P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 13-02-19, 07:16 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - February 16th, ’19

Since 2002































February 16th, 2019




'Stream-Ripping' Websites that let Music Fans Steal Songs from YouTube and Save them on their Computers and Phones are set to be Banned in Australia

• Australian music lovers may find it harder to steal songs from YouTube soon
• Punters have long been breaching copyright laws by using 'stream ripping' sites
• Popular streaming sites face being blocked as the case heads to the courts

Kelsey Wilkie

Websites dedicated to 'ripping' songs from YouTube to be played from phones and computers could soon be blocked in Australia as industry insiders head to the court.

Crafty music-lovers have long been breaching copyright laws by using websites to download songs from YouTube that convert files to MP3 – allowing them to listen to the music at any time free of charge.

However, a crackdown is coming to Australian listeners and may see the sites banned for good.

Music Rights Australia general manager Vanessa Hutley told news.com.au is part of the industry group coordinating the action, which is currently before the federal court.

The case is targeting three offshore sites; convert2mp3.new, 2conv.com and flvto.biz.

Ms Hutley said that while there were a lot of 'stream-ripping' sites, the group was focusing on the more serious ones.

'These cases, they're not cheap to bring. What we're trying to do is use these cases to create the maximum impact to benefit local musicians and creators.

'The nature of these sites, because you don't know where they are you can't file cases all around the world, so the legislation was created to address the worst of the worst types of illegal sites.'

Site blocking laws, which were introduced in Australia in 2015, give local rights holders the power to take legal action against sites that facilitate infringement copyright.

The music industry took a massive hit when file-sharing site became mainstream.

However, the industry has seen a massive turn around in recent year's thanks in large part to paid streaming services such as Spotify and Apple Music.

The case will be heard in the Federal Court on April 3.
https://www.dailymail.co.uk/news/art...Australia.html





Identity Theft New Trend In Music Piracy

Music piracy has existed as long the music industry itself, but like every thing else in the biz, it's constantly changing and adapting. The most recent trend appears be impersonation, and has digital buccaneers pinging labels and publicists, claiming to be an artist or manager in order to access their music.
James Shotwell

Digital thieves are pirating music by pretending to be everyone from musicians to industry professionals.

Music piracy is as old as the music business. In the nineteenth century, bootleggers would sell sheet music that had been duplicated without the composer’s consent. The dawn of recorded sound brought a new wave of pirates, as did the start of the digital age.

Piracy, like the business itself, is always evolving. As soon as one method of thievery is dealt with it seems another appears. Companies such as Haulix work to limit the rate of piracy, often through watermarked materials and discreet music-sharing platforms, but even the best efforts have their limits.

Recently, a new wave of music pirates have begun accessing music through impersonation. Pirates will contact a label, publicist, or manager under the guise of being someone from a band or someone connected to that band. Most go as far as to create fake emails that appear legitimate at first glance. For example, someone trying to gain access to a new album from The Beatles may claim to be Ringo Star and use the email ringo.starr@gmail.com. Similarly, the may claim to be management and use an email like bandnamemgmt@gmail.com. From there, pirates distribute well-written emails claiming they need a copy of the artist’s latest work for business purposes, such as promotion or booking, and ask to be sent a copy through proper channels.

Whenever you receive emails from previously unknown emails, you need to verify the identity of the sender. Don’t let the fear of appearing not to know everyone connected to an artist or campaign prevent you from doing your due diligence. If you don’t recognize someone claiming to work with an artist you should ask the artist about that contact. If you speak with a person claiming to be part of a band you should ask their team if the information is correct. Nobody will be upset. Everyone would rather exchange a few extra calls or emails than risk losing money and attention due to an early leak.
https://www.hypebot.com/hypebot/2019...ic-piracy.html





More Proactive Action Needed to Fight Digital Piracy: Gobind
Bernama

PUTRAJAYA: The government has acknowledged that more proactive action is needed to fight digital piracy in the country, according to Communication and Multimedia Minister Gobind Singh Deo.

He said this was to ensure that Internet users and media consumers did not take the issue lightly as digital piracy had caused a huge blow to the Malaysian economy.

Speaking at the Kuala Lumpur Digital Content Anti-Piracy Summit here, Gobind said Internet users in Malaysia downloaded a whopping 84 million content files comprising movies and TV shows from BitTorrent last year.

According to Irdeto, a digital platform security company, Malaysia recorded the second largest share of content piracy in Southeast Asia at 17% in 2016, he said.

“Another study found that the number of visits to websites carrying pirated content is twice the number of visits to websites with legitimate content,” he added.

The minister said these illegal activities had caused the entertainment and media industry to have RM1.05 billion in loss of revenue and the government RM157 million in the loss of taxes along with 1,900 job losses.

“Therefore, unless firm action is taken against the perpetrators, these figures are expected to grow on a yearly basis, and we are aware that the creative content industry players have been restless for a support system to strengthen their fight against digital piracy,” he said.

According to Gobind, intellectual property and copyrights were blatantly disregarded when the content was exploited and misused online without due credit to the creators.

He said the issue had worsened considerably with the emergence of illicit streaming devices (ISD) in the market.

“The Internet has further intensified content piracy where consumers can also be suppliers of content that do not belong to them, as in the case of peer-to-peer networks.

“The motivation behind pirating is not necessarily for profit but to gain recognition in peer groups, or reciprocating free access to other users, or be rewarded with better services as heavy up-loaders,” the minister explained.

Since the reproduction and delivery of pirated content costs little to nothing, the practice was sustainable and widespread, he said.

Therefore, Gobind urged for collective support and involvement of relevant law enforcement agencies, industry players, Internet service providers and consumer associations to ensure sustainable and continuous efforts were being carried out to curb digital piracy.

The one-day summit was organised by the Malaysian Communications and Multimedia Commission (MCMC) in collaboration with the Coalition Against Piracy (CAP) and the Asia Video Industry Association (AVIA).

Some 1,000 local and international participants exchanged their views, best practices, and guidelines on how to curb digital piracy together at the summit.

Also present was MCMC chairman Al-Ishsal Ishak.
https://www.thesundaily.my/local/mor...obind-EX527327





Japan to Make Unauthorized Downloads of All Copyrighted Work Illegal

Japan will make it illegal to download without permission of copyright holders all works including manga, computer games and literary writings, as a government panel adopted the policy on Wednesday.

In a report to the Cultural Affairs Agency, the panel called for broadening the scope of illegal downloads, currently restricted to videos and music, to all copyrighted materials. However, to what extent the actions will be punished was open for future discussions as concerns grew over restraints on internet users.

The report also proposed punishing operators of "leech sites" that list hyperlinks to piracy websites.

The agency plans to submit a bill to amend the copyright law and reflect tighter controls to the ongoing regular Diet session.

The panel indicated the need to crack down on piracy websites as damage to copyright holders has been on the rise. But it sought a cautious approach in penalizing unauthorized downloads in view of adverse effects on people's lives and freedom of expression.

A panel member has suggested some images such as those containing texts are sometimes collected as part of intellectual activities. Another member said it is difficult to discern the difference between legal and illegal contents available online.

The report said only serious offenses should be punished, such as copying the whole work and repeating illegal downloads.

It recommended that violators should face imprisonment of up to two years or a fine of up to 2 million yen ($18,100) or both, and perpetrators could be indicted only if criminal complaints are filed by victims.

As for leech sites, the paper called for making it a criminal offense to operate the websites and provide hyperlinks to pirated materials.

Damage caused to publishers by a Japanese piracy site called Mangamura, which became inaccessible last April, was estimated at about 300 billion yen. The website, which once had over 100 million hits a month, hosted unauthorized copies of popular manga titles, including "Attack on Titan" and "One Piece."
http://mainichi.jp/english/articles/...0m/0dm/088000c





The Wandering Earth is Such a Hit It’s Being Pirated Like Crazy in China
Adi Tantimedh

The Wandering Earth is China’s biggest Chinese New Year hit movie right now, having earned over US$300 million in its first five days. Chinese social media is all abuzz about the movie. Author Liu Cixin has the status of both Isaac Asimov and Arthur C. Clarke combined in the Chinese Science Fiction scene. The movie has been hailed as a breakthrough, the first Chinese Science Fiction blockbuster, China showing it can play in the same field as the Hollywood big boys.

And according to The South China Morning Post, Hong Kong’s English language newspaper, Chinese netizens and hackers are pirating the hell out of the movie.

To paraphrase Stan Lee (badly): “With great popularity comes great pirating.”

High-quality pirated copies of the movie have been flooding the internet in China and can be bought for as little as 1 Yuan, which is the equivalent of 15 cents US. The National Copyright Administration and the movie studio have been freaking out and playing whack-a-mole, getting the pirated copies of The Wandering Earth yanked off pirate websites as soon as they get posted.

Even then, the studio’s anti-piracy team leader Gong Ge’er has asked for the public’s help in alerting them to links for the movie so they can have them removed.

“In recent days, the staff of The Wandering Earth have not had time to celebrate the box office success, but have devoted almost all their energy to complaining to authorities about piracy and blocking pirated copies,” Gong said in a report from Beijing Youth Daily.

A high piracy number is the unfortunate proof of how popular a movie or TV show is. Here in the West, the most pirated shows have been Game of Thrones, Doctor Who, The Walking Dead and Star Trek: Discovery. Unlike TV shows, which are already paid for by advertising revenue, popular movies getting pirated eats into the box office earnings of the movie, since people who grab copies of the movie from the internet don’t pay for tickets that help the movies earn back their budgets. Digital pirate copies of The Wandering Earth are currently being sold in China either on their own or as a bundle with pirated copies of other current Chinese New Year blockbuster releases for the equivalent of just a few dollars as download files or burned to DVD.

This is alarming for the Chinese Film Industry as people going to the movies this year over the Chinese New Year holidays dropped from 145 million last year to 123 million this year. The Wandering Earth’s surprise box office rise in just a few years has helped boost the overall Chinese box office earnings, but if piracy persists, the studios fear that this could end up costing the industry billions.

It was piracy that crippled the Hong Kong Film Industry, from which it still hasn’t completely recovered. Now that China is in a high-stakes playing field of massive big-budget blockbusters, they have to worry about piracy putting a dent in the confidence of financiers and studios in how much they can earn back their investment if they pour tens of millions into a movie’s budget when it’s going to get pirated and downloaded by millions of people in China alone. The industry thinks they’ve finally cracked how to make homegrown Science Fiction blockbusters for a hungry market, but now they have to worry that piracy might strangle a new burgeoning market in the cradle.
https://www.bleedingcool.com/2019/02...earth-pirated/





SpaceX Seeks FCC Approval for up to 1M Starlink Satellite Earth Stations
Alan Boyle

SpaceX has opened a new window into its ambitious plans for a global satellite broadband data network, thanks to an earth-station license application filed with the Federal Communications Commission.

The application, filed on behalf of a sister company called SpaceX Services, seeks blanket approval for up to a million earth stations that would be used by customers of the Starlink satellite internet service. The stations would rely on a flat-panel, phased-array system to transmit and receive signals in the Ku-band to and from the Starlink constellation.

Those satellites have already received clearance from the FCC, and SpaceX plans to launch the first elements of the initial 4,425-satellite constellation this year, using Falcon 9 rockets. The company sent up its first two experimental broadband satellites last year and has been tweaking its plans for Starlink as a result of those space-to-ground tests. Eventually, SpaceX wants to build up the network to take in as many as 12,000 satellites in low Earth orbit.

SpaceX’s facility in Redmond, Wash., is playing the lead role in developing the satellite system. Last year, the Redmond office went through a management shakeup aimed at accelerating progress on Starlink.

The application filed with the FCC on Feb. 1 focuses on the receiving end of the space-based service. “This application takes the next step by seeking authority for the end-user customers’ earth stations that incorporate advanced technologies to enable highly efficient use of the spectrum and enhance the customer’s broadband experience,” SpaceX executives say in their filing.

They say the system has been engineered “to achieve a high degree of flexibility to facilitate spectrum sharing with other authorized satellite and terrestrial systems.”

In a technical annex, SpaceX argues that licensing rules focusing on antenna performance standards shouldn’t apply to the planned earth stations, since the FCC has recognized that those standards may not be appropriate for satellite networks in low Earth orbit, as opposed to traditional satellites in geostationary Earth orbit.

The FCC hasn’t yet taken any action on SpaceX Services’ earth station licensing application, which relates to operations in the United States (including Alaska and Hawaii), plus Puerto Rico and the U.S. Virgin Islands. SpaceX says it’s not providing any comment beyond what’s in the application.

SpaceX CEO Elon Musk has said the Starlink project aims is to provide high-speed, reliable and affordable broadband data services to consumers in the U.S. and around the world, including an estimated 3.8 billion people who are underserved by existing networks. When he unveiled the project four years ago in Seattle, he said revenue from the internet service would pay for his vision of creating a city on Mars.

If SpaceX sticks to Musk’s timetable, Starlink could go live in the 2020 time frame.

SpaceX is currently in the throes of a $500 million financing round that’s aimed at giving a boost to Starlink as well as development of the company’s Starship super-rocket. In documents filed with the Securities and Exchange Commission today, the Scottish investment firm Baillie Gifford confirmed that it was increasing its stake in SpaceX as part of the investment round.

A million earth stations may sound like a lot, but it pales in comparison with Dish’s subscriber base of 10.3 million customers for its satellite-based Dish TV service.

Several other ventures are planning satellite constellations in low Earth orbit to provide global internet access, and signal interference could emerge as a critical issue in the licensing process for earth stations. SpaceX’s top rivals include the international OneWeb consortium, backed by Airbus, SoftBank and other high-profile players; and Telesat, Canada’s largest satellite company.

In a technical analysis conducted for last October’s International Astronautical Congress, MIT researchers said the limiting factor for SpaceX’s satellite service would be the ground segment, “as they need to deploy a very large number of ground stations and gateways to operate at full power.” The researchers said Telesat had the most effective system in terms of bandwidth per satellite.
https://www.geekwire.com/2019/spacex...arth-stations/





83% Of Consumers Believe Personalized Ads Are Morally Wrong, Survey Says
John Koetsier

A massive majority of consumers believe that using their data to personalize ads is unethical. And a further 76% believe that personalization to create tailored newsfeeds -- precisely what Facebook, Twitter, and other social applications do every day -- is unethical.

At least, that's what they say on surveys.

RSA surveyed 6,000 adults in Europe and America to evaluate how our attitudes are changing towards data, privacy, and personalization. The results don't look good for surveillance capitalism, or for the free services we rely on every day for social networking, news, and information-finding.

"Less than half (48 percent) of consumers believe there are ethical ways companies can use their data," RSA, a fraud prevention and security company, said when releasing the survey results.

Oh, and when a company gets hacked?

Consumers blame the company, not the hacker, the report says.

The challenging thing about the report, of course, is that if so many people feel so strongly about their privacy, their data, and its use in the personalization of ads, social feeds, and news results ... why do they continue to use services that do precisely that?

From a European perspective, the answer might be that they actually lack choice.

That's exactly what the president of Germany's antitrust regulatory body said about Facebook earlier this week, arguing that if the only choice is between using a dominant social network by surrendering data or not being able to use the social network at all, that's not a real choice.

"In such a difficult situation the user’s choice cannot be referred to as voluntary consent,” said Germany’s Federal Cartel Office president Andreas Mundt.

Whether or not that's true, Europeans certainly are more cautious with their data than Americans.

"In the months of the GDPR being implemented, German attitudes shifted in favor of stricter data privacy expectations, with 42 percent wanting to protect location data in 2018 versus only 29 percent in 2017," says RSA.

In the U.S., 60% of adults agree that there are ethical ways companies can use their personal information. In Germany, only 43% agreed. Other European nations are fairly similar to Germany, with the equivalent number being 48% in the U.K. and 45% in France.

Of course, personalization is not the only way to tailor ads to people.

While personalized ads use data about people to determine which ads to show in an app or on a website, contextualized ads use data about the content in which they are embedded to infer insights about audience likes and interests. Some industry experts, including the "Ad Contrarian," believe that personalized ads are actually not more effective. It may well be that today's digital giants will have to return to some level of contextualization in lieu of personalization.

Wherever that debate goes, all this shift in consumer perceptions adds up to a new standard of doing business in the digital era, RSA says:

"Companies must acknowledge and protect consumers’ right to privacy while considering the impact of emerging technology," the report reads. "By so doing, they can forge deeper connections with customers to grow their business while addressing very real concerns about data protection and privacy."
https://www.forbes.com/sites/johnkoe...ng-survey-says





Netflix Has Saved Every Choice You’ve Ever Made in ‘Black Mirror: Bandersnatch'

A tech policy researcher used GDPR to request information about all of his choices from Netflix.
Matthew Gault

When you gaze into Black Mirror’s Bandersnatch, it also gazes into you. It’s no secret that Netflix tracks what its users watch and how long they watch it, but Bandersnatch gave Netflix a unique opportunity to let the streaming giant learn what its users wanted in real time. Some people even speculated that Bandersnatch was largely a data-harvesting operation.

Michael Veale, a technology policy researcher at University College London, wanted to know what data Netflix was collecting from Bandersnatch. “People had been speculating a lot on Twitter about Netflix's motivations,” Veale told me in an email. “I thought it would be a fun test to show people how you can use data protection law to ask real questions you have.”

The law Veale used is Europe’s General Data Protection Regulation (GDPR). The GDPR granted EU citizens a right to access—anyone can request a wealth of information from a company collecting data. Users can formally request a company such as Netflix tell them the reason its collecting data, the categories they’re sorting data into, third parties it’s sharing the data with, and other information.

Veale used this right of access to ask Netflix questions about Bandersnatch and revealed the answers in a Twitter thread. He found that Netflix is tracking the decisions its users make (which makes sense considering how the film works), and that it is keeping those decisions long after a user has finished the film. It is also stores aggregated forms of the users choice to “help [Netflix] determine how to improve this model of storytelling in the context of a show or movie,” the company said in its email response to him. The .csv and PDF files displayed Veale’s journey through Bandersnatch, every choice displayed in a long line for him to see.

Veale told me that requesting the data was as easy as sending Netflix an email, but the specifics of getting the information he want were complicated. The GDPR right to access request works a lot like America’s Freedom of Information Act requests—the applicant needs to be very specific to get what they want. After sending along a copy of his passport to prove his identity, Veale got the answers he wanted from Netflix via email and—in a separate email—a link to a website where he downloaded an encrypted version of his data. He had to use a Netflix-provided key to unlock the data, which came in the form of a .csv file and a PDF.

“It was tricky, as I had to ask these questions specifically,” Veale told me in an email. “It's unclear if this is included by default in requests to get your data from Netflix or not—I can tell you often this kind of specific data is not included when you ask for 'all your data.’ Knowing what 'all your data' is, and what the company's definition of 'all your data' does not include, is most of the challenge.”

Veale also said it’s possible the only reason Netflix played so nice with him is because he’s a public figure known for using GDPR to get data out of big tech companies. Colleagues doing similar studies “just got told to get lost, or even had their accounts deleted for being troublemakers” by other companies, he said.

Veale is concerned by what he learned. Netflix didn’t tell Veale how long it keeps the data and what the long term deletion plans are.

“They claim they're doing the processing as it's 'necessary' for performing the contract between me and Netflix,” Veale told me. “Is storing that data against my account really 'necessary'? They clearly haven't delinked it or anonymised it, as I've got access to it long after I watched the show. If you asked me, they should really be using consent (which you should be able to refuse) or legitimate interests (meaning you can object to it) instead.”

Ultimately, Bandersnatch may seem safe, but what data Netflix scraped from its viewings, how that data is stored, and for how long are all questions users deserve to know. And training ourselves to ask questions of companies like Netflix also trains us to ask the same of companies like Facebook and Google.

“I'm hoping it inspires people to reach to their rights in situations like these, and to normalise them,” Veale said. “When companies get more and more requests, they'll have to streamline them for the sake of economising, and that in turn will benefit all users.”
https://motherboard.vice.com/en_us/a...r-bandersnatch





California Governor Proposes Digital Dividend Aimed at Big Tech
Kartikay Mehrotra

• Alphabet, Facebook shares give up some gains after comments
• Newsom also praises tough California data-privacy law

California Governor Gavin Newsom proposed a “digital dividend” that would let consumers share in the billions of dollars made by technology companies in the most populous U.S. state.

In his “State of the State” speech on Tuesday, Newsom said California is proud to be home to tech firms. But he said companies that make billions of dollars “collecting, curating and monetizing our personal data have a duty to protect it. Consumers have a right to know and control how their data is being used.”

He went further by suggesting the companies share some of those profits, joining other politicians calling for higher levies on the wealthy in U.S. society.

“California’s consumers should also be able to share in the wealth that is created from their data,” Newsom said. “And so I’ve asked my team to develop a proposal for a new data dividend for Californians, because we recognize that data has value and it belongs to you.”

Newsom didn’t describe what form the dividend might take, although he said “we can do something bold in this space.” He also praised a tough California data-privacy law that will kick in next year.

The world’s largest internet advertising companies, including Alphabet Inc.’s Google and Facebook Inc. are based in California. Google made more than $30 billion last year, while Facebook earned over $22 billion.

Alphabet shares gave up some gains in New York trading, while Facebook turned negative, following Newsom’s comments. Representatives of the companies didn’t immediately respond to requests for comment.

Privacy advocacy groups lauded the governor’s announcement while calling for full consumer transparency about how their data is being used and how much it’s worth to companies profiting from users’ online browsing patterns.

“While platforms are fast and loose with consumer data, they are not so willing to share what they are doing with the data or how much they are profiting,” said James Steyer, founder of Common Sense Media, which played a central role in drafting and passing the California Consumer Privacy Act in 2018.

“We fully support the governor’s data dividend proposal and expect to introduce legislation that reflects that in the coming weeks.”

— With assistance by Romy Varghese
https://www.bloomberg.com/news/artic...eting-big-tech





The Text of Article 13 and the EU Copyright Directive has just been Finalised
Julia Reda

In the evening of February 13, negotiators from the European Parliament and the Council concluded the trilogue negotiations with a final text for the new EU Copyright Directive.

For two years we’ve debated different drafts and versions of the controversial Articles 11 and 13. Now, there is no more ambiguity: This law will fundamentally change the internet as we know it – if it is adopted in the upcoming final vote. But we can still prevent that!

Read on for details about the text, how we got here and what to do now:

Closed-door trilogue negotiations have concluded.

What’s in the EU Copyright Directive

Please click the links to take a look at the final wording of Article 11 and Article 13. Here’s my summary:

Article 13: Upload filters

Parliament negotiator Axel Voss accepted the deal between France and Germany I laid out in a recent blog post:

• Commercial sites and apps where users can post material must make “best efforts” to preemptively buy licences for anything that users may possibly upload – that is: all copyrighted content in the world. An impossible feat.
• In addition, all but very few sites (those both tiny and very new) will need to do everything in their power to prevent anything from ever going online that may be an unauthorised copy of a work that a rightsholder has registered with the platform. They will have no choice but to deploy upload filters, which are by their nature both expensive and error-prone.
• Should a court ever find their licensing or filtering efforts not fierce enough, sites are directly liable for infringements as if they had committed them themselves. This massive threat will lead platforms to over-comply with these rules to stay on the safe side, further worsening the impact on our freedom of speech.

Article 11

Article 11: The “link tax”

The final version of this extra copyright for news sites closely resembles the version that already failed in Germany – only this time not limited to search engines and news aggregators, meaning it will do damage to a lot more websites.

• Reproducing more than “single words or very short extracts” of news stories will require a licence. That will likely cover many of the snippets commonly shown alongside links today in order to give you an idea of what they lead to. We will have to wait and see how courts interpret what “very short” means in practice – until then, hyperlinking (with snippets) will be mired in legal uncertainty.
• No exceptions are made even for services run by individuals, small companies or non-profits, which probably includes any monetised blogs or websites.

Other provisions

The project to allow Europeans to conduct Text and Data Mining, crucial for modern research and the development of artificial intelligence, has been obstructed with too many caveats and requirements. Rightholders can opt out of having their works datamined by anyone except research organisations.

Authors’ rights: The Parliament’s proposal that authors should have a right to proportionate remuneration has been severely watered down: Total buy-out contracts will continue to be the norm.

Minor improvements for access to cultural heritage: Libraries will be able to publish out-of-commerce works online and museums will no longer be able to claim copyright on photographs of centuries-old paintings.

* * *

How we got here

The history of this law is a shameful one. From the very beginning, the purpose of Articles 11 and 13 was never to solve clearly-defined issues in copyright law with well-assessed measures, but to serve powerful special interests, with hardly any concern for the collateral damage caused.

In the relentless pursuit of this goal, concerns by independent academics, fundamental rights defenders, independent publishers, startups and many others were ignored. At times, confusion was spread about crystal-clear contrary evidence. Parliament negotiator Axel Voss defamed the unprecedented protest of millions of internet users as “built on lies”.

In his conservative EPP group, the driving force behind this law, dissenters were marginalised. The work of their initially-appointed representative was thrown out after the conclusions she reached were too sensible. Mr Voss then voted so blindly in favour of any and all restrictive measures that he was caught by surprise by some of the nonsense he had gotten approved. His party, the German CDU/CSU, nonchalantly violated the coalition agreement they had signed (which rejected upload filters), paying no mind to their own minister for digital issues.

It took efforts equally herculean and sisyphean across party lines to prevent the text from turning out even worse than it now is.

In the end, a closed-door horse trade between France and Germany was enough to outweigh the objections… so far.

What’s important to note, though: It’s not “the EU” in general that is to blame – but those who put special interests above fundamental rights who currently hold considerable power. You can change that at the polls! The anti-EU far right is trying to seize this opportunity to promote their narrow-minded nationalist agenda – when in fact without the persistent support of the far-right ENF Group (dominated by the Rassemblement/Front National) the law could have been stopped in the crucial Legal Affairs Committee and in general would not be as extreme as it is today.

* * *

We can still stop this law

The Parliament and Council negotiators who agreed on the final text now return to their institutions seeking approval of the result. If it passes both votes unchanged, it becomes EU law, which member states are forced to implement into national law.

In both bodies, there is resistance.

The Parliament’s process starts with the approval by the Legal Affairs Committee – which is likely to be given on Monday, February 18.

Next, at a date to be announced, the EU member state governments will vote in the Council. The law can be stopped here either by 13 member state governments or by any number of governments who together represent 35% of the EU population (calculator). Last time, 8 countries representing 27% of the population were opposed. Either a large country like Germany or several small ones would need to change their minds: This is the less likely way to stop it.

Our best bet: The final vote in the plenary of the European Parliament, when all 751 MEPs, directly elected to represent the people, have a vote. This will take place either between March 25 and 28, on April 4 or between April 15 and 18. We’ve already demonstrated last July that a majority against a bad copyright proposal is achievable.

The plenary can vote to kill the bill – or to make changes, like removing Articles 11 and 13. In the latter case, it’s up to the Council to decide whether to accept these changes (the Directive then becomes law without these articles) or to shelve the project until after the EU elections in May, which will reshuffle all the cards.

This is where you come in

The final Parliament vote will happen mere weeks before the EU elections. Most MEPs – and certainly all parties – are going to be seeking reelection. Articles 11 and 13 will be defeated if enough voters make these issues relevant to the campaigns. (Here’s how to vote in the EU elections – change the language to one of your country’s official ones for specific information)

It is up to you to make clear to your representatives: Their vote on whether to break the internet with Articles 11 and 13 will make or break your vote in the EU elections. Be insistent – but please always stay polite.

• Look up your representatives’ voting behavior at SaveYourInternet.eu
• Call or visit your MEPs’ offices (in Brussels, Strasbourg or their local constituency)
• Visit campaign and party events and bring up the topic
• Sign the record-breaking petition and spread the word, if you haven’t yet

Together, we can still stop this law.
https://juliareda.eu/2019/02/eu-copyright-final-text/





Android Phones Can be Hacked Remotely by Viewing Malicious PNG Image

Android users are being told to patch their Android OS Nougat (7.0), Oreo (8.0) and Pie (9.0) as soon as updates are available after a bug related to PNG images was found.
Ms. Smith

Your Android could be pwned by simply viewing an innocent-looking image – be it from browsing the internet or an image received via text – according to the Android Security Bulletin issued this month. While this certainly doesn’t apply to all images, Google discovered that a maliciously crafted PNG image could be used to hijack a wide variety of Androids – those running Android Nougat (7.0), Oreo (8.0), and even the latest Android OS Pie (9.0).

The latest bulletin lists 42 vulnerabilities in total – 11 of which are rated as critical. The most severe critical flaw is in Framework; it “could enable a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process.”

Although Google had no report of the security flaws being actively exploited, it remains to be seen if and how long it will take before attackers use the flaw for real-world attacks. Android owners were urged to patch as soon as security updates becomes available. But let’s get real: Even if your Android still receives security updates, there’s no telling how long it will be (weeks or months) before manufacturers and carriers get it together to push out the patches.
https://www.csoonline.com/article/33...png-image.html





Researchers Use Intel SGX to Put Malware Beyond the Reach of Antivirus Software

Processor protects malware from attempts to inspect and analyze it.
Peter Bright

Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks.

The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave.

SGX has been promoted as a solution to a range of security concerns when a developer wants to protect code, data, or both, from prying eyes. For example, an SGX enclave running on a cloud platform could be used to run custom proprietary algorithms, such that even the cloud provider cannot determine what the algorithms are doing. On a client computer, the SGX enclave could be used in a similar way to enforce DRM (digital rights management) restrictions; the decryption process and decryption keys that the DRM used could be held within the enclave, making them unreadable to the rest of the system. There are biometric products on the market that use SGX enclaves for processing the biometric data and securely storing it such that it can't be tampered with.

SGX has been designed for this particular threat model: the enclave is trusted and contains something sensitive, but everything else (the application, the operating system, and even the hypervisor) is potentially hostile. While there have been attacks on this threat model (for example, improperly written SGX enclaves can be vulnerable to timing attacks or Meltdown-style attacks), it appears to be robust as long as certain best practices are followed.

Let’s ignore Intel’s threat model

The researchers are using that robustness for nefarious purposes and considering the question: what happens if it's the code in the enclave that's malicious? SGX by design will make it impossible for antimalware software to inspect or analyze the running malware. This would make it a promising place to put malicious code. However, code in an enclave is quite restricted. In particular, it has no provision to make operating system calls; it can't open files, read data from disk, or write to disk. All of those things have to be performed from outside the enclave. As such, naively it would appear that a hypothetical SGX-based ransomware application would need considerable code outside the SGX enclave: the pieces to enumerate all your documents, read them, and overwrite them with their encrypted versions would not be protected. Only the encryption operation itself would occur within the enclave.

The enclave code does, however, have the ability to read and write anywhere in the unencrypted process memory; while nothing from outside the enclave can look inside, anything inside the enclave is free to look outside. The researchers used this ability to scan through the process' memory and find the information needed to construct a return oriented programming (ROP) payload to run code of their choosing. This chains together little fragments of executable code that are part of the host application to do things that the host application didn't intend.

Some trickery was needed to perform this reading and writing. If the enclave code tries to read unallocated memory or write to memory that's unallocated or read-only, the usual behavior is for an exception to be generated and for the processor to switch out of the enclave to handle the exception. This would make scanning the host's memory impossible, because once the exception happened, the malicious enclave would no longer be running, and in all likelihood the program would crash. To cope with this, the researchers revisited a technique that was also found to be useful in the Meltdown attack: they used another Intel processor feature, the Transactional Synchronization eXtensions (TSX).

TSX provides a constrained form of transactional memory. Transactional memory allows a thread to modify a bunch of different memory locations and then publish those modifications in one single atomic update, such that other threads see either none of the modifications or all of the modifications, without being able to see any of the intermediate partially written stages. If a second thread tried to change the same memory while the first thread was making all its modifications, then the attempt to publish the modifications is aborted.

The intent of TSX is to make it easier to develop multithreaded data structures that don't use locks to protect their modifications; done correctly, these can be much faster than lock-based structures, especially under heavy load. But TSX has a side effect that's particularly convenient: attempts to read or write unallocated or unwriteable memory from within a transaction don't generate exceptions. Instead, they just abort the transaction. Critically, this transaction abort doesn't leave the enclave; instead, it's handled within the enclave.

This gives the malicious enclave all it needs to do its dirty work. It scans the memory of the host process to find the components for its ROP payload and somewhere to write that payload, then redirects the processor to run that payload. Typically the payload would do something such as mark a section of memory as being executable, so the malware can put its own set of supporting functions—for example, ransomware needs to list files, open them, read them, and then overwrite them—somewhere that it can access. The critical encryption happens within the enclave, making it impossible to extract the encryption key or even analyze the malware to find out what algorithm it's using to encrypt the data.

Signed, sealed, and delivered

The processor won't load any old code into an enclave. Enclave developers need a "commercial agreement" with Intel to develop enclaves. Under this agreement, Intel blesses a code-signing certificate belonging to the developer and adds this to a whitelist. A special Intel-developed enclave (which is implicitly trusted by the processor) then inspects each piece of code as it's loaded to ensure that it was signed by one of the whitelisted certificates. A malware developer might not want to enter into such an agreement with Intel, and the terms of the agreement expressly prohibit the development of SGX malware, though one might question the value of this restriction.

This could be subverted, however, by writing an enclave that loaded a payload from disk and then executed that; the loader would need a whitelisted signature, but payload wouldn't. This approach is useful anyway, because while enclave code runs in encrypted memory, the enclave libraries stored on disk aren't themselves encrypted. With dynamic loading, the on-disk payload could be encrypted and only decrypted once loaded into the enclave. The loader itself wouldn't be malicious, giving some amount of plausible deniability that anything nefarious was intended. Indeed, an enclave could be entirely benign but contain exploitable flaws that allow attackers to inject their malicious code inside; SGX doesn't protect against plain-old coding errors.

This particular aspect of SGX has been widely criticized, as it makes Intel a gatekeeper of sorts for all SGX applications. Accordingly, second-generation SGX systems (which includes certain processors branded eighth-generation or newer) relax this restriction, making it possible to start enclaves that aren't signed by Intel's whitelisted signers.

As such, the research shows that SGX can be used in a way that isn't really supposed to be possible: malware can reside within a protected enclave such that the unencrypted code of that malware is never exposed to the host operating system, including antivirus software. Further, the malware isn't constrained by the enclave: it can subvert the host application to access operating system APIs, opening the door to attacks such as ransomware-style encryption of a victim's files.

About that threat model...

The attack is esoteric, but as SGX becomes more commonplace, researchers are going to poke at it more and more and find ways of subverting and co-opting it. We saw similar things with the introduction of hardware virtualization support; that opened the door to a new breed of rootkit that could hide itself from the operating system, taking a valuable feature and using it for bad things.

Intel has been informed of the research, responding:

“Intel is aware of this research which is based upon assumptions that are outside the threat model for Intel® SGX. The value of Intel SGX is to execute code in a protected enclave; however, Intel SGX does not guarantee that the code executed in the enclave is from a trusted source. In all cases, we recommend utilizing programs, files, apps, and plugins from trusted sources. Protecting customers continues to be a critical priority for us, and we would like to thank Michael Schwarz, Samuel Weiser, and Daniel Gruss for their ongoing research and for working with Intel on coordinated vulnerability disclosure.”

In other words, as far as Intel is concerned, SGX is working as it should, protecting the enclave's contents from the rest of the system. If you run something nasty within the enclave, then the company makes no promises that bad things won't happen to your computer; SGX simply isn't designed to protect against that.

That may be so, but SGX gives developers some powerful capabilities they didn't have before. "How are bad guys going to mess with this?" is an obvious question to ask, because if it gives them some advantage, mess with it they will.
https://arstechnica.com/gadgets/2019...irus-software/





When Your Shared Netflix Account Outlasts The Relationship
Yuki Noguchi

A couple of years ago, Aleta Dignard-Fung got dumped by her boyfriend.

"It was a pretty bad breakup," says the 20-year-old graphic design student, who lives in Las Vegas.

Only later did she remember that he still had the password to her streaming music account.

"Part of getting over someone is being able to listen to your jams in the shower and maybe cry or something like that," says Dignard-Fung, who at the time was into Justin Bieber. "I'd just blast my music in the shower, and then it'd change and it'd start playing Bulgarian folk music because he's Bulgarian."

She jumped in and out of the shower, changing the music back as they continued battling for control, pushing each other off the shared account. "It was just kind of like the Spotify wars, and we'd just spend like 10 minutes trying to override each other's songs," Dignard-Fung says.

Breaking up is hard to do — made harder for some who share streaming music and video profiles.

The expression "Netflix and chill" isn't just code for date night. It speaks volumes about how closely relationships entwine with digital life. But unwinding these entanglements can get messy after a breakup. Some spurned lovers exact revenge by changing the password just as their ex reaches the climactic season finale.

Either way, it's not just love that is lost; it's also playlists, movie recommendations and passwords.

Accessing those accounts after a split can trigger sorrow and longing. Getting blocked by an ex has the ring of permanent goodbye, says Susan Winter, a relationship coach and author.

"Those are the last little pieces to crumble that signify, 'Oh, we really aren't connected anymore,' " Winter says.

Unless, of course, you remain connected but don't realize it, and your ex lurks around, incognito.

"I had a client who was trying desperately to get his ex back, and they shared an account on OpenTable," Winter says. "And even though they were separated, she never changed it, so he would track where she went to see if she was on a date."

Sometimes joint accounts on Netflix or Spotify far outlive the actual relationship.

Brenna Kutch, a 34-year-old human resource manager in Portland, Ore., says merging digital accounts signifies commitment for today's younger couples.

"We don't necessarily get married and have kids at 21 anymore, but we do combine all of our accounts and share passwords," she says.

A couple of years ago, Kutch shared her ex-boyfriend's Netflix password with her now spouse. She acknowledges it was odd, having her new love piggybacking off her ex and seeing his name every time they logged in.

But, Kutch says, breaking up with the old account wasn't easy. She couldn't remember which episodes of Archer and Bob's Burgers she'd already seen.

"I was too lazy to go through, make a spreadsheet, figure out what shows I was watching and which season and episode I was on for each one," she says. "You can't extract your profile. That's got to be a feature that they're coming up with at some point." (Netflix says it hasn't.)

So she lingered for months.

According to Magid, a media and entertainment strategy firm, 53 percent of adults 35 and younger use someone else's streaming-video accounts without paying. Jill Hill, a Magid executive vice president, says in about 5 percent of cases, they even use accounts of people they haven't dated or don't really know.

"This is like the story of the password sharing from the neighbor who got it from the neighbor who gave it to the neighbor," she says.

This is familiar territory for Charlotte Russell. She works as a barista in Philadelphia and has access to Hulu, Netflix and Spotify — all courtesy of other people.

One ex-boyfriend let her set up her own profile on his Spotify family plan. "And I'm still on it, and that was like two years ago," Russell says.

She even shared that music account with another man she dated. (She says he thought it was strange but went along with it.) Russell subsequently dated a woman in New York. They broke up last year, but she remains logged in to the woman's Netflix and Hulu accounts. "I think about it sometimes, like: When is this going to end?"

Russell sheepishly admits she's saving $30 a month using various borrowed accounts from people she's no longer dating. And it leads to some awkward moments.

"Last time I couldn't log in to it, I texted her and I was like, 'Hey, what's the Hulu password?' " Russell says. Her ex-girlfriend responded, "We're not dating anymore."

But then the ex immediately shared the password with Russell anyway.

Russell says that in a strange way, holding on to the passwords enables her to maintain connections with the people who've passed through her life. And besides, she says, now another one of her friends is using her ex's Hulu password.
https://text.npr.org/s.php?sId=693566073

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

February 9th, February 2nd, January 26th, January 19th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is online now   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 05:38 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)