w3c

The Antitrust Case Against Facebook: a turning point in the debate over Big Tech and monopoly

In 2017, a 28-year-old law student named Lina Kahn turned the antitrust world on its ear with her Yale Law Review paper, Amazon's Antitrust Paradox, which showed how Ronald Reagan's antitrust policies, inspired by ideological extremists at the University of Chicago's economics department, had created a space for abusive monopolists who could crush innovation, workers' rights, and competition without ever falling afoul of orthodox antitrust law. Read the rest

After years of insisting that DRM in HTML wouldn't block open source implementations, Google says it won't support open source implementations

The bitter, yearslong debate at the World Wide Web Consortium over a proposal to standardize DRM for web browsers included frequent assurances by the pro-DRM side (notably Google, whose Widevine DRM was in line to be the principal beneficiary) that this wouldn't affect the ability of free/open source authors to implement the standard. Read the rest

A critical flaw in Switzerland's e-voting system is a microcosm of everything wrong with e-voting, security practice, and auditing firms

Switzerland is about to have a national election with electronic voting, overseen by Swiss Post; e-voting is a terrible idea and the general consensus among security experts who don't work for e-voting vendors is that it shouldn't be attempted, but if you put out an RFP for magic beans, someone will always show up to sell you magic beans, whether or not magic beans exist. Read the rest

Why Do-Not-Track browser settings are useless and what to do about it

The long fight over Do-Not-Track followed a predictable trajectory: a detailed, meaningful pro-privacy system was subverted by big business, and then published as a "standard" that offered virtually no privacy protections. Read the rest

Facebook's been caught using their customers' 2FA information to spam them with text ads

Just when you thought that Facebook couldn't get any more greasy, they have outdone themselves in a manner that places them well beyond even the most succulent of French Chef finger-kisses: the phone numbers that many folks gave them in order to activate the service's two-factor authentication protection? Zuckerberg and his crew are using it to serve up advertisements to unsuspecting users.

From TechCrunch:

Facebook’s confession follows a story Gizmodo ran a story yesterday, related to research work carried out by academics at two U.S. universities who ran a study in which they say they were able to demonstrate the company uses pieces of personal information that individuals did not explicitly provide it to, nonetheless, target them with ads.

While it’s been — if not clear, then at least evident — for a number of years that Facebook uses contact details of individuals who never personally provided their information for ad targeting purposes (harvesting people’s personal data by other means, such as other users’ mobile phone contact books which the Facebook app uploads), the revelation that numbers provided to Facebook by users in good faith, for the purpose of 2FA, are also, in its view, fair game for ads has not been so explicitly ‘fessed up to before.

The best part of all of this is that, according to TechCrunch, Facebook had the chance to confess to their shitty behavior some time ago when it was revealed that users who submitted a phone number for 2FA purposes were being spammed with texts ads sent to their smartphones. Read the rest

Evernote isn't looking too healthy these days

I've never entirely trusted the cloud. When I write, I use offline apps like Scrivener and iA Writer. My photos move around to my computer and smartphones without the help of any online services. The USB cable is the king of my workflow. My backups are kept on a keypad secured USB drive. Only once I know that my files have been secured on local media that I'm in control of do I bother to upload anything to SpiderOak or Dropbox. On the few occasions that I've strayed from this path, I've lost hours or even days of work. My way of doing things is a massive pain in the ass, but it provides me with a lot of piece of mind, especially when I read news about online services like Evernote swirling the drain.

From TechCrunch:

Just two weeks ago, we reported that Evernote had lost several of its most senior executives, including its CTO Anirban Kundu, CFO Vincent Toolan, CPO Erik Wrobel and head of HR Michelle Wagner.

Now, Chris O’Neill — who took over as CEO of Evernote in 2015 after running the business operations at the Google X research unit — is sharing more demoralizing news with employees. To wit, he’s firing dozens of them. At an an all-hands meeting earlier today, he told gathered staffers that Evernote has no choice but to lay off 54 people — roughly 15 percent of the company’s workforce — and to focus its efforts instead around specific functions, including product development and engineering.

Read the rest

Facebook Domination vs. Self-Determination

We're months removed from the Cambridge Analytica scandal and the public outrage of #DeleteFacebook, and new information continues to surface about Facebook's sloppy handling of data and hunger for surveillance. Last month, we learned about an Orwellian patent that might allow Facebook to track you via mobile microphone. Though some have cast doubt on the reports, mobile spyware like the now-infamous Alphonso do track mobile devices via sound emitted by TVs.

DRM, the World Cup, and what happens when a red team plays a green team

Before the W3C green-lit its DRM for web-video, we at EFF made a plea to allow bypassing the DRM to add accessibility features like shifting colors to accommodate color-blind people; the leadership dismissed the idea as a mere nice-to-have that companies could be relied on to fix themselves. Read the rest

The year in DRM: seven rotten moments and two rays of hope

My end-of-the-year roundup the year in DRM for EFF's Deeplinks blog hits seven lowlights, from the catastrophic (the W3C greenlighting DRM for the web) to the idiotic ( Read the rest

One of the net's most important freedom canaries died the day the W3C greenlit web-wide DRM; what can we learn from the fight?

EFF's long, hard-fought campaign at the World Wide Web Consortium over its plan to standardize a universal DRM for the web was always a longshot, but we got farther than anyone dared hope before we lost the web to corporate interests and cynical indifference in September. Read the rest

Web analytics companies offer "replay sessions" that let corporations watch every click and keystroke for individual users

The "replay sessions" captured by surveillance-oriented "analytics" companies like Fullstory allow their customers -- "Walgreens, Zocdoc, Shopify, CareerBuilder, SeatGeek, Wix.com, Digital Ocean, DonorsChoose.org, and more" -- to watch everything you do when you're on their webpages -- every move of the mouse, every keystroke (even keystrokes you delete before submitting), and more, all attached to your real name, stored indefinitely, and shared widely with many, many "partners." Read the rest

Origin story of the Mimikatz password cracker is a parable about security, disclosure, cyberwar, and crime

Five years ago, Benjamin Delpy was working for an unspecified French government agency and teaching himself to program in C, and had discovered a vital flaw in the way that Windows protected its users' passwords. Read the rest

WPA2 was kracked because it was based on a closed standard that you needed to pay to read

How did a bug like krack fester in WPA2, the 13-year-old wifi standard whose flaws have rendered hundreds of millions of devices insecure, some of them permanently so? Read the rest

Boring, complex and important: the deadly mix that blew up the open web

On Monday, the World Wide Web Consortium published EME, a standard for locking up video on the web with DRM, allowing large corporate members to proceed without taking any steps to protect accessibility work, security research, archiving or innovation. Read the rest

World Wide Web Consortium abandons consensus, standardizes DRM with 58.4% support, EFF resigns

In July, the Director of the World Wide Web Consortium overruled dozens of members' objections to publishing a DRM standard without a compromise to protect accessibility, security research, archiving, and competition. Read the rest

DRM in web standards creates new barriers to accessibility

The World Wide Web Consortium is pressing ahead with its project to standardize a DRM system for the web, without taking any legal steps to protect people whose legitimate activities would be impaired by the DRM system. Read the rest

Defcon vote-hacking village shows that "secure" voting machines can be broken in minutes

Since the 2000 Bush-Gore election crisis and the hanging-chad controversy, voting machine vendors have been offering touchscreen voting machines as a solution to America's voting woes -- and security researchers have been pointing out that the products on offer were seriously, gravely defective. Read the rest

Next page

:)