors Launch A ‘Rescue Mission’ For Embattled Sci-Hub, With The Ultimate Aim Of Building A Decentralized Version

Posted on by

Techdirt has just written about belated news that the FBI gained access two years ago to the Apple account of Alexandra Elbakyan, the founder of Sci-Hub. This is part of a continuing attempt to stop the widespread sharing of academic papers, mostly paid for by the public, and currently trapped behind expensive paywalls. You might think somebody helping scholars spread their work to a wider audience would be rewarded with prizes and grants, not pursued by the FBI and DOJ. But of course not, because, well, copyright. It’s easy to feel angry but helpless when confronted with this kind of bullying by publishing giants like Elsevier, but a group of publicly spirited Redditors aim to do something about it:

It’s time we sent Elsevier and the USDOJ a clearer message about the fate of Sci-Hub and open science: we are the library, we do not get silenced, we do not shut down our computers, and we are many.

They have initiated what they term a “Rescue Mission for Sci-Hub”, in order to prepare for a possible shutdown of the site:

A handful of Library Genesis seeders are currently seeding the Sci-Hub torrents. There are 850 scihub torrents, each containing 100,000 scientific articles, to a total of 85 million scientific articles: 77TB. This is the complete Sci-Hub database. We need to protect this.

The Redditors are calling for “85 datahoarders to store and seed 1TB of articles each, 10 torrents in total”. The idea is to download 10 random torrents, then seed them for as long as possible. Once enough people start downloading random torrents using these seeds, the Sci-Hub holdings will be safe. That would then lead to the “final wave”:

Development for an open source Sci-Hub. freereadorg/awesome-libgen is a collection of open source achievements based on the Sci-Hub and Library Genesis databases. Open source de-centralization of Sci-Hub is the ultimate goal here, and this begins with the data, but it is going to take years of developer sweat to carry these libraries into the future.

The centralized nature of Sci-Hub is certainly its greatest weakness, since it provides publishers with just a few targets to aim for, both legally and technically. A truly decentralized version would solve that problem, but requires a lot of work, as the Reddit post notes. Still, at least this “rescue plan” means people can do something practical to help Sci-Hub; sadly, protecting Elbakyan is harder.

Source: Redditors Launch A ‘Rescue Mission’ For Embattled Sci-Hub, With The Ultimate Aim Of Building A Decentralized Version | Techdirt

Pentagon Surveilling Americans Without a Warrant, Senator Reveals

Posted on by

Senator Wyden’s office asked the Department of Defense (DoD), which includes various military and intelligence agencies such as the National Security Agency (NSA) and the Defense Intelligence Agency (DIA), for detailed information about its data purchasing practices after Motherboard revealed special forces were buying location data. The responses also touched on military or intelligence use of internet browsing and other types of data, and prompted Wyden to demand more answers specifically about warrantless spying on American citizens.

Some of the answers the DoD provided were given in a form that means Wyden’s office cannot legally publish specifics on the surveillance; one answer in particular was classified. In the letter Wyden is pushing the DoD to release the information to the public.

[…]

“Are any DoD components buying and using without a court order internet metadata, including ‘netflow’ and Domain Name System (DNS) records,” the question read, and asked whether those records were about “domestic internet communications (where the sender and recipient are both U.S. IP addresses)” and “internet communications where one side of the communication is a U.S. IP address and the other side is located abroad.”

Netflow data creates a picture of traffic flow and volume across a network. DNS records relate to when a user looks up a particular domain, and a system then converts that text into the specific IP address for a computer to understand; essentially a form of internet browsing history.

Wyden’s new letter to Austin urging the DoD to release that answer and others says “Information should only be classified if its unauthorized disclosure would cause damage to national security. The information provided by DoD in response to my questions does not meet that bar.”

[…]

“Other than DIA, are any DoD components buying and using without a court order location data collected from phones located in the United States?” one of Wyden’s questions reads. The answer to that is one that Wyden is urging the DoD to release.

The DIA memo said the agency believes it does not require a warrant to obtain such information. Following this, Wyden also asked the DoD which other DoD components have adopted a similar interpretation of the law. One response said that each component is itself responsible to make sure they follow the law.

Wyden is currently proposing a new piece of legislation called The Fourth Amendment Is Not For Sale Act which would force some agencies to obtain a warrant for location and other data.

[…]

Source: Pentagon Surveilling Americans Without a Warrant, Senator Reveals

Facebook Ordered to Stop German WhatsApp Users’ Data Collection

Posted on by

Facebook Inc. was ordered to stop collecting German users’ data from its WhatsApp unit, after a regulator in the nation said the company’s attempt to make users agree to the practice in its updated terms isn’t legal.

Johannes Caspar, who heads Hamburg’s privacy authority, issued a three-month emergency ban, prohibiting Facebook from continuing with the data collection. He also asked a panel of European Union data regulators to take action and issue a ruling across the 27-nation bloc. The new WhatsApp terms enabling the data scoop are invalid because they are intransparent, inconsistent and overly broad, he said.

“The order aims to secure the rights and freedoms of millions of users which are agreeing to the terms Germany-wide,” Caspar said in a statement on Tuesday. “We need to prevent damage and disadvantages linked to such a black-box-procedure.”

The order strikes at the heart of Facebook’s business model and advertising strategy. It echoes a similar and contested step by Germany’s antitrust office attacking the network’s habit of collecting data about what users do online and merging the information with their Facebook profiles. That trove of information allows ads to be tailored to individual users — creating a cash cow for Facebook.

Facebook’s WhatsApp unit called Caspar’s claims “wrong” and said the order won’t stop the roll-out of the new terms. The regulator’s action is “based on a fundamental misunderstanding” of the update’s purpose and effect, the company said in an emailed statement.

Read more: Facebook Faces German Bid to Halt WhatsApp Data Collection

The U.S. tech giant has faced global criticism over the new terms that WhatsApp users are required to accept by May 15. Caspar said Facebook may already be wrongfully handling data and said it’s important to prevent misuse of the information to influence the German national election in September.

Source: Facebook Ordered to Stop German WhatsApp Users’ Data Collection – Bloomberg

Justice Department Quietly Seized Washington Post Reporters’ Phone Records During Trump Era

Posted on by

The Department of Justice quietly seized phone records and tried to obtain email records for three Washington Post reporters, ostensibly over their coverage of then-U.S. Attorney General Jeff Sessions and Russia’s role in the 2016 presidential election, according to officials and government letters reviewed by the Post.

Justice Department regulations typically mandate that news organizations be notified when it subpoenas such records. However, though the Trump administration OK’d the decision, officials apparently left the notification part for the Biden administration to deal with. I guess they just never got around to it. Probably too busy inspiring an insurrection and trying to overthrow the presidential election.

In three separate letters dated May 3 addressed to reporters Ellen Nakashima, Greg Miller, and former reporter Adam Entous, the Justice Department wrote they were “hereby notified that pursuant to legal process the United States Department of Justice received toll records associated with the following telephone numbers for the period from April 15, 2017 to July 31, 2017,” according to the Post. Listed were Miller’s work and cellphone numbers, Entous’ cellphone number, and Nakashima’s work, cellphone, and home phone numbers. These records included all calls to and from the phones as well as how long each call lasted but did not reveal what was said.

According to the letters, the Post reports that prosecutors also secured a court order to seize “non content communications records” for the reporters’ email accounts, which would disclose who emailed whom and when the emails were sent but not their contents. However, officials ultimately did not obtain these records, the outlet said.

[…]

“We are deeply troubled by this use of government power to seek access to the communications of journalists,” said the Post’s acting executive editor Cameron Barr. “The Department of Justice should immediately make clear its reasons for this intrusion into the activities of reporters doing their jobs, an activity protected under the First Amendment.”

Frustratingly, the letters apparently don’t go into why the Department of Justice seized this data. A department spokesperson told the outlet that the decision to do so was made in 2020 during the Trump administration. (It’s worth noting that former President Donald Trump has made it crystal clear that he despises news media and the government leakers that provide them their scoops.)

Based on the time period cited in the letters and what the reporters covered during those months, the Post speculates that their investigations into Sessions and Russian interference could be why the department wanted to get its hands on their phone data.

[…]

Source: Justice Department Quietly Seized Washington Post Reporters’ Phone Records During Trump Era

WhatsApp’s privacy policy – not accepting will slowly kill your functionality and then delete your history

Posted on by

After facing international backlash over impending updates to its privacy policy, WhatsApp has ever-so-slightly backtracked on the harsh consequences it initially planned for users who don’t accept them—but not entirely.

In an update to the company’s FAQ page, WhatsApp clarifies that no users will have their accounts deleted or instantly lose app functionality if they don’t accept the new policies. It’s a step back from what WhatsApp had been telling users up until this point. When this page was first posted back in February, it specifically told users that those who don’t accept the platform’s new policies “won’t have full functionality” until they do. The threat of losing functionality is still there, but it won’t be automatic.

“For a short time, you’ll be able to receive calls and notifications, but won’t be able to read or send messages from the app,” WhatsApp wrote at the time. While the deadline to accept was initially early February, the blowback the company got from, well, just about everyone, caused the deadline to be postponed until May 15—this coming Saturday.

After that, folks that gave the okay to the new policy won’t notice any difference to their daily WhatsApp experience, and neither will the people that didn’t—at least at first. “After a period of several weeks, the reminder [to accept] people receive will eventually become persistent,” WhatsApp wrote, adding that users getting these “persistent” reminders will see their app stymied pretty significantly: For a “few weeks,” users won’t be able to access their chat lists, but will be able to answer incoming phone and video calls made over WhatsApp. After that grace period, WhatsApp will stop sending messages and calls to your phone entirely (until you accept).

[…]

It’s worth mentioning here that if you keep the app installed but still refuse to accept the policy for whatever reason, WhatsApp won’t outright delete your account because of that. That said, WhatsApp will probably delete your account due to “inactivity” if you don’t connect for 120 days, as is WhatsApp policy.

[…]

While the company has done the bare minimum in explaining what this privacy policy update actually means, the company hasn’t done much to assuage the concerns of lawyers, lawmakers, or really anyone else. And it doesn’t look like these new “reminders” will put them at ease, either.

Source: WhatsApp’s New Update: What It Means for Your Account

Lone Developer Stands Up To Grand Theft Auto DMCA Claim, Wins – reverse engineered  code the original code

Posted on by

Earlier this year fans reversed engineered the source code to Grand Theft Auto III and Grand Theft Auto: Vice City. They released it to the web, but Grand Theft Auto copyright holder Take-Two pulled it offline via a DMCA claim. But one fan stood up to the publisher and has now succeeded in getting the reverse-engineered source code back online.

Deriving the source code through reverse-engineering was a huge milestone for the GTA hacking scene. Players would still need the original game assets to run either classic GTA title, but with accessible source code, modders and devs could begin porting the game to new platforms or adding new features. That’s exactly what’s happened this past year with Super Mario 64.

A week after the code went public on GitHub, Rockstar’s parent company, Take-Two Interactive, issued a DMCA takedown claiming that the reversed-engineered source code contained “copyrighted materials owned by Take-Two.” GitHub pulled the fan-derived code and all its related forks.

However, as TorrentFreak reports, a New Zealand-based developer named Theo, who maintained a fork of the removed code, didn’t agree with Take-Two’s claims and pushed back, filing their own counter-notice with GitHub last month. This counter-claim seems to have succeeded, as GitHub’s made the fan-derived source code available to download once more.

Theo explained in their counter-claim that the code didn’t, in fact, contain any original work created or owned by Take-Two Interactive, so it should not have been removed. They filed their claim last month after Take-Two removed over 200 forks of the reversed source, all built off of the original reversed-engineered code. That original repository and all the rest remain unavailable, as only Theo’s fork was restored by the DMCA counter-claim.

Grand Theft Auto III
Grand Theft Auto III
Screenshot: Rockstar Games

In an interview with TorrentFreak, the dev explained that he believes Take-Two’s DCMA claim is “wholly incorrect” and that the publisher has “no claim to the code” because while it functions like the original source code that went into GTA III and Vice City, it is not identical.

While it might seem like GitHub has taken a side and decided that Take-Two was wrong, this isn’t accurate. DMCA rules state that content that is disputed must be restored within 14 days of a counter-notice being received. At this point, if Take-Two wants the source code removed again, it would become a legal battle. Theo says he understands the legal risk he faces, but doesn’t expect the publisher to pursue this to court any time soon.

While it’s possible Take-Two could challenge Theo’s counter-claim in court at a later date, this is still a nice win for the Grand Theft Auto III and Vice City modding scene. It’s also another reminder that modders, pirates, and fan developers are often the only ones doing the work to keep old games around in an easily playable form.

Source: Lone Developer Stands Up To Grand Theft Auto DMCA Claim, Wins

What3Words sent a legal threat to a security researcher for sharing a better open-source alternative, turns into a Striesand

Posted on by

A U.K. company behind digital addressing system What3Words has sent a legal threat to a security researcher for offering to share an open-source software project with other researchers, which What3Words claims violate its copyright.

Aaron Toponce, a systems administrator at XMission, received a letter on Thursday from London-based law firm JA Kemp representing What3Words, requesting that he delete tweets related to the open-source alternative, WhatFreeWords. The letter also demands that he disclose to the law firm the identity of the person or people with whom he had shared a copy of the software, agree that he would not make any further copies of the software and to delete any copies of the software he had in his possession.

The letter gave him until May 7 to agree, after which What3Words would “waive any entitlement it may have to pursue related claims against you,” a thinly-veiled threat of legal action.

“This is not a battle worth fighting,” he said in a tweet. Toponce told TechCrunch that he has complied with the demands, fearing legal repercussions if he didn’t. He has also asked the law firm twice for links to the tweets they want deleting but has not heard back. “Depending on the tweet, I may or may not comply. Depends on its content,” he said.

U.K.-based What3Words divides the entire world into three-meter squares and labels each with a unique three-word phrase. The idea is that sharing three words is easier to share on the phone in an emergency than having to find and read out their precise geographic coordinates.

But security researcher Andrew Tierney recently discovered that What3Words would sometimes have two similarly-named squares less than a mile apart, potentially causing confusion about a person’s true whereabouts. In a later write-up, Tierney said What3Words was not adequate for use in safety-critical cases.

It’s not the only downside. Critics have long argued that What3Words’ proprietary geocoding technology, which it bills as “life-saving,” makes it harder to examine it for problems or security vulnerabilities.

Concerns about its lack of openness in part led to the creation of the WhatFreeWords. A copy of the project’s website, which does not contain the code itself, said the open-source alternative was developed by reverse-engineering What3Words. “Once we found out how it worked, we coded implementations for it for JavaScript and Go,” the website said. “To ensure that we did not violate the What3Words company’s copyright, we did not include any of their code, and we only included the bare minimum data required for interoperability.”

But the project’s website was nevertheless subjected to a copyright takedown request filed by What3Words’ counsel. Even tweets that pointed to cached or backup copies of the code were removed by Twitter at the lawyers’ requests.

Toponce — a security researcher on the side — contributed to Tierney’s research, who was tweeting out his findings as he went. Toponce said that he offered to share a copy of the WhatFreeWords code with other researchers to help Tierney with his ongoing research into What3Words. Toponce told TechCrunch that receiving the legal threat may have been a combination of offering to share the code and also finding problems with What3Words.

In its letter to Toponce, What3Words argues that WhatFreeWords contains its intellectual property and that the company “cannot permit the dissemination” of the software.

Regardless, several websites still retain copies of the code and are easily searchable through Google, and TechCrunch has seen several tweets linking to the WhatFreeWords code since Toponce went public with the legal threat. Tierney, who did not use WhatFreeWords as part of his research, said in a tweet that What3Words’ reaction was “totally unreasonable given the ease with which you can find versions online.”

[…]

Source: What3Words sent a legal threat to a security researcher for sharing an open-source alternative | TechCrunch

TV maker Skyworth under fire for excessive data collection that users call spying whilst China clamps down on user tracking

Posted on by

Chinese television maker Skyworth has issued an apology after a consumer found that his set was quietly collecting a wide range of private data and sending it to a Beijing-based analytics company without his consent.

A network traffic analysis revealed that a Skyworth smart TV scanned for other devices connected to the same local network every 10 minutes and gathered data that included device names, IP addresses, network latency and even the names of other Wi-Fi networks within range, according to a post last week on the Chinese developer forum V2EX.

The data was sent to the Beijing-based firm Gozen Data, the forum user said. Gozen is a data analytics company that specialises in targeted advertising on smart TVs, and it calls itself China‘s first “home marketing company empowered by big data centred on family data”.

[…]

“Isn’t this already the criminal offence of spying on people?” asked one user on Sina.com, a Chinese financial news portal. “Whom will the collected data be sold to, and who is the end user of this data?”

The reaction online eventually prompted Skyworth to respond.

The Shenzhen-based TV and set-top box maker issued a statement on April 27, saying it had ended its “cooperation” with Gozen and demanded the firm delete all its “illegally” collected data. Skyworth also said it had stopped using the Gozen app on its televisions and was looking into the issue.

Gozen issued a statement on its website on the same day, saying its Gozen Data Android app could be disabled on Skyworth TVs, but it did not address the likelihood that users would be aware of this functionality. The company also apologised for “causing user concerns about privacy and security”.

On its official WeChat account, Gozen said in a post from 2019 that it has been working with Skyworth since 2014. Its latest post, which included its apology, said the company collected data for viewership research that includes “television ratings for households and individuals, viewership analysis, advertising analysis and optimisation”. Neither company provided information on the scope and depth of the data collection.

[…]

The revelations about Skyworth and Gozen come amid a national crackdown on the rampant collection and use of user data. Beijing recently introduced new regulations for protecting personal data and curbing its collection through mobile apps.

New rules introduced in March

define for the first time

personal information considered “necessary” for apps in 39 different categories, including messaging and e-commerce. Users should be able to decline to provide data that is not necessary for an app to function, according to the new rules. Users of live-streaming and short-video apps, for example, should be able to use such apps without providing any personal information.

[…]

There have been no reports that Skyworth or Gozen are being investigated. Still, the disclosure and corporate statements have fanned fears among users in China, where Skyworth was the third biggest TV brand by sales volume in 2020, behind

Xiaomi

and

Hisense

, making up more than 13 per cent of the market. Globally, the company was the fifth-largest TV maker, according to data from Trendforce, behind Samsung Electronics, LG Electronics, TCL and Hisense.

Source: Chinese TV maker Skyworth under fire for excessive data collection that users call spying | South China Morning Post

People rebel against WiFi Tracking in Maassluis with Robin Hood action

Posted on by

A resident of Maassluis registered the Mac addresses of 54,000 smartphones and passed them on to an opt-out register. The action of the “Robin 2.4Ghz Hood” keeps all these phone owners out of the municipality’s Wi-Fi tracking.

The promotion is intended to protect the privacy of the residents of Maassluis. The man behind the initiative, Jerry Hopper, also exposed a privacy leak in the neighborhood app Nextdoor in 2019.

Hopper’s current action is against the municipality’s plan to count visits to the center by April 2021 by registering the unique ID codes of WiFi transmitters (MAC addresses). Anyone who does not want that, says Maassluis, should switch off the Wi-Fi antenna of his phone. According to the technical blogger, that is the other way around, because European privacy rules are opt-in. Don’t opt ​​out.

For a few weeks now, the resident of the city has therefore been measuring the MAC addresses of cars that pass his house. “Knowing that I am also violating the privacy law with this plan, I feel like a kind of Robin Hood in the shadowy realm of data collectors. As far as possible, I have tried to use the same techniques. There is even an opt-out. We anonymize the mac address “on the sensor” by hashing it 2x, and “cutting off” part of the hash. ”

The purpose of the action: “If the hash does not exist, we will send the MAC over a secure connection to the MOA opt-out register.” That register called Wifi Me Niet is the place where people can extract the address of their phone, tablet and computer from the measurement. That is a private initiative.

The more than fifty thousand mac addresses collected by Hopper are more than the thirty thousand inhabitants of his city, he explains on his blog.

“Another question is: how long will it remain technically possible to send unlimited mac addresses to the opt-out register. I am also very curious about how the mac addresses sent by this project are handled if they notice that they have been added via an automated process. Would they be removed? ”

The municipality of Maassluis is not alone in measuring visits to its city center by counting Wi-Fi antennas. Enschede is doing the same. For that, however, the municipality was fined six hundred thousand euros on Wednesday. Research by the Dutch Data Protection Authority showed that the privacy of citizens was not properly guaranteed. They could be tracked without it being necessary.

In Enschede, it was technical politician Dave Borghuis who put the city on fire with his Wi-Fi move.

Municipalities cannot be surprised by the popular slap on the fingers. The Dutch Data Protection Authority already warned shops and municipalities in June 2016 that they must have a legal basis for tracking citizens.

Enschede does not agree with the decision and says it will object to the decision.


Source: Burgerverzet tegen wifi-tracking in Maassluis – Emerce

Covid-19 Vaccine Crisis Shows Intellectual Property Dangers

Posted on by

Virologist and medical researcher Jonas Salk developed a successful polio vaccine that was approved in 1955, helping the world all but eradicate the disease.

When the late journalist Edward Murrow asked Salk who owned that vaccine’s patent, he famously responded, “Could you patent the sun?” It was in large part his commitment to keeping the jab’s recipe open-source that vaccines were produced globally and millions around the world were able to get it.

As the covid-19 health crisis unfolds, multinational pharmaceutical corporations like Moderna and Pfizer have taken a different approach. Their tight hold on the technology for their covid-19 vaccines has made them billions of dollars. While these strict intellectual property laws protections have allowed the rich to get even richer, they’ve put a damper on efforts to manufacture vaccines at scale. And with supply limited, the U.S. and other rich nations have engaged in bilateral negotiations with pharmaceutical corporations and hoarded all the doses they can, leaving poor nations in the dust.

The loss of life and suffering sparked by these strict patent protections are a major warning sign for our climate future. To avert environmental catastrophe, everyone needs access to clean energy. Intellectual property law could get in the way of that. And in the end, we could all suffer the consequences of a clean energy apartheid.

[…]

At its general council meeting next week, the World Trade Organization has the opportunity to help staunch the spread of covid-19 by waiving some protections on covid-19 vaccines developed by Moderna and Pfizer under the Trade-Related Aspects of Intellectual Property Rights Agreement. More than 100 nations, including India, have urged it to do. The Biden administration is reportedly considering endorsing this move, though then again, it’s been reportedly “considering” it for months.

This isn’t just something World Trade Organization negotiators should do out of the goodness of their hearts—though it absolutely is that, assuming they have hearts. Failing to do so could result in variants that bypass vaccines, which could harm those lucky enough to have gotten the shot and send the world economy back into a tailspin.

“As the pandemic ravages the Global South, what are wealthy northern countries going to do? Just completely ban all contact with poorer countries? It won’t work,” said Basav Sen, climate justice project director at the Institute for Policy Studies. “It is extremely short-sighted to push this kind of logic of intellectual property and corporate profit over what is clearly a prominent threat for all of humanity.”

[…]

Source: Covid-19 Vaccine Crisis Shows Intellectual Property Dangers

Court Chides F.B.I., but Re-Approves Warrantless Surveillance Program

Posted on by

For a second year, the nation’s surveillance court has pointed with concern to “widespread violations” by the F.B.I. of rules intended to protect Americans’ privacy when analysts search emails gathered without a warrant — but still signed off on another year of the program, a newly declassified ruling shows.

In a 67-page ruling issued in November and made public on Monday, James E. Boasberg, the presiding judge on the Foreign Intelligence Surveillance Court, recounted several episodes uncovered by an F.B.I. audit where the bureau’s analysts improperly searched for Americans’ information in emails that the National Security Agency collected without warrants.

Rather than a new problem, however, those instances appeared largely to be additional examples of an issue that was already brought to light in a December 2019 ruling by Judge Boasberg. The government made it public in September.

The F.B.I. has already sought to address the problem by rolling out new system safeguards and additional training, although the coronavirus pandemic has hindered the bureau’s ability to assess how well they are working. Still, Judge Boasberg said he was willing to issue a legally required certification for the National Security Agency’s warrantless surveillance program to operate for another year.

“While the court is concerned about the apparent widespread violations of the querying standard,” Judge Boasberg wrote, “it lacks sufficient information at this time to assess the adequacy of the F.B.I. system changes and training, post-implementation.”

Because of that, he added, the court concluded that “the F.B.I.’s querying and minimization procedures meet statutory and Fourth Amendment requirements.”

[…]

Source: Court Chides F.B.I., but Re-Approves Warrantless Surveillance Program – The New York Times

Study finds GAEN Google Apple contact tracing apps allow user + contact location tracking. NL stops use of tracking app.

Posted on by

A study describes the data transmitted to backend servers by the Google/Apple based contact tracing (GAEN) apps in use in Germany, Italy, Switzerland, Austria, and Denmark and finds that the health authority client apps are generally well-behaved from a privacy point of view, although the Irish, Polish, Danish, and Latvian apps could be improved in this respect. However, the study also finds that the Google Play Services component of the apps contacts Google servers as often as every 20 minutes, potentially enabling fine-grained location tracking. Google Play Services, which users cannot turn off if they want to use the contact tracing app, also shares numerous details – serial numbers of SIM cards and hardware, phone IMEI, MAC address, and user email address with Google, along with fine-grained information about other apps running on the phone. While data protection impact assessments have been carried out for the health authority client app components, they have not been made public for the GAEN component.

Source: https://www.scss.tcd.ie/Doug.Leith/pubs/contact_tracing_app_traffic.pdf

Source: Study finds gaps in GAEN contact tracing apps privacy protection | Privacy International

De CoronaMelder-app stuurt tijdelijk geen waarschuwingen van mogelijke besmettingen naar andere gebruikers vanwege privacyproblemen.

Het stopzetten van de meldingen heeft te maken met het onveilig opslaan van de codes van CoronaMelder op Android-telefoons. Met het stopzetten wordt voorkomen dat gebruikers van de app in Nederland gekoppeld kunnen worden aan gegevens die toegankelijk zijn voor derden via het systeem van Google.

CoronaMelder maakt gebruik van het Google Apple Exposure Notification (GAEN) framework om ontmoetingen te detecteren. Het framework maakt gebruik van steeds wisselende willekeurige codes die worden uitgewisseld wanneer twee telefoons dichtbij elkaar zijn. Zo kan worden vastgesteld of iemand in contact is geweest met iemand die achteraf besmet bleek. Dit is een privacyvriendelijke manier om ontmoetingen bij te houden.

Derden zouden deze codes niet moeten kunnen verzamelen en inzien. Op telefoons die gebruik maken van Google Android is dit wel mogelijk. Apps die meegeleverd werden met een telefoon konden vaststellen of de telefoon in bezit is van iemand die eerder als besmet is gemeld in CoronaMelder en welke ontmoetingen met besmette personen hebben plaatsgevonden.

Woensdag gaf Google aan het probleem te hebben verholpen. Om hier zeker van te zijn worden de komende 48 uur geen codes van Nederlandse gebruikers van CoronaMelder die zich besmet hebben gemeld gedeeld met andere gebruikers van CoronaMelder. Deze tijd wordt gebruikt om te onderzoeken of Google het lek daadwerkelijk heeft gedicht.

Source: Temporary stop NL Corona Tracing App due to privacy problems (Dutch) | Emerce