Facebook

French Gov't Gives Facebook 3 Months To Stop Tracking Non-User Browsers 134

Reader iamthecheese writes RT reports that France's National Commission of Information and Freedoms found Facebook tracking of non-user browsers to be illegal. Facebook has three months to stop doing it. The ruling points to violations of members and non-members privacy in violation of an earlier ruling. The guidance, published last October, invalidates safe harbor provisions. If Facebook fails to comply the French authority will appoint someone to decide upon a sanction. Related: A copy of the TPP leaked last year no longer requires signing countries to have a safe harbor provision.

EFF: License Plate Scanner Deal Turns Texas Cops Into Debt Collectors (eff.org) 442

An anonymous reader writes: The Electronic Frontier Foundation is sounding the alarm about a deal between Texas law enforcement agencies and Vigilant Solutions — a company that provides vehicle surveillance tech. The deal will give Texas police access to a bunch of automated license plate readers (ALPRs), and access to the company's data and analytic tools. For free. How is Vigilant making money? "The government agency in turn gives Vigilant access to information about all its outstanding court fees, which the company then turns into a hot list to feed into the free ALPR systems. As police cars patrol the city, they ping on license plates associated with the fees. The officer then pulls the driver over and offers them a devil's bargain: get arrested, or pay the original fine with an extra 25% processing fee tacked on, all of which goes to Vigilant. In other words, the driver is paying Vigilant to provide the local police with the technology used to identify and then detain the driver. If the ALPR pings on a parked car, the officer can get out and leave a note to visit Vigilant's payment website." Vigilant also gets to keep the data collected on citizens while the ALPRs are in use.
Electronic Frontier Foundation

NSA Wants To Dump the Phone Records It Gathered Over 14 Years (thenextweb.com) 56

According to The Next Web, the NSA would like to get rid of something that a lot of people wish they'd never had in the first place: phone records that the agency has collected over a decade and a half (more, really) of mass surveillance. However, the EFF wants to make sure that the evidence of snooping doesn't get buried along with the actual recorded data. From the article: [T]he government says that it can't be sued by bodies like the EFF. The organization is currently involved in two pending cases seeking a remedy for the past 14 years of illegal phone record collection. EFF wrote a letter (PDF) to the secret Foreign Intelligence Surveillance Act court last December which it has now made public, explaining that it is ready to discuss options that will allow destruction of the records in ways that still preserve its ability to prosecute the cases. It'll be interesting to see how this pans out: if the government doesn't agree to a discussion about how to handle these phone records, it's possible that they will remain on file for years to come. Plus, it could allow the NSA to avoid being held accountable for its illegal mass surveillance.
Open Source

Linux Foundation Quietly Drops Community Representation (dreamwidth.org) 129

The Linux Foundation, though it's straightforwardly not a grassroots organization along the lines of the FSF or EFF, has long had a degree of non-corporate involvement by way of community-elected members on its board. Now, writes new submitter Ensign Nemo, that's no longer true. An excerpt from Matthew Garrett's blog on the change: The by-laws were amended to drop the clause that permitted individual members to elect any directors. Section 3.3(a) now says that no affiliate members may be involved in the election of directors, and section 5.3(d) still permits at-large directors but does not require them[2]. The old version of the bylaws are here - the only non-whitespace differences are in sections 3.3(a) and 5.3(d).

These changes all happened shortly after Karen Sandler announced that she planned to stand for the Linux Foundation board during a presentation last September. A short time later, the "Individual membership" program was quietly renamed to the "Individual supporter" program and the promised benefit of being allowed to stand for and participate in board elections was dropped (compare the old page to the new one).

Privacy

Rights Groups Push For Strong Broadband Privacy Rules (reuters.com) 29

An anonymous reader writes: A coalition of rights groups has sent a letter to the U.S. Federal Communications Commission asking for tougher privacy regulations on providers of broadband internet services. The letter was sent by the ACLU, the EFF, Public Citizen, and over 50 other groups. "Critics say broadband providers are already harvesting huge amounts of consumer data for use in targeted advertising, the groups wrote. 'This can create a chilling effect on speech and increase the potential for discriminatory practices derived from data use,' the letter said." FCC Chairman Tom Wheeler has said such firms need to ensure their data is protected, and that consumers should know more about what data is being collected, but he hasn't addressed whether the data should be harvested in the first place. He expects the FCC to review these practices "in the next several months."
China

EFF: Cisco Shouldn't Get Off the Hook For Aiding Torture In China (eff.org) 143

itwbennett writes: In a lawsuit in Northern California that was dismissed in 2014, Falun Gong practitioners alleged that Cisco Systems built a security system, dubbed "Golden Shield," for the Chinese government knowing it would be used to track and persecute members of the religious minority. That case is being appealed, and on Monday the EFF, Privacy International and free-speech group Article 19 filed a brief that supports the appeal. Many U.S. and European companies sell technology to regimes that violate human rights, and if this case goes to trial and Cisco loses, they may think twice, said EFF Staff Attorney Sophia Cope. "In a lot of instances, these companies are selling directly to the government, and they know exactly what is going to be happening," Cope said.
Advertising

Malvertising Campaign Used a Free Certificate From Let's Encrypt (csoonline.com) 123

itwbennett writes: On Wednesday, Trend Micro wrote that it discovered a cyberattack on Dec. 21 that was designed to install banking malware on computers. The cybercriminals had compromised a legitimate website and set up a subdomain that led to a server under their control, wrote Joseph Chen, a fraud researcher with Trend. The subdomain used an SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificate issued by Let's Encrypt, the first large-scale project to issue free digital certificates. which is run by the ISRG (Internet Security Research Group) and is backed by Mozilla, the Electronic Frontier Foundation, Cisco, and Akamai, among others. The incident has sparked disagreement over how to deal with such abuse, writes Jeremy Kirk.
Electronic Frontier Foundation

EFF: T-Mobile "Binge On" Is Just Throttling of All Data (eff.org) 227

onedobb writes: Tests confirm that when Binge On is enabled, T-Mobile throttles all HTML5 video streams to around 1.5Mps, even when the phone is capable of downloading at higher speeds, and regardless of whether or not the video provider enrolled in Binge On. This is the case whether the video is being streamed or being downloaded—which means that T-Mobile is artificially reducing the download speeds of customers with Binge On enabled, even if they're downloading the video to watch later. It also means that videos are being throttled even if they're being watched or downloaded to another device via a tethered connection.
Electronic Frontier Foundation

Microsoft Patents a Slider, Earning EFF's "Stupid Patent of the Month" Award (arstechnica.com) 127

An anonymous reader writes with news that the EFF has given Microsoft a dubious award this month for their slider patent. According to Ars: "The Electronic Frontier Foundation's 'Stupid Patent of the Month' for December isn't owned by a sketchy shell company, but rather the Microsoft Corporation. The selection, published yesterday, is the first time the EFF has picked a design patent as the SPOTM. The blog post seeks to highlight some of the problems with those lesser-known cousins to standard 'utility' patents, especially the damages that can result. The chosen patent (PDF), numbered D554,140, would seem to be one of those things that's so simple it raises some basic philosophical questions about the patent system. That's because it's just a slider, in the bottom-right corner of a window, with a plus sign at one end and a minus sign at the other. That's it.
Electronic Frontier Foundation

EFF Launches Panopticlick 2.0 (eff.org) 63

Peter Eckersley writes: The EFF has launched Panopticlick 2.0. In addition to measuring whether your browser exposes unique — and therefore trackable — settings and configuration to websites, the site can now test if you have correctly configured ad- and tracker-blocking software. Think you have correctly configured tracker-blocking software? Visit Panopticlick to test if you got it right.
Operating Systems

Ubuntu 16.04 Will Not Send Local Searches Over the Web By Default 102

jones_supa writes: Canonical introduced Amazon Product Results as part of Ubuntu 12.10, which meant that local searches performed by a user in Dash were also sent online. This made many Ubuntu users spill their coffee and got criticism from EFF and FSF as well. The so called "Shopping Lens" had to be manually disabled if that kind of search behavior was not desired. Finally after years, Canonical is reacting to the negative feedback and respecting users' privacy, so that Ubuntu 16.04 (the next Long Term Support release) won't send local searches over the web by default. The Amazon search feature is still available for those who explicitly want to use it.
Businesses

Tor Hires Former EFF Chief As Executive Director (cio.com) 33

itwbennett writes: Shari Steele, a 20-year veteran of the Electronic Frontier Foundation (EFF), has been hired as executive director of the Tor Project, the widely used anonymity tool that frequently comes up in debates over encryption and privacy. Steele, who started at EFF as a staff attorney, then legal director and eventually executive director, comes on board at a time when Tor has been embroiled in controversy. In November, the organization accused the FBI of paying Carnegie Mellon University $1 million for information on security issues that later facilitated arrests related to online drug markets.
Politics

Interviews: Ask Attorney and Author Mike Godwin a Question 83

Mike Godwin worked as the first staff counsel of the EFF and served as general counsel for the Wikimedia Foundation. He has been a contributing editor of Reason magazine and was elected to the Open Source Initiative board in 2011. Mike is probably best known however for coining the internet adage Godwin's Law. He is currently general counsel and director of innovation policy at the R Street Institute. Mike has given us some of his time to answer any questions you may have. As usual, ask as many as you'd like, but please, one question (and one comparison involving Nazis or Hitler) per post.
Electronic Frontier Foundation

FTC Appoints EFF Board Member Lorrie Cranor As Chief Technologist (ftc.gov) 50

itwbennett writes: The US Federal Trade Commission has appointed Lorrie Faith Cranor as Chief Technologist. Cranor is the director of the Carnegie Mellon Usable Privacy and Security Laboratory and a member of the Electronic Frontier Foundation (EFF) Board of Directors. She was previously a researcher at AT&T Labs Research and has also taught at the Stern School of Business at New York University. She will succeed Ashkan Soltani at the FTC. "Cranor has authored over 150 research papers on online privacy and usable security, and has played a central role in establishing the usable privacy and security research community."
Electronic Frontier Foundation

Google Calls Out EFF Over Claims That It Snoops On Students With Chromebooks (hothardware.com) 100

MojoKid writes: The Electronic Frontier Foundation (EFF) caused quite a stir this week when it alleged that Google is using its Chromebook platform, which has made a significant impact in education markets, to snoop on students. The charges were damning, with the EFF claiming that Google was violating its own corporate policies and using students' personally identifiable browsing data/habits to refine its services, in addition to sharing that data with partners. Obviously, Google would take such allegations seriously, and has thus responded to every claim brought forth by the EFF. "While we appreciate the EFF's focus on student data privacy, we are confident that our tools comply with both the law and our promises, including the Student Privacy Pledge..." said Jonathan Rochelle, the Director of Google Apps for Education. With respect to Google Apps for Education Core Services (GAFE), Rochelle asserts that all student data stored is "only used to provide the services themselves" and that student data isn't used for advertising purposes, nor are ads served to students. Rochelle also explains that personally identifiable data of students is removed, and only aggregated data of its millions of users is utilized to help improve its services.
The Courts

Video The FSF's Donald Robertson Talks About Copyrights, Patents, and the TPP (Video) 39

We all know (or know about) Richard M. Stallmann, founder of and vociferous spokesman for the Free Software Foundation. But the organization is far from a one-man band, and Donald Robertson, their copyright administrator (and wearer of several other hats as well) is the person to turn to when you want to get into the murky depths of copyright and patent law. He's also somewhat of an expert on the Trans Pacific Partnership (TPP), which the FSF says, '...has a number of truly dangerous provisions that harm software freedom."

What can you do to help stop this trade agreement that has gotten the FSF (and the EFF, among others) up in arms? Don answers that question in the video (and accompanying transcript for those who would rather read than watch). And any unanswered questions will probably be taken care of in a second video interview with Mr. Robertson that we plan to run in the next day or two.
Google

Google Accused of Tracking School Kids After Promising Not To (cio.com) 131

itwbennett writes: In a complaint (PDF) filed Tuesday with the Federal Trade Commission, the Electronic Frontier Foundation (EFF) claims that "despite publicly promising not to, Google mines students' browsing data and other information, and uses it for the company's own purposes." The EFF says Google's practice of recording everything students do while they're logged into their Google accounts, regardless of the device or browser they're using, puts the company in breach of Section 5 of the Federal Communications Act.
Privacy

Revealed: What Info the FBI Can Collect With a National Security Letter 93

An anonymous reader writes with this lead from Help Net Security's story on a topic we've touched on here many times: the broad powers arrogated by the Federal government in the form of National Security Letters: On Monday, after winning an eleven-year legal battle, Nicholas Merrill can finally tell the public how the FBI has secretly construed its authority to issue National Security Letters (NSLs) to permit collection of vast amounts of private information on US citizens without a search warrant or any showing of probable cause. The PATRIOT Act vastly expanded the domestic reach of the NSL program, which allows the FBI to compel disclosure of information from online companies and forbid recipients from disclosing they have received an NSL. The FBI has refused to detail publicly the kinds of private data it believes it can obtain with an NSL. A key sentence from the same story: "Merrill is now able to reveal that the FBI believes it can force online companies to turn over the following information simply by sending an NSL demanding it: an individual’s complete web browsing history; the IP addresses of everyone a person has corresponded with; and records of all online purchases." Reader Advocatus Diaboli adds this, from The Intercept: One of the most striking revelations, Merrill said during a press teleconference, was that the FBI was requesting detailed cell site location information — cellphone tracking records — under the heading of "radius log" information. Traditionally, radius log refers to a user's attempts to connect to a server or a DSL line — a sort of anachronism given the progress of technology. "The notion that the government can collect cellphone location information — to turn your cellphone into a tracking device, just by signing a letter — is extremely troubling," Merrill said.
Electronic Frontier Foundation

Judge Wipes Out Safe Harbor Provision In DMCA, Makes Cox Accomplice of Piracy (arstechnica.com) 223

SysKoll writes: The DMCA is well-known for giving exorbitant powers to copyright holders, such as taking down a page or a whole web site without a court order. Media companies buy services from vendors like Rightscorp, a shake-down outfit that issues thousands of robot-generated take-down notices and issues threats against ISPs and sites ignoring them. Cox, like a lot of ISPs, is inundated with abusive take-down notices, in particular from Rightscorp. Now, BMG Rights Management and Round Hill Music are suing Cox for refusing to shut off the Internet access of subscribers that Rightscorp accused of downloading music via BitTorrent. Cox argues that as an ISP, they benefit from the Safe Harbor provision that shields access providers from subscribers' misbehavior. Not so, says U.S. District Judge Liam O'Grady. The judge sided with the media companies ahead of trial, saying Cox should have terminated the repeat offenders accused by Rightscorp. Cox's response is quite entertaining for a legal document (PDF): its description of Rightscorp includes the terms "shady," "shake-down," and "pay no attention to the facts." O'Grady also derided the Electronic Frontier Foundation's attempt to file an amicus brief supporting Cox, calling them hysterical crybabies.

Slashdot Top Deals