P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 13-03-19, 08:49 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - March 9th, ’19

Since 2002































March 9th, 2019




'I Can Get Any Novel I Want in 30 Seconds': Can Book Piracy be Stopped?

The UK government’s Intellectual Property Office estimates that 17% of ebooks are consumed illegally.

As publishers struggle with ‘whack-a-mole’ websites, experts, authors and even Guardian readers who illegally download books, assess the damage
Katy Guest

Abena, who is 18, recently read Children of Blood and Bone by Tomi Adeyemi, and thought it was wonderful. She does feel a bit bad about downloading it illegally, she says, but her mother is a single parent who can’t afford to feed her voracious love of books. She has also enjoyed the entire Percy Jackson series without paying its author, Rick Riordan, a penny. She’s not a thief, though, she says: “I wouldn’t take food or clothes without paying the people who made them, because they’re physical things. I believe real life and the internet differ.”

Abena (not her real name) is one of millions of people who use book-piracy websites to illegally download work by authors they love. The UK government’s Intellectual Property Office estimates that 17% of ebooks are consumed illegally. Generally, pirates tend to be from better-off socioeconomic groups, and aged between 30 and 60. Many use social media to ask for tips when their regular piracy website is shut down; when I contacted some, those who responded always justified it by claiming they were too poor to buy books – then tell me they read them on their e-readers, smartphones or computer screens - or that their areas lacked libraries, or they found it hard to locate books in the countries where they lived. Some felt embarrassed. Others blamed greedy authors for trying to stop them.

When we asked Guardian readers to tell us about their experiences with piracy, we had more than 130 responses from readers aged between 20 and 70. Most regularly downloaded books illegally and while some felt guilty – more than one said they only pirated “big names” and when “the author isn’t on the breadline, think Lee Child” – the majority saw nothing wrong in the practice. “Reading an author’s work is a greater compliment than ignoring it,” said one, while others claimed it was part of a greater ethos of equality, that “culture should be free to all”.

Many reported starting to pirate books during university, when faced with bills for expensive textbooks – “I want to spend my limited funds on going out, honestly,” said one 21-year-old University of Warwick student – while others on limited incomes said their disabilities and mental health made library visits a challenge. One disabled and unemployed reader who asked to remain anonymous said: “I don’t think it’s morally wrong to pirate a book if you genuinely can’t afford it. I only get £80 a week. I usually can’t afford to spend £10+ on a new book, but I love reading … It’s not much different from buying from a secondhand bookstore, right? Either way, the writer gets no money.”

But overwhelmingly, most respondents owned up to pirating books not because of cost, but ease. Doctors, accountants and professionals described themselves as well-off, but said they pirated books to “pre-read” them, because they often felt dissatisfied with a book after purchase. “I have paid for some truly terrible books and regretted it – thanks to piracy, I can read first. I’ll buy if it was good enough that I kept reading it,” said one. Another said he’d pirated around 100,000 books in “a few hours” and donated all his physical books to charity shops: “Obviously, I will never read most of those pirated ebooks. Over a lifetime, I doubt I’ll get through even a fifth of my current collection.”

One operator of a piracy website contacted the Guardian to detail how they did it. “I upload anything from science fiction to ridiculously priced university textbooks. I can get any novel that I want in about 30 seconds. If I can’t, I know people in my dark little corner of the internet that can find ANYTHING that is asked for. It’s incredible really.”

Very few reported being negatively affected by it. (Though three readers reported attempting to pirate Harry Potter books, only to end up with erotic fanfiction.) A 42-year-old IT worker in Glasgow complained, “I have a wealthy retired relative who prides himself on pirating books which makes me want to vomit. I don’t think he reads half of them, just hoards them. He can absolutely afford to buy books. I don’t understand people who can spend hours and hours engaging with writing knowing they have ripped the writer off.”

And authors are being ripped off. This week, with the resurgence of a particular piracy site (the Guardian is choosing not to name any of them), novelist Joanne Harris asked publishers to be more “muscular”, to take pirates to court and shut down entire sites instead of arguing over individual titles. But though the problem is costing publishers “billions of dollars annually” according to the International Publishers Association, there is no simple fix.

It is also hard to quantify how bad the problem is, when so few publishers are willing to talk openly about it. One piracy expert at a UK publisher kindly provided some background information for this article off the record; the rest refused to speak to me - though Penguin Random House and JK Rowling’s publisher Pottermore offered statements to say that they take piracy very seriously.

The legal and tech aspects of book piracy prevention are complex and fast-evolving, but those in the know describe it very simply: it’s whack-a-mole. One of the most persistent ebook pirate sites has been taken down multiple times, only to pop back up again under a .com, a .net and a .org domain name. At least 120,000 take-down notices have been issued against it already, involving web crawlers, lawyers, its domain host and the Metropolitan police. But that website is back regardless, complete with some intimidating legal language of its own, addressed to anyone who plans to complain.

Asked for a comment, an administrator for the website replied: “Hilarious. We don’t have time to do something bullshit, but let me give you a list of websites where books are available to be downloaded for free bigger than our site thousands time [sic].” And the list of sites they sent was indeed extensive, all offering books by well-loved children’s authors, YA and adult bestsellers, as well as some writers who are just starting out.

One of these is the Waterstones children’s books prize winner Michelle Harrison, who has drawn attention to the issue on Twitter. “I feel pretty despondent about it all,” she says now, having been called “elitist” and “not worthy of being an author” by angry pirates when she pointed out that they were stealing her work. “It’s all very well publishers sending take-down notices, but we all knew it was only a matter of time before the site sprang up again under a different guise. It’s fighting something we can’t win.

“I’m a single working parent trying to stay afloat, so I can’t afford the time and expense it would take to continue to pursue this and make my deadlines … I can’t understand the mindset of a person who thinks it’s acceptable to harass an author for wanting to protect their rights.”

There are organisations fighting hard to make the law catch up with technology. The Publishers Association has a portal that can help deal with infringements, but its CEO Stephen Lotinga admits it is a Sisyphean task. The PA believes governments, search engines and ISPs should be doing a lot more. The Society of Authors, meanwhile, believes domain providers should be made to police piracy on any sites they host, and is urging its members to write to their MEPs to support the provisions of the Copyright Directive, which would make platforms accountable for anything illegal they host. The Intellectual Property Office, meanwhile, says that it is working on it, and claims that the UK has one of the best IP enforcement regimes in the world, and that “if deficiencies in the current legal provision are identified, proposals will be developed to address them”.

Even private companies are getting involved. Che Pinkerton is the CEO of DMCA.com, named for the Digital Millennial Copyright Act, a 20-year-old US law that is still followed in many jurisdictions. DMCA.com works with lawyers and law enforcement, but it is primarily a tech company, and the way it tracks down infringers is its “secret sauce”.

Pinkerton puts the rise in piracy down to the growth of “user-generated content” – such as blogs and personal websites – and he sees every day how the law is playing catch-up with the technology. To issue a take-down notice, he often has to deal with several parties in different jurisdictions, and can only tackle infringements one at a time. Often, the domain provider will be deluged with take-down notices, and will remove the entire site, just to get the stream of correspondence to stop. But this approach doesn’t stop sites popping up again under a new name, with a new provider. No wonder it is hard to manage.

All this is exhausting for authors, but it could be devastating for readers, too. Harris, a representative of the SoA who speaks passionately on behalf of authors, knows several who have lost contracts because piracy drove down their sales to an unsustainable level. The most vulnerable authors are those who write series: when book one does well, but book two is heavily pirated, book three could end up dead in the water. Midlist authors, and those who barely scrape a living are also at risk. “These people mistakenly think they’re sticking it to the man,” Harris says. “They’re not; they’re sticking it to the little people, the people who are struggling … and they don’t care.”

Education, not regulation, is key, she told the Guardian: “If there is a solution to this, rather than keep trying to shut down these sites, it is to get the reading public to understand why using them is dishonest, wrong and is killing publishing and killing diversity in publishing. When you realise that [authors] are not really unlike you at all, you see that what it boils down to is you’re stealing the product of someone else’s work.”

On that note, Abena has recently had a revelation. She makes a little money by selling art online, and has started to think about what would happen if art lovers began downloading that for free, just because they really wanted it. “It would hurt and I’d be super-angry”, she says, after we exchange messages for a few days. “The fact that they don’t have much money doesn’t make it OK and it doesn’t make what I do OK either. I guess I do have to stop.”

One down – just a few million to go.
https://www.theguardian.com/books/20...acy-be-stopped





Leaked Aquaman Movie Suggests iTunes 4K Stream Cracked for First Time
Juli Clover

A 4K version of the movie "Aquaman" has popped up on torrent sites, and, as noted by TorrentFreak, it looks like the file may have come from iTunes, suggesting Apple's protections for 4K content have been breached.

The "Aquaman" file in question, which was shared earlier this week on Reddit, is labeled as a Web-DL, a name used in torrents to denote where it's from. Web-DL indicates a file pulled from a streaming service like Netflix, iTunes, and Amazon.

The title, "Aquaman.2018.2160p.WEB-DL.DDP5.1.HDR.HEVC-MOMA," suggests that this is a 4K release that was decrypted directly from iTunes. This is something that has never happened before with a 4K WEB-DL.

The file is indeed in 4K, and it popped up on torrent sites shortly after the movie was released on iTunes. There are no 4K releases of "Aquaman" from Netflix or Amazon, which led to immediate speculation that someone had managed to decrypt the file from iTunes.

4K files from iTunes have never been spotted on piracy sites before, making this a first that the piracy community is excited about. "4k Web-dl, history has been made today for pirates," wrote one reddit user on the r/piracy subreddit.

TorrentFreak says that it's "too early" to jump to conclusions about the origin of the file. While it's 4K, it could be mislabeled. There's a 4K version on VUDU, though the pirated version was uploaded ahead of the VUDU release.

If it is from iTunes, it's not yet clear how it was accessed. 4K content is only available on the Apple TV via tvOS, suggesting that if there's a security hole, it's in the tvOS operating system.

A source who has experience with the matter believes that it most likely comes from iTunes, as advertised. How, exactly, remains a mystery, but there may be a vulnerability in Apple's tvOS.

"Apple has 4k only on Apple TV running tvOS. I assume they skipped checks, if the device is jailbroken, and someone just dumped the encrypted stream and decrypted it via what's in memory as keys," says our source, who prefers to remain anonymous.


Since Aquaman appeared, two additional 4K Web-DL files for "Spider-Man: Into the Spider-Verse" and "Can You Ever Forgive Me?" have surfaced on torrent sites.

If there is indeed a vulnerability that has been exploited by those who pirate movies to access 4K iTunes content, Apple is likely to implement a fix quickly to prevent pirates from stealing additional 4K movies.
https://www.macrumors.com/2019/03/07...itunes-breach/





UCL Bans 49 Students from Eduroam for Pirating Rick and Morty

Wubbalubbadubdub
Serena Bhandari

There's a time and a place for everything – and whilst you may think that downloading Rick and Morty illegally using campus wifi is totally fine, it's become apparent that UCL's IT department does not.

Over a period lasting a year and a half, 334 UCL students were banned from Eduroam. A shocking 49 of those were punished for streaming Adult Swim's popular cartoon Rick and Morty.

Image may contain: Lamp, Table Lamp

For context, that's almost 15 per cent of the total number of bans.

The vast majority of the Rick and Morty offences occurred around the release of Season 3, but even a year later some latecomers were getting penalised for their streaming habits.

Other students were banned for streaming classics like Shrek, RuPaul's Drag Race and even (shockingly) Geordie Shore and the Lego Batman Movie. Weird, right?

If these trend continue, you'd best believe that come Rick and Morty Season 4 we'll witness another huge wave of Eduroam bans.

Bring it on.
https://thetab.com/uk/london/2019/02...nd-morty-34107





Copyright Protection Company Offers Piracy Websites an Ad Revenue Sharing Deal
Bill Toulas

• Pirating websites can now make an ad revenue with the support of content creators, and share the money with them.
• A company that represents and protect creators has launched an affiliate program for everyone to benefit from.
• This is a novel approach that goes to the opposite direction of what was the case so far in this field.

“DMCAForce”, a company that protects authors, musicians, publishers, filmmakers, and all kinds of copyright owners, is now offering advertising deals to pirating websites. This is going against the standard practice of rights-holders and their representatives, who are actively trying to close the tap of money supply towards this type of websites. DMCAForce has probably thought that trying to kill piracy or even contain it can never be achieved at the ultimate level, so sharing whatever revenue these domains can generate through advertising would be a way to benefit from their presence anyway.

Large pirate sites enjoy colossal popularity and count many millions of unique visitors each day. DMCAForce sees them as an ideal platform to set up advertising campaigns and promote the stolen content through legitimate channels. So, for example, a person searches and locates a torrent for a movie that they want to watch on one of these websites, and an advertisement pops up, pointing the user to a legitimate source for this title. Although the stolen content may still be retrieved through P2P, an option to get the same material from a lawful source. Some will do so, others will keep off from the offered option, but everyone has to gain from the whole process.

According to DMCAForce, they have already made similar deals in the adult space, winning as much as $15000 per month, where previously they were getting nothing out of these websites. This model has encouraged content creators and copyright holders to allow pirating domains to keep their content up instead of forcing them to take it down, as the flow of ad revenue to their direction is significant and forms the basis for a new business model. This model is bringing some of the pirating traffic ad revenue back to the creator, so not only the damage from piracy is contained, but it somewhat stops being considered damage entirely.

As DMCAForce representatives told TorrentFreak recently: “In the case of direct products, we can provide you affiliate tracking links, where instead of REMOVING the content, you can KEEP the content up, and we direct that user together back to the product on a commission basis. If you have a product you are selling, and want to ask these pirate sites to put advertising around your stolen content or replace the stolen content with linkbacks, we offer that as well. This has encouraged content creators to keep their content up and build a better relationship.”

This certainly sounds as something largely counterintuitive, but it works, and creators seem to like the idea, at least according to DMCAForce. It’s not that rightsholders are joining or embracing piracy, it’s just that they have started figuring out ways to live with it in a way that makes business sense, instead of playing a never-ending “whack-a-mole” game.
https://www.technadu.com/piracy-webs...ng-deal/60152/





City of Winnipeg Manager in Charge of Police Radios Arrested after 2-Year Investigation

'You don’t want to know where these came from': Police allege he directed employees to use fraudulent software
Caroline Barghout

Winnipeg police have arrested a manager with the city for allegedly updating police radios with fraudulent software he got from a person considered to be a security threat by the U.S. Department of Homeland Security, CBC News has learned.

Back in 2011, Ed Richardson allegedly obtained millions of dollars worth of illegal software and instructed city employees to use it, police said in a January 2018 sworn affidavit, submitted to the Provincial Court of Manitoba when officers were seeking permission to search the man's emails.

Until his arrest last Thursday, Richardson was the manager of the City of Winnipeg radio shop, responsible for repairing and maintaining radios used by the Winnipeg Police Service and Winnipeg Fire Paramedic Service.

The allegations stem from a time when the police service used fully encrypted Motorola radios, which allowed officers to talk in secret, as the only way to unlock the audio and listen to the conversations was with an encryption key. (Prior to 2010, anyone who wanted to eavesdrop on police calls could potentially do so through websites that provided access to police scanners.)

In the affidavit, police said the Motorola radios needed frequent updating, which could only be done if the city purchased a "refresh key" or licence from the company to unlock the proprietary software. Motorola charged about $94 per update per radio, the document said, and a radio shop employee told police Richardson didn't like that.

"[The employee] does not believe his actions were for personal gain; he believes that Richardson likes the idea of not giving more money to Motorola," the affidavit said.

The employee came forward with information in 2017. At the time, the WPS and WFPS were in the process of launching a new emergency radio system for first responders — a project Richardson was leading.

"[The employee] is concerned that Richardson's lack of integrity may put the security of this new radio system in jeopardy," the affidavit said.

According to the affidavit, the employee told police that in 2011, Richardson gave him a device known as an iButton that was preloaded with more than 65,000 refresh keys and told him "you don't want to know where these came from."

The employee said they "clearly" didn't come from Motorola, the court document stated.

If the fraudulent refresh keys had been legitimately purchased, it would have cost the city millions, police allege. It's estimated the keys were used over 200 times and cost Motorola nearly $19,000 in lost revenue.

U.S. Homeland Security investigating

In the affidavit, police said they suspect Richardson got the unauthorized software from a Winnipeg ham radio enthusiast who was under investigation south of the border.

In September 2016, a special agent from the U.S. Department of Homeland Security (DHS) travelled to Winnipeg to brief local law enforcement about an investigation into the activities of the Winnipeg man, the court document said.

The agent said the man reprogrammed Motorola radios for clients around the world and was capable of encrypting them.

"This allows the criminal element to communicate without fear of interception by government or law enforcement," the court documents said. "A significant number of these encrypted radios have been seized from the Mexican drug cartel members."

Motorola examined some of those seized radios and believed that the techniques used to "hack" them were consistent with the method used by the Winnipeg man, the affidavit said.

"There is a Chinese method of achieving the same result but it is quite different," the document read.

The Winnipeg man was detained by DHS agents in May 2016 while on his way back to Canada from a radio convention in Dayton, Ohio, the affidavit said. Agents seized his electronics, including a laptop, and tools needed to encrypt Motorola radios.

They also seized an iButton. "There is no legitimate way that [the man] could be in possession of this device and [it] would have had to been supplied to him nefariously."

Police said in the affidavit they believe Richardson gave the man the iButton.

Richardson awarded for his work

In spring 2017, the WPS and WFPS transitioned from Motorola radios to Harris equipment — a project spearheaded by Richardson that took four years to complete.

As the city was bragging about an award Richardson won for the project, he was under police investigation.

"Ed was instrumental in providing leadership to our project team," Glen Cottick, the city's senior manager of business technology services, said in a Dec. 12, 2018 statement announcing the award.

Twelve months earlier, Cottick had been served a court order to provide police with Richardson's emails that were stored on the city's servers. (Cottick was not under investigation; it's his job to make sure the city complies with court orders.)

When CBC News contacted Richardson earlier this month, he said he was surprised to learn he had been under investigation for more than two years. No one from the Winnipeg Police Service had ever questioned him about any allegations, he said.

Richardson declined an interview request, citing concerns it could compromise the case, but said he was going to get in touch with officers to see if he could talk. Richardson also said he was aware police were at one point looking into the radio enthusiast, who he knows through the broader radio community, but said he wasn't sure if that investigation was still ongoing.

Days later, Richardson was placed on administrative leave. According to a co-worker, employees were told not to contact him, but were not given a reason why.

A city spokesperson would not comment on Richardson's leave, saying "it is a human resources matter."

When CBC News contacted the city again after Richardson's arrest, a spokesperson declined to answer questions, saying it was a "human resources and police matter."

A Winnipeg police spokesperson said its investigation is now complete and Richardson is expected to be formally charged during a court appearance next month, when he will face a number of criminal code offences, including fraud over $5,000, unauthorized use of a computer, possession of a device to obtain unauthorized use of a computer and possession of a device to obtain telecommunication service.

There is no allegation the fraudulent software put the security of police radios at risk.

None of the allegations have been proven in court.

No other arrests are expected, police said.
https://www.cbc.ca/news/canada/manit...tion-1.5027975





Democrats to Push to Reinstate Repealed 'Net Neutrality' Rules
David Shepardson

Democrats in the U.S. Congress plan to unveil legislation on Wednesday to reinstate “net neutrality” rules that were repealed by the Trump administration in December 2017, House of Representatives Speaker Nancy Pelosi said.

Pelosi told lawmakers in a letter that House Democrats, who won control of the chamber in the November 2018 elections, would work with their colleagues in the U.S. Senate to pass the “Save The Internet Act.”

The text of the proposed legislation has not been released.
It has now - Jack.

The Federal Communications Commission repealed the rules that bar providers from blocking or slowing internet content or offering paid “fast lanes.” The repeal was a win for providers like Comcast Corp, AT&T Inc and Verizon Communications Inc, but was opposed by internet companies like Facebook Inc, Amazon.com Inc and Alphabet Inc.

The Senate, which is controlled by Republicans, voted in May 2018 to reinstate the net neutrality rules, but the House did not take up the issue before Congress adjourned last year.

A U.S. federal appeals court last month held lengthy oral arguments in a legal challenge to the FCC’s decision to repeal the net neutrality rules.

In its 2017 decision, the Republican-led FCC voted 3-2 along party lines to reverse the net neutrality rules. The agency gave providers sweeping power to recast how users access the internet but said they must disclose changes in users’ internet access.
Huawei CFO suing Canada over December arrest

A spokeswoman for FCC chairman Ajit Pai did not immediately comment on Monday.

A group of 22 state attorneys general and the District of Columbia asked the appeals court to reinstate the Obama-era internet rules and to block the FCC’s effort to pre-empt states from imposing their own rules guaranteeing an open internet.

Major providers say they have not made any changes in how Americans access the internet since the repeal.

In October, California agreed not to enforce its own state net neutrality law until the appeals court’s decision on the 2017 repeal, and any potential review by the U.S. Supreme Court.

Reporting by David Shepardson; Editing by Paul Simao
https://www.reuters.com/article/us-u...-idUSKCN1QL1W0





How an Investigation of Fake FCC Comments Snared a Prominent D.C. Media Firm
Dell Cameron and Jason Prechtel

Millions of records that the FCC’s top lawyer once fought to hold back from state law enforcement officials now serve as key evidence in a year-long probe into cases of Americans being impersonated during the agency’s latest net neutrality proceeding. Analysis of the data would lead investigators last fall to consider, as one of many potential sources of fraud, the owner of an influential Washington, D.C., newspaper, whose advocacy business may have served as a pipeline for one of the most notorious of all fake comments.

In May 2017, dozens of Americans came forward with claims that their identities had been used, without their consent, in a campaign to inundate the Federal Communications Commission with public comments critical of the Obama-era policy. Some told reporters that they’d never heard of net neutrality. Twenty seven signed an open letter to FCC Chairman Ajit Pai demanding a response. A year on, each of their names and addresses are still displayed on the federal agency’s website, right above, as the letter puts it, “a political statement that we did not sign onto.”

What was most curious, however, is that each of these people had supposedly submitted the very same comment; a veritable word salad of telecom industry talking points. In particular, the comment was a rebuke of the Obama administration’s exercise of “unprecedented regulatory power” in pursuit of net neutrality, a policy which it accused of “smothering innovation, damaging the American economy, and obstructing job creation.”

Internal FCC logs reviewed by Gizmodo for the first time offer clues as to why the matching comments led investigators in October to the doorstep of CQ Roll Call, a company that, while running an august newsroom in the nation’s capital, is also in the business of helping lobbyists construct digital “grassroots” campaigns aimed at influencing policymakers, and specifically, those controlling the FCC’s rulemaking process.

“To put it simply, there is evidence in the FCC’s files that fraud has occurred.”

The logs, obtained in response to a Freedom of Information Act (FOIA) lawsuit, document in exhaustive detail each time an organization such as CQ—the advocacy side of the company—submitted a comment using the FCC’s API system. What’s more, they include the IP addresses of the uploaders themselves, as well as timestamps that record, down to the millisecond, precisely when floods of comments came pouring in from any given source.

While it’s FCC policy to accept and help manually upload spreadsheets containing batches of comments collected by virtually anyone, it also offers access to an API system that give groups like CQ, Fight for the Future, and the Electronic Frontier Foundation the ability to create their own submission pages that feed directly into the agency’s Electronic Comment Filing System (ECFS). The API, which helped funnel millions of comments to the agency in 2017, is maintained by the General Services Administration (GSA).

Last week, the GSA turned over the API logs in response to a records request from a reporter who had sued it and the FCC to pry them loose.

On review, they are the same records that the FCC refused to provide the New York attorney general’s office in December 2017, while claiming the state’s chief legal officer had no authority “to investigate a federal agency’s rulemaking process,” or otherwise compel the production of any materials. According to a December 2017 letter, the FCC’s general counsel had further argued that releasing the records (and in particular, any IP addresses) would “invade the personal privacy of legitimate commenters, and be overly burdensome to the agency.”

Yet the agency’s efforts at stonewalling proved inevitably futile. New York’s Bureau of Internet and Technology would ultimately obtain the API logs—likely, according to the statements of former New York attorney general Eric Schneiderman, from the FCC’s own inspector general, whose work is intentionally segregated from other offices at the agency.

Armed with both legal and technical expertise, the bureau’s investigators would comb the data and eventually produce multiple leads in its investigation of potential state violations, including criminal impersonation under New York law.

“Unprecedented regulatory power”

The millions of public comments amassed by the FCC about net neutrality over the summer of 2017 are only one facet of a process known as “notice and comment” rulemaking. Under federal law, whenever the FCC intends to set forth new, legally binding rules, it is required to give notice to the public. It must then, for no fewer than 30 days, allow the public to comment in response.

In contrast to the 3.9 million comments received during the debate over the Open Internet Order, which led to the adoption of federal net neutrality rules four years ago, the Trump administration’s effort to repeal those rules, known as the Restoring Internet Freedom Order, brought in over 22 million.

As of October 2018, investigators in New York had isolated a batch of roughly 9.35 million comments, which they had deemed suspicious and potentially attributed to Americans whose names had been used without their permission.

The investigations into the fake comments largely stem from reports published almost simultaneously on May 10, 2017, by Gizmodo, Verge, and ZDNet, all of which focused on identical comments that were submitted to the FCC several hundred thousand times. The language used in the comments—which are now suspected of having been uploaded using CQ’s software—was eventually traced back to a conservative nonprofit called the Center for Individual Freedom (CFIF).

The comment reads in full:

“The unprecedented regulatory power the Obama Administration imposed on the internet is smothering innovation, damaging the American economy and obstructing job creation. I urge the Federal Communications Commission to end the bureaucratic regulatory overreach of the internet known as Title II and restore the bipartisan light-touch regulatory consensus that enabled the internet to flourish for more than 20 years.”

Founded in 1998, CFIF is a reportedly a dark-money group whose early roots lie in defending Big Tobacco, but which supported the repeal of net neutrality more recently and has campaigned aggressively against state laws requiring political groups like itself to disclose the sources of its funding. Along with CQ, the group is among the 14 entities subpoenaed by the New York attorney general last fall, as first reported by former BuzzFeed reporter Kevin Collier in October.

As late as last February, CFIF President Jeffrey Mazzella praised the FCC’s rollback of the Title II classification of broadband service underlying net neutrality in the Daily Caller, labeling the policy an “unprecedented power grab by the Obama administration,” which, he claimed, upended “two decades of bipartisan consensus for light-touch regulation of the internet sector.”

Notably, Mazzella’s article was coauthored with David Williams, president of the Taxpayers Protection Alliance (TPA), another group subpoenaed in New York. Comments linked to TPA appear to have been submitted by the same individual who aided another group known as Free Our Internet, whose comments were ascribed to Americans who told Gizmodo their identities had been stolen.

Attempting to confirm or disprove the alleged link between CQ and CFIF, Gizmodo initiated its own review of the API data logs last week, focusing on comments from dozens of people who claim they were impersonated online. Emails previously obtained under FOIA, which show conversations between FCC officials and CQ’s chief technology officer, Dan Germain, who now serves as a FiscalNote senior VP overseeing research and development, provided additional context regarding the company’s operations.

The Center for Individual Freedom and FiscalNote, which purchased CQ Roll Call in August 2018, did not respond to multiple requests for comment.

Germain, however, was interviewed by Gizmodo twice in 2017, and served up various insights into how the company had amassed and delivered “millions of comments” to the FCC.

Analysis of API logs

While Germain declined to identify any of CQ’s clients “without explicit permission,” timestamps contained in the API logs reveal an unmistakable correlation between the use of CQ’s API key and numerous identical comments containing CFIF’s text about former President Obama’s “unprecedented regulatory power.”

APIs are a ubiquitous part of the internet and power user interactions with everything from Google to Grindr. To control access to them, APIs are usually given a “key” system, which produces long, unique strings of characters, not dissimilar to a password. This enables system administrators to give explicit access to an individual or company and track how the keys are being used.

The FCC is the only agency whose public commenting system uses API keys issued by Data.gov, a branch of the General Services Administration.

The purpose of GSA’s system is to “make it easier for agencies to release and manage” data while offering a variety of ways to track and analyze its use, according to its website. As many as 19 federal agencies rely on the Data.gov API for a variety of purposes, including the FCC, which specifically promotes it as a way to deliver public comments in bulk.
“Sometimes they don’t remember until we read the actual message and then they light up in full support of it!”

While some identifying information in the logs is fully or partially redacted, they contain the following data: timestamps of every instance an API submission was made; the IP addresses of every individual who requested API keys; the IP addresses of the servers used by them to submit comments; and standard number codes that indicate whether a comment submission was successful.

But while the logs detail precisely when comments were submitted and by whom, they do not contain the actual comments themselves, nor the names of the individuals to whom they’re attributed. Nor do the logs, which span roughly 7-months, indicate to which specific FCC docket a comment was submitted. Because of this, the timestamps are pivotal to pairing specific comments with the API keys used to submit them.

By comparing the API logs to comment data that the FCC had already made publicly available, Gizmodo found more than a dozen comments containing CFIF’s boilerplate language that were registered within milliseconds of CQ’s key being used.

A comment by Cynthia Duby of Desert Hot Springs, California, regarding Obama’s “unprecedented regulatory power,” for example, was registered by the comment system fractions of a second after CQ used its key on May 11, 2017. (The timestamp on Duby’s comment reads, “16:33:09.794,” while the Data.gov API logs show CQ submitting a comment at “16:33:09:0.16.”)

The timestamps on the comment data and API data rarely if ever sync perfectly. The disparity—at most two seconds, but more often much shorter—could be explained by server latency, or the fraction of time that passes after a message is sent but before it’s received by a server.

Duby is one of the 24 people who signed the open letter in May 2017 demanding that her comment be removed by the FCC. Of 14 others who said their names were “used to file comments we did not make,” Gizmodo was able to duplicate the experiment 12 times. In each successful case, the comments were received by the FCC while CQ’s API key was in use, with the logs reflecting deviations in the timestamps roughly equivalent to the blink of an eye. (For reasons unclear, two of the signatories’ comments could not be located.)

Ariehl Kimbrough, another apparent condemnor of “unprecedented regulatory power,” told Gizmodo in May 2017, that not only had she not submitted the comment bearing her name and address, but that she had never even heard the phrase “net neutrality.”

The FCC data shows the comment attributed to Kimbrough was received on May 9, 2017, at 7:31pm. As with the signatories of the open letter, the API data shows that a key assigned to CQ Roll Call was, at that very moment, in the process of uploading a batch of comments. The timestamps are within one-tenth of a second apart.

In response to an investigation by the Wall Street Journal, whose researchers spoke to some 7,800 people who had claimed their names had been used without consent in various agency dockets, an FCC spokesperson said comments from the general public are “generally not substantive, so thus have no impact on a rulemaking.” They added: “We err on the side of keeping the public record open and do not have the resources to investigate every comment that is filed.”

Only when it was politically advantageous did FCC Chairman Ajit Pai speak to the impact of the fake comments on the process.

In December, while attacking what he called “overheated rhetoric about net neutrality,” the chairman claimed in an FCC memo that as many as “half-million comments” supporting net neutrality had been “submitted from Russian e-mail addresses” and that “nearly eight million comments” had been filed using email accounts “associated with FakeMailGenerator.com.”

The FCC did not respond to a request for comment.

“Millions of comments”

Prior to CQ becoming a subject of interest in an ongoing criminal investigation, Germain explained at length that his company had created a platform specifically to direct comments to the FCC and that it had been operational since at least 2016.

“Before we submit these comments (via the API) we remove any bad or questionable submissions,” he told Gizmodo. “On a technical level, a few of the things we do include running the email address through an email validator, eliminate duplicate records with the same email address, and remove multiple submissions from the same IP address.”

If CQ found comments that appeared particularly questionable, he said, the company would call the individual and inquire whether they submitted it. “Sometimes they don’t remember until we read the actual message,” he said, “and then they light up in full support of it!”

In emails to the FCC dated April 2017, Germain explains that CQ is seeking to deliver “about 250,000 comments per day,” and that it would need to “set up multiple servers to the API simultaneously to meet the needs” of its clients. Whereas many of the groups responsible for uploading millions of comments requested only one or two API keys, logs show that CQ, over a period of several months, requested no fewer than 114.

Registered between April 28 and August 14 that year, the keys linked to the company—by email account or IP address or both—contributed nearly 2.1 million API submissions. This includes a nearly month-long gap between mid-May and mid-June. A query for the CFIF comment about “unprecedented regulatory power” reveals an overlapping gap that aligns with the periods in which CQ Roll Call is shown to have made API post requests.

Above all, Germain stressed that its advocacy business was entirely separate from its news products. “The newsrooms of both CQ and Roll Call have editorial independence and have no involvement in the creation or management of our advocacy tools,” he said, adding: “They certainly would not know what our advocacy customers were doing with our tools.”

Incidentally, one of Roll Call’s reporters was physically accosted by security officials while trying to ask questions of Republican FCC Commissioner Michael O’Rielly following a May 2017, hearing about the net neutrality rules.

Beyond CQ, 12 additional entities were likewise subpoenaed by the New York attorney general, including Free Our Internet, an organization founded by a former Trump campaign statewide director; and Ethan Eilon, a GOP consultant, whose firm, Conservative Connector, received more than $31 million from the Trump campaign and Republican National Committee during 2016 election.

With patterns of repetitive text and timestamps consistently formatted across the data, it’s possible that API submissions and FCC comments can be easily matched with a reasonably high degree of confidence. If a culprit is eventually found, it will likely be as a result of intense analysis of the API data, aided by the sloppiness of uploaders who left their digital fingerprints all over it.

At an agency with a recent history of covering up minor technical flaws with disproportionately large lies, the attempt by top FCC officials to prevent law enforcement from examining its logs only serves to cast further doubt and suspicion on the agency’s motives, and its future ability to conduct rule-making processes within the spirit of the law.

Saying the agency’s failure to investigate this “corrupted record” would ultimately undermine its ability to “seek public input in the digital age,” FCC Commissioner Jessica Rosenworcel reached the conclusion more than a year ago that the data so closely guarded by her Republican colleagues would ultimately prove central to solving this mystery.

“To put it simply, there is evidence in the FCC’s files that fraud has occurred,” she said, “and the FCC is telling law enforcement and victims of identity theft that it is not going to help.”

The New York attorney general’s office declined to comment for this story citing an ongoing investigation.
https://gizmodo.com/how-an-investiga...rom-1832788658





Ajit Pai’s Rosy Broadband Deployment Claim May be Based on Gigantic Error

FCC data boosted by ISP that falsely claimed to cover eight entire states.
Jon Brodkin

Ajit Pai's latest claim that his deregulatory policies have increased broadband deployment may be based in part on a gigantic error.

Pai's claim was questionable from the beginning, as we detailed last month. The Federal Communications Commission data cited by Chairman Pai merely showed that deployment continued at about the same rate seen during the Obama administration. Despite that, Pai claimed that new broadband deployed in 2017 was made possible by the FCC "removing barriers to infrastructure investment."

But even the modest gains cited by Pai rely partly on the implausible claims of one ISP that apparently submitted false broadband coverage data to the FCC, advocacy group Free Press told the FCC in a filing this week.

The FCC data is based on Form 477 filings made by ISPs from around the country. A new Form 477 filer called Barrier Communications Corporation, doing business as BarrierFree, suddenly "claimed deployment of fiber-to-the-home and fixed wireless services (each at downstream/upstream speeds of 940mbps/880mbps) to census blocks containing nearly 62 million persons," Free Press Research Director Derek Turner wrote.

"This claimed level of deployment stood out to us for numerous reasons, including the impossibility of a new entrant going from serving zero census blocks as of June 30, 2017, to serving nearly 1.5 million blocks containing nearly 20 percent of the US population in just six months time," Turner wrote. "We further examined the underlying Form 477 data and discovered that BarrierFree appears to have simply submitted as its coverage area a list of every single census block in each of eight states in which it claimed service: CT, DC, MD, NJ, NY, PA, RI, and VA."

In reality, BarrierFree's website doesn't market any fiber-to-the-home service, and it advertises wireless home Internet speeds of up to just 25mbps, Free Press noted.

Free Press speculates that BarrierFree ignored FCC instructions to report service only in census blocks in which an ISP currently offers service and instead simply "listed every single census block located in eight of the states in which it's registered as a CLEC [competitive local exchange carrier]."

FCC data skewed by mistake

BarrierFree's claimed level of deployment was so large that it skewed the FCC's overall data significantly, Free Press wrote.

Pai claimed that the number of Americans lacking access to fixed broadband with speeds of at least 25Mbps down and 3Mbps up "has dropped by over 25 percent, from 26.1 million Americans at the end of 2016 to 19.4 million at the end of 2017."

With BarrierFree's erroneous filing removed, "the number of Americans lacking access to a fixed broadband connection at the 25Mbps/3Mbps threshold declined to 21.3 million, not 19.4 million," Free Press wrote.

Pai also claimed that 5.6 million rural Americans gained access to 25Mbps/3Mbps broadband. But "BarrierFree's erroneous reporting is responsible for 2 million of the supposed 5.6 million newly served rural persons highlighted in the chairman's press release," Free Press wrote.

So far, Pai has made his claims public only in his press release. His full Broadband Deployment Report won't be released until after the commission votes on it, making it impossible to fully vet his claims.

However, Free Press' analysis of FCC data showed that Pai likely did not remove BarrierFree's erroneous data when calculating nationwide coverage rates, Turner told Ars. Free Press' analysis of deployment data for 2016 matched the FCC's, he said. Free Press' analysis of deployment data for 2017, when including BarrierFree's claimed deployment, also matched the FCC's deployment claims for that year. The Free Press and FCC numbers only diverged when Free Press removed BarrierFree's deployment from the 2017 data, he said.

Democrat urges Pai to dig into data

We contacted Pai's office and BarrierFree about the apparent errors yesterday and will update this story if we get any response.

UPDATE: BarrierFree Chief Operating Officer Jim Gerbig responded to Ars and acknowledged that the company made a mistake in its filing. "There is indeed an error in the Form 477 filings for BarrierFree, and it doesn't reflect our current level of broadband deployment," Gerbig told Ars. "A portion of the submission was parsed incorrectly in the upload process. With the government shutdown in January, we were unable to submit revised documents before the full report went live... We are working with the FCC to improve our 477 data for the December 2017 filing, and expect to have it resolved soon."

Gerbig said BarrierFree offers fixed wireless service "in portions of the Northeast corridor," particularly New York State, and aims to inject "healthy competition" into the broadband market.

The FCC's Democratic commissioners are concerned about the accuracy of Pai's data.

"Free Press's allegations are troubling," FCC Commissioner Geoffrey Starks said in a statement to Ars. "The FCC's maps are frequently criticized for being inaccurate and overstating broadband coverage... I am digging in to the data underlying Free Press's filing and I hope the chairman does as well. Without getting to the bottom of this, the FCC should not proceed with its current draft broadband report.

"It is the FCC's job to have accurate data and to make available maps based on it," Starks continued. "Without performing that basic function, we are woefully unprepared to make a number of critical policy decisions that will impact the future of our communications infrastructure. I disagree with the rosy picture that the chairman painted when he described the commission's draft broadband report last month, and news like this just makes matters worse."

FCC Commissioner Jessica Rosenworcel last month disagreed with Pai's claim that US broadband deployment is proceeding on a reasonable and timely basis.

Rosenworcel's chief of staff, Travis Litman, told Ars today that Free Press' filing "raises serious questions about a draft report whose conclusion is already deeply troubling."

Pai took “unearned credit for deployment”

The annual report stems from Section 706 of the Telecommunications Act of 1996, in which Congress required the FCC to encourage broadband deployment to all Americans and to make a regular determination of "whether advanced telecommunications capability is being deployed to all Americans in a reasonable and timely fashion."

If the FCC finds that broadband isn't being deployed quickly enough, it has to "take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment and by promoting competition in the telecommunications market," the law says.

While the Obama-era FCC routinely concluded that deployment wasn't happening fast enough, Pai has determined the opposite two years in a row. Pai has repeatedly claimed that repealing net neutrality rules and other consumer protections boosted broadband deployment.

Free Press urged the FCC to delay release of its annual report until the data is corrected, and it chided Pai for "taking unearned credit for broadband deployment trends that began long before his tenure." Besides the errors described in this article, Pai has also taken credit for deployments that began during the Obama administration and that in some cases were directly funded or mandated by the Obama-era FCC.

Turner's filing concluded:

[F]ixed broadband deployment improvements have been remarkably consistent in recent years. Other than a portion of the rural deployments under the Connect America Fund, and those required by an older merger condition [on AT&T's 2015 purchase of DirecTV], it is questionable whether commission policy during Chairman Pai's tenure has had any impact on broadband deployment. Indeed, despite a once-in-a-generation corporate tax cut, capital spending was down in 2018 at many major ISPs.

This reality is yet one more affirmation that year-to-year changes in carriers' capital spending plans are largely a function of what infrastructures they've already deployed, where they are individually in the technology cycle, and the level of competition they face. The notion that Chairman Pai's actions moved these deployment numbers in any way is wholly unsupported by the evidence, and such grandstanding does not belong in commission reports to Congress.

https://arstechnica.com/tech-policy/...igantic-error/





India Beats UK and US on Mobile Data Price
BBC

A study into the amount people pay for mobile data has found that the UK has some of the most expensive prices in Europe.

The research, from price comparison site Cable.co.uk, found that one gigabyte (GB) of data cost $0.26 (£0.20) in India but $6.66 in the UK.

The US had one of the most expensive rates - with an average cost of $12.37 for the same amount of data.

The results were "disappointing" said Cable's telecoms analyst Dan Howdle.

"Despite a healthy UK marketplace, our study has uncovered that EU nations such as Finland, Poland, Denmark, Italy, Austria and France pay a fraction of what we pay in the UK for similar data usage. It will be interesting to see how our position is affected post-Brexit," he said.

The study compared mobile data pricing in 230 countries around the world. The UK ranked 136th in the list. The global average was $8.53 for 1GB.

The cheapest mobile data in Western Europe is in Finland with an average price of $1.16 for 1GB of data. Denmark, Monaco and Italy all offer packages below $2. There were 15 countries in Western Europe which had cheaper prices than the UK.

In Eastern Europe, Poland is the cheapest at $1.32 per gigabyte, followed by Romania ($1.89) and Slovenia ($2.21).

Top five nations:

• India - $0.26
• Kyrgyzstan - $0.27
• Kazakstan - $0.49
• Ukraine - $0.51
• Rwanda - $0.56

Bottom five nations:

• Zimbabwe - $75.20
• Equatorial Guinea - $65.83
• Saint Helena - $55.47
• Falkland Islands - $47.39
• Djibouti - $37.92

Data packages

Zimbabwe is the most expensive country in which to buy mobile data - with an average cost of 1GB coming in at an eye-watering $75.20.

Africa has both the cheapest and most expensive prices, with Rwanda, Sudan and the Democratic Republic of Congo all offering less than $1 data prices but Equatorial Guinea and Saint Helena both charging more than $50 per gigabyte.

Asian nations make up half of the top 20 cheapest countries, with only Taiwan, China and South Korea charging more than the global average.

The reasons for the vast differences in prices around the world were complex said Mr Howdle.

"Some countries have excellent mobile and fixed broadband infrastructure and so providers are able to offer large amounts of data, which brings down the price per gigabyte. Others with less advanced broadband networks are heavily reliant on mobile data and the economy dictates that prices must be low, as that's what people can afford," he added.

"At the more expensive end of the list, we have countries where often the infrastructure isn't great but also where consumption is very small. People are often buying data packages of just a tens of megabytes at a time, making a gigabyte a relatively large and therefore expensive amount of data to buy."

The research looked at SIM-only deals and included a range of packages from all the providers in each country.
https://www.bbc.com/news/technology-47416250





Spotify, Google, Pandora, Amazon Go to U.S. Appeals Court to Overturn Royalty Increase (EXCLUSIVE)
Jem Aswad and Chris Willman

Spotify, Google, Pandora and Amazon have teamed up to appeal a controversial ruling by the U.S. Copyright Royalty Board that, if it goes through, would increase payouts to songwriters by 44%, Variety has learned.

A joint statement from the first three of those companies reads: “The Copyright Royalty Board (CRB), in a split decision, recently issued the U.S. mechanical statutory rates in a manner that raises serious procedural and substantive concerns. If left to stand, the CRB’s decision harms both music licensees and copyright owners. Accordingly, we are asking the U.S. Court of Appeals for the D.C. Circuit to review the decision.”

The four companies all filed with the court separately. Sources say that Apple Music is alone among the major streaming services in not planning to appeal — as confirmed by songwriters’ orgs rushing to heap praise on Apple while condemning the seemingly unified front of the other digital companies.

David Israelite, president/CEO of the National Music Publishers’ Association, had previously said that the digital companies would be “declaring war” on the songwriting community if they appealed the royalty increase. He sounded ready for combat after learning the digital services had indeed filed an appeal.

“When the Music Modernization Act became law, there was hope it signaled a new day of improved relations between digital music services and songwriters,” Israelite said in a statement. “That hope was snuffed out today when Spotify and Amazon decided to sue songwriters in a shameful attempt to cut their payments by nearly one-third. … No amount of insincere and hollow public relations gestures such as throwing parties or buying billboards of congratulations or naming songwriters ‘geniuses’ can hide the fact that these big tech bullies do not respect or value the songwriters who make their businesses possible.” (The “genius” aside was presumably a dig at Spotify and its Secret Genius Awards, given to writers, producers and engineers.)

The CRB drastically increased royalties for writers in 2018 in a 2-1 decision. Sources close to the situation have pointed to the dissenting judge’s opinion, which argued that the two judges in the majority “create(d) a new combination that nobody had presented.” The companies contend that there was never a chance for the relevant parties to discuss the rates that the judges settled on before the decision was made.

In early February, the CRB decision made last year was officially published, starting a 30-day window in which appeals could be made.

Bart Herbison, executive director of the Nashville Songwriters Association International, joined Israelite in blasting the digital companies’ appeal. “It is unfortunate that Amazon and Spotify decided to file an appeal on the CRB’s decision to pay American songwriters higher digital mechanical royalties,” he said in a statement. “Many songwriters have found it difficult to stay in the profession in the era of streaming music. You cannot feed a family when you earn hundreds of dollars for millions of streams.”

Neither Herbison nor Israelite mentioned Google and Pandora, although it’s not clear if they knew at the time of those statements that those two services were also joining Spotify and Amazon in appealing at the ruling.

Israelite did single out Apple for praise for not participating in an appeal. “We thank Apple Music for accepting the CRB decision and continuing to be a friend to songwriters,” he said. “While Spotify and Amazon surely hope this will play out in a quiet appellate courtroom, every songwriter and every fan of music should stand up and take notice. We will fight with every available resource to protect the CRB’s decision.” The NMPA will file its own notice of appeal.
https://variety.com/2019/music/news/...ve-1203157697/





More People Bought Physical CDs and Vinyl than Songs on iTunes Last Year
Andy Meek

Sales from individual song downloads have unsurprisingly been falling with no end in sight, thanks to the convenience of streaming options like Spotify and Apple Music. A new report, though, makes clear just how few people there are these days who will buy individual digital songs — there are so few of them, in fact, that they were outnumbered in 2018 by people who went old-school and bought actual compact discs and vinyl records.

According to the Recording Industry Association of America, total download sales in 2018 — for which iTunes led the pack — dropped almost 30%, to a little more than $1 billion. Purchases of full album downloads likewise fell, by 25%.

To put that in context, download sales represented more than 40% of the music industry’s revenue back in 2013. Last year? About 11%. Meanwhile, that drop in sales has resulted in a lop-sided reality that harkens back to the pre-iTunes days. Sales of physical media including CDs and vinyl, according to the RIAA’s new report, were down 23 percent but totaled $1.15 billion, thus edging out digital download sales.

Another interesting takeaway from the new report: Music fans bought almost $420 million worth of vinyl in 2018, which Cult of Mac notes in a piece today is almost as much as people spent buying album downloads from iTunes last year.

Of course, we shouldn’t have to spell out the force at work behind these trends. Per the RIAA: “Revenues from streaming music platforms grew 30% year-over-year to reach $7.4 billion, contributing 75% of total revenues for 2018, and accounting for virtually all the revenue growth for the year.”

We’ve known this shift was under way for a while now, which also accounts for the pretty regular chatter that anticipates Apple to eventually move away from iTunes sales completely and nudge everyone towards its streaming package. Apple and Spotify are the dominant forces in streaming right now, which helped the average number of paid subscriptions in 2018 grow 42% compared to 2017 — “exceeding 50 million for the first time ever,” says the RIAA.

Moreover, the trend is not slowing down. Again, per the new report, streaming services like Apple Music collectively added more than 1 million new subscriptions on average each month in 2018.

By the way, don’t be fooled into reading something positive about CDs from the title of this post. While physical media sales were down 23%, CD sales themselves slipped 34% for the year to $698 million. That’s the first time CD yearly revenue has come in below $1 billion since 1986.
https://bgr.com/2019/03/03/cd-sales-...itunes-report/





Study Finds Listening to Music has Negative Impact on Creativity
Brittany A. Roston

A new study has found that listening to music may have a negative impact on creativity. This is contrary to the popular idea that music and creativity often go hand in hand. According to the researchers, the negative impact was found even in cases where the music had a positive impact on mood and was liked by the person listening to it. However, background noise didn’t have the same effect.

Music is often used for background noise while studying and as a way to help increase someone’s creativity while working on a project. The psychologists behind a new study have found this routine may have the opposite effect, actively impairing — rather than boosting — the individual’s creativity. The findings were based on three experiments.

In one experiment, the researchers exposed volunteers to background music containing unfamiliar lyrics, while in another they were exposed to music with familiar lyrics. In another experiment, participants listened to instrumental music that didn’t contain lyrics. While listening to the audio, participants were given three words and tasked with identifying a single word that each had in common.

In contrast to participants who completed the task in an environment with a quiet background, the participants who listened to background music had ‘impaired performance.’ However, unlike listening to music, the researchers found ‘no significant different’ between the group that worked in silence and the group that worked in a noisy library.

Unlike music, the noise in a library provided a ‘steady state’ environment, which had less of a disruptive effect on participants. Though studying with background music may not completely obliterate someone’s ability to think creatively, the research indicates that you may do your best work without it.
https://www.slashgear.com/study-find...vity-27567774/





What Causes the Smell of New & Old Books?

Everyone’s familiar with the smell of old books, the weirdly intoxicating scent that haunts libraries and second-hand book stores. Similarly, who doesn’t enjoy riffling through the pages of a newly purchased book and breathing in the crisp aroma of new paper and freshly printed ink? As with all aromas, the origins can be traced back to a number of chemical constituents, so we can examine the processes and compounds that can contribute to both.

As far as the smell of new books goes, it’s actually quite difficult to pinpoint specific compounds, for a number of reasons. Firstly, there seems to be a scarcity of scientific research that’s been carried out on the subject – to be fair, it’s understandable why it might not exactly be high up on the priority list. Secondly, the variation in the chemicals used to manufacture books also means that it’s an aroma that will vary from book to book. Add to this the fact that there are literally hundreds of compounds involved, and it becomes clearer why it evades attribution to a small selection of chemicals.

It’s likely that the bulk of ‘new book smell’ can be put down to three main sources: the paper itself (and the chemicals used in its manufacture), the inks used to print the book, and the adhesives used in the book-binding process.

The manufacture of paper requires the use of chemicals at several stages. Large amounts of paper are made from wood pulp (though it can also be made from cotton and textiles) – chemicals such as sodium hydroxide, often referred to in this context as ‘caustic soda’, can be added to increase pH and cause fibres in the pulp to swell. The fibres are then bleached with a number of other chemicals, including hydrogen peroxide; then, they are mixed with large amounts of water. This water will contain additives to modify the properties of the the paper – for example, AKD (alkyl ketene dimer) is commonly used as a ‘sizing agent’ to improve the water-resistance of the paper.

Many other chemicals are also used – this is just a very rough overview. The upshot of this is that some of these chemicals can contribute, through their reactions or otherwise, to the release of volatile organic compounds (VOCs) into the air, the odours of which we can detect. The same is true of chemicals used in the inks, and the adhesives used in the books. A number of different adhesives are used for book-binding, many of which are based on organic ‘co-polymers’ – large numbers of smaller molecules chemically chained together.

As stated, differences in paper, adhesives, and inks used will influence the ‘new book smell’, so not all new books will smell the same – perhaps the reason why no research has yet attempted to definitively define the aroma.

An aroma that has had much more research carried out around it, however, is that of old books. There’s a reason for this, as it’s been investigated as a potential method for assessing the condition of old books, by monitoring the concentrations of different organic compounds that they give off. As a result, we can be a little more certain on some of the many compounds that contribute to the smell.

Generally, it is the chemical breakdown of compounds within paper that leads to the production of ‘old book smell’. Paper contains, amongst other chemicals, cellulose, and smaller amounts of lignin – much less in more modern books than in books from more than one hundred years ago. Both of these originate from the trees the paper is made from; finer papers will contain much less lignin than, for example, newsprint. In trees, lignin helps bind cellulose fibres together, keeping the wood stiff; it’s also responsible for old paper’s yellowing with age, as oxidation reactions cause it to break down into acids, which then help break down cellulose.

‘Old book smell’ is derived from this chemical degradation. Modern, high quality papers will undergo chemical processing to remove lignin, but breakdown of cellulose in the paper can still occur (albeit at a much slower rate) due to the presence of acids in the surroundings. These reactions, referred to generally as ‘acid hydrolysis’, produce a wide range of volatile organic compounds, many of which are likely to contribute to the smell of old books. A selected number of compounds have had their contributions pinpointed: benzaldehyde adds an almond-like scent; vanillin adds a vanilla-like scent; ethyl benzene and toluene impart sweet odours; and 2-ethyl hexanol has a ‘slightly floral’ contribution. Other aldehydes and alcohols produced by these reactions have low odour thresholds and also contribute.

Other compounds given off have been marked as useful for determining the extent of degradation of old books. Furfural is one of these compounds, shown below. It can also be used to determine the age and composition of books, with books published after the mid-1800s emitting more furfural, and its emission generally increasing with publication year relative to older books composed of cotton or linen paper.

So, in conclusion, as with many aromas, we can’t point to one specific compound, or family of compounds, and categorically state that it’s the cause of the scent. However, we can identify potential contributors, and, particular in the case of old book smell, a number of compounds have been suggested. If anyone’s able to provide further information on ‘new book smell’ and its origins, it would be great to include some more specific details, but I suspect the large variations in the book-making process make this a tough ask.

In the meantime, if you can’t get enough of that new book or old book smell, you might be interested to learn that the aroma is available in perfume form.
https://www.compoundchem.com/2014/06...woldbooksmell/





The 19th Century Moral Panic Over … Paper Technology

Before Snapchat and Instagram ruined young people, there was cheap paper.
Rachel Adler

In the history of information technologies, Gutenberg and his printing press are (understandably) treated with the kind of reverence even the most celebrated of modern tech tycoons could only imagine. So perhaps it will come as a surprise that Europe’s literacy rates remained fairly stagnant for centuries after printing presses, originally invented in about 1440, started popping up in major cities across the continent. Progress was inconsistent and unreliable, with literacy rates booming through the 16th century and then stagnating, even declining, across most of Western Europe. Great Britain, France, Belgium, Switzerland, and Italy all produced more printed books per capita in 1651–1700 than in 1701–1750.

Then came the early 19th century, which saw enormous changes in the manufacture of paper and improvements on the printing press. These changes both contributed to and resulted from major societal changes, such as the worldwide growth increase in formal education. There were more books than ever and more people who could read them. For some, this looked less like progress and more like a dangerous and destabilizing trend that could threaten not just literature, but the solvency of civilization itself.

The real price of books plummeted by more than 60 percent between 1460 and 1500: A book composed of 500 folio pages could sell for as much as 30 florins in 1422 in Austria—a huge amount of money at the time—but by the 1470s, a 500-folio book would fetch something in the neighborhood of 10 florins. There were even books on the market that sold for as little as 2 or 3 florins. In 1498, a Bible composed of over 2,000 folio pages sold for 6 florins. Costs continued to decline, albeit at a much slower rate, over the next three centuries. As a result, books were no longer reserved only for the clergy or for kings: Owning a printed Bible or book of hours became a coveted status symbol for the emerging class of moderately wealthy merchants and magnates.

Books remained, however, far outside the range of the common man or woman, until the price plummeted once again in the 19th century. No longer was literacy necessarily a signifier of wealth, class, and status. This abrupt change created a moral panic as members of the traditional reading classes argued over who had the right to information—and what kind of information ought to be available at all.

The shift happened thanks to major developments in both printing and paper technology. The printing press had not changed much between 1455, when Gutenberg printed his famous Bible, and 1800: The letters had to be hand-placed in a matrix, coated with a special ink that transferred more cleanly from tile to page—another of Gutenberg’s inventions—and pressed one-by-one onto the pages. The first major change to this tried-and-tested design came with Friedrich Koenig’s mechanized press in 1812, which could make 400 impressions per hour, compared to the 200 impressions per hour allegedly accomplished by printers in Frankfurt, Germany, in the second half of the 16th century. In 1844, American inventor Richard March Hoe first deployed his rotary press, which could print 8,000 pages in a single hour.

Naturally, faster prints drove up demand for paper, and soon traditional methods of paper production couldn’t keep up. The paper machine, invented in France in 1799 at the Didot family’s paper mill, could make 40 times as much paper per day as the traditional method, which involved pounding rags into pulp by hand using a mortar and pestle. By 1825, 50 percent of England’s paper supply was produced by machines. As the stock of rags for papermaking grew smaller and smaller, papermakers began experimenting with other materials such as grass, silk, asparagus, manure, stone, and even hornets’ nests. In 1800, the Marquess of Salisbury gifted to King George III a book printed on “the first useful Paper manufactured solely from Straw” to demonstrate the viability of the material as an alternative for rags, which were already in “extraordinary scarcity” in Europe. In 1831, a member of the Agricultural and Horticultural Society of India tried to convince the East India Company that Nepalese ash-based paper “ought to be generally substituted for the flimsy friable” English paper “to which we commit all our records.”

By the 1860s, there was a decent alternative: wood-pulp paper. Today, wood-pulp paper accounts for 37 percent of all paper produced in the world (with an additional 55 percent from recycled wood pulp), but when it was introduced, the prospect of a respectable publication using wood-pulp paper was practically unthinkable—hence pulp fiction, the early 19th-century literary snob’s preferred way to insult a work as simultaneously nondescript and sensational.

The problem with wood-pulp paper was its acidity and short cellulose chains, which made it liable to slow dissolution over decades. It couldn’t be used for a fine-looking book that could be passed through a family as an heirloom: It neither looked the part, nor could it survive the generations.

Traditional rag paper, on the other hand, was smooth, easy to write on, foldable, and could be preserved for centuries. Paper made from nontraditional materials, especially wood pulp, was acidic and rough. (Paper from straw, which enjoyed brief popularity in 1829 thanks to the chance invention of a Pennsylvania farmer, is durable, but brittle and yellowed. One newspaper was so unsatisfied with the quality of its straw paper that it apologized to readers.)

Wood pulp or straw, the cheap paper used in mass-market books sold at extremely low prices. There were a few different kinds of these books, all with descriptive (and usually pejorative) names: the penny dreadfuls (gothic-inspired tales sold for a penny each), pulp magazines (named after the wood-pulp paper of which they were composed), yellowbacks (cheap books bound using yellow strawboard, which is then covered with a paper slip in yellow glaze), and others. The cheapness that had made them so unsuitable for fine books and government records made them excellent fodder for experimental, unusual, and controversial literary developments.

Detractors delighted in linking “the volatile matter” of wood-pulp paper with the “volatile minds” of pulp readers. Londoner W. Coldwell wrote a three-part diatribe, “On Reading,” lamenting that “the noble art of printing” should be “pressed into this ignoble service.” Samuel Taylor Coleridge mourned how books, once revered as “religious oracles … degaded into culprits” as they became more widely available.

By the end of the century there was growing concern—especially among middle class parents—that these cheap, plentiful books were seducing children into a life of crime and violence. The books were even blamed for a handful of murders and suicides committed by young boys. Perpetrators of crimes whose misdoings were linked to their fondness for penny dreadfuls were often referred to in the newspapers as “victims” of the books. In the United States, “dime novels” (which usually cost a nickel) were given the same treatment. Newspapers reported that Jesse Pomeroy, a teenage serial killer who targeted other children, was “ a close reader of dime novels and yellow covered literature [yellowbacks], until,” as was argued in his trial, “his brain was turned, and his highest ambition” was to emulate the violent dime novel character “Texas Jack.” Moralizers painted the books as no better than “printed poison,” with headlines warning readers that Pomeroy’s brutality was “what came of reading dime novels.” Others hoped that by providing alternatives—penny delightfuls or “penny populars”—they could curb the demand for the sensational literature. A letter to the editor to the Worcester Talisman from the late 1820s tells young people to stop reading novels and read books of substance: “[F]ar better were it for a person to confine himself to the plain sober facts recorded in history and the lives of eminent individuals, than to wander through the flowery pages of fiction.”

These books represent the beginnings of modern mass media. At the confluence of increasing literacy rates and ever-growing urban populations looking for recreation, cheap imprints flourished. But it wasn’t just social change driving the book boom: It was technological change as well. In 1884, Simon Newton Dexter North, who would later become superintendent of the Census Bureau, wrote in his intensive study of the 10th census that the “chief cause” for the “reduction in the price” of paper “is the successful use…of wood pulp.”

For a material meant to be transient, wood-pulp paper has left its mark and the world. Forests have shrunk while literacy rates have soared, and today the hunt is on for wood pulp’s replacement. We are living in the ironic epilogue to a triumph of a hard-won Victorian-era innovation. Wood pulp paper took on a life of its own as soon as it hit the presses, and it demonstrates to a modern audience the crucial lesson that the impact of a technology goes beyond what it does: what it is made of, who uses it, who doesn’t use it, and what it represents to the people who buy it.
https://slate.com/technology/2017/08...echnology.html





The World’s Last Blockbuster Has No Plans to Close. Here’s Why It’s Still Open.

With the closing of a Blockbuster store in Australia, the one in Bend, Ore., will be the last to survive changes in technology and shopping that reshaped the way people watch movies at home.
Tiffany Hsu

Fifteen years ago, a movie fan could go into any of Blockbuster’s 9,000 stores and walk out with a Steven Spielberg hit.

Now, options are limited for those who want to rent a hard copy of “Saving Private Ryan” from somewhere other than a library. There are only two Blockbuster stores left in the world. Very soon, there will only be one.

The second-to-last Blockbuster, a squat blue-and-yellow slab wedged next to a real estate agency in Western Australia, will stop renting videos on Thursday and shut down for good at the end of the month. Two stores in Alaska, part of the final group of Blockbuster outlets in the United States, closed in July.

That will make the Blockbuster in Bend, Ore., one of a kind: a corporate remnant, just off the highway, near a cannabis retailer and a pet cremation service.

But this is no elegy for Blockbuster, no lament for how Netflix killed the video star. There were plenty of those when the company filed for bankruptcy protection in 2010, shriveled to 300 stores and then mostly closed.

This is about the ability of the Bend store, like sturdy links in other dying chains, to live on and avoid being turned into a pawnshop or a fast-food restaurant.

Some Tower Records stores still thrive in Japan long after their parent company declared bankruptcy and closed all of its American stores. There is a Howard Johnson’s in Lake George, N.Y., that is the lone survivor of what was once the country’s largest restaurant chain.

Such holdouts have bucked the norm in the retail and restaurant industries, which have shed stores by the hundreds in recent years.

The roll call of closings continued Wednesday, with the discount retailer Dollar Tree’s announcement that it would close up to 390 Family Dollar locations this year. As of mid-February, retailers had announced 2,187 store closings in the United States this year, according to Coresight Research.

But when Sandi Harding, the general manager of Bend’s Blockbuster store, heard that she would be running what is effectively the Lonesome George of video-rental chains, she posted a giddy message on Facebook: “Holy Cow it’s exciting”

Blockbuster is such a throwback to another time that the trailer for “Captain Marvel,” which is set during the 1990s, opens with the title character crashing through the roof of one of its stores.

The Bend store became a Blockbuster franchise in 2000. It has about 4,000 active accounts and signs up a few fresh ones each day, Ms. Harding said. Some of the new customers are tourists who have traveled hours out of their way to stop in.

Several calls to the store’s landline on Wednesday were greeted by a steady busy signal or hold music (the “Star Wars” theme). On sale inside was Blockbuster-branded merchandise, including trucker hats, cups, even magnets made by a local teacher.

The store has several years left on its lease and a license agreement that its owners sign annually with Dish Network, which bought Blockbuster for $320 million in 2011.

“It’s almost re-energized us, that we’re the last one,” Ms. Harding said in an interview. “They treat us like celebrities.”

A local beer maker, 10 Barrel Brewing, crafted a special beer, the Last Blockbuster, and served it at a party at the store. Two filmmakers raised nearly $40,000 on Kickstarter to finish a documentary about the location.

One possible explanation for the store’s long life: Bend is in a region that the city’s mayor, Sally Russell, describes as having “huge expanses with really small communities” that often do not have easy access to the high-speed internet necessary for content streaming.

Many residents of outlying areas stop at Blockbuster during their weekly trips to town to run errands, drawn in part by the store’s seven-day rental policy, Ms. Russell said, adding that the store’s last-in-the-world status could even give it a lift.

“It’s like with old vinyl, and how everyone wants to have turntables again,” she said. “We get to a place where something out of date comes back in — there’s definitely interest in keeping this almost-extinct way of enjoying movies alive.”
https://www.nytimes.com/2019/03/06/b...till-open.html





40% of Malicious URLs were Found on Good Domains

While tried-and-true attack methods are still going strong, new threats emerge daily, and new vectors are being tested by cybercriminals, according to the 2019 Webroot Threat Report.

40 percent of malicious URLs were found on good domains. Legitimate websites are frequently compromised to host malicious content. To protect users, cybersecurity solutions need URL-level visibility or, when unavailable, domain-level metrics, that accurately represent the dangers.

Home user devices are more than twice as likely to get infected as business devices. Sixty-eight percent of infections are seen on consumer endpoints, versus 32 percent on business endpoints.

Phishing attacks increased 36 percent, with the number of phishing sites growing 220 percent over the course of 2018. Phishing sites now use SSL certificates and HTTPS to trick internet users into believing they are secure, legitimate pages. Seventy-seven percent of phishing attacks impersonated financial institutions, and were much more likely to use HTTPS than other types of targets. In fact, for some of the targeted financial institutions, over 80 percent of the phishing pages used HTTPS. Google was found to be the most impersonated brand in phishing overall.

After 12 months of security awareness training, end users are 70 percent less likely to fall for a phishing attempt. Webroot found that organizations that combine phishing simulation campaigns with regular training saw a 70 percent drop in phishing link click-through.

Nearly a third of malware tries to install itself in %appdata% folders. Although malware can hide almost anywhere, Webroot found several common locations, including %appdata% (29.4 percent), %temp% (24.5 percent), and %cache% (17.5 percent), among others. These locations are prime for hiding malware because these paths are in every user directory with full user permissions to install there. These folders also are hidden by default on Windows Vista and up.

Devices that use Windows 10 are at least twice as secure as those running Windows 7. Webroot has seen a relatively steady decline in malware on Windows 10 machines for both consumer and business.

“We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, above all, train your users to be an asset—not a weak link—in your cybersecurity program,” said Hal Lonas, CTO, Webroot.

Installation locations

Despite the decrease in cryptocurrency prices, cryptomining and cryptojacking are on the rise. The number of cryptojacking URLs Webroot saw each month in the first half of the year more than doubled in the period from September through December 2018. These techniques can be more lucrative than ransomware attacks, since they don’t require waiting for the user to pay the ransom, and they have a smaller footprint. As far as web-based cryptojacking, Coinhive still dominates with more than 80 percent market share, though some new copycat cryptojacking scripts are gaining in popularity.

While ransomware was less of a problem in 2018, it became more targeted. We expect major commodity ransomware to decline further in 2019; however, new ransomware families will emerge as malware authors turn to more targeted attacks, and companies will still fall victim to ransomware. Many ransomware attacks in 2018 used the Remote Desktop Protocol (RDP) as an attack vector, leveraging tools such as Shodan to scan for systems with inadequate RDP settings. These unsecured RDP connections may be used to gain access to a given system and browse all its data as well as shared drives, providing criminals enough intel to decide whether to deploy ransomware or some other type of malware.
https://www.helpnetsecurity.com/2019...-good-domains/





Firefox to Add Tor Browser Anti-Fingerprinting Technique Called Letterboxing

Firefox gets another new feature from the Tor Uplift project started in 2016.
Catalin Cimpanu

Mozilla is scheduled to add a new user anti-fingerprinting technique to Firefox with the release of version 67, scheduled for mid-May this year.

Called "letterboxing," this new technique adds "gray spaces" to the sides of a web page when the user resizes the browser window, which are then gradually removed after the window resize operation has finished.

Advertising networks often sniff certain browser features, such as the window size to create user profiles and track users as they resize their browser and move across new URLs and browser tabs.

The general idea is that "letterboxing" will mask the window's real dimensions by keeping the window width and height at multiples of 200px and 100px during the resize operation --generating the same window dimensions for all users-- and then adding a "gray space" at the top, bottom, left, or right of the current page.

The advertising code, which listens to window resize events, then reads the generic dimensions, sends the data to its server, and only after does Firefox remove the "gray spaces" using a smooth animation a few milliseconds later.

In other words, letterboxing delays filling the newly-resized browser window with the actual page content long enough to trick the advertising code into reading incorrect window dimensions.

Letterboxing isn't a new technique. Mozilla is actually integrating a feature that was originally developed for the Tor Browser four years ago, in January 2015.

A demo of the letterboxing anti-fingerprinting feature is available below, as it was first developed for the Tor Browser:

Letterboxing is currently available in Firefox Nightly and will be generally available for all users with the release of Firefox 67 in May.

The feature isn't enabled by default, though. Firefox users will first need to visit the about:config page, enter "privacy.resistFingerprinting" in the search box, and toggle the browser's anti-fingerprinting features to "true."

Firefox's letterboxing support doesn't only work when resizing a browser window but also works when users are maximizing the browser window, or entering in fullscreen mode.

According to a Bugzilla entry, this is how Firefox's letterboxing protection works in these two states:

“When the user maximizes the window, the largest possible viewport is used, again a multiple of 200 x 100. Empty gray margins in the chrome part of the window cover the rest of the screen. Similarly, in fullscreen, the viewport is again given dimensions a multiple of 200 x 100, and the chrome areas around it are set to black.

Finally, an extra zoom was applied to the viewport in fullscreen and maximized modes to use as much of the screen as possible and minimize the size of the empty margins. In that case, the window had a "letterbox" (margins at top and bottom only) or "pillbox" (margins at left and right only) appearance. window.devicePixelRatio was always spoofed to 1.0 even when device pixels != CSS pixels.”

The only thing that's missing in Firefox's letterboxing support is the warning that the Tor Browser shows users when users are maximizing their window.

Firefox's upcoming letterboxing feature is part of a larger project that started in 2016, called Tor Uplift.

Part of Tor Uplift, Mozilla developers have been slowly porting privacy-hardening features developed originally for the Tor Browser and integrating them into Firefox.

For example, in Firefox 48, Mozilla integrated a list of known user fingerprinting domains that the Tor Project was maintaining to block inside the Tor Browser. That list later morphed and was upgraded into the Enhanced Tracking Protection feature that Mozilla later shipped in Firefox 63.

In Firefox 52, Mozilla added a second Tor Browser anti-fingerprinting technique that prevented websites from identifying users based on their operating system fonts.

The Tor Uplift process later continued in Firefox 55 when Mozilla added a Tor Browser feature known as First-Party Isolation (FPI), which worked by separating cookies on a per-domain basis, preventing ad trackers from using cookies to track users across the Internet. This feature is now at the heart of Project Fission and will morph into a Chrome-like "site isolation" feature for Firefox.

Three releases later, in Firefox 58, Mozilla engineers integrated another Tor Browser anti-fingerprinting technique that prevented websites from tracking users via the HTML5 canvas element.

Upcoming Tor Uplift plans include Mozilla engineers adding support in Firefox for blocking sites from fingerprinting users via VP8 and VP9 codecs, via the AudioContext API, and support for preventing Firefox from loading user details (username, emails, real names) into the operating system RAM.
https://www.zdnet.com/article/firefo...-letterboxing/





Firefox Fears the UAE Government's Cybersecurity Company 'Dark Matter' May be Tied to a Cyber Espionage Program
Jack Purcher

Firefox browser-maker Mozilla is considering whether to block cybersecurity company DarkMatter from serving as one of its internet security gatekeepers after a Reuters report linked the United Arab Emirates-based firm to a cyber espionage program.

Reuters reported in January that DarkMatter provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The unit was largely comprised of former U.S. intelligence officials who conducted offensive cyber operations for the UAE government.

Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which operated from a converted Abu Dhabi mansion away from DarkMatter’s headquarters.

Those operations included hacking into the internet accounts of human rights activists, journalists and officials from rival governments, Reuters found. DarkMatter has denied conducting the operations and says it focuses on protecting computer networks.

While Mozilla had been considering whether to grant DarkMatter the authority to certify websites as safe, two Mozilla executives said in an interview last week that Reuters’ report raised concerns about whether DarkMatter would abuse that authority.

Mozilla said the company has not yet come to a decision on whether to deny the authority to DarkMatter, but expects to decide within weeks. For more on this interesting and developing story, read the full Reuters report here.

Like Apple, Firefox has been fighting for user privacy for years and it's reflected in their mission statement. On January 29, 2019 Firefox posted a report titled "Today’s Firefox Gives Users More Control over their Privacy" which you could read here.
https://www.patentlyapple.com/patent...e-program.html




Revealed: Facebook’s Global Lobbying Against Data Privacy Laws

Social network targeted legislators around the world, promising or threatening to withhold investment
Carole Cadwalladr and Duncan Campbell

Facebook has targeted politicians around the world – including the former UK chancellor, George Osborne – promising investments and incentives while seeking to pressure them into lobbying on Facebook’s behalf against data privacy legislation, an explosive new leak of internal Facebook documents has revealed.

The documents, which have been seen by the Observer and Computer Weekly, reveal a secretive global lobbying operation targeting hundreds of legislators and regulators in an attempt to procure influence across the world, including in the UK, US, Canada, India, Vietnam, Argentina, Brazil, Malaysia and all 28 states of the EU. The documents include details of how Facebook:

• Lobbied politicians across Europe in a strategic operation to head off “overly restrictive” GDPR legislation. They include extraordinary claims that the Irish prime minister said his country could exercise significant influence as president of the EU, promoting Facebook’s interests even though technically it was supposed to remain neutral.

• Used chief operating officer Sheryl Sandberg’s feminist memoir Lean In to “bond” with female European commissioners it viewed as hostile.

• Threatened to withhold investment from countries unless they supported or passed Facebook-friendly laws.

The documents appear to emanate from a court case against Facebook by the app developer Six4Three in California, and reveal that Sandberg considered European data protection legislation a “critical” threat to the company. A memo written after the Davos economic summit in 2013 quotes Sandberg describing the “uphill battle” the company faced in Europe on the “data and privacy front” and its “critical” efforts to head off “overly prescriptive new laws”.

Most revealingly, it includes details of the company’s “great relationship” with Enda Kenny, the Irish prime minister at the time, one of a number of people it describes as “friends of Facebook”. Ireland plays a key role in regulating technology companies in Europe because its data protection commissioner acts for all 28 member states. The memo has inflamed data protection advocates, who have long complained about the company’s “cosy” relationship with the Irish government.

The memo notes Kenny’s “appreciation” for Facebook’s decision to locate its headquarters in Dublin and points out that the new proposed data protection legislation was a “threat to jobs, innovation and economic growth in Europe”. It then goes on to say that Ireland is poised to take on the presidency of the EU and therefore has the “opportunity to influence the European Data Directive decisions”. It makes the extraordinary claim that Kenny offered to use the “significant influence” of the EU presidency as a means of influencing other EU member states “even though technically Ireland is supposed to remain neutral in this role”.

It goes on: “The prime minister committed to using their EU presidency to achieve a positive outcome on the directive.” Kenny, who resigned from office in 2017, did not respond to the Observer’s request for comment.

John Naughton, a Cambridge academic and Observer writer who studies the democratic implications of digital technology, said the leak was “explosive” in the way it revealed the “vassalage” of the Irish state to the big tech companies. Ireland had welcomed the companies, he noted, but became “caught between a rock and a hard place”. “Its leading politicians apparently saw themselves as covert lobbyists for a data monster.”

A spokesperson for Facebook said the documents were still under seal in a Californian court and it could not respond to them in any detail: “Like the other documents that were cherrypicked and released in violation of a court order last year, these by design tell one side of a story and omit important context.”

The 2013 memo, written by Marne Levine, who is now a Facebook senior executive, was cc-ed to Elliot Schrage, Facebook’s then head of policy and global communications, the role now occupied by Nick Clegg. As well as Kenny, dozens of other politicians, US senators and European commissioners are mentioned by name, including then Indian president Pranab Mukherjee, Michel Barnier, now the EU’s Brexit negotiator, and Osborne.

The then chancellor used the meeting with Sandberg to ask Facebook to invest in the government’s Tech City venture, the memo claims, and Sandberg said she would “review” any proposal. In exchange, she asked him to become “even more active and vocal in the European Data Directive debate and really help shape the proposals”. The memo claims Osborne asked for a detailed briefing and said he would “figure out how to get more involved”. He offered to host a launch for Sandberg’s book in Downing Street, an event that went ahead in spring 2013.

Osborne told the Observer: “I don’t think it’s a surprise that the UK chancellor would meet the chief operating officer of one of the world’s largest companies … Facebook and other US tech firms, in private, as in public, raised concerns about the proposed European Data Directive. To your specific inquiry, I didn’t follow up on those concerns, or lobby the EU, because I didn’t agree with them.”

He noted it was “not a secret” that he had helped launch Sandberg’s book at 11 Downing Street and added: “The book’s message about female empowerment was widely praised, not least in the Guardian and the Observer.”

In fact, the memo reveals that Sandberg’s feminist memoir was perceived as a lobbying tool by the Facebook team and a means of winning support from female legislators for Facebook’s wider agenda.

In a particularly revealing account of a meeting with Viviane Reding, the influential European commissioner for justice, fundamental rights and citizenship, the memo notes her key role as “the architect of the European Data Directive” and describes the company’s “difficult” relationship with her owing to her being, it claims, “not a fan” of American companies.

“She attended Sheryl’s Lean In dinner and we met with her right afterwards,” the memo says, but notes that she felt it was a “very ‘American’ discussion”, a comment the team regarded as a setback since “getting more women into C-level jobs and on boards was supposed to be how they bonded, and it backfired a bit”.

The Davos meetings are just the tip of the iceberg in terms of Facebook’s global efforts to win influence. The documents reveals how in Canada and Malaysia it used the promise of siting a new data centre with the prospect of job creation to win legislative guarantees. When the Canadians hesitated over granting the concession Facebook wanted, the memo notes: “Sheryl took a firm approach and outlined that a decision on the data center was imminent. She emphasized that if we could not get comfort from the Canadian government on the jurisdiction issue, we had other options.” The minister supplied the agreement Facebook required by the end of the day, it notes.

Additional research by Matt Fowler
https://www.theguardian.com/technolo...aws-investment





Facebook Won’t Let You Opt-Out of its Phone Number ‘Look Up’ Setting
Zack Whittaker

Users are complaining that the phone number Facebook hassled them to use to secure their account with two-factor authentication has also been associated with their user profile — which anyone can use to “look up” their profile.

Worse, Facebook doesn’t give you an option to opt-out.

Last year, Facebook was forced to admit that after months of pestering its users to switch on two-factor by signing up their phone number, it was also using those phone numbers to target users with ads. But some users are finding out just now that Facebook’s default setting allows everyone — with or without an account — to look up a user profile based off the same phone number previously added to their account.

The recent hubbub began today after a tweet by Jeremy Burge blew up, criticizing Facebook’s collection and use of phone numbers, which he likened to “a unique ID that is used to link your identity across every platform on the internet.”

Although users can hide their phone number on their profile so nobody can see it, it’s still possible to “look up” user profiles in other ways, such as “when someone uploads your contact info to Facebook from their mobile phone,” according to a Facebook help article. It’s a more restricted way than allowing users to search for user profiles using a person’s phone number, which Facebook restricted last year after admitting “most” users had their information scraped.

Facebook gives users the option of allowing users to “look up” their profile using their phone number to “everyone” by default, or to “friends of friends” or just the user’s “friends.”

But there’s no way to hide it completely.

Security expert and academic Zeynep Tufekci said in a tweet: “Using security to further weaken privacy is a lousy move — especially since phone numbers can be hijacked to weaken security,” referring to SIM swapping, where scammers impersonate cell customers to steal phone numbers and break into other accounts.

Tufekci’s argued that users can “no longer keep keep private the phone number that [they] provided only for security to Facebook.”

Facebook spokesperson Jay Nancarrow told TechCrunch that the settings “are not new,” adding that, “the setting applies to any phone numbers you added to your profile and isn’t specific to any feature.”

Gizmodo reported last year that when a user gives Facebook a phone number for two-factor, it “became targetable by an advertiser within a couple of weeks.”

If a user doesn’t like it, they can set up two-factor without using a phone number — which hasn’t been mandatory for additional login security since May 2018.

But even if users haven’t set up two-factor, there are well documented cases of users having their phone numbers collected by Facebook, whether the user expressly permitted it or not.

In 2017, one reporter for The Telegraph described her alarm at the “look up” feature, given she had “not given Facebook my number, was unaware that it had found it from other sources, and did not know it could be used to look me up.”

WhatsApp, the messaging app also owned by Facebook (alongside Messenger and Instagram), uses your phone number as the primary way to create your account and connect you to its service. Facebook has long had a strategy to further integrate the two services, although it has run into some bumps along the way.

To the specific concerns by users, Facebook said: “We appreciate the feedback we’ve received about these settings and will take it into account.”

Concerned users should switch their “look up” settings to “Friends” to mitigate as much of the privacy risk as possible.

When asked specifically if Facebook will allow users to users to opt-out of the setting, Facebook said it won’t comment on future plans. And, asked why it was set to “everyone” by default, Facebook said the feature makes it easier to find people you know but aren’t yet friends with.

Others criticized Facebook’s move to expose phone numbers to “look ups,” calling it “unconscionable.”

Alex Stamos, former chief security officer and now adjunct professor at Stanford University, also called out the practice in a tweet. “Facebook can’t credibly require two-factor for high-risk accounts without segmenting that from search and ads,” he said.
Since Stamos left Facebook in August, Facebook has not hired a replacement chief security officer.
https://techcrunch.com/2019/03/03/fa...umber-look-up/





Cookie Walls Don’t Comply with GDPR, Says Dutch DPA
Natasha Lomas

Cookie walls that demand a website visitor agrees to their internet browsing being tracked for ad-targeting as the “price” of entry to the site are not compliant with European data protection law, the Dutch data protection agency clarified yesterday.

The DPA said it has received dozens of complaints from internet users who had had their access to websites blocked after refusing to accept tracking cookies — so it has taken the step of publishing clear guidance on the issue.

It also says it will be stepping up monitoring, adding that it has written to the most-complained-about organizations (without naming any names) — instructing them to make changes to ensure they come into compliance with GDPR.

Europe’s General Data Protection Regulation, which came into force last May, tightens the rules around consent as a legal basis for processing personal data — requiring it to be specific, informed and freely given in order for it to be valid under the law.

Of course consent is not the only legal basis for processing personal data, but many websites do rely on asking internet visitors for consent to ad cookies as they arrive.

And the Dutch DPA’s guidance makes it clear internet visitors must be asked for permission in advance for any tracking software to be placed — such as third-party tracking cookies; tracking pixels; and browser fingerprinting tech — and that that permission must be freely obtained. Ergo, a free choice must be offered.

So, in other words, a “data for access” cookie wall isn’t going to cut it. (Or, as the DPA puts it: “Permission is not ‘free’ if someone has no real or free choice. Or if the person cannot refuse giving permission without adverse consequences.”)

“This is not for nothing; website visitors must be able to trust that their personal data are properly protected,” it further writes in a clarification published on its website [translated via Google Translate].

“There is no objection to software for the proper functioning of the website and the general analysis of the visit on that site. More thorough monitoring and analysis of the behavior of website visitors and the sharing of this information with other parties is only allowed with permission. That permission must be completely free,” it adds.

We reached out to the DPA with questions. A spokesperson told us it can’t comment on any individual complaints, but added: “Cookie walls are non-compliant with the principles of consent of the GDPR. Which means that any party with a cookie wall on their website has to be compliant ASAP, whether or not we will check that in a couple of months, which we certainly will do.”

In light of this ruling clarification, the cookie wall on the Internet Advertising Bureau (IAB)’s European site (screengrabbed below) looks like a textbook example of what not to do — given the online ad industry association is bundling multiple cookie uses (site-functional cookies; site-analytical cookies; and third-party advertising cookies) under a single “I AGREE” option.

It does not offer visitors any opt-outs at all. (Not even under the “MORE INFO” or privacy policy options pictured below.)

If the user does not click “I I AGREE” they cannot gain access to the IAB’s website. So there’s no free choice here. It’s agree or leave.

Clicking “MORE INFO” brings up additional information about the purposes the IAB uses cookies for — where it states it is not using collected information to create “visitor profiles.”

However, it notes it is using Google products, and explains that some of these use cookies that may collect visitors’ information for advertising — thereby bundling ad tracking into the provision of its website “service.”

Again the only “choice” offered to site visitors is “I AGREE” or leave without gaining access to the website. Which means it’s not a free choice.

The IAB told us no data protection agencies had been in touch regarding its cookie wall.

Asked whether it intends to amend the cookie wall in light of the Dutch DPA’s guidance, a spokeswoman said she wasn’t sure what the team planned to do yet — but she claimed GDPR does not “outright prohibit making access to a service conditional upon consent”; pointing also to the (2002) ePrivacy Directive which she claimed applies here, saying it “also includes recital language to the effect of saying that website content can be made conditional upon the well-informed acceptance of cookies.”

“We’re not going to change our implementation of our cookie banner on this point because the law does not require us to allow people to access our website without consenting to the use of cookies,” Matthias Matthiesen, the IAB’s director for privacy and public policy, told us in a follow-up call.

The IAB’s position appears to be that the ePrivacy Directive trumps GDPR on this issue.

Though it’s not clear how they’ve arrived at that conclusion. (The more than 15-year-old ePrivacy Directive is also in the process of being updated — while the flagship GDPR only came into force last year.)

On this Matthiesen cited a “general principle of law” that he said means that “in a conflict between two rules that cover the same thing it’s the more specific law prevails.” (Though that does assume the GDPR and ePrivacy Directive are in conflict where cookie walls are concerned.)

The portion of the ePrivacy Directive that the IAB appears to be referring to is recital 25 — which includes the following line:

Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose.

However, “specific website content” is hardly the same as full site access, i.e. as is entirely blocked by their cookie wall.

The “legitimate purpose” point in the recital also provides a second caveat vis-à-vis making access conditional on accepting cookies — and the recital text includes an example of “facilita[ting] the provision of information society services” as such a legitimate purpose.

What are “information society services”? An earlier European directive defines this legal term as services that are “provided at a distance, electronically and at the individual request of a recipient” [emphasis ours] — suggesting it refers to Internet content that the user actually intends to access (i.e. the website itself), rather than ads that track them behind the scenes as they surf.

So, in other words, even per the outdated ePrivacy Directive, a site might be able to require consent for functional cookies from a user to access a portion of the site.

But that’s not the same as saying you can gate off an entire website unless the visitor agrees to their browsing being pervasively tracked by advertisers.

That’s not the kind of “service” website visitors are looking for.

Add to that, returning to present day Europe, the Dutch DPA has put out very clear guidance demolishing cookie walls.

The only sensible legal interpretation here is that the writing is on the wall for cookie walls.

The IAB’s Matthiesen disagrees, of course.

“Law’s complicated and [the definition of an information society service is] not as simple as that statement,” he said debating this point. “When a browser connects to a website it’s making technically a request on the things that are being loaded. So it is technically requesting the content that is loaded on the site.”

“The website is the property of the website owner. There are fundamental rights attached to property too,” he added. “There is nothing in the GDPR that says I must make my website’s content available to people. I am perfectly fine to determine the conditions under which I am making my property available.

“You’re not entitled to it. I can’t force you to accept tracking, right, maybe. The way in which you aren’t forced is that you don’t have to use my property. That is the fundamental disagreement between the position [that cookie walls can’t be used] and mine [i.e. that they can].”

He suggested it will be up to the European Court of Justice to provide legal clarity on the issue — assuming any Dutch websites targeted by the regulator to take down their cookie walls choose to bring a legal challenge.
https://techcrunch.com/2019/03/08/co...ays-dutch-dpa/





Stalkers and Debt Collectors Impersonate Cops to Trick Big Telecom Into Giving Them Cell Phone Location Data

In several cases, a stalker impersonated a US Marshal and reported a fake kidnapping in order to get telecom companies to give them real-time cell phone location data.
Joseph Cox

Motherboard previously reported that AT&T, T-Mobile, and Sprint have been selling their customers’ real-time location data, which trickled down through a network of middlemen and data brokers before arriving in the hands of bounty hunters.

But some people don’t even pay for this data at all.

Instead, bounty hunters and people with histories of domestic violence have managed to trick telecommunications companies into providing real-time location data by simply impersonating US officials over the phone and email, according to court records and multiple sources familiar with the technique. In some cases, these people abuse telecom company policies created to give law enforcement real-time location data without a court order in “exigent circumstances,” such as when there is the imminent threat of physical harm to a victim.

The practice is ongoing according to the sources, and court documents and an audio recording obtained by Motherboard also detail a previously prosecuted case in which one debt collector tricked T-Mobile by fabricating cases of child kidnapping to convince the telco to hand over location data.

“A group of 11 abducted a 7 year child in south Atlanta. This child’s life in obvious danger,” John Letcher Edens wrote to T-Mobile while posing as a US Marshal and trying to locate a vehicle to repossess, according to court records.

The technique highlights another gap in the security of telecom companies, and how they have, at times, exposed sensitive customer data to bounty hunters, stalkers, and other people not authorized to handle it. In some cases, scammers sought out so-called “E911” data intended for first responders, which is highly precise and can in some cases pinpoint a device’s location inside a building.

“So many people are doing that and the telcos have been very stupid about it. They have not done due diligence and called the police [departments] directly to verify the case or vet the identity of the person calling,” Valerie McGilvrey, a skiptracer who said she has bought phone location data from those who obtained access to it, told Motherboard. A skiptracer is someone tasked with finding out where people, typically fugitives on the run or those who owe a debt, are located.

McGilvrey and another bail industry source described separate and previously unreported instances of scammers posing as law enforcement officers to obtain phone location data directly from telecom companies. Motherboard granted the second source in this story anonymity to talk more candidly about a controversial and illegal technique for obtaining phone location data.

Both sources indicated the scam has been done to obtain data on Verizon, T-Mobile, and Sprint customers, with one of the sources saying all telcos were possible. McGilvrey said she believes one person she bought phone location data from had obtained thousands of phones locations.

“I know a lot of people who do this,” the second source said, suggesting impersonating officials is an ongoing technique used today.

Convincing a telecom company to hand over a target’s real-time location data is sometimes not difficult.

McGilvrey provided Motherboard with a 2014 audio recording of her talking to Edens. In the call, Edens boasts of his ability to obtain phone locations by fabricating data request documents that law enforcement often use to obtain information about customers from telecom companies. (Motherboard verified that the recording includes Edens’ voice by comparing it to a television interview Edens previously gave to ABC News. In that interview, Edens goes under the assumed name John Anderson; court filings from the government confirm this alias).

The scheme works by exploiting telecom company procedures for “exigent circumstances,” a legal term for when law enforcement urgently needs access to data, such as during a kidnapping. All telcos provide a mechanism where a law enforcement official can contact them and request real-time location data. Exigent circumstances procedures are separate from more ordinary ways that law enforcement obtain information, such as via a legal search warrant or subpoena.

In the call with McGilvrey, Edens specifically says he made requests to T-Mobile at night, to a particular employee, and he checked who was working before doing so.

“Those are badass pings, is what they are,” Edens says in the audio recording.

McGilvrey asks, “What about Verizon?”

“I can get them too,” Edens replies. “I can do it for all of them.”

Edens was eventually caught doing this, was arrested, and pleaded guilty to six criminal counts of impersonating a US Officer. He was sentenced to one year in prison in 2016, according to the Department of Justice and court records.

Edens made up several stories of fictitious kidnappings to convince T-Mobile to hand over the location information, court records add.

“[A]n emotionally unstable Houston man has kidnapped a 9 year old child in Georgia. He is armed and dangerous and has plane access,” one of Eden’s messages to T-Mobile in November 2014 read.

The court records mention an email domain—”gafugitivetaskforce1.net”—which Edens used to convince T-Mobile he was a legitimate law enforcement official. In the audio recording, Edens says he also spoofed the area code of this phone number, likely to make T-Mobile believe he was calling from a different part of the country.

In one email from T-Mobile included in the court records, the telco responds to the fake law enforcement officer with a handy Google Maps link of the target’s approximate, real-time location.

With this technique, phone location data has ended up in the hands of people who may abuse it. Edens had a history of domestic violence, stalking, and harassment, according to court records. Specifically, in 2011 Edens was convicted of aggravated stalking and harassing phone calls; in 2006, he was convicted of battery after he caused visible bodily harm to his wife, by kicking her in the shin and grabbing her arms, according to court records.

According to court records from the US Marshals case, Edens impersonated a law enforcement officer in order to locate and repossess cars from people who were late on their payments. In one case, Edens headed to one woman’s home at “all hours of the night” and showed up at her work place, a document filed by government attorneys in the phone location case adds.

“In this case, Defendant not only used the location information to find the victims, but also to harass and threaten at least one victim,” the government filing adds.

Attempts to reach Edens for comment through his lawyer were unsuccessful.

While the Edens case shows specific instances of abuse, both McGilvrey and the other industry source told Motherboard that other skip tracers use this technique, and that the abuse is ongoing.

When asked about this specific case and the issue of obtaining location data through impersonation more generally, a T-Mobile spokesperson said in a statement, “At T-Mobile, a dedicated legal team responds to thousands of emergency requests for information each year. Prior to releasing any customer data, they analyze the lawfulness of each request and the identity of the requestor. This process is regularly reviewed and revised as needed. From time to time we have become aware of situations that involve bad actors. Though they are rare we always fully cooperate in investigations and in response will review our process and implement additional safeguards where warranted.”

A Sprint spokesperson wrote in an email “We regularly consult with other carriers to share information on fraud attempts and are constantly working to update our security and detection measures in order to stay ahead of the latest methods used by fraudsters. Regarding the type of situation you outlined, we have taken a number of steps to help safeguard our customers’ information while also complying with lawful requests from law enforcement and 9-1-1 operators.” The spokesperson added that Sprint asks the person for particular pieces of information, such as their operator number and agency call back number, before processing a request.

An AT&T spokesperson told Motherboard in a statement, “When lives are in danger, we are fast and accurate in helping locate kidnapping victims, attempted suicides and others. We have safeguards to protect against fraudulent requests. Saving lives and screening fraud are both priorities. We don’t discuss our anti-fraud efforts publicly for obvious reasons.”

Verizon did not respond to a request for comment.

A spokesperson for the Federal Communications Commission (FCC), which is investigating how telecom companies have sold consumers' location data, told Motherboard in an email "We’re investigating carrier practices regarding location information data can’t otherwise comment on that investigation." It is not clear when that investigation may be complete, or whether it also encompasses this particular scheme for obtaining location data or only the sale of it by telecom companies.
https://motherboard.vice.com/en_us/a...ion-data-years





Here are the Data Brokers Quietly Buying and Selling Your Personal Information

You’ve probably never heard of many of the data firms registered under a new law, but they’ve heard a lot about you. A list, and tips for opting out.
Steven Melendez and Alex Pasternacklong

It’s no secret that your personal data is routinely bought and sold by dozens, possibly hundreds, of companies. What’s less known is who those companies are, and what exactly they do.

Thanks to a new Vermont law requiring companies that buy and sell third-party personal data to register with the Secretary of State, we’ve been able to assemble a list of 121 data brokers operating in the U.S. It’s a rare, rough glimpse into a bustling economy that operates largely in the shadows, and often with few rules.

Even Vermont’s first-of-its-kind law, which went into effect last month, doesn’t require data brokers to disclose who’s in their databases, what data they collect, or who buys it. Nor does it require brokers to give consumers access to their own data or opt out of data collection. Brokers are, however required to provide some information about their opt-out systems under the law–assuming they provide one.

If you do want to keep your data out of the hands of these companies, you’ll often have to contact them one by one through whatever opt-out systems they provide; more on that below.

The registry is an expansive, alphabet soup of companies, from lesser-known organizations that help landlords research potential tenants or deliver marketing leads to insurance companies, to the quiet giants of data. Those include big names in people search, like Spokeo, ZoomInfo, White Pages, PeopleSmart, Intelius, and PeopleFinders; credit reporting, like Equifax, Experian, and TransUnion; and advertising and marketing, like Acxiom, Oracle, LexisNexis, Innovis, and KBM. Some companies also specialize in “risk mitigation,” which can include credit reporting but also background checks and other identity verification services.

Still, these 121 entities represent just a fraction of the broader data economy: The Vermont law only covers third-party data firms–those trafficking in the data of people with whom they have no relationship–as opposed to “first-party” data holders like Amazon, Facebook, or Google, which collect data directly from users.

What they know

By buying or licensing data or scraping public records, third-party data companies can assemble detailed profiles with thousands of attributes each for billions of people. For decades, companies could buy up lists of magazines subscribers to build targeted advertising audiences. These days, if you use a smartphone or a credit card, it’s not difficult for a company to determine if you’ve just gone through a break-up, if you’re pregnant or trying to lose weight, whether you’re an extrovert, what medicine you take, where you’ve been, and even how you swipe and tap on your smartphone.

All that data can be used to target you with ads, classify the riskiness of your lifestyle, help determine your eligibility for a job. Like the companies themselves, the risks can be hard to see. Apart from the dangers of merely collecting and storing all that data, detailed (and often erroneous) consumer profiles can lead to race or income-based discrimination, in a high-tech version of redlining. Piles of personal data are flowing to political parties attempting to influence your vote and government agencies pursuing non-violent criminal suspects. Meanwhile, people-search websites, accessible to virtually anyone with a credit card, can be a goldmine for doxxers, abusers, and stalkers. (The National Network to End Domestic Violence has assembled a guide to data brokers.)

“Deleting” your data

For companies regulated under the Fair Credit Reporting Act (FCRA), including traditional credit bureaus, you have the right to request your personal data and request corrections of anything that’s wrong.

But for other companies that deal in data, like marketing and people finder companies, U.S. law mostly doesn’t make any such guarantees, though that may change in the future as state and federal legislatures consider further rules. Those could ultimately bring protections like the right-to-be-forgotten and other safeguards granted to European residents under the General Data Protection Regulation (GDPR), probably the strictest international consumer data policy.

• To try to remove yourself from a company’s databases: Click on the name of the broker below, click “Filing History,” and then click “DATA BROKER REGISTRATION.” You’ll get a document in PDF form that contains details from the company on how to opt out–provided the company allows you to opt-out.

• You can also consult various online guides listing opt-out procedures. Griffin Boyce, systems administrator at Harvard University’s Berkman Klein Center for Internet and Society, has compiled one such opt-out guide. Another guide is put together by Joel Winston, an attorney known for his work on data privacy and consumer protection. At Motherboard, Yael Grauer compiled another list of brokers with tips for opting out. If you’re a resident of the European Union, opt-out.eu has a guide to sending GDPR Erasure Requests.

• You can also use the Data & Marketing Association’s DMAchoice program, which is primarily designed for opting out of direct mail and email messages, but is also used by some organizations to remove consumers from their lists entirely. It costs $2 to sign up for the program, and registration lasts two years.

• If you’re concerned about how a company is handling your personal data, you can file a complaint with the Federal Trade Commission, which has issued millions of dollars in penalties over unfair or unlawful behavior by credit agencies and data brokers.
• You can limit data loss by deleting unnecessary apps, adjusting your privacy settings, using privacy tools like a VPN, and limiting what you post online.

In order to control your data, you may need to hand over some basic info to verify that it’s really you. But be careful about what you turn over. As Boyce writes, “other than credit reporting agencies such as Equifax, no one should ask for your Social Security number or tax ID while opting out. When sending a copy of your ID, mark out the ID number and draw a line across the photo.”

Related: 7 digital privacy tools you need to be using now
The data broker companies

Below are the companies that have registered under Vermont’s data broker law, with descriptions drawn from their websites or other sources where noted.

(To view opt-out instructions in PDF format, click on the name of the company, then click “Filing History,” and then “DATA BROKER REGISTRATION”)
Accudata Integrated Marketing Inc.

Accudata operates mailing lists and marketing data services.
Acxiom LLC

The data giant’s offerings now encompass “more than 62 countries, 2.5 billion addressable consumers and more than 10,000 attributes—for a comprehensive representation of 68 percent of the world’s online population.” Last year, following the Cambridge Analytica scandal and Facebook’s decision to end partnerships with Acxiom and other third-party data handlers, LiveRamp sold Acxiom to Interpublic Group, one of the world’s largest advertising agencies, for $2.3 billion. LiveRamp continues to operate as a leading “data onboarding” company, helping bring offline data online for marketing purposes.
Advantage Credit Inc.

Advantage Credit resells credit services and data for the mortgage and finance industry.
Advantage Sales & Marketing LLC

Advantage offers shopper marketing, retail merchandising, and other services to retailers and manufacturers.
Advertise4Sales LLC

4LegalLeads.com connects law firms and legal professionals across the country to tens of thousands of prospects requesting legal help in real-time via phone or web leads each month.
ALC Inc.

ALC (American List Counsel) has “become the industry’s leading privately held direct and digital data marketing services provider.”
All Web Leads Inc.

All Web Leads is an “online lead generation company that sells the highest-quality sales leads to top insurance producers.” (Crunchbase)
Altisource Holdings LLC

Altisource provides information about landlords to businesses that wish to market to them.
AmRent Inc.

AmRent provides tenant screening services and data.
ANALYTICSIQ Inc.

“[T]he first data company to consistently blend cognitive psychology with sophisticated data science to help you understand the who, what and why behind consumers and the decisions they make every day. Their accurate and comprehensive consumer database, PeopleCore, provides access to data attributes you can’t find anywhere else.”
ASL Marketing Inc.

ASL is “the nation’s premier provider of student marketing data, focused on the highly desirable 13-34-year-old market.”
Automation Research Inc. dba DataVerify

DataVerify provides information for the mortgage and real estate loan industry.
Avrick Direct Inc.

Mailing list and direct marketing company “specializing in data compilation.”
Background Information Services Inc. (BIS)

BIS focuses on employee and tenant screening.
Backgroundchecks.com LLC

Backgroundchecks.com provides online background checks and criminal records data.
BeenVerified Inc. and its subsidiaries/affiliates

BeenVerified provides background check and people search services.
Belardi Ostroy ALC LLC

Belardi Wong is “a full service digital & direct marketing agency, relentlessly focused on driving revenue, profit and customer growth.”
Black Knight Data & Analytics LLC

Black Knight provides loan and real estate data.
Blackbaud Inc.

A “supplier of software and services specifically designed for nonprofit organizations. Its products focus on fundraising, website management, CRM, analytics, financial management, ticketing, and education administration.” (Wikipedia)
CBCInnovis Inc.

CBCInnovis provides credit and real estate data.
CDK Global LLC

CDK “provides software and technology solutions for automotive retailers in the United States and internationally.”
CIC Mortgage Credit Inc.

CIC provides credit data for the mortgage industry.
Civis Analytics Inc.

Civis is “an Eric Schmidt-backed data science software and consultancy company founded by Dan Wagner in 2013. Wagner served as the chief analytics officer for Barack Obama’s 2012 re-election campaign.” Read more from Fast Company here.
Clarity Services Inc.

Clarity Services is a unit of Experian focusing on alternative credit data.
Compact Information Systems

Provides specialty lists, data hygiene services, and direct marketing database solutions.
Confi-Chek

A people search conglomerate that owns Peoplefinders.com, Enformium Inc., PublicRecordsNOW.com, PrivateEye.com and Advanced Background Checks Inc.
CoreLogic Background Data LLC

CoreLogic Background Data provides “wholesale background data” for screening purposes.
CoreLogic Credco of Puerto Rico

CoreLogic Credco provides credit data to the mortgage industry.
CoreLogic Credco LLC

CoreLogic Credco provides credit data to the mortgage industry.
CoreLogic Screening Services LLC

CoreLogic Screening Services provides tenant screening for rental properties.
CoreLogic Solutions LLC

CoreLogic Solutions processes and provides property records for the real estate and mortgage industries.
Cortera Inc.

Cortera provides credit information about businesses.
Data Facts Inc.

Data Facts provides information on consumers for background checks in lending, housing and more
DataMentors LLC dba V12

A “data and technology platform that links customer records with their proprietary blend of online, offline, and digital marketing data for highly personalized, one-to-one consumer marketing, regardless of device or channel.” (Crunchbase)
Datamyx LLC dba Deluxe Marketing Solutions

A “leading provider of integrated information, technology and analytics. Datamyx serves customers in industries ranging from banking, credit unions, and mortgage providers to alternative finance, insurance, and others.”
Datastream Group Inc.

Datastream “provides rich marketing data and real-time sales leads.”
DataX Ltd.

DataX is a unit of Equifax focused on alternative credit data.
Digital Media Solutions

“Deploys diversified and data-driven digital media customer acquisition solutions, including performance marketing, digital agency and marketing technology solutions to help achieve the marketing objectives of clients.”
Digital Segment LLC

A multi-channel marketing company.
Drobu Media LLC

Ad manager and lead generator for social media campaigns.
Dustin Blackman

Dustin Blackman is the head of Drobu Media LLC, a lead generation service. He indicated to Fast Company that he intended to register only the business, not himself.
Edvisors Network Inc.

Edvisors “provides independent advertising-supported platforms for consumers to search compare and apply for private student loans.”
Enformion

Enformion “aggregates billions of United States public records into one of the largest online people databases.”
Epsilon Data Management LLC

Epsilon is one of the largest data management companies in the world, and provides direct marketing and customer relationship management services, sending more than 40 billion e-mails each year.
Equifax Information Services LLC

Incorporated in 1937, Equifax is one of the three major consumer credit reporting agencies. In 2017, the company said it suffered a cyberattack that exposed the data of more than 145.4 million Americans, including their full names, Social Security numbers, birth dates, addresses, and driver license numbers. At least 209,000 consumers’ credit card credentials were also taken in the attack.
Experian Data Corp.

A sibling of the giant U.S. credit reporting agency Experian Information Solutions and one of many subsidiaries of the Ireland-based data giant Experian PLC, the company operates Experian RentBureau, a database updated daily with millions of consumers’ “rental payment history data from property owners/managers, electronic rent payment services and collection companies.”
Experian Fraud Prevention Solutions Inc.

An Experian unit providing a database focusing on fraudulent transactions.
Experian Health Inc.

The healthcare division of the credit reporting agency, providing data and analytics for healthcare providers, labs, pharmacies, payers, and other risk-bearing entities.
Experian Information Solutions Inc.

One of the “big three” credit reporting agencies, Experian also sells data analytics and marketing services, and purports to aggregate information on over one billion people and businesses, including 235 million individual U.S. consumers.
Experian Marketing Solutions Inc.

A marketing subsidiary of the credit reporting giant focused on identity-linkage and consumer research.
FD Holdings LLC dba Factual Data

Factual Data provides credit and other data to mortgage lenders.
First American Data Tree LLC

DataTree “delivers the current and accurate real estate and property ownership data you need for your business.”
First Direct Inc. and its subsidiaries/affiliates

First Direct provides digital & traditional direct marketing.
First Orion Corp.

First Orion provides information on telephone callers, including contact information and the likelihood of a scam.
Forewarn LLC

Forewarn provides background information about potential business associates, including real estate clients.
Fused Leads LLC

Fused Leads is “a pipeline to potential clients for the home improvement, auto insurance, auto finance, life insurance, mortgage, and health insurance industries.”
General Information Solutions LLC

GIS, which recently merged with HireRight, is a background screening company.
HealthCare.com

Not to be confused with the government insurance portal healthcare.gov, healthcare.com provides consumer marketing for insurance companies.
I360 LLC

Funded by the Koch brothers and started by a former adviser to John McCain’s presidential campaign, i360 has built one of the largest data, technology, and analytics platforms for political and commercial clients.
ID Analytics LLC

ID Analytics is a unit of Symantec focused on credit and fraud risk mitigation.
IHS Markit

IHS Markit is a “global leader in information, analytics and solutions” for various industries.
InCheck Inc.

InCheck is a background check provider.
Inflection Risk Solutions LLC

Inflection helps “companies to make better and faster people decisions about who to hire, who to trust, and to whom they should grant access” using in-house and public data that includes criminal records, sex offender registries, and global watchlists.
Inflection.com Inc.

A subsidiary of Inflection Risk Solutions.
Infocore Inc.

Infocore “specializes in direct marketing, campaign strategy, and sourcing market data for domestic and multinational clients.”
Infogroup Inc.

Infogroup, founded by Vinod Gupta in 1972, “offers real-time data on 245 million individuals and 25 million businesses for customer acquisition and retention,” according to Wikipedia.
Infutor Data Solutions

Infutor is “the expert in identity management, enabling brands to instantly identify consumers and make informed marketing decisions.”
Innovis Data Solutions Inc.

Innovis is a consumer credit reporting agency.
Instant Checkmate LLC

Instant Checkmate is a people search site that uses public records, including criminal records.
Insurance Services Office Inc.

ISO is a unit of Verisk that focuses on insurance risk and fraud identification.
IntelliCorp Records Inc.

IntelliCorp is a unit of Verisk focusing on employment background checks.
Intellireal LLC

Intellireal is a division of Equifax focusing on real estate analytics and valuation.
Interactive Data LLC

Interactive Data provides consumer information for risk mitigation, compliance, and identity verification.
IQ Data Systems Inc. dba Backgrounds Online

A nationwide data aggregator, IQ Data Systems offers “private investigation, skip tracing, public record maintenance and background screening services,” and provides “FCRA compliant background screening.”
ISO Claims Services Inc.

ISO manages insurance companies’ personal injury claims portfolios.
ISO Services Inc.

A subsidiary of data giant Verisk Analytics, ISO “is a provider of statistical, actuarial, underwriting, and claims information and analytics; compliance and fraud identification tools” for “insurers, reinsurers, agents and brokers, insurance regulators, risk managers, and other participants in the property/casualty insurance marketplace.”
IXI Corp.

Equifax-owned IXI analyzes household economics and “offers customer targeting, segmentation, and market tracking solutions and services for financial services and consumer marketing firms.”
KBM GROUP LLC

WPP-owned data giant KBM offers “marketing strategy and analytics services.”
KnowWho Inc.

KnowWho helps “government relations, lobbying firms, advocacy groups, library patrons, and the government itself, connect with elected officials and their staffs for more than 15 years.”
LexisNexis Risk Solutions Inc. and affiliates

This LexisNexis unit provides and works with data for risk management purposes.
Lundquist Consulting Inc.

LCI, part of Verisk Financial, provides data on bankruptcy matters.
MCH Inc. dba MCH Strategic Data

MCH “provides the highest quality education, healthcare, government, and church data.”
Modernize Inc.

A home improvement contractor marketplace.
National Consumer Telecom & Utilities Exhange Inc.

“NCTUE is a consumer reporting agency that maintains data such as payment and account history, reported by telecommunication, pay TV, and utility service providers that are members of NCTUE.”
National Student Clearinghouse

The National Student Clearinghouse verifies where people attended school and the degrees they earned.
Neustar Inc.

Neustar “provides real-time information and analytics for defense, telecommunications, entertainment, and marketing industries,” and provides clearinghouse and directory services to the global communications industries, serving as the domain name registry for .biz, .us, .co, and .nyc top-level domains.
New England List Services Inc.

Offers targeted consumer mailing lists.
Open Dealer Exchange LLC dba 700 Credit LLC

700 Credit provides credit screening for car dealers.
Oracle America Inc. (Oracle Data Cloud)

Data giant “Oracle Data Cloud gives marketers access to 5 billion global IDs, $3 trillion in consumer transactions, and more than 1,500 data partners available through the BlueKai Marketplace. With more than 45,000 prebuilt audiences spanning demographic, behavioral, B2B, online, offline, and transactional data, we bring together more data into a single location than any other solution.”
OwnerIQ Inc.

OwnerIQ “provides online advertising solutions and marketing channels for brands, retailers, and manufacturers” and operates a platform for second party data for marketing.
Parasol Media Inc.

Parasol Leads is one of the insurance industry’s highest quality leads generation services.
Partners Credit and Verification Solutions

Partners provides credit and background data to mortgage lenders.
Path2Response

Path2Response “collects, aggregates and models consumer information.”
PeopleConnect Inc.

A people search company that owns Intelius and Classmates.com, providing access to criminal records, employee screening, background checks, and identity theft protection services.
Pipl Inc.

Pipl is a people search tool.
Plural Marketing Solutions Inc.

A company that builds “engaging, consumer-centric paths and web sites.”
PossibleNOW Data Services

PossibleNOW “is the leader in consumer regulatory compliance and consent solutions, and pioneered the concept of enterprise preference management.”
Project Applecart LLC

Project Applecart gathers data on adults in the U.S. “via publicly available sources or via third-party license agreements. It analyzes the data to help advertisers address marketing and other communications to the relevant audience.”
Quality Planning Corp.

QPC provides analytics and information on policyholders for automobile insurance companies.
Rental Property Solutions LLC

Rental Property Solutions is a unit of CoreLogic that provides credit reporting information to landlords.
Reveal Mobile Inc.

Reveal “provides location-based marketing & analytics to help companies reach audiences across mobile apps, digital advertising, and social media.”
Ruf Strategic Solutions

A marketing firm owned by consumer identity management company Infutor with a focus on travel, tourism, insurance, e-commerce, and education.
SageStream LLC

SageStream is a consumer credit reporting company.
Skipmasher Inc.

For skiptracers and investigators.
Speedeon Data LLC

“Speedeon Data’s goal has been to provide our clients with the highest quality customer contact data…”
Spokeo Inc.

Spokeo is a people search giant that purports to provide access to 12 billion public records. In 2012, the Federal Trade Commission fined the company $800,000 and placed it under a 20-year privacy prohibition for marketing information for employment screening purposes without adhering to the Fair Credit Reporting Act, in the first FTC fine involving personal data collected online and sold to potential employers.
Spy Dialer Inc.

Spy Dialer is a people search website providing information on people by name or phone number.
Strategic Information Resources

SIR provides background and credit screening to employers, landlords, and lenders.
TALX Corp.

TALX is a unit of Equifax that provides employment information to companies and landlords through a database called The Work Number. As Fast Company previously reported, the database relies on feeds of detailed employee and salary data provided by the country’s biggest companies and organizations, including Facebook, Amazon, Microsoft, Oracle, Walmart, Twitter, AT&T, Harvard Law School, and the Commonwealth of Pennsylvania. In 2017, a security researcher exposed a breach in which employees’ data could be accessed using only Social Security numbers and dates of birth.
Teletrack LLC

“CoreLogic Teletrack is a consumer reporting agency that provides consumer reports to third parties for the purpose of credit risk assessment and/or other purposes as permitted by law.”
The Lead Company Inc.

Specializing in quality real-time online insurance leads for auto, home, life, and health.
Thomas Reuters (CRC) LLC dba Refinitiv

Refinitiv operates the World-Check database used for financial “know your customer” compliance and identity verification. Non-profit Privacy International has raised concerns about U.S. government contracts with two subsidiaries of Thompson Reuters and three other firms to provide data that “can be used by the [Immigration and Customs Enforcement] agency and others to identify and track people and their families, including for deportation.”
Towerdata Inc.

A multichannel marketing firm focused on email.
TransUnion

TransUnion is the smallest of the “big three” credit reporting agencies, alongside Experian and Equifax.
Truthfinder LLC

Truthfinder is a people search site that provides background checks and public records search capabilities.
Twine Data Inc.

“Twine is a mobile data platform that works with app publishers who generate mobile data & the companies who need data for ad targeting.” (Crunchbase)
Viant Technology LLC

Viant, a former Time Inc. and current Meredith subsidiary, is “a premier people-based advertising technology company, enabling marketers to plan, execute, and measure their digital media investments,” with “access to over 250 million registered users in the U.S., infusing accuracy, reach and accountability into cross device advertising.”
West Publishing Corp.

A unit of Thomson Reuters, West offers tools for searching public records and legal records. In 2018, the non-profit Privacy International identified it as one of a number of firms hired by Immigration and Customs Enforcement to provide data that “can be used by the agency and others to identify and track people and their families, including for deportation.”
WhitePages Inc.

WhitePages provides people search and background information.
Whoodle LLC

Whoodle is a people search and background check service.
Wiland Inc.

A “provider of intelligence-driven predictive marketing solutions.”
https://www.fastcompany.com/90310803...al-information





Disputed N.S.A. Phone Program Is Shut Down, Aide Says
Charlie Savage

The National Security Agency has quietly shut down a system that analyzes logs of Americans’ domestic calls and texts, according to a senior Republican congressional aide, halting a program that has touched off disputes about privacy and the rule of law since the Sept. 11 attacks.

The agency has not used the system in months, and the Trump administration might not ask Congress to renew its legal authority, which is set to expire at the end of the year, according to the aide, Luke Murry, the House minority leader’s national security adviser.

In a raw assertion of executive power, President George W. Bush’s administration started the program as part of its intense pursuit for Qaeda conspirators in the weeks after the 2001 terrorist attacks, and a court later secretly blessed it. The intelligence contractor Edward J. Snowden disclosed the program’s existence in 2013, jolting the public and contributing to growing awareness of how both governments and private companies harvest and exploit personal data.

The way that intelligence analysts have gained access to bulk records of Americans’ phone calls and texts has evolved, but the purpose has been the same: They analyze social links to hunt for associates of known terrorism suspects.

Intelligence agencies can use the technique on data obtained through other means, like collection from networks abroad, where there are fewer legal limits. But those approaches do not offer the same systematic access to domestic phone records.

Congress ended and replaced the program disclosed by Mr. Snowden with the U.S.A. Freedom Act of 2015, which will expire in December. Security and privacy advocates have been gearing up for a legislative battle over whether to extend or revise the program — and with what changes, if any.

Mr. Murry, who is an adviser for Representative Kevin McCarthy of California, raised doubts over the weekend about whether that debate will be necessary. His remarks came during a podcast for the national security website Lawfare.

Mr. Murry brought up the pending expiration of the Freedom Act, but then disclosed that the Trump administration “hasn’t actually been using it for the past six months.”

“I’m actually not certain that the administration will want to start that back up,” Mr. Murry said.

He referred to problems that the National Security Agency disclosed last year. “Technical irregularities” had contaminated the agency’s database with message logs it had no authority to collect, so officials purged hundreds of millions of call and text records gathered from American telecommunications firms.

The agency declined to comment on Monday. Press officials with the Office of the Director of National Intelligence and the National Security Council did not respond to requests for comment.

Matt Sparks, a spokesman for Mr. McCarthy’s office, said late Monday that Mr. Murry “was not speaking on behalf of administration policy or what Congress intends to do on this issue.”

Christopher Augustine, an N.S.A. spokesman, told The New York Times in January that agency officials were “carefully evaluating all aspects” of the Freedom Act program, and were discussing its future.

Mr. Augustine made clear that the White House would make the final call about whether to ask Congress to extend the Freedom Act.

The disclosure that the program has apparently been shut down for months “changes the entire landscape of the debate,” said Daniel Schuman, the policy director of Demand Progress, an advocacy group that focuses on civil liberties and government accountability.

Since “the sky hasn’t fallen” without the program, he said, the intelligence community must make the case that reviving it is necessary — if, indeed, the National Security Agency thinks it is worth the effort to keep trying to make it work.

The phone records program had never thwarted a terrorist attack, a fact that emerged during the post-Snowden debate.

“If there is an ongoing program, even if we all have doubts about it, that’s a very different political matter than if the program has actually stopped,” Mr. Schuman said. “Then the question becomes, ‘Why restart it?’ rather than whether to turn it off.”

The National Security Agency has used the call-detail records — metadata showing who called whom and when, but not the content of what was said — as a map of social networks, analyzing links between people to identify associates of terrorism suspects.

Even without the program, the agency could still collect telecommunications data from abroad, which domestic surveillance laws have left largely unregulated. But while overseas-based collection can give some access to Americans’ data, it apparently does not provide the systematic access to purely domestic phone messages.

The phone records program traces back to the aftermath of the Sept. 11 attacks when the Bush administration created the secret Stellarwind surveillance program. One component involved the bulk collection of logs of Americans’ domestic phone calls.

Companies like AT&T and MCI — later part of Verizon — initially turned over their customers’ records in response to an order by Mr. Bush. Starting in 2006, the Foreign Intelligence Surveillance Court began issuing secret orders requiring the companies to participate, based on a novel interpretation of Section 215 of the Patriot Act, which said the F.B.I. may obtain business records “relevant” to a terrorism investigation.

In June 2013, the program came to light after The Guardian published the first revelation from the trove of classified files provided by Mr. Snowden: a top-secret surveillance court order to Verizon to provide its customers’ call records.

The disclosure, one of the most significant by Mr. Snowden, prompted sharp criticism of the government’s theory about why it was legal: Essentially, everyone’s phone records were relevant because the government needed to acquire the haystack so that it could hunt for needles of investigative interest. An appeals court later rejected that theory.

While intelligence officials could not point to attacks the program had thwarted, they defended the ability as a useful triaging tool for sifting through potential connections — and suggested that had it been in place before Sept. 11, it might have helped uncover Al Qaeda’s plot. Critics called that argument exaggerated and portrayed it as a legally dubious invasion of privacy that was ripe for abuse.

The Obama administration eventually embraced a plan to end the National Security Agency’s bulk collection of domestic phone data but preserve the old program’s analytical ability, resulting in the Freedom Act of 2015.

Under that law, the bulk records remained in the hands of the phone companies, not the government. But with a judge’s permission, the agency could swiftly retrieve the phone and text logs of particular suspects as well as of all of the people who had been in contact with those suspects, even when they were customers of different phone companies.

Under the replacement system, the number of records about Americans’ communications that the agency collected dropped significantly from the billions per day it had previously been sucking in.

Yet the scale of collection remained huge: The program gathered 151 million records in 2016, despite obtaining court orders to use the system on only 42 terrorism suspects in 2016, along with a few left over from late 2015. In 2017, it obtained orders for 40 targets and collected 534 million records.

Problems with the system emerged last year, when the National Security Agency said it had decided to delete its entire database of records gathered since the Freedom Act system became operational. Glenn S. Gerstell, the agency’s general counsel, said in an interview at the time that because of complex technical glitches, one or more telecom providers — he declined to say which — had responded to court orders for records by sending logs to the agency that included both accurate and inaccurate data.

When the agency then fed those numbers back to the telecoms to get the communications logs of all of the people who had been in contact with its targets, it ended up gathering some data of people unconnected to the targets. The agency had no authority to collect their information, nor a practical way to go through its large database and cull those records it should not have gathered. As a result, it decided to purge them all and start over.

But it had not been clear until Mr. Murry’s comments in the podcast that was posted over the weekend that the problems have continued, even as a legislative battle over the Freedom Act — and the inevitable scrutiny of how the program has functioned — has drawn near.
https://www.nytimes.com/2019/03/04/u...shut-down.html





All Intel Chips Open to New Spoiler Non-Spectre Attack: Don't Expect a Quick Fix

Researchers say Intel won't be able to use a software mitigation to fully address the problem Spoiler exploits.
Liam Tung

Researchers have discovered a new flaw affecting all Intel chips due to the way they carry out speculative execution for CPU performance gains.
More security news

Like the Spectre and Meltdown attacks revealed in January 2018, Spoiler also abuses speculative execution in Intel chips to leak secrets.

However, it targets a different area of the processor called the Memory Order Buffer, which is used to manage memory operations and is tightly coupled with the cache.

Researchers from Worcester Polytechnic Institute, Massachusetts, and the University of Lübeck in north Germany detail the attack in a new paper, 'Spoiler: Speculative load hazards boost Rowhammer and cache attacks'. The paper was released this month and spotted by The Register.

The researchers explain that Spoiler is not a Spectre attack, so it is not affected by Intel's mitigations for it, which otherwise can prevent other Spectre-like attacks such as SplitSpectre.

"The root cause for Spoiler is a weakness in the address speculation of Intel's proprietary implementation of the memory subsystem, which directly leaks timing behavior due to physical address conflicts. Existing Spectre mitigations would therefore not interfere with Spoiler," they write.

They also looked for the same weakness in Arm and AMD processor cores but didn't find the same behavior that is present in Intel chips.

Spoiler depends on "a novel microarchitectural leakage, which reveals critical information about physical page mappings to user space processes".

"The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS, and also works from within virtual machines and sandboxed environments."

The researchers say that Spoiler improves Rowhammer attacks and cache attacks that reverse-engineer virtual-to-physical address mapping. Using Spoiler, they show the leakage can be used to speed up reverse-engineering by a factor of 256. It also can speed up JavaScript attacks in the browser.

The researchers say that Intel has confirmed receipt of their findings on December 1, 2018. However, they note Intel won't be able to use a software mitigation to fully address the problem Spoiler exploits. Meanwhile hardware mitigations could address the issue but would almost certainly mean a hit on CPU performance.

They note that for JavaScript-based Spoiler attacks via a website, browsers could mitigate Spoiler by removing accurate timers, but removing all timers could be impractical.

Daniel (Ahmad) Moghimi, one of the paper's authors, told The Register he doubts Intel will be able to patch the issue in the memory subsystem within the next five years.

"My personal opinion is that when it comes to the memory subsystem, it's very hard to make any changes and it's not something you can patch easily with a microcode without losing tremendous performance," he said.

"So I don't think we will see a patch for this type of attack in the next five years and that could be a reason why they haven't issued a CVE."

ZDNet has asked Intel for a comment and will update the story if it receives an answer.
https://www.zdnet.com/article/all-in...t-a-quick-fix/





FBI Head Christopher Wray: We Can't Let Criminals Hide Behind Encryption

Speaking at the RSA Conference, Wray acknowledges the topic is "provocative."
Laura Hautala

Encryption should have limits. That's the message FBI Director Christopher Wray had for cybersecurity experts Tuesday. The technology that scrambles up information so only intended recipients can read it is useful, he said, but it shouldn't provide a playground for criminals where law enforcement can't reach them.

"It can't be a sustainable end state for there to be an entirely unfettered space that's utterly beyond law enforcement for criminals to hide," Wray said during a live interview at the RSA Conference, a major cybersecurity gathering in San Francisco.

His comments are part of a back-and-forth between government agencies and security experts over the role of encryption technology in public safety. Agencies like the FBI have repeatedly voiced concerns like Wray's, saying encryption technology locks them out of communications between criminals. Cybersecurity experts say the technology is crucial for keeping data and critical computer systems safe from hackers. Letting law enforcement access encrypted information just creates a backdoor hackers will ultimately exploit for evil deeds, they say.

Wray, a former assistant attorney general in the US Department of Justice who counts among his biggest cases prosecutions against Enron officials, acknowledged Tuesday that encryption is "a provocative subject." As the leader of the nation's top law enforcement agency, though, he's focused on making sure the government can carry out criminal investigations.

Investigations of foreign hackers have been numerous, resulting in indictments of several in the past year, including hackers associated with the Chinese government who're accused of IP theft, as well as hackers believed to be connected with the North Korean government who're accused of creating the malware behind the WannaCry ransomware virus.

Wray also leads the FBI at a time when special counsel Robert Mueller, who headed the agency from 2001 to 2013, is investigating allegations that Russian spy agencies orchestrated a hacking campaign against the Democratic National Committee and other political organizations in the lead-up to the 2016 presidential election.

Hackers in other countries should expect more investigations and indictments, Wray said.

"We're going to follow the facts wherever they lead, to whomever they lead, no matter who doesn't like it," he said. To applause, he added, "I don't really care what some foreign government has to say about it."

He also countered claims that FBI employees are unhappy since the firing of former FBI Director James Comey. The agency has seen a spike in applications since October, the beginning of the federal government's fiscal year, Wray told the room.

"Rumors about our morale have been grievously overstated," he said.
https://www.cnet.com/news/fbi-direct...ner-with-feds/





From Hard Drive to Over-Heard Drive: Boffins Convert Spinning Rust into Eavesdropping Mic

GOOD ENOUGH TO RECOGNIZE MUSIC VIA SHAZAM IF YOU TURN IT UP TO 11
Thomas Claburn

It's not just the walls that have ears. It's also the hard drives.

Eggheads at the University of Michigan in the US, and Zhejiang University in China, have found that hard disk drives (HDDs) can be turned into listening devices, using malicious firmware and signal processing calculations.

For a study titled "Hard Drive of Hearing: Disks that Eavesdrop with a Synthesized Microphone," computer scientists Andrew Kwong, Wenyuan Xu, and Kevin Fu describe an acoustic side-channel that can be accessed by measuring how sound waves make hard disk parts vibrate.

"Our research demonstrates that the mechanical components in magnetic hard disk drives behave as microphones with sufficient precision to extract and parse human speech," their paper, obtained by The Register ahead of its formal publication, stated. "These unintentional microphones sense speech with high enough fidelity for the Shazam service to recognize a song recorded through the hard drive."

The team's research work, scheduled to be presented in May at the 2019 IEEE Symposium on Security and Privacy, explores how it's possible to alter HDD firmware to measure the offset of a disk drive's read/write head from the center of the track it's seeking.

The offset is referred to as the Positional Error Signal (PES) and hard drives monitor this signal to keep the read/write head in the optimal position for reading and writing data. PES measurements must be very fine because drive heads can only be off by a few nanometers before data errors arise. The sensitivity of the gear, however, means human speech is sufficient to move the needle, so to speak.

"These extremely precise measurements are sensitive to vibrations caused by the slightest fluctuations in air pressure, such as those induced by human vocalizations," the paper explained.

Vibrations from HDD parts don't yield particularly good sound, but with digital filtering techniques, human speech can be discerned, given the right conditions.

Flashing HDD firmware is a prerequisite for the snooping, the paper says, because the ATA protocol does not expose the PES. This could be accomplished through traditional attack techniques – binary exploitation, drive-by downloads, or phishing – or by intercepting HDDs somewhere in the supply chain and modifying them. The researchers point to the Grayfish malware attributed to the Equation Group as an example.

To exfiltrate captured data, the three boffins suggest transmitting it over the internet by modifying Linux operating system files to create a reverse shell with root privileges or storing it to disk for physical recovery at a later date.

While many computing devices come with microphones that might look like easier targets for hijacking, the researchers observe that security conscious individuals may disable known microphones in software or with hardware hacks. A hard disk-focused attack would be less expected.

But look, let's be real: for the vast, vast majority of people, this is all just a cunning academic exploitation of hard drive technology. No one's really going to bug you via your spinning rust.

But... if they were to, the PES sampling rate (34.56 kHz) allows the capture of audio signals up to 17.28 kHz, which covers almost all of human hearing (20 Hz–20 kHz) and is significantly better than the sampling rate of the telephone system (8 kHz). Since the PES data amounts to air pressure readings, the researchers simply turned the series of PES measurements into linear pulse-code modulation values and then converted these samples into sound via digital signal processing algorithms.

Wait, there's a catch

One limiting aspect of the described technique is that it requires a fairly loud conversation in the vicinity of the eavesdropping hard drive. To record comprehensible speech, the conversation had to reach 85 dBA, with 75 dBA being the low threshold for capturing muffled sound. To get Shazam to identify recordings captured through a hard drive, the source file had to be played at 90 dBA. Which is pretty loud. Like lawn mower or food blender loud.

The researchers acknowledge this is louder than most practical scenarios but they say they "expect that an attacker using state of the art filtering and voice recognition algorithms can substantially amplify the channel’s strength."

While the growing popularity of solid state drives diminish the risk even further, there were still twice as many hard drives sold with PCs in 2017 as there were solid state drives, the researchers claimed.

To prevent HDDs from being turned into microphones, the trio suggest hard drive makers sign firmware cryptographically and use TLS when distributing updates to prevent MITM attacks.

They also note that their work may open future research possibilities, such as using a hard disk's read/write head as a crude sounds generator to issue spoken commands to nearby connected speakers like Alexa, Google Home, and Siri.
https://www.theregister.co.uk/2019/0...eavesdropping/





Making the World a Lot Quieter

Mechanical engineers have developed an “acoustic metamaterial” that can cancel 94 percent of sound
Kat J. McAlpine

What sounds would you mute if you could? A pair of Boston University mechanical engineers are asking that question, with the ever-increasing din of drone propellers, airplane turbines, MRI machines, and urban noise pollution blaring in the mind’s ear.

“Today’s sound barriers are literally thick heavy walls,” says Reza Ghaffarivardavagh. Although noise-mitigating barricades, called sound baffles, can help drown out the whoosh of rush hour traffic or contain the symphony of music within concert hall walls, they are a clunky approach not well suited to situations where airflow is also critical. Imagine barricading a jet engine’s exhaust vent—the plane would never leave the ground. Instead, workers on the tarmac wear earplugs to protect their hearing from the deafening roar.

Xin Zhang and Ghaffarivardavagh were enticed by an alluring question: “Can we design a structure that can block noise but preserve air passage?”

Leaning on their mathematical prowess and the technology of 3D printing, it turns out they can. In a January 2019 Physical Review paper, the researchers argue that it’s quite possible to silence noise using an open, ringlike structure, created to mathematically perfect specifications, for cutting out sounds while maintaining airflow.

Numbers and noise control

“I’ve always been interested in acoustics,” says Ghaffarivardavagh, who finished his BSc in mechanical engineering at Sharif University of Technology in Tehran, Iran, before coming to Boston University for graduate school. Now, in Zhang’s lab, he’s close to finishing his PhD. “I like to work on something that I can hear or see the result. Something that I can have an impact on with issues we are facing nowadays.”

Having lived in other major cities before coming to Boston, Zhang and Ghaffarivardavagh have always marveled at the layered urban soundscape enveloping them. In Boston, the cacophony of the city is garbled together from airplanes flying overhead, the engines and horns of cars, trucks, and buses on the street, the rumble and screech of MBTA trolleys, and the hum of building appliances and power sources.

City life is so noisy, you have to find a way to create quiet moments, they say.

That got them dreaming up a sound baffle that wasn’t a barrier at all, but instead an open conduit. Such a feat could only be possible by developing a material with unusual and unnatural properties (known as a metamaterial), in this case with the ability to exert an isolated influence on sounds—an acoustic metamaterial.

“I’ve been working on metamaterials for more than a decade,” says Zhang, a multidisciplinary professor at the College of Engineering and the Photonics Center. “But it was Reza that gradually got me more excited about the fundamental idea of a marriage between acoustics and metamaterials. If you ask me and my colleagues, acoustic metamaterials is a relatively young direction…. It’s the future.”

Mute button, incarnated

Ghaffarivardavagh and Zhang let mathematics—a shared passion that has buoyed both of their engineering careers and made them well-suited research partners—guide them toward a workable design for what the acoustic metamaterial would look like.

“Sound is made by very tiny disturbances in the air. So, our goal is to silence those tiny vibrations,” Ghaffarivardavagh and Zhang say. “If we want the inside of a structure to be open air, then we have to keep in mind that this will be the pathway through which sound travels.”

They calculated the dimensions and specifications that the metamaterial would need to have in order to interfere with the transmitted sound waves, preventing sound—but not air—from being radiated through the open structure. The basic premise is that the metamaterial needs to be shaped in such a way that it sends incoming sounds back to where they came from, they say.

As a test case, they decided to create a structure that could silence sound from a loudspeaker. Based on their calculations, they modeled the physical dimensions that would most effectively silence noises. Bringing those models to life, they used 3D printing to materialize an open, noise-canceling structure made of plastic.

Trying it out in the lab, the researchers sealed the loudspeaker into one end of a PVC pipe. On the other end, the tailor-made acoustic metamaterial was fastened into the opening. With the hit of the play button, the experimental loudspeaker set-up came oh-so-quietly to life in the lab. Standing in the room, based on your sense of hearing alone, you’d never know that the loudspeaker was blasting an irritatingly high-pitched note. If, however, you peered into the PVC pipe, you would see the loudspeaker’s subwoofers thrumming away.

The metamaterial, ringing around the internal perimeter of the pipe’s mouth, worked like a mute button incarnate until the moment when Ghaffarivardavagh reached down and pulled it free. The lab suddenly echoed with the screeching of the loudspeaker’s tune.

“The moment we first placed and removed the silencer…was literally night and day,” says Jacob Nikolajczyk, who in addition to being a study coauthor and former undergraduate researcher in Zhang’s lab is a passionate vocal performer. “We had been seeing these sorts of results in our computer modeling for months—but it is one thing to see modeled sound pressure levels on a computer, and another to hear its impact yourself.”

By comparing sound levels with and without the metamaterial fastened in place, the team found that they could silence nearly all—94 percent to be exact—of the noise, making the sounds emanating from the loudspeaker imperceptible to the human ear.

A quieter world

Now that their prototype has proved so effective, the researchers have some big ideas about how their acoustic-silencing metamaterial could go to work making the real world quieter.

“Drones are a very hot topic,” Zhang says. Companies like Amazon are interested in using drones to deliver goods, she says, and “people are complaining about the potential noise.”

“The culprit is the upward-moving fan motion,” Ghaffarivardavagh says. “If we can put sound-silencing open structures beneath the drone fans, we can cancel out the sound radiating toward the ground.”

Detail photo of a ring shaped noise cancellation device built using an acoustic metamaterial both developed by Boston University engineers.

The mathematically designed, 3D-printed acoustic metamaterial is shaped in such a way that it sends incoming sounds back to where they came from, Ghaffarivardavagh and Zhang say. Inside the outer ring, a helical pattern interferes with sounds, blocking them from transmitting through the open center while preserving air’s ability to flow through. Photo by Cydney Scott

Closer to home—or the office—fans and HVAC systems could benefit from acoustic metamaterials that render them silent yet still enable hot or cold air to be circulated unencumbered throughout a building.

Ghaffarivardavagh and Zhang also point to the unsightliness of the sound barriers used today to reduce noise pollution from traffic and see room for an aesthetic upgrade. “Our structure is super lightweight, open, and beautiful. Each piece could be used as a tile or brick to scale up and build a sound-canceling, permeable wall,” they say.

The shape of acoustic-silencing metamaterials, based on their method, is also completely customizable, Ghaffarivardavagh says. The outer part doesn’t need to be a round ring shape in order to function.

“We can design the outer shape as a cube or hexagon, anything really,” he says. “When we want to create a wall, we will go to a hexagonal shape” that can fit together like an open-air honeycomb structure.

Such walls could help contain many types of noises. Even those from the intense vibrations of an MRI machine, Zhang says.

According to Stephan Anderson, a professor of radiology at BU School of Medicine and a coauthor of the study, the acoustic metamaterial could potentially be scaled “to fit inside the central bore of an MRI machine,” shielding patients from the sound during the imaging process.

Zhang says the possibilities are endless, since the noise mitigation method can be customized to suit nearly any environment: “The idea is that we can now mathematically design an object that can block the sounds of anything,” she says.
https://www.bu.edu/research/articles...lation-device/





Delete Never: The Digital Hoarders Who Collect Tumblrs, Medieval Manuscripts, and Terabytes of Text Files

This week, we are writing about waste and trash, examining the junk that dominates our lives, and digging through garbage for treasure.
Steven Melendez

When it comes to their stuff, people often have a hard time letting go. When the object of their obsession are rooms full of old clothes or newspapers, it can be unhealthy—even dangerous. But what about a stash that fits on 10 5-inch hard drives?

Online, you’ll find people who use hashtags like “#digitalhoarder” and hang out in the 120,000-subscriber Reddit forum called /r/datahoarder, where they trade tips on building home data servers, share collections of rare files from video game manuals to ambient audio records, and discuss the best cloud services for backing up files.

The often stereotyped hoarders letting heaps of physical items of questionable utility dominate their homes and lives often suffer social stigma and anxiety as a result. By contrast, many self-proclaimed digital hoarders say they enjoy their collections, can keep them contained in a relatively small amount of physical space, and often take pleasure in sharing them with other hobbyists or anyone who wants access to the same public data.

“Data hoarder means to me simply someone who collects and curates digital data,” said the user -Archivist, one of the moderators of /r/datahoarder, in a private message on Reddit. “It’s a little removed from the disorder we usually see from traditional hoarders.”

“Data hoarding isn’t about just buying $3,000 worth of hard drives just for posting them here. What’s interesting is what you do with your storage.”

He and many of his fellow subreddit users also take pride in keeping their data well organized into folders and subfolders. Some even take pains to keep the forum itself from getting bogged down with dubious material: One of the most popular recent threads begs users to stop spamming the subreddit with photos of their hard drives.

“Data hoarding isn’t about just buying $3,000 worth of hard drives just for posting them here,” wrote user Nooco24, one of the site’s moderators. “What’s interesting is what you do with your storage.”

What users seem to prefer to see are discussions of unusual and intricate storage setups, guides to using complex archive software and, of course, interesting datasets, from public-domain collections of vintage scientific papers to old BBC sound effect samples. Public archives, naturally, are a plus.

In addition to roughly 2.6 petabytes stored on a system of servers in his spare room—data collection size is the one fact each moderator highlights on the forum’s mod list—-Archivist is also the data curator and server manager of The Eye, a sprawling online archive of everything from vintage movie posters to beer-brewing guides to video games from short-lived console systems of the 1980s. A German resident in his late 20s who restores historic paintings and documents for a living, -Archivist said he got his start collecting printed and digitized medical journals.

“After that came piracy, which I was introduced to early on by my stepfather,” he quipped, leading him to start developing collections of movies and TV shows. Today, he personally prefers to collect digital books and texts, which he said are often quick to disappear from the internet.

“Most other data types aren’t so rare,” he said. “Weird and obscure books and texts seem to vanish first.”

Many people active in the data hoarding community take pride in tracking down esoteric files of the kind that often quietly disappear from the internet—manuals for older technologies that get taken down when manufacturers redesign their websites, obscure punk show flyers whose only physical copies have long since been pulled from telephone poles and thrown in the trash, or episodes of old TV shows too obscure for streaming services to bid on—and making them available to those who want them.

GitHub, owned by Microsoft since late last year, is mostly known for hosting source code for collaborative programming projects. But it’s also home to a collection of works by the Polish surrealist painter Zdzisław Beksiński uploaded by the user itdaniher, a Midwesterner and /r/datahoarder user who’s been collecting data for a decade and asked to only be identified by their username.

“I’ve been in touch with his estate a little bit, and they’re fine with me hosting a mirror of his works,” said itdaniher, who first obtained the images from a shared BitTorrent file, in a phone interview. Another file they uploaded to GitHub is a database mapping more than 2,000 common names of plants to their Latin scientific names, with entries from “Abe Lincoln Tomato” to “Zuni Gold Bean.” Itdaniher, who also enjoys gardening and doesn’t identify as a true “hoarder”—“I try to exercise a certain level of judiciousness,” they say, usually spending three or four hours a week archiving—hopes to expand the list into a larger project documenting ideal temperatures, soil and other conditions for growing the various plants. They hope to find that data scattered across the internet, just as the list of names initially was.

“The internet is a big place, and a lot of times I will find other people who have HTML tables on their web pages that have some information, but a small fraction of the information that I want,” itdaniher said. “Sometimes it’s finding personal sites where [someone’s said] here’s the list of the common and Latin names for the plants I’m growing this year.”

“The internet is a big place, and a lot of times I will find other people who have HTML tables on their web pages that have some information, but a small fraction of the information that I want. Sometimes it’s finding personal sites where [someone’s said] here’s the list of the common and Latin names for the plants I’m growing this year.”

Itdaniher, an experienced Linux system administrator, also runs software provided by the group Archive Team to help download materials at risk of disappearing from the internet and help them make their way to the nonprofit Internet Archive. Founded by the digital archivist and filmmaker Jason Scott in 2009, Archive Team calls itself “a loose collective of rogue archivists, programmers, writers and loudmouths dedicated to saving our digital heritage.” Members frequently scramble to preserve aspects of internet history before they disappear as sites fade from the web. Through a mix of manual labor and distributed bots, the project has archived large swaths of sites including the classic free web host Geocities, the text-hosting platform Etherpad and the blog platform Xanga.

“Since 2009 this variant force of nature has caught wind of shutdowns, shutoffs, mergers, and plain old deletions—and done our best to save the history before it’s lost forever,” the group says on its official site.

Itdaniher shared with Scott a collection of Tumblr postings linked from Reddit and tagged as “not safe for work” as part of a global effort to preserve adult content on the now-Verizon-owned blogging network, after the company controversially announced it would no longer allow such material. At least 344,000 archived Tumblr sites marked for deletion are en route to the Internet Archive or already uploaded where they’ll be publicly accessible, Scott said.

“I was able to contribute to that larger project of saving that aspect of internet culture for future generations,” said itdaniher.

Some /r/datahoarder users acknowledge they collect files that other people might not find interesting: HeloRising, a man in his mid-30s from the Pacific Northwest, said via Reddit PM that he’s built up a collection of high-quality digital copies of illuminated manuscripts, which he said he finds fascinating but has yet to find other uses interested in sharing. The files sometimes get posted by institutions that house and scan the medieval documents, but they’re often difficult to download and can disappear over time or live on only in obscure online archives.

“The illuminated manuscripts are unicorns,” he said. “They turn up in odd places.”

HeloRising, who has about 30 terabytes in total of data and spends five or six hours per week on the hobby, said the Reddit community has been a “treasure trove” of useful advice and information. It’s a common sentiment from users, who enjoy solidarity and support on the subreddit, where a recent comment thread filled with excitement about a newly organized collection of thousands of vintage video game manuals.

“Having a community is great,” said itdaniher. “It makes me feel like the time that I spend, I’m working towards of a common goal of not throwing things down the proverbial memory hole, the 1984 trash disposal of uncomfortable facts.”

While people with hoarding disorders are often isolated, embarrassed and overwhelmed by disorganized piles of clutter, members of /r/datahoarder tend to take pride in their digital collections and thrive on keeping them organized, whether for sharing or personal use. More than a few work in technology or simply enjoy tinkering with computers, so tweaking download scripts and data storage networks is a fun part of their hobby, not a chore. Some also share custom-crafted archiving tools and other software they’ve created on GitHub, which can serve as a portfolio for those seeking programming jobs or just a high-tech social outlet.

“Having a community is great. It makes me feel like the time that I spend, I’m working towards of a common goal of not throwing things down the proverbial memory hole, the 1984 trash disposal of uncomfortable facts.”

“With time flying, we aren’t just people archiving data together, we are more than that,” said Corentin Barreau, a 19-year-old administrator on The Eye who is nicknamed “The French Guy,” in a Twitter direct message. “Beside that, I have an affection to everything that links to collections, even IRL, I like to collect, and it’s peaceful to sort data, it’s satisfying. And the joy of people when you share something [is] worth more than everything.”

His most prized archive is a set of “family memories,” digitized from analog photos and VHS tapes taken by his loved ones over the years. Barreau keeps local copies of the digital versions, as well as looking after cloud backups and the analog originals.

“That’s the most exciting thing [I’ve] done, and the collection I’m most proud of,” he said.

Barreau said he doesn’t see himself as a hoarder in a negative sense, since it doesn’t negatively impact his personal life.

“It’s just a passion, like people doing sports every day, or painting,” he said with an ASCII wink.

As with other mental health issues, experts say hoarding really becomes an issue when it interferes with people’s happiness or gets in the way of everyday life. Collecting, on the other hand, can be a perfectly healthy hobby, whether people are collecting baseball cards or rare Frank Zappa MP3s.

“The collections tend to give pride and positive feelings, whereas hoarding tends to be associated with stress and disorganization,” said Gregory Chasson, an associate professor of psychology at the Illinois Institute of Technology who has studied hoarding disorder. “There doesn’t tend to be a sense of cohesion or a theme.”

And digital media’s small physical footprint means it’s harder for even disorganized files on hard drives or USB sticks to grow unmanageable and dominate spaces the way physical collections of clothes, books or other materials can.

“The collections tend to give pride and positive feelings, whereas hoarding tends to be associated with stress and disorganization.”

“I walk into homes where I can’t discern where sleeping, bathing and eating takes place because of the volume of the stuff,” said Regina Lark, owner of the Los Angeles area professional organizing firm A Clear Path, which helps people with physical hoarding problems. “I would imagine the uber-acquiring of digital media is not impairing the quality of your life, unless that is what you’re spending your life on, is acquiring.”

Still, problem digital hoarding, where massive collections of files, inbox messages and other digital data bring stress to their owners, isn’t unheard of, including among people who already struggle with hoarding tangible objects. Chasson said anecdotally, it’s not uncommon to see people with hoarding issues also have computer desktops riddled with icons or email accounts stuffed with unread messages. There hasn’t yet been much formal research into digital hoarding, he said. But a recent paper he coauthored does suggest a connection with physical hoarding, finding “higher levels of physical acquiring behaviors were significantly related to increased distress” when experimental subjects were falsely told a digital item from their Pinterest collections would be deleted.

“Ultimately, I think it’s tapping into the same mechanisms for a lot of people,” he said.

Both physical and digital hoarding can be motivated by the fear of permanently losing something important, even if others might think it’s easily replaceable or simply trash, said the creator of the YouTube channel I am a Compulsive Hoarder, a self-proclaimed “disposophobic” (referring to her fear of throwing out something that might prove valuable) who asked that her name not be used.

“I would imagine the uber-acquiring of digital media is not impairing the quality of your life, unless that is what you’re spending your life on, is acquiring.”

“I start thinking, but that particular article has such good information, I’m not going to find it again,” she said. “We can’t even consider the possibility we could find a better article.”

She said she has a tendency to store disorganized collections of web articles describing exercises she’s never done, foods she’s never prepared and even treatments for hoarding. Managing text messages can also be stressful, since she worries about deleting conservation histories en masse without going through each individual message. Even e-commerce can bring challenges for people with hoarding issues, she said, as websites guilt them into signing up for inbox-clogging discount newsletters they hesitate to delete or unsubscribe from.

“They get inundated about marketing emails,” she said. “Once you’re there, it’s hard to get unsubscribed, because now you’ve got FOMO.”

When old files do turn out to be valuable—like old Christmas newsletters that bring back old memories, or a wedding speech she recently unearthed and shared with a delighted friend—she has to remind herself it’s not a reason to stockpile every bit of data.

“When I found something else everyone else is so glad I kept, I really have to splash cold water on my face and tell myself, don’t let this be a reason to start saving stuff,” she said. “I don’t want to keep getting more hard drives.“

The fact is, though, it is often genuinely difficult for users without a decent amount of technical experience to find the right balance. Many systems don’t make it easy to find, organize and back up valuable files, while shunting more ephemeral data to the digital trash heap. Social networking sites are notoriously difficult to search, let alone download content from. Cloud services shut down or change policies often with little notice, said the Archive Team’s Jason Scott, like Tumblr’s about-face on erotic pictures, Google’s move to shut down social network Google+ or the venerable photo-sharing site Flickr’s recent announcement it would begin purging images from legacy free accounts with more than 1,000 pictures uploaded as of March 12.

“We have consistently been working since the mid-80s to turn every single aspect of life into a digital file in one way or another,” Scott said. “People are suddenly discovering they don’t own their data, and all your life is data.”

Archive Team sometimes finds itself effectively the last stop before data disappears from shuttering services. That means there’s often little time or desire to distinguish between trash and treasure. But many of the group’s volunteer archivists—some of whom also frequent forums like /r/datahoarder—are more inclined to find joy and pride than frustration in loading their hard drives and public online archives with as much data as they can save for posterity.

“People are like really, you’re gonna save a bunch of furry art?” Scott said. “Well, we don’t know, and we’re not going to be the ones to make that decision.”
https://gizmodo.com/delete-never-the...lrs-1832900423

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

March 2nd, February 23rd, February 16th, February 9th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 02:40 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)