Gadget Gurus
  
Image/photo
Seth
 
smiling face with open mouth and tightly-closed eyes
It's me
  
that's probably all the money he got from duping people into giving him money
With laptops banned onboard aircraft, your data is no longer yours if you fly

Gadget Gurus
  
Privacy Online NewsPrivacy Online News wrote the following post Sun, 16 Apr 2017 09:47:04 -0500

With laptops banned onboard aircraft, your data is no longer yours if you fly

New US regulations ban laptops on board some aircraft, requiring laptops to be in checked luggage. One of the first things you learn in information security is that if an adversary has had physical access to your computer, then it is not your computer anymore. This effectively means that the US three-letter agencies are taking themselves the right to compromise any computer from any traveler on these flights.

According to the United States Department of Homeland Security, which bills the ban as a “change to carry-on items” that affect “ten out of the more than 250 airports that serve the United States internationally”, there is a “security enhancement” because explosives can now be built into “consumer items”, and therefore laptops must now be banned from carry-on luggage and instead checked in.

When looking at this justification, the DHS notably fails to describe how it would be any safer flying with such alleged explosives in checked luggage rather than carry-on luggage onboard the same aircraft. In other words, the justification is utter nonsense, and so, there must be a different reason they issue this edict that they’re not writing about.
“The aviation security enhancements will include requiring that all personal electronic devices larger than a cell phone or smart phone be placed in checked baggage at 10 airports where flights are departing for the United States.”

When Microsoft (finally) trained every single one of their employees in security in the big so-called “security push” around the turn of the century, there were about a dozen insights that they really hammered home, again and again. One of the most important ones related to this was the simple insight of “if an adversary has had physical access to your computer, then it’s not your computer anymore”.

After all, if somebody has had physical access to the machine itself, then they will have been able to do everything from installing hardware keyloggers to booting the machine from USB and possibly get root access to some part of the filesystem – even on a fully encrypted GNU/Linux system, there is a small bootstrap portion that is unencrypted, and which can be compromised with assorted malware if somebody has physical access. They could conceivably even have replaced the entire processor or motherboard with hostile versions.

This is a much more probable reason for requiring all exploitable electronics to be outside of passengers’ field of view.

Remember that both the NSA and the CIA have a history of routinely pwning devices, even from the factory, or intercepting them while being shipped from the factory. (There was one incident where this was revealed last year, after the courier’s package tracking page showed how a new keyboard shipped to a Tor developer had taken a detour around the entire country, with a remarkable two-day stop – marked “delivered” – at a known NSA infiltration facility.)

Now imagine that the laptops and other large computing devices of these travelers — remember that the Tor developer in question was an American citizen! — that these devices will be required to be surrendered to the TSA, the CIA, the NSA, the TLA, and the WTF for several hours while inflight. It’s just not your device anymore when you get it back from the aircraft’s luggage hold – if it was ever there.
If your laptop has been checked in and has been in the TSA’s control, it can no longer be considered your laptop. Any further login to the compromised laptop will compromise your encrypted data, too.

The choice of the ten particular airports is also interesting. It’s the key airports of Dubai, Turkey, Egypt, Saudi Arabia, Kuwait… all predominantly Muslim countries. Some have pointed this out as racial profiling, but there are signs it may be something else entirely and more worrying.

For example, the Intercept presents the measure as a “muslim laptop ban”. The might or might not be an accurate framing, but the worrying part is that this is a best case scenario. More likely, it is a so-called “political test balloon” to check for how much protesting erupts, and to put it bluntly, if they get away with it. If they do, then this can be a precursor to a much wider ban on in-flight laptops – or, as you would more correctly have it, a much wider access for three-letter agencies to people’s laptops and data.

Privacy remains your own responsibility.

The post With laptops banned onboard aircraft, your data is no longer yours if you fly appeared first on Privacy Online News.


#Privacy #Security
Tom Grz
 from Diaspora
Where can I hide my microSD card? Oh, they will probe you there too?
Tom Grz
 from Diaspora
Where can I hide my microSD card? ...Oh, they will probe you There too?
Seth Martin
  last edited: Fri, 21 Apr 2017 18:02:48 -0500  
Once more, with passion: Fingerprints suck as passwords

Biometric data is identity (public), never authentication (secret). You leave a copy of your fingerprints literally on everything you touch.


#Privacy #Security #Passwords #Cybersecurity #Biometrics @Gadget Gurus+ @LibertyPod+
cb7f604332cf39
  
So while it's easy to update your password or get a new credit card number, you can't get a new finger.

https://www.schneier.com/blog/archives/2015/10/stealing_finger.html

and 10 years ago CCC showed how to fake a fingerprint with superglue and wood glue easily:
https://www.youtube.com/watch?v=OPtzRQNHzl0 sorry video is in german.
prep
  
But (!) fingerprints work well in allowing security agencies to track you around.

believe That is the reason for the push for bio-metrics and fingerprint scanners, in particular.

I have doubt in most security things; originating from Facebook, Apple, Google or Microsoft.
prep
  
But (!) fingerprints work well in allowing security agencies to track you around.

I believe That is the reason for the push for bio-metrics and fingerprint scanners, in particular.

I have doubt in most security things; originating from Facebook, Apple, Google or Microsoft.
Comcast Paid Civil Rights Groups To Support Killing Broadband Privacy Rules

Seth Martin
  
Techdirt.Techdirt. wrote the following post Wed, 05 Apr 2017 08:24:00 -0500

Comcast Paid Civil Rights Groups To Support Killing Broadband Privacy Rules

For years, one of the greasier lobbying and PR tactics by the telecom industry has been the use of minority groups to parrot awful policy positions. Historically, such groups are happy to take financing from a company like Comcast, in exchange for repeating whatever talking point memos are thrust in their general direction, even if the policy being supported may dramatically hurt their constituents. This strategy has played a starring role in supporting anti-consumer mega-mergers, killing attempts to make the cable box market more competitive, and efforts to eliminate net neutrality.

The goal is to provide an artificial wave of "support" for bad policies, used to then justify bad policy votes. And despite this being something the press has highlighted for the better part of several decades, the practice continues to work wonders. Hell, pretending to serve minority communities while effectively undermining them with bad internet policy is part of the reason Comcast now calls top lobbyist David Cohen the company's Chief Diversity Officer (something the folks at Comcast hate when I point it out, by the way).

Last week, we noted how Congress voted to kill relatively modest but necessary FCC privacy protections. You'd be hard pressed to find a single, financially-objective group or person that supports such a move. Even Donald Trump's most obnoxious supporters were relatively disgusted by the vote. Yet The Intercept notes that groups like the League of United Latin American Citizens and the OCA (Asian Pacific American Advocates) breathlessly urged the FCC to kill the rules, arguing that snoopvertising and data collection would be a great boon to low income families:

"The League of United Latin American Citizens and OCA – Asian Pacific American Advocates, two self-described civil rights organizations, told the FCC that “many consumers, especially households with limited incomes, appreciate receiving relevant advertising that is keyed to their interests and provides them with discounts on the products and services they use."

Of course, folks like Senator Ted Cruz then used this entirely-farmed support to insist there were "strenuous objections from throughout the internet community" at the creation of the rules, which simply wasn't true. Most people understood that the rules were a direct response to some reckless and irresponsible privacy practices at major ISPs -- ranging from charging consumers more to keep their data private, or using customer credit data to provide even worse customer support than they usually do. Yes, what consumer (minority or otherwise) doesn't want to pay significantly more money for absolutely no coherent reason?

It took only a little bit of digging for The Intercept to highlight what the real motivation for this support of anti-consumer policies was:

"OCA has long relied on telecom industry cash. Verizon and Comcast are listed as business advisory council members to OCA, and provide funding along with “corporate guidance to the organization.” Last year, both companies sponsored the OCA annual gala.

AT&T, Comcast, Time Warner Cable, Charter Communications and Verizon serve as part of the LULAC “corporate alliance,” providing “advice and assistance” to the group. Comcast gave $240,000 to LULAC between 2004 and 2012.

When a reporter asks these groups why they're supporting internet policies that run in stark contrast to their constituents, you'll usually be met with either breathless indignance at the idea that these groups are being used as marionettes, or no comment whatsoever (which was the case in the Intercept's latest report). This kind of co-opting still somehow doesn't get much attention in the technology press or policy circles, so it continues to work wonders. And it will continue to work wonders as the administration shifts its gaze from gutting privacy protections to killing net neutrality.

Permalink | Comments | Email This Story

Image/photo Image/photo
Image/photo


#Privacy #Net Neutrality #Communications #Comcast #FCC #Lobbying #LULAC #Politics @LibertyPod+ @Gadget Gurus+ @Laissez-Faire Capitalism+
Seth Martin
  
Yet this happens:
US internet providers pledge to not sell customer data after controversial rule change

The three major US Internet Service Providers (ISPs) Comcast Corp, Verizon Communications Inc, and AT&T Inc have pledged to protect the private data of US citizens in solidarity against the latest internet bill passed by Congress.
Is there a replacement for email?

Seth Martin
  last edited: Sun, 12 Mar 2017 12:14:19 -0500  
Finally, if you could create an alternative open standard system that could do all the things that email can do, it would probably have the same problems. That’s why I don’t think it will happen.

Oh look, Hubzilla is "an alternative open standard system that could do all the things that email can do", and it doesn't have the same problems. Now how can Hubzilla's Zot protocol gain popularity?

Is there a replacement for email?

Image/photo


David is fed up with spam, phishing and viruses, and thinks email is no longer fit for purpose. What could he use to replace it?


#email #Spam #Malware #Communications #Hubzilla #Zot #Decentralization @Gadget Gurus+ @LibertyPod+
Andrew Manning
  
Not a single mention of XMPP or any other open protocol that has been developed since email was invented 5000 years ago. Just Whatsapp and Facebook Messenger and friends. Sigh.

To their credit, the article did mention that
Email’s second huge advantage is that, unlike Facebook, nobody owns it.

but then they lost credibility by following it with this ignorant statement:
Finally, if you could create an alternative open standard system that could do all the things that email can do, it would probably have the same problems. That’s why I don’t think it will happen.
Letter Bomber
  
@Andrew Manning That's exactly what I was thinking, that the statement was ignorant. It shows that they believe that what Silicon Valley comes out with is all there is in the world, and that shows somebody who's unwilling to look elsewhere, cause there's stuff all over the place. But I don't expect any better from the Guardian, they're just the voice of the mass ignorant middle-class populace.
I invented the web. Here are three things we need to change to save it | Tim Berners-Lee

Gadget Gurus
  
Technology | The GuardianTechnology | The Guardian wrote the following post Sat, 11 Mar 2017 18:01:08 -0600

I invented the web. Here are three things we need to change to save it | Tim Berners-Lee

It has taken all of us to build the web we have, and now it is up to all of us to build the web we want – for everyone

Today marks 28 years since I submitted my original proposal for the worldwide web. I imagined the web as an open platform that would allow everyone, everywhere to share information, access opportunities, and collaborate across geographic and cultural boundaries. In many ways, the web has lived up to this vision, though it has been a recurring battle to keep it open. But over the past 12 months, I’ve become increasingly worried about three new trends, which I believe we must tackle in order for the web to fulfill its true potential as a tool that serves all of humanity.

1) We’ve lost control of our personal data
Continue reading...


#Privacy #Internet #Advertising #Web #Politics #Social Media @LibertyPod+
YA ∵ ⁹⎷π ⟶ ⧝
 from Diaspora
Seth! Hello! good to see you again... still miss libertypod ♥
Gadget Gurus
  
Ya the libertypod.org thing still makes me feel sick, mostly because I don't like letting people down. I have decided not to resurrect either libertypod.org or libertypod.com as a pod/node/hub because if anyone uses the same names that were used before, diaspora communication will fail for anyone that's connected previously. Libertypod.com now redirects to friendica.libertypod.com which is fine. I suppose Hubzilla Pro could be installed on either of those domains since Zot is the only supported protocol and there's no diaspora plugin compatibility in pro.

You know, if Hubzilla's Zot protocol were to catch on, most of the issues in this article would be solved.
YA ∵ ⁹⎷π ⟶ ⧝
 from Diaspora
Seth, I would never blame you or similar for not running libertypod.org or .com no more, how could I; it is more a nostalgic feeling as there, with you, I not only began my D* adventures but also met Nina Lynn. I know that she feels the same about libertypod.org... take that as a wonderful true compliment! And, I understand your arguments, at least a little bit. It is just good to see you! :)
Gadget Gurus
  
Wikileaks Unveils 'Vault 7': "The Largest Ever Publication Of Confidential CIA Documents"; Another Snowden Emerges | Zero Hedge

Image/photo

WikiLeaks has published what it claims is the "largest ever publication of confidential documents on the CIA." It includes more than 8,000 documents as part of ‘Vault 7’, a series of leaks on the agency which expose the agency's massive hacking arsenal.


#Privacy #CIA #Spying #Hacking #Snooping #Surveillance #WikiLeaks #Leaks #Vault 7 #Vault7 #Weeping Angel #HIVE @LibertyPod+
Legal Threats By Charles Harder & Shiva Ayyadurai Targeting More Speech

Seth Martin
  
Techdirt.Techdirt. wrote the following post Thu, 26 Jan 2017 11:34:50 -0600

Legal Threats By Charles Harder & Shiva Ayyadurai Targeting More Speech

Let's say right upfront: if you are unaware, Shiva Ayyadurai is currently suing Techdirt for our posts concerning Ayyaduria's claims to have invented email. Ayyadurai's lawyer in this matter is Charles Harder, the lawyer who filed multiple lawsuits against Gawker, and is credited by many with forcing that company into bankruptcy and fire sale.

Now Harder, on behalf of Ayyadurai, has sent a demand letter to try to have social media comments posted in response to the lawsuit against us taken down. We are writing about this -- despite the lawsuit against us -- because we believe it is important and we do not intend to have our own speech chilled. This is also why we believe it is so important to have a federal anti-SLAPP law in place, because the chance to chill speech with threats or actual litigation is not a hypothetical problem. It is very, very real.

Harder's letter is to Diaspora, and it demands that certain posts by Roy Schestowitz be removed (which appears to have happened). Schestowitz is the guy behind the Techrights blog, which frequently covers issues related to things like free v. proprietary software and software patents. Harder's letter to Diaspora claims that Schestowitz's posts are defamatory, violate Diaspora's terms of service, and "constitute harassment and intentional infliction of emotional distress."

Image/photo

Harder's letter makes the questionable claim that Diaspora itself is liable for Schestowitz's statements. There is tremendous caselaw on Section 230 of the CDA holding that a website cannot be held liable for speech made by users, so it's odd that Harder would argue otherwise, stating that the posts "qualify under the law to establish liability against you."

Image/photo

One of the key reasons Section 230 of the CDA exists is to protect the freedom of expression of users, so that websites aren't pressured via legal threats to take down speech over fear of liability. That's why it grants full immunity. It is strange for an attorney as established as Harder to either not know this, or to misrepresent this. Elsewhere in the letter, he references Massachusetts law as applying, so it's not as though he's suggesting that some other jurisdiction outside the US applies. So, since Section 230 clearly applies, why would Charles Harder tell Diaspora that it is liable for these statements?

Separately, Harder's letter concludes with the following statement:

This letter and its contents are confidential, protected by copyright law, and not authorized for publication or dissemination.

Image/photo

We have seen similar statements on legal letters in the past and they have generally been considered meaningless, at best. On the question of confidentiality/authorization for publication, that's not how it works. The recipient of such a letter has no obligation to not disseminate it or to ask for authorization without any prior agreement along those lines. You can't magically declare something confidential and ban anyone from sharing it. Furthermore, this is especially true when dealing with legal threat letters. While many lawyers put such language into these letters to try to scare recipients (and avoid a Streisand Effect over the attempt to silence speech), they serve no purpose other than intimidation.

Separately, claims of copyright in takedown or cease & desist letters, while they do show up occasionally, are also generally considered to be overstatements of the law. First off, there are questions raised about whether or not general cease & desist threat letters have enough creativity to get any kind of copyright, but, more importantly, even if there were copyright on such a letter it would be a clear and obvious fair use case to be able to share them and distribute them publicly, as part of an effort to discuss how one has been threatened with questionable legal arguments.

Either way, we believe that this fits a pattern of using legal threats and litigation to silence criticism of public figures. In an era when speaking truth to power is so important, we believe such actions need to be given attention, and need to be called out. We also think they demonstrate why we need much stronger anti-SLAPP laws, at both the state and federal level to protect people's right to speak out about public issues. If you agree, please call your elected representatives and ask them to support strong anti-SLAPP protections, like those found in the SPEAK FREE Act of 2015.

Permalink | Comments | Email This Story

Image/photo Image/photo
Image/photo


#Free Speech #Diaspora #Social Networking #Copyright #Defamation #Anti-SLAPP #Shiva Ayyadurai #Charles Harder #E-Mail @Gadget Guru+ @LibertyPod+
State Appeals Court Says Unlocking A Phone With A Fingerprint Doesn't Violate The Fifth Amendment

Gadget Gurus
  
Techdirt.Techdirt. wrote the following post Wed, 25 Jan 2017 17:11:31 -0600

State Appeals Court Says Unlocking A Phone With A Fingerprint Doesn't Violate The Fifth Amendment

As was hinted heavily three years ago, you might be better off securing your phone with a passcode than your fingerprint. While a fingerprint is definitely unique and (theoretically...) a better way to keep thieves and snoopers from breaking into your phone, it's not much help when it comes to your Fifth Amendment protections against self-incrimination.

The Minnesota Appeals Court has ruled [PDF] that unlocking a phone with a fingerprint is no more "testimonial" than a blood draw, police lineup appearance, or even matching the description of a suspected criminal. (h/t Orin Kerr)
Diamond relies on In re Grand Jury Subpoena Duces Tecum, 670 F.3d 1335 (11th Cir. 2012), to support his argument that supplying his fingerprint was testimonial. In In re Grand Jury, the court reasoned that requiring the defendant to decrypt and produce the contents of a computer’s hard drive, when it was unknown whether any documents were even on the encrypted drive, “would be tantamount to testimony by [the defendant] of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files.” Id. at 1346. The court concluded that such a requirement is analogous to requiring production of a combination and that such a production involves implied factual statements that could potentially incriminate. Id.

By being ordered to produce his fingerprint, however, Diamond was not required to disclose any knowledge he might have or to speak his guilt. See Doe, 487 U.S. at 211, 108 S. Ct. at 2348. The district court’s order is therefore distinguishable from requiring a defendant to decrypt a hard drive or produce a combination. See, e.g., In re Grand Jury, 670 F.3d at 1346; United States v. Kirschner, 823 F. Supp. 2d 665, 669 (E.D. Mich. 2010) (holding that requiring a defendant to provide computer password violates the Fifth Amendment). Those requirements involve a level of knowledge and mental capacity that is not present in ordering Diamond to place his fingerprint on his cellphone. Instead, the task that Diamond was compelled to perform—to provide his fingerprint—is no more testimonial than furnishing a blood sample, providing handwriting or voice exemplars, standing in a lineup, or wearing particular clothing.

Of course, it's what's contained in the now-unlocked device that might be incriminating, which is why Diamond pointed to In re Grand Jury as being analogous to the forced provision of a fingerprint. The court's rebuttal of this argument, however, doesn't make a lot of sense. It says the process that unlocked the device requires no knowledge or mental capacity -- which is certainly true -- but that the end result, despite being the same (the production of evidence against themselves) is somehow different because of the part of the body used to obtain access (finger v. brain).

In recounting the obtaining of the print, the court shows that some knowledge is imparted by this effort -- information not possessed by law enforcement or prosecutors.
Diamond also argues that he “was required to identify for the police which of his fingerprints would open the phone” and that this requirement compelled a testimonial communication. This argument, however, mischaracterizes the district court’s order. The district court’s February 11 order compelled Diamond to “provide a fingerprint or thumbprint as deemed necessary by the Chaska Police Department to unlock his seized cell phone.” At the April 3 contempt hearing, the district court referred to Diamond providing his “thumbprint.” The prosecutor noted that they were “not sure if it’s an index finger or a thumb.” The district court answered, “Take whatever samples you need.” Diamond then asked the detectives which finger they wanted, and they answered, “The one that unlocks it.”

This is something only Diamond would know, and by unlocking the phone, he would be demonstrating some form of control of the device as well as responsibility for its contents. So, it is still a testimonial act, even if it doesn't rise to the mental level of retaining a password or combination. (And, if so, would four-digit passcodes be less "testimonial" than a nine-digit alphanumeric password, if the bright line comes down to mental effort?)

Given the reasoning of the court, it almost appears as though Diamond may have succeeded in this constitutional challenge if he had chosen to do so at the point he was ordered to produce the correct finger.
It is clear that the district court permitted the state to take samples of all of Diamond’s fingerprints and thumbprints. The district court did not ask Diamond whether his prints would unlock the cellphone or which print would unlock it, nor did the district court compel Diamond to disclose that information. There is no indication that Diamond would have been asked to do more had none of his fingerprints unlocked the cellphone. Diamond himself asked which finger the detectives wanted when he was ready to comply with the order, and the detectives answered his question. Diamond did not object then, nor did he bring an additional motion to suppress the evidence based on the exchange that he initiated.

And so, in first decision of its kind for this Appeals Court, the precedent established is that fingerprints are less protective of defendants' Fifth Amendment rights than passwords.

Permalink


#Fifth Amendment #Liberty #Self-Incrimination @LibertyPod+
EFF To Patent Office: Supreme Court Limits On Abstract Patents Are a Good Thing

Seth Martin
  
DeeplinksDeeplinks wrote the following post Tue, 24 Jan 2017 17:02:10 -0600

EFF To Patent Office: Supreme Court Limits On Abstract Patents Are a Good Thing

EFF has submitted comments to the Patent Office urging it not to support efforts to undermine the Supreme Court’s recent decision in Alice v. CLS Bank. The Patent Office had called for public submissions regarding whether “legislative changes are desirable” in response to recent court decisions, including Alice. We explain that, far from harming the software industry, Alice has helped it thrive.

When the Supreme Court issued its ruling in Alice, it was a shock to a patent system that had been churning out software patents by the tens of thousands every year. Back in the 1990s, the Federal Circuit had opened the software patent floodgate with its ruling in State Street and In re Alappat. That decision held that any general purpose computer could be eligible for a patent so long as it is programmed to perform a particular function. In Alice, the Supreme Court substantially moderated that holding by ruling that a generic computer is not eligible for a patent simply because it is programed to implement an abstract idea.

Courts have applied Alice to throw out many of the worst software patents. Alice is particularly valuable because, in some cases, courts have applied it early in litigation thereby preventing patent trolls from using the high expense of litigation to pressure defendants into settlements. While we think that the Federal Circuit could do more to diligently apply Alice, it has at least been a step forward.

As the Alice case made its way to the Supreme Court, defenders of software patents predicted disaster would befall the software industry if the courts invalidated the patent. For example, Judge Moore of the Federal Circuit suggested that a ruling for the defendant “would decimate the electronics and software industries.” This prediction turned out be entirely inaccurate.

In our comments, we explain that the software industry has thrived in the wake of Alice. For example, while R&D spending on software and Internet development went up an impressive 16.5% in the 12 months prior to the Alice decision, it increased by an even more dramatic 27% in the year following Alice. Similarly, employment growth for software developers remains very strong, as anyone who has tried to rent an apartment in the Bay Area can attest.

We also express concern that the Patent Office’s guidance puts the thumb on the scale in favor of patent eligibility. For example, the Patent Office’s call for comments asked how it can make certain decisions better known to examiners. But it focused only on decisions finding patent claims eligible. During the same period, even more decisions were issued by the Federal Circuit finding software-related claims ineligible, but those decisions were left off the list.

Some commentators have suggested that the Patent Office takes an “intentionally narrow” view of Alice. But it is not the Patent Office’s job to narrow Supreme Court holdings, its job is to apply them. Ultimately, the patent system does not exist to create jobs for patent prosecutors, examiners, or litigators. It exists for the constitutional purpose of “promot[ing] the Progress of Science and useful Arts.” With no evidence that Alice is harming software development, the Patent Office should not focus on pushing more patenting on the industry.

Many other non-profits and companies submitted comments in favor of the changes brought by the Alice decision. These include comments from Public Knowledge, Engine, and Mozilla. We hope the Patent Office listens to this feedback from outside the patent world before making any legislative recommendations.

Public comment periods are an important check on concentrated interests pushing regulations that hurt the public interest. EFF regularly submits comments to the Patent Office where rules are proposed that would harm the public. For example, EFF and Public Knowledge recently submitted comments to the Patent Office regarding applicants' duties of disclosure. This is the duty to tell the Patent Office about material (such as existing inventions) relevant to whether the application is patentable. The Patent Office has proposed a new rule that would require patent applicants to submit material only if it the material would actually lead to a rejection of a pending claim. That is, the Patent Office proposed adopting the standard set out in a case called Therasense, which was a decision from the Court of Appeals for the Federal Circuit regarding the standards for finding a patent invalid for inequitable conduct. The Patent Office justified its proposed change as being simpler for applicants and would lessen the incentives to submit only marginally relevant material.

In our comments, we urged the Patent Office to maintain its current standards. We explain that the change would lead to no reduction in a charge of inequitable conduct. In addition, we suggested that a better incentive to reducing the amount of marginally relevant material would be if the Patent Office more frequently enforce procedures requiring patent applicants to explain the relevance of materials submitted to the office.

Related Cases:

Abstract Patent Litigation

Share this: Image/photo Image/photo Image/photo Image/photo Join EFF


#EFF #Patents #Patent Trolls #Innovation @Gadget Guru+ @LibertyPod+
Dropbox: Oops, yeah, we didn't actually delete all your files

Seth Martin
  
It's probably not a good idea to store anything sensitive, private or potentially revealing at locations you don't own. Big data companies like this, keep your data forever! Choice is only an illusion.

Dropbox: Oops, yeah, we didn't actually delete all your files – this bug kept them in the cloud

Image/photo

Biz apologizes after years-old data mysteriously reappears
Dropbox says it was responsible for an attempted bug fix that instead caused old, deleted data to reappear on the site.…


#Dropbox #Cloud #Storage #Big Data @Gadget Guru+
Mozilla’s First Internet Health Report Tackles Privacy and Security

Seth Martin
  
The Internet Health Report

Image/photo


Welcome to Mozilla’s new open source initiative to document and explain what’s happening to the health of the Internet. Combining research from multiple sources, we collect data on five key topics and offer a brief overview of each.


#Decentralization #Privacy #Internet #Security #Cybersecurity #Mozilla @LibertyPod+ @Gadget Guru+
In Final Speech, FCC Chief Tom Wheeler Warns GOP Not to Kill Net Neutrality

Seth Martin
  last edited: Sat, 14 Jan 2017 09:55:00 -0600  
Since government is creating an environment where only some entities can afford to play, government must also protect the market from their abuse of power.

MotherboardMotherboard wrote the following post Sat, 14 Jan 2017 08:00:00 -0600

In Final Speech, FCC Chief Tom Wheeler Warns GOP Not to Kill Net Neutrality

Image/photo

Federal Communications Commission Chairman Tom Wheeler delivered an impassioned defense of US net neutrality protections on Friday, one week before Republicans who have vowed to roll back the policy are set to take control of the agency.

In his final public speech as the nation’s top telecom regulator, Wheeler warned that Republican efforts to weaken FCC rules ensuring that all internet content is treated equally will harm consumers, stifle online innovation, and threaten broadband industry competition.

“The open internet is the law of the land,” Wheeler declared during a speech at the DC offices of the Aspen Institute, a nonpartisan think tank. “Tampering with the rules means taking away protections consumers and the online world enjoy today.”

Open internet advocates say strong net neutrality safeguards are needed to prevent internet service providers (ISPs) like Comcast, AT&T, and Verizon from creating online fast lanes for their own content or discriminating against rival services. The telecom giants, and their Republican allies in Congress, accuse the FCC of overstepping its authority and shackling their business models.

Wheeler’s departure from the FCC on January 20, President-elect Donald Trump’s inauguration day, will leave the agency in the hands of Republican officials who have made no secret of their intention to dismantle the FCC’s policy. That would be a grave mistake, Wheeler said.

“To take those protections away at the request of a handful of ISPs threatens any innovation that requires connectedness and with it the productivity gains, job creation, and international competitiveness required for America’s economic growth,” Wheeler said. "It is time to keep moving forward. This is not the time to retreat and take things away.”
“Vigilance to protect that which Americans now enjoy must be our watchword.”

The FCC’s policy safeguarding net neutrality is the centerpiece of an ambitious pro-consumer agenda advanced by Wheeler over the last three years. Open internet advocates say that without net neutrality, hugely popular online video and communications services like Netflix and Skype could have been snuffed out by ISPs in favor of their own rival offerings.

“Those who build and operate networks have both the incentive and the ability to use the power of the network to benefit themselves even if doing so harms their own customers and the greater public interest,” Wheeler said. “Access to the network is what the new economy is built on, and it must not be taken away.”



FCC Chairman Tom Wheeler's Final Public Address
by The Aspen Institute on YouTube

Unfortunately for open internet advocates, the prospects for the FCC’s net neutrality policy are bleak under Trump’s administration. The president-elect’s FCC transition team is led by right-wing ideologues who are expected to recommend a new anti-net neutrality chairman to replace Wheeler. And Trump himself has taken to Twitter to disparage the FCC’s policy.

In his speech, Wheeler warned Republicans soon to be in control of the FCC that reversing the agency's net neutrality policy is “not a slam dunk” because of the “high hurdle, imposed by the Administrative Procedure Act, of a fact-based showing that so much has changed in just two short years that a reversal is justified.”

Meanwhile, in Congress, Republicans are already scheming to kneecap the FCC’s policy. Rep. Marsha Blackburn, the Tennessee Republican who was recently tapped by the GOP to be the new chairman of the House telecom subcommittee, has described net neutrality as a “socialistic” Obama plot to take over the internet.

Blackburn, who has received mountains of campaign cash from the telecom industry since first being elected in 2002, has been trying to kill net neutrality for years. In the coming months, she will finally get her chance, possibly by working with other lawmakers to pass new legislation that claims to protect net neutrality, while actually gutting the FCC’s policy.

Outgoing FCC Chairman Wheeler, who has written books about the Civil War, concluded his remarks by quoting from Abraham Lincoln’s famous first inaugural address: “While the people retain their virtue, and vigilance, no administration … can very seriously injure the government, in the short space of four years.”

“The vigilance Lincoln spoke of means we must be alert to name-only, so-called net neutrality policies that actually retreat from the protections that exist today,” Wheeler said. “Vigilance to protect that which Americans now enjoy must be our watchword.”


#Net Neutrality #Internet #FCC #Communications #Politics @Gadget Guru+ @LibertyPod+ @Laissez-Faire Capitalism+
... "Surprise"!

Gadget Gurus
  
Technology | The GuardianTechnology | The Guardian wrote the following post Fri, 13 Jan 2017 05:00:16 -0600

WhatsApp backdoor allows snooping on encrypted messages

Exclusive: Privacy campaigners criticise WhatsApp vulnerability as a ‘huge threat to freedom of speech’ and warn it could be exploited by government agencies

A security backdoor that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service.

Facebook claims that no one can intercept WhatsApp messages, not even the company and its staff, ensuring privacy for its billion-plus users. But new research shows that the company could in fact read messages due to the way WhatsApp has implemented its end-to-end encryption protocol.
Continue reading...


#WhatsApp #Signal #Encryption #Social Networking #Communications #Surveillance #Snooping #Privacy
San Francisco sues local drone maker, drone maker then shuts down

Gadget Gurus
  
Ars TechnicaArs Technica wrote the following post Fri, 13 Jan 2017 16:20:12 -0600

San Francisco sues local drone maker, drone maker then shuts down

Image/photo
Enlarge (credit: Lily Robotics)

A San Francisco-based drone startup that raised $34 million in pre-orders folded on Thursday, the same day the company, Lily Robotics, was sued by the local district attorney in county court. The city accuses Lily Robotics of engaging in false advertising and unlawful business practices.

The company's story is reminiscent of the now-defunct Torquing Group, a Wales-based firm that raised $3.4 million (the largest European Kickstarter project to date) to build a drone called the Zano that ended up not going anywhere, either.

In 2015, Lily Robotics released a slick YouTube promo video demonstrating its drone, calling it the world’s first “throw-and-shoot camera.” It received widespread, breathless coverage from various other media outlets, ranging from Wired to TechCrunch. Lily Robotics' founders were named on the “Forbes 30 under 30” list in 2015. And in addition to its pre-orders, the startup took in $15 million in venture capital, according to CrunchBase.

Read 4 remaining paragraphs | Comments


#Lily #Robotics #Advertising @Laissez-Faire Capitalism+
Secure Messaging Takes Some Steps Forward, Some Steps Back: 2016 In Review

Seth Martin
  
DeeplinksDeeplinks wrote the following post Thu, 29 Dec 2016 18:10:08 -0600

Secure Messaging Takes Some Steps Forward, Some Steps Back: 2016 In Review

This year has been full of developments in messaging platforms that employ encryption to protect users. 2016 saw an increase in the level of security for some major messaging services, bringing end-to-end encryption to over a billion people. Unfortunately, we’ve also seen major platforms making poor decisions for users and potentially undermining the strong cryptography built into their apps.

WhatsApp makes big improvements, but concerning privacy changes
In late March, the Facebook-owned messaging service WhatsApp introduced end-to-end encryption for its over 1 billion monthly active users.  The enormous significance of rolling out strong encryption to such a large user-base was combined with the fact that underlying Whatsapp’s new feature was the Signal Protocol, a well-regarded and independently reviewed encryption protocol. WhatsApp was not only protecting users’ chats, but also doing so with one of the best end-to-end encrypted messaging protocols out there. At the time, we praised WhatsApp and created a guide for both iOS and Android on how you could protect your communications using it.

In August, however, we were alarmed to see WhatsApp establish data-sharing practices that signaled a shift in its attitude toward user privacy. In its first privacy policy change since 2012, WhatsApp laid the groundwork for expanded data-sharing with its parent company, Facebook. This change allows Facebook access to several pieces of users’ WhatsApp information, including WhatsApp phone number, contact list, and usage data (e.g. when a user last used WhatsApp, what device it was used it on, and what OS it was run on). This new data-sharing compounded our previous concerns about some of WhatsApp’s non-privacy-friendly default settings.

Signal takes steps forward
Meanwhile, the well-regarded end-to-end encryption app Signal, for which the Signal Protocol was created, has grown its user-base and introduced new features.  Available for iOS and Android (as well as desktop if you have either of the previous two), Signal recently introduced disappearing messages to its platform.  With this, users can be assured that after a chosen amount of time, messages will be deleted from both their own and their contact’s devices.

Signal also recently changed the way users verify their communications, introducing the concept of “safety numbers” to authenticate conversations and verify the long-lived keys of contacts in a more streamlined way.

Mixed-mode messaging
2016  reminded us that it’s not as black-and-white as secure messaging apps vs. not-secure ones. This year we saw several existing players in the messaging space add end-to-end encrypted options to their platforms. Facebook Messenger added “secret” messaging, and Google released Allo Messenger with “incognito” mode. These end-to-end encrypted options co-exist on the apps with a default option that is only encrypted in transit.

Unfortunately, this “mixed mode” design may do more harm than good by teaching users the wrong lessons about encryption. Branding end-to-end encryption as “secret,” “incognito,” or “private” may encourage users to use end-to-end encryption only when they are doing something shady or embarrassing. And if end-to-end encryption is a feature that you only use when you want to hide or protect something, then the simple act of using it functions as a red flag for valuable, sensitive information. Instead, encryption should be an automatic, straightforward, easy-to-use status quo to protect all communications.

Further, mixing end-to-end encrypted modes with less sensitive defaults has been demonstrated to result in users making mistakes and inadvertently sending sensitive messages without end-to-end encryption.

In contrast, the end-to-end encrypted “letter sealing” that LINE expanded this year is enabled by default. Since first introducing it for 1-on-1 chats in 2015, LINE has made end-to-end encryption the default and progressively expanded the feature to group chats and 1-on-1 calls. Users can still send messages on LINE without end-to-end encryption by changing security settings, but the company recommends leaving the default “letter sealing” enabled at all times. This kind of default design makes it easier for users to communicate with encryption from the get-go, and much more difficult for them to make dangerous mistakes.

The dangers of unsecure messaging
In stark contrast to the above-mentioned secure messaging apps, a November report from Citizen Lab exposes China’s WeChat messenger’s practice of performing selective censorship on its over 806 million monthly active users.  When a user registers with a Chinese phone number, WeChat will censor content critical of the regime no matter where that user is. The censorship effectively “follows them around,” even if the user switches to an international phone number or leaves China to travel abroad. Effectively, WeChat users may be under the control of China’s censorship regime no matter where they go.

Compared to the secure messaging practices EFF advocates for, WeChat represents the other end of the messaging spectrum, employing algorithms to control and limit access rather than using privacy-enhancing technologies to allow communication. This is an urgent reminder of how users can be put in danger when their communications are available to platform providers and governments, and why it is so important to continue promoting privacy-enhancing technologies and secure messaging.

This article is part of our Year In Review series. Read other articles about the fight for digital rights in 2016.

Like what you're reading? Support digital freedom defense today!
Image/photo

Share this: Image/photo Image/photo Image/photo Image/photo Join EFF


#Encryption #Privacy #Communications #Messaging #Security #WhatsApp #Signal #LINE #Allo #incognito  
@Gadget Guru+ @LibertyPod+
Mike Macgirvin
  
I tend to disagree about mixed mode messaging. We need a range of communication tools, from hush-hush ultra top secret to public and open. Both ends of the spectrum have problems. That's why you need privacy.
Seth Martin
  last edited: Mon, 02 Jan 2017 10:46:52 -0600  
I agree with you, Mike. I just think it's important for these messaging apps to have encryption on by default to curb authorities targeting those that use the feature selectively.
Fabián Bonetti
 
Mike por que debo salir de mi serviddor para responderte?
Op-ed: Why I’m not giving up on PGP

Gadget Gurus
  
Ars TechnicaArs Technica wrote the following post Tue, 20 Dec 2016 07:44:40 -0600

Op-ed: Why I’m not giving up on PGP

Image/photo
(credit: Aurich Lawson / Thinkstock)

Neal H. Walfield is a hacker at g10code working on GnuPG. This op-ed was written for Ars Technica by Walfield, in response to Filippo Valsorda's "I'm giving up on PGP" story that was published on Ars last week.

Every once in a while, a prominent member of the security community publishes an article about how horrible OpenPGP is. Matthew Green wrote one in 2014 and Moxie Marlinspike wrote one in 2015. The most recent was written by Filippo Valsorda, here on the pages of Ars Technica, which Matthew Green says "sums up the main reason I think PGP is so bad and dangerous."

In this article I want to respond to the points that Filippo raises. In short, Filippo is right about some of the details, but wrong about the big picture. For the record, I work on GnuPG, the most popular OpenPGP implementation.

Read 21 remaining paragraphs | Comments

Image/photo Image/photo Image/photo Image/photo


#Encryption #PGP #Signal #OpenPGP #GnuPG
Signal Private Messenger Issue

Seth Martin
  
It looks like there will never be the possibility of transferring photos of legible size/compression with Signal and therefore I must change SMS/MMS apps again.  

Working in construction, no matter how I instruct people to transfer photos with me, they still do it via MMS and expect me to make use of it. I now have no option other than changing the application that I use.

I'll just have to use a different app for secure conversations such as Conversations or Riot.

Android SMS/MMS app suggestions anyone? @Gadget Guru+
Seth Martin
  
Even though Signal is no longer my default app for SMS/MMS, messages still arrive there if my contact is using the same.

Aside from no encryption, QKSMS is the friendliest SMS app I've used so far.
Marshall Sutherland
  
That makes sense. All the sender's app know is that you have a Signal account, so it routes it through Signal. Similarly, when my son turns off data on his phone, my phone still sends via Signal even though it can't be delivered until he reconnects to data, even though he could get a SMS.
Michael Meer
  
@Marshall Sutherland that was the reason why I switched to SMSsecure. It does not depend on the internet. Encrypted connections can be build up only with SMS.

But I don't know something about QKSMS. I will throw an eye on this.
Gadget Gurus
  last edited: Sun, 18 Dec 2016 12:38:29 -0600  
Fraengii
 Geonosis 
But after it isn't vegan anymore, isn't it!?!
Anarcho-Vegans
  
I'm still waiting on reports of animal pieces after trying this method.
Google’s ad tracking just got creepier. Here’s how to disable it

Gadget Gurus
  
Technology | The GuardianTechnology | The Guardian wrote the following post Fri, 21 Oct 2016 16:30:58 -0500

Google’s ad tracking just got creepier. Here’s how to disable it

Google in June quietly deleted a clause in its privacy settings that said it would not combine cookie information with personal information without consent

Google has changed the way it tracks users across the internet so that it can now link people’s personally identifiable information from Gmail, YouTube and other accounts with their browsing records across the web. The company had previously pledged to keep these two data sets separate to protect individuals’ privacy.

As first reported by Propublica, Google quietly updated its privacy settings in June to delete a clause that said “we will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent”.
Continue reading...


#Privacy #Google #Tracking #Advertising