We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
Peter Eckersley writes: Today EFF, Mozilla, Cisco, and Akamai announced a forthcoming project called Let's Encrypt. Let's Encrypt will be a certificate authority that issues free certificates to any website, using automated protocols (demo video here). Launching in summer 2015, we believe this will be the missing piece that deprecates the woefully insecure HTTP protocol in favor of HTTPS.
201 comments | 2 days ago
New submitter riskkeyesq writes with a link to a blog post from Dane Jasper, CEO of Sonic.net, about what Jasper sees as the deepest problem in the U.S. broadband market and the Internet in general: "There are a number of threats to the Internet as a system for innovation, commerce and education today. They include net neutrality, the price of Internet access in America, performance, rural availability and privacy. But none of these are the root issue, they're just symptoms. The root cause of all of these symptoms is a disease: a lack of competition for consumer Internet access." Soft landings for former legislators, lobbyists disguised as regulators, hundreds of thousands of miles of fiber sitting unused, the sham that is the internet provider free market is keeping the US in a telecommunications third-world. What, exactly, can American citizens do about it? One upshot, in Jasper's opinion (hardly disinterested, is his role at CEO at an ISP that draws praise from the EFF for its privacy policies) is this: "Today’s FCC should return to the roots of the Telecom Act, and reinforce the unbundling requirements, assuring that they are again technology neutral. This will create an investment ladder to facilities for competitive carriers, opening access to build out and serve areas that are beyond our reach today."
135 comments | 5 days ago
jriding (1076733) writes AT&T Mobility, the nation's second-largest cellular provider, says it's no longer attaching hidden Internet tracking codes to data transmitted from its users' smartphones. The practice made it nearly impossible to shield its subscribers' identities online. Would be nice to hear something similar from Verizon.
60 comments | 5 days ago
Presto Vivace points out this troubling new report from the Electronic Frontier Foundation:
Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the U.S. and Thailand intercepting their customers' data to strip a security flag — called STARTTLS — from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client.
By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted. Some firewalls, including Cisco's PIX/ASA firewall do this in order to monitor for spam originating from within their network and prevent it from being sent. Unfortunately, this causes collateral damage: the sending server will proceed to transmit plaintext email over the public Internet, where it is subject to eavesdropping and interception.
245 comments | about two weeks ago
An anonymous reader writes: The EFF, representing a coalition of computer scientists, filed an amicus brief with the Supreme Court yesterday hoping for a ruling that APIs can't be copyrighted. The names backing the brief include Bjarne Stroustrup, Ken Thompson, Guido van Rossum, and many other luminaries. "The brief explains that the freedom to re-implement and extend existing APIs has been the key to competition and progress in both hardware and software development. It made possible the emergence and success of many robust industries we now take for granted—for example, mainframes, PCs, and workstations/servers—by ensuring that competitors could challenge established players and advance the state of the art. The litigation began several years ago when Oracle sued Google over its use of Java APIs in the Android OS. Google wrote its own implementation of the Java APIs, but, in order to allow developers to write their own programs for Android, Google's implementation used the same names, organization, and functionality as the Java APIs."
254 comments | about two weeks ago
An anonymous reader writes A few weeks ago I noted how security researchers had discovered that Verizon has been injecting a unique new 'stealth cookie' identifier into all user traffic that tracks user online behavior, even if the consumer opts out. Using a unique Identifier Header, or UIDH, Verizon's ham-fisted system broadcasts your identity all across the web — and remains intact and open to third-party abuse — even if you opt-out of Verizon's behavioral ad programs. Now the Electronic Frontier Foundation has filed a complaint with the FCC and has strongly indicated that they're considering legal action against Verizon for violating consumer privacy laws.
81 comments | about two weeks ago
blottsie writes The Electronic Frontier Foundation (EFF)'s new Secure Messaging Scorecard is designed to answer one important question: Which apps and tools actually keep your messages secure and safe from prying eyes? The results have been mixed. In the midst of many positive reactions from technology companies and users, the scorecard stoked a wave of criticism from several prominent figures in the security industry, who deemed the effort inaccurate, misleading, and vague."
63 comments | about two weeks ago
Peter Eckersley writes: Over at EFF we just launched our Secure Messaging Scorecard, which is the first phase in a campaign to promote the development of communications protocols that are genuinely secure and usable by ordinary people. The Scorecard evaluates communications software against critical minimum standards for what a secure messaging app should look like; subsequent phases are planned to examine real world usability, metadata protection, protocol openness, and involve a deeper look at the security of the leading candidates. Right now, we don't think the Internet has any genuinely usable, genuinely secure messaging protocols — but we're hoping to encourage tech companies and the open source community to starting closing that gap.
96 comments | about two weeks ago
itwbennett writes Tests on the latest version of Adobe System's e-reader software shows the company is now collecting less data following a privacy-related dustup last month, according to the Electronic Frontier Foundation. Adobe was criticized in early October after it was discovered Digital Editions collected metadata about e-books on a device, even if the e-books did not have DRM. Those logs were also sent to Adobe in plain text. Digital Editions version 4.0.1 appears to only collect data on e-books that have DRM (Digital Rights Management), writes Cooper Quintin, a staff technologist with the EFF.
32 comments | about two weeks ago
An anonymous reader writes: The Electronic Frontier Foundation has issued a report grading online service providers for how well they side with users over intellectual property disputes. They looked at sites like YouTube, Imgur, tumblr, and Twitter. "The services could receive a maximum of five stars, based on criteria including publicly documented procedures for responses to DMCA takedown notices and counter-notices, how the services handle trademark disputes, and if the company issued detailed transparency reports." Only two sites got a perfect rating: WordPress and Namecheap. tumblr got the worst score, and Imgur was not far behind. The rest of the sites were in between, though the EFF did give a bit of extra credit to Etsy for its educational guides and Twitter for its transparency reports.
16 comments | about three weeks ago
Frequent contributor Bennett Haselton writes: Facebook threatened to banish drag queen pseudonyms, and (some) users revolted by flocking to Ello, a social network which promised not to enforce real names and also to remain ad-free. Critics said that the idealistic model would buckle under pressure from venture capitalists. But both gave scant mention to the fact that a distributed social networking protocol, backed by a player large enough to get people using it, would achieve all of the goals that Ello aspired to achieve, and more. Read on for the rest.
269 comments | about a month ago
maynard writes: Kathy Sierra spent a tech career developing videogames and teaching Java programming in Sun Microsystems masterclasses. Up until 2007, she'd been a well regarded tech specialist who happened to be female. Until the day she opined on her private blog that given the crap-flood of bad comments, maybe forum moderation wasn't a bad idea. This opinion made her a target. A sustained trolling and harassment campaign followed, comprised of death and rape threats, threats against her family, fabricated claims of prostitution, and a false claim that she had issued a DMCA takedown to stifle criticism. All of this culminated in the public release of her private address and Social Security Number, a technique known as Doxxing. And so she fled from the public, her career, and even her home.
It turned out that a man named Andrew Auernheimer was responsible for having harassed Sierra. Known as 'Weev', he admitted it in a 2008 New York Times story on Internet Trolls. There, he spoke to the lengths which he and his cohorts went to discredit and destroy the woman. "Over a candlelit dinner of tuna sashimi, Weev asked if I would attribute his comments to Memphis Two, the handle he used to troll Kathy Sierra, a blogger. Inspired by her touchy response to online commenters, Weev said he "dropped docs" on Sierra, posting a fabricated narrative of her career alongside her real Social Security number and address. This was part of a larger trolling campaign against Sierra, one that culminated in death threats."
Now, seven years later, Kathy Sierra has returned to explain why she left and what recent spates of online harassment against women portend for the future if decent people don't organize. The situation has grown much more serious since she went into hiding all those years ago. It's more than just the threat of Doxxing to incite physical violence by random crazies with a screw loose. Read on for the rest of maynard's thoughts.
728 comments | about a month and a half ago
Gunkerty Jeb writes The Ninth Circuit appeals court in San Francisco took oral arguments from the Electronic Frontier Foundation and the Department of Justice yesterday over the constitutionality of National Security Letters and the gag orders associated with them. The EFF defended a lower court's ruling that NSLs are unconstitutional, while the DoJ defended a separate ruling that NSLs can be enforced. Whatever the court rules, the issue of NSLs is all but certainly headed for the Supreme Court in the not too distant future.
112 comments | about a month and a half ago
realized sends this news from the EFF:
For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the "first step" in protecting their children online. ... As official as it looks,ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies. The way ComputerCOP works is neither safe nor secure. It isn't particularly effective either, except for generating positive PR for the law enforcement agencies distributing it.
As security software goes, we observed a product with a keystroke-capturing function, also called a "keylogger," that could place a family's personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. EFF conducted a security review of ComputerCOP while also following the paper trail of public records to see how widely the software has spread. Based on ComputerCOP's own marketing information, we identified approximately 245 agencies in more than 35 states, plus the U.S. Marshals, that have used public funds (often the proceeds from property seized during criminal investigations) to purchase and distribute ComputerCOP. One sheriff's department even bought a copy for every family in its county.
72 comments | about 1 month ago
HughPickens.com writes When Apple published its first Transparency Report on government activity in late 2013, the document contained an important footnote that stated: "Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us." Now Jeff John Roberts writes at Gigaom that Apple's warrant canary has disappeared. A review of the company's last two Transparency Reports, covering the second half of 2013 and the first six months of 2014, shows that the "canary" language is no longer there suggesting that Apple is now part of FISA or PRISM proceedings.
Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request. This may also give some insight into Apple's recent decision to rework its latest encryption in a way that makes it almost impossible for the company to turn over data from most iPhones or iPads to police.
236 comments | about 2 months ago
230 comments | about 2 months ago
jfruh writes A U.S. appeals court cleared Yelp of charges of extortion related to its interaction with several small businesses who claim Yelp demanded that they pay for advertising or face negative reviews. While Yelp says it never altered a business rating for money, the court's finding was instead based on a strict reading of the U.S. extortion law, classifying Yelp's behavior as, at most, "hard bargaining." Interestingly, the EFF supported Yelp here, arguing that "Section 230 of the Communications Decency Act (CDA) protects online service providers from liability and lawsuits over user-generated content, except in very narrow circumstances where the providers created or developed content themselves. In its amicus brief, EFF argued that mere conjecture about contributing content – like there was in this case – is not enough to allow a lawsuit to go forward."
63 comments | about 3 months ago
An anonymous reader writes: A Los Angeles Superior Court judge has ruled that the Los Angeles Police Department is not required to hand over a week's worth of license plate reader data to the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF). He cited the potential of compromising criminal investigations and giving (un-charged) criminals the ability to determine whether or not they were being targeted by law enforcement (PDF). The ACLU and the EFF sought the data under the California Public Records Act, but the judge invoked Section 6254(f), "which protects investigatory files." ACLU attorney Peter Bibring notes, "New surveillance techniques may function better if people don't know about them, but that kind of secrecy is inconsistent with democratic policing."
108 comments | about 3 months ago
Personal Audio has been trying to assert patents they claim cover podcasting for some time now; in March Adam Carolla was sued and decided to fight back. Via the EFF comes news that he has settled with Personal Audio, and the outcome is likely beneficial to those still fighting the trolls. From the article: Although the settlement is confidential, we can guess the terms. This is because Personal Audio sent out a press release last month saying it was willing to walk away from its suit with Carolla. So we can assume that Carolla did not pay Personal Audio a penny. We can also assume that, in exchange, Carolla has given up the opportunity to challenge the patent and the chance to get his attorney’s fees. ... EFF’s own challenge to Personal Audio’s patent is on a separate track and will continue ... with a ruling likely by April 2015. ... We hope that Personal Audio’s public statements on this issue mean that it has truly abandoned threatening and suing podcasters. Though a press release might not be legally binding, the company will have a hard time justifying any further litigation (or threats of litigation) against podcasters. Any future targets can point to this statement. Carolla deserves recognition for getting this result.
63 comments | about 3 months ago
An anonymous reader writes: The Electronic Frontier Foundation has updated its guide for protecting yourself and your cell phone at a protest. In addition to being extremely powerful tools (real-time communication to many watchers via social media, and video recording functionality), cell phones can also give authorities a lot of information about you if they confiscate it. The EFF is trying to encourage cell phone use and prepare people to use them. (The guide is based on U.S. laws, but much of the advice makes sense for other places as well.) Here are a few small snippets: "Start using encrypted communications channels. Text messages, as a rule, can be read and stored by your phone company or by surveillance equipment in the area. ... If the police ask to see your phone, tell them you do not consent to the search of your device. Again, since the Supreme Court's decision in Riley, there is little question that officers need a warrant to access the contents of your phone incident to arrest, though they may be able to seize the phone and get a warrant later. ... If your phone or electronic device was seized, and is not promptly returned when you are released, you can file a motion with the court to have your property returned."
82 comments | about 3 months ago