w3c

A critical flaw in Switzerland's e-voting system is a microcosm of everything wrong with e-voting, security practice, and auditing firms

Switzerland is about to have a national election with electronic voting, overseen by Swiss Post; e-voting is a terrible idea and the general consensus among security experts who don't work for e-voting vendors is that it shouldn't be attempted, but if you put out an RFP for magic beans, someone will always show up to sell you magic beans, whether or not magic beans exist. Read the rest “A critical flaw in Switzerland's e-voting system is a microcosm of everything wrong with e-voting, security practice, and auditing firms”

Why Do-Not-Track browser settings are useless and what to do about it

The long fight over Do-Not-Track followed a predictable trajectory: a detailed, meaningful pro-privacy system was subverted by big business, and then published as a "standard" that offered virtually no privacy protections. Read the rest “Why Do-Not-Track browser settings are useless and what to do about it”

Facebook's been caught using their customers' 2FA information to spam them with text ads

Just when you thought that Facebook couldn't get any more greasy, they have outdone themselves in a manner that places them well beyond even the most succulent of French Chef finger-kisses: the phone numbers that many folks gave them in order to activate the service's two-factor authentication protection? Zuckerberg and his crew are using it to serve up advertisements to unsuspecting users.

From TechCrunch:

Facebook’s confession follows a story Gizmodo ran a story yesterday, related to research work carried out by academics at two U.S. universities who ran a study in which they say they were able to demonstrate the company uses pieces of personal information that individuals did not explicitly provide it to, nonetheless, target them with ads.

While it’s been — if not clear, then at least evident — for a number of years that Facebook uses contact details of individuals who never personally provided their information for ad targeting purposes (harvesting people’s personal data by other means, such as other users’ mobile phone contact books which the Facebook app uploads), the revelation that numbers provided to Facebook by users in good faith, for the purpose of 2FA, are also, in its view, fair game for ads has not been so explicitly ‘fessed up to before.

The best part of all of this is that, according to TechCrunch, Facebook had the chance to confess to their shitty behavior some time ago when it was revealed that users who submitted a phone number for 2FA purposes were being spammed with texts ads sent to their smartphones. Read the rest “Facebook's been caught using their customers' 2FA information to spam them with text ads”

Evernote isn't looking too healthy these days

I've never entirely trusted the cloud. When I write, I use offline apps like Scrivener and iA Writer. My photos move around to my computer and smartphones without the help of any online services. The USB cable is the king of my workflow. My backups are kept on a keypad secured USB drive. Only once I know that my files have been secured on local media that I'm in control of do I bother to upload anything to SpiderOak or Dropbox. On the few occasions that I've strayed from this path, I've lost hours or even days of work. My way of doing things is a massive pain in the ass, but it provides me with a lot of piece of mind, especially when I read news about online services like Evernote swirling the drain.

From TechCrunch:

Just two weeks ago, we reported that Evernote had lost several of its most senior executives, including its CTO Anirban Kundu, CFO Vincent Toolan, CPO Erik Wrobel and head of HR Michelle Wagner.

Now, Chris O’Neill — who took over as CEO of Evernote in 2015 after running the business operations at the Google X research unit — is sharing more demoralizing news with employees. To wit, he’s firing dozens of them. At an an all-hands meeting earlier today, he told gathered staffers that Evernote has no choice but to lay off 54 people — roughly 15 percent of the company’s workforce — and to focus its efforts instead around specific functions, including product development and engineering.

Read the rest “Evernote isn't looking too healthy these days”

Facebook Domination vs. Self-Determination

We're months removed from the Cambridge Analytica scandal and the public outrage of #DeleteFacebook, and new information continues to surface about Facebook's sloppy handling of data and hunger for surveillance. Last month, we learned about an Orwellian patent that might allow Facebook to track you via mobile microphone. Though some have cast doubt on the reports, mobile spyware like the now-infamous Alphonso do track mobile devices via sound emitted by TVs.

DRM, the World Cup, and what happens when a red team plays a green team

Before the W3C green-lit its DRM for web-video, we at EFF made a plea to allow bypassing the DRM to add accessibility features like shifting colors to accommodate color-blind people; the leadership dismissed the idea as a mere nice-to-have that companies could be relied on to fix themselves. Read the rest “DRM, the World Cup, and what happens when a red team plays a green team”

The year in DRM: seven rotten moments and two rays of hope

My end-of-the-year roundup the year in DRM for EFF's Deeplinks blog hits seven lowlights, from the catastrophic (the W3C greenlighting DRM for the web) to the idiotic ( Read the rest “The year in DRM: seven rotten moments and two rays of hope”

One of the net's most important freedom canaries died the day the W3C greenlit web-wide DRM; what can we learn from the fight?

EFF's long, hard-fought campaign at the World Wide Web Consortium over its plan to standardize a universal DRM for the web was always a longshot, but we got farther than anyone dared hope before we lost the web to corporate interests and cynical indifference in September. Read the rest “One of the net's most important freedom canaries died the day the W3C greenlit web-wide DRM; what can we learn from the fight?”

Web analytics companies offer "replay sessions" that let corporations watch every click and keystroke for individual users

The "replay sessions" captured by surveillance-oriented "analytics" companies like Fullstory allow their customers -- "Walgreens, Zocdoc, Shopify, CareerBuilder, SeatGeek, Wix.com, Digital Ocean, DonorsChoose.org, and more" -- to watch everything you do when you're on their webpages -- every move of the mouse, every keystroke (even keystrokes you delete before submitting), and more, all attached to your real name, stored indefinitely, and shared widely with many, many "partners." Read the rest “Web analytics companies offer "replay sessions" that let corporations watch every click and keystroke for individual users”

Origin story of the Mimikatz password cracker is a parable about security, disclosure, cyberwar, and crime

Five years ago, Benjamin Delpy was working for an unspecified French government agency and teaching himself to program in C, and had discovered a vital flaw in the way that Windows protected its users' passwords. Read the rest “Origin story of the Mimikatz password cracker is a parable about security, disclosure, cyberwar, and crime”

WPA2 was kracked because it was based on a closed standard that you needed to pay to read

How did a bug like krack fester in WPA2, the 13-year-old wifi standard whose flaws have rendered hundreds of millions of devices insecure, some of them permanently so? Read the rest “WPA2 was kracked because it was based on a closed standard that you needed to pay to read”

Boring, complex and important: the deadly mix that blew up the open web

On Monday, the World Wide Web Consortium published EME, a standard for locking up video on the web with DRM, allowing large corporate members to proceed without taking any steps to protect accessibility work, security research, archiving or innovation. Read the rest “Boring, complex and important: the deadly mix that blew up the open web”

World Wide Web Consortium abandons consensus, standardizes DRM with 58.4% support, EFF resigns

In July, the Director of the World Wide Web Consortium overruled dozens of members' objections to publishing a DRM standard without a compromise to protect accessibility, security research, archiving, and competition. Read the rest “World Wide Web Consortium abandons consensus, standardizes DRM with 58.4% support, EFF resigns”

DRM in web standards creates new barriers to accessibility

The World Wide Web Consortium is pressing ahead with its project to standardize a DRM system for the web, without taking any legal steps to protect people whose legitimate activities would be impaired by the DRM system. Read the rest “DRM in web standards creates new barriers to accessibility”

Defcon vote-hacking village shows that "secure" voting machines can be broken in minutes

Since the 2000 Bush-Gore election crisis and the hanging-chad controversy, voting machine vendors have been offering touchscreen voting machines as a solution to America's voting woes -- and security researchers have been pointing out that the products on offer were seriously, gravely defective. Read the rest “Defcon vote-hacking village shows that "secure" voting machines can be broken in minutes”

Security researcher arrested after he warns Hungarian transit company about their dumb mistake

A teenager discovered that the website of Budapesti Közlekedési Központ -- the public transit authority in Budapest -- would allow you to edit the price you paid for your tickets, so that purchasers could give themselves massive discounts on their travel, and when he told the authority about it, they had him arrested and issued a press-release boasting about it. Read the rest “Security researcher arrested after he warns Hungarian transit company about their dumb mistake”

The world's libraries tell the W3C that DRM is bad for the web

The International Federation of Library Associations and Institutions is the respected global body representing libraries all over the world; in an open letter to the World Wide Web Consortium, the organization says the recent decision to standardize DRM for the web has undermined the web's openness and the ability of libraries and other public institutions to fulfill their important social role. Read the rest “The world's libraries tell the W3C that DRM is bad for the web”

Next page

:)