After years of insisting that DRM in HTML wouldn't block open source implementations, Google says it won't support open source implementations

The bitter, yearslong debate at the World Wide Web Consortium over a proposal to standardize DRM for web browsers included frequent assurances by the pro-DRM side (notably Google, whose Widevine DRM was in line to be the principal beneficiary) that this wouldn't affect the ability of free/open source authors to implement the standard. Read the rest

A critical flaw in Switzerland's e-voting system is a microcosm of everything wrong with e-voting, security practice, and auditing firms

Switzerland is about to have a national election with electronic voting, overseen by Swiss Post; e-voting is a terrible idea and the general consensus among security experts who don't work for e-voting vendors is that it shouldn't be attempted, but if you put out an RFP for magic beans, someone will always show up to sell you magic beans, whether or not magic beans exist. Read the rest

Why Do-Not-Track browser settings are useless and what to do about it

The long fight over Do-Not-Track followed a predictable trajectory: a detailed, meaningful pro-privacy system was subverted by big business, and then published as a "standard" that offered virtually no privacy protections. Read the rest

One of the net's most important freedom canaries died the day the W3C greenlit web-wide DRM; what can we learn from the fight?

EFF's long, hard-fought campaign at the World Wide Web Consortium over its plan to standardize a universal DRM for the web was always a longshot, but we got farther than anyone dared hope before we lost the web to corporate interests and cynical indifference in September. Read the rest

Web analytics companies offer "replay sessions" that let corporations watch every click and keystroke for individual users

The "replay sessions" captured by surveillance-oriented "analytics" companies like Fullstory allow their customers -- "Walgreens, Zocdoc, Shopify, CareerBuilder, SeatGeek, Wix.com, Digital Ocean, DonorsChoose.org, and more" -- to watch everything you do when you're on their webpages -- every move of the mouse, every keystroke (even keystrokes you delete before submitting), and more, all attached to your real name, stored indefinitely, and shared widely with many, many "partners." Read the rest

Origin story of the Mimikatz password cracker is a parable about security, disclosure, cyberwar, and crime

Five years ago, Benjamin Delpy was working for an unspecified French government agency and teaching himself to program in C, and had discovered a vital flaw in the way that Windows protected its users' passwords. Read the rest

Boring, complex and important: the deadly mix that blew up the open web

On Monday, the World Wide Web Consortium published EME, a standard for locking up video on the web with DRM, allowing large corporate members to proceed without taking any steps to protect accessibility work, security research, archiving or innovation. Read the rest

World Wide Web Consortium abandons consensus, standardizes DRM with 58.4% support, EFF resigns

In July, the Director of the World Wide Web Consortium overruled dozens of members' objections to publishing a DRM standard without a compromise to protect accessibility, security research, archiving, and competition. Read the rest

EFF will tell the Copyright Office (again) to protect your right to remix, study and tinker

Every three years, the US Copyright Office has to ask America about all the ways in which Section 1201 of the Digital Millennium Copyright Act (which bans bypassing DRM, even for legitimate reasons) interferes with our lives, and then it grants limited exemptions based on the results. Read the rest

DRM in web standards creates new barriers to accessibility

The World Wide Web Consortium is pressing ahead with its project to standardize a DRM system for the web, without taking any legal steps to protect people whose legitimate activities would be impaired by the DRM system. Read the rest

Security researchers repeatedly warned Kids Pass about bad security, only to be ignored and blocked

Kids Pass is a service that offers discounts on family activities in the UK; their website makes several common -- and serious -- security problems that could allow hackers to capture their users' passwords, which endangers those users' data on other services where they have (unwisely) recycled those same passwords. Read the rest

Security researcher arrested after he warns Hungarian transit company about their dumb mistake

A teenager discovered that the website of Budapesti Közlekedési Központ -- the public transit authority in Budapest -- would allow you to edit the price you paid for your tickets, so that purchasers could give themselves massive discounts on their travel, and when he told the authority about it, they had him arrested and issued a press-release boasting about it. Read the rest

The world's libraries tell the W3C that DRM is bad for the web

The International Federation of Library Associations and Institutions is the respected global body representing libraries all over the world; in an open letter to the World Wide Web Consortium, the organization says the recent decision to standardize DRM for the web has undermined the web's openness and the ability of libraries and other public institutions to fulfill their important social role. Read the rest

If you're worried about Net Neutrality, you should be worried about web DRM, too

Yesterday's smashing Net Neutrality campaign showed that people have finally woken up to the risks of the highly concentrated telcoms sector using its commercial muscle to decide what kinds of services can flourish in the online world -- but Big Internet doesn't confine its efforts to control the future to playing around with packets. Read the rest

EFF has appealed the W3C's decision to make DRM for the web without protections

[[Update, July 13: After consultation with W3C CEO Jeff Jaffe on timing, we've temporarily withdrawn this appeal, for one week, for purely logistical purposes. I am teaching a workshop all next week at UC San Diego and will re-file the objection at the end of the week, so that I will be able to devote undivided attention to garnering the necessary support from other W3C members. -Cory]]

Five days ago, the World Wide Web Consortium announced that it would go ahead with its project of making DRM for web-video, and that the Director, Tim Berners-Lee had overruled or decided not to act further on all objections about the dangers this posed to legitimate and important activities including security audits, accessibility adaptation and competition. Read the rest

How big is the market for DRM-Free?

It's the Day Against DRM, and EFF is celebrating by publishing the first public look at How Much Do Consumers Value Interoperability? Evidence from the Price of DVD Players, a scholarly economics paper that uses clever techniques to reveal some eye-popping number on the strangled market for DRM-free gadgets. Read the rest

The W3C has overruled members' objections and will publish its DRM for videos

It's been nearly four months since the W3C held the most controversial vote in its decades-long history of standards-setting: a vote where accessibility groups, security experts, browser startups, public interest groups, human rights groups, archivists, research institutions and other worthies went up against trillions of dollars' worth of corporate muscle: the world's largest electronics, web, and content companies in a battle for the soul of the open web. Read the rest

More posts