P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 20-01-16, 08:54 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - January 23rd, '16

Since 2002


































"I don’t think it is Silicon Valley’s decision to make about whether encryption is the right thing to do." – AT&T CEO Randall Stephenson


"Encryption is foundational to the future, so spending time arguing about, 'Hey, encryption is bad and we ought to do away with it,' that's a waste of time to me." – NSA Director Adm. Michael Rogers


"End-to-end encryption is good for America." – Former NSA Director Gen. Michael Hayden


"File sharing helps lesser–known artists only if they are actually talented." – Jonathan Lee, Queen’s University, Ontario






































January 23rd, 2016




Kickass Hit by DDoS as Latest Pirate Bay Domain is Blocked
Chris Cooke

Now, you often find us sitting here in the Legal News section reporting on downtime over at The Pirate Bay.

But we all know that you, as a responsible CMU reader, aren’t really concerned when the infamous file-sharing platform goes offline. Because you get all your nicked music and movies from KickassTorrents. Sorry, I mean, you respect copyright, and the creative and commercial investment artists, actors, labels and studios make to entertain your minds, and would never dream of circumventing a web-block and doing some piracy.

Anyway, in recent days it has been KickassTorrents – the world’s most visited torrent site (apparently, I don’t know what a torrent is, I get all my entertainment from legit suppliers like Sainsbury’s) – that’s all wobbly.

The site was offline on a number of occasions because of one of those fashionable DDoS attacks. The piracy service’s operators confirmed to Torrentfreak that its DNS servers had been targeted by the attack, adding that they were busy trying to resolve the issue. The service is seemingly back online this morning, though has gone back up and then back down again since the DDoS began.

Meanwhile, back at the old Pirate Bay, its latest domain has already been suspended. As previously reported, having had all six of the domain names it activated last year blocked by the respective domain registries, the Bay made thepiratebay.ms its primary address earlier this month. The Montserratian domain registry responded by blocking it almost immediately.

The piracy site has switched to numerous new domains in recent years fearing its original .se and .org web addresses would be seized or blocked. Though ironically pretty much every domain except .se and .org has been taken, with those two still operational.
http://www.completemusicupdate.com/a...in-is-blocked/





Carleton Grads Develop Wire-Free File Sharing App

Episync offers file transfers between devices via Wi-Fi
Alex Robinson

Wires, be gone!

When Nishant Bhasin and Boris Misljencevic were in their fourth year of university, they wanted to figure out a way to speed up the process of transferring files from one device to another without the use of cables.

The two recent Carleton University graduates decided to develop an app – called Episync – that would do just that.

“We decided that it’s a hassle to bring wires everywhere,” Bhasin said.

“If you own a smart phone but want to transfer files, you have to plug into a computer and use iTunes.”

The duo worked on the app through a project in their software engineering program at school. They have already launched an Android version of the app and are working on a prototype for iPhones they are hoping to have ready by late March.

The app differs form other file transferring programs such as Dropbox as the user can use Episync without even connecting to the Internet, as long as both devices are connected to the same router or network.

“With Dropbox what you’re doing is you’re uploading files to the server and then onto the second device,” Bhasin said.

“We don’t have a server. If you’re on the same Wi-Fi, you can transfer from one device to another. You risk your privacy when you upload to a server.”

The app simplifies and speeds up a process that can sometimes be cumbersome, with the ability to sync 10 gigabytes worth of files in just 10 minutes, Bhasin said.

The two tech developers are looking at how they can have the app connect to Google Drive and iCloud so that users can access all their files.

Bhasin has been working on the app with Misljencevic in his spare time recently as he now works full-time at a start up called GymTrack.

The two are now looking to get some funding to get the app off the ground and are looking into getting some office space from Invest Ottawa.

Bhasin is set to speak about his experience getting the app up and running at the Ottawa PC Users’ Group’s monthly meeting at the Canadian Aviation and Space Museum on Feb. 10 from 7:30 p.m. to 9 p.m.
http://www.ottawacommunitynews.com/n...e-sharing-app/





File Sharing Service Send Anywhere Pulls In $6M Series A From Rakuten Ventures
Jon Russell

Send Anywhere, a free peer-to-peer file sharing system, is getting a power boost of its own after ESTmob, the Korea-based company behind the service, landed $6 million in fresh funding.

The four-year-old company raised a $1 million seed round back in 2014 and this Series A was provided by in full by Rakuten Ventures, the VC firm and global fund associated with Japan’s top e-commerce firm. Rakuten Ventures led Send Anywhere’s seed round two years ago, which including participation from a number of angel investors.

It’s fairly rare to see a single investor front a Series A round. Many companies look to maximize their network and bring more minds onboard at this point, while, in Asia, it is even more common for investors to group together at this stage. But that’s not the case for Send Anywhere.

“We’ve considered other parties [for this round], but [adding] more investors can make it more complicated,” Estmob co-founder Suhyuk Kang told TechCrunch in an interview. “Plus, Saemin [Ahn, Rakuten Ventures managing partner] wants to focus more on growth rather than monetization.”

Indeed, to this point, Send Anywhere has not monetized its product. The service is available via a web interface, Chrome extension, WordPress plug-in and the usual array of mobile and desktop apps, including iOS, Android, Windows and Mac. A new and improved 3.0 version, including an pause/resume feature, has landed on Android, and is rolling out to other platforms from next month.

Rather than usual file-sharing, Send Anywhere takes a security conscious route by offering a 10-minute download time. Take too long and the download won’t be completed, plus the file-share itself is passcode/QR locked, meaning the sender needs to provide the recipient with a code to enable the download.

Finally, the service is peer-to-peer so it requires both parties to be online during the transfer, but there is a 24-hour ‘upload and share’ option which provides a little more flexibility. That, Kang explained, means the file isn’t stored on Send Anywhere’s server — which is interesting to note given past security concerns around NSA access to services like Dropbox. Interestingly, too, there is no cap on the size of files being transferred while you don’t need an account to get started, although getting one provides access to past history and other features.

Kang told TechCrunch that the service surpassed 1.5 million monthly active devices (both send and receive) last month, and five million app downloads to date across all platforms.

Photos are, perhaps unsurprisingly, the most transferred file format on the service, accounting for 43 percent of exchanges ahead of videos, 19 percent. Korea is the company’s largest market for usage (26 percent), followed by the U.S. (19 percent), Japan (nine percent), India (six percent) and UK (three percent).

The Series A money will be spent on new marketing campaigns, developing the Send Anywhere technology, and growing the company’s current headcount of 16 staff.

“We will heavily focus on hiring new engineers. We want to make our core technology stronger and will work on finding the optimal transfer path between devices,” Kang said, adding that the service is faster than competing offerings.

Kang emphasized that the company isn’t likely to begin making money from its product until it reaches a milestone like 10 million monthly users. Then, he added, it may consider monetization via advertising, although nothing is set in stone at this point.

One more subtle area where it may monetize is around its API. Samsung is the first company to be granted access to the Send Anywhere API, which is powering a new service for its printer business that allows enterprise customers to send scans to a device direct from their printer.

Like the Samsung partnership, Send Anywhere’s API could be opened to partners who then pay for usage.

I like the Send Anywhere service which, coupled by the fact that it isn’t making money yet, makes me somewhat wary that the company might go the same way as similar services like Bump, which was acquired by Google in 2013 and promptly shutdown months later. Particularly since the technology could have value to Rakuten (*Investor Klaxon*) and Samsung (*Partner Klaxon*), but both ESTmob and Rakuten Ventures are adamant that there is a business to be built here.

“The technical infrastructure of the application is what originally drew me to them,” Rakuten Ventures’ Ahn said in a statement. “Their two core tenants of simplicity and efficiency is what separates them from others and makes this an irreplaceable application. The only thing better than their product is the way the team works together. This injection of financial capital coupled with the release of Send Anywhere 3.0 will help 2016 be Send Anywhere’s best year yet.”
http://techcrunch.com/2016/01/20/sen...lion-series-a/





Canadian Court Dissects File-Sharing Programs as Child Porn Trial Continues

Does the average downloader know they're also an uploader?
Linda Richardson

The cross-examination of a city police computer forensic expert Thursday at the trial of a Sault Ste. Marie, Ont. man charged with child pornography offences centred on whether an "average person" would understand the properties of file-sharing programs.

Using the example of downloading movies on such a program, defense counsel Bruce Willson questioned whether a person would be aware that the information also was being uploaded from his computer.

"If I get a movie I have to share it?" he asked Det. Const. Doug Erkkila, during the fourth day of Robert Capancioni's trial.

"Yes, it's file sharing," the technical crime unit officer said.

When doing the download there are ways to limit the amount of information going out (from your computer), but you can't negate it, Erkkila told him.

Capancioni has pleaded not guilty to possession of child pornography and distributing it on the Internet.

Since the trial began Monday, Superior Court Justice Edward Gareau has only heard evidence from Erkkila, the first witness called by assistant Crown attorney David Kirk.

During his cross-examination about the file-sharing application on his client's computer, Willson also questioned whether the average person who was installing it would read what he called "all the fine print" in the contract at the beginning of the program.

Erkkila responded that the information is presented to the person and it "is ample information" to the user that "it's two-way traffic," that you are downloading and uploading information.

When Willson asked if this should be obvious to any user, the officer replied that he personally believes that "with all the information available the user should know this is a two-way highway."

"Anybody who has downloaded things should know this off the bat?" the defence lawyer wondered.

"I don't feel someone can be willfully blind to this," the officer replied, saying if a person is computer literate enough to install the program he can understand it.

Whether a person cares or not, there is information available to the user that shows the transactions involved, he said.

Earlier this week, Erkkila testified that he discovered in 2012 that a computer used by Capancioni was making child pornography available on the Internet.

He said that he monitored the IP address until he obtained enough information for a search warrant.

The officer told Gareau he downloaded 734 files, of which 244 he determined were child pornography, from Capancioni's computer on Dec. 31, 2012.

When the warrant was executed on Jan. 15, 2013, police seized a number of devices including a laptop computer.

When he conducted a forensic analysis of the computer, Erkkila said he discovered the hard drive had been divided into two sections.

Although he was provided with some passwords, he said he was unable to open one section because it had been encrypted.

Erkkila then ran a keyword search on the seized laptop and another device using words and titles that he had garnered during his online investigation and found 16,000 separate entries for these words, the court heard.

On Thursday, Willson also wanted to know how someone would know what words to enter when searching for child pornography.

"There are a lot words synonymous with child pornography," that people searching for it know to use, Erkkila said, indicating he couldn't say where suspects get the words.

Is there child pornography DNA, that "they know when a search is going (to get a) hit," Willson retorted.

"There are hundreds of words synonymous with child pornography," Erkkila told him again.

The officer agreed that when a list comes up from a search you can't see what is in there unless you open the items.

"You may get things there you don't want," Willson suggested.

"Okay," the officer responded.

Erkkila said although he couldn't tell the court what a person would see when downloading "I can tell you some person entered key words prior to that."

He added that he doesn't what know those words are.

The trial wrapped up this morning.

Closing arguments are scheduled to take place in April.
https://www.sootoday.com/local-news/...ntinues-188769





Facebook: Adding Tor Support on Android

We created a Tor onion address at https://www.facebookcorewwwi.onion/ in 2014 to make it easier for people to connect to Facebook securely from Tor-enabled browsers. This change increased the security of Tor connections to Facebook by eliminating steps that required traffic to travel beyond the cryptographic assurances provided by the Tor network.

Since then, a sizeable community of people has grown to use this feature and help us make it more efficient and reliable. We commonly receive requests for additional platform support beyond the browser, and thanks to a project initiated by a summer intern at Facebook and subsequently picked up by our Protect and Care team in London, we are now offering experimental support for using Facebook over Tor via the Orbot proxy app for Android devices.

We're releasing this feature over the next few days to seek feedback which will help us create a great experience for using Facebook over Tor on Android. To get started you can head over to Google Play or the Orbot F-Droid repository and download Orbot: Proxy with Tor.

You can also find more instructions on the Tor Project’s Android page.

After installing Orbot, visit your Facebook “App Settings” menu to enable the feature using a new preference switch. Further information and updates will be posted on the Facebook over Tor page.
https://www.facebook.com/notes/faceb...14612545312134





The Tor Project Raised Over $200,000 From Its First Crowdfunding Campaign
Jon Russell

In the quest to lessen its reliance on grants from the U.S. Government, the Tor Project began its first crowdfunding campaign back in November. That initial funding drive is now over with the organization announcing that it brought in just over $200,000 in donations — $205,874 from 5,265 donors, to be precise — over the six-week period.

Tor — which uses anonymous, volunteer-based servers to provide a more secure Internet experience — has always been open to donations, but this time around it mounted a more public campaign with a focus on its most prominent users, including NSA whistleblower Edward Snowden, who explained why they value the service.

The Tor Project recently revealed that its annual revenue was $2.5 million in 2014, however most of that money came from the government. The organization said in filings that federal grants accounted for 75 percent of its 2014 revenue. That’s lower than in 2013, when grants were 90 percent of its income. Tor is likely to continue to rely on grants for the bulk of its funding for some time, but the crowdfunding push and increased visibility is aimed at increasing donations to offset that somewhat and give it resources for additional projects.

“We knew we wanted to diversify our funding sources; crowd funding gives us flexibility to do what we think is most important, when we want to do it. It allows us to fund the development of powerful new privacy tools. Or make the ones we have stronger and more resilient. Or pay for things we need like a funded help desk or an Arabic version of our web site,” the organization said in a blog post.

As we wrote back in November when this donation campaign kicked off, there’s tension between the Tor Project and authorities, despite the fact that Tor routing was initially developed as a U.S. Navy project and was first funded by DARPA. A number of reports last year suggested that the FBI compensated researchers at Carnegie Mellon with $1 million for working on ways to crack Tor. The university denied the “inaccurate” claims, but the link was enough to raise suspicion among the cybersecurity community.

In other Tor-related news this week, Facebook expanded its support for Tor to cover Android. The social network giant first offered support for the project in 2014, when it opened its own Tor address: facebookcorewwwi.onion.
http://techcrunch.com/2016/01/21/tor...unding-200000/





Here’s What Tor’s Data Looks Like as It Flows Around the World
Andy Greenberg

For a tool that’s meant to serve as a cloak of online anonymity, Tor is surprisingly transparent. The non-profit Tor project whose software powers its network of thousands of volunteer proxy computers also publishes a frequently updated collection of data about the location and bandwidth of those privacy-enhancing machines on desks and in datacenters around the world. Now a data visualization company has assembled that data into an interactive graphic, beautifully capturing the Tor network’s complexity and scale.

TorFlow, a project created by the data visualization software firm Uncharted, maps the Tor network’s nodes and data movements based on the IP addresses and bandwidth of the “relay” computers that bounce around its users’ connections to prevent them from being censored or surveilled. (A simplified version is shown above, but the full interactive graphic is hosted at Uncharted’s website.) “The whole point of the Tor network is to remain anonymous,” says David Schroh, one of Uncharted’s software engineers who built TorFlow. “But by visualizing it, can you see patterns you wouldn’t expect.”

One unexpected takeaway: just how much it is actually privacy-loving Europe that supplies Tor’s bandwidth, despite the project’s American roots as a U.S. Naval Lab research project adopted by MIT coders. Though the United States provides more than 1,300 of Tor’s 6,000 nodes at last count, the biggest hubs on TorFlow’s map are in Germany, France, the Netherlands and England. TorFlow also reveals Tor nodes in unlikely places, such as Libya and Liberia, where we would expect Tor to be used but not necessarily hosted. And the map shows the network’s growth over the last eight years, spreading from the West to countries like Israel, Indonesia and Japan.

TorFlow is primarily designed to map out Tor’s infrastructure, but also includes some data about the number of users in any given country, represented by the country’s shade on the map. Click on a country, and it shows a chart of the country’s Tor usage over time. (Check Egypt, and you’ll see spikes in usage during the first Arab Spring protests there in 2011 and then again after a political coup in 2013.) That makes TorFlow not just a map of anonymity online across the globe, but across time, too.
http://www.wired.com/2016/01/heres-w...und-the-world/





Study Finds Digital Music Sales the Least Hurt By Piracy... Eight Years Ago
Billboard Staff

Is there a silver lining to online music piracy? A new research paper (that focuses on some fairly old data) delves into the relationship between file sharing and music sales, coming up with mixed results and little closure for the contentious issue.

In a study called "Purchase, Pirate, Publicize: The Effect of File Sharing on Album Sales," Jonathan Lee of Queen’s University in Ontario monitored both the sales and pirated downloads of 2,251 albums... from 2008. (For some perspective, that's the same year that Spotify arrived in the U.S.) Legitimate album sales data came from Nielsen SoundScan, while file sharing stats were pulled from a BitTorrent tracker. "From the results, I conclude that file sharing activity has a statistically significant but economically modest negative effect on legitimate music sales," he writes.

An artist’s popularity played a major role in how big that impact was. Lee’s evidence showed that for top-tier artists, file sharing caused a decrease in physical sales but a modest increase in digital sales, suggesting that the impact of word-of-mouth is most felt in the digital market. For mid-tier artists, physical sales were unaffected while digital was slightly up. Sales for lesser-known artists were "significantly hurt by file sharing," according to Lee, "which could indicate that file sharing helps lesser–known artists only if they are actually talented."

The researcher argued that how listeners choose among physical, digital and illicit markets is "illuminating in its own right, and the interaction of conventional markets with diffuse digital markets is of broad interest to researchers."

He added, "But the results can also inform business and policy decisions in the market for music and for other media as well. Trade groups such as the Recording Industry Association of America (RIAA) and the International Federation of the Phonographic Industry (IFPI) spend considerable effort and resources to deter piracy and shut down file sharing networks like the one studied in this paper. If the effect of file sharing on sales is small, this expense may not be worth it. The results of this paper should help to inform such cost–benefit analysis by trade groups, law enforcement agencies, and policymakers."

The full paper can be found here.
http://www.billboard.com/articles/bu...ight-years-ago





Old Albums Outsold New Releases for the First Time Ever

You can thank vinyl for that
Micah Singleton

2015 may have been a good year for the music industry, but it wasn't a great year for music released in 2015. For the first time since Nielsen began tracking music sales in the US, catalog albums (an industry term for anything released over 18 months ago) outsold new releases.

There are a number of factors that add up to catalog albums taking the sales crown. Music streaming was up 92 percent from 2014 and physical album sales for new releases dropped 14 percent, while catalog album sales only decreased by 2 percent.

Catalog sales

Add in the revival of vinyl records to that — 12 million units were sold in the format, with records from Pink Floyd, The Beatles, and Miles Davis making up three of the five best-selling vinyl albums — and catalog albums had the juice to top new releases, despite Adele selling 7.4 million units of 25 in 2015. (And if you're thinking older people are carrying the vinyl revolution, think again; Taylor Swift's 1989 was the second biggest vinyl album of 2015.)

Catalog music is also dominating music streaming as well, with new releases only making up 30 percent of audio and video streaming volume. 2015 may have just been a bad year for new music from the biggest stars, with no albums from Beyoncé, Taylor Swift, Rihanna, Kanye West, and Frank Ocean (Frank, where are you????) or everyone could have just been playing 21 on repeat waiting for Adele to finally release her new record. Either way, America wasn't really in love with what 2015 had to offer.

Vinyl Sales 2015

New albums still have a slight lead when it comes to digital sales, and if the numbers hold steady throughout 2016, it can maintain that lead. But it's clear the immediate future of music consumption may be led by catalog releases as more and more people embrace streaming as a viable music source and vinyl sales continue to grow.
http://www.theverge.com/2016/1/22/10...alog-streaming





Verizon Wireless Selling Data Cap Exemptions to Content Providers

Video, music, app downloads, and ads can be exempted from caps for a fee.
Jon Brodkin

Verizon Wireless, like AT&T before it, is now charging online content providers a fee to get their services exempted from customers' data caps.

With Verizon's "FreeBee Data 360," content providers are billed for each gigabyte they serve to consumers, while the consumers can access the providers' services without using up their data allotments.

"Content providers can sponsor specific consumer actions on a per-click basis, free of data charges for subscribers—including mobile video clips, audio streaming, and app downloads," Verizon said today. Data used for advertisements can also be sponsored by the company delivering the ad.

AT&T has been selling sponsored data under a similar scheme since January 2014. T-Mobile USA has been exempting certain video and music services from its caps, but it isn't charging content providers for the exemptions.

Data cap exemptions are controversial because they put services without the exemptions at a disadvantage. The Federal Communications Commission's net neutrality rules don't specifically outlaw data caps or data cap exemptions, but the FCC evaluates on a case-by-case basis whether specific implementations harm consumers or businesses. The FCC has been holding meetings with companies that implement data cap exemptions (also known as zero-rating), but it hasn't taken any action against them.

Verizon's FreeBee Data doesn't appear to be designed for full movies, as the product page says businesses can "sponsor up to 30 seconds of mobile video streaming." They can also sponsor up to 30 minutes of audio streaming.

FreeBee will place a picture of a bee (seen at right) next to sponsored content to let subscribers know they can click it without using data.

Businesses can apparently sponsor the data for just about anything. "With FreeBee Data 360, businesses can sponsor some or all of their app or website," Verizon said.

Verizon said the service will start January 25 with beta trials involving Hearst Magazines, AOL, and Lantern Software's GameDay sponsoring mobile content for 1,000 test subscribers. While full commercial availability is expected to happen sometime later this year, Verizon said that "other brands are welcome to participate in the trial."
http://arstechnica.com/business/2016...ent-providers/





Netflix’s Global Growth Faces New Threats

Rivals abroad band together as competition at home intensifies, putting fresh pressure on the streaming giant
Shalini Ramachandran and Nick Kostov

When Netflix Inc. won rights to premiere gothic TV drama “Penny Dreadful” in several European countries, local media companies that lost out were miffed.

They were growing increasingly frustrated that the streaming juggernaut is scooping up exclusive rights to top shows as it pursues an aggressive global expansion, locking them out in their home markets. It was time to mount a response.

Shortly after the “Penny Dreadful” deal in late 2014, senior executives at French pay-television group Canal Plus and rival operator Sky PLC met to discuss jointly bidding for TV shows, a way to counter Netflix, people familiar with the discussions say.

“’Penny Dreadful’ was a big battle; we absolutely wanted it,” a person familiar with Canal Plus’s thinking said. “On our own, we couldn’t do it anymore.”

Similar discussions are taking place among Netflix’s rivals elsewhere. Streaming service Viaplay in the Nordics has been talking with Australian streaming service Stan, Lightbox in New Zealand and Hulu in the U.S. with hopes of forming a bidding alliance in time for May’s annual screenings of new shows for international buyers in Los Angeles, people close to the talks say.

Europe’s Sky, which effectively is controlled by 21st Century Fox, has held similar conversations with Canada’s Bell Media and Australia’s Foxtel in recent months, other people involved say. Others, including Southeast Asian streaming services iflix and HOOQ, as well as Canada’s Shomi, also are in the mix.

Executives say discussions are nascent and acknowledge hurdles toward getting multiple companies in different countries to agree on content.

But taken together, the talks are a burgeoning rebellion against Netflix’s growing global might. The companies hope banding together will allow them to make more appealing offers to TV studios that create and sell shows.

“The competition is bloody fierce,” said Jakob Mejlhede, executive vice president at Sweden’s Modern Times Group, which operates Viaplay. “If you enter into a straight up bidding war with Netflix, you are most likely going to lose.”

With 69 million total customers, including 26 million outside the U.S., and a $5 billion content budget for this year, Netflix is willing to outbid most any local TV network or streaming service. The company this month announced it is now available in more than 190 countries, including 130 new markets such as Russia and India.

Still, Netflix has yet to turn its international investments into profits. It will need to keep up subscriber growth to offset ballooning content obligations, which could further increase if rivals join forces and can bid more aggressively.

Another potential challenge for Netflix: its well-funded U.S. streaming rivals who are ratcheting up their own global plans. Amazon.com Inc. has spoken with studios about taking options to buy world-wide rights to original series and reruns, people familiar with the talks say. Hulu is newly studying international expansion—whether to go it alone or partner.

Investors, who have sent Netflix shares up 121% during the past 12 months despite slowing U.S. subscriber growth, will get an update when the company reports earnings Tuesday.

Netflix benefits from simultaneously buying rights in many territories—traditionally studios have sold shows country by country.

In the case of “Penny Dreadful,” Netflix bought rights across seven territories, paying more than what regional players offered in total. The prices the bidders offered weren’t disclosed, as is generally the case in content-licensing deals. Netflix this month extended its deal to stream “Breaking Bad” to more than 150 countries world-wide, trumping interest from players like HOOQ, people familiar with the deal said.

Netflix so far only can offer a slim library in many new markets compared to its U.S. service, so the company has prioritized acquiring global rights for content. It also wants a long exclusive window world-wide, seeking to keep shows for up to a decade after their last episodes go up.

“We’ve gotten enormous support from content owners for one reason—we’re outbidding local players,” Netflix Chief Executive Reed Hastings said in a recent interview. Prices are “significantly higher” than just four years ago due to Netflix, he says.

In the partnership discussions, some Netflix rivals such as Sky are more focused on co-financing expensive original series together, while others are prioritizing bidding on global rights to Hollywood reruns. Sky is “very successful” in securing rights across its territories but has an “open mind” to striking global deals “if we thought it could add value,” said Gary Davey, Sky’s managing director of content.

Studio executives estimate that global streaming deals for reruns of the hottest serialized dramas are going for $3 million to $6 million an episode, though less-popular shows are less expensive.

For original series, Netflix offers to pay premiums equivalent to 120% to 150% of a show’s cost for global rights. Those are appealing terms for studios, which typically recoup about 70% of their production costs by selling first-airing rights to a TV network and rely on uncertain revenue from reruns to generate a profit. Today, serialized dramas can cost some $4 million an episode to make, studio executives say.

Taking the rich global-rights fees Netflix offers can instantly make a show profitable and please the actors and producers who share in the returns. But there are trade-offs for studios. It is possible they could earn even more by selling a show to regional players. Ideally, studios would prefer to nurture competitors to Netflix.

They “have become very wary of what the future might look like if they enable much more of a global monopoly,” said Mike Sneesby, chief executive of Australia’s Stan.

Global consortia haven’t materialized yet, but local players already are trying new ways of countering Netflix at home.

Media conglomerates such as Sky, Sweden’s Modern Times Group and Australia’s Foxtel increasingly are buying television and streaming on-demand rights to shows in a single bundled deal, effectively cutting out Netflix from their territories. In Sky’s case, the merger in 2014 of its British, Italian and German units has given the company added heft for buying rights.

Foxtel won local rights to “Fear the Walking Dead” from studio Entertainment One—despite Netflix’s global offer—by linking up with Presto, the streaming service it owns half of, and sister company 21st Century Fox’s FX Network. (21st Century Fox, which also has a one-third stake in Hulu, was part of the same company as Wall Street Journal-owner News Corp until 2013. News Corp. owns 50% of Foxtel.)

Still, Peter Bithos, chief executive of Southeast Asian streaming service HOOQ said bigger, pan-regional partnerships are necessary to really take on Netflix and predicted they will form within six months. Going forward, “if you can’t put global rights on the table, you’re going to be at a disadvantage,” he said.
http://www.wsj.com/article_email/net...ODE4NzcxMTc1Wj





Netflix Attempt to Block VPNs Could Affect Viewing Options
Chris Church

Some U.S. military personnel living overseas might soon be unable to watch movies and their favorite TV shows on the popular Internet streaming service Netflix.

Netflix recently announced it would increase efforts to block customers who have been circumventing geographical restrictions by going through a virtual private network, or VPN, to gain access to the company’s U.S. content. VPNs mask the user’s Internet protocol address, tricking websites into believing the user is located somewhere he’s not.

Netflix — which now provides its streaming service in more than 190 countries — says current licensing agreements with networks and studios do not allow all of its content to be shown globally and, therefore, the use of VPNs violates company policy.

“Netflix always exempts U.S. military bases around the world,” said Anne Marie Squeo, a spokeswoman for Netflix. “They will still be able to access the U.S. catalog.”

However, many servicemembers overseas live off base.

Though Netflix is now available in most locations where U.S. servicemembers are stationed, the amount and type of content available to those off base depend on the licensing agreements. Using a VPN gives the viewer more options.

Petty Officer 2nd Class Shaundell Wright, a quartermaster with Yokosuka Navy Base’s Port Operations Dispatch, said being stationed overseas can be culturally disorientating. Being able to access American media on Netflix allows her and her friends to feel closer to home, she said.

“For me Netflix is a way of being home. It boosts your morale by letting you watch the things you would be able to see at home,” Wright said. “We are already in a foreign country and everything is so different. So, to be able to watch Netflix feels good.”
The move to shut down the VPN work-around isn’t sitting well with some Netflix users.

Petty Officer 2nd Class Jesse Fowler, a hospital corpsman stationed in Bahrain, said that when he reviewed the content available in Bahrain, he was happy with the overall selection, but he noticed that a couple of shows he normally watches were missing.

Accessibility to more countries around the world is great, Fowler said, “but I’m mad if I can’t change where my Internet is so I can’t watch my own shows.”

Petty Officer 1st Class Eric Cutright, a Navy counselor, who is also in Bahrain, agreed.

“My VPN hasn’t been blocked,” Cutright said. “But if it does, I will be pissed. Netflix Bahrain is trash.”

Some experts question if Netflix will be successful in its attempt to block VPNs.

“There’s some low-hanging fruit they can get,” Karl Kathuria, the chief executive of Siphon Inc., which runs proxy technologies for users in countries like Iran and China that censor the Internet, told Wired.com. “But once you get past the standard VPN, the ones that have a limited infrastructure, after that, it’s going to start to get a bit more difficult.”

VPN providers also are confident they can create work-arounds to limit Netflix’s attempts.

“[If] Netflix blocks our server’s IP addresses, we are able to replace our server IPs just as readily,” Faraz Ali told Wired.com. “And if they have a plan to block the entire network, we are able to replace it in a matter of days to get around the blockage.”

Even Netflix has expressed concern about its ability to enforce VPN blocks.

“We do apply industry standard technologies to limit the use of proxies,” Netflix chief product officer Neil Hunt told the Globe and Mail in an interview at the CES 2016 convention in Las Vegas. “Since the goal of the proxy guys is to hide the source it’s not obvious how to make that work well. It’s likely to always be a cat-and-mouse game.”

For now, Netflix isn’t worried about public reaction to the VPN restrictions.

“We are not concerned that U.S. subscriber numbers will fall,” the company said in a statement to Stars and Stripes. Servicemembers, no matter where they’re watching, should find value in “our diverse slate of originals and licensed programming.”

The company says it will spend $5 billion in the next year in hopes that eventually all its content will be available to all its subscribers, regardless of location.

The goal is to eventually make all Netflix content available globally, David Fullagar, vice president of content delivery architecture at Netflix, said in a statement on the company website. “We are making progress in licensing content across the world and, as of last week, now offer the Netflix service in 190 countries, but we have a ways to go before we can offer people the same films and TV series everywhere.”

Stars and Stripes reporter Tyler Hlavac contributed to this article.
http://www.stripes.com/news/netflix-...tions-1.390052





Why the Netflix Crackdown on VPNs Will Ultimately Fail
Matthew Hughes

If you’re a Netflix user, the quality of the service you’ll get is entirely contingent upon where you live, as huge swathes of the company’s video library is under tight geographic restrictions.

If you live in the UK, you won’t be able to stream any Star Trek, for example, as CBS hasn’t licensed that out to Netflix in your region. On the other hand, if you live in the U.S., you won’t be able to watch as many BBC shows as someone living in the UK.

To get around this annoyance, users have taken to using VPNs (Virtual Private Networks) and proxy services like the perennially-controversial Hola Unblocker. These allow people to bounce their connections through servers and computers located in different countries, in order to disguise their real origins. For example, a user sitting in England could use an American VPN connection, appearing as though they were situated in the United States.

However, that might not be viable for much longer. According to a recent blog post by Netflix, the streaming media company will soon be cracking down on VPN users in order to satisfy the license holders from whom it sources the majority of its content. So, how will Netflix’ ban work? And exactly how effective will it be?

“Evolving Proxy Detection”

Unsurprisingly, Netflix is staying silent about the technologies and strategies it will use to identify VPN and proxy users. Its announcement (which was titled “Evolving proxy detection“, a name so bland, it could only have been intentional) only gave a vague time-frame of the introduction of these changes. Apparently, they’ll be rolled out “in the coming weeks“.

But we can make some informed assumptions about how they will work.

First, let’s state the obvious. You probably connect to Netflix through a residential or business Internet connection, provided by a standard retail ISP like Cox, Comcast, AT&T, or Google Fiber.

VPN servers aren’t located on these retail networks, nor are they located in residential areas. They tend to be based in expansive data centers on rented servers, where they use a specialist ISP which can cope with high-traffic applications, and don’t have any of the traffic-shaping measures that are present on residential Internet connections. Just by looking at where the inbound connection is coming from, Netflix should be able to block VPN connections.

It could, of course, build a blacklist of known VPN servers, and deal with it that way. Given that VPN servers use static IP addresses, they’re especially vulnerable to this approach.

It’s also worth noting that VPNs are vulnerable to errors in configuration that could expose where the end user is coming from. Two months ago we talked about how one simple error in how port-forwarding andnetwork address translation (NAT) is set up could expose a VPN user’s IP address. It may be a bit of a stretch, but perhaps Netflix is privy to some common issue in VPNs that the rest of the world is not.

There are other clues that can identify VPN users. If someone is watching Netflix in the U.S., then immediately switches to watching British Netflix, before again changes to Canadian Netflix 10 minutes later, it would be safe to assume that person is using some form of VPN or proxy technology. Even Concorde wasn’t that fast.

So, what about services like Hola? These offer the same functionality as a VPN, but with one key catch: the connections aren’t being passed through servers in data centers, but rather the network connections of other Hola users.

We’re not sure how Netflix will go about dealing with this. If you have any ideas yourself, we would love to hear about them in the comments below.

If the above fails, Netflix has a silver bullet in their arsenal. The company could simply stop users from accessing Netflix in regions other than where they’re based. This will be hugely unpopular, especially with the “road warrior” demographic, but it would certainly be effective.

How Effective Will It Be?

Right now, there’s no way to be certain about how effective Netflix’ blocking system will be. It’s worth pointing out that Netflix is no fly-by-night company, nor is it an early-stage startup. It has been around for almost 20 years, it’s got some very deep pockets, and some incredibly bright engineers on staff. Therefore, we’re confident the company will be able to create a solution that blocks the vast majority of VPN users.

I’m also confident that somebody, somewhere will be able to defeat these blocks through a solution that’s both exotic and complicated, and thereby inaccessible for the vast majority of people who previously used VPNs.

It’ll be an arms race, much like the one we have seen raging over ad-blocking technology. The immediate response to AdBlock by the content and advertising industry was to release AdBlock blockers. AdBlock adapted. As did the people who built AdBlock blockers, which released more sophisticated countering tools. There’s no sign of this war ending anytime soon.

It’ll be interesting to see whether this results in a resurgence of people downloading films and TV shows illegally. The reality is that as a result of the proliferation of services like Spotify and Netflix, rates of online piracy dropped exponentially. You can tell just by looking at global percentages of network traffic.

In 2004, BitTorrent represented around one-third of global internet traffic. Another 10 years on, and that has plunged to just six percent. Netflix, on the other hand, now accounts for 36.5 percent of downstream traffic during peak hours in North America. The numbers speak for themselves.

The reason for this is that Netflix and Spotify both allow people to access the content they want through an affordable, convenient, and, above all, legitimate service. If people suddenly found themselves unable to access the content they want, it would make sense for them to revert back to piracy. Especially in regions where Netflix offers a second class service.

Doomed to Fail

OK, so this is an unwelcome turn in events. A lot of Netflix customers are deeply frustrated with the proposed change.

Despite that, I’m personally not all that concerned, because I know that any attempt to crack down on users will provoke a fierce backlash from users. There’s the technological element I mentioned earlier. It’s only a matter of time until someone releases a workaround, rendering Netflix’s VPN blocking regime redundant.

Tech lore is full of examples of this. Perhaps the most striking example can be found in the DRM wars of the early 2000s. Back then, the nascent digital media sector was being hamstrung by onerous DRM (Digital Rights Management), which ultimately crippled the user experience. DVDs were almost impossible to rip. Music downloads from iTunes, Napster, and Rhapsody couldn’t be played anywhere else. Even Steam, which is now a service beloved by gamers, had a DRM system that was inconvenient and broken.

The ensuing backlash resulted in the virtual obsolescence of DRM. Songs are now shipped in DRM-free MP3 and M4A format. You can now download a DVD ripper from the official Linux repositories. As for Steam, it’s now a more stable, less inconvenient service, which comes with a number of popular value-added extras like achievements and trading cards.

DRM failed, like VPN blocking will fail.

Add to that the fact that Netflix doesn’t even want to do this. Its official announcement drips with reticence. The company describes geographical restrictions as a “historic practice,” which implies it thinks it’s archaic and pointless. It also talks about hoping to not have to deal with them one day:

We look forward to offering all of our content everywhere and to consumers being able to enjoy all of Netflix without using a proxy. That’s the goal we will keep pushing towards.

Moreover, this is the first time since Netflix first launched its streaming service that it’s clamping down on VPNs. That’s significant when you consider that the company first launched its video-on-demand service in 2007, and as recently as 2015 its bosses denied that they would block VPN users from accessing the service. It’s transparently obvious that Netflix’ arms are being twisted by license holders.

Given Netflix’ increasing clout, it seems likely that, one day, the company will be able to persuade rights-holders to license their content worldwide on an even footing. Given that Netflix recently boosted its service to 190 countries, and have aspirations of being the world’s foremost video-on-demand platform, that will likely be sooner rather than later.

In the meantime, we can expect Netflix to place greater emphasis on original content, which it can share with all of its customers without asking for permission from anyone else.
http://www.makeuseof.com/tag/netflix...own-vpns-fail/





You're Going to Need an Ad Blocker for Your Next TV
Meghan Neal

Smart TVs are evidently so smart they can tell what’s playing on the screen and show you pop-up ads based on what you watch. So discovered security researcher Paul McMillan this week while watching Inglorious Basterds on his Samsung smart TV: one minute into the movie, an Army recruitment ad popped up on the screen.

This is my Samsung SmartTV with a US Army pop-up ad on top of Inglorious Basterds streamed from Netflix on my FireTV https://t.co/wuONS4VUfg
— Paul McMillan (@PaulM) January 19, 2016

Now, pop-up ads on Samsung and other smart TVs have been discovered before. But the weird thing here is that the TV can seemingly recognize any input you play through it, and add ads on top. What’s more, the ads may be targeted based on content recognition, a sort of built-in Shazam for ads.

McMillan was watching the movie through an Amazon Fire set top box, and as an experiment, tried playing it from his computer connected to the TV through an HDMI cable. In both cases the Army ad appeared at the one-minute mark, leading McMillan to deduce that the ad was being served by Samsung, and that the internet-connected TV was using content recognition to show ads on top of any video coming in through the TV’s input.

This seems to be a brand new kind of targeted advertising, McMillan told me. “In this case, it seems to be running some kind of watermarking or audio recognition system on top of anything that’s playing,” he said.

Samsung did not respond to my request for comment to confirm the ad was targeted based on user viewing habits. However there is plenty of precedent for this practice.

“It's not only possible that SmartTVs are collecting viewing habit data for targeted advertising, it's already happening,” Claire Gartland, consumer protection counsel at the Electronic Privacy Information Center, told me. “And it's not just Samsung. LG and Vizio have also gotten attention lately for tracking viewers.”

Like most internet-connected devices, smart TVs can harvest and share a startling amount of information on you based on your user activity. But what’s extra eerie is that, as a 2015 Consumer Reports report explains, the major smart TV brands have embedded “automatic content recognition” technology that’s analyzing viewing habits and “sending data to third parties on everything you watch, whether it's a TV broadcast, a streaming movie, a YouTube video, or a DVD from your private collection.”

The tech monitors the audio or video (or both) that’s on the screen to create a “fingerprint” of the content that’s used to determine what programming is being watched, the report explains.

That data is incredibly valuable for ratings companies and publishers, as has obvious potential to be used to run targeted ads on the screen. Consumers usually don’t know they’re unwittingly opting in to these always-on tracking features when agreeing to vague and overreaching end user terms.

And the privacy policies of Samsung, LG, and Vizio leave the door wide open for future content-based targeted ads.

Samsung found itself in hot water in February last year when reports circulated that the company privacy policy allowed the smart TV’s voice recognition feature to listen in on your conversations, turn the words into text, and send that data to third parties. “We provide video or audio snippets of the program you’re watching to third-party providers that use this information in order to return content or advertising ‘synched’ to what you’re watching,” the policy states.

Around the same time users noticed that Samsung was inserting pop-up Pepsi ads directly into third party streaming apps. The company eventually admitted the pop-ups were part of an ad partnership with Yahoo that was “supposed to be” opt-in, but wound up serving ads without permission, forcing users to go through labyrinthe menu diving to figure out how to disable the feature.

At that time, Samsung said it had no plans to serve ads in “the immediate future.”

Vizio smart TVs are also known to “spy” on users: The website states they “can intelligently recognize” the content on the screen, which “in the future” may be used to display various features including “advertisements that match your interests.” LG’s privacy policy similarly states it may use viewing information to serve ads for “services that may be of interest to you.”

In other words, it’s not unlikely that smart TV users will eventually start seeing ads pop up for airlines while watching a travel documentary, or ads for dating sites appear while you’re streaming the latest rom-com.

This is concerning for a few reasons. For one, being bombarded with ads in exchange for browsing the web free-of-charge is annoying enough, but when pop-ups show up on a TV you paid $1,800 for, on top of a set-top box or streaming service you also pay for, people rightfully start to get pissed.

What’s more, smart TVs, and Samsung in particular, already have a reputation for having poor user experience, enough so that many people simply ignore the baked-in “smart” features that come with most high-def TVs. In this latest case, for instance, McMillan says he only connected the TV to the internet because an obnoxious notification kept popping up reminding him to connect—“I didn’t want to use the smart part anyway,” he said. Then as soon as he did, viola, an ad showed up.

To get the ad to go away, McMillan went into the "smart" section of the TV’s settings and disagreed with all the privacy policies. Alternatively, you could block the TV from accessing the internet and factory reset it to avoid the constant notifications reminding you to connect to the web (which only appear if you’ve previously connected to the network).

McMillan is convinced the Army ad he saw was related to the movie it appeared next to. “[Samsung] is pretty clearly doing content identification; the ad network clearly knows what everyone’s watching,” he said. “And I assume—since the Terms of Service clearly don’t prohibit it—I assume that they’re selling that data to anyone wants to buy it.”

It raises the question: what exactly are these ads paying for? Shouldn’t paying for the TV plus the content streaming service subscription spare us from pop-ups?

You’d think so, but as a GigaOM article pointed out last year, everyone wants a piece of the lucrative streaming video space. The profit margins on consumer electronics is significantly lower than streaming services, where the real growth is.

And aside from being an additional revenue stream, the money from ads (especially targeted ads) may allow manufacturers to sell the TV at a lower price in order to beat out the competition, security expert Zlatko Unger told me. Consumers don’t know the ad capabilities are built into the software; they just see the price tag on the TV.

It makes you wonder if we’ll start seeing “freemium” TVs that follow the familiar ad-supported business model: pay less for a TV loaded up with ads. “Right now you can opt out of it, but I would not be surprised to find someone selling a subsidized TV that does not allow you to opt out at some point,” said McMillan.

How far will it go? Are we going to need an Adblocker for our internet-connected TVs? In fact, many users have asked that question on various internet forums; AdBlock’s support forum said they had no plans for a blocker for smart TVs.

“I expect to be commoditized if I’m reading free web pages on the internet,” McMillan said. “I’m a little less happy about it when I paid a bunch of money for a product.”
https://motherboard.vice.com/read/yo...r-your-next-tv





The Creator of JavaScript Is Out to Upend the Ad Industry
Klint Finley

Brendan Eich reinvented the web. Now he wants to upend the advertising industry.

Eich created JavaScript, the world’s most widely used programming language. As the co-founder of Mozilla, the organization behind the Firefox web browser, he helped end Microsoft Internet Explorer’s reign as the world’s most popular way to navigate the web.

Now he hopes to shake things up with Brave, a startup developing a browser for desktop and mobile that blocks ads and replaces them with, well, other ads. If successful, Brave could essentially flip the traditional advertising model on its head. Instead of paying publishers or advertising networks, advertisers will pay the browser maker.

Instead of paying publishers or advertising networks, advertisers will pay the browser maker.

The big idea is to block advertisements and tracking scripts that pillage your personal data and replace them with ads supplied by the browser—–ads that respect your privacy and don’t slow your computer to a crawl or tax your phone’s battery. According to the plan, a cut of the advertising revenue will go to the site owners and to users themselves. Brave hopes to be able to pay publishers 55 percent of the revenue generated by an ad, which he says should be more than they make from a typical advertising network. The company would pay its own advertising network partners 15 percent and keep 15 percent for itself. The remaining 15 percent would go back to users, and the company plans to implement some sort of screening process to ensure that real people, not bots, are doing the surfing.

Eventually, the company hopes to let users pay to opt out of ads altogether. If the model works, the company hopes its technologies will become standards that other browsers use to protect privacy.

Ideally, Brave will spur a transfer of power on the web back to the users. If you can pick and choose from among several browsers, you’re likely to choose the one that best respects your privacy. The trouble with the way online advertising works now is you don’t really know what sort of policies an advertising network has regarding the data it collects when you visit a page. Unless you disable JavaScript, you’re essentially opting in to whatever policies an ad network has in place as soon as you load a page. “So we invert this power structure and have the browser be an important part of the system instead of this passive window,” Eich says. The question is whether users—and advertisers—will be motivated enough to buy in.

Advertising Is Here to Stay

Eich co-founded Brave Software with former Khan Academy and Mozilla software developer Brian Bondy last year after stepping down as Mozilla’s CEO in 2014 amid an uproar over donations he made in support of California’s same-sex marriage ban. The epiphany that prompted the creation of a new browser, he tells WIRED, came when he realized that advertising as a business model for websites was here to stay. “Most people aren’t ready to pay for their content,” he says. “Some aren’t well off enough to pay for subscriptions, some don’t know how or don’t want to trust their credit card to a paywall.” But he also acknowledges that the deluge of resource-hogging banners and pop-ups on ad-supported sites understandably lead users to demand ways of blocking them. The problem, Eich says, is that the current crop of ad blockers are openly antagonistic toward sites’ survival.

Users are stuck between wanting to support the sites they love and wanting to be free of excessive advertising.

“They feel like free-riding, or even starting a war,” Eich wrote in a post announcing Brave’s browser. “You may never click on an ad, but even forming an impression from a viewable ad has some small value. With enough people blocking ads, the Web’s main funding model is in jeopardy.”

Users are stuck between wanting to support the sites they love and wanting to be free of excessive advertising and privacy violating tracking scripts. With the Brave browser, Eich and company hope to find middle ground. The idea is to let those who don’t want to see ads support sites through donations and let everyone else support sites by viewing ads that are more relevant, less intrusive, and not so creepy. Since a web browser sees everything you do, it can make well informed predictions about what you might be interested in. Brave Software claims any data it shares will be anonymized and will not be shared without you first opting in. “No data is sent out to our cloud,” he says. “If you opt into storing data in our cloud, it will all be encrypted.”

Open to Debate

The Brave browser is entirely open source, meaning that anyone can inspect the code used to create it. Privacy advocates can audit the code to ensure Brave Software isn’t taking any data that it’s not supposed to.

But Brave’s approach, and the company itself, are likely to stir debate. Eich is still haunted by the Prop 8 controversy, and trying to make money while meddling with other companies’ advertisements has historically been contentious. “It seems to me that they are really asking for litigation at that point,” says Harvard Business School associate professor Benjamin G. Edelman. He points to Gator, a piece of adware that was bundled with other applications and that replaced banner ads in users’ web browsers with its own advertisements.

The company behind Gator was sued in 2002 by publishers such as The New York Times and Dow Jones. It settled out of court and had to change its business model. More recently, Adblock Plus, which allows advertisers to pay to be whitelisted, was disinvited from a major advertising conference. And “read-it-later” service Readability ultimately abandoned a scheme to collect donations on behalf of publishers, even if the publishers never actually opted in, after the program was widely panned.

But Brave stands a better chance of prevailing, Edelman says. Unless Brave starts paying other software makers to install its browsers on people’s phones and computers, he says, it will be in a very different category than Gator, which was usually installed without users’ knowledge.

Eich himself believes the company is on solid legal ground, saying that other companies that have done client-side content modifications have won in court. “There’s going to be some uncertainty up front because we’re doing something radical,” he says. “But we’re ready to fight for this because it’s an important battle.”

A Better Alternative

Jason Kint, CEO of the online publishers association Digital Content Next believes publishers could well be interested in Brave, depending on how its advertising is implemented. He says publishers are worried about ad-blocking, and that anything that could help solve the problem to the satisfaction of both consumers and publishers will be a welcome development. “I think there’s going to be more and more of these sorts of companies,” he says. “It’s good, the market chasing the market.”

But will Brave’s advertising model actually work? Ads have become more intrusive and advertising firms collect ever-increasing amounts of personal data based on the belief that people have become so accustomed to seeing ads that they’ve developed “banner blindness.” Chris Tuff, director of business development at advertising agency 22squared, worries that Brave’s model might not be radical enough. “Display advertising is a horrible format for mobile,” he says. “Fifty percent of mobile clicks are done by mistake.”

The other issue Tuff points out is that although some users guard their privacy jealously, most people have already accepted the idea of forking over their personal data to companies like Google and Facebook. The real reason people hate ads, he says, is not that they’re creepy but that all too often ads are annoying and irrelevant. Like many others in the industry, he believes that advertising’s future lies in content that looks and feels just like articles or videos that you’re already interested in viewing—what’s come to be known as “native advertising.”

One big advantage Brave will have is that it will be able to target ads based on a user’s entire browser history without needing to share that information with advertisers. That could, in theory, lead to ads that are far more targeted than ever while protecting users’ privacy—at least if anyone actually sees them. (Kint defends traditional banner advertising, saying that the term “banner blindness” is often used to describe a low click-rate on an ad, even if lots of people notice the ad and it helps build brand awareness for the advertiser.)

Yet Another Browser

All of these concerns could be moot, however, if Brave isn’t able to convince a large number of users to actually use its browsers. That could be difficult, given that it has to woo people from the browsers pre-installed on their computers, phones and tablets. Sure, Google Chrome pulled off that fat, but Google has the advantage of being able to advertise its web browser on its search engine. Brave is going to have to depend, at least initially, on word of mouth.

But that’s not a bad plan, says Aodhan Cullen, the CEO of web analytics company StatCounter, which tracks the market share of various browsers. “Firefox started taking share from [Microsoft Internet Explorer] before Chrome came along by offering multitab browsing and other features that people wanted,” he says. “Mozilla didn’t have a large marketing budget, at least at first.” And the demand is there, Cullen says, for a browser that can help users support the sites they like without being bombarded by advertisements.

And Brave does have a little bit of money to work with, as well as tech talent. The company raised a $2.5 million in funding in November, Morningstar reports, and has a full staff of developers and managers, including Yan Zhu, an engineer well known in security circles for her work on privacy-centric software such as HTTPS Everywhere, Privacy Badger, and End-to-End.

Brave hasn’t released its final product to the public just yet, but the company has posted the source code for the new browser this week. If you want to use it today, you’ll either need an invite, or get your hands dirty installing the application from the code itself. Its success may be a long shot, but if anyone has reason to believe a few individuals can bring massive change to the web, it’s Eich, who’s already helped do it twice.
http://www.wired.com/2016/01/the-cre...e-ad-industry/





Adblock Plus Blocked from Attending Online Ad Industry’s Big Annual Conference

IAB uninvited Adblock Plus without warning or reason.
Sebastian Anthony

Adblock Plus, an adblocker with some 400 million downloads and counting, has been blocked from attending the Interactive Advertising Bureau's big annual conference. The IAB is the online advertising industry's main business organisation, and the conference is where all of the top dogs go to talk about the state of the industry.

According to a post on the Adblock Plus blog, the company had bought a ticket for the IAB conference, which takes place in Palm Desert, California at the end of January. The ticket was not cheap: they start at about Ł1,750 for members, scaling up to Ł2,600 for non-members.

Then, last week, Adblock Plus received an e-mail from the IAB stating: "We are returning your registration fee and cancelling your registration for the IAB Annual Leadership Meeting." That was the entire content of the communication; according to Adblock Plus, there was no reason given for the cancellation.

Adblock Plus employee Mark Addison e-mailed the IAB and asked if "there must be some confusion" as he hadn't asked for a cancellation or refund. All he got was another inscrutable email from the IAB, confirming that his ticket had indeed been cancelled, but offering up no reason for the cancellation.

In all likelihood, Adblock Plus was uninvited from the IAB event because they are, er, not exactly the best of friends. The IAB represents the companies that make money from online advertising, while Adblock Plus primarily exists to block online advertising.

Still, it's a little unusual for the IAB to just flat-out reject Adblock Plus. The IAB has previously acknowledged that adblocking is a huge problem for the industry, and the topic of adblocking was discussed at length at last year's annual conference. If a solution is to be found, it will almost certainly require a dialogue between the advertisers and the advertising blockers.

An IAB spokesperson declined to comment further on this story, instead pointing us to a very brief statement that it made last week: "The IAB Annual Leadership Meeting is for serious conversation among important digital industry stakeholders."
http://arstechnica.co.uk/business/20...al-conference/





Google Blocked 780 Million Bad Ads Last Year, Up From 524 Million In 2014
Sarah Perez

Google today released its annual report on the state of its advertising business, as it relates to the company’s ability to block bad ads — those that carry malware, are deceptive or just disruptive to the user experience, such as ads that cover up the content you’re trying to see.

Google said it blocked over 780 million ads for policy violations last year, which is an increase from the 524 million-plus it blocked the year prior. In addition, the company said it suspended over 10,000 sites and 18,000 accounts belonging to counterfeiters; it blocked over 12.5 million pharmaceutical ads – up from 9.6 million in 2014 – including those making misleading claims or that weren’t approved for use; and it suspended more than 30,000 sites associated with misleading weight loss scams, including those that promised results without diet or exercise.

These types of bad ads are a constant threat. For example, in 2014, Google banned 7,000 counterfeiters. That number had been decreasing for some time (down from 82,000 in 2012 to 14,000 in 2013), but seemed to bump up again this past year.

In addition, the company’s focus on blocking phishing sites increased over the course of 2015, as well. Google blocked nearly 7,000 phishing sites it says, while elsewhere in the organization the company rolled out other approaches to handling the phishing problem. For example, this past spring Google launched a Password Alert Chrome extension designed to warn users if they were about to reuse their Google password on a site that wasn’t a legitimate Google sign-in page.

Other ad troublemakers included malware sites and those offering unwanted software. Google says that its new protections reduced these downloads by more than 99 percent in 2015, and allowed it to disable more than 10,000 sites. The year before, Google removed 250,000 sites, for comparison’s sake.

Related, Google also rejected more than 17 million ads designed to mislead people by looking like system warning messages from your computer. This number declined year-over-year, as Google had to block 43 million “trick-to-click” ads in 2014. However, many of those engaged in this unethical practice have moved to mobile, it seems.

Mobile is an important area of focus now that so many users are surfing from their phones. Companies have been addressing the problem of bad mobile ads in a number of ways in recent months. Apple, for example, supports ad blocking in its iOS mobile operating system (through the use of approved third-party apps). Google, meanwhile, has been working on ways to speed up the mobile web by optimizing the elements on the page – including ads.

In terms of blocking bad mobile ads, Google says it got better at identifying “accidental clicks,” – meaning instead of redirecting you to an advertisement that appeared in the middle of a slideshow you were clicking through, it would keep you on the site.

The company also stopped showing ads on more than 25,000 mobile apps because developers violated ad policies. Over two-thirds of these violations were those where the developer was trying to encourage accidental clicks – like putting ads too close to the app’s buttons. In 2015, Google rejected more than 1.4 million applications from sites and apps that don’t follow its policies.

It’s worth pointing out, too, that Google’s 2014 report didn’t even delve into the company’s ad-blocking efforts on mobile. But the company had been making big changes to shift its business to mobile in 2015, with things like app install ads in search, the ability to surface in-app content as search results, the ability to demo mobile apps in your browser, its AMP project for speeding up the mobile web, and more.

Next year, Google’s focus will be further restrictions on weight loss ads, plus new protections against malware and bots, noted Sridhar Ramaswamy, SVP, Ads & Commerce in Google’s summary report.
http://techcrunch.com/2016/01/21/goo...llion-in-2014/





Pakistan Lifts Ban on Youtube After Launch of Own Version
Tommy Wilkes

Pakistan said on Monday it had removed a three-year ban on YouTube after the Google-owned video-sharing website launched a local version that allows the government to remove material it considers offensive.

Pakistan banned access to YouTube in September 2012 after an anti-Islam film, "Innocence of Muslims", was uploaded to the site, sparking violent protests across major cities in the Muslim-majority country of 190 million people.

The Ministry of Information Technology and Telecom said in a statement that under the new version of YouTube, the Pakistan Telecommunication Authority can ask for access to offending material to be blocked.

"On the recommendation of PTA, Government of Pakistan has allowed access to recently launched country version of YouTube for Internet users in Pakistan," the ministry said.

"Google has provided an online web process through which requests for blocking access of the offending material can be made by PTA to Google directly and Google/YouTube will accordingly restrict access to the said offending material for users within Pakistan."

Blasphemy is a highly sensitive subject in Pakistan, where angry mobs have killed many people accused of insulting Islam. The crime of blasphemy can carry the death penalty, although a death sentence has never been carried out.

Pakistan has blocked thousands of web pages it deems undesirable in the last few years as internet access spreads, but activists say the government sometimes blocks sites to muzzle liberal or critical voices.

(Editing by Nick Macfie)
http://uk.reuters.com/article/us-pak...-idUKKCN0UW1ER





Apple Wins Symbolic Samsung US Ban - But Faces Backlash from Tech Giants

Tech heavyweights have come out in support of Samsung's Supreme Court challenge to damages awarded to Apple over design patents, as Apple wins a symbolic victory on several software patents.
Liam Tung

Apple has won a US sales ban on certain software in Samsung's phones. But tech giants, including Dell, Google, and HPE, are rallying behind the Korean firm over "dangerous" design patent damages previously awarded to Apple.

A US court has banned Samsung from selling software that makes its smartphones infringe on three Apple patents, including its 'slide to unlock' patent, one for predictive text, and another 'autocorrect' patent.

As noted by Foss Patents blogger Florian Mueller, the ruling only applies to software found on Samsung's older smartphones and so delivers Apple little advantage, other than a victory for its lawyers, who have long sought an injunction of the type awarded.

As Mueller points out, the autocorrect patent is set to expire in 10 days' time, whereas the court has given Samsung a month to comply with the injunction. Read this

How Samsung broke the Galaxy S6 in order to compete with the iPhone

The Galaxy S6 might be a more modern handset, and it might look more like the iPhone, but it's debatable as to whether it's a better design than the Galaxy S5.

Meanwhile, Apple's slide-to-unlock patent may still be held invalid and the only devices covered by the injunction were Samsung's Admire, Galaxy Nexus, and Stratosphere but not its flagship Galaxy Note and Galaxy S.

"So Samsung can still provide the functionality by simply avoiding the implementation it used in its oldest products. If the patent is indeed held invalid, then Samsung can also use the older implementations, but it presumably won't even be interested in that," he noted.

Samsung told Bloomberg the ruling will not impact American consumers, but accused Apple of "abusing the judicial system to create bad legal precedent, which can harm consumer choice for generations to come".

Samsung has also gained some new friends in its US Supreme Court challenge to the 2012 patent ruling, which resulted in it having to pay Apple $548m.

Samsung agreed to pay Apple the sum in early December ahead of filing its Supreme Court challenge later that month, seeking a decision on what damages can be awarded for design patents.

As ZDNet's sister site CNET reports, legal experts, non-profit bodies, and tech companies have filed amicus or 'friend of the court' briefs in support of Samsung.

A joint brief from tech companies Dell, eBay, Facebook, Google, HP, Hewlett Packard Enterprise, Newegg, Pegasystems, and Vizio outlines concerns that existing patent laws could result in less choice and higher cost for consumers.

The Computer & Communications Industry Association (CCIA), which has also filed a brief, is worried that laws on design-patent damages are already encouraging patent trolls to target companies that actually make products.

"The Federal Circuit's decision with respect to design-patent damages raises constitutional concerns, is a misreading of the statute, and is dangerous to the technology industry," CCIA said in its brief.

"The correct interpretation of the design patent damages statute is being closely watched by technology companies, as well as by patent assertion entities targeting them," CCIA patent counsel Matt Levy said.

"Patent assertion entities are already using the appeals court's decision to threaten operating companies with the total loss of their profits. This decision encourages design patent law to be applied in a way that was never intended. We think the lower court misinterpreted the law and would encourage the Supreme Court to hear Samsung's case."
http://www.zdnet.com/article/apple-w...m-tech-giants/





Tech Giants, Farmers Voice Support for Samsung in Apple Patent Spat

Various companies, legal experts and nonprofits argue the high damages allowed in design patent infringement suits hurt everyone from large tech companies to farmers and consumers.
Shara Tibken

Samsung's got some new friends in its legal battle against Apple -- including farmers, African American small businesses and an electronics retailer.

Legal experts, nonprofit organizations and technology companies have filed amicus or "friend of the court" briefs in support of Samsung, urging the US Supreme Court to consider the patent-infringement case. They want the nation's highest court to better define design patents and limit the damages that can be awarded. And they're using Apple v. Samsung as the case that hopefully gets the federal government to enact patent reforms, preventing so-called patent trolls from cashing in on intellectual property.

"This is a very important subject, and...it matters tremendously to our millions of customers," Lee Cheng, chief legal officer of online electronics retailer Newegg, said in an interview. His company submitted a brief along with Dell, eBay, Facebook, Google, Hewlett Packard Enterprise, HP, Vizio and software maker Pegasystems that said if the US doesn't change its patent laws, it ultimately will result in less choice and higher cost for consumers.

"We are very strong supporters of the patent system," Cheng said. "That said, there's a huge and tremendous amount of abuse."

Samsung declined to comment about the amicus briefs. Apple did not immediately respond to a request for comment.

The South Korean company in mid-December filed a request with the US Supreme Court, asking it to re-examine the decisions made in the patent infringement lawsuits pitting Samsung against Apple. The trial, which ended in 2012, cast a bright light on the designs behind some of the most popular smartphones, and it resulted in Samsung ultimately having to pay Apple $548 million.

In all, six amicus briefs have been filed with the Supreme Court in support of Samsung. Along with Newegg and some of Silicon Valley's biggest tech companies, other groups supporting Samsung included law professors from Stanford and Georgetown; nonprofit digital rights groups like Public Knowledge and the Electronic Frontier Foundation; and advocacy groups such as the Computer & Communications Industry Association, the Hispanic Leadership Fund and the National Black Chamber of Commerce.

The federal circuit's interpretation of patent rules "is greatly detrimental to the patent system and innovation in general, due to the potentially enormous disparity between damages award and patent value that the rule invites," the brief filed by Public Knowledge and Electronic Frontier Foundation said. The two nonprofits are focused on preserving the openness of the Internet and protecting consumers in the digital world, respectively.

If the Supreme Court decides to take the case, its eventual decision could have a ripple effect on the technology industry and the kinds of gadgets you'll be able to buy. Samsung and some of Silicon Valley's biggest players have argued that the lower-court ruling as it stands may have a "devastating impact" on the introduction of new products because of a heightened fear of legal challenges. Apple said all along that it was doing what was necessary to defend its intellectual property and the value of its blockbuster iPhone franchise.

It's unclear whether the Supreme Court will consider the case. It hasn't looked at a suit involving design patents since the 1800s. Those cases involved a spoon handle, a carpet, a saddle and a rug. Since that time, a lot has changed, including the introduction of electronic devices like the ones Apple and Samsung make. Samsung wants the Supreme Court to give guidance on what's covered by design patents and what damages can be collected.
'Exorbitant' damages

Rebecca Tushnet, a law professor at Georgetown Law, wrote one of the new amicus briefs along with 36 other intellectual property law professors. The group also included Stanford Law School professor Mark Lemley, Notre Dame Law Professor Mark McKenna and New York University School of Law professor Katherine Strandburg. In it, the professors argue current design patent law hurts innovation and can lead to extremely high damages. If the law isn't better defined, it could lead to more lawsuits.

"We definitely are seeing lots and lots of cases already being filed," Tushnet said in an interview. "If the court doesn't hear it, we will see more."

The Computer & Communications Industry Association, an industry group that represents computer, communications and Internet companies, said in a brief that if the lower court's interpretation of design patent damages stands, "CCIA's member companies could be faced with potentially massive exposure to attack using design patents."

Another brief -- from Systems Inc., a Wisconsin-based maker of loading dock equipment -- said the federal circuit's decision in Apple v. Samsung is being "applied to the substantial detriment of numerous other litigants including Systems." Systems is involved in a design patent dispute with Nordock, and a jury limited the amount of damages Systems owed Nordock. But a federal circuit appeals court ordered a new damages trial after saying the jury decision didn't align with the court's findings in Apple v. Samsung.

"Should this court accept Samsung's petition and alter the Federal Circuit's decision in this matter, that action will have a direct impact on the outcome of the Systems v. Nordock matter, and may completely avoid an unnecessary re-trial," Systems said in its brief.

In the sixth brief, the Hispanic Leadership Fund, the National Black Chamber of Commerce and the National Grange of the Order of the Patrons of Husbandry banded together to argue that "the outcome of this case could adversely impact the social and economic welfare of the communities they represent for years to come." The groups represent Hispanic communities, African American entrepreneurs and farmers/ranchers, respectively.

"Entrepreneurs from these communities depend upon the ability to fairly compete in open, competitive markets in order to overcome historic difficulties that have hampered their chances of succeeding in the American marketplace," the brief said. And they often rely on smartphones -- the devices in question in Apple v. Samsung -- as their way to access the Internet.

The group added that the "exorbitant" damages permitted in design patent cases risks making Internet access unaffordable and "will make it harder for minority and rural entrepreneurs to create and develop businesses, thereby hindering their ability to empower themselves and their communities."

This isn't the first time law experts and technology companies have voiced support for Samsung. Some of Silicon Valley's biggest companies -- including Google, Facebook, eBay, Dell and Hewlett-Packard -- together filed a brief with the federal court in July that argued in Samsung's favor. They said that Apple's victory in 2012 against Samsung covered only minor technologies and that if the ruling was upheld, the infringement could hurt companies attempting to develop "useful modern technologies."
http://www.cnet.com/news/tech-giants...e-patent-spat/





Tech Faces Hour of Reckoning as Fundraising Drops, Layoffs Rise

The wild ride may be over for tech startups. Venture capitalists, the ones who invest billions into promising ideas for companies, have cut back on spending. A new report from Price Waterhouse Coopers and the National Venture Capital Association say USA TODAY
Jon Swartz

Is tech in for a rude awakening this year after a magic carpet ride the past few years?

The numbers, and recent actions by once high-flying start-ups, would seem to suggest so.

Consider: Mega-rounds, defined as funding of more than $100 million for venture capitalist-backed companies, are in free fall. The rate of private start-ups attaining unicorn status — a valuation of at least $1 billion — are grinding to a crawl. Friday layoffs at tech start-ups, deemed Black Fridays, are increasing. Bellwether tech stocks such as Apple, Google, Facebook and Amazon have been taking it on the chin.

"It's a time to recalibrate — so many companies can't burn extraordinary amounts of money forever," says Sunil Panel, co-founder of Sidecar, a pioneer in the crowded ride-sharing space that shuttered operations on Dec. 31.

Last year, Silicon Valley projected unbridled swagger. Today, "there is definitely an era of reckoning," says Chris Sacca, a venture investor with stakes in Uber and Twitter. "Reality is setting in."

A report from PricewaterhouseCoopers and National Venture Capital Association underscores the chasm: While last year was the second-best in two decades for venture capital investments, at $58.8 billion, the fourth-quarter figures marked the smallest amount amount invested since Q3 2014 ($11.3 billion).

Tom Ciccolella, PwC's U.S. venture capital lead, says the decline in mega-deals is the first clear sign of a tamped-down market for funding. The slowdown began late last year, according to several market researchers.

The number of mega-deals of at least $100 million — 38 in the fourth quarter of 2015 — was roughly half the 72 in the previous quarter, according to the KPMG International & CB Insights 2015 Venture Pulse Report. Mega-rounds in the just-completed quarter raised $11.4 billion — down 44% from Q3 2015 —the lowest level recorded since the first three months of 2013.

More than anything, 2016 marks a "shift to entrepreneurs valuing quality investors over optimized evaluations," says Joe Horowitz, managing general partner at Icon Ventures.

The rise of "unicorns," the industry term for privately funded startups with valuations more than $1 billion, slumped to just nine in the fourth quarter of 2015, compared with 23 in the previous quarter, according to the report. There are more than 140 private start-ups valued at $1 billion or more, attaining unicorn status.

Unicorns "is not a term we focus on," says Josh Reeves, CEO of Gusto, a 300-person company that provides Web-based payroll and human resources services for small businesses. Gusto, formerly ZenPayroll, was one of the nine new unicorns in Q4. "We started a company to solve a problem. That's our focus."

A NEW, MORE SOBER CLIMATE

The shift in mood is illustrated in a spate of layoffs, closures, changes in CEO and reduced market value for several start-ups.

Last year, out-sized confidence, and valuations, in start-ups such as Uber and Airbnb was the overriding story line in high-tech.

But the pressure to cash in on sky-high valuations for mostly unprofitable companies — with intensifying murmurs of another dot-com meltdown on the horizon — has upended things.

"It's a reversion to the norm," says Charles Moldow, general partner at Foundation Capital. "Things are cooling off."

How cold? Fewer venture capital investments are echoed in lower pools raised by the VC firms themselves. The $3.3 billion venture capital firms raised in the third quarter of 2015 was 33% less than what they raised in the same quarter a year earlier, according to Thomson Reuters and the National Venture Capital Association’s Fundraising Report.

"Companies will still raise funding, but at lower valuations," says Arianna Simpson, a Silicon Valley-based investor.

Tech start-ups are increasingly aware of:

— Layoffs. If 2015 was about expansion, some companies are ushering in 2016 with cost-cutting and operational efficiency.

GoPro trimmed 7% of its work force this week because of a weak sales outlook.

Data-analytics firm Mixpanel, valued at $865 million, last week sliced nearly 20 jobs. Do-it-yourself service Maker Media cut 17 last week. Wearables start-up Jawbone, a unicorn, late last year slashed 15% of its staff, or 60 people, and closed its New York office in a move to streamline operations. Living Social cut 20% of its staff, 200 people, in October. Evernote, pegged at $2 billion, has had at least two rounds of cuts in recent months.

Those who aren't firing are doing less hiring. Instacart, which tripled its workforce to 308 in 2015, laid off five of its nine recruiters and plans to scale back its hiring push. "We're still growing, but not at the same pace," says Mat Caldwell, vice president of people at Instacart.

"Unless you're (an elite) unicorn, you will be forced to focus on fundamentals for spending, profitability and burn rate," says Jeff Fagnan, a partner at Accomplice. "There is more introspection, and that's a healthy thing for the (tech) ecosystem."

— Reduced valuations. Roiling markets and tightened investments on big-funding rounds has caused early-stage investors to reassess the value of several start-ups.

Former $1 billion unicorn Gilt Groupe was acquired last week by Hudson's Bay for $250 million — less than the $280 million it raised in funding during its 8-year existence. In a valuation prior to the sale, Gilt's worth was pegged at $600 million.

Foursquare, one of New York's most-heralded tech success stories a few years ago, this week secured $45 million in funding that Re/code says values Foursquare at $250 million, less than half the $650 million value it was assigned in a 2013 funding round. (Foursquare has disputed the report.) Foursquare CEO Dennis Crowley relinquished his title the day of the funding announcement.

Fidelity Investments, the Boston-based mutual fund firm, in November marked down the estimated value of its stake in several start-ups: Dropbox and Snapchat . Fidelity values Dropbox at 17% less than what it was at the end of June.

— Scuffling IPO prices. Box and Hortonworks laid the shaky foundation for tech IPOs last year, and two start-ups that initially impressed — Fitbit (FIT) and Shopify (SHOP) — now have stock prices at or below their opening-day public debuts. Twitter, which went public in late 2013, is trading near an all-time low.

The stock market hasn't been any easier to established public companies. Last week, shares in Apple (AAPL), Google-parent Alphabet (GOOGL), Facebook (FB), Amazon (AMZN), Microsoft (MSFT), Yahoo (YHOO) and Twitter all took a thumping.

A DIFFERENT ERA THAN 2000

All isn't gloomy, however. Tech remains a hotbed for innovation and funding.

Reflecting their undivided faith in Silicon Valley-based startups, investors poured $33.9 billion into the region's start-ups in 1,963 deals last year, says Pitchbook, a private capital market researcher. But activity was down sharply from 2,534 deals in 2014.

The Bay Area accounted for 27% of venture money invested worldwide and 16% of all deals, Pitchbook said.

"We're in a bit of a different bubble this time," says Kon Leong, CEO of ZL Technologies, an email- and file-archiving company. "The exuberance now has a foundation" as measured by market size and sales potential, he says.

There is a silver lining for companies fearful of a repeat of the dot-com crash 16 years ago.

Although Instacart exists in the same general market as Webvan, which went bust in 2001, its prospects are much brighter, Simpson says. The Internet audience is significantly larger — 3 billion now, compared with 500 million in 2000 — and more consumers are likely to use delivery services than they did back then, investor Simpson says.

The valley, like most industries, is built on cycles, says Joe Horowitz, managing general partner at Icon Ventures. What goes up, he says, eventually must come down.
http://www.usatoday.com/story/tech/2...unds/78028176/





U.S. and EU Firms Warn of 'Enormous' Consequences if Data Pact Talks Fail
Julia Fioretti and Dustin Volz

The two largest American and European trade groups have warned of "enormous" consequences for thousands of businesses and millions of users if Brussels and Washington fail to wrap up talks on a data transfer pact by the end of the month.

The United States and Washington accelerated negotiations on a new framework enabling firms to easily transfer personal data across the Atlantic after the previous one was struck down by a top EU court last year on concerns about U.S. snooping.

Under European Union data protection law, companies cannot transfer EU citizens' personal data to countries outside the bloc deemed to have insufficient privacy safeguards, of which the United States is one.

Since the EU's highest court ruled on Oct. 6 that the 15-year-old Safe Harbour framework, used by over 4,000 firms to transfer Europeans' data to the United States, did not adequately protect the data because U.S. national security requirements trumped privacy safeguards, firms on both sides of the Atlantic have been in legal limbo.

In a letter, seen by Reuters, to U.S. President Barack Obama, European Commission President Jean-Claude Juncker and the 28 European heads of state, four business associations warned of the dire economic impact if data flows between the two blocs were disrupted.

"This issue must be resolved immediately or the consequences could be enormous for the thousands of businesses and millions of users impacted," the letter from U.S. Chamber of Commerce, BusinessEurope, DigitalEurope and the Information Technology Industry Council says. (bit.ly/1OqqMKX)
http://uk.reuters.com/article/us-eu-...-idUKKCN0UV0YR





AT&T's CEO Says Tim Cook Shouldn't Have Any Say in Encryption Debate
Chris Welch

AT&T CEO Randall Stephenson doesn't think Apple CEO Tim Cook should be making long-term decisions around encryption that could ripple across the technology industry. "I don’t think it is Silicon Valley’s decision to make about whether encryption is the right thing to do," he told The Wall Street Journal in an interview on Wednesday. "I understand Tim Cook’s decision, but I don’t think it’s his decision to make," said Stephenson. "I personally think that this is an issue that should be decided by the American people and Congress, not by companies."

""I don't think it's his decision to make.""

Cook has repeatedly argued there's no feasible way for Apple to create a "backdoor" that would help law enforcement circumvent the encryption on iPhones that protects consumer data, since such an opening could also be exploited by malicious users.

But that hasn't stopped many politicians from urging Apple to do more; the company has routinely come up during recent presidential debates whenever the subject turns to privacy and encryption. Both GOP and Democrat candidates have called for leading Silicon Valley companies to better assist the government and law agencies in fighting terrorism. Jeb Bush, in particular, was questioned on what he would do — once president — if Cook doesn't change his mind. "You got to keep asking," he said. "You've got to keep asking because this is a hugely important issue." But the argument that terrorists are increasingly using encryption to "go dark" and avoid detection is pretty badly flawed.

Stephenson also touched on his company's undesirable link with the NSA's mass snooping efforts, suggesting that AT&T has unfairly been singled out. "It is silliness to say there’s some kind of conspiracy between the US government and AT&T," he said. But documents leaked by Edward Snowden portray the relationship between AT&T and the government as rather cozy; AT&T is credited as being "highly collaborative" and has installed far more surveillance equipment than its fellow US wireless carriers. The government has paid AT&T millions of dollars in return. AT&T's official stance is that it only hands over customer data when presented with a court order "or other mandatory process" — and in cases where a person’s life is in imminent danger.
http://www.theverge.com/2016/1/21/10...ide-encryption





Hillary Clinton Hints At Apple, Facebook Compromise Over Encryption
Thomas Tamblyn

Hillary Clinton has given a hint during the last Democratic debate that talks between the US Government and Silicon Valley companies over personal encryption could be progressing further than people first thought.

When NBC's Andrea Mitchell suggested that Silicon Valley had flatly refused to cooperate with the US Government's requests to ease up on its defense of encryption Clinton simply replied: "that is not what I’ve heard... let me leave it at that.”

That might not seem like much but the comment has far-reaching implications for both privacy advocates in the US and here in the UK.

Silicon Valley has generally held the view that the public's privacy is absolutely paramount, insisting that it would never hand over a 'key' which would allow government agencies to access encrypted messages sent between people over services such as iMessage and WhatsApp.

Here in the UK the government's new Investigatory Powers Bill or 'Snoopers' Charter' asks that any UK-based company should make 'reasonable' efforts to provide intelligence services with this encrypted information.

This effectively would allow the government to say that it wasn't banning encryption, but that it would be asking for a 'back door' into people's private messages.

Luckily for many of us, the services we use are provided by companies based in the US, which means they're under no lawful obligation to hand that information over.

That could however no longer be the case if talks between the US government and Silicon Valley companies were progressing enough to include highly regulated access to end-to-end encrypted messages.

The problem, as with much of this, is that until the talks are completed it's all mostly speculation. Clinton has remained remarkably tight-lipped about the talks while on the other side Apple CEO Tim Cook has been an almost constant voice in favour of end-to-end encryption warning that handing over a 'key' to governments would have 'dire consequences' for the public.

Indeed in the UK, Apple actually submitted an eight-page report which outlined the company's concerns regarding the IPB and the implications it could have for personal privacy.

The talks in the US aren't just about opening up the public's private messages though, a leaked briefing document reportedly obtained by The Intercept hints at the government looking to recruit Silicon Valley companies in the PR battle against ISIS.

"The United States recognizes the need to empower credible non-governmental voices that would speak out against ISIL and terrorism more broadly both overseas and at home.

However, there is a shortage of compelling credible alternative content;"

It goes on to request "the private sector to consider ways to increase the availability alternative content. Beyond the tech sector, we have heard from other private sector actors, including advertising executives, who are interested in helping develop and amplify compelling counter-ISIL content." http://www.huffingtonpost.co.uk/2016...n_9008034.html





NSA Chief Stakes Out Pro-Encryption Position, in Contrast to FBI
Jenna McLaughlin

National Security Agency Director Adm. Mike Rogers said Thursday that “encryption is foundational to the future,” and arguing about it is a waste of time.

Speaking to the Atlantic Council, a Washington, D.C., think tank, Rogers stressed that the cybersecurity battles the U.S. is destined to fight call for more widespread use of encryption, not less. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack of the Office of Personnel Management involving the personal data about 20 million people who have gotten background checks.

“So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” he said, shaking his head.

“So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”

Other government officials — most notably FBI Director James Comey — have been crusading for a way that law enforcement can get access to encrypted data.

But technologists pretty much universally agree that creating some sort of special third-party access would weaken encryption to the point that it would threaten every internet transaction we make, from online banking to filling out our health records to emailing our friends and significant others. A hole in encryption for special FBI access would be a hole that criminals could sneak through, too.

While there’s been a lot of talk about giving up some privacy for security, Rogers said both are paramount.

“Concerns about privacy have never been higher. Trying to get all those things right, to realize that — it isn’t about one or the other,” he said. He does not think that “security is the imperative and that ought to drive everything.” Nor should privacy, he continued. “We’ve got to meet these two imperatives. We’ve got some challenging times ahead of us, folks.”

Comey, who formerly advocated for a way to get law enforcement access without weakening encryption, recently switched tactics. Now he is pressuring companies to change their business models and simply not offer true end-to-end encryption to their customers.

The White House has decided not to pursue legislation to outlaw unbreakable end-to-end encryption, following pressure from privacy advocates and scientists. But the intelligence community’s top lawyer, Bob Litt, privately advised the administration that a major terrorist attack could be an opportune moment to do so.

And the White House has not issued a statement in defense of encryption, to the frustration of Apple CEO Tim Cook, among others.

Meanwhile, Sens. Richard Burr, R-N.C., and Dianne Feinstein, D-Calif., are reportedly planning their own proposed legislation to require law enforcement access.

Rogers’ comments could indicate a split on this issue between the intelligence community and domestic law enforcement.

A former NSA director, Michael Hayden, said in January that he thinks Comey is on the wrong side of this debate. “I disagree with Jim Comey. I actually think end-to-end encryption is good for America,” he said.

Hayden has also spoken about how U.S. intelligence agencies have figured out how to get the information they need without weakening encryption — such as using metadata, which shows who is contacting whom. Another former NSA boss, Mike McConnell, has also spoken out against trying to install backdoors in encryption.

Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.
https://theintercept.com/2016/01/21/...ntrast-to-fbi/





Yet Another Bill Seeks to Weaken Encryption-By-Default on Smartphones

Asm. Jim Cooper: "Human trafficking trumps privacy, no ifs, ands, or buts about it."
Cyrus Farivar

A second state lawmaker has now introduced a bill that would prohibit the sale of smartphones with unbreakable encryption. Except this time, despite very similar language to a pending New York bill, the stated rationale is to fight human trafficking, rather than terrorism.

Specifically, California Assemblymember Jim Cooper’s (D-Elk Grove) new bill, which was introduced Wednesday, would "require a smartphone that is manufactured on or after January 1, 2017, and sold in California, to be capable of being decrypted and unlocked by its manufacturer or its operating system provider."

If the bill passes both the Assembly and State Senate and is signed into law by Gov. Jerry Brown (D), it would affect modern iOS and Android devices, which enable full-disk encryption that neither Apple nor Google can access. AB 1681’s language is nearly identical to another bill re-introduced in New York state earlier this month, but Cooper denied that it was based on any model legislation, saying simply that it was researched by his staff. He also noted that the sale of his own iPhone would be made illegal in California under this bill.

Cooper himself, a 30 year veteran with the Sacramento County Sheriff’s Department, told Ars that allowing local law enforcement to access unencrypted phones through the warrant process was not the same thing as allowing the National Security Agency or the CIA free rein. He also noted that "99 percent" of Californians would never have their phones be implicated in a law enforcement operation, implying that they should not have to worry.

The lawmaker also re-iterated many of the talking points that he said at a press conference earlier in the day, with various law enforcement officials and anti-human trafficking advocates at his side. The press conference, which Ars did not find out about until after it had concluded, portrayed the issue as a question of "human trafficking evidentiary access"—scarcely even using the word encryption.

"If you're a bad guy [we] can get a search record for your bank, for your house, you can get a search warrant for just about anything," Cooper told Ars in a brief phone call on Wednesday afternoon. "For the industry to say it's privacy, it really doesn't hold any water. We're going after human traffickers and people who are doing bad and evil things. Human trafficking trumps privacy, no ifs, ands, or buts about it."

Impractical and possibly illegal

Two privacy lawyers that Ars spoke to said the bill has two major problems as currently written.

"Human trafficking is obviously a major social issue that we need to address," Gautam Hans, an attorney with the Center for Democracy and Technology, told Ars by e-mail.

"However, I don't think this is the best way to solve that issue. Weakening encryption will do a great deal of harm to the security of the Internet, and it's not clear that it helps with the law enforcement goals. Encryption proposals that include backdoors are fundamentally insecure and would create vulnerabilities that unauthorized actors could exploit."

Similarly, Andrew Crocker, an attorney with the Electronic Frontier Foundation, told Ars that the bill had "glaring problems" and that it was "entirely infeasible from a technical perspective."

"There is no way to ensure that phones can be decrypted by the police and not the ‘bad guys,’" he e-mailed Ars. "Just as in New York, this California lawmaker misses the point that it's not about privacy but security—the security of innocent people's devices against hackers, thieves and others. It could well be unconstitutional under the First Amendment as well."

"As for the protect the children argument, I am sympathetic, but there are always limits on law enforcement's power to investigate crime," he added. "No matter how terrible the crime, we don't allow the police to disregard other important values like privacy and security, and this is a law that would make us all less secure. Meanwhile the police have access to lots of other tools to get at this evidence, from hacking or brute forcing the device to getting cloud backups to forcing the owner to unlock the phone. Moreover the sophisticated bad guys will resort to third-party tools to cover their tracks."

Both lawyers speculated that the bill would also likely be illegal under the Dormant Commerce Clause, the federal legal doctrine that forbids states from imposing undue burdens on interstate commerce.

“Technologically stupid”

As of press time, neither Cooper nor his staff had provided any evidence that there has been a large number of cases, much less any cases in his district or statewide, that were unable to be prosecuted due to an encrypted smartphone.

In July 2015, Wired reported that in Manhattan, District Attorney Cyrus Vance, Jr. said that there were just 74 out of a total of 10,000 cases local prosecutors handle annually that involved unlockable phones. Vance did not say whether such cases were not prosecuted at all.

Neither Google nor Apple immediately responded to Ars’ request for comment, but Apple’s position has been made very clear by its CEO, Tim Cook. In September 2014, Apple took a new strong pro-encryption stance, saying that under iOS 8 (and later) devices it was unable to access customer data. Currently, Apple is also fighting a federal government demand to help unlock a criminal suspect’s iPhone in federal court in New York.

At a congressional hearing in April 2015, Rep. Ted Lieu (D-Calif.) wholly dismissed law enforcement’s arguments that they needed new expansive powers to weaken cryptography. Rep. Lieu, a computer science major and a Lieutenant Colonel in the United States Air Force Reserves, said giving the government a backdoor was ludicrous.

"It is clear to me that creating a pathway for decryption only for good guys is technologically stupid. You just can't do that," he said at the time.

More recently, in July 2015, 15 of the nation’s top cryptographers lambasted attempts to diminish security.

As they concluded:

“Policy-makers need to be clear-eyed in evaluating the likely costs and benefits. It is no surprise that this report has ended with more questions than answers, as the requirements for exceptional access are still vague. If law enforcement wishes to prioritize exceptional access, we suggest that they need to provide evidence to document their requirements and then develop genuine, detailed specifications for what they expect exceptional access mechanisms to do. As computer scientists and security experts, we are committed to remaining engaged in the dialogue with all parts of our governments, to help discern the best path through these complex questions.”
http://arstechnica.com/tech-policy/2...n-smartphones/





Did the European Court of Human Rights Just Outlaw “Massive Monitoring of Communications” in Europe?
Sarah St.Vincent

Over the past two years, a trio of high-profile cases before the European Court of Human Rights that concern the United Kingdom’s large dragnet surveillance programs—and the country’s collaboration with the NSA—have become the focus of many activists’ hopes that the Court will effectively outlaw indiscriminate surveillance in Europe once and for all. With yesterday’s release of a judgment in a little-known case against Hungary, which builds on an equally important judgment issued against Russia in December, it turns out that the Court may effectively have just done exactly that.

In the Russian case, Roman Zakharov v. Russia, a St. Petersburg publisher (who also chaired an NGO that promotes journalists’ rights) challenged laws allowing the Russian security services to intercept any telephone conversation without a judicial order through surveillance equipment that had been installed at mobile phone companies. Meanwhile, in the case that was the subject of yesterday’s judgment, Szabó and Vissy v. Hungary, two activists challenged sweeping legislation adopted in 2011 that allows the Hungarian police to search houses, postal mail, and electronic communications and devices without judicial approval when seeking to prevent terrorism or otherwise protect Hungary’s national security. CDT submitted a third-party intervention in the latter case, and—in a rare move—the Court cited our analysis multiple times, including in a remarkable forward-looking paragraph suggesting that the judges hope to flesh out the European Convention on Human Rights’ (ECHR) constraints on ever-increasing ability of governments “to acquire a detailed profile … of the most intimate aspects of citizens lives” in future cases.

Both of these cases alleged that the governments involved had violated the right to respect for private life and correspondence, which is enshrined in Article 8 of the ECHR. Article 8 requires that any government interference with this right to privacy must meet two criteria. First, the interference must be done “in accordance with the law”: that is, the country’s own law, international law, and what the Court has described generally as the “rule of law.” Second, it must be “necessary in a democratic society” to achieve one of a limited set of purposes such as the protection of national security or the prevention of crime. The Court’s previous cases have established that where secret surveillance is concerned, any interference with privacy must in fact be “strictly necessary for safeguarding the democratic institutions.”

In Zakharov, the Court alluded to the possibility of broad indiscriminate surveillance only in passing, since the scenario it was considering was one in which the security services could start intercepting a telephone conversation at any time, but were not explicitly alleged to be intercepting all conversations (or related data such as the time and duration of calls) at all times. The Court found that a government may only intercept telephone communications where the body authorizing the surveillance has confirmed that there is a “reasonable suspicion” of wrongdoing on the part of “the person concerned.” This language, along with the Court’s statement that a surveillance authorization “must clearly identify a specific person … or a single set of premises” as the subject of the monitoring, seemed to set the stage for a ruling that UK-style society-wide surveillance programs such as Tempora are illegal under the ECHR.

In an unexpected form, that ruling may have arrived. Noting (as the Zakharov judges also did) that “a system of secret surveillance … may undermine or even destroy democracy under the cloak of defending it,” the Court in Szabó and Vissy considered whether the challenged Hungarian laws provide “adequate and effective guarantees against abuse.” The answer was no: the phrase “strictly necessary in a democratic society,” the Court explained for the first time, means not only that a surveillance measure must be strictly necessary for “safeguarding the democratic institutions” at a general level, but must also be “strictly necessary … for the obtaining of vital intelligence in an individual operation.” Crucially, the Court added that the Hungarian authorities must therefore interpret a law allowing surveillance authorizations to apply to “a range of persons”—which, as the Court observed, could potentially include everyone in Hungary—very narrowly. According to the Court, the body authorizing the surveillance must “verify whether sufficient reasons for intercepting a specific individual’s communications exist in each case.”

In other words: no gathering of an enormous indiscriminate haystack in order to search for a needle.

Zakharov was decided by the European Court’s Grand Chamber—the Court’s highest body—while yesterday’s judgment in Szabó and Vissy was issued by the Court’s Fourth Section: a subset of judges who, as it happens, also decide cases brought against the UK. (The Fourth Section’s judgment will remain the Court’s final word in the Hungarian case unless one of the parties successfully obtains a referral to the Grand Chamber.) As far as the Court is concerned, the substance of both sets of findings will apply to the surveillance schemes of any of the 47 Member States of the Council of Europe. This means that if Szabó and Vissy did indeed outlaw large-scale dragnet surveillance, it effectively did so for the entire continent.

Importantly, a concurrence in the Hungarian case suggests that the Fourth Section watered down the “reasonable suspicion” standard found in Zakharov, and implies that far from banning (as the majority termed it in one passage) “massive monitoring of communications,” the Szabó and Vissy judgment has embraced it. It is unclear whether this interpretation may rest on a misreading of certain dicta (that is, nonessential language) in the majority opinion, but it means that activists should expect at least some level of debate concerning this case to continue until rulings in the UK cases arrive. Yet, notwithstanding this dissonant note, the Court’s requirement of individualized targeting appears to be unambiguous.

Both Zakharov and Szabó and Vissy are multifaceted cases, and their findings regarding how surveillance must be authorized and overseen—as well as their profound implications for the UK’s Investigatory Powers Bill, a deeply flawed piece of proposed legislation—will be the subject of future CDT analysis. Regarding the authorization of surveillance, the Court in the Hungarian case has indicated more strongly than ever that it expects authorization to be carried out by judges, (or at least officials qualified to hold judicial office), although the Court appears to be reluctant to overturn its prior holdings that non-judicial authorization systems may comply with human rights if they are sufficiently independent. It stressed the need for any authorization body to have—and use—the power to examine all the relevant evidence, and said that it will subject any non-judicial system to “close scrutiny.”

For now, however, the Court’s apparent finding that surveillance must be individualized deserves marquee billing.
https://cdt.org/blog/did-the-europea...ons-in-europe/





UK Government Voice Encryption Standard Built for Key Escrow, Surveillance
Dennis Fisher

The U.K. government’s standard for encrypted voice communications, which already is in use in intelligence and other sectors and could be mandated for use in critical infrastructure applications, is set up to enable easy key escrow, according to new research.

The standard is known as Secure Chorus, which implements an encryption protocol called MIKEY-SAKKE. The protocol was designed by GCHQ, the U.K.’s signals intelligence agency, the equivalent in many ways to the National Security Agency in the United States. MIKEY-SAKKE is designed for voice and video encryption specifically, and is an extension of the MIKEY (Multimedia Internet Keying) protocol, which supports the use of EDH (Ephemeral Diffie Hellman) for key exchange.

“MIKEY supports EDH but MIKEY-SAKKE works in a way much closer to email encryption. The initiator of a call generates key material, uses SAKKE to encrypt it to the other communication partner (responder), and sends this message to the responder during the set-up of the call. However, SAKKE does not require that the initiator discover the responder’s public key because it uses identity-based encryption (IBE),” Dr. Steven Murdoch of University College London’s Department of Computer Science, wrote in a new analysis of the security of the Secure Chorus standard.

“In conventional public key systems each party generates their own private key and distributes their public key to anyone who needs it but in an IBE system, all private keys are generated by the network provider from their master private key.”

That master key needs to be permanently available so that users can access it, making it a natural target for attackers. But the bigger issue is that it would enable network providers to decrypt calls.

“The existence of a master private key that can decrypt all calls past and present without detection, on a computer permanently available, creates a huge security risk, and an irresistible target for attackers. Also calls which cross different network providers (e.g. between different companies) would be decrypted at a gateway computer, creating another location where calls could be eavesdropped,” Murdoch wrote.

Like many other countries, the U.K. has been in the throes of a public and private debate over Internet and phone surveillance since the start of the Edward Snowden revelations several years ago. The surveillance programs revealed by the Snowden have included many run by the GCHQ and NSA, some jointly, some separately. U.K. officials have been discussing the possibility recently of banning or severely restricting strong encryption.

The Secure Chorus standard is in use for some government and intelligence communications in the U.K. now and the GCHQ could use its authority to mandate its use in the public sector and some critical infrastructure organizations, as well. The agency has a program called Commercial Product Assessment to certify encryption products for use in classified government applications, and it has said it will certify only products that implement Secure Chorus.

All of which does not bode well for the security of users’ voice communications.

“Although the words are never used in the specification, MIKEY-SAKKE supports key escrow. That is, if the network provider is served with a warrant or is hacked into it is possible to recover responder private keys and so decrypt past calls without the legitimate communication partners being able to detect this happening,” Murdoch wrote in his analysis.

“Secure Chorus facilitates undetectable mass surveillance, in a way that EDH based key encryption schemes would not. This is presented as a feature rather than bug, with the motivating case in the GCHQ documentation being to allow companies to listen to their employees calls when investigating misconduct, such as in the financial industry.”

The way that the standard is designed, there’s no good way to implement it without the key escrow mechanism, Murdoch said.

“By design there is always a third party who generates and distributes the private keys for all users. This third party therefore always has the ability to decrypt conversations which are encrypted using these private keys,” Murdoch said by email.

He added that the design of Secure Chorus “is not an accident.” There are existing protocols, such as ZRTP, that can accomplish the security tasks Secure Chorus is supposed to, but without the backdoor access of key escrow. However, GCHQ has eschewed those in favor of its own design.

“The claim that GCHQ make is that existing protocols do not support the necessary “scale and usability requirements” but this does not sound plausible to me. The only explanation that I think remains is that GCHQ want people to use encryption systems which permit undetectable mass surveillance,” Murdoch said by email.
https://www.onthewire.io/uk-voice-en...-surveillance/





Deliberately Hidden Backdoor Account in Several AMX (HARMAN Professional) Devices
SEC Consult

To be fair, their products really do offer a wide variety of features, which is probably also the reason why US President Barrack Obama is sometimes seen in front of a control panel by AMX, while sitting in a meeting at the White House. According to the case studies published by AMX they have multiple governmental and military bodies equipped with their conference room gear. This includes but is not limited to the White House, the U.S. Forces Afghanistan as well as the Center for Strategic and International Studies (CSIS).

Some of the affected devices seem to be "tested and approved by the US DoD as a JITC certified secure command and control, conference, training and briefing room solution" as well according to this AMX web page. Further AMX market customer profiles can be accessed here: AMX customer profiles.

With that said, lets talk about security.

How AMX (HARMAN Professional) handles security.

In early 2015 SEC Consult decided to take a look into the security of a conference room solution provided by AMX. Let's not waste any words on the tiring process of getting the binaries out of the small black box and jump right to the meat of it all.

During the analysis of the authentication procedure of one of the central controller systems (AMX NX-1200), something strange popped up:

A function, which they decided to call "setUpSubtleUserAccount". And this function does exactly what the name would suggest.
It sets up a subtle user account. The strings seen in the above screenshot, revealed an interesting detail about the vendor's security strategy. AMX apparently called for a little extra help in the universe of Marvel superheroes to protect their products (and coincidentally also the U.S. military) from the evil super villain hackers. At least that is what we assume, because the expert spy and top S.H.I.E.L.D. agent Black Widow has her own personalized account on the device.

Like most superheroes, Black Widow prefers to stay under the radar, not requesting any credit for her heroic actions. Because of that, the vendor made an effort in hiding her details from eyes of innocent admins and users alike:

As the daily work of a superhero, especially for an IT SECURITY SUPERHERO, is quite challenging, AMX went ahead and implemented some additional tools like a packet-capture/sniffing facility, to aid the expert spy Black Widow in the fight against the super villain hackers. These tools are only available to our superhero as the power they hold should not be available to simple administrators.

Responsible disclosure

As usual, SEC Consult Vulnerability Lab communicated this issue according to our responsible disclosure policy. Initial contact and exchange of the security advisory was performed through the European sales team at AMX. About seven months(!) later AMX provided a fix for the backdoor. A quick review of the new firmware showed that the backdoor was still in place, but Black Widow was gone. Did she decide to step down after being exposed? Did they fire her? Unfortunately we don't have any details on this.

Whatever the reason may be, the vendor decided to hire somebody from the DC universe this time. Na na na na na na na na ... you guessed it. BATMAN! But not the usual Batman, the leet-hacker-Batman, who uses numbers and special characters to write his own name:

This time around, we decided (tried) to get in direct contact with somebody responsible for security at AMX (HARMAN Professional). After numerous emails requesting a security contact to exchange the information about the vulnerability, finally somebody replied. We exchanged the security advisory unencrypted, as requested by AMX. Then they went silent again.

Fast forward another three months to early 2016, we had still not heard back from AMX, despite asking for a status update several times, and even postponing the release of the security advisory in order to give them (even) more time for sorting things out with Batman and Black Widow.

Yesterday (2016-01-20) AMX finally replied, informing SEC Consult that they have released firmware updates for the affected products. These updates are untested and unconfirmed by SEC Consult.

Grab them here while they're hot: http://www.amx.com/techcenter/NXSecurityBrief/ - we were told that some of the updates can only be retrieved through AMX tech support.

Furthermore, our contact stated that AMX will be starting a major security initiative which is a very good thing to do!

For the tech geeks, here is our advisory with additional technical information, a contact timeline detailing the communication attempts and a list of affected devices.

Be aware though, that the backdoor password is only for agents of S.H.I.E.L.D. and hence will not be disclosed.
http://blog.sec-consult.com/2016/01/...ccount-in.html





BlackBerry Devices: Secure As They Have Always Been

There have been recent media reports that police-affiliated groups in the Netherlands have been able to ‘crack’ the encryption protecting e-mails and other data that are stored on BlackBerry devices.

BlackBerry does not have any details on the specific device or the way that it was configured, managed or otherwise protected, nor do we have details on the nature of the communications that are claimed to have been decrypted.

If such an information recovery did happen, access to this information from a BlackBerry device could be due to factors unrelated to how the BlackBerry device was designed, such as user consent, an insecure third party application, or deficient security behavior of the user.

Furthermore, there are no backdoors in any BlackBerry devices, and BlackBerry does not store and therefore cannot share BlackBerry device passwords with law enforcement or anyone else. In other words, provided that users follow recommended practices, BlackBerry devices remain as secure and private as they have always been.
http://blogs.blackberry.com/2016/01/...e-always-been/





EFF Pries More Information on Zero Days from the Government’s Grasp
Andrew Crocker

Until just last week, the U.S. government kept up the charade that its use of a stockpile of security vulnerabilities for hacking was a closely held secret.1 In fact, in response to EFF’s FOIA suit to get access to the official U.S. policy on zero days, the government redacted every single reference to “offensive” use of vulnerabilities. To add insult to injury, the government’s claim was that even admitting to offensive use would cause damage to national security. Now, in the face of EFF’s brief marshaling overwhelming evidence to the contrary, the charade is over.

In response to EFF’s motion for summary judgment, the government has disclosed a new version of the Vulnerabilities Equities Process, minus many of the worst redactions. First and foremost, it now admits that the “discovery of vulnerabilities in commercial information technology may present competing ‘equities’ for the [government’s] offensive and defensive mission.” That might seem painfully obvious—a flaw or backdoor in a Juniper router is dangerous for anyone running a network, whether that network is in the U.S. or Iran. But the government’s failure to adequately weigh these “competing equities” was so severe that in 2013 a group of experts appointed by President Obama recommended that the policy favor disclosure “in almost all instances for widely used code.”

The newly disclosed version of the Vulnerabilities Equities Process (VEP) also officially confirms what everyone already knew: the use of zero days isn’t confined to the spies. Rather, the policy states that the “law enforcement community may want to use information pertaining to a vulnerability for similar offensive or defensive purposes but for the ultimate end of law enforcement.” Similarly it explains that “counterintelligence equities can be defensive, offensive, and/or law enforcement-related” and may “also have prosecutorial responsibilities.” Given that the government is currently prosecuting users for committing crimes over Tor hidden services, and that it identified these individuals using vulnerabilities called a “Network Investigative Technique”, this too doesn’t exactly come as a shocker.

Just a few weeks ago, the government swore that even acknowledging the mere fact that it uses vulnerabilities offensively “could be expected to cause serious damage to the national security.” That’s a standard move in FOIA cases involving classified information, even though the government unnecessarily classifies documents at an astounding rate. In this case, the government relented only after nearly a year and a half of litigation by EFF. The government would be well advised to stop relying on such weak secrecy claims—it only risks undermining its own credibility.

The new version of the VEP also reveals significantly more information about the general process the government follows when a vulnerability is identified. In a nutshell, an agency that discovers a zero day is responsible for invoking the VEP, which then provides for centralized coordination and weighing of equities among all affected agencies. Along with a declaration from an official at the Office of the Director of National Intelligence, this new information provides more background on the reasons why the government decided to develop an overarching zero day policy in the first place: it “recognized that not all organizations see the entire picture of vulnerabilities, and each organization may have its own equities and concerns regarding the prioritization of patches and fixes, as well as its own distinct mission obligations.” We now know the VEP was finalized in February 2010, but the government apparently failed to implement it in any substantial way, prompting the presidential review group’s recommendation to prioritize disclosure over offensive hacking.

We’re glad to have forced a little more transparency on this important issue, but the government is still foolishly holding on to a few last redactions, including refusing to name which agencies participate in the VEP. That’s just not supportable, and we’ll be in court next month to argue that the names of these agencies must be disclosed.
https://www.eff.org/deeplinks/2016/0...ernments-grasp





Groups Want U.S. to Adopt Strong Broadband Privacy Rules
David Shepardson

A coalition of U.S. groups on Wednesday urged the Federal Communications Commission to write sweeping privacy protections for the nation's broadband users.

The groups want providers of broadband internet services including mobile and landline phone, cable and satellite TV firms to be subject to tough privacy regulations.

Among the firms that would be affected are AT&T Inc, Comcast Corp, Verizon Communications Inc and Cablevision Systems Corp.

"As the role of the Internet in the daily lives of consumers increases, this means an increased potential for surveillance," said the letter to FCC chairman Tom Wheeler seen by Reuters and signed by the American Civil Liberties Union, Center for Digital Democracy, Consumer Watchdog Electronic Frontier Foundation, Public Citizen and 54 other groups.

Critics say broadband providers are already harvesting huge amounts of consumer data for use in targeted advertising, the groups wrote. "This can create a chilling effect on speech and increase the potential for discriminatory practices derived from data use," the letter said.

Wheeler said this broadband providers must make sure information they collect about consumers is secure and that they are informed and have a choice about whether to participate.

In November, Wheeler said he expected the FCC would address privacy practices "in the next several months" from companies that "provide network services" and consumers should know what is being collected about their internet use.

Wheeler said the FCC questions if consumers "know what information is being collected? Do I have a voice in whether or not that's going to be used one way or another? Those are two very important baseline rights that individuals ought to have."

In November, the FCC rejected a petition from the group Consumer Watchdog to require internet firms called "edge providers" like Google, Facebook, YouTube, Pandora, Netflix, and LinkedIn to honor "Do Not Track" Requests from consumers.

The FCC has repeatedly said it has no intention to regulate those firms although Alphabet's Google could fall under the privacy regulations in its pilot project in which it is providing internet service.

An FCC spokeswoman declined to comment on the timing of any announcement.

A spokesman for USTelecom, a trade association representing major broadband providers, declined to comment, noting that the FCC has not proposed any privacy regulations.

Two Republican FCC commissioners wrote in August in a Wall Street Journal op-ed that the "FCC should refrain from imposing its Byzantine privacy regime on broadband and Internet providers."

(Reporting by David Shepardson; Editing by Cynthia Osterman)
http://uk.reuters.com/article/us-bro...-idUKKCN0UY0CM





Cable Acquisitions by Charter Communications Face Rising Opposition
Emily Steel and Cecilia Kang

Comcast’s failed $45 billion merger with Time Warner Cable collapsed last year under pressure from regulators, who found that the combined company would have had both the power and incentive to inhibit the future of streaming video.

Now, as rival Charter Communications seeks approval for its $67.1 billion takeover of Time Warner Cable and Bright House Networks, critics point to the same potential for harm.

“If Comcast’s deal for Time Warner Cable was a Category 5 hurricane, Charter-Time Warner is a Category 4,” said Jeff Blum, deputy general counsel of Dish Network, the satellite television provider.

Mr. Blum made his comments during a conference call Thursday held by a coalition of companies, advocacy and industry groups publicizing the potential harms of Charter’s takeover bid.

If approved, the proposed merger would create a powerful new force in the country’s broadband market. The combined company would rank as the country’s second-largest broadband provider behind Comcast with about 19.4 million subscribers, and the country’s No. 3 video provider with 17.3 million customers, across about 40 states. That increased heft is coming under close scrutiny as federal regulators continue their review of the Charter deals. If approved, the merger would most likely include strong conditions meant to prevent Charter from leveraging its market power to hurt rival streaming services, regulatory experts said. With increased clout, for instance, the company could restrict television networks from selling their content through stand-alone streaming services.

Charter, which already has announced a number of commitments related to the merger, has extra incentive to agree to conditions. Time Warner Cable would receive a breakup fee of up to $2 billion if the transaction falls apart. The company received nothing when Comcast walked away from its deal.

Another prominent issue is the role and influence of John C. Malone, the media mogul whose company Liberty Broadband would hold a 20 percent stake in a reconstituted Charter. Some groups have called for regulators to place restrictions on the involvement of Mr. Malone, saying that his interests in entertainment companies — including Discovery Communications and Starz — could represent untenable conflicts. Whit Clay, a spokesman for the Liberty businesses, declined to comment.

Charter has argued that its deals pose no threat to the online video market because the future of its business depends more on broadband than its legacy video business. Alex Dudley, a Charter spokesman, said in a statement that the company is committed to creating American jobs, offering innovative products, faster Internet speeds, preserving an open Internet and online video with no data caps or modem fees.

“It should come as no surprise that Dish and other parties seeking to use the regulatory review process to extract concessions are also engaging in tired P.R. tactics to further their self-interests,” Mr. Dudley said in a statement. “Their arguments against the pending transactions are baseless.”

Federal regulators declined to discuss their reviews of Charter’s proposed merger with Time Warner Cable and Bright House. But in recent months, antitrust officials have provided some insight into their priorities when considering cable mergers. Central to their analysis has been whether bigger cable firms — with strong bargaining power with programmers and fast-growing broadband Internet businesses — could harm their newest threat: streaming video providers like Netflix and Hulu.

In a September speech, Jonathan Sallet, the general counsel for the Federal Communications Commission, said that the agency focused on the streaming companies in its decision to reject Comcast’s bid for Time Warner Cable.

The biggest concern was how a combined cable giant, with more than half of the high-speed Internet market and a major portion of the cable video market, could pressure programmers to keep their best content off online video services that competed with cable TV. Such market concentration over distribution would have given the company too much of an incentive to do so, Mr. Sallet said.

“Simply put, the core concern came down to whether the merged firm would have an increased incentive and ability to safeguard its integrated Pay TV business model,” Mr. Sallet said in the speech at a telecom policy conference.

Announced a month after Comcast aborted its bid last spring, Charter’s proposed acquisitions have been the target of significantly less backlash than the Comcast merger, which would have united the two largest cable operators in the country.

Some of the loudest critics of the Comcast deal, like Netflix, have come out in support of Charter’s takeover bid. Reed Hastings, Netflix’s chief executive, said this week that it would be a “tremendous positive” for the streaming industry because of Charter’s agreement to a “multiyear, strong net neutrality policy” across its new, bigger footprint.

“That means that we, Hulu, Amazon and others can compete on an open basis,” Mr. Hastings said. “We think it would be a huge step forward for U.S. policy” for streaming services.

Yet criticism of the deal has escalated in recent weeks as a number of media and technology companies, public interest groups and other organizations stepped forward to voice concerns over Charter’s proposed acquisitions.

In a meeting with F.C.C. officials last week, for example, executives from the media giant Time Warner said that public and private statements by Charter executives suggested that the deal could deter the development of streaming video options to the detriment of consumers. Dish, one of the most vocal opponents, has urged regulators to reject the proposed merger; its new Sling TV video service, which offers streaming television without a traditional cable or satellite subscription, is one of the offerings that could be harmed.

Dish has joined other opponents of the deal to form a new Stop Mega Cable coalition, which wants to raise awareness of the harms that could result from the deal, including increased costs and worse service for customers. In addition to Dish, members of the coalition include the public interest group Public Knowledge and industry trade group USTelecom — The Broadband Association, and Consumers Union, the advocacy arm of Consumer Reports.

“We want to make sure that the very dangers that enforcers were willing to challenge in the Comcast-Time Warner Cable merger are not allowed to go forward through a second company that can coordinate with Comcast,” Gene Kimmelman, chief executive of Public Knowledge and a former antitrust official at the Justice Department, said on the conference call Thursday.

“There is the danger of coordination on one side,” he added in an interview later. “But the opportunity here, through the right enforcement requirements, is to actually push for a new business model. That won’t happen automatically. It will have to be pressured.”
http://www.nytimes.com/2016/01/22/bu...pposition.html





Six Senators Accidentally Just Admitted they are Clueless About Internet Speeds
T.C. Sottek

Congress has struggled to understand the internet for a long time, and a group of six US senators joined a chorus of ignorance today when they submitted a letter to the FCC criticizing it for changing the definition of high-speed internet, The Hill first reported. Last January, the FCC made an obvious and reasonable decision to raise minimum download and upload speeds for "broadband internet" from a measly 4Mbps/1Mbps to 25Mbps/3Mbps. It's important that the government have a reasonable definition of broadband that keeps pace with evolving consumer use, otherwise laws governing deployment of internet according to those standards become essentially useless.

Of course, ISPs that enjoy monopoly conditions in many markets across the US don't like being told to provide better service for their customers, and from the beginning, their Republican allies on the commission panned the new definition. At the time, FCC Commissioner Michael O'Rielly said people could wait to enjoy 4K television for a few more years, and warned that increasing standards could lead us down a slippery slope toward a definition of broadband that supported "interplanetary teleportation."

"The letter is almost hilarious in its deep misunderstanding"

Today's letter from Steve Daines (R-MT), Roger Wicker (R-MS), Roy Blunt (R-MO), Deb Fischer (R-NE), Ron Johnson (R-WI), and Cory Gardner (R-CO) is almost hilarious in its deep misunderstanding about how people actually use the internet and what they need. The senators say that the 25Mbps standard is unnecessary because, for example, Netflix only recommends a download speed of 5Mbps for HD video, and Amazon only 3.5Mbps. (The recommendation for 4K video from Netflix is actually 25Mbps, but we suppose lawmakers agree that nobody should enjoy Ultra HD content yet.)

"Congress consistently uses ISP talking points"

The senators say they are "concerned that this arbitrary 25/3 Mbps benchmark fails to accurately capture what most Americans consider broadband," and that "the use of this benchmark discourages broadband providers from offering speeds at or above the benchmark." If these sound exactly like talking points from Verizon, Comcast, and other major ISPs, that's because they are: Comcast loves to tell Americans that they don't need faster internet, and ISPs join together every time they are about to be regulated to say that regulations will chill their future investments. Ars Technica reported that Republicans in Congress echoed ISP spin about network investments in hearings over net neutrality, but then just three months after the net neutrality rules took effect last year, Comcast posted earnings that showed its capital expenditures actually increased by 11 percent. So the idea that creating a standard will discourage ISPs from meeting that standard is total nonsense.

On a more practical level, probably everyone who has broadband knows that what the ISPs tell you you're getting isn't actually what you get. "Network congestion" and other invisible factors often deliver speeds well below an internet service plan's rating. In fact, virtually all of the major ISPs in the US, including Time Warner Cable, Comcast, AT&T, and Verizon, which collectively serve the supermajority of broadband customers in the country, reportedly deliver speeds anywhere between 1 percent and 23 percent slower than advertised. Furthermore, anybody who lives with family or roommates knows there's no way in hell that their household internet connection is being used to stream one Netflix show at a time and nothing else. Suddenly that "25Mbps" standard, which could be delivered as slow as 15Mbps or below in actuality, is also being shared by several people who are using the internet for a variety of purposes simultaneously. Once again, Congress' ideas about the internet just don't add up.
http://www.theverge.com/2016/1/21/10...eed-definition





ISPs Try to Kill Open-Access Fiber Network, Avoid Competition

In West Virginia, cable lobby and telcos rally against expanded broadband.
Jon Brodkin

Private Internet service providers are speaking out against a proposal to build a publicly funded fiber network in West Virginia.

State Sen. Chris Walters, a Republican, introduced a bill this week that would deploy more than 2,000 miles of fiber optic cable. The state-owned and operated network would include only middle-mile infrastructure and not the "last mile" fiber connections that extend to people's homes and businesses. This network would be open access, however, so any Internet service provider could gain access to the lines and build last-mile facilities to offer service directly to customers.

That arrangement would make it easier for small Internet service providers to compete against the big ones. Naturally, small ISPs support the project while big ISPs oppose it, the Charleston Gazette-Mail reported.

“This bill would obligate the state to borrow between $75 million and $100 million, and it wouldn’t guarantee that a single rural customer who doesn’t have broadband service would get it,” West Virginia Cable Television Association Chief Mark Polen told the paper. The cable association includes Suddenlink, Comcast, Shentel, Time Warner Cable, and others. “The state-financed, state-owned, and state-operated fiber network will be in direct competition with the private investments our members have made in West Virginia,” Polen also said.

Frontier Communications, the state's largest Internet provider, also opposes the project. On the other hand, "smaller firms like Citynet and Alpha Technologies support Walters’ proposal to build the 'middle-mile' network that would bring fiber from cities to rural communities," the paper reported.

“Once we build this network, people are going to use it,” Walters argued, adding that wireless ISPs in particular will be interested. “If all of a sudden you have a network that affordably gets you where you want to go, you’re going to use it if it makes financial sense.”

The cable lobby supports a different bill that would instead give up to $1 million a year in tax credits to Internet providers who build in remote areas. That would be $1 million total, not $1 million for each ISP.

Walters is chair of the Senate Transportation and Infrastructure Committee, which is scheduled to consider both bills next week. The committee voted in favor of a previous version of the fiber network bill a year ago, but the proposal stalled after opposition from Frontier.
http://arstechnica.com/tech-policy/2...d-competition/





BT Should Spin Off Network Division, Says MP-Backed Report

A file photograph shows a man looking towards the Telecom Tower, from Primrose Hill in London, Britain, December 29, 2015.
Reuters/Peter Nicholls/Files

Britain's BT (BT.L) should be forced to spin off its national broadband network to improve speeds and quality of service, an independent report backed by more than 100 lawmakers said on Saturday.

The British Infrastructure Group, which brings together lawmakers from all parties to promote improved services, said 42 percent of small and medium-sized firms were reporting problems with their internet connection, at an estimated cost of 11 billion pounds to the British economy.

"Given our modern economy is so reliant on the internet, it is time to stop being held back by BT's lack of ambition and under investment," it said.

BT, the former telecoms monopoly which owns the Openreach networks division responsible for connecting homes and offices to the internet, has come under sustained attack from its rivals in recent years who want the firm to be broken up.

The broadband market leader, which is buying mobile operator EE, owns the copper and fibre networks that serve rivals like Sky SKY.L and TalkTalk (TALK.L) as well as BT's own residential and business customers.

The networks division Openreach is managed at arm's length, but critics say the structure allows BT to abuse its market position and has hampered investment.

A spokeswoman for the government division responsible for broadband speeds said the report was "entirely misleading" and said the superfast broadband rollout would cover 95 percent of the country by 2017.

BT said in response that independent data from the European Union repeatedly placed Britain as the number one performer for broadband and superfast broadband when compared to other large EU countries.

British regulator Ofcom is investigating whether to force a break up of BT, however most industry analysts do not expect it to recommend that move.

(Reporting by Kate Holton; Editing by Janet Lawrence)
http://uk.reuters.com/article/uk-bt-...-idUKKCN0V10DN





Verizon Vows to Build the First 5G Network in the US
Stephen Lawson Follow

Verizon says it will have the first 5G network in the U.S., a promise it probably can't fulfill until 2020 but will start working at this year.

5G is the next generation of cellular technology after LTE and the subject of intense research and development around the world. It's expected to become an official standard in 2020, and some mobile operators say they'll have it ready by then or even before. NTT DoCoMo says it will have 5G running in time for the 2020 Summer Olympics in Tokyo, while SK Telecom claims it will have a network in place for the 2018 Winter Olympics in South Korea.

Verizon Chief Financial Officer Fran Shammo made the pledge Thursday on the company's fourth-quarter financial results call. He also repeated the company's plans for so-called 5G trials this year.

Shammo didn't say what parts of the still-developing technology will be tested in those trials, which will take place in two "sandbox" facilities in San Francisco and Waltham, Massachusetts. But he did give some hints at what Verizon is thinking about for the future standard.
9 tips for speeding up your business Wi-Fi

"It may not just be about mobility. It may be about other use cases," he said. One of those is the Internet of Things, which Verizon has already pegged as a focus of 5G. While LTE was developed for fast connections to smartphones and other mobile devices for people, 5G is also aimed at sensors and other small devices that talk to each other in slow trickles of data. IoT is a growth area for Verizon, which reported $200 million in revenue for that segment in the fourth quarter, up 18 percent from a year earlier.

Verizon also wants the U.S. Federal Communications Commission to set rules that will be needed for 5G deployment, Shammo said. Last year the agency started to consider allowing higher frequencies than ever for 5G networks. Those millimeter-wave bands are expected to help 5G networks serve more connections in dense urban areas.

Verizon was the first U.S. carrier with a large-scale 4G LTE network, starting in 2010. The LTE network carried more than 90 percent of its wireless traffic in the fourth quarter.

The company posted US$131.6 billion in consolidated revenue for 2015, up 3.6 percent from 2014. It reported net additions of 449,000 postpaid phones and 960,000 tablets in the fourth quarter.
http://www.networkworld.com/article/...in-the-us.html





Why do People Keep Coming to this Couple’s Home Looking for Lost Phones?
Kashmir Hill

It started the first month that Christina Lee and Michael Saba started living together. An angry family came knocking at their door demanding the return of a stolen phone. Two months later, a group of friends came with the same request. One month, it happened four times. The visitors, who show up in the morning, afternoon, and in the middle of the night, sometimes accompanied by police officers, always say the same thing: their phone-tracking apps are telling them that their smartphones are in this house in a suburb of Atlanta.

But the phones aren’t there, Lee and Saba always protest, mystified at being fingered by these apps more than a dozen times since February 2015. “I’m sorry you came all this way. This happens a lot,” they’d explain. Most of the people believe them, but about a quarter of them remain suspicious, convinced that the technology is reliable and that Lee and Saba are lying.

“My biggest fear is that someone dangerous or violent is going to visit our house because of this,” said Saba by email. (Like this guy.) “If or when that happens, I doubt our polite explanations are gonna go very far.”

People, after all, can get pretty desperate when their tech appendages go missing. And sometimes, it’s not just a phone that’s missing, but a person. In June, the police came looking for a teenage girl whose parents reported her missing. The police made Lee and Saba sit outside for more than an hour while the police decided whether they should get a warrant to search the house for the girl’s phone, and presumably, the girl. When Saba asked if he could go back inside to use the bathroom, the police wouldn’t let him.

“Your house is a crime scene and you two are persons of interest,” the officer said, according to Saba.

The couple, who are in their 20s, she a journalist and he an engineer, worry the police will kick down their door one day, a scenario that has happened before based on faulty Find-My-iPhone tracking.

“It really drives home how unsafe and fallible some of this technological evidence is,” said Saba by phone.

The missing phones don’t seem to have anything in common. Some are iPhones. Some are Androids. They’re on different carriers: AT&T, Verizon, T-Mobile, Sprint, Boost Mobile. Saba and Lee don’t know who can fix it because there’s no obvious guilty party. They filed a complaint with the local police department but that hasn’t helped. They’ve already had two visits in 2016.

I consulted experts and phone companies to try to figure out what’s happening. They were stumped. Most experts said they needed more data to solve the mystery but were willing to speculate.

Ken Westin, a security analyst who used to run a device-tracking app company, says geolocation tech like this usually looks first to the phone’s GPS information (which relies on satellites), then to the cell towers to which it was recently connected, then WiFi fingerprints based on maps of WiFi networks created by companies like Skyhook, and then to the IP address, which tends to be the least accurate. He thought it sounded like a flaw in cell tower triangulation.

Something like that happened before to a man in Las Vegas. Sprint customers kept coming to his home looking for their phones. After the issue got media attention in 2013, Sprint told the Verge that the man’s home “happen[ed] to be in the center of a geometric circle denoting the coverage area of one sector of a Sprint cell site,” and that it was the default location that showed up when a more precise location wasn’t available. Sprint apologized for the inconvenience. The difference with Lee and Saba is that the phones aren’t affiliated with one carrier.

There are three cell towers near Saba and Lee’s home; the closest one is a T-Mobile tower. Both Saba and I reached out to T-Mobile to see if they could help, but the company never responded. I also reached out to Android-maker Google and iPhone-making Apple to see if they could help. No luck. I called the Federal Communications Commission, the agency in charge of regulating wireless devices; they said this type of problem didn’t fall under their jurisdiction. It seems that shrugs are as contagious as yawns.

An oddity in Atlanta’s tech infrastructure is regularly disturbing two people’s lives. A screw-up in the unseen signals flying through the air means that police and strangers are knocking on their door on a regular basis and there’s nothing obvious they can do to stop it. It’s enough to make you want to become an electrosensitive and move to the tech boonies.

“We rely on these tools and this data but we do so blindly,” said Westin. “Technology is not perfect. Law enforcement can rely on it and be wrong.”

Westin cites examples of an innocent person being charged for downloading child porn because a neighbor used his WiFi and police raiding the wrong home based on an IP address. “One piece of info is not enough to convict,” he said. “This is why you need multiple pieces of electronic evidence.”

Don Lekei of Help-My-Tech thought the problem might be that the phones were being located based on WiFi or IP address mapping. If the apps are using a WiFi map, Lekei said by email that the couple’s router could be causing the problem; if misconfigured, it could be broadcasting that it’s a different location than it actually is. Michael Saba said that at one point he reset their router, and changed the frequency at which it broadcasts; it didn’t solve the problem.

Jonathan Zdziarski, an iPhone forensics expert, first joked that their neighbors might be running a stolen device racket. Then he said he thought WiFi mapping could be to blame. He said via Twitter that it’s possible the find-my-phone apps all rely on the same WiFi mapping data—maybe all licensed from the same company— and that the company “could have had bad data in the database, either someone using the same MAC address at a different location or just bad GPS data.” Saba says that after this started happening that he registered the correct address for their WiFi network with Skyhook, but it didn’t solve the problem.

“There are probably a lot of things that could go wrong here but I’d have to have the phones to actually figure it out,” Zdziarski said via Twitter. But the phones, of course, are missing.

The most frustrating thing for Saba and Lee is that there’s no definite answer for why it’s happening, no government agency willing to take ownership over the issue, and so no way to get it to stop. Since Lee’s parents own the house, “moving isn’t an option,” said Saba.

Upon the recommendation of people with whom I spoke, Saba and Lee plan to file a complaint with the FCC and with their senator.

“Public pressure is how stuff like this changes,” said Saba. “It sucks that it happens to us, but I hope our experience will lead to it not happening to anyone else.”
http://fusion.net/story/214995/find-...to-wrong-home/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

January 16th, January 9th, January 2nd, December 26th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 07:31 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)