Slashdot Mirror

https://panopticlick.eff.org/

The EFF bloggedabout deliberately misleading UI design over 6 years ago, going with the name 'Evil Interfaces.' My favorite alternate name was 'confuser interface design', by the way. 'Dark patterns' is so vague as to be useless.

This claim is from their guide for law enforcement, page 8, 5th paragraph. They claim that once deleted they cannot produce messages for law enforcement, even if presented with a valid warrant.

It seems that is inaccurate. So either they were lying to law enforcement, or they fabricated the messages, or they tried extra hard and found a way to do it which will now be subjected to rigorous scrutiny by the defence.

It's not a get-out-of-jail-free card but someone from Yahoo will have to explain what happened here and why these recovered messages should be taken at face value.

Here is the complaint, in case anyone wants to read it.

Their argument in brief: those provisions of the DMCA are preventing people from expressing themselves (free speech) which violates the first amendment. The Library of Congress is supposed to approve various exemptions to the DMCA for the purpose of research (or other), but the LoC failed to do so (in 2015). Even if the LoC had correctly fulfilled their duty, having them as a gatekeeper on what speech is allowed violates the first amendment.

This is a great lawsuit, I can't wait to see what the government's response will be. Incidentally, there is a third plaintiff besides the two mentioned in the summary, a company called Alphamax (but I've never heard of them).

You might want to put a link to EFF's donate page. Thanks.

Microsoft does not protect their user's data, and Skype itself is a security and privacy nightmare: https://www.eff.org/node/82654 (N.B. the EFF is going to update this score card soon, but it's still right about Skype; see here: https://www.eff.org/mention/ns...)

Microsoft does not protect their user's data, and Skype itself is a security and privacy nightmare: https://www.eff.org/node/82654 (N.B. the EFF is going to update this score card soon, but it's still right about Skype; see here: https://www.eff.org/mention/ns...)

Google Removes Vital Privacy Feature From Android, Claiming Its Release Was Accidental

Ghostery's business model is that they prevent other trackers from tracking their users so that the tracking data gathered by Ghostery itself is more valuable.

There is no need to compromise with commercial interests on this subject. Use EFF's Privacy Badger instead.

Isn't this just the effect making the wrong verdict? As the EFF says, Still, the fair use victory is bittersweet. Judge William Alsup's previous opinion that the API labels in question are not copyrightable was the correct one, based on a reasonable reading of the copyright law in question. The Federal Circuit decision to reverse that opinion was not just wrong but dangerous.

Why does Microsoft have such an obsessive hard-on for Skype?

I'm sure it has nothing at all to do with Skype's longstanding status as the NSA's wet dream [pdf warning].

Thank you.

I think I found the link you requested here. Well I feel a little less like a Dingus. I think I failed to read the article in its entirety. Here are some sound bites:

Our last finding is that T-Mobileâ(TM)s video âoeoptimizationâ doesnâ(TM)t actually alter or enhance the video stream for delivery to a mobile device over a mobile network in any way. 2 This means T-Mobileâ(TM)s âoeoptimizationâ consists entirely of throttling the video streamâ(TM)s throughput down to 1.5Mbps. If the video is more than 480p and the server sending the video doesnâ(TM)t have a way to reduce or adapt the bitrate of the video as itâ(TM)s being streamed, the result is stuttering and uneven streamingâ"exactly the opposite of the experience T-Mobile claims their âoeoptimizationâ will have.

And the '2' footnote:

We determined this by comparing the hash of a downloaded video file to the hash of the same file on the server; in all of our tests, the hash was identical.

Admittedly I cannot find the time right now to read the article in its entirety but I cannot find any reference to the video re-encoding. The first time I saw anything about that was yesterday when I wandered through the Slashdot thread. I probably saw that it came from the EFF so I put it down after that. The idea of T-Mobile actually re-encoding the video streams is very counter-intuitive to me so I hadn't even really considered it as a possibility. Why recompress a compressed video when on the service side they can recompress the full quality video?

I disagree that it violates net neutrality, as it is being done only at the customer's request.

By 'customer' do you mean T-Mobile is the customer or that the video service is? My understanding is that the service provider has to be the one to make the request to T-Mobile...?

Either way, my stance on this is that if a service provider has to jump through extra hoops to get to one ISP's customers then boom we're back into not-neutrality. I am a little confused by your statement so I'll say this much at least: If the customer, the person with the smartphone can request that a particular site be zero rated, and it doesn't matter what site that is, I am fine with that, but I say that assuming it doesn't mean T-Mobile has to enter into a contract with another entity to accomplish that.

In all honesty, I really am waiting for them to deny an application, the ensuing media shitstorm will be one of epic proportions.

I wish the cell carriers would offer an unlimited but slow pipe. I'd happily pay a fair amount for a 3 megabit un-metered connection. Luckily I still have an unlimited plan through AT&T but the contracts are over, so I imagine I'll be shopping come 2017.

To your point, though, I've got ten bucks on someone trying to get their own personal server zero-rated. If I had the time I'd do it myself. "I need to keep an eye on my cat while I'm at work!" Heh.

I agree; however, what about Chromium or SRWare Iron or even Vivaldi/Opera?

I only use Firefox anyway, as I doubt anyone has extensively analysed Chromium source code in order to search for any hidden Google tracking mechanisms or reporting techniques.
And even if the source appears to be clean, Google aren't stupid, their trackers are over most websites, and through js obfuscation and ajaxing encrypted data back to Google, they may be able to trigger various reporting elements in Chromium to extract user data and uniquely fingerprint each installation.

I know, sounds like paranoia and tinfoil hat stuff, but considering how evil Google is, I wouldn't put it past them.

"We commend Wickr for its strong stance regarding user rights, transparency, and privacy"

Wickr

handy stickers just for the purpose, for a small donation:
https://supporters.eff.org/sho...

Go get 5 re-place-able and very opaque stickers for a $5 donation. I keep one on my webcam. To boot, it looks classier than a post-it; it lasts forever; and it advertises for the EFF -- a worthy cause.

Go here to get your own set of camera covers.

Why not just have a per-site identity? In other words, tracking cookies become worthless because they can't follow you from site to site.

You have, in effect, described EFF's Privacy Badger addon. It works heuristically to block cookies from leaking from their original domains, except when told otherwise (some exceptions are included by default -- so-called yellowlist, check out "How does Privacy Badger work?" section). I've been using it for some time and seems to work very well with little breakage. Rarely have to whitelist something.

I'm not sure what you expect Google to do about it now (short of inventing time travel).

Google could have left this feature enabled back in December 2013

See my other reply. Most everything that you're worrying about were theoretical abuses. The Netflix issue is the only thing you mention that actually happened and it's still unclear to me how much of that was Reed Hastings trying to offload his cost of doing business onto others -- Netflix does not have completely clean hands here or elsewhere -- and how much was the ISPs being dicks. I suspect a little bit of Column A and a little bit of Column B.

Meanwhile, as I said in my other post, caps and zero rating are fait accomplis, and they're doing real damage to the internet. This is and always was FUD. This and this are real and the FCC is doing nothing about them. Color me skeptical that they're likely to intervene at this point, as I said, they're fait accomplis. We spent a decade fighting over abuses that never actually happened while the ISPs were busy building a fence around one killer app (video) that directly competes with them, while precluding the emergence of future killer apps, and massively increasing their own revenues to boot.

They also were a much larger portion of the infringing work, it was not functional........etc

You are misunderstanding the fair-use factor 3, the amount copied. That isn't a positive defense, at best it is neutral: Google can say "We copied no more than necessary." But Oracle will try to argue that they did copy more than necessary.

The actual expression (the source code) doesn't lose protection unless there's merger - which was the case here

No, that was Google's idea, but the appellate court explained why it is wrong, see here starting on page 30. In brief, when considering merger for copyright protection, you need to consider the options available to Sun when they originally wrote Java: there were plenty of ways they could have written any of those APIs.

It was transformative because they created entirely new implementation code, and used the existing API in new ways.

Indeed, and Google absolutely owns the copyright on the new implementation code, that isn't even in dispute.
--
The point I'm trying to make here isn't so much to decide whether Google should lose or not, I honestly don't care if one company pays billions to another. My point is that even if Google loses, there is plenty of reason that the ruling would not apply to most other open source projects, like Wine or Samba. There are clear differences between what Samba is doing and what Google did.

Just like the 200+ comments on Hacker News, another news aggregation site with a very tech-savvy demo, you will have to look really hard to find anyone who supports the TPP.

The EFF has written extensively how digital rights are negatively affected by this.

The TPP is bad, bad, bad, and it's been fast tracked for passage with no debate/oversight. Hopefully there will be a SOPA-like outcry against it that shuts it down. All three Dem/GOP presidential candidates claim to be against it (but we'll see how long that lasts). Not sure about libertarian candidates.. somehow I suspect they'll take the more traditional "free trade" perspective, but maybe I'll be delightfully surprised.

Too bad Google's on the wrong side of history here.

For example, their "win" against pen registers is obsolete because now you have skyhooks that can track ALL phones in an area.

For example, their "win" against pen registers is obsolete because now you have skyhooks that can track ALL phones in an area.

You mean several courts have divergent opinions and rulings, and the Supreme Court has yet to take it up.

Heck the big one in the 6th Circuit says the exact opposite of what you claim. I mean seriously if your going to say something is settled you might want to look up some evidence to support your opinion.

https://en.wikipedia.org/wiki/...
https://www.eff.org/deeplinks/...
http://www.csmonitor.com/USA/J...

Maybe the Senate will take up https://www.congress.gov/bill/... and we can resolve this once and for all.

Yahoo may be the first since "the reforms of the USA Freedom Act", but the Internet Archive fought and won back in '08. I'm pretty sure Slashdot covered it when it happened, but I'm too lazy to hunt down the link.

It's not clear to me if the USA Freedom Act made this harder (in which case, why are we calling them "reforms"?) or easier. That would make this story a lot more interesting.

(The EFF has the Archive's slightly-redacted NSL on file, for anyone who's interested in comparisons.)

Not quite.
The judge could (amongst other things) as I understand it have ruled it was fair use, have ruled it was infringing - or dismissed the case because it was not a copyrightable matter.
The best case would be the latter. The first is still extremely problematic for devs, though for a very different reason the shill above claims.
https://www.eff.org/deeplinks/...
See the later caveats in that celebration.

...until the next version comes out next year or a rubber stamping judge approves a new abuse of the Patriot act. These come up year after year until the people get tired of protesting the same bill every fucking year, then Congress passes a version thereof. Why? Why do we keep electing the same scum year after year? What is wrong with the American voter?

Basically, Oracle is presupposing that it owns a language, so any use of that language's lexicon and grammar is theirs to control-- and assert that they get this power through copyright.

Here you are wrong, notice carefully the fine distinction, Oracle never claimed to own the Java language (so all those people thinking this case might settle the questions of languages being copyrighted were wrong), in fact, they admitted that they gave the language away. Instead, they claimed to own the Java standard library, and those packages are what this case is about.

This is a tricky area legally-- Copyright is not the appropriate vehicle for this kind of intellectual property. (Patents are the appropriate vehicle.)

The appellate court addressed (briefly) the question of patents vs copyright in their decision. You should read the decision, I think you might enjoy it.

Everyone here is already using Privacy Badger ( https://www.eff.org/privacybad... ) or similar right?

Read through this case and you'll be much smarter. Or don't read it, and remain ignorant.

Attempting to have exclusive rights to an API is like a restaurant wanting exclusive rights to phrases such as "GET WATER", or "ONE BEER PLEASE"

The courts deal with this problem by using the "abstraction-filtration-comparison" test. Essentially, they remove all the parts that are common and unexpressive, such as "get water" or "one beer please," and then they make a comparison with whatever is left. In this case, math.abs() is probably not original, but clearly the package name "java.math.*" is not necessary for expressing the idea of absolute value.

There's a lot of good information in the appeal court's decision, and also Wikipedia has a decent article on the abstraction-filtration-comparison test.

What crime? the TOS is the governing contract with the user.

Nope. The actual law take precedence.

Also note this clause: "The exclusive means of resolving any dispute or claim arising out of .... "

The actual law take precedence. E.g. the law of a country always apply to the full extent in that country with no exception. Example.

EU has strong privacy laws granting rights which cannot be waived.

You may have missed: "Google Abandons Open Standards for Instant Messaging"

https://www.eff.org/deeplinks/...

Looks like Slashdot is also using janrain, although ghostery blocked it for me and I dont have any trouble with this site. Even after using tracking cookie blockers and the like, its still possible to track individual users just based on the unique signature they have when they browse online. From the sites you view and the times you view them at, to the software and plugins you have loaded to browse the internet. They are all aspects of your digital fingerprint, and blocking all the tracking cookies and sites in the world cant change that unfortunately.

https://panopticlick.eff.org/

That site will show you just how unique you really are online, even without tracking cookies.

The short answer to the original question is "Yes, they can and will track you."

However, you can making tracking very difficult. The following is what I do. This for those who use Firefox or SeaMonkey as their browser on a Windows system. NOTE WELL the exception.

1. Mark the file cookies.sqlite as read-only. For "smooth" Web browsing, I do want some cookies. To set or update them, I terminate my browser, mark cookies read-write, launch my browser to visit ONLY the Web site for which I want cookies, terminate my browser to eliminate session-only cookies, and restore the read-only setting for cookies.sqlite. Web site might act as if they were setting cookies, but those cookies are lost when I terminate my browser.

2. Disable geolocation. For all of my profiles, I insert the following into file user.js:
                  user_pref("geo.enabled", false);
  The semi-colon (;) at the end of the line is mandatory. You can insert an adjacent comment line indicating why you did this; just begin the comment with two virgules (//).

3. Install the Secret Agent extension from https://www.dephormation.org.u.... Each time I request a Web page, my outgoing Internet headers are different. Some sites that try to use those headers to determine my location have me bouncing all over the world. Every time I go to Panopticlick at https://panopticlick.eff.org/, I get a different result. Two NOTES: (1) Because some Web sites require consistent user agents as you navigate through them, I disabled the extension's capability to vary my user agent string. (2) Because Firefox now requires extensions to be signed by Mozilla and the developer of Secret Agent refuses to submit his extension for signature, this cannot be installed in Firefox. Unsigned extensions can still be installed in SeaMonkey.

Pretty much. TPP is shit. TTIP is shit. There's one that's missing here. Ah! Here we are. TISA.

Although it is the least well-known of those agreements, it is the broadest in terms of membership. As far as we know, it presently includes twenty countries plus Europe (but notably excluding the major emerging world economies of the BRICS bloc), who, with disdainful levity, have adopted the mantle “the Really Good Friends of Services”. Like its sister agreements, TISA will enact global rules that impact the Internet, bypassing the transparency and accountability of national parliaments. The only difference is that its focus is on services, not goods.

As that blurb sort of indicates, BRICS is mysteriously missing from all of those backroom deals. I'm guessing there's some kind of internet censorship (as in governments being forced to enforce it, not just so-and-so got banned from Twitter "censorship") in TISA as well. Dangerous stuff. I'm fully expecting Clinton to do an about-face and... er... devolve? back to Secretary Clinton's positions once she's in the oval office.

The EFF has a great write up on how the TPP (the trans pacific partnership, another one of these shitpile laws) will affect anyone even remotely interested in technology. It's a great link to send around to anyone who's thinking "I'm not in manufacturing, why should I care?"

It's bad, folks. And even worse because in summer 2015, before the election, before both the GOP (!) and Dem candidate came out against the TPP, Obama fought and beat back his own party to get fast track authority for approval, meaning now it's way easier for it to get approved, with no ability to strip out the bad parts or filibuster against it.

Sure, if you ignore:
https://www.eff.org/press/rele...

I am NAL, but it does not.

https://www.eff.org/press/rele...

The PACs would then be subject to audits and subjected to fines if examples were found where posts weren't properly disclaimed.

That all this persecution of anonymity — in direct violation of the First Amendment — does not even bother anyone anymore, is the scariest part...

https://supporters.eff.org/don...

I'd forget if I waited until later.

I always pick them as my charity when I when I buy a Humble Bundle.

https://supporters.eff.org/don...

I'd forget if I waited until later.

> defending a trademark is not bullying.

Sure it is, because it ignores fair use: https://en.wikipedia.org/wiki/...

Note that political speech is MORE protected than other categories. You can't just trademark your likeness and shut down all political parody or it would soon cease to exist. Imagine for a moment if Bush had been able to use a trademark on his name and likeness to shut down all of the mockeries of him, using your myth of continual enforcement?

> in fact, its required, or else you lose trademark status.

That's a damned, dirty lie. If you'd been reading Slashdot lately, you might've seen this from the EFF:

https://www.eff.org/deeplinks/...

> The nature of trademark is such that if one doesn't attempt to defend it when violations are brought to one's attention it dilutes the trademark. It isn't like copyright or patents where you can selectively enforce.

You might want to ask the EFF about that:

https://www.eff.org/deeplinks/...

The EFF has you covered (in a literal sense).

Signals intelligence, voice prints and cell phone data they can.
New FOIA Documents Confirm FBI Used Dirtboxes on Planes Without Any Policies or Legal Guidance (MARCH 9, 2016)
https://www.eff.org/deeplinks/...
Related background info on the methods "Feds gather phone data from the sky with aircraft mimicking cell towers" (Nov 14, 2014)
http://arstechnica.com/tech-po...
The Feds Are Now Using ‘Stingrays’ in Planes to Spy on Our Phone Calls (11.14.14)
http://www.wired.com/2014/11/f...
Dirtbox (cell phone) https://en.wikipedia.org/wiki/...
ie mapping out all cell users in vast areas of the US in a domestic collect it all database without needing to ask any court or request tech help via traditional telco staff.

Calling Nostalrius a pirate server is not accurate. Nostalrius is a reverse engineered server that works with the official Blizzard WoW 1.12 client. I've played on Nost for the past year, and the overwhelming majority of players I've played with paid for retail vanilla WoW subscriptions back in the day. Sure, I can't find my original discs and had to download a copy of the 1.12 client, but I still contend that I have both a legal and moral license to still use that client.

If Blizzard were to offer a vanilla subscription, I would gladly sign up. (Well, maybe before they C&D'd Nost.) However, since they don't offer such a subscription, running a private server should be allowed as an exemption to the DMCA. The EFF previously petitioned the Library of Congress to add an exemption to the DMCA to allow users to reverse engineer server-side controls once games have been abandoned. The Library of Congress granted the exemption for simple matters like server-side authentication methods, but it was limited to allowing local, single-player gaming to continue. It does not apply for MMORPGs that require server-side interaction. However, this ignores the possibility of using a paid-for client with a reverse-engineered server, something I feel should be legal.

https://www.eff.org/deeplinks/...

I'd better download a minimal flash installation of FreeBSD and build the rest from source. It does not save me from the source-level malware but at least make it much less probable.

https://www.eff.org/secure-messaging-scorecard

... super extra special, or do they insert yellow tracking dots like everyone else's?

The rest of the teknologee has similar problems these days: Firmware even containing entire OSes running with more privileges than the OS you see before you, everything calling home, and so on, and so forth. Me, paranoid? No, we know these things happen. I'm asking if the white house managed to get special treatment on this. Probably not, though. Can't wait to see them getting blind-sided by policies they instituted themselves, as happened with the printers at least.

The question is whether the Millennial-age techno hipsters in the tail end of the Obama administration were able to override the more senior people in technology who would have said no.