Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Feds Walk Into a Building, Demand Everyone's Fingerprints To Open Phones ( 187

An anonymous Slashdot reader quotes the Daily Herald: Investigators in Lancaster, California, were granted a search warrant last May with a scope that allowed them to force anyone inside the premises at the time of search to open up their phones via fingerprint recognition, Forbes reported Sunday. The government argued that this did not violate the citizens' Fifth Amendment protection against self incrimination because no actual passcode was handed over to authorities...

"I was frankly a bit shocked," said Andrew Crocker, a staff attorney at the Electronic Frontier Foundation, when he learned about the scope of search warrant. "As far as I know, this warrant application was unprecedented"... He also described requiring phones to be unlocked via fingerprint, which does not technically count as handing over a self-incriminating password, as a "clever end-run" around constitutional rights.


Firefox Users Reach HTTPS Encryption Milestone ( 63

For the first time ever, secure HTTPS encryption was used for over half the pageloads served to Mozilla users, representing a big milestone for encryption. TechCrunch reports on the telemetry data tweeted by the Head of Let's Encrypt: Mozilla, which is one of the organizations backing Let's Encrypt, was reporting that 40% of page views were encrypted as of December 2015. So it's an impressively speedy rise...

The Let's Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to [co-founder Josh] Aas, Let's Encrypt added more than a million new active certificates in the past week -- which is also a significant step up. In the initiative's first six months (when still in beta) it only issued around 1.7 million certificates in all.

The "50% HTTPS" figure is just a one-day snapshot, and it's from "only a subset of Firefox users who are running Mozilla's telemetry browser...not default switched on for most Firefox users (only for users of pre-release Firefox builds)." But the biggest caveat is it's only counting Firefox users, which in July represented just 7.7% of web surfers (according to Statista), behind both Chrome (49.5%) and Safari (13.68%) -- but also ahead of Internet Explorer (5.4%) and Opera (5.99%).
Electronic Frontier Foundation

EFF Co-Founder Announces Benefit Concert to Pay His Medical Bills ( 195

An anoymous Slashdot reader reports: "I was dead for about 8 mins. on Wed. eve," EFF co-founder John Perry Barlow posted last year on Facebook. "total cardiac arrest...sad to report, no Ascending Light." The cyber-rights activist told the San Francisco Chronicle that he had gone "down the tunnel of eternity and it turned out to be a cheap carnival ride." He paused for a moment. "Probably not cheap, though."

Yesterday Barlow posted a Twitter update announcing a big benefit concert in Mill Valley, California to help pay his mounting medical bills on Monday, October 24th. Performers will include Bob Weir (also of The Grateful Dead), Jerry Harrison (of The Talking Heads), Lukas Nelson, Members of The String Cheese Incident, Sean Lennon and Les Claypool, plus 85-year-old folk singer Ramblin' Jack Elliott, as well as "special guests."

Barlow's family describes the last 18 months as a "medical incarceration" with "a dizzying array of medical events and complications" that has depleted his savings and insurance benefits. They've also set up a site for donations from "his fellow innovators, artists, cowboys, and partners-in-crime, to help us provide the quality of care necessary for Barlow's recovery."

As Contradictions Mount, Experts Call For Declassification of Yahoo's Email-Scanning Order ( 50

An anonymous Slashdot reader writes: Look at this contradiction in the government's story about their secret scans on hundreds of millions of Yahoo emails. "Intelligence officials told Reuters that all Yahoo had to do was modify existing systems for stopping child pornography from being sent through its email or filtering spam messages." But three former Yahoo employee have now said that actually the court-ordered search "was done by a module attached to the Linux kernel -- in other words, it was deeply buried near the core of the email server operating system, far below where mail sorting was handled... They said that made it hard to detect and also made it hard to figure out what the program was doing."
Slashdot reader Trailrunner7 writes: Now, experts at the EFF and Sen. Ron Wyden say that the order served on Yahoo should be made public according to the text of a law passed last year. The USA Freedom Act is meant to declassify certain kinds of government orders, and the EFF says the Yahoo order fits neatly into the terms of the law. "If the reports about the Yahoo order are accurate -- including requiring the company to custom build new software to accomplish the scanning -- it's hard to imagine a better candidate for declassification and disclosure under Section 402," Aaron Mackey of the EFF said.

Senator Questions The Declassification Policies of America's National Intelligence Office ( 28

America spent $16 billion on classifying documents last year, and Senator Wyden argues the process is now "too unwieldy to be truly secure... over-classification prevents effective information sharing between agencies." An anonymous Slashdot reader quotes the Senator's new announcement: The Reducing Over-Classification Act of 2010 allows government agencies to pay cash awards to employees who accurately classify government documents consistently and avoid unnecessary over-classification of information that is not a threat to national security. In response to a Freedom of Information Act request by the EFF, the Office of the Director of National Intelligence said it could not locate any records about the criteria for awarding those incentives.

"Congress included this reverse the culture of unnecessary classification, reduce the volume of classified documents, and better protect the secrets whose disclosure would truly threaten national security," Wyden wrote [in a new letter to National Intelligence]. "I am concerned that federal agencies with the power to classify and declassify documents may not be taking advantage of these payment awards, and I believe doing so could benefit our national security."


HP To Issue 'Optional Firmware Update' Allowing 3rd-Party Ink ( 81

Soon after the Electronic Frontier Foundation (EFF) issued a letter to HP, calling for them to apologize to customers for releasing firmware that prevents the use of non-HP ink cartridges and refilled HP cartridges, the company has responded with a temporary solution. HP "will issue an optional firmware update that will remove the dynamic security feature" for certain OfficeJet printers. Ars Technica reports: HP made its announcement in a blog post titled "Dedicated to the best printing experience." "We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP," the company said. The recent firmware update for HP OfficeJet Pro, and OfficeJet Pro X printers "included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned," HP said. For customers who don't wish to be protected from the ability to buy less expensive ink cartridges, HP said it "will issue an optional firmware update that will remove the dynamic security feature. We expect the update to be ready within two weeks and will provide details here." This customer-friendly move may just be a one-time thing. HP said it will continue to use security features that "protect our IP including authentication methods that may prevent some third-party supplies from working." Without the optional firmware update, printers will only be able to use third-party ink cartridges that have an "original HP security chip," the company said.
Electronic Frontier Foundation

EFF Calls On HP To Disable Printer Ink Self-Destruct Sequence ( 250

HP should apologize to customers and restore the ability of printers to use third-party ink cartridges, the Electronic Frontier Foundation (EFF) said in a letter to the company's CEO yesterday. From an ArsTechnica report:HP has been sabotaging OfficeJet Pro printers with firmware that prevents use of non-HP ink cartridges and even HP cartridges that have been refilled, forcing customers to buy more expensive ink directly from HP. The self-destruct mechanism informs customers that their ink cartridges are "damaged" and must be replaced. "The software update that prevented the use of third-party ink was reportedly distributed in March, but this anti-feature itself wasn't activated until September," EFF Special Advisor Cory Doctorow wrote in a letter to HP Inc. CEO Dion Weisler. "That means that HP knew, for at least six months, that some of its customers were buying your products because they believed they were compatible with any manufacturer's ink, while you had already planted a countdown timer in their property that would take this feature away. Your customers will have replaced their existing printers, or made purchasing recommendations to friends who trusted them on this basis. They are now left with a less useful printer -- and possibly a stockpile of useless third-party ink cartridges."

Cops Are Raiding Homes of Innocent People Based Only On IP Addresses ( 241

Kashmir Hill has a fascinating story today on what can go wrong when you solely rely on IP address in a crime investigation -- also highlighting how often police resort to IP addresses. In the story she follows a crime investigation that led police to raid a couple's house at 6am in the morning, because their IP address had been associated with the publication of child porn on notorious 4chan porn. The problem was, Hill writes: the couple -- David Robinson and Jan Bultmann -- weren't the ones who had uploaded the child porn. All they did was voluntarily use one of their old laptops as a Tor exit relay, a software used by activists, dissidents, privacy enthusiasts as well as criminals, so that people who want to stay anonymous when surfing the web could do so. Hill writes: Robinson and Bultmann had [...] specifically operated the riskiest node in the chain: the exit relay which provides the IP address ultimately associated with a user's activity. In this case, someone used Tor to make the porn post, and his or her traffic had been routed through the computer in Robinson and Bultmann's house. The couple wasn't pleased to have helped someone post child porn to the internet, but that's the thing about privacy-protective tools: They're going to be used for good and bad purposes, and to support one, you might have to support the other.Robinson added that he was a little let down because police didn't bother to look at the public list which details the IP addresses associated with Tor exit relays. Hill adds: The police asked Robinson to unlock one MacBook Air, and then seemed satisfied these weren't the criminals they were looking for and left. But months later, the case remains open with Robinson and Bultmann's names on police documents linking them to child pornography. "I haven't run an exit relay since. The police told me they'd be back if it happened again," Robinson said; he's still running a Tor node, just not the end point anymore. "I have to take the threat seriously because I don't want my wife or I to wake up with guns in our faces."Technologist Seth Schoen, and EFF Executive Director Cindy Cohn in a white paper aimed at courts and cops. "For many reasons, connecting an individual to a crime linked to an IP address, without any additional investigation, is irresponsible and threatens the civil liberties of innocent people."
The Courts

'Unpatent' Begins Crowdfunding Challenges To Bad Patents ( 115

"Unpatent is a crowdfunding platform that eliminates bad patents," reads their web site. "We do that by crowdsourcing the prior art -- that is all the evidence that makes clear that a patent was not novel -- and filing reexamination requests to the patent office." An anonymous Slashdot reader reports: "Everyone in the world can back the crowdfunding campaign against the patent," explains their site, which includes a special section with "Featured stupid patents". The first $16,000 raised covers the lawyers and fees at the U.S. Patent and Trademark Office, and "The rest is distributed to those who find valid prior art...any evidence that a patent is not novel. We review all the prior art pieces and reward those that may invalidate a claim... Then, we file an ex partes reexamination to the USPTO."

Their team includes Lee Cheng, the legal officer at Newegg, "worldwide renowned as the patent trolls' nightmare," as well as Lus Cuende, who created his own Linux distro when he was 15 and is now CTO of Stampery, a company using the Bitcoin blockchain to notarize data.

They're currently targeting the infamous US8738435 covering "personalized content relating to offered products and services," which in February the EFF featured as their "stupid patent of the month." Its page on argues that "Taking something so obvious such as personalizing content and offers...and writing the word online everywhere shouldn't grant you a monopoly over it." Unpatent's slogan? "We invalidate patents that shouldn't exist."

Senator Urges Colleagues to Prevent Expansion of Government Hacking ( 41

Thursday Sen. Ron Wyden urged the Senate to block a pending change to federal Rule 41, which starting in December will allow judges to authorize remote access to an unlimited number of computers. An anonymous Slashdot reader quotes On The Wire's update on the "Stopping Mass Hacking" Act: In May, Wyden introduced a one-sentence bill that would prevent the change. The Senate has taken no action on the bill thus far and Wyden on Thursday warned that continued inaction on the issue would be dangerous. "If the Senate does nothing, if the Senate fails to act, what's ahead for Americans is a massive expansion of government hacking and surveillance powers..."

Wyden asked the Senate to pass his bill by unanimous consent, but Sen. John Cornyn (R-Texas) objected, saying that the change to Rule 41 was a simple one that would help law enforcement agencies know which venue is the correct one to ask for a warrant... Cornyn cited recent reports about hacks of the election systems in some states, possibly by foreign governments, as evidence of the need for the change. "This isn't a time to retreat and allow cyberspace to be run amok by cybercriminals. This is a very sensible tool of venue."

Google, PayPal, and the Tor Project are all opposing the pending rule change, along with the EFF, which is gathering signatures online for a petition arguing that vaguer warrants "could impact any person using a computer with Internet access anywhere in the world."

Google, Apple, Mozilla, and the EFF Support Microsoft's Fight Against Gag Orders ( 55

An anonymous Slashdot reader quotes BetaNews about new legal documents filed Friday: Microsoft is fighting the US Justice Department in an attempt to quash a law that prevents companies informing customers that the government is requesting their data. The technology giant has the backing of other tech companies as well as media outlets. Amazon, Apple, Google, Fox News, Electronic Frontier Foundation and Mozilla are among those offering their support to Microsoft. The lawsuit says that blocking companies from keeping their customers informed is unconstitutional, and it comes at a time when tech companies in particular are keen to be as open and transparent as possible about government requests for data....

As EFF Senior Staff Attorney Lee Tien puts it: "Whether the government has a warrant to rifle through our mail, safety deposit boxes, or emails stored in the cloud, it must notify people about the searches. When electronic searches are done in secret, we lose our right to challenge the legality of law enforcement invasions of privacy. The Fourth Amendment doesn't allow that, and it's time for the government to step up and respect the Constitution."

Mozilla argues transparency "is critical to our vision of an open, trusted, secure web that places users in control of their experience online," in a blog post announcing that they'd joined a brief filed by Apple, Twilio, and Lithium Technologies.

And a statement from an EFF staff attorney argues that notifying the targets of searches "provides a free society with a crucial means of government accountability."

How Security Experts Are Protecting Their Own Data ( 217

Today the San Jose Mercury News asked several prominent security experts which security products they were actually using for their own data. An anonymous Slashdot reader writes: The EFF's chief technologist revealed that he doesn't run an anti-virus program, partly because he's using Linux, and partly because he feels anti-virus software creates a false sense of security. ("I don't like to get complacent and rely on it in any way...") He does regularly encrypt his e-mail, "but he doesn't recommend that average users scramble their email, because he thinks the encryption software is just too difficult to use."

The newspaper also interviewed security expert Eugene Spafford, who rarely updates the operating system on one of his computers -- because it's not connected to the internet -- and sometimes even accesses his files with a virtual machine, which he then deletes when he's done. His home router is equipped with a firewall device, and "he's developed some tools in his research center that he uses to try to detect security problems," according to the article. "There are some additional things I do," Spafford added, telling the reporter that "I'm not going to give details of all of them, because that doesn't help me."

Bruce Schneier had a similar answer. When the reporter asked how he protected his data, Schneier wouldn't tell them, adding "I'm kind of a target..."
Electronic Frontier Foundation

US Customs and Border Protection Wants To Know Who You Are On Twitter ( 348

An anonymous reader quotes a report from Electronic Frontier Foundation: U.S. border control agents want to gather Facebook and Twitter identities from visitors from around the world. But this flawed plan would violate travelers' privacy, and would have a wide-ranging impact on freedom of expression -- all while doing little or nothing to protect Americans from terrorism. A proposal has been issued by U.S. Customs and Border Protection to collect social media handles from visitors to the United States from visa waiver countries. The Electronic Frontier Foundation opposes the proposal and has commented on it individually and as part of a larger coalition. "CBP specifically seeks 'information associated with your online presence -- Provider/Platform -- Social media identifier' in order to provider DHS 'greater clarity and visibility to possible nefarious activity and connections' for 'vetting purposes,'" reports EFF. "In our comments, we argue that would-be terrorists are unlikely to disclose social media identifiers that reveal publicly available posts expressing support for terrorism." They say this plan "would unfairly violate the privacy of innocent travelers," would cause "innocent travelers" to "engage in self-censorship, cutting back on their online activity out of fear of being wrongly judged by the U.S. government," and would lead to a "slippery slope, where CBP would require U.S. citizens and residents returning home to disclose their social media handles, or subject both foreign visitors and U.S. persons to invasive device searches at ports of entry with the intent of easily accessing any and all cloud data."
Electronic Frontier Foundation

EFF Accuses T-Mobile of Violating Net Neutrality With Throttled Video ( 57

An anonymous reader writes: T-Mobile's new "unlimited" data plan that throttles video has upset the Electronic Frontier Foundation (EFF), which accuses the company of violating net neutrality principles. The new $70-per-month unlimited data plan "limits video to about 480p resolution and requires customers to pay an extra $25 per month for high-definition video," reports Ars Technica. "Going forward, this will be the only plan offered to new T-Mobile customers, though existing subscribers can keep their current prices and data allotments." EFF Senior Staff Technologist Jeremy Gillula told the Daily Dot, "From what we've read thus far it seems like T-Mobile's new plan to charge its customers extra to not throttle video runs directly afoul of the principle of net neutrality." The FCC's net neutrality rules ban throttling, though Ars notes "there's a difference between violating 'the principle of net neutrality' and violating the FCC's specific rules, which have exceptions to the throttling ban and allow for case-by-case judgements." "Because our no-throttling rule addresses instances in which a broadband provider targets particular content, applications, services, or non-harmful devices, it does not address a practice of slowing down an end user's connection to the internet based on a choice made by the end user," says the FCC's Open Internet Order (PDF). "For instance, a broadband provider may offer a data plan in which a subscriber receives a set amount of data at one speed tier and any remaining data at a lower tier." The EFF is still determining whether or not to file a complaint with the Federal Communications Commission.

Cory Doctorow On What iPhone's Missing Headphone Jack Means For Music Industry ( 394

Rumors of Apple's next iPhone missing a headphone jack have been swirling around for more than a year now. But a report from WSJ a few weeks ago, and another report from Bloomberg this week further cemented such possibility. We've talked about it here -- several times -- but now Cory Doctorow is shedding light on what this imminent change holds for the music industry. Reader harrymcc writes: Fast Company's Mark Sullivan talked about the switch with author and EFF adviser Cory Doctorow, who thinks it could lead to music companies leveraging DRM to exert more control over what consumers can do with their music.From the article:"If Apple creates a circumstance where the only way to get audio off its products is through an interface that is DRM-capable, they'd be heartbreakingly naive in assuming that this wouldn't give rise to demands for DRM," said Doctorow. If a consumer or some third-party tech company used the music in way the rights holders didn't like, the rights holders could invoke the anti-circumvention law written in Section 1201 of the Digital Millennium Copyright Act (DMCA). Steve Jobs famously convinced the record industry to remove the DRM from music on iTunes; is there really any reason to believe the industry might suddenly become interested in DRM again if the iPhone audio goes all digital? "Yes -- for streaming audio services," Doctorow says. "I think it is inevitable that rights holder groups will try to prevent recording, retransmission, etc." Today it's easy to record streamed music from the analog headphone jack on the phone, and even to convert the stream back to digital and transmit it in real time to someone else. With a digital stream it might not be nearly so easy, or risk-free."Doctorow shares more on BoingBoing.

EFF Asks FTC To Demand 'Truth In Labeling' For DRM ( 122

An anonymous reader quotes a report from Techdirt: Interesting move by Cory Doctorow and the EFF in sending some letters to the FTC making a strong case that DRM requires some "truth in labeling" details in order to make sure people know what they're buying. The argument is pretty straightforward (PDF): "The legal force behind DRM makes the issue of advance notice especially pressing. It's bad enough when a product is designed to prevent its owner from engaging in lawful, legitimate, desirable conduct -- but when the owner is legally prohibited from reconfiguring the product to enable that conduct, it's vital that they be informed of this restriction before they make a purchase, so that they might make an informed decision. Though many companies sell products with DRM encumbrances, few provide notice of these encumbrances. Of those that do, fewer still enumerate the restrictions in plain, prominent language. Of the few who do so, none mention the ability of the manufacturer to change the rules of the game after the fact, by updating the DRM through non-negotiable updates that remove functionality that was present at the time of purchase." In a separate letter (PDF) from EFF, along with a number of other consumer interest groups, but also content creators like Baen Books, Humble Bundle and McSweeney's, they suggest some ways that a labeling notice might work.
Electronic Frontier Foundation

'Mayhem' Wins $2M In DARPA's AI Hacking Contest, Draws EFF Scrutiny ( 11

Here's the highlight reel from the DARPA-sponsored "Cyber Grand Challenge" competition. Slashdot reader alphadogg writes: Cyber-reasoning platform Mayhem pulled down the $2 million first prize in a competition...that pitted entrants against each other in the classic hacking game Capture the Flag, never before played by programs running on supercomputers. A team from Carnegie Mellon University spin-out All Secure entered Mayhem in the competition against six other programs played in front of thousands in the ballroom of the Paris hotel in Las Vegas. Most of the spectators were in town for the DEF CON hacker conference starting Friday at the same site.
The Electronic Frontier Foundation wrote "We think that this initiative by DARPA is very cool, very innovative, and could have been a little dangerous." Sharing their blog post about automated security research, the EFF's staff technologist Peter Eckersley writes: EFF is asking, does research like that need a safety protocol?
Electronic Frontier Foundation

Malware Linked To Government of Kazakhstan Targets Journalists, Political Activists and Lawyers, Says Report ( 23

An anonymous reader quotes a report from EFF: Journalists and political activists critical of Kazakhstan's authoritarian government, along with their family members, lawyers, and associates, have been targets of an online phishing and malware campaign believed to be carried out on behalf of the government of Kazakhstan, according to a new report by the Electronic Frontier Foundation (EFF). Malware was sent to Irina Petrushova and Alexander Petrushov, publishers of the independent newspaper Respublika, which was forced by the government of Kazakhstan to stop printing after years of exposing corruption but has continued to operate online. Also targeted are family members and attorneys of Mukhtar Ablyazov, co-founder and leader of opposition party Democratic Choice of Kazakhstan, as well as other prominent dissidents. The campaign -- which EFF has called "Operation Manul," after endangered wild cats found in the grasslands of Kazakhstan -- involved sending victims spearphishing emails that tried to trick them into opening documents which would covertly install surveillance software capable of recording keystrokes, recording through the webcam, and more. Some of the software used in the campaign is commercially available to anyone and sells for as little as $40 online.

Clerk Printed Lottery Tickets She Didn't Pay For But Didn't Break Hacking Law ( 110

Violating a company rule is not -- and should not be -- a computer crime, that was the ruling of the Oregon Supreme Court in State v. Nascimento file. The Oregon's highest court ruled that while a convenience store clerk was guilty of stealing lottery tickets through the store's computer system, she did not violate the state's anti-hacking law while doing so. ArsTechnica shares more details: The Electronic Frontier Foundation, which appeared on Caryn Nascimento's behalf during the case as an amicus curae (friend of the court), announced the narrow victory on Tuesday. According to the Supreme Court's decision, the case dates back to 2007, when Nascimento began working at Tiger Mart, a small convenience store in Madras, Oregon, about 120 miles southeast of Portland. In late 2008 and early 2009, a company vice president began investigating what appeared to be cash shortages at that store, sometimes about $1,000 per day. After reviewing video recordings that correlated with Nascimento's work schedule, this executive began to suspect that she was buying lottery tickets but not paying for them. Eventually, Nascimento was charged not only with aggravated first-degree theft but also of violating the state's computer crime law, which includes language that "any person who knowingly and without authorization uses, accesses or attempts to access any computer, computer system, computer network, or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits computer crime." She was convicted on both charges at trial. On appeal before the Oregon Supreme Court, Nascimento's lawyers argued that while their client may have violated a company policy to not print lottery tickets that she did not receive payment for, she was, in fact, authorized to access the lottery printing computer.

Court Ruling Shows The Internet Does Have Borders After All ( 47

itwbennett writes: Microsoft's recent victory in court, when it was ruled that the physical location of the company's servers in Ireland were out of reach of the U.S. government, was described on Slashdot as being "perceived as a major victory for privacy." But J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP) has a different view of the implications of the ruling that speaks to John Perry Barlow's vision of an independent cyberspace: "By recognizing the jurisdictional boundaries of Ireland, it is possible that the Second Circuit Court created an incentive for other jurisdictions to require data to be held within their national boundaries. We have seen similar laws emerge in Russia -- they fall under a policy trend towards 'data localization' that has many cloud service and global organizations deeply concerned. Which leads to a tough question: what happens if every country tries to assert jurisdictional control over the web? Might we end up with a fractured web, a 'splinternet,' of lessening utility?"

Slashdot Top Deals