Switzerland is about to have a national election with electronic voting, overseen by Swiss Post; e-voting is a terrible idea and the general consensus among security experts who don't work for e-voting vendors is that it shouldn't be attempted, but if you put out an RFP for magic beans, someone will always show up to sell you magic beans, whether or not magic beans exist.
Read the rest
The long fight over Do-Not-Track followed a predictable trajectory: a detailed, meaningful pro-privacy system was subverted by big business, and then published as a "standard" that offered virtually no privacy protections.
Read the rest
EFF's long, hard-fought campaign at the World Wide Web Consortium over its plan to standardize a universal DRM for the web was always a longshot, but we got farther than anyone dared hope before we lost the web to corporate interests and cynical indifference in September.
Read the rest
The "replay sessions" captured by surveillance-oriented "analytics" companies like Fullstory allow their customers -- "Walgreens, Zocdoc, Shopify, CareerBuilder, SeatGeek, Wix.com, Digital Ocean, DonorsChoose.org, and more" -- to watch everything you do when you're on their webpages -- every move of the mouse, every keystroke (even keystrokes you delete before submitting), and more, all attached to your real name, stored indefinitely, and shared widely with many, many "partners."
Read the rest
Five years ago, Benjamin Delpy was working for an unspecified French government agency and teaching himself to program in C, and had discovered a vital flaw in the way that Windows protected its users' passwords.
Read the rest
On Monday, the World Wide Web Consortium published EME, a standard for locking up video on the web with DRM, allowing large corporate members to proceed without taking any steps to protect accessibility work, security research, archiving or innovation. Read the rest
In July, the Director of the World Wide Web Consortium overruled dozens of members' objections to publishing a DRM standard without a compromise to protect accessibility, security research, archiving, and competition. Read the rest
Every three years, the US Copyright Office has to ask America about all the ways in which Section 1201 of the Digital Millennium Copyright Act (which bans bypassing DRM, even for legitimate reasons) interferes with our lives, and then it grants limited exemptions based on the results. Read the rest
The World Wide Web Consortium is pressing ahead with its project to standardize a DRM system for the web, without taking any legal steps to protect people whose legitimate activities would be impaired by the DRM system. Read the rest
Kids Pass is a service that offers discounts on family activities in the UK; their website makes several common -- and serious -- security problems that could allow hackers to capture their users' passwords, which endangers those users' data on other services where they have (unwisely) recycled those same passwords. Read the rest
A teenager discovered that the website of Budapesti Közlekedési Központ -- the public transit authority in Budapest -- would allow you to edit the price you paid for your tickets, so that purchasers could give themselves massive discounts on their travel, and when he told the authority about it, they had him arrested and issued a press-release boasting about it. Read the rest
The International Federation of Library Associations and Institutions is the respected global body representing libraries all over the world; in an open letter to the World Wide Web Consortium, the organization says the recent decision to standardize DRM for the web has undermined the web's openness and the ability of libraries and other public institutions to fulfill their important social role. Read the rest
Yesterday's smashing Net Neutrality campaign showed that people have finally woken up to the risks of the highly concentrated telcoms sector using its commercial muscle to decide what kinds of services can flourish in the online world -- but Big Internet doesn't confine its efforts to control the future to playing around with packets. Read the rest
[[Update, July 13: After consultation with W3C CEO Jeff Jaffe on timing, we've temporarily withdrawn this appeal, for one week, for purely logistical purposes. I am teaching a workshop all next week at UC San Diego and will re-file the objection at the end of the week, so that I will be able to devote undivided attention to garnering the necessary support from other W3C members. -Cory]]
Five days ago, the World Wide Web Consortium announced that it would go ahead with its project of making DRM for web-video, and that the Director, Tim Berners-Lee had overruled or decided not to act further on all objections about the dangers this posed to legitimate and important activities including security audits, accessibility adaptation and competition. Read the rest
It's the Day Against DRM, and EFF is celebrating by publishing the first public look at How Much Do Consumers Value Interoperability? Evidence from the Price of DVD Players, a scholarly economics paper that uses clever techniques to reveal some eye-popping number on the strangled market for DRM-free gadgets. Read the rest
It's been nearly four months since the W3C held the most controversial vote in its decades-long history of standards-setting: a vote where accessibility groups, security experts, browser startups, public interest groups, human rights groups, archivists, research institutions and other worthies went up against trillions of dollars' worth of corporate muscle: the world's largest electronics, web, and content companies in a battle for the soul of the open web. Read the rest
Medical devices have long been the locus of information security's scariest failures: from the testing and life-support equipment in hospitals to the implants that go in your body: these systems are often designed to harvest titanic amounts of data about you, data you're not allowed to see that's processed by code you're not allowed to audit, with potential felony prosecutions for security researchers who report defects in these systems (only partially mitigated by a limited exemption that expires next year). What's more, it can get much worse. Read the rest