w3c

Podcast: Adblocking: How About Nah?

In my latest podcast (MP3), I read my essay Adblocking: How About Nah?, published last week on EFF's Deeplinks; it's the latest installment in my series about "adversarial interoperability," and the role it has historically played in keeping tech open and competitive, and how that role is changing now that yesterday's scrappy startups have become today's bloated incumbents, determined to prevent anyone from disrupting them they way they disrupted tech in their early days.

At the height of the pop-up wars, it seemed like there was no end in sight: the future of the Web would be one where humans adapted to pop-ups, then pop-ups found new, obnoxious ways to command humans' attention, which would wane, until pop-ups got even more obnoxious.

But that's not how it happened. Instead, browser vendors (beginning with Opera) started to ship on-by-default pop-up blockers. What's more, users—who hated pop-up ads—started to choose browsers that blocked pop-ups, marginalizing holdouts like Microsoft's Internet Explorer, until they, too, added pop-up blockers.

Chances are, those blockers are in your browser today. But here's a funny thing: if you turn them off, you won't see a million pop-up ads that have been lurking unseen for all these years.

Because once pop-up ads became invisible by default to an ever-larger swathe of Internet users, advertisers stopped demanding that publishers serve pop-up ads. The point of pop-ups was to get people's attention, but something that is never seen in the first place can't possibly do that.

MP3

Read the rest

Adblocking: How about nah?

For more than a decade, consumer rights groups (including EFF) worked with technologists and companies to try to standardize Do Not Track, a flag that browsers could send to online companies signaling that their users did not want their browsing activity tracked. Despite long hours and backing from the FTC, foot-dragging from the browser vendors and outright hostility from the big online media companies mean that setting Do Not Track in your browser does virtually nothing to protect your privacy. Read the rest

How DRM has permitted Google to have an "open source" browser that is still under its exclusive control

A year ago, Benjamin "Mako" Hill gave a groundbreaking lecture explaining how Big Tech companies had managed to monopolize all the benefits of free software licenses, using a combination of dirty tricks to ensure that the tools that were nominally owned by no one and licensed under free and open terms nevertheless remained under their control, so that the contributions that software developers made to "open" projects ended up benefiting big companies without big companies having to return the favor. Read the rest

The Antitrust Case Against Facebook: a turning point in the debate over Big Tech and monopoly

In 2017, a 28-year-old law student named Lina Kahn turned the antitrust world on its ear with her Yale Law Review paper, Amazon's Antitrust Paradox, which showed how Ronald Reagan's antitrust policies, inspired by ideological extremists at the University of Chicago's economics department, had created a space for abusive monopolists who could crush innovation, workers' rights, and competition without ever falling afoul of orthodox antitrust law. Read the rest

After years of insisting that DRM in HTML wouldn't block open source implementations, Google says it won't support open source implementations

The bitter, yearslong debate at the World Wide Web Consortium over a proposal to standardize DRM for web browsers included frequent assurances by the pro-DRM side (notably Google, whose Widevine DRM was in line to be the principal beneficiary) that this wouldn't affect the ability of free/open source authors to implement the standard. Read the rest

A critical flaw in Switzerland's e-voting system is a microcosm of everything wrong with e-voting, security practice, and auditing firms

Switzerland is about to have a national election with electronic voting, overseen by Swiss Post; e-voting is a terrible idea and the general consensus among security experts who don't work for e-voting vendors is that it shouldn't be attempted, but if you put out an RFP for magic beans, someone will always show up to sell you magic beans, whether or not magic beans exist. Read the rest

Why Do-Not-Track browser settings are useless and what to do about it

The long fight over Do-Not-Track followed a predictable trajectory: a detailed, meaningful pro-privacy system was subverted by big business, and then published as a "standard" that offered virtually no privacy protections. Read the rest

Facebook's been caught using their customers' 2FA information to spam them with text ads

Just when you thought that Facebook couldn't get any more greasy, they have outdone themselves in a manner that places them well beyond even the most succulent of French Chef finger-kisses: the phone numbers that many folks gave them in order to activate the service's two-factor authentication protection? Zuckerberg and his crew are using it to serve up advertisements to unsuspecting users.

From TechCrunch:

Facebook’s confession follows a story Gizmodo ran a story yesterday, related to research work carried out by academics at two U.S. universities who ran a study in which they say they were able to demonstrate the company uses pieces of personal information that individuals did not explicitly provide it to, nonetheless, target them with ads.

While it’s been — if not clear, then at least evident — for a number of years that Facebook uses contact details of individuals who never personally provided their information for ad targeting purposes (harvesting people’s personal data by other means, such as other users’ mobile phone contact books which the Facebook app uploads), the revelation that numbers provided to Facebook by users in good faith, for the purpose of 2FA, are also, in its view, fair game for ads has not been so explicitly ‘fessed up to before.

The best part of all of this is that, according to TechCrunch, Facebook had the chance to confess to their shitty behavior some time ago when it was revealed that users who submitted a phone number for 2FA purposes were being spammed with texts ads sent to their smartphones. Read the rest

Evernote isn't looking too healthy these days

I've never entirely trusted the cloud. When I write, I use offline apps like Scrivener and iA Writer. My photos move around to my computer and smartphones without the help of any online services. The USB cable is the king of my workflow. My backups are kept on a keypad secured USB drive. Only once I know that my files have been secured on local media that I'm in control of do I bother to upload anything to SpiderOak or Dropbox. On the few occasions that I've strayed from this path, I've lost hours or even days of work. My way of doing things is a massive pain in the ass, but it provides me with a lot of piece of mind, especially when I read news about online services like Evernote swirling the drain.

From TechCrunch:

Just two weeks ago, we reported that Evernote had lost several of its most senior executives, including its CTO Anirban Kundu, CFO Vincent Toolan, CPO Erik Wrobel and head of HR Michelle Wagner.

Now, Chris O’Neill — who took over as CEO of Evernote in 2015 after running the business operations at the Google X research unit — is sharing more demoralizing news with employees. To wit, he’s firing dozens of them. At an an all-hands meeting earlier today, he told gathered staffers that Evernote has no choice but to lay off 54 people — roughly 15 percent of the company’s workforce — and to focus its efforts instead around specific functions, including product development and engineering.

Read the rest

Facebook Domination vs. Self-Determination

We're months removed from the Cambridge Analytica scandal and the public outrage of #DeleteFacebook, and new information continues to surface about Facebook's sloppy handling of data and hunger for surveillance. Last month, we learned about an Orwellian patent that might allow Facebook to track you via mobile microphone. Though some have cast doubt on the reports, mobile spyware like the now-infamous Alphonso do track mobile devices via sound emitted by TVs.

DRM, the World Cup, and what happens when a red team plays a green team

Before the W3C green-lit its DRM for web-video, we at EFF made a plea to allow bypassing the DRM to add accessibility features like shifting colors to accommodate color-blind people; the leadership dismissed the idea as a mere nice-to-have that companies could be relied on to fix themselves. Read the rest

The year in DRM: seven rotten moments and two rays of hope

My end-of-the-year roundup the year in DRM for EFF's Deeplinks blog hits seven lowlights, from the catastrophic (the W3C greenlighting DRM for the web) to the idiotic ( Read the rest

One of the net's most important freedom canaries died the day the W3C greenlit web-wide DRM; what can we learn from the fight?

EFF's long, hard-fought campaign at the World Wide Web Consortium over its plan to standardize a universal DRM for the web was always a longshot, but we got farther than anyone dared hope before we lost the web to corporate interests and cynical indifference in September. Read the rest

Web analytics companies offer "replay sessions" that let corporations watch every click and keystroke for individual users

The "replay sessions" captured by surveillance-oriented "analytics" companies like Fullstory allow their customers -- "Walgreens, Zocdoc, Shopify, CareerBuilder, SeatGeek, Wix.com, Digital Ocean, DonorsChoose.org, and more" -- to watch everything you do when you're on their webpages -- every move of the mouse, every keystroke (even keystrokes you delete before submitting), and more, all attached to your real name, stored indefinitely, and shared widely with many, many "partners." Read the rest

Origin story of the Mimikatz password cracker is a parable about security, disclosure, cyberwar, and crime

Five years ago, Benjamin Delpy was working for an unspecified French government agency and teaching himself to program in C, and had discovered a vital flaw in the way that Windows protected its users' passwords. Read the rest

WPA2 was kracked because it was based on a closed standard that you needed to pay to read

How did a bug like krack fester in WPA2, the 13-year-old wifi standard whose flaws have rendered hundreds of millions of devices insecure, some of them permanently so? Read the rest

Boring, complex and important: the deadly mix that blew up the open web

On Monday, the World Wide Web Consortium published EME, a standard for locking up video on the web with DRM, allowing large corporate members to proceed without taking any steps to protect accessibility work, security research, archiving or innovation. Read the rest

Next page

:)