We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
An anonymous reader writes: The Electronic Frontier Foundation has published a detailed, global strategy for ridding ourselves of mass surveillance. They stress that this must be an international effort — while citizens of many countries can vote against politicians who support surveillance, there are also many countries where the citizens have to resort to other methods. The central part of the EFF's plan is: encryption, encryption, encryption. They say we need to build new secure communications tools, pressure existing tech companies to make their products secure against everyone, and get ordinary internet-goers to recognize that encryption is a fundamental part of communication in the surveillance age.
They also advocate fighting for transparency and against overreach on a national level. "[T]he more people worldwide understand the threat and the more they understand how to protect themselves—and just as importantly, what they should expect in the way of support from companies and governments—the more we can agitate for the changes we need online to fend off the dragnet collection of data." The EFF references a document created to apply the principles of human rights to communications surveillance, which they say are "our way of making sure that the global norm for human rights in the context of communication surveillance isn't the warped viewpoint of NSA and its four closest allies, but that of 50 years of human rights standards showing mass surveillance to be unnecessary and disproportionate."
282 comments | 4 days ago
An anonymous reader tips an Associated Press report saying that Healthcare.gov is sending users' personal data to private companies. The information involved is typical ad-related analytic data: "...it can include age, income, ZIP code, whether a person smokes, and if a person is pregnant. It can include a computer's Internet address, which can identify a person's name or address when combined with other information collected by sophisticated online marketing or advertising firms." The Electronic Frontier Foundation confirmed the report, saying that data is being sent from Healthcare.gov to at least 14 third-party domains.
The EFF says, "Sending such personal information raises significant privacy concerns. A company like Doubleclick, for example, could match up the personal data provided by healthcare.gov with an already extensive trove of information about what you read online and what your buying preferences are to create an extremely detailed profile of exactly who you are and what your interests are. It could do all this based on a tracking cookie that it sets which would be the same across any site you visit. Based on this data, Doubleclick could start showing you smoking ads or infer your risk of cancer based on where you live, how old you are and your status as a smoker. Doubleclick might start to show you ads related to pregnancy, which could have embarrassing and potentially dangerous consequences such as when Target notified a woman's family that she was pregnant before she even told them. "
204 comments | about two weeks ago
Gamoid writes: The Electronic Frontier Foundation has identified online harassment as a major challenge facing free speech on the Internet, and lays out its plan to fix it. They say, "Online harassment is a digital rights issue. At its worst, it causes real and lasting harms to its targets, a fact that must be central to any discussion of harassment. Unfortunately, it's not easy to craft laws or policies that will address those harms without inviting government or corporate censorship and invasions of privacy—including the privacy and free speech of targets of harassment. ... Just because the law sometimes allows a person to be a jerk (or worse) doesn’t mean that others in the community are required to be silent or to just stand by and let people be harassed. We can and should stand up against harassment. Doing so is not censorship—it’s being part of the fight for an inclusive and speech-supporting Internet."
189 comments | about three weeks ago
schwit1 writes The EFF launched a new app that will make it easier for people to take action on digital rights issues using their phone. The app allows folks to connect to their action center quickly and easily, using a variety of mobile devices. Sadly, though, they had to leave out Apple devices and the folks who use them. Why? Because they could not agree to the terms in Apple's Developer Agreement and Apple's DRM requirements.
220 comments | about three weeks ago
An anonymous reader writes with this news from the EFF's Deep Links: The public got an early holiday gift today when a federal court agreed with us that six weeks of continually video recording the front yard of someone's home without a search warrant violates the Fourth Amendment. In United States v. Vargas local police in rural Washington suspected Vargas of drug trafficking. In April 2013, police installed a camera on top of a utility pole overlooking his home. Even though police did not have a warrant, they nonetheless pointed the camera at his front door and driveway and began watching every day. A month later, police observed Vargas shoot some beer bottles with a gun and because Vargas was an undocumented immigrant, they had probable cause to believe he was illegally possessing a firearm. They used the video surveillance to obtain a warrant to search his home, which uncovered drugs and guns, leading to a federal indictment against Vargas.
440 comments | about a month and a half ago
Peter Eckersley writes: Today EFF, Mozilla, Cisco, and Akamai announced a forthcoming project called Let's Encrypt. Let's Encrypt will be a certificate authority that issues free certificates to any website, using automated protocols (demo video here). Launching in summer 2015, we believe this will be the missing piece that deprecates the woefully insecure HTTP protocol in favor of HTTPS.
212 comments | about 2 months ago
New submitter riskkeyesq writes with a link to a blog post from Dane Jasper, CEO of Sonic.net, about what Jasper sees as the deepest problem in the U.S. broadband market and the Internet in general: "There are a number of threats to the Internet as a system for innovation, commerce and education today. They include net neutrality, the price of Internet access in America, performance, rural availability and privacy. But none of these are the root issue, they're just symptoms. The root cause of all of these symptoms is a disease: a lack of competition for consumer Internet access." Soft landings for former legislators, lobbyists disguised as regulators, hundreds of thousands of miles of fiber sitting unused, the sham that is the internet provider free market is keeping the US in a telecommunications third-world. What, exactly, can American citizens do about it? One upshot, in Jasper's opinion (hardly disinterested, is his role at CEO at an ISP that draws praise from the EFF for its privacy policies) is this: "Today’s FCC should return to the roots of the Telecom Act, and reinforce the unbundling requirements, assuring that they are again technology neutral. This will create an investment ladder to facilities for competitive carriers, opening access to build out and serve areas that are beyond our reach today."
135 comments | about 2 months ago
jriding (1076733) writes AT&T Mobility, the nation's second-largest cellular provider, says it's no longer attaching hidden Internet tracking codes to data transmitted from its users' smartphones. The practice made it nearly impossible to shield its subscribers' identities online. Would be nice to hear something similar from Verizon.
60 comments | about 2 months ago
Presto Vivace points out this troubling new report from the Electronic Frontier Foundation:
Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the U.S. and Thailand intercepting their customers' data to strip a security flag — called STARTTLS — from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.
By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.
245 comments | about 3 months ago
An anonymous reader writes: The EFF, representing a coalition of computer scientists, filed an amicus brief with the Supreme Court yesterday hoping for a ruling that APIs can't be copyrighted. The names backing the brief include Bjarne Stroustrup, Ken Thompson, Guido van Rossum, and many other luminaries. "The brief explains that the freedom to re-implement and extend existing APIs has been the key to competition and progress in both hardware and software development. It made possible the emergence and success of many robust industries we now take for granted—for example, mainframes, PCs, and workstations/servers—by ensuring that competitors could challenge established players and advance the state of the art. The litigation began several years ago when Oracle sued Google over its use of Java APIs in the Android OS. Google wrote its own implementation of the Java APIs, but, in order to allow developers to write their own programs for Android, Google's implementation used the same names, organization, and functionality as the Java APIs."
260 comments | about 3 months ago
An anonymous reader writes A few weeks ago I noted how security researchers had discovered that Verizon has been injecting a unique new 'stealth cookie' identifier into all user traffic that tracks user online behavior, even if the consumer opts out. Using a unique Identifier Header, or UIDH, Verizon's ham-fisted system broadcasts your identity all across the web — and remains intact and open to third-party abuse — even if you opt-out of Verizon's behavioral ad programs. Now the Electronic Frontier Foundation has filed a complaint with the FCC and has strongly indicated that they're considering legal action against Verizon for violating consumer privacy laws.
81 comments | about 3 months ago
blottsie writes The Electronic Frontier Foundation (EFF)'s new Secure Messaging Scorecard is designed to answer one important question: Which apps and tools actually keep your messages secure and safe from prying eyes? The results have been mixed. In the midst of many positive reactions from technology companies and users, the scorecard stoked a wave of criticism from several prominent figures in the security industry, who deemed the effort inaccurate, misleading, and vague."
63 comments | about 3 months ago
Peter Eckersley writes: Over at EFF we just launched our Secure Messaging Scorecard, which is the first phase in a campaign to promote the development of communications protocols that are genuinely secure and usable by ordinary people. The Scorecard evaluates communications software against critical minimum standards for what a secure messaging app should look like; subsequent phases are planned to examine real world usability, metadata protection, protocol openness, and involve a deeper look at the security of the leading candidates. Right now, we don't think the Internet has any genuinely usable, genuinely secure messaging protocols — but we're hoping to encourage tech companies and the open source community to starting closing that gap.
96 comments | about 3 months ago
itwbennett writes Tests on the latest version of Adobe System's e-reader software shows the company is now collecting less data following a privacy-related dustup last month, according to the Electronic Frontier Foundation. Adobe was criticized in early October after it was discovered Digital Editions collected metadata about e-books on a device, even if the e-books did not have DRM. Those logs were also sent to Adobe in plain text. Digital Editions version 4.0.1 appears to only collect data on e-books that have DRM (Digital Rights Management), writes Cooper Quintin, a staff technologist with the EFF.
32 comments | about 3 months ago
An anonymous reader writes: The Electronic Frontier Foundation has issued a report grading online service providers for how well they side with users over intellectual property disputes. They looked at sites like YouTube, Imgur, tumblr, and Twitter. "The services could receive a maximum of five stars, based on criteria including publicly documented procedures for responses to DMCA takedown notices and counter-notices, how the services handle trademark disputes, and if the company issued detailed transparency reports." Only two sites got a perfect rating: WordPress and Namecheap. tumblr got the worst score, and Imgur was not far behind. The rest of the sites were in between, though the EFF did give a bit of extra credit to Etsy for its educational guides and Twitter for its transparency reports.
16 comments | about 3 months ago
Frequent contributor Bennett Haselton writes: Facebook threatened to banish drag queen pseudonyms, and (some) users revolted by flocking to Ello, a social network which promised not to enforce real names and also to remain ad-free. Critics said that the idealistic model would buckle under pressure from venture capitalists. But both gave scant mention to the fact that a distributed social networking protocol, backed by a player large enough to get people using it, would achieve all of the goals that Ello aspired to achieve, and more. Read on for the rest.
269 comments | about 3 months ago
maynard writes: Kathy Sierra spent a tech career developing videogames and teaching Java programming in Sun Microsystems masterclasses. Up until 2007, she'd been a well regarded tech specialist who happened to be female. Until the day she opined on her private blog that given the crap-flood of bad comments, maybe forum moderation wasn't a bad idea. This opinion made her a target. A sustained trolling and harassment campaign followed, comprised of death and rape threats, threats against her family, fabricated claims of prostitution, and a false claim that she had issued a DMCA takedown to stifle criticism. All of this culminated in the public release of her private address and Social Security Number, a technique known as Doxxing. And so she fled from the public, her career, and even her home.
It turned out that a man named Andrew Auernheimer was responsible for having harassed Sierra. Known as 'Weev', he admitted it in a 2008 New York Times story on Internet Trolls. There, he spoke to the lengths which he and his cohorts went to discredit and destroy the woman. "Over a candlelit dinner of tuna sashimi, Weev asked if I would attribute his comments to Memphis Two, the handle he used to troll Kathy Sierra, a blogger. Inspired by her touchy response to online commenters, Weev said he "dropped docs" on Sierra, posting a fabricated narrative of her career alongside her real Social Security number and address. This was part of a larger trolling campaign against Sierra, one that culminated in death threats."
Now, seven years later, Kathy Sierra has returned to explain why she left and what recent spates of online harassment against women portend for the future if decent people don't organize. The situation has grown much more serious since she went into hiding all those years ago. It's more than just the threat of Doxxing to incite physical violence by random crazies with a screw loose. Read on for the rest of maynard's thoughts.
728 comments | about 4 months ago
Gunkerty Jeb writes The Ninth Circuit appeals court in San Francisco took oral arguments from the Electronic Frontier Foundation and the Department of Justice yesterday over the constitutionality of National Security Letters and the gag orders associated with them. The EFF defended a lower court's ruling that NSLs are unconstitutional, while the DoJ defended a separate ruling that NSLs can be enforced. Whatever the court rules, the issue of NSLs is all but certainly headed for the Supreme Court in the not too distant future.
112 comments | about 4 months ago
realized sends this news from the EFF:
For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the "first step" in protecting their children online. ... As official as it looks,ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies. The way ComputerCOP works is neither safe nor secure. It isn't particularly effective either, except for generating positive PR for the law enforcement agencies distributing it.
As security software goes, we observed a product with a keystroke-capturing function, also called a "keylogger," that could place a family's personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. EFF conducted a security review of ComputerCOP while also following the paper trail of public records to see how widely the software has spread. Based on ComputerCOP's own marketing information, we identified approximately 245 agencies in more than 35 states, plus the U.S. Marshals, that have used public funds (often the proceeds from property seized during criminal investigations) to purchase and distribute ComputerCOP. One sheriff's department even bought a copy for every family in its county.
72 comments | about 4 months ago
HughPickens.com writes When Apple published its first Transparency Report on government activity in late 2013, the document contained an important footnote that stated: "Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us." Now Jeff John Roberts writes at Gigaom that Apple's warrant canary has disappeared. A review of the company's last two Transparency Reports, covering the second half of 2013 and the first six months of 2014, shows that the "canary" language is no longer there suggesting that Apple is now part of FISA or PRISM proceedings.
Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request. This may also give some insight into Apple's recent decision to rework its latest encryption in a way that makes it almost impossible for the company to turn over data from most iPhones or iPads to police.
236 comments | about 4 months ago