Will the W3C strike a bargain to save the Web from DRM?


The World Wide Web Consortium, which makes the standards the Web runs on, continues to pursue work on DRM -- technology that you can't connect to without explicit permission, and whose bugs can't be reported without legal jeopardy lest you weaken it. Read the rest

IETF approves HTTP error code 451 for Internet censorship


The 451 HTTP error code, first proposed in 2012 as a tribute to Ray Bradbury's classic novel is now an IETF standard and is the preferred error message for a server to send to a browser when content is blocked for legal reasons. Read the rest

SRSLY, they want to put DRM in JPEGs


The Joint Photographic Expert Group, which oversees the JPEG format, met in Brussels today to discuss adding DRM to its format, so that there would be images that would be able to force your computer to stop you from uploading pictures to Pintrest or social media. Read the rest

Smart Grid consortium rolled its own crypto, which is always, always a bad idea

When you make up your own crypto, it's only secure against people stupider than you, and there are lots of people smarter than the designers of the Open Smart Grid Protocol, who rolled their own (terrible) crypto rather than availing themselves of the numerous, excellent, free public cryptographic protocols. Read the rest

Youtube ditches Flash, but it hardly matters

A year ago, the news that the world's biggest video site was abandoning proprietary software would have been incredible, but thanks to the World Wide Web Consortium's Netflix-driven DRM work, this changes very little. Read the rest

New emoji for Unicode 8, including "TACO"

The Unicode Consortium is finalizing its plans for version 8, and 37 new emoji are among the candidates for the final release, including "ZIPPER-MOUTH FACE," "MONEY-MOUTH FACE," "SIGN OF THE HORNS" and "TACO". Read the rest

W3C hosting a "Web We Want Magna Carta" drafting session at Internet Governance Forum

The Web I want doesn't have DRM in its standards, because the Web I want doesn't believe it's legitimate to design computers so that strangers over a network can give your computer orders that you aren't allowed to know about or override. Read the rest

IETF declares war on surveillance

The Internet Engineering Task Force has published RFC 7258, which is a bombshell whose title is: "Pervasive Monitoring Is an Attack." It represents the outcome of a long argument about whether the Internet's technical architecture should take active countermeasures to fight mass surveillance, which Tim Bray summarizes. I especially like his rejoinder to people who argue against this because there are places where it's legitimate to monitor communications, like prisons: "We don't want an In­ter­net optimized for prisons." Read the rest

ANSI starts to publish standards that have been made into law, in insanely crappy form

Rogue archivist Carl Malamud has been fighting to publish the building and safety codes that have been incorporated into the law, but which you have to pay to see. He's published thousands and thousands of pages' worth of safety codes, and is being sued by some of the standards bodies. Now, he writes: "An announcement from Joe Bhatia, the leader of the American National Standards Institute, says 'A standard that has been incorporated by reference does have the force of law, and it should be available.'" Read the rest

W3C's DRM for HTML5 sets the stage for jailing programmers, gets nothing in return

An excellent editorial by Simon St. Laurent on O'Reilly Programming asks what the open Web has gained from the World Wide Web Consortium's terrible decision to add DRM to Web-standards. As St Laurent points out, the decision means that programmers are now under threat of fines or imprisonment for making and improving Web-browsers in ways that displease Hollywood -- and in return, the W3C has extracted exactly zero promises of a better Web for users or programmers. Read the rest

Public.resource.org explains to the Mississippi Attorney General's Office that a law is only a law if it's published

Rogue archivist Carl Malamud is publishing the world's safety codes. Some governments disapprove. He writes, "Upon receipt of a Certified Letter of Takedown from the Special Assistant Attorney General of Mississippi, Public.Resource.Org prepared a 67-page response, enclosed a Trodart Professional-Grade Self-Inking Rubber Stamp inscribed with a revolutionary saying ('If it isn't public, it isn't a law.'), packed it all up with a Mississippi flag made of crinkle-pak, and dispatched the parcel back to the sender. " Read the rest

Firefox bug: "Pledge never to implement HTML5 DRM"

Chris Sherlock has filed a bug against Firefox in Mozilla's bugzilla bug-tracker, entitled "Pledge never to implement HTML5 DRM." It's an interesting way of using the open/transparent development protest to allow Web developers to voice their opinion on the World Wide Web's terrible, awful decision to standardize DRM for browsers. As the W3C's overseer for HTML5 has written, the only reason for DRM in HTML5 is to prevent legal innovation, not to stop piracy. Read the rest

W3C green-lights adding DRM to the Web's standards, says it's OK for your browser to say "I can't let you do that, Dave"

Here's the bad news: the World Wide Web Consortium is going ahead with its plan to add DRM to HTML5, setting the stage for browsers that are designed to disobey their owners and to keep secrets from them so they can't be forced to do as they're told. Here's the (much) worse news: the decision to go forward with the project of standardizing DRM for the Web came from Tim Berners-Lee himself, who seems to have bought into the lie that Hollywood will abandon the Web and move somewhere else (AOL?) if they don't get to redesign the open Internet to suit their latest profit-maximization scheme.

Danny O'Brien from the Electronic Frontier Foundation explains the wrangle at the W3C and predicts that, now that it's kosher to contemplate locking up browsers against their owners, we'll see every kind of control-freakery come out of the woodwork, from flags that prevent "View Source" to restricting embedded fonts to preventing image downloading to Javascript that you can't save and run offline. Indeed, some of this stuff is already underway at W3C, spurred into existence by a huge shift in the Web from open platform to a place where DRM-hobbled browsers are "in-scope" for the WC3. Read the rest

Public Resource kickstarting free, open publication of the world's safety standards

We've written often about Carl Malamud, the rogue archivist who has devoted his life to making the world's laws, standards, and publicly owned information into free, accessible, beautiful online documents. Now, I'm pleased to help him launch an ambitious, vital Kickstarter project aimed at raising at least $100,000 to turn the world's public safety codes into thoroughly linked, high-quality HTML documents (presently, many of the 28,040 public safety codes that Carl and public.resource.org have put online exist as scanned bitmaps that can't be searched or linked). The project involves a careful re-typing of all that scanned material and re-tracing of images and formatting them as vector-based SVG files.

Carl and his colleagues have fought in the courts for their right to publish the law that we, the people, are expected to follow. They have passed on lucrative careers in the private sector to devote themselves to public interest, public spirited work that makes the sourcecode for the world's governments available at our fingertips. The work they are doing unlocks untold billions in value -- from being able to ensure that your weekend DIY rewiring project meets code and won't burn down your house, all the way up to giving workers in deadly factories in Bangladesh access to the laws that are supposed to be honored in their workplaces.

$115 gets you a copy of their giant, amazing book of global safety standards, but there are interesting and awesome premiums at price-ranges from $10 (public acknowledgement on the Wall of Safety) to $475 (the Big Box of Propaganda!). Read the rest

IETF proposal to Prism-proof the Internet

A new draft proposal at the Internet Engineering Task Force by Phillip Hallam-Baker sets out a work program to harden the Internet against Prism-style surveillance. It's a long but fascinating read, and it's been nicely summarized by ParityNews's Ravi Mandalia, who highlights the proposal's emphasis on Perfect Forward Secrecy and strong crypto by default. Last week, I posted John Gilmore's firsthand account of NSA sabotage of a IETF standard; it will be interesting to see how the NSA engages with this process. Read the rest

This is the crypto standard that the NSA sabotaged

The New York Times has published further details of last week's leaked documents detailing the NSA's program of sabotage to crypto products and standards. The new report confirms that the standard that the NSA sabotaged was the widely-suspected NIST Dual EC DRBG standard. The Times reports that the NSA then pushed its backdoored standard through the International Organization for Standardization and the Canadian Communications Security Establishment.

NIST has re-opened the comments on its standard with the hope of rooting out the NSA sabotage to the random number generator and restoring trust in its work products. Read the rest

Firsthand account of NSA sabotage of Internet security standards

On the Cryptography mailing list, John Gilmore (co-founder of pioneering ISP The Little Garden and the Electronic Frontier Foundation; early Sun employee; cypherpunk; significant contributor to GNU/Linux and its crypto suite; and all-round Internet superhero) describes his interactions with the NSA and several obvious NSA stooges on the IPSEC standardization working groups at the Internet Engineering Task Force. It's an anatomy of how the NSA worked to undermine and sabotage important security standards. For example, "NSA employees explicitly lied to standards committees, such as that for cellphone encryption, telling them that if they merely debated an actually-secure protocol, they would be violating the export control laws unless they excluded all foreigners from the room (in an international standards committee!)." Read the rest

More posts