Slashdot Mirror
Sony Rootkit Redux: Canadian Business Groups Lobby For Right To Install Spyware
An anonymous reader writes "Michael Geist reports
that a coalition of Canadian industry groups, including the Canadian
Chamber of Commerce, the Canadian Marketing Association, the
Canadian Wireless Telecommunications Association and the
Entertainment Software Association of Canada, are demanding
legalized spyware for private enforcement purposes. The potential
scope of coverage is breathtaking: a software program secretly
installed by an entertainment software company designed to detect or
investigate alleged copyright infringement would be covered by this
exception. This exception could potentially cover programs designed
to block access to certain websites (preventing the contravention of
a law as would have been the case with SOPA), attempts to access
wireless networks without authorization, or even keylogger programs
tracking unsuspecting users (detection and investigation)."
will you be installing your spyware on my computer.
Law enforcement computers, politician's computers, government computers, homeland security computers. My bet is within a week 50% of those folks wouldn't have jobs, and 75% in a month.
Screw off. Sincerely, Canadians.
On every machine I find.
This makes a good argument for using open source. Removing a secret rootkit is a lot easier when the underlying layers of the operating system aren't obscured. I'll be this goes nowhere. Either that or proprietary OS vendors suffer sales losses as people flock to Linux and *BSD
It's getting pretty hard to differentiate between living in North America under corporate controlled government and China under government controlled corporatism.
If only there were a similarity that I could put my finger on, it seems there is but it escapes me.
I guess we'll see how similar if this passes. I doubt it will, but it indicates we have more in common that I'm comfortable with. Hell, just the fact that this has been proposed is a lot more egregious than I'd have ever imagined possible just a few years ago.
Instead of legalizing a practice that would otherwise be illegal to protect obsolete businesses, why not legalize a practice that is otherwise illegal to rid ourselves of those obsolete businesses?
Palm trees and 8
My own computer running Windows 7 was hacked in a drive-by when I visited a website (didn't download anything), and the drive began spinning wildly. The router logs showed connections to the Dutch anti-piracy group, BREIN. If it's not currently legal, it isn't stopping them.
This is just a case of bureaucrats being bureaucrats as usual and common sense taking a back seat.
There are plenty of level-headed folks with a tenacity for doing what's right up there in moose country that will fight this tooth and nail (Theo comes to mind). At most, this will cause a whole lot of noise a la SOPA and eventually get dumped.
Besides, the anti-spam legislation, I hear, is quite popular. More than this rubbish is popular with law enforcement.
If computers were people, I'd be a misanthrope.
I was dismayed to see this article in the paper today:
http://www.calgaryherald.com/technology/Smartphone+storage+memory+cards+exempt+from+copying+fees/7920963/story.html
I didn't think we'd (Canada) be stupid enough to actually go through with this new copyright bill, but it seems that it has.
How far all thess jokes will go until we decide collectively for a stop, and just throw all those IP crap out the window?
Video of some good progressive thrash music
I say absolutely. As long as part of the law is continuous video surveillance of all executives of the companies that install the spyware. (Bedroom, bathroom, mistress' place, hotel room, etc.) And their families. And it has to be accessible by any Canadian citizen to do with as they please at any time.
Not even if it is open source.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
Brutal, but effective.
in Canada seems to be where the problems would stem from. Would it be considered in 'my' best interests to install software to incriminate myself?
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
You hit the nail right on the head. IP addresses can be spoofed. Long live Tor nodes and secure browser profiles.
It is amazing that corporations do not recognize this simple truth.
...these so-called "business groups" will get everything they're asking for. With extra tongue.
The U.S. administration has probably given this up long ago, we just haven't heard about it yet.
[End Of Line]
Hang them. Problem solved.
Hire a hitman. Works better although it's more costly.
But hey, whoever said that disinfectation was free ?
Spyware like this can prove that someone did indeed commit acts of copyright infringement as alleged.
No, it can't. Since the TFA talks about "a group of 13 industry associations", we would get every one of these industry associations to install it's own spyware package on your machine.
So if copyrights were to be infringed from your machine, who can prove that YOU were to one to do it, and not one of the spyware packages? All one can prove is that it happened from your machine, not WHO or WHAT did it. A compromised system is by definition out of your control.
I guess I am okay with this, as long as we can install stuff on their machines as well. I am pretty sure that they have a lot more to hide than I do...
When they do install it on your computer, you will know who to hunt down and kill.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
The only appropriate response to such a request is, "Go fuck yourself."
This space unintentionally left blank.
However, I hate the problem more than I dislike the solution.
That doesn't solve the problem, though - more and more people are using Linux on a regular basis, and while they are shielded from a good majority of threats seen on Windows, it doesn't meant that 1) there isn't spyware that can affect them and 2) that they would know how to lock down their systems just because they have an OS more capable of being finely-tuned and locked down. Don't mistake a great tool for a great carpenter.
I dunno, I hear that sunshine is the best disinfectant and they haven't gotten around to charging for that yet.
What if the spyware is designed to provide such proof? Using a webcam to transmit pictures of the user for instance.
But it doesn't work on vampires.
See? Problem solved. Second line.
I don't use a PC for copyright infringement anymore.
I haven't thought of anything clever to put here, but then again most of you haven't either.
And when the software inevitably bricks a few thousand (or hundred thousand, or million) devices and people lose untold billions worth of data...Will these companies be required to provide just compensation since no EULA was even clicked?
How much are those lost photos of a couple's new baby worth to them, anyway?
I imagine if the computer had a webcam, they would snap a picture along with the infringement evidence.
CAD **AA Lawyer: Your honor, ladies and gentlemen of the jury, if we examine exhibit A you will see that at on November 12th 2014, at 11:24 PM Sally Smith visited a known website which engages in piracy or illegal downloading if you will. She downloaded what is called a torrent file which enabled the defendant to download an illegal copy of Star Trek: Into the Darkness. From that illegal copy our "copyright law enforcement software" logged that seventeen copies were uploaded to other users. We are seeking damages equal to the cost of making the film, squared.
Judge: what proof do you have that it was in fact Sally Smith who was actively engaging in the heinous crime of illegally downloading a precious piece of Hollywood?
CAD **AA Lawyer: Your honor, our "copyright law enforcement software" detected the presence of a web camera which allowed us to record the user as she committed the crime. Article 5 paragraph 34 of the Canadian copyright enforcement act explicitly allows us the right to enable remote viewing of criminal behaviour once it is detected.
Judge: proceed.
http://tinyurl.com/9wpxjg6 Page 11-12
These exceptions they are asking for are so very broad. Take a look this exception they're seeking,
(a) a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network,
Do you believe the RIAA poses a reasonable threat to your privacy from their new rootkits? Well then it seems, under this law, you could install a trojan horse on their computer, read their files, and then crash programs that might end up help the RIAA from violating your privacy...Like Windows
Spyware could theoretically also use Tor nodes to report your real IP to authorities, or the *AA.
i fail to see how TOR will save us if the spyware/keylogger is installed on your computer.
This raises a very valid point: once this spyware is on a system, it'll be trivial for malware authors to co-opt the malware to steal data for their own use. Not to mention, the temptation for PRIVATE GROUPS to misuse information lifted from private citizens in secret is huge.
Luckily, this goes against Canadian Privacy law in so many ways, I don't see how even the Conservative government could succeed in ramming this through.
I hope they provide the source to their security software or at least port it so it can run on on Linux/BSD. I want to continue to legally be able to watch DVD's and BluRay movies/TV shows on my Linux HTPC.
In this case, the only people with rootkits installed on their machines will be the law abiding citizens.
PS: I assume they'll also make it illegal to remove a rootkit, so people that just care about their privacy instantly become criminals too.
Hangin's too good for 'em. Burnin's too good for 'em...
This is Canada were talking about here, no politician has the balls to go through with this. Even one of our provinces doesn't have the balls to separate after they continuously threaten to do it.
Watch out for those Windows 8/RT ARM-based machines. Not possible without money going to Microsoft for a key.
They wanna do WHAT now?
I'm starting to think it's going to take some heads on pikes before they get the message. And every day it seems more likely I'll see such in my lifetime.
I don't know about you all, but I'm putting some money in guillotine futures.
You are welcome on my lawn.
All the picture proofs is that said user was using the computer at a certain point in time. It doesn't proof the user was doing the download of the copyrighted material. If there was other spyware running at the computer, then that other piece of spyware could be performing the download. All recorded keystrokes, mouse clicks and other logged event are suspect if spyware packages are running at the a machine.
If such a picture were to be accepted as 'evidence' in court, then hackers could easily frame anybody they dislike. Just install the hackers spyware package, spoof some 'evidence' towards the corporate spyware and another sucker gets owned.
They need to be torn into little bitty pieces and buried ALIVE.
Sorry, it's such a classic I had to finish it.
I have a drill press in my garage for dealing with such defective equipment.
Max damages in Canada are $5000 for all your piracy ever.
That means they can only sue you in small claims court.
If you go to small claims by yourself and the other guy sends a dozen lawyers, the judge will almost always find in favour of the guy by himself. A really good judge will take 50+ hours to do so in order to mess up the team of lawyers.
Also I have electrical tape over my laptop's camera.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
spend some time up in .ca land, leave a message.
thank you.
if this is supposed to be a new economy, how come they still want my old fashioned money?
The very fact that the 'evidence' is collected by spyware is full evidence that spyware is performing activities the user is unaware about. It implicitely proofs the machine is not under full user control. It therefore proofs not all actions performed at the machine are endorsed by the user.
Since one piece of spyware/malware managed to get installed on the computer means users anti virus and anti malware software is not up to its task. If that is the case, then the installation of other spyware/malware packages is very likely. Meaning there is reasonable doubt about who or what did a download.
And you can not convict a suspect if there is reasonable doubt - not yet anyway.
The french had a good solution for politicians that got out of hand....... :)
Old solution to a modern problem
Hmm, the humour and sarcasm seem to have been be lost on you.
You joke, but look where being nice and/or polite has gotten us so far.
These guys don't play nice...
This will spawn an entirely new term:
Pirivacy. Those who practice it will be Silicon Pirites :D
Although I condone raising chemistry and geology geekdom, what's wrong with reusing good old term "Privateering" and "Privateers" in this new context?
Spyware like this can prove that someone did indeed commit acts of copyright infringement as alleged.
Having police officers break into someone's house at night, unannounced and without warrant, can prove that someone did indeed commit whatever crimes they're accused of. While they're in there, might just find a few more crimes to accuse them of.
We wouldn't for a second tolerate this level of intrusion in meat-space... why is it permissible on computers?
This signature is false.
And Linux, just as OSX and Windows, often assigns the root password to the first user's password - OEMs used to add their own passwords (at least on some Windows boxes I've used), but it seems they stopped after there was a bunch of "WTF is an Administrator Password? Try Kitties123" I'm thankful for it when I work on someone else's computer, while simultaneously cringing that an entire machine is at the mercy of "stormclouds1"
Still, security ultimately falls on the user - to make an OS stronger we inevitably must make the user smarter, but let's keep throwing firewalls, anit-virus, and ad-block at them until at least they have a computer, even if they don't know what it does or why they haven't seen strange pop ups in months (how many frickin times can you advise someone to at least use a different browser, or less malware-laden porn site?)
If they disclose this on clearly the package, similarly to what is done w/ cigarettes, I have no issues with it. The labeling certainly hasn't done much to stop the sale of tobacco.
As far as I'm concerned, they can put key-loggers, root-kits, or whatever the hell else they want as long as they make the consumer aware.
For an icon, they could use a 'human looking' figure. Bent forward, pants down, maybe holding a jar of Vaseline?
I, of course, won't be buying it. But I wasn't buying it anyway.
Once the Conservative government considers the usefulness of this software on the oppositions computers and the usefulness of it on voters computers so they know how to target those voters they'll ram it through.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
Simply stop buying their crap, there are alternatives. I think the choices will start to become more apparent to the masses over time, and the losers will be those depending on unsupportable business models.
Consider: You can buy DRM-free music, today, where they make no attempt to lock it to specific devices. Emusic is one, and Magnatune is another. In the latter case, you are even encouraged to share your purchase in limited amounts, and there's also free streaming if you are OK with the per-song nag message. Non-lossy formats are supported too, and they go for quality content instead of large amounts of crap. (Yeah, preaching here, but I just bought a lifetime membership.)
In TV/movie terms, Netflix has just released a season of a series, "House of Cards", that *they* produced. Screw Sony and their ilk, this is produced and distributed without their help. I'm hoping this gives big media companies a shocking wheeze, where it's apparent even to them that they're becoming irrelevant.
I doubt the courts will accept that argument even if it plainly written in the law. Only sufficiently rich corporations are allowed to install rootkits.
And Linux, just as OSX and Windows, often assigns the root password to the first user's password
I have NEVER seen a distro do this and I've worked with Ubuntu, Fedora, Arch, Debian, Mint, FreeBSD* and more. Unless you meant "sudo", but that is NOT root's password.
* Not technically Linux, but uses almost identical security design.
Personally, I'm partial to drawn and quartered.
You can (try to) install spyware on anyone's computer without legal penalty, but people can (try to) pirate anything from your company without legal penalty. Deal?
I really like my Mac, worlds better than windows. But I just installed a linux computer at home that I've been using more and more, and news like this makes me want to use it more. I'm not a programmer, but I feel reasonably safe that the many eyes of you programmers will catch this code should it ever be inserted into a distribution. Only question is, with rhel essentially being closed off to all of you - if they were to adopt software like this. Would it be caught and removed in centos (the distro I settled on?) or will they faithfully include that "feature" as well? Otherwise, I'll have to go to openbsd, which would suck, because as much as I admire the is and theo, I'm very excited about the possibilities afforded by virtualization, which he doesn't seem inclined to support thus far.
Last I read, tor is useless for bit torrent. Not only is. It horrendously slow, but bit torrent clients go ahead and publish their users real ips in the process.
Lets start with his computer. How long till Anonymous uploads dumps form his hard drive?
Who logs in to gdm? Not I, said the duck.
These corporate carpet bagger cunts deserve to be sued into a smoking hole in the ground. I hope the community opens the gates of Hell on them.
But how would a drawing being cut into 4 pieces do any good? o_O
Hmm, the humour and sarcasm seem to have been be lost on you.
Slackware
File under 'M' for 'Manic ranting'
As a former Army Sergeant in the Canadian Army, I just want to point out that trying to do this violates my Constitutional rights as a Citizen of Canada.
This is very un-Canadian.
-- Tigger warning: This post may contain tiggers! --
I'd rather by spied on by the chinese than corporations in the united states
I see you missed CBC last night. Where the Chinese Ambassador said something about this. At least on 22 Minutes they gave the translation.
-- Tigger warning: This post may contain tiggers! --
Also I have electrical tape over my laptop's camera.
You should use duct tape. It keeps your tear ducts from welling up and splashing on the laptop camera lens.
-- Tigger warning: This post may contain tiggers! --
But it doesn't work on vampires.
There is always guillotines. Those work.
-- Tigger warning: This post may contain tiggers! --
How do you spoof your IP outside of your own LAN?
If you try to use an IP that your ISP owns, but isn't the one actually allocated to you, the company's hardware that connects your network to theirs may simply reject your packets out of hand. Even if it doesn't, the risk of IP collisions will get pretty high, and will alert your ISP to your activities.
If you try to use an IP that your ISP doesn't own, even assuming that you can get past the company's hardware that connects your network to theirs, they would still be able to spot it in an instant, again, alerting the ISP to what you were doing.
There are legitimate reasons to spoof an IP, but I can't think of any that are applicable to when you are utilizing a network that you do not either own or have any rights to administrate (ie, your ISP).
File under 'M' for 'Manic ranting'
but that is NOT root's password.
Touché - I had hastily assigned the ability to sudo to the ability to login as root. And, just tested, it does not set the same as root in OSX. So...Windows, at least XP and Vista. Where's my hat? *begins eating*
Time to write letters that border on being impolite!
Not only that but the act itself is indeed fraudulent use of a computer system. They would become guilty themselves by exercising this software. What if their software captured copyrighted data? Ouroboros would eat his own tail!
STERN ! ;-)
I'm not anti-social, I'm anti-idiot.
Not so much like China really.
Before they manipulated the media. Then the internet came, word spread faster than ever, people became more much informed about events that were going on.
Government lost some control.
Now they're trying to regain it and stifle the internet. It might look like it's all about money and anti-piracy, but how long before suddenly that spyware is used for monitoring people under future laws, like 'Causing unrest in the general populace' Post something the government doesn't like, even if it's true, and if it upsets people against the government, suddenly the unrest law comes into affect and you get arrested, thankfully to the spyware on your pc identifying you on the net.
Like how youtube wants to use your real name.
Sure we might be a long way off before it gets that bad, but that's only because they're doing it slowly and trying to make it about something that doesn't really matter. Most of us won't cry that much if you have to purchase all your content, for some it will suck but life will go on.
Some companies will die because we won't buy their shit.
Keep everyone focused on that, later it becomes a tool to root out anyone who protests the government. Surprise.
It's called a proxy chain.
That's not IP spoofing... that's using a proxy. IP address spoofing tends to mean something else entirely, and, as I said... can't generally be practiced outside of a LAN.
File under 'M' for 'Manic ranting'
http://tinyurl.com/9wpxjg6 Page 11-12 (a) a program that is installed by or on behalf of a person to prevent, detect, investigate, or terminate activities that the person reasonably believes (i) present a risk or threatens the security, privacy, or unauthorized or fraudulent use, of a computer system, telecommunications facility, or network, Do you believe the RIAA poses a reasonable threat to your privacy from their new rootkits? Well then it seems, under this law, you could install a trojan horse on their computer, read their files, and then crash programs that might end up help the RIAA from violating your privacy...Like Windows
I think I like section (b):
(b) a program that is installed, by or on behalf of a person who provides services related to the operation of the Internet or another digital network or who operates a network including a telecommunications service provider for the purposes of network management;
legalizing botnets... awesome.
Potato, potatoe. It is pretending to be somebody else. Same basic principle, just a different network layer.
spoof (spf)
1. Nonsense; tomfoolery. 2. A hoax. 3. A gentle satirical imitation; a light parody.
tr.v. spoofed, spoofing, spoofs
1. To deceive. 2. To do a spoof of; satirize gently.
First off, you won't be told when they install spyware on your computer. And I'm fairly positive that you lack the time, inclination, and competence to either use sourcecode distributions of FOSS exclusively (_and_ read the entire source before you install), or to disassemble and thoroughly study all and any proprietary software you may be installing. And neither will you thoroughly secure all the ports and networking software on your box, again because it takes too much time, hassle, and expertise.
Should you be using MS Windows or X-os, there's no need to talk further as you've already lost.
Secondly, "they" won't be installing any spyware on your box. You will be doing that for them. By running binary installers (legitimate or illegitimate doesn't matter), by installing software that employs DRM, or by surfing to dodgy sites.
There are basically two ways: you can follow Stallman's lead, or you can get accustomed to the fact that there's a lot going on on your box that you don't get told about. Get used to it or go sourcecode-FOSS exclusively.
No. Not the same at all... With a web proxy you are only "anonymous" to the end-point site you are communicating with. You are not necessarily anonymous to the proxy, since you are providing your real IP to them, and the proxy's IP address is not remotely anonymous to the site you are connecting to through it. Theoretically, any proxy server you connect to could very much be capable of providing the IP address that you connected to it from to a requesting party, and from there, you might get the ISP, which can then trace to your own personal connection. Multiple proxies in between merely add more layers of indirection, the actual level of anonymity is still roughly the same. In fact, with the only anonymity you get with a proxy is the minimum of either the amount of anonymity the hosts of the proxy network are actually willing to provide you with, and the amount of anonymity you might get by making it inconvenient enough to find out who you are that somebody who might otherwise be interested could not practically justify the effort or expense of finding you.
IP spoofing, on the other hand, is something that you administrate entirely yourself, and involves forging the sender's address that is embedded in any IP packets that originate on your computer. NAT is a well-known form of IP spoofing.
Technical terms have technical meanings. One would think people who've been reading slashdot for any period of time would know that.
File under 'M' for 'Manic ranting'
It appears that the Act is trying to prevent installation of programs that 'do things' without the computer users consent. Where 'do things' are things like collecting and transmitting private data from the owners pc. It does not seem to prevent a computer from releasing this data when the user has been specifically informed and agreed to the conditions.
The suggested amendments by the corporate interests suggest that programs should be able to be installed without the computer owners permission or knowledge. And that these programs should be able to monitor the activities of the user and report secretly without the owners knowledge whenever the program suspects that the user is breaking 'any law'. Where 'any law' is: "any law of Canada, of a province or municipality of Canada or of a foreign state".
Logical conclusion:
- these corporations want to install programs that monitor and control your computer usage and secretly collect this information.
- these corporations want to limit the usability of your computer when it conflicts with their interests (profits).
- these corporations want you to abide by arbitrary laws of foreign states!!! Circumventing our own legal process.
A reasonable solution:
- do NOT allow these changes to be implemented into the Act.
- require these corporations to provide all users with consent prior to installing what is effectively corporate backed spyware. After all... with the existing act, the corporations are still allowed to have these programs installed on your computer. The only difference is that as the law stands, you will be informed about it and you will be able to decide whether or not you want to install software that would allow them to monitor and control what you can do with your own computer.
- do not allow foreign states to dictate how we are allowed to operate our own computers within our own borders.