P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 26-08-15, 07:33 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - August 29th, '15

Since 2002


































"What politicians say in public should be available to anyone." – Arjan El Fassed






































August 29th, 2015




Microsoft Wants to Block Pirated Content? Pirate Sites Ban Windows 10 Instead

iTS torrent tracker admins ban Windows 10 users, BB and FSC administrators thinking of doing the same
Catalin Cimpanu

The misunderstanding around Microsoft's Services Agreement is starting to trickle into the ordinary life of regular Internet users, with scared torrent tracker admins banning or thinking of banning Windows 10 users from their sites.

We aren't talking about The Pirate Bay, Kickass Torrents, RARBG, or ExtraTorrent here, but the small scene trackers which are so private that it takes 30 minutes of googling just to find what the site acronym stands for, what their URL is, and what the correct sign-up procedure is.

These trackers, along with the release scene, are where most pirated materials first get posted and spread online, and where privacy, security, and anonymity are very crucial factors, helping protect the identity of the people spreading the pirated material online.

If you've been away from your computer this past week, you've probably missed all the talk about Microsoft's new Windows 10 update procedures which, coupled with the company's Services Agreement could allow it to block pirated material and unauthorized hardware.

While the waters are still murky around this issue, with Microsoft staying silent around the topic, and with not a single complaint from one Windows 10 user screaming that he had his downloaded torrents whipped from their hard drive, some pirate tracker admins are already taking some steps to protect themselves, just in case.

iTS admins block users with Windows 10 from their tracker

The first ones to hit the alarm button were the iTS admins, which have started redirecting all Windows 10 users accessing their site to a YouTube video called: Windows 10 is a Tool to Spy on Everything You Do.

Additionally, a statement was sent out to users from which you can also read below:

"Hey there shadows! Many of you might have heard or read about the terrible privacy policy of windows 10 recently. Unfortunately Microsoft decided to revoke any kind of data protection and submit whatever they can gather to not only themselves but also others. One of those is one of the largest anti-piracy company called MarkMonitor.

"Amongst other things windows 10 sends the contents of your local disks directly to one of their servers. Obviously this goes way too far and is a serious threat to sites like ours which is why we had to take measures. Since last Thursday Windows 10 is officially banned from iTS. Members using it get redirected to a video that eggsplains the dangers quite in detail hoping to enlighten as many people as possible.

"Perhaps at some point special versions of Windows 10 will surface that would successfully wipe all those outrageous privacy violations but until then Windows 10 is not welcome here in the interest of this site and all iTS members."

FSC and BB admins are thinking of doing the same

Additionally, according to TorrentFreak, two other similar Dark Web torrent trackers are also considering following suit, with FSC and BB admins publicly expressing their concerns about the abysmal Windows 10 privacy settings.

"As we all know, Microsoft recently released Windows 10. You as a member should know, that we as a site are thinking about banning the OS from FSC," said one of the FSC staff.

Likewise, in a message to their users, a BB admin said something similar, "We have also found [Windows 10] will be gathering information on users’ P2P use to be shared with anti piracy group."

The anti-piracy group the pirate site admins are referring to is MarkMonitor, a US company that specializes in online corporate identity protection, one that is known to have worked with the MPAA in protecting its copyrighted materials, but one that has also worked with Microsoft in the past, to protect Windows users from online identity theft and scam campaigns.

The reaction of everyone involved is very similar to the Y2K debacle, and judging that Microsoft has worked with MarkMonitor in previous versions of Windows should tell you that the pirate site admins are overreacting a bit.

We certainly don't believe Microsoft is going to commit reputational suicide by messing with user files, may them be pirated or not. Let's not forget Windows 10 is an operating system, not our parents, and there's always Linux or Mac around the corner.
http://news.softpedia.com/news/micro...d-489827.shtml





At Long Last, Prenda Mastermind Hit with State Bar Complaint

Steele, charged with numerous frauds and deceits, could be banished from the law.
Joe Mullin

The Illinois Attorney Registration and Disciplinary Commission (ARDC) has filed a complaint against John Steele, one of two lawyers believed to be the masterminds behind the Prenda Law copyright-trolling scheme.

In the complaint, ARDC asks for a panel hearing and a disciplinary recommendation, which will be transmitted to the Illinois Supreme Court. That court has the power to suspend and disbar attorneys.

This amended complaint has become public more than two years after US District Judge Otis Wright blasted Steele and his Prenda colleagues, referring them to state bar investigators (as well as the IRS and Department of Justice.) But it's clear the Illinois investigation has been going on for some time, as it includes detailed information related to several of Prenda's best-known cases.

Steele is charged with repeatedly defrauding courts, charging ahead with discovery against Internet users when he shouldn't have, and blocking legitimate discovery efforts against him. He filed frivolous lawsuits and sent "shakedown letters... for purposes of extracting settlements," the Illinois ARDC contends.

The document explains how mystery LLCs were set up as St. Nevis-based owners of porn movie copyrights, then sued more than 15,000 defendants over the course of a course of eighteen months, between fall 2010 and February 2012. By 2012, none of the defendants had been served with process. Rather, Prenda just went far enough to get discovery against large numbers of Internet users, then threatened them by phone and mail. Demands ranged from $2,500 to $4,000 to avoid a lawsuit. "If you act promptly you will avoid being named as a Defendant," a typical letter concluded.

By late 2012, about 5,000 of the accused had paid up to Steele and his colleague Paul Hansmeier. It's unclear how much money they made, but the complaint states it's in the millions.

Hansmeier, a Minnesota attorney, isn't a subject of the ARDC complaint. Paul Duffy, the one lawyer officially affiliated with Prenda Law, is mentioned throughout the complaint, but Duffy passed away earlier this month.

Seven counts

Each of the seven counts is a significant chapter in the story of Prenda's unraveling. In most of the cases, Steele is accused of significant violations of Illinois attorney rules, including "conduct involving dishonesty, fraud, deceit, or misrepresentation."

First up is the Ingenuity 13 v. John Doe case, which led Prenda lawyers to US District Judge Otis Wright's Los Angeles courtroom. Wright was the first federal judge to slap significant sanctions on Steele and Hansmeier, and suggested they should be criminally investigated by the Department of Justice, as well as state bar authorities.

The "manager" of Ingenuity 13 was Steele's former housekeeper, Alan Cooper. He later testified his signature was forged on key documents. Steele is charged with misusing Cooper's identity, disobeying Judge Wright's order to stop the discovery process, "filing lawsuits without supporting facts," and failing to respond to "reasonable inquiries by the tribunal."

The second count involves Cooper's counter-suit against Steele, filed in early 2013. Cooper charged that Prenda and Steele had stolen his identity. At one point Steele agreed to pay $35,000 to end the lawsuit, but then stopped responding. He was found in default, and ordered to pay $5,000 in damages for humiliation of Cooper, and $250,000 in punitive damages. He never paid.

Count Three relates to Guava LLC v. Spencer Merkel, a bizarre anti-hacking case. Prenda lawyers demanded $3,400 from Merkel, but the defendant lived "below the poverty level in Oregon" and told Prenda he couldn't pay. They arranged for Merkel to get voluntarily sued so discovery could be granted against his "co-conspirators."

Steele, his colleague Paul Duffy, and Alpha Law (owned by Hansmeier) were ordered to pay nearly $64,000. They still haven't paid. A Minnesota appeals court recently clarified that Hansmeier is personally responsible for the sanction. Steele is charged with frivolous discovery requests, blowing off a hearing, and other violations of the Illinois Rules of Professional Conduct.

Count Four relates to one of Prenda's most bold moves, in Lightspeed Media v. Anthony Smith. In that case Prenda actually added AT&T and Comcast as defendants when the giant ISPs wouldn't cough up customer names fast enough. Smith, a 27-year-old nursing student in Illinois, started receiving shakedown letters asking him for $4,000 in order to avoid a lawsuit, and Prenda lawyers were determined to get customer information for 6,600 of Smith's downloading "co-conspirators."

The court ruled that Steele and Duffy were engaged in "abusive litigation…simply filing a lawsuit to do discovery to find out if you can sue somebody. That’s just utter nonsense."

This case resulted in a sanctions award of nearly $300,000 that was upheld by the US Court of Appeals for the Seventh Circuit. That sanction was paid for with a bond.

Count Five came about because Steele didn't pay the Smith sanctions award. When the banks that held their cash were subpoenaed, Duffy sent a court-stamped motion to quash to them, implying the subpoenas were on hold. They weren't. Steele is charged with not paying the sanction award, and dodging valid discovery requests.

Count Six relates Guava LLC v. Comcast, a "petition seeking discovery prior to filing suit," filed in St. Clair county, Illinois. Steele represented Guava, and his petition sought user information for 300 IP addresses. Despite Comcast's objections, the petition was granted. Several John Does appealed to a higher court, which sided with them and against Steele. Steele is accused of abusing the discovery process.

Finally, Count Seven relates to one of Prenda's most outrageous claims: that it was libeled and defamed by Alan Cooper and his attorney Paul Godfread. The predictable result: a $11,758.20 sanction award against Duffy and Steele. They didn't pay. Steele is charged with failing to comply with the orders of the judge who made the sanction order.

Steele didn't respond to requests for comment sent to his last known e-mail addresses.
http://arstechnica.com/tech-policy/2...bar-complaint/





PRS for Music Takes Legal Action Against SoundCloud Streaming Service

UK performing rights organisation says it has no choice but to sue music site for not paying songwriters royalties after ‘years of unsuccessful negotiations’
Helienne Lindvall

The British songwriters’ performing rights organisation PRS for Music is suing SoundCloud.

It is taking legal action against the streaming service for not paying songwriters royalties when their music is used on the site.

In an email to PRS members, obtained by the Guardian, Karen Buse, executive director for membership and international, explained: “After careful consideration, and following five years of unsuccessful negotiations, we now find ourselves in a situation where we have no alternative but to commence legal proceedings against the online music service SoundCloud.”

The move comes after a tumultuous year for the streaming service, which launched in 2008 and now has more than 175m users per month. SoundCloud operated without music licences until last year, when it indicated that it intends to launch a subscription service. Since then, the Warner Music Group and independent labels represented by Merlin agreed to licence the service in the US.

There are rumours that a licensing agreement with Universal Music is expected imminently, but Sony Music recently pulled all of its music from SoundCloud after negotiations stalled.

Record label licences, however, only cover the recordings, not the compositions or songs. Though the US National Music Publishers Association (NMPA) has licensed SoundCloud, so far the streaming service has no licences in place with any performing rights organisation. According to the email, Soundcloud denies that it even needs a licensing deal with PRS for streams within the UK and Europe.

Buse: “We have asked SoundCloud numerous times to recognise their responsibilities to take a licence to stop the infringement of our members’ copyrights but so far our requests have not been met. Therefore we now have no choice but to pursue the issue through the courts.”

SoundCloud’s lack of proper licensing has been a subject of criticism within the music industry for years. Last year, in an interview with the Musicians Union member magazine, the head of digital for the independent Beggars Group labels, Simon Wheeler, said: “We’ve talked to SoundCloud ever since it started, in its incredibly early days – 2008 was when I first spoke with Alex [Ljung, the co-founder]. We thought the technology was great, the idea was great, and the platform was great – but we absolutely disagreed with their approach to rights and licensing. So therefore, as a company policy we chose not to use them.”

Beggars Group labels include XL Recordings, whose artist roster includes Adele and Damon Albarn. “We’re thinking ‘do we want to enable a platform to have a free ride on our rights’,” Wheeler explained at the time. “And, actually, we’re delivering the publishing rights – not just the rights that we control. We’re thinking: what’s going to happen down the line? Do we want to make this into the new MTV, YouTube whatever the phrase is of this time?”

Beggars Group, represented by Merlin, appears to have finally come to an agreement on licensing, earlier this summer.

However, PRS’s latest legal action shows SoundCloud has yet to agree to a licence to pay songwriters.

“If the streaming market is to reach its true potential and offer a fair return for our members, organisations such as SoundCloud must pay for their use of our members’ music,” said Buse. “We believe that all digital services should obtain a licence which grants them permission to use our members’ music and repertoire, in this case the works of songwriters, publishers and composers.”

A SoundCloud spokesperson responded to the Guardian: “It is regrettable that PRS appears to be following this course of action in the midst of an active commercial negotiation with SoundCloud. We believe this approach does not serve the best interests of any of the parties involved, in particular the members of the PRS, many of whom are active users of our platform and who rely on it to share their work and communicate with their fanbase.”

“SoundCloud is a platform by creators, for creators. No one in the world is doing more to enable creators to build and connect with their audience while protecting the rights of creators, including PRS members. We are working hard to create a platform where all creators can be paid for their work, and already have deals in place with thousands of copyright owners, including record labels, publishers and independent artists.”

It’s still unclear if the legal action will result in SoundCloud removing all tracks written by PRS members from the service.
http://www.theguardian.com/technolog...nst-soundcloud





Inglewood Cannot Claim Copyright Over Council Videos, Judge Says
Angel Jennings

A federal judge found Thursday that YouTube videos using snippets of Inglewood City Council meetings do not violate copyright law, and dismissed an unusual lawsuit the city had filed against the resident who created the videos.

In a 21-page decision filed Thursday, federal Judge Michael Fitzgerald rejected Inglewood’s argument that six online videos created by Joseph Teixeira violate the copyright of the council meeting. He noted that California law bars cities from claiming ownership of council videos.

Even if Inglewood could hold a copyright, the judge said, Teixeira’s videos constitute fair use, adhering to provisions of the law that allow broad rights to use copyrighted material without permission for purposes such as criticism, news reporting or teaching.

Some legal experts had characterized the lawsuit as a flagrant effort to silence Teixeira, who had used the videos to blast Inglewood and its mayor for policies and actions he disagreed with.

The judge granted Teixeira’s motion to dismiss, leaving no possibility for the city to revise and refile the case in district court.

“Any amendment by the city would be futile,” the judge said in the decision.

The city could still appeal to the U.S. Court of Appeals for the Ninth Circuit, which could take years before a judge hears the case.

Using a MacBook laptop, Teixeira taught himself to upload meeting videos to iMovie. He added text and narration to lambaste Inglewood Mayor James T. Butts Jr. The rookie producer distributed the DVDs at no charge. Later, he posted his work to YouTube.

The legal wrangling over the videos began in November, when Teixeira received a cease-and-desist order from Inglewood attorneys threatening to sue if he kept the videos online.

The 54-year-old self-styled watchdog and Inglewood resident refused to take down the videos, so the city set aside $50,000 for legal fees and in March filed suit, saying Teixeira's videos have caused it "irreparable harm and damages."

The city was seeking unspecified "actual damages stemming from the defendant's unauthorized exploitation of the city's copyrighted videos,” and lawyer’s fees, according to the nine-page complaint filed by Inglewood's attorney, JoAnna M. Esty, in U.S. District Court for the Central District of California.

Dan Laidman, Teixeira’s lawyer, said he is planning to seek recovery of fees for his services.

The judge struck down the city’s request for attorney's fees in the decision.

Eugene Volokh, a law professor at UCLA Law School, followed the case closely and said it’s likely the Inglewood will have to pay Teixeira’s lawyer. He thought the lawsuit was dubious from the start.

“What’s the justification to file a lawsuit that is so clearly a loser with really no benefit... but to protect the reputation of city officials whom the videos are criticizing?”

In a statement, Butts said: "We accept the ruling and will proceed according to the guidelines of the court.”
http://www.latimes.com/local/lanow/l...821-story.html





European Publishers Play Lobbying Role Against Google
Mark Scott and Nicola Clark

In private sessions this summer, giant publishers and media companies from Germany, France and elsewhere have met with European officials about proposals to regulate Europe’s digital economy. The discussions have covered a broad range of contentious issues, according to public disclosures and several people who attended or were briefed on the meetings. Central to almost all of them has been limiting the reach of a single American company: Google.

The company has a long list of detractors crying foul about how it operates in Europe, including rivals like Microsoft and Yelp. But as Europeans take a lead globally in regulating the Internet and containing American tech companies, the Continent’s old media — influential newspaper and magazine publishers — are emerging as one of Google’s most persistent adversaries.

With Google attracting attention and ad revenue that once funneled to publishers, the goal is clear: Find ways to make more money, by strengthening copyright rules and limiting Google’s power as an advertising platform.

The biggest American tech companies face intensifying scrutiny by European regulators, with — pressure that could potentially curb their sizable profits in the region and affect how they operate around the world.

The publishers, including Axel Springer of Germany and Lagardère of France, arguably have the most to lose from the dominance of Google and other West Coast companies, as they look for revenue on the web to replace losses in print. Some of the publishers, in an effort to buttress their business, have even turned to e-commerce and social networking — areas that have intensified the rivalry with Google and other tech companies.

“Where else can they go if print is dying?” asked Lucy Küng, a visiting fellow and specialist in digital transition at the Reuters Institute for the Study of Journalism at the University of Oxford.

The newspaper and magazine publishers first focused on Europe’s continuing antitrust investigation into whether Google favored its own services over those of rivals. They are now broadening their goals in ways that would further cramp Google’s reach, according to several industry executives and tech lobbyists, who spoke on the condition of anonymity because they were not authorized to speak publicly about the efforts.

“Newspapers help set the agenda, so politicians have to listen to them,” said Julia Reda, a German politician who helped shepherd recent digital copyright proposals through the European Parliament.

The push has awakened Google’s powerful lobbying apparatus, setting off a clash in Brussels and elsewhere in the region as the company tries to co-opt some of its media adversaries and hamstring more stubborn rivals.

Google and some other giant American tech companies already confront strong regulatory headwinds in Europe. Apple, Amazon and Facebook are all facing antitrust, tax and privacy investigations across the 28-member bloc. If Google is found to have broken the rules, it could face billions of dollars in fines.

Google formally responded on Thursday to the accusations, saying its search products did not harm online competition and providing data that the company said showed that rivals had not been harmed.

“We believe that Google increases choice for European consumers and offers valuable opportunities for businesses of all sizes,” Kent Walker, the company’s general counsel, wrote in a blog post.

In recent weeks, several trade associations, including the Federation of European Publishers, have met with Friedrich Wenzel Bulst, a top European antitrust official, and other regulators to also push for stricter, Europe-wide limits on how Google and others may use publishers’ online content. Many publishers are pushing the rules as part of an expected overhaul of copyright policy from Günther Oettinger, a European commissioner with ties to Germany’s publishing industry, by the end of the year.

If the rules are approved, Google may eventually have to pay newspaper and magazine groups whenever links to their content are shown on Google’s European aggregation sites. Similar copyright rules already have been passed in several European countries, but have so far backfired against the publishers. In Germany, Google removed many local organizations from its news service, which led to a drastic fall in online traffic to some newspapers’ sites. Local publishers eventually agreed to waive any potential charges.

“The argument is simple enough: Publishers want money from Google,” said Till Kreutzer, a German lawyer who has campaigned against these new copyright proposals. “Many European politicians are open to listening to that type of proposal.”

Over the last five years, print circulation for Europe’s newspaper industry has fallen a combined 21.3 percent, compared with 8.5 percent in the United States, according to the World Association of Newspapers and News Publishers, a trade body. The publishers have pushed to expand readership on computers and mobile devices. But because audiences in Europe are fragmented along national and linguistic borders, the potential is often limited.

“They can’t expand endlessly internationally because of the language issue,” Ms. Küng said of Europe’s publishers. “Just acquiring other assets with the same problems is really just compounding the problem. The issue is monetizing content.”

“They have followed the eyeballs and the wallets,” she added. “I don’t see it as inconsistent.”

The sums that publishers are spending to lobby against Google are unclear; disclosures about spending on lobbying in Europe are voluntary, leaving a weak money trail. According to official records, Axel Springer, a German publisher whose flagship Bild tabloid is the highest-circulation newspaper in Europe, spent up to $55,000 on Brussels-based lobbying last year; the European Publishers Council, a trade body with close ties to Axel Springer, spent up to $555,000.

Yet the effort is broad-based, involving written and personal appeals to European Union officials and national lawmakers by dozens of publishers’ groups from at least 20 countries, including Switzerland, which is not a member of the European Union, according to European officials who have either met with industry representatives or seen the correspondence. The moves go well beyond steps taken by American media outlets to contain Silicon Valley’s power.

“This is not about protecting the legacy business,” said Christoph Keese, executive vice president at Axel Springer and a vocal critic of Google. “It is about ensuring there is a level playing field and making sure that international companies respect European laws.”

Google has fought hard against the lobbying and investigations. The company tripled its spending on lobbying in Brussels last year, spending at least $4.8 million in 2014, according to its European disclosure report. Eric Schmidt, the company’s executive chairman, met with Margrethe Vestager, Europe’s top antitrust official, before her decision this year to bring formal antitrust charges. Other company officials have held meetings with national politicians to outline how Google can bolster countries’ often flagging economies, according to several government officials, who spoke on the condition of anonymity because they were not authorized to speak publicly.

Google has tried to woo magazine and newspaper groups, partly by creating a $172 million fund aimed at helping publishers adapt to the digital world. (The International New York Times, which is based in Paris, took part in a previous $65 million fund that Google created in France.) The company’s executives also regularly point out that Google sends millions of daily visitors to European newspapers and magazines through its online news aggregation service. Those links — which can represent up to half of a newspaper’s online traffic — generate much-needed online revenue for publishers.

“We recognize that technology companies and news organizations are part of the same information ecosystem,” David C. Drummond, Google’s senior vice president for corporate development, told an audience of media executives in Barcelona in June. “We are committed to playing our part.”

A Google spokesman declined to comment beyond Mr. Drummond’s remarks.

Newspaper groups and other publishing associations were some of the earliest supporters of the antitrust case against Google, the company’s most pressing issue in Europe. The more prominent antagonists, though, were Microsoft and other tech rivals, according to publishing executives and other company officials involved in the case.

That dynamic began to change early last year, when Joaquín Almunia, Europe’s competition chief at the time, signaled he was prepared to settle with Google, these people said. Google’s opponents looked for another avenue to press their case, leaning harder on their well-connected publishing allies for help.

Over the course of last summer, representatives from newspaper and magazine industries, as well as Brussels-based trade associations, met several times with Mr. Almunia and his staff to ask them to renounce the settlement, according to industry executives who were either present or briefed on those meetings.

“There were enormously long exchanges, and some pretty strong representations made” by top publishing industry executives to Mr. Almunia, said one lobbyist, who spoke on the condition of anonymity. “The companies felt they were being served a settlement that was actually going to be injurious to their business.”

The rift between publishers and Google became most public in April 2014 in an open letter by Mathias Döpfner, Axel Springer’s chief executive. Mr. Döpfner, writing to Mr. Schmidt of Google, criticized the tech company’s perceived dominance of many aspects of how people — and other companies — use online services.

“We are afraid of Google,” Mr. Döpfner said in his letter. “Our business relationship is that of the Goliath of Google to the David of Axel Springer.”

Even Rupert Murdoch’s News Corporation, whose European interests include the British newspapers The Times and The Sun and The Wall Street Journal Europe, joined the fray, urging the European Commission last fall to take action against Google, which it labeled a “platform for piracy.”

Europe’s publishers also took the fight to national capitals, industry executives said, asking governments to put pressure on Mr. Almunia to rethink the proposed settlement. By early September, Mr. Almunia officially rejected the settlement with Google after significant lobbying from both publishing groups and other companies connected to the case.

Mr. Almunia left the investigation to his successor, Ms. Vestager, who announced antitrust charges against Google in April. Many publishers backed the move, saying the company’s business model had limited online choice for consumers.

“Europe’s publishers are well organized, well connected and a really powerful lobby,” said Stefan Heumann, director of the European digital agenda program at the New Responsibility Foundation, a Berlin-based research organization. “Many of them are struggling to grasp the realities of the new digital world.”

Mark Scott reported from Berlin, and Nicola Clark from Paris.
http://www.nytimes.com/2015/08/29/te...st-google.html





This File Sharing App is Fast and Convenient, but Watch the Trade-Offs

Korean software startup Estmob has a file-transfer app that is fast, easy, and totally free. With no required logins or file size limits, the program can send files from any device, to any device, and on any major platform or web browser – features fitting for its name, Send Anywhere.

Since we featured the app last year, tech reviews have been gushing about its simplicity. It even won Tech in Asia’s inaugural Seoul pitch-off in May, earning the team a trip to Singapore.

All you need to transfer a file is the app and a six-digit number. After opening the program, a user clicks “send,” picks the files, and tells the receiver a simple numerical key that expires after 10 minutes. The receiver enters the key on his device, and the files transfer peer-to-peer in a snap, no matter their location or network. If they need more time, users can also get a 24-hour public link that briefly puts the file on Send Anywhere’s server, where it can be shared with anyone.

Co-founder and chief strategy officer Kang Su-hyuk tells Tech in Asia that Send Anywhere’s strengths are not only in its simplicity and speed, but also its security. Cloud storage is very vulnerable to hacks and subject to data loss, and even the simplest services require a login, which makes it risky and a headache to use on foreign devices, he says. Send Anywhere doesn’t worry much about data loss – instead, it promises to delete the files within 24 hours.

“Cloud-based services are open to these kind of risks. We believe that if you want to keep your privacy and your private content, people should not upload it to a server,” says Kang. “So maybe Send Anywhere can help you avoid the cloud.”

This strategy has earned it a fanhood of 1 million monthly active users in over 190 countries and a US$1 million backing from Rakuten. But is this app really that much easier and safer than the cloud?

That might depend on who you ask. One security expert tells Tech in Asia that a diligent hacker could clean out every file being transferred through Send Anywhere in 10 minutes.

He also says he was able to run several attacks on the program in less than that amount of time. After being blocked, all he did was switch browsers using the same IP address, meaning he could indefinitely keep carrying out attacks by opening new browser windows.

“From a very brief look, it is clear that either no one with security expertise has reviewed the product, or else the security people they [have] are completely clueless,” says Aviram Jenik, CEO of Silicon Valley-based cybersecurity firm Beyond Security. “If I was Jennifer Lawrence, I wouldn’t send my pictures through this service.”

Simple vs. secure

Jenik, who has worked in IT security for nearly 25 years, stresses that while Send Anywhere is a great business idea and praiseworthy for its ease of use, it’s a mistake for it to be branded as “secure.” (Disclosure: Jenik is a managing general partner of KOISRA Seed Partners, which invests in a Korean file-indexing startup called MyDrives.)

The program’s simplicity is a double-edged sword: Each file gets one six-digit identification number. Given that there are only 1 million possible combinations that are randomly generated and repeated, it would not be difficult to set up a botnet to guess them, Jenik explains.

And if a mega-corporation with 250,000 employees around the world deployed each of their desktop computers to input just four codes each (or if a hacker programmed them to do it for him), they could download every file from Send Anywhere’s servers instantaneously – that includes the 24-hour requests as well as any 10-minute requests that are relayed to a server during a delay in transfer.

This applies not just to hacking, but also to random error – an innocent user could accidentally download the wrong file by inputting the wrong key at the wrong time, Jenik says, stressing that this will be inevitable as the service scales.

“With 1 million combinations, even if we assume all codes expire in exactly 10 minutes, the best they can serve is 100,000 files a minute or 1,700 files per second. That’s a really low number – Dropbox has more than 10,000 uploads a second,” he notes. “Unless I’m missing something big here, I don’t understand why a company would want to limit the number of users it can handle.”

Jenik adds that prevention against brute-force checks is cookie-based. This means that when Send Anywhere’s cookie is created on the user’s device, a hacker can delete it and continue with the attacks. But since the protection is client-side – meaning it’s the user’s browser that prevents the attack, not the company’s server – there is no real protection to the server, he explains.

“[All of this] means I can easily automate the process and […] gather every piece of data that goes through the network at any given time. I have no theoretical problem in doing that every 10 minutes,” Jenik says. “Piece of cake for any government in the world and for most criminal organizations; a bit more effort for the others.”

So, we asked Send Anywhere: Can a hacker get into the server?

“Maybe,” says CSO Kang, but suggests the risk is lower than with cloud storage. “Our servers have the same threats as a conventional cloud service has. The only difference is we don’t have the responsibility of keeping those files forever, and all the files here expire within 24 hours. That might make it less risky for those kinds of threats – but [the risk] still exists.”

The 24-hour server functions the same as a cloud, but Kang says that since the files are held on the server for such a short time, “there’s nothing to hack.”

The code expires right after the transfer begins, and users on average input the code within two minutes. So it can cut down attacks due to the short time window, but Kang admits that it’s “not impossible” to guess the code. “You can just guess the six-digit code and it happened to be right at the moment, but it’s an extremely low possibility,” he says.

But that doesn’t account for netbot hacking, which can guess codes much, much faster than a human, notes Jenik.

On the other hand, a hacker could go straight for the file instead of the six-digit code. Kang says file hijacking attempts happen “from time to time,” but the program also has server-based protection on top of web cookie-based protection. (Jenik says otherwise about the server protection, as he was able to continue an attack by simply changing browsers whenever he was blocked.)

“File hijacking is one of the issues that we’ve been working to prevent, because it can happen, so we have been building preventing algorithms,” Kang says. So if a hijacker tried multiple rapid hacks, Send Anywhere’s algorithm can identify and block the requests by monitoring and blocking unusual IP address patterns, unique device IDs and request packet headers. However, Kang acknowledges that the block is limited to the device or IP address, meaning a hacker can simply change his IP and try again.

Even if the file transfer is hacked, it is SSL-encrypted, so they might take “years” to crack, he says. But this only protects the file being transferred, not the service itself.

Kang adds that CEO Oh Yoon-sik is the team’s security specialist, based on his experience handling server operations as head of engineering at the Korean app software development company ESTsoft. The company also takes mentorship from veteran Google engineer Andy Warner on its advisory board for software security issues.

When theorizing about the 250,000 computers attacking at once, he says, “It’s hard to tell, but I think that will work,” but that this is a fundamental problem that all one-time password verification services face.

“Usually, it is a trade-off between security and convenience,” he adds. “At Send Anywhere, we currently take more care for convenience than security. We can easily increase the code complexity, but we believe that it might hurt the simplicity of user experience in the majority of cases.”

Albeit still with a relatively small user base, Send Anywhere says that no users have reported data loss or data theft. The only successful hack was when a Googlebot crawled into a file last year, not through the six-digit code, but through a short URL, which used to accompany the code as an alternative. It’s been done away with and there have been no other problems.

Waving the security flag

Like with the cloud, Send Anywhere acknowledges that everyday users might not fully understand the service, not only on security but also on data loss. Kang believes that small startups can’t handle public cloud services because of such issues, but that Send Anywhere’s concept is much smaller and more manageable.

Kang still sees the accidental data transfers through user error as very unlikely – and Jenik and Kang both believe attacks cannot be targeted, but random only. But he admits that as the user base grows, the team will inevitably have to make the simple code more complex. He does not specify a timeline or specific user number for when that change will be implemented, but the security team will monitor the situation.

“We believe that we are not perfectly secure, but we are secure enough to maintain this kind of simplicity for a service for now. And in the future we will split the user experience [so they can choose] simplicity and another way to ensure the security.”

Among the security updates being developed is a new way of verifying file transfers between familiar devices. It promises to be more convenient while also more secure, as it does away with inputting codes and specifies the recipient based on the unique device ID, Kang explains. The sender chooses a recipient from his friends list (users or devices he has already shared with) and the recipient accepts the transfer with the click of a button. A longer, more complex code is provided as backup.

Jenik notes that the problems are “much more grave” than what a typical OTP service faces – imagine if trying the wrong code to your storage locker would open someone else’s, he explains – but the startup should choose whether it wants to market security or convenience.

“I’m not picking on them – I’ve seen worse. But they should either not wave the security flag, since they’re not good at it, and choose a different flag to wave,” he suggests, “or they should take a local expert – there are many such people in Korea – to help them convert the service into a secure one. […] It seems not a lot of security thinking was done, so I’m sure a few tweaks can heighten security considerably.”

Created by Oh Yoon-sik (CEO), Kang Su-hyuk (CSO), Lee Kyung-ho (Android software engineer), and Park Hae-il (server software engineer) in July 2012, Send Anywhere topped 1 million monthly active users in August and aims for 10 million by the end of 2017.

While it currently has zero revenue, it plans to start monetizing in 2018 through business and API solutions, native ads, and freemium user subscriptions.

For now it is focused on ramping up traction by cross-promoting with various local content providers, and will seek another funding round by the end of this year.
https://www.techinasia.com/send-anyw...sfer-security/





Apple Says Only 1 in 5 People Have Quit Apple Music

Apple has defended the uptake of Apple Music, saying that 79 percent of those who signed up for a trial are still using the service.
Chris Duckett

Apple has said that only 21 percent of United States users who have tested Apple Music no longer use it, countering the results of a survey that found defection rates at more than twice that amount.

In a survey of 5,000 people in the US, released on Tuesday, music industry research company MusicWatch found that 48 percent of those who had tried out the new online music-streaming service had stopped using it.

However, Apple said that the number is much lower.

"Seventy-nine percent of people who signed up for a trial are using the service," a spokesman for the company said.

In the MusicWatch survey, 28 percent of respondents who were trying out Apple Music said they also had Spotify Premium subscriptions. However, only 11 percent were users of the free version of Spotify, and 6 percent used the free version of internet radio Pandora.

To edge its way into the music-streaming market, Apple has offered a three-month trial period to new subscribers, after which subscriptions cost $10 per month.

Apple has long been a key player in the digital music landscape thanks to its iTunes store, and is hoping to capitalise on that established user base, with a goal of reaching 100 million Apple Music users.

Earlier this month, Apple's head of internet software and services, Eddy Cue, said the newcomer music service had 11 million users.

At the time, Apple said 2 million of those 11 million customers were on family plans, which allow six people to be on a single plan for $15 a month.

Spotify has 20 million paid subscribers and 75 million users overall, according to its website.

When Apple Music was announced at Apple's WorldWide Developer Conference in June, the company said it would be launching an app for Android, but it has yet to deliver on that promise.

At the time, Apple said it wanted to see 100 million subscribers on its music platform. In January, Apple announced that it had sold 1 billion iOS devices.

In Australia, dominant telco Telstra is offering customers a 12-month membership to Apple Music, as it shutters its own music-streaming service, MOG.

Last month, Telstra announced it would be closing MOG at the end of August after three years of service. Weeks after being launched in June 2012, MOG was bought by Beats for $14 million, and the service in the US would become Beats Music.

In May last year, Apple acquired Beats for $3.2 billion, with Beats Music combining with iTunes Radio to form the basis of Apple Music.

With AAP
http://www.zdnet.com/article/apple-s...t-apple-music/





Chinese Police Arrest 15,000 for Internet Crimes

Police in China said on Tuesday they had arrested about 15,000 people for crimes that "jeopardized Internet security", as the government moves to tighten controls on the Internet.

Since taking over in 2013, President Xi Jinping has led an increasingly harsh crackdown on China's Internet, which the Communist Party views with greater importance and acknowledges it needs to control, academics and researchers say.

Police have investigated 7,400 cases of cyber crime, the Ministry of Public Security said in a statement on its website. It did not make clear over what period the arrests were made, but referred to a case dating to last December.

China launched a six-month program last month, code-named "Cleaning the Internet".

"For the next step, the public security organs will continue to increase their investigation and crackdown on cyber crimes," the ministry said.

The campaign would also focus on breaking major cases and destroying online criminal gangs, it added.

The sweep targeted websites providing "illegal and harmful information" besides advertisements for pornography, explosives and firearms and gambling. In total, the police said they investigated 66,000 websites.

China runs one of the world's most sophisticated online censorship mechanisms, known as the Great Firewall. Censors keep a tight grip on what can be published, particularly material that could potentially undermine the ruling Communist Party.

In February, China's internet watchdog said it would ban from March 1 internet accounts that impersonate people or organizations, and enforce the requirement for people to use their real names when registering online accounts.

(Reporting by Sui-Lee Wee; Editing by Clarence Fernandez)
http://www.reuters.com/article/2015/...0QN1A520150818





With Hobbit and LoTR in the Can, Trolls no Longer Welcome in New Zealand

Kiwi parliament passes 'Harmful digital communications bill' outlawing online nasties
Richard Chirgwin

New Zealand has become the latest country to think bad online manners are amenable to legislation.

The country last night passed a controversial bill, the Harmful Digital Communications Bill, in the hope of stemming “cyber-bullying”.

The bill creates a regime under which digital communications causing “serious emotional distress” are subject to an escalating regime that starts as “negotiation, mediation or persuasion” but reaches up to creating the offences of not complying with an order, and “causing harm by posting digital communication”.

The most serious offenders would face two years in jail or a maximum fine of NZ$50,000 (US$33,900).

After it passed by a 116-to-5 vote in New Zealand's parliament, Gareth Hughes, one of the four Greens MPs to vote against the bill, said it was overly broad and “risks limiting our freedom of expression”.

NZ Labour said it was “wedged” by the NZ government: while some of the bill was “worthy of discussion” the law has “deeply worrying” elements.

The bill covers posts that are racist, sexist, or show religious intolerance, along with hassling people over disability or sexual orientation.

There's also a new offence of incitement to suicide (three years' jail).

The regime will be enforced by a yet-to-be-established agency that will make contact with publishers and social media platforms, and if it can't resolve a complaint, the agency will be able to escalate it to the district court.

There's a safe harbour provision for Web sites, and here's where the free speech arises. A platform like Facebook or Twitter (if they bothered) can opt into the safe harbour – but only if they agree to remove allegedly offending material either on-demand or within the bill's 48-hour grace period.

New Zealand's National Business Review notes complaints that it could criminalise children over the age of 14.

InternetNZ told the outlet that the bill should be kept under review: “the risk is of unintended consequences, or chosen balances of rights not working out in practice.”
http://www.theregister.co.uk/2015/07...mer_at_trolls/





Digital Surveillance 'WORSE than Orwell', Says New UN Privacy Chief

Joseph Cannataci describes British oversight as ‘a joke’ and says a Geneva convention for the internet is needed
Adam Alexander

The first UN privacy chief has said the world needs a Geneva convention style law for the internet to safeguard data and combat the threat of massive clandestine digital surveillance.

Speaking to the Guardian weeks after his appointment as the UN special rapporteur on privacy, Joseph Cannataci described British surveillance oversight as being “a joke”, and said the situation is worse than anything George Orwell could have foreseen.

He added that he doesn’t use Facebook or Twitter, and said it was regrettable that vast numbers of people sign away their digital rights without thinking about it.

“Some people were complaining because they couldn’t find me on Facebook. They couldn’t find me on Twitter. But since I believe in privacy, I’ve never felt the need for it,” Cannataci, a professor of technology law at University of Groningen in the Netherlands and head of the department of Information Policy & Governance at the University of Malta, said.

Appointed after concern about surveillance and privacy following the Edward Snowden revelations, Cannataci agreed that his notion of a new universal law on surveillance could embarrass those who may not sign up to it. “Some people may not want to buy into it,” he acknowledged. “But you know, if one takes the attitude that some countries will not play ball, then, for example, the chemical weapons agreement would never have come about.”

Cannataci came into his new post in July after a controversial spat involving the first-choice candidate, Katrin Nyman-Metcalf, who the Germans in particular thought might not be tough enough on the Americans.

But for Cannataci – well-known for having a mind of his own – it is not America but Britain that he singles out as having the weakest oversight in the western world: “That is precisely one of the problems we have to tackle. That if your oversight mechanism’s a joke, and a rather bad joke at its citizens’ expense, for how long can you laugh it off as a joke?”

He said proper oversight is the only way of progressing, and hopes more people will think about and vote for privacy in the UK. “And that is where the political process comes in,” he said, “because can you laugh off the economy and the National Health Service? Not in the UK election, if you want to survive.”

The appointment of a UN special rapporteur on privacy is seen as hugely important because it elevates the right to privacy in the digital age to that of other human rights. As the first person in the job, the investigator will be able to set the standard for the digital right to privacy, deciding how far to push governments that want to conduct surveillance for security reasons, and corporations who mine us for our personal data.

Cannataci’s mandate is extensive. He is empowered to:

• Systematically review government policies and laws on interception of digital communications and collection of personal data.
• Identify actions that intrude on privacy without compelling justification.
• Assist governments in developing best practices to bring global surveillance under the rule of law.
• Further articulate private sector responsibilities to respect human rights.
• Help ensure national procedures and laws are consistent with international human rights obligations.

Although Cannataci admits his job is a complex one that is not going to be solved with a magic bullet, he says he is far from starting from scratch and believes there are at least four main areas – including a universal law on surveillance, tackling the business models of the big tech corporations, defining privacy and raising awareness among the public.

“I would say it’s impossible to achieve in three years. And it’s probably impossible to achieve even if the mandate is renewed to six years, if you’re trying to do too much. But I do think that – at least my view of things in a field like human rights – is the longer term view, right? The impact must be felt in the long term.”

However, Cannataci says we are dealing with a world even worse that anything Orwell could have foreseen. “It’s worse,” he said. “Because if you look at CCTV alone, at least Winston [Winston Smith in Orwell’s novel 1984] was able to go out in the countryside and go under a tree and expect there wouldn’t be any screen, as it was called. Whereas today there are many parts of the English countryside where there are more cameras than George Orwell could ever have imagined. So the situation in some cases is far worse already.

“The way we handle it is going to be the difference. But Orwell foresaw a technology that was controlling. In our case we are looking at a technology that is ever-developing, and ever-developing possibly more sinister capabilities.” Because of this, the Snowden revelations were very important, he said.

“They were very important. Snowden will continue to be looked upon as a traitor by some and a hero by others. But in actual fact his revelations confirmed to many of us who have been working in this field for a long time what has been going on, and the extent to which it has gone out of control.”

Cannataci, who works between his offices in Malta and the Netherlands, has set his sights on challenging the business model of companies that are “very often taking the data that you never even knew they were taking”. “This is one thing that is certainly going to come up in my mandate, which is the business model that large corporations are using,” he said.

“We have a number of corporations that have set up a business model that is bringing in hundreds of thousands of millions of euros and dollars every year and they didn’t ask anybody’s permission. They didn’t go out and say: ‘Oh, we’d like to have a licensing law.’ No, they just went out and created a model where people’s data has become the new currency. And unfortunately, the vast bulk of people sign their rights away without knowing or thinking too much about it,” he said.
http://www.theguardian.com/world/201...-privacy-chief





Police Secretly Track Cellphones to Solve Routine Crimes
Brad Heath

The crime itself was ordinary: Someone smashed the back window of a parked car one evening and ran off with a cellphone. What was unusual was how the police hunted the thief.

Detectives did it by secretly using one of the government’s most powerful phone surveillance tools — capable of intercepting data from hundreds of people’s cellphones at a time — to track the phone, and with it their suspect, to the doorway of a public housing complex. They used it to search for a car thief, too. And a woman who made a string of harassing phone calls.

In one case after another, USA TODAY found police in Baltimore and other cities used the phone tracker, commonly known as a stingray, to locate the perpetrators of routine street crimes and frequently concealed that fact from the suspects, their lawyers and even judges. In the process, they quietly transformed a form of surveillance billed as a tool to hunt terrorists and kidnappers into a staple of everyday policing.

The suitcase-size tracking systems, which can cost as much as $400,000, allow the police to pinpoint a phone’s location within a few yards by posing as a cell tower. In the process, they can intercept information from the phones of nearly everyone else who happens to be nearby, including innocent bystanders. They do not intercept the content of any communications.

Dozens of police departments from Miami to Los Angeles own similar devices. A USA TODAY Media Network investigation identified more than 35 of them in 2013 and 2014, and the American Civil Liberties Union has found 18 more. When and how the police have used those devices is mostly a mystery, in part because the FBI swore them to secrecy.

Cellphone Surveillance

Police and court records in Baltimore offer a partial answer. USA TODAY obtained a police surveillance log and matched it with court files to paint the broadest picture yet of how those devices have been used. The records show that the city's police used stingrays to catch everyone from killers to petty thieves, that the authorities regularly hid or obscured that surveillance once suspects got to court and that many of those they arrested were never prosecuted.

Defense attorneys assigned to many of those cases said they did not know a stingray had been used until USA TODAY contacted them, even though state law requires that they be told about electronic surveillance.

“I am astounded at the extent to which police have been so aggressively using this technology, how long they’ve been using it and the extent to which they have gone to create ruses to shield that use,” Stephen Mercer, the chief of forensics for Maryland’s public defenders, said.

Prosecutors said they, too, are sometimes left in the dark. "When our prosecutors are made aware that a detective used a cell-site stimulator, it is disclosed; however we rely upon the Police Department to provide us with that information," said Tammy Brown, a spokeswoman for the Baltimore's State's Attorney. "We are currently working with the Police Department to improve upon the process to better obtain this information in order to comply with the law.”

Baltimore is hardly alone. Police in Tallahassee used their stingray to track a woman wanted for check forging, according to records provided to the ACLU last year. Tacoma, Wash., police used theirs to try to find a stolen city laptop, according to records released to the website Muckrock. Other departments have acknowledged that they planned to use their stingrays for solving street crimes.

As that surveillance became more common — and more widely known — state and federal lawmakers moved to put new limits on the circumstances in which it can be used. Some states require the police to get a search warrant before they can use a stingray, and Congress is considering a similar rule for the federal government.

Federal officials have said stingrays allow them to track dangerous criminals. “It’s how we find killers,” FBI Director James Comey said last year. “It’s how we find kidnappers. It’s how we find drug dealers. It’s how we find missing children. It’s how we find pedophiles.”

In Baltimore, at least, it’s how the police tracked the man they suspected stole a phone from the back seat of a car parked outside the city’s central booking facility in 2009. Two days after the theft, an officer said in a court filing that detectives found Danell Freeman holding the phone in the doorway of an East Baltimore public housing complex. The court filing did not say how detectives knew to look for the phone there, but a police surveillance log indicates they used a stingray.

Police charged Freeman with misdemeanor theft. Prosecutors dropped the case a month later.

“The problem is you can’t have it both ways. You can’t have it be some super-secret national security terrorist finder and then use it to solve petty crimes,” Electronic Frontier Foundation lawyer Hanni Fakhoury said.

FBI spokesman Chris Allen said the bureau does not have the authority to tell police departments how they should use stingrays. It has asked them to keep that use confidential, requiring them to sign non-disclosure agreements that prohibit officers from revealing how the phone-tracking technology works. Baltimore police officials signed one in 2011.

Listen to reporter Brad Heath discuss his investigation in the audio player below:

CRIMES LARGE AND SMALL

Baltimore’s police are prolific stingray users. In April, Det. Emmanuel Cabreja testified that officers had used cell-site simulators more than 4,300 times since 2007, a figure that easily dwarfs the tallies reported by the few police departments that have released details of their usage. The police have not previously identified the crimes they used the device to investigate or the people they arrested as a result.

By matching court records and a surveillance log from the police department’s Advanced Technical Team, USA TODAY identified 837 criminal cases in which the police indicated they had used a device to simulate a cell tower. The log does not expressly reference cell-site simulators, but detectives and a police spokesman, Det. Jeremy Silbert, confirmed the language officers used in the log to indicate a stingray had been used.

Among those cases are some of the most serious crimes the police were called on to investigate — and some of the least.

In 2010, police used a stingray to track a man they suspected had kidnapped his girlfriend’s two daughters, ages 3 and 5, and demanded half of her $6,000 tax refund as a ransom “in exchange for her older daughter’s life.” He threatened in text messages to throw the older daughter off a bridge if he didn't get the money, according to court records. Detectives quickly recovered the children unharmed. Prosecutors quickly dropped the kidnapping charges against the man, Kwame Oseitutu; he was convicted only of misdemeanor misuse of a telephone. Prosecutors did not explain that decision.

Officers rely on reports from phone companies to track a suspect's phone to a particular neighborhood, then use their tracker, known as a Hailstorm, to pinpoint his location. In one court filing in 2013, an officer said Advanced Tactical Team detectives received 40 hours of training on using the tracker and an additional eight hours of "cellular theory" training from the U.S. Secret Service.

The team's log shows the police used cell-site simulators in at least 176 homicide cases, 118 shootings and 47 rapes since 2008. Usually they were searching for suspects, but occasionally, the records show they used the devices to track down witnesses. The most common use by far was solving robberies. Stingrays are especially well-suited to that job because robbers frequently take their victims' phones.

“We’re out riding around every day,” said one officer assigned to the surveillance unit, who spoke on the condition of anonymity because of the department’s non-disclosure agreement with the FBI. “We grab a lot of people, and we close a lot of cases.”

Not all of those cases are big. Records show police used a cell-site simulator to track down a woman charged with stealing credit cards from a garage and using them to pay two months’ rent at a self-storage unit. They used it to hunt for a stolen car and to find a woman who sent hundreds of “threatening and annoying” text messages to a Baltimore man. In each case, prosecutors ultimately dropped the charges or agreed to pretrial diversion.

In 2011, detectives used a stingray to try to find a man who took his wife’s cellphone during an argument, telling her, “If you won’t talk to me, you’re not going to talk to anyone,” according to court records, a crime the surveillance team classified as a robbery. Police tracked the phone that day, but by then, it had already been returned to his wife, so they tracked it to her house.

Police did not find Jarrod Tongue until he showed up in court a month and a half later, when the case was dismissed. Tongue could not be reached to comment.

Baltimore police officials declined to comment.

Baltimore's use is consistent with how the police have used cell trackers in other cities, ACLU lawyer Nathan Wessler said, albeit on a much larger scale. “We know that they have been purchased widely and used widely,” he said. “In the few departments that we’ve seen [records from], they are being used for a wide range of investigations.”

Rochelle Ritchie, a spokeswoman for Baltimore’s state’s attorney, could not say whether prosecutors had ever dropped a case because of issues related to such such surveillance.

Still, barely half of the cases USA TODAY identified ended in a conviction. Prosecutors dismissed about a third of the cases outright, even when suspects had stolen phones with them when they were arrested. What’s less clear is whether those outcomes were the result of the secret surveillance or merely reflected the normal ebb and flow of Baltimore’s clogged criminal justice system.

Prosecutors have certainly agreed to forgo evidence officers gathered after using a stingray. At a court hearing in November, a lawyer for a robbery suspect pressed one of the detectives assigned to the surveillance team, John Haley, for information about how the police had found a phone and gun prosecutors wanted to use as evidence against his client. Haley refused to explain, citing the non-disclosure agreement. “You don’t have a non-disclosure agreement with the court,” Judge Barry Williams replied and threatened to hold the detective in contempt if he did not answer.

Prosecutors quickly agreed to forgo the evidence rather than let the questioning continue. “I don’t think Det. Haley wants to see a cell today,” Assistant State's Attorney Patrick Seidel said.

SECRET SURVEILLANCE

In court records, police routinely described the phone surveillance in vague terms — if they mentioned it at all. In some cases, officers said only that they used “advanced directional finding equipment” or “sophisticated electronic equipment" to find a suspect. In others, the police merely said they had “located” a suspect’s phone without describing how, or they suggested they happened to be in the right place at the right time.

Such omissions are deliberate, said an officer assigned to the department’s Advanced Technical Team, which conducts the surveillance. When investigators write their reports, “they try to make it seem like we weren’t there,” the officer said.

Public defenders in Baltimore said that robbed them of opportunities to argue in court that the surveillance is illegal. “It’s shocking to me that it’s that prevalent,” said David Walsh-Little, who heads the felony trial unit for Baltimore’s public defender office. “We can’t challenge it if we don’t know about it, that’s sort of the horror of it.”

Defendants usually have a right to know about the evidence against them and to challenge the legality of whatever police search yielded it. Beyond that, Maryland court rules generally require the government to tell defendants and their lawyers about electronic surveillance without being asked. Prosecutors say they are not obliged to specify whether a stingray was used. Referring to direction-finding equipment “is sufficient to place defense counsel on notice that law enforcement employed some type of electronic tracking device,” Ritchie said.

In at least one case, police and prosecutors appear to have gone further to hide the use of a stingray. After Kerron Andrews was charged with attempted murder last year, Baltimore's State's Attorney's Office said it had no information about whether a phone tracker had been used in the case, according to court filings. In May, prosecutors reversed course and said the police had used one to locate him. “It seems clear that misrepresentations and omissions pertaining to the government’s use of stingrays are intentional,” Andrews’ attorney, Assistant Public Defender Deborah Levi, charged in a court filing.

Judge Kendra Ausby ruled last week that the police should not have used a stingray to track Andrews without a search warrant, and she said prosecutors could not use any of the evidence found at the time of his arrest.

Some states require officers to get a search warrant, in part because the technology is so invasive. The Justice Department is considering whether to impose a similar rule on its agents. In Baltimore, police routinely relied instead on what are known as “pen register” orders, which must be approved by a judge but do not require the same level of proof as a search warrant. For a time last year, Baltimore officers also started getting search warrants, then stopped, Haley testified at a hearing in June.

Few courts have weighed in on stingrays' legality, partly because so much of the surveillance happened in secret that defense lawyers had few opportunities to challenge it.

Levi, for example, said she did not realize until USA TODAY contacted her that the police had used stingrays in at least three other cases she handled.

In one, police tracked a rape suspect to an address on the city's west side. Their arrest report didn’t specify how they found him there, and a disclosure form filed in Baltimore’s Circuit Court did not indicate that the police had conducted any electronic surveillance. But his case number and the address where he was arrested appear in the Advanced Technical Team’s surveillance log with language indicating that a stingray was used.

Even when stingray cases reach appeals courts responsible for settling those legal questions, the judges don't always appear to know about the surveillance.

Two years ago, for example, a Maryland appeals court heard a case in which the police arrested a robbery suspect after tracking a stolen cellphone. Kenneth Redmond had been convicted of robbing a high school student at knife-point; police found him by tracking her stolen phone to a house. The court’s description of how they did that was vague; detectives found him by “triangulating the signal from cellphone towers in the area,” the judges wrote, using “phone company technology.”

In fact, according to the police log, detectives used a stingray.
http://www.usatoday.com/story/news/2...ance/31994181/





A Dubious Deal with the NSA

Internal documents show that Germany's domestic intelligence agency, the BfV, received the coveted software program XKeyscore from the NSA – and promised data from Germany in return.
Kai Biermann and Yassin Musharbash

The agents from the Federal Office for the Protection of the Constitution (BfV), Germany’s domestic intelligence agency, were deeply impressed. They wanted to be able to do that too. On Oct. 6, 2011, employees of the US intelligence agency NSA were in the Bavarian town of Bad Aibling to demonstrate all that the spy software XKeyscore could do. To make the demonstration as vivid as possible, the Americans fed data into their program that the BfV had itself collected during a warranted eavesdropping operation. An internal memo shows how enthusiastic the German intelligence agents were: Analyzing data with the help of the software, the memo reads in awkward officialese, resulted in "a high recognition of applications used, Internet applications and protocols." And in the data, XKeyscore was able to "recognize, for example, Hotmail, Yahoo or Facebook. It was also able to identify user names and passwords." In other words, it was highly effective.

It was far beyond the capabilities of the BfV’s own system. In response, then-BfV President Heinz Fromm made a formal request five months later to his American counterpart, NSA head Keith Alexander, for the software to be made available to the German intelligence agency. It would, he wrote, superbly complement the current capabilities for monitoring and analyzing Internet traffic.

But fully a year and a half would pass before a test version of XKeyscore could begin operating at the BfV facility in the Treptow neighborhood of Berlin. It took that long for the two agencies to negotiate an agreement that regulated the transfer of the software in detail and which defined the rights and obligations of each side.

The April 2013 document called "Terms of Reference," which ZEIT ONLINE and DIE ZEIT has been able to review, is more than enlightening. It shows for the first time what Germany’s domestic intelligence agency promised their American counterparts in exchange for the use of the coveted software program. "The BfV will: To the maximum extent possible share all data relevant to NSA's mission," the paper reads. Such was the arrangement: data in exchange for software.

It was a good deal for the BfV. Being given the software was a "proof of trust," one BfV agent exulted. Another called XKeyscore a "cool system." Politically and legally, however, the accord is extremely delicate. Nobody outside of the BfV oversees what data is sent to the NSA in accordance with the "Terms of Reference," a situation that remains unchanged today. Neither Germany’s data protection commissioner nor the Parliamentary Control Panel, which is responsible for oversight of the BfV, has been fully informed about the deal. "Once again, I have to learn from the press of a new BfV-NSA contract and of the impermissible transfer of data to the US secret service," complains the Green Party parliamentarian Hans-Christian Ströbele, who is a member of the Parliamentary Control Panel. The Federal Office for the Protection of the Constitution, for its part, insists that it has adhered strictly to the law.

The data in question is regularly part of the approved surveillance measures carried out by the BfV. In contrast, for example, to the Bundesnachrichtendienst (BND), Germany’s foreign intelligence agency, the BfV does not use a dragnet to collect huge volumes of data from the Internet. Rather, it is only allowed to monitor individual suspects in Germany -- and only after a special parliamentary commission has granted approval. Because such operations necessarily imply the curtailing of rights guaranteed by Article 10 of Germany’s constitution, they are often referred to as G-10 measures. Targeted surveillance measures are primarily intended to turn up the content of specific conversations, in the form of emails, telephone exchanges or faxes. But along the way, essentially as a side effect, the BfV also collects mass quantities of so-called metadata. Whether the collection of this data is consistent with the restrictions outlined in Germany's surveillance laws is a question that divides legal experts. Well-respected constitutional lawyers are of the opinion that intelligence agencies are not allowed to analyze metadata as they see fit. The agencies themselves, naturally, have a different view.

It is clear, after all, that metadata also enables interesting conclusions to be drawn about the behavior of those under surveillance and their contacts, just as, in the analog world, the sender and recipient written on an envelope can also be revealing, even if the letter inside isn't read. Those who know such data can identify communication networks and establish movement and behavioral profiles of individuals. Prior to 2013, Germany's domestic intelligence agency was only able to analyze metadata by hand -- and it was rarely done as a result. But that changed once the agency received XKeyscore. The version of the software obtained by the BfV is unable to collect data on the Internet itself, but it is able to rapidly analyze the huge quantities of metadata that the agency has already automatically collected. That is why XKeyscore is beneficial to the BfV. And, thanks to the deal, that benefit is one that extends to the NSA.

In practice, it assumedly works as follows: When an Islamist who is under surveillance by the BfV regularly receives calls from Afghanistan, for example, then the telephone number is likely exactly the kind of information that is forwarded on to the NSA. That alone is not necessarily cause for concern; after all, combatting terrorism is the goal of intelligence agency cooperation. But nobody outside of the BfV knows whose data, and how much of it, is being shared with the NSA. Nobody can control the practicalities of the data exchange. And it is completely unclear where political responsibility lies.

In 2013 alone, the BfV began 58 new G-10 measures and continued 46 others from the previous year. Who was targeted? What information was passed on to the NSA? Was information pertaining to German citizens also shared? When confronted with such questions, the BfV merely responded: "The BfV is unable to publicly comment on the particulars of the cooperation or on the numbers of data collection operations."

How important XKeyscore has become for the BfV can also be seen elsewhere. Not long ago, the website Netzpolitik.org published classified budget plans for 2013 which included the information that the BfV intended to create 75 new positions for the "mass data analysis of Internet content." Seventy-five new positions is a significant amount for any government agency. A new division called 3C was to uncover movement profiles and contact networks and to process raw data collected during G-10 operations. The name XKeyscore does not appear in the documents published by Netzpolitik.org. But it is reasonable to suspect that the new division was established to deploy the new surveillance software.

Germany’s domestic intelligence agency is itself also aware of just how sensitive its deal with the Americans is. Back in July 2012, a BfV division warned that even the tests undertaken with XKeyscore could have "far-reaching legal implications." To determine the extent of the software’s capabilities, the division warned, employees would have to be involved who didn’t have the appropriate security clearance to view the data used in the tests. The BfV has declined to make a statement on how, or whether, the problem was solved.

Germany’s data protection commissioner was apparently not informed. "I knew nothing about such an exchange deal," says Peter Schaar, who was data protection commissioner at the time. "I am also hearing for the first time about a test with real data." He says he first learned that BfV was using XKeyscore after he asked of his own accord in 2013 -- in the wake of revelations about the program from whistleblower Edward Snowden.

Schaar is of the opinion that the agency was obliged to inform him. Because real data was used during the tests, Schaar says, it constituted data processing. The BfV, by contrast, is of the opinion that the use of XKeyscore has to be controlled solely by the G-10 commission. It is a question that has long been the source of contention. In testimony before the parliamentary investigative committee that is investigating NSA activities in Germany, Schaar has demanded that the G-10 law be more clearly formulated to remove the ambiguity.

The fact that the BfV recognized the problems with its NSA cooperation can be seen elsewhere in the files as well. During the negotiations over the XKeyscore deal, the BfV noted: "Certain NSA requests … cannot be met insofar as German law prevents it." But the Americans insisted that the software finally be "used productively." The NSA wants "working results," the German agents noted. There is, they wrote, apparently "high internal pressure" to receive information from the Germans.

Ultimately, the BfV arrived at the conclusion that transferring information obtained with the help of XKeyscore to the NSA was consistent with German law. Insights gathered by way of G-10 operations were already being "regularly" shared with "foreign partner agencies." That, at least, is what the BfV declared to the German Interior Ministry in January 2014. Furthermore, the agency declared, a special legal expert would approve each data transfer.

That, it seems, was enough oversight from the perspective of the BfV. The agency apparently only partially informed its parliamentarian overseers about the deal. The Parliamentary Control Panel learned that the BfV had received XKeyscore software and had begun using it. But even this very general briefing was only made after the panel had explicitly asked following the Snowden revelations. The deal between the intelligence agencies, says the Green Party parliamentarian Ströbele, "is undoubtedly an ‘occurrence of particular import,’ about which, according to German law, the German government must provide sufficient information of its own accord." He intends to bring the issue before the Parliamentary Control Panel. The NSA investigative committee in German parliament will surely take a closer look as well.

Translated by Charles Hawley
http://www.zeit.de/digital/datenschu...ligence-agency





Setback for Suit Against N.S.A. on Phone Data
James Risen

An appeals court ruled on Friday that the National Security Agency may continue to collect the phone records of millions of Americans, at least until a new law banning the practice goes into effect in November.

The United States Court of Appeals for the District of Columbia lifted an injunction, which had been issued by a 2013 ruling against the N.S.A. program by a lower court but was not in effect, helping clear some of the legal thicket that has grown up around the agency’s so-called bulk phone records collection. The ruling came even though Congress passed a law in June to end the program.

Legal challenges to the phone data program — which began in secret under the Patriot Act and then was disclosed by leaks from the former N.S.A. contractor Edward J. Snowden — were underway in the courts long before Congress acted to end it. They have continued despite the new law, which replaces the agency’s bulk collection with a process in which the major phone companies will hold the data and the agency will have to seek court orders to obtain it.

The Obama administration says the law allows the agency to continue the phone program for 180 days to give it time to change to the new process, but a separate lawsuit is challenging that. The transition period will end Nov. 29, so any further legal challenges to the program will have only a temporary effect.

Friday’s ruling has no immediate consequences for the N.S.A., since the injunction imposed by the lower court was not in effect. The Obama administration had appealed the lower court’s ruling to the court of appeals.

The bulk collection of phone records was started by the Bush administration after the Sept. 11 terrorist attacks, as part of the N.S.A.’s warrantless wiretapping and domestic spying program. The Obama administration expanded the agency’s domestic surveillance as the government capitalized on the growth of social media and other forms of digital information that could be collected in order to track people.

The Obama administration interpreted the Patriot Act’s Section 215, which authorized the collection of business records, as also authorizing the clandestine collection of the phone calling records of millions of Americans. The administration did not make public the bulk collection of data until after Mr. Snowden disclosed it by leaking N.S.A. documents.

Before Mr. Snowden’s actions, the White House imposed intense secrecy on the program. Senator Ron Wyden, Democrat of Oregon and one of the members of Congress who had been briefed about it, said that if members of the general public knew what he did, they would be shocked. He warned that the Obama administration was using “secret law,” and that there were two versions of the Patriot Act — the one the public had been told about, and a secret one.

Because the information was classified, however, Mr. Wyden would not say publicly what concerned him. Only after Mr. Snowden revealed the existence of the bulk collection program in 2013 did Mr. Wyden admit that he had been referring to the bulk data collection program.

Lawsuits against the program followed Mr. Snowden’s disclosures, joining a cluster of earlier lawsuits that had been filed against the N.S.A.’s domestic spying operations after The New York Times’s disclosure of the agency’s warrantless wiretapping program in 2005. Many of these lawsuits have ultimately failed on the grounds of a lack of standing by those who have brought the suits, meaning that the people suing the N.S.A. and the government could not prove they had been spied on or otherwise victimized by the N.S.A.

In some of the lawsuits, that issue of standing has blocked broader and more significant court rulings on whether the agency’s domestic spying is constitutional.

Standing was also an issue at the heart of Friday’s ruling. The appeals court said that the injunction against the bulk phone records program imposed by the lower court had to be lifted, arguing that the plaintiff could not prove his phone records had been collected and thus lacked standing, and sending the case back to the lower court for further review.
http://www.nytimes.com/2015/08/29/us...als-court.html





Twitter Shuts Down 30 Sites Dedicated to Saving Politicians' Deleted Tweets
James Vincent

Twitter has shut down a network of sites dedicated to archiving deleted tweets from politicians around the world. The sites — collectively known as Politwoops — were overseen by the Open State Foundation (OSF), which reported that Twitter suspended their API access on Friday, August 21st. Twitter reportedly told the OSF that its decision was the result of "thoughtful internal deliberation and close consideration of a number of factors," and that the social media site didn't distinguish between politicians and regular users.

"Imagine how nerve-racking — terrifying, even — tweeting would be if it was immutable and irrevocable?" Twitter reportedly told the OSF. "No one user is more deserving of that ability than another. Indeed, deleting a tweet is an expression of the user’s voice."

The US arm of Politwoops was shut down in June this year, but this new decision affects countries all over the world including Canada, Egypt, India, Ireland, South Korea, Tunisia, Turkey, Norway, and the UK. The Diplotwoops site, dedicated to archiving deleted tweets from diplomats, was also shut down, with the OSF noting that all the accounts had been "extensively used and cited by journalists around the world." The organization's director, Arjan El Fassed, commented: "What politicians say in public should be available to anyone. This is not about typos, but it is a unique insight on how messages from elected politicians can change without notice."

The British arm of Politwoops, known by the handle @deletedbyMPs, was among those affected by Twitter's decision. Jules Mattsson, who runs the account, told The Guardian: "It’s a terrible shame that Twitter has made this decision. Politwoops has been an important new tool in political accountability in the UK and abroad. Politicians are all too happy to use social media to campaign, but if we lose the ability for this to be properly preserved, it becomes a one-way tool."
https://www.theverge.com/2015/8/24/9...ps-diplotwoops





Russia’s War with Wikipedia
Julia Smirnova

The recent battle between Russian authorities and Wikipedia started in a village called Chyorny Yar (population: less than 8,000) in southern Russia.

A prosecutor in the village was concerned about a Wikipedia entry on charas, a form of cannabis, though the reasons are unclear. Chyorny Yar appears to have no major problems with drug abuse — and apparently no cannabis fields. According to Wikipedia, charas is a “hashish form of cannabis which is handmade in India, Lebanon, Pakistan, Nepal and Jamaica” — places far from Chyorny Yar.

The prosecutor demanded that the Russian-language Wikipedia entry be deleted. A court in the village endorsed his position in June.

On Monday, Russia’s Internet watchdog — Roskomnadzor — asked service providers to block the Wikipedia page. Wikipedia, however, uses the https protocol for secure communication, which in turn means that providers have difficulty blocking individual articles. Given this constraint, Roskomnadzor underlined in a statement on its Facebook page last week that Russian providers would have to block the whole Internet encyclopedia to enforce the ban on the charas entry.

As of Monday afternoon, however, Wikipedia was still available in Russia.

Stanislav Kozlovskiy, executive director of the Wikimedia foundation in Russia, expects that it will take a day for authorities and providers to enforce the ban.

“The whole of Wikipedia will be blocked for most Russian users once it’s implemented,” Kozlovskiy told The Washington Post.

According to him, the majority of Russian providers lack the expensive equipment that would enable them to block only specific Wikipedia pages.

He added, “We are not going to stop using the https protocol to make it easier for Roskomnadzor to censor Wikipedia.”

Reddit, an entertainment and news Web site, faced a similar threat recently. Russian authorities briefly blocked it because of a thread about growing psilocybin mushrooms. The ban was revoked after the site restricted access to this thread in Russia. Reddit also uses the https protocol.

After Russian authorities asked Wikipedia to delete the charas entry, Wikipedia users changed its name and the URL. The Russian-language article is now called “Charas (narcotic substance).” Users also changed the text of the entry. It now has only scientific articles and U.N. data as its sources. The text also contains information about the health risks posed by cannabis and notes that this narcotic is banned in Russia. But Roskomnadzor officials deemed the changes unsatisfactory and insisted that the entry be deleted.

It is not the first time that Roskomnadzor has demanded that Wikipedia delete articles. Several dozen Wikipedia pages on drugs and suicide have been blacklisted since 2012. All but four of them were eventually removed from the list, and Wikipedia has engaged in talks with authorities about the content of the banned entries. It has not deleted those pages.

It is, however, the first time that Russian authorities have asked providers to block a Wikipedia page.

“It was a dialogue in previous cases,” Kozlovskiy said. He and his colleagues used to talk to representatives of Roskomnadzor directly on the phone and discuss the text and its sources. The banned articles would then be edited by users to appease the watchdog. But in the charas case, all attempts by Wikimedia to contact Roskomnadzor reportedly failed.

“We tried to call them but were told that the press officer is on vacation and no one else is authorized to talk to us,” Kozlovskiy said. “They preferred to communicate via statements on the Internet instead.”

On Friday, Roskomnadzor posted its last threat in the Russian social network vk.com, saying it would ask providers to block Wikipedia if the entry about the drug is not deleted.

In 2012, Wikipedia protested legislation allowing Russian authorities to block Web sites without court order, shutting down for 24 hours in the country. Since the law’s enactment, tens of thousands of Web pages have been blacklisted. Most have been targeted because they deal with drugs, pornography, suicide or other subjects that Russian authorities consider harmful to children. But Web sites with “extremist” content, including appeals for gatherings not approved by Russian authorities, also can now be easily banned. The new rules were used to block several opposition blogs and Web sites.

Wikipedia has noted that the legislation is formulated very vaguely, allowing authorities to put pressure on Web site owners and to block pages under minor pretexts.

“We could have been blocked every day since 2012, and now it seems like this day has come,” Kozlovskiy says.
https://www.washingtonpost.com/news/...41440456063397





Prosecutors Mull Corporate Charge Over Phone-Hacking at Murdoch Papers

Prosecutors said on Friday they had received a file of evidence relating to the police investigation of phone-hacking at Rupert Murdoch's British newspaper group and would be considering a possible corporate prosecution.

The phone-hacking scandal first began in 2006 when the former royal editor of Rupert Murdoch's now-defunct News of the World, Clive Goodman, and his investigator Glenn Mulcaire, admitted they had hacked the phones of royal aides.

As the scale of revelations grew, police launched a wider investigation into hacking under the codename Operation Weeting in 2011 that eventually led to the jailing for 18 months of the paper's ex-editor Andy Coulson and the conviction of five of its journalists.

Several other senior executives at the firm were found not guilty of hacking and other offences.

"We have received a full file of evidence for consideration of corporate liability charges relating to the Operation Weeting phone hacking investigation," said a spokesman for the Crown Prosecution Service (CPS) in a statement.

A spokeswoman for News UK, which covers Murdoch's British newspaper titles, declined to comment. The parent company News Corp has previously said it has changed the way it operates and has apologised to hacking victims.

The US Department of Justice has already said it would not prosecute News Corp and 21st Century Fox, part of Murdoch’s global media empire, over the British hacking scandal.

(Reporting by Stephen Addison; Editing by Kate Holton and Andrew Heavens)
http://uk.reuters.com/article/2015/0...0QX24F20150828





Rebekah Brooks Said to Be Returning to News Corp. in Britain
Ben Sisario

Rebekah Brooks, the editor and publishing executive who four years ago became embroiled in a phone-hacking scandal in Britain, is set to return to Rupert Murdoch’s media empire in a senior role, an executive with knowledge of the company’s plans said on Friday.

Ms. Brooks will oversee News UK, the division that publishes the newspapers The Times of London and The Sun, according to this person, who spoke on the condition of anonymity. She will also have broader responsibilities that could include deal-making and various digital efforts, according to the person, though the final details of Ms. Brooks’s role could change.

Just over a year ago, Ms. Brooks was acquitted of charges related to phone hacking, in which journalists at News of the World and other Murdoch papers gained access to the voice mails of various people, including a murdered schoolgirl and members of the royal family, and were accused of bribing police and public officials.

James Kennedy, a News Corporation spokesman, said in an email on Friday, “As we’ve said before, we’ve been having discussions with Rebekah Brooks, and when we have any announcements to make, we’ll be sure to let you know.”

Ms. Brooks, 47, is a longtime Murdoch protégée, and in media circles her return to his company has been expected since her exoneration. In recent months she has been frequently seen at News Corporation’s headquarters in New York, and was even spotted at brunch with Mr. Murdoch in Brooklyn.

Her return would cap a remarkable career turnaround from the disgrace of the hacking scandal, and give Ms. Brooks a prominent role at the company. One job that had reportedly been considered for her in recent months was running Storyful, a News Corporation digital property. But her new position would give Ms. Brooks control over some of the most influential papers in Britain as well as a degree of power over some corporate deals.

News of her new role was first reported on Friday by The Financial Times.

After beginning her career as a secretary at News of the World, Ms. Brooks rose to be its editor and eventually chief executive of News International, and in her personal life she mingled with prime ministers and Britain’s power elite.

That position appeared to crumble as the phone-hacking scandal erupted in 2011 with the revelation that reporters at News of the World had hacked into the phone of Milly Dowler, a 13-year-old who in 2002 was abducted and murdered. The case crystallized long-simmering public complaints in Britain about a freewheeling and unaccountable tabloid press, and had immediate ramifications for News Corporation and the broader Murdoch clan.

Ms. Brooks and others, including Andy Coulson, a former spokesman for Prime Minister David Cameron who had also once edited News of the World, faced charges including conspiracy, hiding evidence and bribing public officials for information. Ms. Brooks was cleared of those charges, but Mr. Coulson — who, she revealed in testimony, had once been her lover — was found guilty of conspiracy to intercept voice mail messages, and was given an 18-month jail sentence.

The phone-hacking scandal led to the closure of News of the World in 2011, after 168 years in print. Mr. Murdoch also abandoned plans to take over British Sky Broadcasting, now known as Sky UK. In 2013, News Corporation split into two companies: 21st Century Fox, which includes film and television assets, and News Corporation, whose properties include newspapers like The Wall Street Journal and the book publisher HarperCollins.

Ms. Brooks would be returning to News Corporation as the company’s stable of British newspapers is struggling to keep pace with local rivals, offset dwindling print circulations and counter a growing number of digital publications that are siphoning off readers.

The Sun, Britain’s most-read daily paper, has been challenged by The Daily Mail, another tabloid. Monthly circulation has also fallen at News Corporation’s weekly publications, The Sunday Times and The Sun on Sunday, according to industry statistics.

The company’s British newspapers have flirted with so-called online paywalls that allow only readers with paid subscriptions to have access to digital content. The efforts, however, have not been completely successful, and The Sun recently increased the amount of free content that online readers could get on its website.

Emily Steel and Mark Scott contributed reporting.
http://www.nytimes.com/2015/08/29/bu...n-britain.html





Ashley Madison Hack Sends Shivers Through Hook-Up, Porn Sites
Josephine Mason

Larry Flynt, a defender of free speech and sexual freedom if there ever was one, has this advice for anyone worried by the hack of infidelity site Ashley Madison: Muzzle yourself.

"Don't do or say anything you wouldn't want to read about on the front page of the New York Times," said the founder of Hustler magazine and owner of businesses that sell sexually explicit videos online.

It might be too late for many people who, lured by a supposed cloak of digital anonymity, have shared their innermost wishes, fetishes and fantasies on hook-up and porn sites. And those companies know that their digital troves of secrets are exactly what make them a target for emboldened hackers.

In exposing the Ashley Madison accounts of as many as 37 million users, hackers released a cache of potentially embarrassing and damaging data. The dump contained email addresses for U.S. government officials, UK civil servants, and workers at European and North American corporations, taking already deep-seated fears about Internet security and data protection to a new level.

"This represents a scary precedent" because of the scope and depth of intrusion into people's private lives, said Ajay Sood, Canada general manager at cyber security company FireEye/Mandiant. "Ashley Madison wasn't the first, but it's the one."

The data dump made good on the hackers' threat last month to leak customers' nude photos, sexual fantasies, names and credit card information from the Canadian website with the slogan, "Life is short. Have an affair."

The hackers, who have not been identified, appear to bear a grudge against the company and want to undermine it by exposing users to public scrutiny.

The prospect of attacks by non-financially driven hackers pursuing publicity, blackmail or moral judgments sends shivers through the online dating and sex industry.

Reports that blackmailers armed with the data dump are contacting Ashley Madison members for extortion will reinforce concerns. For the online adult entertainment segment, which accounts for more than 10 percent of Internet traffic, the trend is particularly worrisome.

"I don't know anyone that's prepared for something like this," said Joanna Angel, a famous punk porn entrepreneur who owns and sells adult films on the website Burning Angel.

'TRADE IN SECRETS'

The online sex industry has long been aware it is more vulnerable to a cyber attack than most companies because some people find it offensive. It also thrives on ensuring privacy.

As a result, it has toughened up its defenses over the years, as global retailers and health insurers have fallen victims to hackers. The problem is, security experts say, there is very little else they can do to keep hackers out.

"There are always extra layers of security," said Diane Duke, chief executive officer of the Free Speech Coalition, the trade association for the adult entertainment industry. "However, you build a widget; someone breaks it."

Angel, 34, who has starred in and directed hundreds of films, believes she has robust security on her website, but worries it may not be enough to ward off ever-more sophisticated hackers.

She hired outside experts to run her online security after hackers shut her site down for five days, costing her money and, temporarily, customers.

Angel said the Ashley Madison affair and release of people's names might curb customers' willingness to disclose personal information, although she had not seen any evidence of this.

"It could end up affecting a company like mine," she said. "It will make people more paranoid."

The Ashley Madison hack is the second high-profile attack on a no-strings attached solicitation site this year. In March, Adult FriendFinder was the victim of a massive data breach, with hackers publishing details of 4 million subscribers on the Web.

Adult sites, among the first Internet companies to accept credit card payment, tend to have robust security to combat fraud. But their systems for securing non-financial client data are not as strong, cyber experts said.

One large cyber security provider has seen an uptick in business from companies that "trade in the secrets" of clients, an executive said.

"It's hard for these types of companies to see what's going on and not want to take a closer look at their security," said the executive, who was not authorized to publicly discuss client enquiries.

Many have already hired top-class security talent to keep tabs on their websites, said Mikko Hypponen, chief research officer at Finland-based cyber security company F-Secure.

And users are probably getting wiser about using work email addresses, posting risqué photos or divulging potentially embarrassing information on dating sites, he added.

Flynt, who fought in the courts for freedom of speech, said anyone surprised at the invasion of people's privacy is naive.

"Privacy no longer exists," he said, "and it hasn't for some time."

(Additional reporting by Jim Finkle in Boston; Editing by Amran Abocar, Mary Milliken and Lisa Von Ahn)
http://uk.reuters.com/article/2015/0...0QT0DF20150824





Irony: NSA Worried Hackers with Super Computers Might Break Current Encryption Standards
Chris Smith

The National Security Agency (NSA) has a bunch of sophisticated tools at its disposal to conduct massive data collection operations all in the name of doing good – and that’s definitely something you’d want from your intelligence agencies. Ironically, the NSA is already worried about the advanced computers that might be available to humans in the not so distant future, which could be used by hackers to break the complex cryptography that makes possible encryption.

DON’T MISS: Another huge leak: iPhone 6s specs and release date detailed by wireless carrier rep

Why is this ironic? Because the NSA and other spy agencies want to break that encryption that protects your communications and are unhappy when online services and products can protect the user’s privacy with built-in encryption. The NSA also wants quantum computers of its own.

According to a report in the International Business Times, experts at the NSA are “deeply” worried that quantum computers will be able to break encryption if used by the hackers of the future.

Such computers are expected to arrive at some point in the next 50 years, and should offer users significantly upgraded computing power that could break the complex mathematical equations that make encryption possible. Quantum computers could solve math problems “like integer factorization, discrete logarithm mod primes and elliptic curve discrete logs” that are essential to encryption, IBD writes.

Quantum computers would likely not be available to regular users though. Even so, the NSA’s worries are warranted, as other nations’ intelligence agencies’ quantum computers could attempt to break into the USA’s various services that are connected to the Internet in one way or another.

The NSA is currently advising companies and government agencies to invest in quantum-resistant encryption that would prevent the computers of the future from breaking through security protocols. That kind of encryption would also be resistant to the NSA’s encryption-hacking powers, at least in theory.

“It is important to note that we aren’t asking vendors to stop implementing the Suite B algorithms [or 3072 bit RSA encryption, Advanced Encryption Standard (AES) 256 bit keys and Elliptic Curve P-384] and we aren’t asking our national security customers to stop using these algorithms,” the NSA said. “Rather, we want to give more flexibility to vendors and our customers in the present as we prepare for a quantum-safe future.”

More details about the NSA’s quantum-resistant encryption plans are available on the agency’s website, at this link.
http://bgr.com/2015/08/25/nsa-encryp...tum-computers/





Switzerland has Completed Construction On the World's Longest Tunnel
Graham Rapier

The Swiss Alps are an unforgiving landscape of rugged, rocky peaks and lush, green valleys. Connecting communities that would be otherwise isolated by the vast mountain range — including cultural and economic hubs like Zurich, Milan, and Turin — is no easy task.

Tunneling and track-laying for the 35-mile NEAT Gotthard Base Tunnel has been completed, making it officially the longest tunnel in the world, surpassing Japan’s 14.5-mile Seikan Tunnel.

Swiss authorities held a media day inside the tunnel August 24 to announce that the majority of technical work for the tunnel had been completed, Swiss newspaper TDG reports. Testing will begin October 1 in anticipation of the first passenger and freight trains in June 2016.
http://www.businessinsider.com/world...15-8?r=UK&IR=T





Comcast Planning Gigabit Cable for Entire US Territory in 2-3 Years

Customers outside Comcast's fiber footprint will still be able to buy a gigabit.
Jon Brodkin

While Comcast has started deploying 2Gbps fiber-to-the-home service to certain parts of its territory, much of its network is going to be stuck on cable for years to come.

But customers outside the fiber footprint will still be able to buy gigabit Internet service after Comcast upgrades to DOCSIS 3.1, a faster version of the Data Over Cable Service Interface Specification. Comcast said in April that DOCSIS 3.1 will be available to some of its customers in early 2016 and eventually across its whole US footprint. Last week, Comcast said it wants to complete the whole upgrade within two years.

"Our intent is to scale it through our footprint through 2016," Comcast VP of network architecture Robert Howald said in an interview with FierceCable. "We want to get it across the footprint very quickly... We're shooting for two years." It could take up to three years, the story said.

Comcast, the nation's largest Internet provider, with 22.5 million subscribers, operates in 39 states and Washington, DC.

The DOCSIS upgrades will require new modems in customer homes and back-end upgrades in cable plants. Unlike Comcast's symmetrical fiber service, upload speeds would be slower than download speeds. But 1Gbps downloads aren't the limit with DOCSIS 3.1, which can support up to 10Gbps downstream and 1Gbps upstream.

While Comcast's initial DOCSIS 3.1 rollout is expected to offer up to 1Gbps download speeds, Howald said the new standard "allows us to do that and higher."

The price will be high, of course. Comcast's 2Gbps fiber service costs $300 a month plus one-time installation and activation fees of up to $1,000. Comcast says it will build fiber to any home that's already within a third of a mile of its fiber network, but reports a few weeks ago from Stop the Cap and DSLReports suggest that some potential customers are having trouble signing up for the service.
http://arstechnica.com/business/2015...-in-2-3-years/





Ten ISPs Sign On With FCC Fund, Will Expand Rural Broadband To Over 7M Customers In 45 States
Kate Cox

While those of us who live in or near the country’s medium and large cities see slow but eventual improvements in broadband service and sometimes even some competition, the same is not true for millions of Americans who live in the more rural parts of the country. Running wires outside of the ‘burbs costs more money than it brings in, so carriers aren’t keen to do it without a boost. And that’s where the FCC’s Connect America fund comes in.

The Fund is a big pile of money that broadband carriers can tap into for funds to kickstart their own investments in bringing broadband to underserved rural markets. This week was the deadline for businesses to say if they’re going to take the money and participate or not, and the result is good news for consumers, 7.3 million of whom should be getting some service sometime soon.

The funds will be used in 45 states as well as the Northern Mariana Islands, a U.S. territory. (States without participating carriers include Alaska, Delaware, Maryland, Rhode Island, and Wyoming.)

The funding recurs annually, and so the total amount invested from the fund will be approximately $9 billion over the next six years.

“Today we are taking a significant step forward in narrowing the rural-urban digital divide,” FCC Chairman Tom Wheeler said in a statement. “Access to modern broadband is critical to life in today’s society. The financial support provided by American ratepayers through the Connect America program is an investment in the future of our rural communities that will pay dividends for all Americans for years to come.”

In the most recent Broadband Progress Report, the FCC found that when it comes to rural areas and tribal lands, broadband is, well, not progressing. Nearly a third of Americans in rural areas lack access even to 10 Mbps broadband, let alone the new 25 Mbps standard the FCC adopted with that report.

The businesses tapping the Connect America Fund have certain benchmarks to meet over the next five years, with a goal of having broadband built out to 100% of the funded locations by the end of 2020.
http://consumerist.com/2015/08/28/te...-in-45-states/





Why Gogo's Infuriatingly Expensive, Slow Internet Still Owns the Skies

“You’re Now Free to Complain About the Wi-Fi”
Sam Grobart

In the fall of 2008, Louis C.K. was a guest on Late Night with Conan O’Brien and delivered a soon-to-be-viral rant called “Everything’s Amazing and Nobody’s Happy.” It was about how we live in a time of mind-blowing technological achievement, and all we do is complain about it. His main source of amazement was—again, this was seven years ago—airplane Wi-Fi. He recounted his experience with it, how incredible it was to watch YouTube while soaring above the clouds, and how the network broke down minutes after passengers started using it. “The guy next to me says, ‘This is bulls---,” Louis tells O’Brien. “Like, how quickly the world owes him something he knew existed only 10 seconds ago!”

It’s a clip Michael Small knows well. “Oh sure,” he says. “That’s huge around here.” Small is the chief executive officer of Gogo, the largest in-flight Internet provider in the U.S. You might think an old comedy bit about in-flight Wi-Fi would be charmingly quaint; that most of the kinks would have been worked out by now and service would be fast and reliable. But you don’t think that. If you’ve flown for work on a major U.S. airline over the past five years, you’ve probably used Gogo, and “fast and reliable” are probably not how you’d describe it. More like “hell-sent and extortionate.”

Since pioneering the in-flight Internet business, Gogo has dominated, commanding about 80 percent of the market. And as often happens with near monopolies, Gogo has become a name people love to hate. “So, Gogo is officially a joke at this point, right?” is the title of a well-commented-on thread on the road warrior site FlyerTalk. “They’ve got a monopoly, and they just don’t care,” says pharmaceutical executive and frequent flyer Keith Lockwood. “Once you have it, it’s hard not to have it.”

Gogo hasn’t done itself any favors. Steadily increasing fees and deteriorating data speeds have further annoyed already cranky flyers. “The service is so unreliable at this point that I don’t get a good enough ROI to spend $60 a month to maybe be able to download my e-mails,” says health-care executive and former Gogo user Manuel Hernandez.

For years, customer perceptions that Gogo is basically Comcast at 35,000 feet didn’t hurt the company’s bottom line. Users were literally a captive audience, and if they didn’t like the service, too bad, read a book. But for the first time since that Louis C.K. rant, Gogo has some serious competition. At least two companies—ViaSat and Global Eagle Entertainment (GEE)—are encroaching on its airspace, winning business by offering faster, cheaper connections that use satellites instead of cell towers. Gogo is launching its own satellite system that should come online by the end of the year. “We’re going to create a great new future in aviation,” Small says. “And as long as we keep making progress, the customers are going to hang with us.”

“They’ve got a monopoly and they just don’t care”

In the late 1990s, Boeing began building a satellite network called Connexion that would provide Internet access on planes. The technology worked; people who tried it loved it; but Wi-Fi, even home Wi-Fi, was new and there wasn’t enough demand. Flights were still mostly downtime for business travelers—a few precious hours of unreachability. So the service muddled along, there for the taking but mostly unwanted, like a seat-pocket copy of SkyMall. Then came the airline industry collapse following Sept. 11. Boeing shut Connexion down in 2006.

Gogo, which started that same year, had much better timing. It’s spent almost $1 billion developing onboard equipment and a network of transmission towers across North America. Back then, travelers in business class who needed to work used laptops or occasionally BlackBerrys or Palm Treos. A year later the iPhone arrived, and data-hungry smartphones soon became more or less a human appendage.

By 2008 it was clear that any airline worth its wings needed to offer some kind of in-flight connectivity, fast. Gogo had the cell towers and the FAA-approved onboard antennas and servers to make it happen. “Airlines didn’t want to do this organically,” says industry analyst George Hamlin. “Here comes somebody with a system in place, and you had to have it or people would leave.”

The first airline to sign up was American, which added the service to its transcontinental routes. With no competition to speak of, Gogo quickly expanded to Delta, United, Virgin America, Alaska Air, and Air Canada. Today, the company provides service on more than 2,000 commercial aircraft. It employs almost 900 people and had revenue of $409 million in 2014, up almost 25 percent from the previous year.

But demand for in-flight wireless has far outpaced capacity. Gogo’s CEO isn’t ignorant of customer dissatisfaction. “One of the reasons we get a bad rap out there sometimes is people compare what we do in the sky to the ground and just wonder why isn’t it the same,” Small says.

What Gogo does in the sky is, indeed, different from what wireless companies do on terra firma. It uses an air-to-ground system that functions similarly to traditional cell service, but its radio towers point up, not down. Gogo’s towers are anywhere from 50 to 200 feet tall and can be located in rather remote locations, such as atop peaks in the Rocky Mountains or deep in the Alaskan tundra. The tower signal is received by a device on the plane’s belly that looks a bit like those antennas you used to see on stretch limos. The signal is routed to an onboard server about the size of an old-fashioned tower PC and then continues to the cabin.

Gogo has to design much of its hardware. “The scale is low,” Small says. “There are only 40,000 planes in the whole world.” That means there isn’t a constellation of Lucents and Huaweis churning out new and improved airborne wireless equipment. “There is nothing off-the-shelf. Everything is custom,” says Anand Chari, Gogo’s chief technology officer. “People have made either hundreds, or at most a few thousand, of those, and that’s it.”

Gogo can provide a plane with as much as 10 megabits per second of connectivity, which is about half the average download speed on Verizon’s 4G network. Only one-third of Gogo-equipped planes, however, have the hardware to reach even that speed. The rest top out at 3 Mbps. And the signal is shared among all the passengers, so the more people using it, the more bogged down the service gets.

To balance this demand-speed trade-off, the company has focused on what consultants and B-school professors call price optimization. From its Chicago headquarters, Gogo is constantly analyzing usage—how many passengers are logged on and how much data they’re consuming—to come up with dynamic pricing that acts as a kind of capacity regulator. For example, Gogo charges more on a flight from New York to San Francisco (typically about $33) than it does on a flight from Detroit to Miami ($10). JFK-SFO is full of business travelers who want to be connected much more than passengers on the other flight, who are probably on their way to the beach and just want their kids to shut up and watch a movie. Prices also differ depending on the day of the week—Mondays and Thursdays cost more: Fly from New York to San Francisco on those days, and it will cost you $40 (you can save money on Saturdays, when the price drops to $28).

The practice is like the surge pricing used by Uber. It may make perfect logical sense—varying the price of a scarce resource according to demand—but it hardly wins the hearts and minds of noneconomists. More to the point, people who use Uber usually have options: a yellow taxi, the subway, walking. If you’re on a Delta or American flight, it’s Gogo or no go. “The airlines have plenty of choices,” says Andrew De Gasperi, an analyst at Macquarie Group. “It’s just that the passenger, who is the one who uses it, does not.”

Gogo differs from Uber in another way. While the taxi app’s surge prices tamp down demand, thus preventing the service from becoming overloaded, they also encourage idle drivers to hit the streets and increase capacity. When Gogo charges more, capacity doesn’t improve. “They’re participating in something we like to call ‘incremental value capture’ without also offering a better service,” says Frances Frei, a professor at Harvard Business School. “If I’m going to raise your rates, I also have to give you a better value proposition.”

Gogo has gotten away with these pricing games, because its main demographic, business travelers, are so price-insensitive. For them, staying connected is a necessity, not a luxury, and they tend to be on expense accounts, so it’s someone else’s dime. Also, these passengers are usually not bandwidth hogs. “The business traveler is working on a PowerPoint or a spreadsheet locally and sending e-mails,” says analyst Tim Farrar of TMF Associates, a consulting and research firm that focuses on mobile data services. “He’s not using it as intensively as a leisure traveler who wants to surf the Internet.”

Only 7 percent of passengers on an average flight use Gogo, according to the company. That’s still too many if you’re a user with a corporate American Express card and some Google Docs to work on. In a perverse logic, these customers would actually be better served if Gogo cost more, driving out the teenagers in Row 37 posting selfies on Instagram.

Earlier this year the company raised the price of its all-airline monthly pass from $45 to $60. Many customers complained, but so far it’s working. In Gogo’s latest quarterly financial filing, average revenue per aircraft was up 13 percent from 2014, “driven primarily by connectivity service price increases,” the report said. Farrar says: “They’ve found that there really isn’t much limit to what people are willing to pay if they have to get work done on the plane.”

While Gogo manages demand, it’s working on supply, too. Toward the end of this year, the company plans to roll out its 2Ku satellite-based service. The network will reach about 70 Mbps per plane at the outset and possibly be as fast as 100 Mbps in the near future. It will also be available over oceans and wherever else Gogo can’t put towers, which means the company will be able to go after intercontinental routes.

“There really isn’t much limit to what people are willing to pay if they have to get work done on the plane”
Gogo’s two main competitors, ViaSat and GEE, use satellites exclusively for customers such as JetBlue and Southwest. Both services have faster connections and lower prices, yet neither has dented Gogo’s dominance. That’s mainly because Gogo did a good job early on of locking up airlines into decade-long contracts. Gogo will install and maintain the equipment across a fleet for 10 years and share the Wi-Fi fees with the airline. As soon as the contracts are signed, hardware lock-in takes hold. Gogo (and ViaSat and GEE) equipment is proprietary, so switching providers means switching servers and antennas and everything else. “Once something is installed on the plane, it’s very hard to change it out,” Macquarie’s De Gasperi says. “For someone to install something and then decide a few years down the line, ‘You know what? I don’t really like it anymore,’ that would involve probably days or a week of that aircraft not flying. Aircraft lose money when they’re on the ground.”

ViaSat and GEE haven’t only been different from Gogo technologically but also in how they sell their services. Gogo charges passengers directly and then cuts a check to the airline for about 20 percent of that revenue. With ViaSat and GEE, the airline writes them a check for their service, the same way it may pay a caterer for food or a fuel company for tanker trucks of Jet A. Once the in-flight Internet is up and running, it’s the airline’s decision what to charge, if anything.

ViaSat CEO Mark Dankberg thinks the best way to sidestep customer rage is to eliminate the transaction altogether. The company’s basic service, which is capable of streaming video, is free for JetBlue customers—the fee’s already been baked into the fare (for heavier uses, a premium tier is available for $9 an hour). For Dankberg, the key isn’t dickering with prices, but eliminating the friction required for customers to get online. “It almost doesn’t matter what you charge,” he says. “Just people having to use their credit card is what the big issue is.” He’s proud to point out that more than 40 percent of JetBlue passengers use his service, compared with Gogo’s single-digit take rate.

What it comes down to is whether an airline views Wi-Fi as a source of revenue or as a perk. It’s not a purely philosophical choice. “I think there are some airlines that can’t afford to invest significant amounts, and therefore they like getting a check every month from Gogo,” Farrar says. “Remember,” he adds, “this is an industry that can’t afford to give too many bags of peanuts away or full cans of Coke.”

Contracts may be long-term and the hardware locked in, but as the wise man once said, nothing is forever in in-flight connectivity. ViaSat just signed a 10-aircraft deal with Virgin America for Hawaii flights. And there’s the all-too-imaginable scenario of some other technology coming along and upending Gogo and the rest of the industry. “If you truly believe your position in the market is impenetrable, then treat your customers like s--- and gouge them,” Harvard’s Frei says. “But I’ve seen very few organizations that get away with customers hating them.”
http://www.bloomberg.com/features/20...less-internet/





Virgin Media to 'Take a Punt' on Free London WiFi Network

Virgin Media is close to launching a free public WiFi scheme in London that will challenge BT’s Openzone network, which charges for access.
Christopher Williams

The firm’s chief executive Neil Berkett told investors that it was in “quite advanced negotiations” with London councils over the plans and said he was optimistic the rollout would begin “in the not too distant future”.

“The proposition would be that we would provide free Wifi access for all,” he said.

Virgin Media’s WiFi network will be freely available to anyone at 0.5Mbps, and to its home broadband subscribers at up to 10Mbps.

The approach contrasts with BT’s extensive Openzone network, which although free to BT broadband customers, is charged at as much as £5.99 for 90 minutes’ browsing.

Mr Berkett described the plans as “a punt” that will cost Virgin Media “a few million pounds” and will “keep them [BT] honest”.

“It is part of our ethos of advancing digital lifestyles,” he said.

He said that 3G mobile broadband networks were not satisfying consumers’ demands for data on the move and suggested that the few years’ delay expected before 4G networks and devices are widely available left a gap in them market.

“The gap that is increasingly occurring between consumers’ need for data outsidfe the home and what they can get on 3G,” said Mr Berkett, adding that Virgin Media might wholesale the faster level of access to mobile networks.

The firm’s interest in public WiFi was first revealed in Novemeber, when its director of advanced technology said virgin media had been "inspired” by a scheme launched by the United States cable network Cablevision. It covered New York with WiFi at a time when American 3G networks were struggling to cope with the smartphone boom.

Virgin Media plans to install WiFi routers in its existing infrastructure, including the street-side cabinets that distribute its cable network into home. The talks with councils are focused on gaining permission for the necessary works.
http://www.telegraph.co.uk/technolog...i-network.html





AT&T Hotspots: Now with Advertising Injection
Jonathan Mayer

While traveling through Dulles Airport last week, I noticed an Internet oddity. The nearby AT&T hotspot was fairly fast—that was a pleasant surprise.

But the web had sprouted ads. Lots of them, in places they didn’t belong.

Last I checked, Stanford doesn’t hawk fashion accessories or telecom service.1 And it definitely doesn’t run obnoxious ads that compel you to wait.

Some ad-supported websites, like the Wall Street Journal, were also emblazoned with extra marketing material.

Same goes for certain federal government websites.

Curious, and waiting on a delayed flight, I started poking through web source. It took little time to spot the culprit: AT&T’s wifi hotspot was tampering with HTTP traffic.

The ad injection platform appears to be a service from RaGaPa, a small startup. Their video pitch features “MONETIZE YOUR NETWORK” over cascading dollar signs. (Seriously.)

When an HTML page loads over HTTP, the hotspot makes three edits. (HTTPS traffic is immune, since it’s end-to-end secure.)

First, the hotspot adds an advertising stylesheet.

<head><link rel="stylesheet" type="text/css" href="http://adapi.ragapa.com/v1/rgp-location-layout-css?id=att-rrna-07252015">

Next, it injects a backup advertisement, in case a browser doesn’t support JavaScript. It appears that the hotspot intercepts /ragapa URLs and resolves them to advertising images.2

<body><noscript><div id='ragapatop' name='ragapatop'><img src='/ragapa?ragapanoscript=2811' height='65px' /></div></noscript>

Finally, the hotspot adds a pair of scripts for controlling advertisement loading and display.

<script type="text/javascript" src="http://adapi.ragapa.com/v1/rgp-location-layout-html?id=att-rrna-07252015"></script><script type="text/javascript" src="http://adapi.ragapa.com/v1/rgp-location-layout?id=att-rrna-07252015"></script></body>
</html>

Those scripts, in turn, import advertising content from additional third-party providers.

AT&T has an (understandable) incentive to seek consumer-side income from its free wifi service, but this model of advertising injection is particularly unsavory. Among other drawbacks: It exposes much of the user’s browsing activity to an undisclosed and untrusted business. It clutters the user’s web browsing experience. It tarnishes carefully crafted online brands and content, especially because the ads are not clearly marked as part of the hotspot service.3 And it introduces security and breakage risks, since website developers generally don’t plan for extra scripts and layout elements.

Recent experience with advertisement injection is telling. When a Marriott property was spotted deploying similar technology, it immediately reversed course. The handful of U.S. ISPs that have dabbled in advertising injection appear to have backed off. Earlier this year, Google conducted a comprehensive study of advertising injection, and yanked nearly 200 misleading extensions from the Chrome Web Store. The closest common practice, to my knowledge, is injecting hotspot status indicators—and that’s also proven extraordinarily controversial.

The legality of hotspot advertising injection is a messy subject. There are a number of colorable arguments against, including under the FCC’s net neutrality rules,4 the FTC’s unfairness and deception authorities (and state parallels),5 wiretapping statutes,6 pen register statutes, tortious interference, copyright, and more. It certainly doesn’t help AT&T and RaGaPa that the ads aren’t labeled as associated with the hotspot, and that AT&T’s wifi terms of service are silent about advertising injection.7

Regardless of where the law is, AT&T should immediately stop this practice. And if websites needed (yet another) reason to adopt HTTPS, here’s a good one.
http://webpolicy.org/2015/08/25/att-...ing-injection/





Wi-Fi Aware: What’s It About, And How Can You Use It?
Joel Lee

Can you imagine what life would be like without Wi-Fi? Everything is wireless these days, and we’ve evolved so far beyond the point of being hardwired that cables almost feel primitive. Wi-Fi was truly a revolutionary step forward, and it just got even better.

This new development has been dubbed Wi-Fi Aware and is set to change the way we live. It’ll be a while before we really start seeing the benefits play out, but the future is close enough that we should be preparing ourselves for what’s to come.

What is Wi-Fi Aware and how does it affect you? Let’s find out.

Wi-Fi Aware: For Your Convenience

Wi-Fi Aware, sometimes shortened to just Aware, is the culmination of a lot of research and development by some of the biggest companies around the world. We’re talking Microsoft, Apple, Samsung, Cisco, and all the other participating members of the Wi-Fi Alliance.

The basic idea behind Wi-Fi Aware is that devices and applications will automatically be able to discover and communicate with each other based on proximity alone — and because these connections are performed internally over Wi-Fi, no cellular data or Internet bandwidth will be wasted.

Here’s how it works: Wi-Fi Aware devices can act as publishers, subscribers, or both. Publisher devices persistently broadcast a signal that indicates permission to connect. Subscriber devices persistently search for publishers, and when found, will initiate a connection request.

Users will be able to toggle Wi-Fi Aware functionality on the fly.

It’s a refined example of the Internet of Things, an idea that describes a network of interconnected devices where all the devices are constantly sending information back and forth without any human involvement.

Comparisons have been made between Wi-Fi Aware and Apple’s iBeacon, which was a different proximity-based network that used low energy Bluetooth instead of Wi-Fi. iBeacon never really fulfilled the hype surrounding it, but Wi-Fi Aware seems like it might have more success.

The Pros and Cons of Wi-Fi Aware

Because Wi-Fi Aware is so new, it’s hard to say with certainty just how exactly it’s going play out, but we can take cues from other similar experiments — both successes and failures — to speculate on the pros and cons of Wi-Fi Aware.

The first thought that pops up, at least in my mind, is the growing popularity of smart home automation. Smart home products rely on device interconnectivity to accomplish a lot of what they do, and smart homes are quite convenient. How much better could they be with a standardized protocol like Wi-Fi Aware?

Another commonly-cited use case is when you’re at a shopping mall. Imagine walking along and being notified of nearby sales at your favorite stores. Or if it’s really crowded (such as when shopping during Black Friday), Wi-Fi Aware could help pinpoint the location of lost friends and family.

Speaking of crowds, let’s say you’re traveling through the bustling streets of New York City. Wouldn’t it be great if your phone alerted you to say that an old friend is sitting on a bench just a few meters behind you? With Wi-Fi Aware, the possibilities are limitless.

But it’s not perfect.

One huge concern is battery life. Despite the fact that the Wi-Fi Alliance’s President has already claimed that Wi-Fi Aware is power efficient — even more efficient than traditional Wi-Fi — it’s undeniable that any Wi-Fi Aware device will use more energy than a device without Wi-Fi Aware.

Again, it’s too early to know for sure, but unless the battery consumption of Wi-Fi Aware is next to negligible, it’s going to be problematic. Users are already scrambling for ways to improve laptop battery life and prolong smartphone battery life. This may end up being yet another battery drain.

Security is another big concern. Although the Internet of Things is great in theory, which makes Wi-Fi Aware great in theory by extension, we’ve already seen that it’s vulnerable to security exploits and attacks. With so much interconnectivity, it’d be naïve to think that there won’t be any loopholes to exploit.

And then we have security’s little brother, privacy. Sure, Wi-Fi Aware can supposedly be toggled on and off by the user, but how long will it be before Wi-Fi Aware — like Wi-Fi — is so engrained in culture that you can’t turn it off? How much information will you end up giving away? And how will that information be used against you?

What’s the Bottom Line?

Look closely and you’ll see a trend over the past decade in modern technology: a trade-off between security and privacy for convenience and novelty. Wi-Fi Aware is just another data point in that pattern and fits in perfectly.

There’s no doubt that Wi-Fi Aware is going to result in some really cool applications and products, and you’ll probably be able to start experiencing these new developments sooner rather than later.

But if you care at all about security or privacy, do not be an early adopter. Wait. Be patient for a few years. See if any big exploits hit the scene. Worst case scenario, Wi-Fi Aware ends up being a passing fad and you miss out on nothing important. Best case, you save yourself a lot of headache.
http://www.makeuseof.com/tag/wi-fi-aware-whats-can-use/





Save WiFi/Individual Comments

Right now, the FCC is considering a proposal to require manufacturers to lock down computing devices (routers, PCs, phones) to prevent modification if they have a "modular wireless radio" or a device with an "electronic label". The rules would likely:

• Restrict installation of alternative operating systems on your PC, like GNU/Linux, OpenBSD, FreeBSD, etc.
• Prevent research into advanced wireless technologies, like mesh networking and bufferbloat fixes
• Ban installation of custom firmware on your Android phone
• Discourage the development of alternative free and open source WiFi firmware, like OpenWrt
• Infringe upon the ability of amateur radio operators to create high powered mesh networks to assist emergency personnel in a disaster.
• Prevent resellers from installing firmware on routers, such as for retail WiFi hotspots or VPNs, without agreeing to any condition a manufacturer so chooses.

Take Action Now!

The FCC is asking for comments on this proposal. The most important thing you can do is comment on the FCC's proposal and tell them you want to be able to control your computing devices. Will you do this?

Comment deadline extended to October 9.

Instructions:

1. Go to the Federal Register and press "Submit a formal comment"
2. Start your comment by respectfully asking the FCC to not implement rules that take away the ability of users to install the software of their choosing on their computing devices. Additional points of emphasis you should consider adding:
• Wireless networking research depends on the ability of researchers to investigate and modify their devices.
• Americans need the ability to fix security holes in their devices when the manufacturer chooses to not do so.
• Users have in the past fixed serious bugs in their wifi drivers, which would be banned under the NPRM.
• Billions of dollars of commerce, such as secure wifi vendors, retail hotspot vendors, depends on the ability of users and companies to install the software of their choosing.
3. Enter your name and address. This is a public comment and your personal information provided will be publicly available.

Once you've submitted your comment, make sure to encourage others to submit comments opposing these restrictions on computing devices. Use the #SaveWifi hashtag on Twitter or your favorite microblogging services.

Additionally, if you'd like to further get involved, please join the mailing list, fcc@lists.prplfoundation.org, by visiting http://lists.prplfoundation.org/cgi-...n/listinfo/fcc.
https://libreplanet.org/wiki/Save_Wi...idual_Comments





Malware Menaces Poison Ads as Google, Yahoo! Look Away

Booming attack vector offers mass malware distribution, stealthy targeting
Darren Pauli

Feature Online advertising has become an increasingly potent threat to end-user security on the internet. More hackers than ever are targeting the internet's money engine, using it as a powerful attack vector to hide exploits and compromise huge numbers of victims.

Malvertising, as poisoned ads are known, is as deadly as it is diverse. Hackers are able to poison advertisements with the world's most capable exploit kits, then pay to have it served on a large number of prominent websites. Up to half of users exposed to the very worst forms of malvertising fall victim, yet tracking the attacks is often tricky. Advertisements are dynamic and served only to certain users, on certain websites, in certain conditions, making attacks difficult to study.

Ads as an attack vector was identified in 2007 when security responders began receiving reports of malware hitting user machines as victims viewed online advertisements. By year's end William Salusky of the SANS Internet Storms Centre had concocted a name for the attacks.

Since then malvertising has exploded. This year it increased by more than 260 percent on the previous year, with some 450,000 malicious ads reported in the first six months alone, according to numbers by RiskIQ. Last year, security firm Cyphort found a 300 percent increase in malvertising. In 2013, the Online Trust Alliance logged a more than 200 percent increase in malvertising incidents compared to 2012, serving some 12.4 billion malvertisement impressions.

It is a scourge that, according to malvertising research, will inflict up to US$1 billion in damages this year, making the threat difficult to overstate. June was at the time the worst month for malvertising in history. The record was usurped the next month. Now some researchers say August might be next.

The threat, coupled with privacy concerns, is driving users to block ads. PageFair statistics indicate some 198 million users operate ad blocking software, up by 41 percent globally since last year, and digging a $22 billion hole in the online ad industry.

"Malvertising is one of the biggest vectors for mass compromise out there," says Jason Schultz, technical leader of Cisco's Talos threat research team. "There is not much vetting (of ad buyers) going on at all, and unfortunately the big sites are displaying these ads."

The pitch

Malvertising is a parasite that feeds on the popularity and trust of big-name websites, notably news publications. Advertising on these big-name web assets offers malvertisers the means to attack masses of unsuspecting people who otherwise avoid or are suspicious of less popular sites. The compromise is almost always immediate and invisible to victims and admins.

Much of it takes place when legitimate websites, often those carrying news or featuring pornography, load a third-party banner that an attacker has bought through an ad network or exchange. That ad contains some malcode that redirects visitors who receive it to a malicious landing page that executes various exploits tailored to the user's system. It establishes a beachhead through which payloads like bank trojans, bots, and ransomware are pushed.

The ad machine also offers easy access for criminals, who, thanks to the fast-moving nature of the advertising machine, appear indistinguishable from legitimate customers. In this marketplace, attackers reside in the lawless bottom tier where traffic, or inventory, is sold and re-sold off to buyers wanting to post their ads.

Moreover, the malvertising can be targeted to specific victims using the same features that legitimate advertisers use to hit users interested in the kinds of products they sell. This means criminals can target government IT shops looking for extended Windows support, or defence contractors seeking state tenders.

This buying and selling happens in real-time advertising exchanges, where anyone with the cash can pay to play. Once an attacker buys an advertisement, their artwork can be served to targeted users on specific websites as part of the deal. An attacker's ads may contain malicious redirects, exploit kits, or Adobe Flash exploits at the point of sale – or it may be introduced later.

"Malvertising can be hard to measure because so many attacks go undetected," says Jerome Segura (@jeromesegura), senior security researcher at California-based MalwareBytes. "This is due to the fact that malicious actors are extremely agile and stealthy."
The malvertisements too are dynamic, meaning only some visitors to a site are exposed, which makes reproducing attacks difficult. Schultz says Flash advertisements are "basically miniature programs," meaning that the bad bits of an ad can be turned on once it is showing on a big-name site without triggering alarms, unless those analysing the artwork are really good at disassembling. Coupled with targeted advertising, attackers have "the ultimate flexibility in infecting who they want to infect and serving the exploit that matches a victim's system".

Poisoned ads are a natural progression for net villains in search of a means for mass distribution of payload, according to Nick Bilogorskiy (@belogor), security research director of California-based Cyphort. "Unlike worms' peer-to-peer viral approach, malvertising follows the one-to-many client-server approach, [where] attackers infect one advertising network and reach hundreds of websites that load ads from it, and millions of visitors to each of those websites," Bilogorskiy says. "And they don't even need to hijack or compromise the ad network – only need to buy an ad and obfuscate the malicious nature of the ad until it is reviewed by the ad censors."

Here hackers have many tricks to conceal their advertisements, according to the accomplished security boffin. These include enabling the malicious payload after a delay, serving the exploits to every fifth or so user, verifying user agent strings and IP addresses before delivering the exploit, and using SSL for redirection to frustrate efforts to follow attacker footsteps.

Fire sale

The industry's top malvertising experts are unanimous: For all intents and purposes, advertising companies have no idea who is buying their ads, and they make what amounts to no attempt to understand their customers. In an industry that moves fast and operates on tight margins, whitelisting and security checks seem costly and unwanted speed bumps.

The two biggest online advertising organisations, Google and Yahoo!, did not respond to a request by Vulture South for comment after initially flagging interest in interviews.

Craig Spiezle (@craigspi) has spent a career in the advertising and marketing business, most recently as product privacy and security-focused product director with Microsoft, before joining the Online Trust Alliance as president. He paints a picture of an advertising sector that has lost control of its ability to know its ad space buyers, since moving from intimate discussion between client and customer to an automatic and instantaneous online machine.

"There is no friction or circuit breaker to vet the ads. It wasn't that long ago that you would come to me on a first-party basis, and we would take pixels, and now there is no insight anymore, and the publishers have no impact on this because they need to take ads to stay in business," says Spiezle.

And this opaqueness leads to reoffending, Bilogorskiy says, noting that more than a third of malvertising-affected websites are re-offenders, which implies that advertising companies lack an "effective proactive prevention solution" to the problem.

For its part, Google has pushed its Safe Browsing initiative, born in 2006, that it badges as a user's often "last line of defence". It is tasked with stopping Chrome users from being hit with malware served by ad injectors and "ad networks lacking strict quality guidelines", but makes no note of attacks made through its flagship DoubleClick platform.

Bilogorskiy says AOL is another big ad network name he sees exploited in the malvertising game, operating a network reaching 199 million unique visitors a month and a whopping 88.8 percent of US internet users.

Meanwhile, ad giants have joined forces to protect their revenue under the Trustworthy Accountability Group to better blacklist robot web crawlers that generate fake banner clicks.

The biggest-name news websites and web properties have been hosed: The New York Times, Reuters, Yahoo!, and Bloomberg are just a few. Yahoo! and Google's fragile ad networks have also seen their news and YouTube assets popped.

This month, Australian telco Telstra was found serving exploit kits through malvertising, while industry sources say in unconfirmed reports that Foxtel was last week doing the same.

News sites are so vulnerable because they tend to pull in and display a lot of un-vetted third-party content. Browser script blockers register up to 30 of these sources, of which only a few are required for the sites to run. Any of these has the potential capability to hose visitors.

The most capable malvertisers foist exploit kits like Angler and Nuclear, which identify the best vulnerabilities – from Adobe Flash to Internet Explorer – to compromise website visitors. Cisco says (PDF) 40 percent of users who encounter these exploit kits are compromised by them.

Angler’s "success" can be attributed partly to its simple but well-constructed web landing pages. Cisco researchers suggest that the exploit kit’s authors may be relying on data science to create computer-generated landing pages that resemble normal webpages and easily dupe users.

It is difficult to pick a winner for the most damaging malvertising case, but Yahoo!'s malvertising breach this month had the potential to expose any of the site's pool of 6.9 billion monthly visitors.

Earlier this month the Huffington Post was, for at least the fourth time this year, hit with malvertising that redirected users to exploit kits in an attack launched through AOL's adtech.de ad platform.

In July, a malvertising campaign potentially netted some 10 million visitors in 10 days with attacks across popular Asian web sites. Those attacks were also launched through adtech.de.

These examples are very much a drop in the ocean of attacks. Readers looking for further evidence of the carnage should search the web for malvertising attacks over the last six, twelve, and 24 months to see what is surely the tip of the iceberg of publicly-reported malvertising breaches.

However users do not have to be completely hacked in order for criminals to make bank. Cisco this year was surprised by what it says is an "extensive" operation involving professional and sophisticated code to foist browser add-ons onto users' machines by way of malvertising operations.

It also notes that adware is a popular piece of kit to foist as it generates illegitimate ads that like add-ons are harder to detect than exploit kits and bring in long-term money through pay-per-install and ad-click models.

Mad men

Malvertising campaigns are something criminal groups can keep in-house or pull off by paying outsiders. The service-based cyber-crime model is well-greased and allows for bad guys to pay niche experts for encryption, stolen traffic, and so on.

Independent French malware researcher Kafeine (@kafeine) points out operators on underground forums who are selling stolen traffic relating to malvertising with prices ranging from US$4000 for 100,000 multi-geographic hits (known in the marketplace as 'loads') to US$70 for 1000. By country, GrandClix sold United States traffic for the highest buck with US$500 for 1000 hits, and Australia and the United Kingdom attracting US$450 for the same amount.

Some groups do not need to outsource. "Depending on the individual case, some groups are almost owning the whole chain," Kaffeine says. "From the malvertising to the command and control of the malware loaded onto victims - they just rent the exploit kit slot."

Cisco's Schultz points out much the same, illustrating in March how one group had a "business relationship" with malvertising redirectors who offered the necessary traffic for the criminals to foist and fund their pay-per-install malware.

Both Kafeine, a skilled anti-cyber crime boffin, and Patrick Belcher (@BelchSpeak), senior researcher for security firm Invincea, say a single actor, judging by its tools, tactics, and procedures, is behind the recent major malvertising attacks against Yahoo! and big news sites.

That actor known as Fessleak has popped Yahoo! News, Huffington Post, and AOL among dozens of others serving the Kovter malware and using various exploit kits. The Invincea man says the actor is a "lone wolf" focused mainly on bedep click-fraud or advertising fraud bots. "He buys ads for three bucks from an ad company and then defrauds them out of $1000s from ad fraud," he says.

Another group Belcher has yet to reveal is a Russian outfit called ISGroup and so dedicated it created an entire fake company website dedicated to solar energy to deliver a single convincing malvertisement which foists the Rovnix rootkit.

Google was one of the advertising companies that facilitated that attack. "The whole reason for the front company was to sneak past the vetters (ad networks)," he says.

Experts agree the sophistication of the attacks and the channels that allow criminals to pull it off are set to improve to take advantage of the huge profits on offer. For some $6000 of investment, the Mad Hatter found criminals can inflict more than US$500,000 in damages.

"..." – That's what big ad networks say about malvertising

The big ad networks are not talking, but they did in 2014 in a US Senate hearing chaired by one testy Republican John McCain. Google and Microsoft played down the malvertising threat which, then as now, was causing incalculable but immense online carnage.

They said malvertising was less of a threat than regular malware, and offered ultimately misleading metrics about how only a tiny percentage of ads are compromised, rather than the many thousands who are fully compromised when Google servers Angler on YouTube ads.

"Their (ad networks) defence is that 'this is a one percent problem and I don't want to design for it, 99 percent is good enough'," says Spiezle. "But one percent last year was over 15 billion impressions." The Online Trust Alliance formed the Advertising and Content Integrity Working Group to bring in the advertising players to help address the malvertising scourge, but it lacks interest from the big players.

"The challenge is in all candour that the big dominant players aren't willing to come to the table and will contend that they have the problem under control," Spiezle says. "These are the Yahoo!s and Googles of the world, and the impactful trade organisations." Ad networks and exchanges do not have the problem under control, according to Spiezle, and they do not know who their advertisers are, nor what code they are submitting. "Everyone says it's not their fault. The system has a lack of accountability."

Some US researchers believe members of the US Congress already savvy with the malvertising menace are likely to propose legislation to regulate the online advertising industry which they say is an unfortunate but ultimately necessary move when self-regulation fails.

"Unfortunately, there appears to be a lack of transparency within the largest advertising platforms," says one accomplished security pro on the condition of anonymity. "The cause is multi-faceted, but a systematic issue is that there are so many resellers within these advertising networks and no one has basic information on the end customer submitting the ads."

The criticisms are sentiments echoed by many experts interviewed for this story; citing the small number of bad ads is fact-fudging because in the wash those bad ads can reach easily 100,000 users in a day.

"Google has something like 3.5 billion searches a day, so what's one percent of that?" says Cisco's Schultz. "That's a lot of damage in a short amount of time. There is a big issue of trust because people's guard is already down."

Abhinav Singh (@abhinavbom) is a threat researcher formerly with Symantec and now at a major investment bank. The fraud and malware boffin joins the chorus of criticism against advertising networks for failing to implement proper security sanitisation checks of advertisement code. "It is the ad networks that are to blame," says Singh. "Their lack of sanitisation checks and security controls allows attackers to inject rogue ads and malicious code in order to convert an ad into a weapon."

Some networks will buddy-up with malvertisers, Singh says, to cash in on lucrative malvertising opportunities. "So its the responsibility of the ad channel owners to protect the rights of the users."

While the ad networks have kept mum, experts are full of recommendations. While the source of the crime points irrefutably to ad networks, big and small, website owners have a part to play in reducing or vetting the sources of content that display on their sites. The Register for its part goes to some length to pull ads from reputable entities.

MalwareBytes' Segura says ad networks need to implement more stringent security and validation measures like extending probation periods for new advertisers to trusted companies, while patching remains a perennial problem in allowing attacks to occur.

"Some of the biggest cases we have seen in the past have involved duping an advertiser that the ad network had already vetted," he says. "Also, another crucial aspect is ad networks' response time to minimise the impact on end users [which] is especially true for rogue advertisers that use a crash-and-burn approach where they know they will get caught and are trying to get as many impressions as they can before it happens."

The increasing deployment of secure sockets layer across ad networks will serve to complicate analysis for researchers to determine the source of attacks in what Segura sees as a "huge issue in the near future".

The unanimity of opinion continues. "Everyone is partly to blame," says Bilogorskiy. "Popular websites still using ads exchanges for monetisation, ignoring the risk to their users. Ad exchanges pass the blame onto other entities in the ad food chain , like ad networks. Ad networks are not filtering their ad creatives completely. Users do not secure their browsers , do not patch their systems and still use broken technologies from the 1990s like Java and Flash. Browsers do not yet disable all of these technologies by default for 'good user experience'."

For Schultz, and others, publishers have a part to play beyond poking fingers at the third party ad networks who they allow to display content on their sites, for good or ill. "You can't have it both ways. Some sites are loading third party content from maybe 50 domains and any one of these could load malicious JavaScript."

They say the use of so many and untrusted third parties for big sites needs to end. Some Schultz says should vet and load content from their own domain.

Crisis meeting

Experts recommend users run advertising or script blockers to prevent random redirection from malvertising. "Advertisers are really going to hate to hear this but blocking advertising for user protection is a really effective way of blocking malvertising," Schultz says.

Users can use script blockers or ad blockers to reduce their exposure. This reporter has anecdotal evidence that many in the industry run the likes of Ad-Block for security purposes. The scourge is so bad that Cisco's Schultz and the rest of the TALOS team recommend the blockers as a security measure. Schultz personally recommends Request Policy for Firefox users.

For Spiezle, advertising networks need to introduce a kind of fast-track ciricuit breaker system akin to the US' Trusted Traveller for air travel where indicators that reveal advertiser's identity are used to establish trust. These trusted advertisers would be known suppliers of legitimate advertisements and such would enjoy the current speed and flexibility of the ad marketplace. "Those who are not known, the company might have a new gmail and IP address, would be subject manual review.

He says trusted advertisers could still be used to foist malvertisements by insiders, but those threats are miniscule compared to the current threat. A continual rise in ad blocking adoption, which increased by 82 percent last year in the UK to include 12 million users, could be the prompting ad networks need to invest and change their business models, he says.

"I implore the advertising industry to work with us. Demonstrate that you are making sincere efforts to fight malvertising and work with the broader security community."

Bootnote The advertising systems that Google and the like have built are sophisticated systems that enable advertisements to be so dynamic that they target specific users on the sites they visit and for the things they buy, bringing what remains an advertising revenue trickle from the then golden age of print.

Therefore the need to block advertisements in the name of security is in your correspondent’s loaded and conflicted opinion (I run script blockers myself) an unfortunate solution to the growing scourge of malvertising. Ads on websites and mobile apps are like those on free-to-air television important alternatives for consumers who cannot or do not wish to pay access fees for quality content. Blocking that source of revenue as a permanent solution only throws fuel on the already raging fire.
http://www.theregister.co.uk/2015/08...ising_feature/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

August 22nd, August 15th, August 8th, August 1st

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 06:47 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)