New submitter sperm shares a report from the BBC: The Beijing Winter Olympics app that all Games attendees must use contains security weaknesses that leave users exposed to data breaches, analysts say. The My2022 app will be used by athletes, audience members and media for daily Covid monitoring. The app will also offer voice chats, file transfers and Olympic news.

But cybersecurity group Citizen Lab says the app fails to provide encryption on many of its files. China has dismissed the concerns. Questions about the app come amid a rise in warnings about visitors' tech security ahead of the Games, which begin on 4 February. People attending the Beijing Olympics should bring burner phones and create email accounts for their time in China, cyber security firm Internet 2.0 said on Tuesday. Several countries have also reportedly told athletes to leave their main devices at home. The report also says that it's found a "censorship keywords" list built into the app, and a feature that allows people to flag other "politically sensitive" expressions.

Germany's federal cybersecurity watchdog, the BSI, did not find any evidence of censorship functions in mobile phones manufactured by China's Xiaomi, a spokesperson said on Thursday. Reuters reports: Lithuania's state cybersecurity body had said in September that Xiaomi phones had a built-in ability to detect and censor terms such as "Free Tibet," "Long live Taiwan independence" or "democracy movement." The BSI started an examination following these accusations, which lasted several months. "As a result, the BSI was unable to identify any anomalies that would require further investigation or other measures," the BSI spokesperson said.

The Washington Post asks what may be the ultimate question of our times. "Whether the largest social media companies have become so critical to public debate that being banned or blacklisted by them — whether you're an elected official, a dissident, or even just a private citizen who runs afoul of their content policies — amounts to a form of modern-day censorship."

"And, if so, are there circumstances under which such censorship is justified?"

The first person cited is Jillian York, director for international freedom of expression at the nonprofit Electronic Frontier Foundation. Fighting over whether a given speech restriction is or isn't censorship, she adds, is often an excuse to avoid harder, more nuanced discussions as to exactly which types of speech ought to be restricted, and by whom, and on what authority. "There are a lot of people in the U.S. who will claim to be [free speech] absolutists but then basically be fine with censoring sexuality," she says. In contrast, expressions of sexuality are widely accepted in Germany, where York now lives, but there's broad consensus that censorship of Holocaust denial is warranted. In New Zealand, she adds, the democratically elected government has a Chief Censor who reviews the content of films and literature. "I'm very wary of censorship," York says. "But the reason is, who do you trust to do it? It's not that all speech is totally equal and valid." In other words, the problem York sees isn't social platforms banning a powerful figure such as Trump. It's their lack of legitimacy as arbiters of speech, especially when they're censoring people who lack the stature to speak out through other means.

David Kaye, a law professor at University of California-Irvine and the former U.N. Special Rapporteur on freedom of expression, agrees that we should be wary of tech giants' power over discourse — especially in countries that lack a robust free press. But he balks at applying the term "censorship" to content moderation decisions taken by the likes of Facebook, Twitter or YouTube in the United States... We're better off, Kaye believes, reserving the term "censorship" for the many instances around the world in which speech restrictions are backed by the power of the state. That can include cases in which "the state puts demands on social media to take down content, or criminalizes individuals who tweet," as has happened in China, the United Arab Emirates, Myanmar and elsewhere...

"If we start to dilute the idea of censorship as a state-driven tool by equating it with what platforms are doing, we start to misunderstand what platforms are actually doing, and why they're doing it," Kaye said.
The Post ultimately cites three experts who agree on one point: that it's worth scrutinizing the decisions of social media platforms because of their growing influence — whether or not you end up calling it censorship. But they also cite a follow-up observation from Chinmayi Arun, a resident fellow of Yale Law School's Information Society Project.

Too often overlooked in the debates over what social networks take down is that they aren't just passive conduits of information: Their recommendation algorithms and design decisions actively shape what speech gets heard, and by how many, and how it is framed — often fueling the kind of divisive content that they later face pressure to remove.

Facebook, Twitter and YouTube may or may not have censored Trump a year ago. But there's no doubt that for years prior, they amplified and enabled him.

NBC News writes: VPNs, or virtual private networks, continue to be used by millions of people as a way of masking their internet activity by encrypting their location and web traffic. But on the modern internet, most people can safely ditch them, thanks to the widespread use of encryption that has made public internet connections far less of a security threat, cybersecurity experts say. "Most commercial VPNs are snake oil from a security standpoint," said Nicholas Weaver, a cybersecurity lecturer at the University of California, Berkeley. "They don't improve your security at all...."

Most browsers have quietly implemented an added layer of security in recent years that automatically encrypts internet traffic at most sites with a technology called HTTPS. Indicated by a tiny padlock by the URL, the presence of HTTPS means that worrisome scenario, in which a scammer or a hacker squats on a public Wi-Fi connection in order to watch people's internet habits, isn't feasible. It's not clear that the threat of a hacker at your coffee shop was ever that real to begin with, but it is certainly not a major danger now, Weaver said. "Remember, someone attacking you at the coffee shop needs to be basically at the coffee shop," he said. "I don't know of them ever being used outside of pranks. And those are all irrelevant now with most sites using HTTPS," he said in a text message.

There are still valid uses for VPNs. They're an invaluable tool for getting around certain types of censorship, though other options also exist, such as the Tor Browser, a free web browser that automatically reroutes users' traffic and is widely praised by cybersecurity experts. VPNs are also vital for businesses that need their employees to log in remotely to their internal network. And they're a popular and effective way to watch television shows and movies that are restricted to particular countries on streaming services. But like with antivirus software, the paid VPN industry is a booming global market despite its core mission no longer being necessary for many people.

Most VPNs market their products as a security tool. A Consumer Reports investigation published earlier this month found that 12 of the 16 biggest VPNs make hyperbolic claims or mislead customers about their security benefits. And many can make things worse, either by selling customers' browsing history to data brokers, or by having poor cybersecurity.
The article credits the Electronic Frontier Foundation for popularizing encryption through browser extensions and web site certificates starting in 2010. "In 2015, Google started prioritizing websites that enabled HTTPS in its search results. More and more websites started offering HTTPS connections, and now practically all sites that Google links to do so.

"Since late 2020, major browsers such as Brave, Chrome, Firefox, Safari and Edge all built HTTPS into their programs, making Electronic Frontier Foundation's browser extension no longer necessary for most people."

The New York Times: Flood global social media with fake accounts used to advance an authoritarian agenda. Make them look real and grow their numbers of followers. Seek out online critics of the state -- and find out who they are and where they live. China's government has unleashed a global online campaign to burnish its image and undercut accusations of human rights abuses. Much of the effort takes place in the shadows, behind the guise of bot networks that generate automatic posts and hard-to-trace online personas. Now, a new set of documents reviewed by The New York Times reveals in stark detail how Chinese officials tap private businesses to generate content on demand, draw followers, track critics and provide other services for information campaigns. That operation increasingly plays out on international platforms like Facebook and Twitter, which the Chinese government blocks at home. The documents, which were part of a request for bids from contractors, offer a rare glimpse into how China's vast bureaucracy works to spread propaganda and to sculpt opinion on global social media. They were taken offline after The Times contacted the Chinese government about them.

On May 21, a branch of the Shanghai police posted a notice online seeking bids from private contractors for what is known among Chinese officialdom as public opinion management. Officials have relied on tech contractors to help them keep up with domestic social media and actively shape public opinion via censorship and the dissemination of fake posts at home. Only recently have officials and the opinion management industry turned their attention beyond China. The Shanghai police are looking to create hundreds of fake accounts on Twitter, Facebook and other major social media platforms. The police department emphasizes that the task is time sensitive, suggesting that it wants to be ready to unleash the accounts quickly to steer discussion. Bot-like networks of accounts such as those that the Shanghai police want to buy have driven an online surge in pro-China traffic over the past two years. Sometimes the social media posts from those networks bolster official government accounts with likes or reposts. Other times they attack social media users who are critical of government policies.

The Tor Project said this week that it has seen a drop in the number of Tor relays and bridge servers and is now offering various rewards to users who help bring the number back up. From a report: Rewards include the likes of hoodies, t-shirts, and stickers and are meant to provide some sort of meaningful gift to those who help keep the Tor anonymity network alive and resilient to censorship. More specifically, the rewards will be provided to those who run "Tor bridges," which serve as entry points into the Tor network for users located in countries that block access to Tor servers. "We currently have approximately 1,200 bridges, 900 of which support the obfs4 obfuscation protocol," said Gustavo Gus, Community Team Lead for the Tor Project. "Unfortunately, these numbers have been decreasing since the beginning of this year. It's not enough to have many bridges: eventually, all of them could find themselves in block lists. We therefore need a constant trickle of new bridges that aren't blocked anywhere yet," the Tor Project member said.

Russia's boldest moves to censor the internet began in the most mundane of ways -- with a series of bureaucratic emails and forms. From a report: The messages, sent by Russia's powerful internet regulator, demanded technical details -- like traffic numbers, equipment specifications and connection speeds -- from companies that provide internet and telecommunications services across the country. Then the black boxes arrived. The telecom companies had no choice but to step aside as government-approved technicians installed the equipment alongside their own computer systems and servers. Sometimes caged behind lock and key, the new gear linked back to a command center in Moscow, giving authorities startling new powers to block, filter and slow down websites that they did not want the Russian public to see.

The process, underway since 2019, represents the start of perhaps the world's most ambitious digital censorship effort outside of China. Under President Vladimir V. Putin, who once called the internet a "C.I.A. project" and views the web as a threat to his power, the Russian government is attempting to bring the countryâ(TM)s once open and freewheeling internet to heel. The gear has been tucked inside the equipment rooms of Russia's largest telecom and internet service providers, including Rostelecom, MTS, MegaFon and Vympelcom, a senior Russian lawmaker revealed this year. It affects the vast majority of the country's more than 120 million wireless and home internet users, according to researchers and activists. The world got its first glimpse of Russia's new tools in action when Twitter was slowed to a crawl in the country this spring. It was the first time the filtering system had been put to work, researchers and activists said. Other sites have since been blocked, including several linked to the jailed opposition leader Alexei A. Navalny.

Apple has taken down one of the world's most popular Koran apps in China, following a request from officials. From a report: Quran Majeed is available across the world on the App Store -- and has nearly 150,000 reviews. It is used by millions of Muslims. The BBC understands that the app was removed for hosting illegal religious texts. The Chinese government has not responded to the BBC's request for comment. The deletion of the app was first noticed by Apple Censorship -- a website that monitors apps on Apple's App Store globally. In a statement from the app's maker, PDMS, the company said: "According to Apple, our app Quran Majeed has been removed from the China App store because it includes content that requires additional documentation from Chinese authorities."

"We are trying to get in touch with the Cyberspace Administration of China and relevant Chinese authorities to get this issue resolved." The company said it had close to one million users in China. The Chinese Communist Party officially recognises Islam as a religion in the country. However, China has been accused of human rights violations, and even genocide, against the mostly Muslim Uyghur ethnic group in Xinjiang. Earlier this year the BBC reported that Uyghur imams had been targeted in China's Xinjiang crackdown. Apple declined to comment, but directed the BBC to its Human Rights Policy, which states: "We're required to comply with local laws, and at times there are complex issues about which we may disagree with governments."

phalse phace writes: Facing a significantly more challenging operating environment and greater compliance requirements in China, Microsoft has decided to shut down LinkedIn in the country. The announcement follows the rebuke of LinkedIn executives by China's internet regulator in March for failing to control political content and gave them 30 days to do so. In recent months, LinkedIn notified several China-focused human-right activists, academics and journalists that their profiles were being blocked in China, saying they contained prohibited content. LinkedIn said it would replace its Chinese service, which restricts some content to comply with local government demands, with a job-board service lacking social-media features, such as the ability to share opinions and news stories.

Sam Biddle writes via The Intercept: To ward off accusations that it helps terrorists spread propaganda, Facebook has for many years barred users from speaking freely about people and groups it says promote violence. The restrictions appear to trace back to 2012, when in the face of growing alarm in Congress and the United Nations (PDF) about online terrorist recruiting, Facebook added to its Community Standards a ban on "organizations with a record of terrorist or violent criminal activity." This modest rule has since ballooned into what's known as the Dangerous Individuals and Organizations policy, a sweeping set of restrictions on what Facebook's nearly 3 billion users can say about an enormous and ever-growing roster of entities deemed beyond the pale. [...] The Intercept has reviewed a snapshot of the full DIO list and is today publishing a reproduction of the material in its entirety, with only minor redactions and edits to improve clarity. It is also publishing an associated policy document, created to help moderators decide what posts to delete and what users to punish.

The list and associated rules appear to be a clear embodiment of American anxieties, political concerns, and foreign policy values since 9/11, experts said, even though the DIO policy is meant to protect all Facebook users and applies to those who reside outside of the United States (the vast majority). Nearly everyone and everything on the list is considered a foe or threat by America or its allies: Over half of it consists of alleged foreign terrorists, free discussion of which is subject to Facebook's harshest censorship. The DIO policy and blacklist also place far looser prohibitions on commentary about predominately white anti-government militias than on groups and individuals listed as terrorists, who are predominately Middle Eastern, South Asian, and Muslim, or those said to be part of violent criminal enterprises, who are predominantly Black and Latino, the experts said.

The materials show Facebook offers "an iron fist for some communities and more of a measured hand for others," said Angel Diaz, a lecturer at the UCLA School of Law who has researched and written on the impact of Facebook's moderation policies on marginalized communities. Facebook's policy director for counterterrorism and dangerous organizations, Brian Fishman, said in a written statement that the company keeps the list secret because "[t]his is an adversarial space, so we try to be as transparent as possible, while also prioritizing security, limiting legal risks and preventing opportunities for groups to get around our rules." He added, "We don't want terrorists, hate groups or criminal organizations on our platform, which is why we ban them and remove content that praises, represents or supports them. A team of more than 350 specialists at Facebook is focused on stopping these organizations and assessing emerging threats. We currently ban thousands of organizations, including over 250 white supremacist groups at the highest tiers of our policies, and we regularly update our policies and organizations who qualify to be banned."

An anonymous reader quotes a report from The Economist: Who should police the internet? For some time now the question has tied companies, regulators and campaigners in knots. Social networks spend billions moderating content posted on their platforms, but are still criticized either for not removing enough toxic material or for stifling free speech. They are not the only ones to grapple with the problem. Banks and credit-card companies too are finding themselves playing a bigger role in what is said and done in the public square -- to their, and their customers', discomfort. Now the boundary of censorship is being extended further, into the pornography business. From October 15th adult websites worldwide will have to verify the age and identity of anyone featured in a picture or video, as well as the ID of the person uploading it. They will need to operate a fast complaints process, and will have to review all content before publication. These requirements are being imposed not by regulators but by Mastercard, a credit-card giant. Websites can always choose not to work with Mastercard. But given that the company handles about 30% of all card payments made outside China, to do so would be costly. Visa, which manages a further 60% of payments, is also taking a firmer line on adult sites. And the trend goes beyond porn. In the shadier corners of the web, and in industries where the law is unclear or out of date, financial firms are finding themselves acting as de facto regulators.
[...]
Visa and Mastercard's near-duopoly on card payments makes their decisions more powerful -- and the firms prime targets for protesters. In 2019 SumOfUs, a left-wing pressure group, tabled a proposal at Mastercard's annual meeting meant to stop payments to far-right groups. (The proposal was defeated.) Thirty-four women are suing Visa along with the owners of Pornhub, an adult site which they say hosted unconsenting footage of them. Illegal-porn sites "care a lot more about their finances than they do about the law," says Laila Mickelwait, whose Justice Defense Fund helps sex-abuse victims litigate. And, she adds, when financial firms change their policies it applies globally. Last year Visa and Mastercard cut off Pornhub over its hosting of potentially unlawful material. Payment companies in particular face a philosophical dilemma. "On one hand they try to be very open, accepting, willing to facilitate payments for whomever. They're not taking any sort of political or moral stance," says Lisa Ellis of MoffettNathanson, a research firm. "But on the other hand, they also feel like they have a very strong responsibility in making sure that they're not aiding and abetting any sort of crime."

Visa and Mastercard both say that, as global companies, their guiding principle is local legality. (This can throw up some surprises: one executive recalls being informed by clients from a Scandinavian country that bestiality was legal there at the time.) Things are not always black and white. In 2017, after a far-right march in Charlottesville, Virginia, Mastercard shut down the use of its cards on websites that had made "specific threats or incite[d] violence," but kept dealing with other sites labelled hate-groups. "Our standard is whether a merchant's activity is lawful, even when we disagree with what they say or do," the company said at the time. In grey areas they have reason to err on the side of caution. Payment networks' risk of liability tends to be low, since they operate at one remove from the merchants. But being named in a sex-trafficking complaint or accused of helping Nazis does not look good. In working with a borderline adult site, for instance, there's "not a lot of upside and a lot of downside", says Ms Ellis. And in legally tricky areas it can be cheaper to issue a blanket ban than pick through every difficult case. Banks may steer clear of countries that are not embargoed but which have a lot of people on the banned list, "to minimize the burden of determining whether every transaction is compliant," says Jonathan Cross of Herbert Smith Freehills, a law firm. [...] For as long as legislation lags behind, financial institutions will be left in a difficult position: either accused of being the "moral police," as one executive puts it, or of enabling wrongdoing. As Richard Haythornthwaite, then Mastercard's chairman, told the protesters at the firm's annual meeting in 2019: "If it is lawful, then we need to respect that transaction. If it is something that is swimming against the tide of society, it's for the society to rise up and change the law."

This week the Free Software Foundation (FSF) announced JShelter, "an anti-malware Web browser extension to mitigate potential threats from JavaScript, including fingerprinting, tracking, and data collection."

The browser add-on — supported by NLnet Foundation's Next Generation Internet (NGI) Zero Privacy & Trust Enhancing Technologies fund — is currently "in development and the first release is available." This browser add-on will limit the potential for JavaScript programs to do harmful actions by restricting default behavior and adding a layer of control... Accessing cookies, performing fingerprinting to track users across multiple sites, revealing the local network address, or capturing the user's input before they submit a form are some examples of JavaScript's capabilities that can be used in harmful ways. JShelter adds a safety layer that allows the user to choose if a certain action should be forbidden on a site, or if it should be allowed with restrictions, such as reducing the accuracy of geolocation to the city area. This layer can also aid as a countermeasure against attacks targeting the browser, operating system, or hardware levels... [The extension] will ask — globally or per site — if specific native functions provided by the JavaScript engine and the Document Object Model (DOM) are allowed by the user. It will also link to an explanatory page for each function, to raise awareness of related threats. Depending on the function being addressed, the user will have the option to allow it, block it, or have it return a custom value...

"Our browsers have become perhaps the most critical of tools we depend on, and yet the browser environment is far from healthy," says Michiel Leenaars, director of strategy at NLnet Foundation and coordinator of NGI Zero. "Dominant corporate behavior from a small amount of actors has been aggressively reshaping the evolution of the Web, and that is starting to wreak havoc. Despite an enormous systemic dependency, we as users have very little control over what browsers allow and share — leading to significant risk as the most powerful tools in the shed are essentially left unprotected for every casual Web site to abuse. JShelter is a great initiative to help empower us all, to help us gain better understanding and to better safeguard ourselves from obvious and otherwise unavoidable harm."

The effort is part of a larger, multi-year campaign from FSF on JavaScript on the Web started in 2013, which among others includes the development of GNU LibreJS and outreach to users and developers about nonfree software inside the browser. The GNU LibreJS extension detects JavaScript web labels and assists users with running only JavaScript distributed under a free software license, according to their ethical convictions and individual preferences.
"JShelter will help protect users from critical threats now, and contribute significantly to progress on the necessary longer-term cultural shift of moving away from nonfree JavaScript," said Ruben Rodriguez, former FSF chief technology officer.

"This is a project I've been looking forward to for years, tired of dealing with all kinds of potential antifeatures in the browsers I use and distribute, and having to figure out some countermeasure for them with configuration changes, patches or extensions. Being able to wrap the JavaScript engine in a layer of protection is a game changer."

"Days before Germany's federal elections, Facebook took what it called an unprecedented step: the removal of a series of accounts that worked together to spread COVID-19 misinformation and encourage violent responses to COVID restrictions," reports the Associated Press.

The crackdown, announced Sept. 16, was the first use of Facebook's new "coordinated social harm" policy aimed at stopping not state-sponsored disinformation campaigns but otherwise typical users who have mounted an increasingly sophisticated effort to sidestep rules on hate speech or misinformation. In the case of the German network, the nearly 150 accounts, pages and groups were linked to the so-called Querdenken movement, a loose coalition that has protested lockdown measures in Germany and includes vaccine and mask opponents, conspiracy theorists and some far-right extremists.

Facebook touted the move as an innovative response to potentially harmful content; far-right commenters condemned it as censorship. But a review of the content that was removed — as well as the many more Querdenken posts that are still available — reveals Facebook's action to be modest at best. At worst, critics say, it could have been a ploy to counter complaints that it doesn't do enough to stop harmful content. "This action appears rather to be motivated by Facebook's desire to demonstrate action to policymakers in the days before an election, not a comprehensive effort to serve the public," concluded researchers at Reset, a U.K.-based nonprofit that has criticized social media's role in democratic discourse....

Even with the new rule, a problem remains with the takedowns: they don't make it clear what harmful material remains up on Facebook, making it difficult to determine just what the social network is accomplishing. Case in point: the Querdenken network. Reset had already been
monitoring the accounts removed by Facebook and issued a report that concluded only a small portion of content relating to Querdenken was taken down while many similar posts were allowed to stay up... Facebook initially declined to provide examples of the Querdenken content it removed, but ultimately released four posts to the Associated Press that weren't dissimilar to content still available on Facebook...

Reset's analysis of comments removed by Facebook found that many were actually written by people trying to rebut Querdenken arguments, and did not include misinformation.

sciencehabit shares a report from Science.org: In late 1791 and early 1792, on the eve of the French Revolutionary Wars, Queen Marie Antoinette engaged in a secret correspondence with her confidant and rumored lover, Swedish Count Axel von Fersen. Nearly 50 letters from that exchange survive at the French National Archives. But certain passages in 15 of the letters were unreadable, obscured by redactions made with swirls of dark ink. Now, researchers have revealed the words beneath 45 of these alterations using x-ray technology. They have also discovered the censor's identity: von Fersen, himself. The idea that von Fersen made the redactions is "a revelation," says Catriona Seth, a professor of French literature at the University of Oxford who was not involved with the work. Historians had thought the letters were censored in the second half of the 19th century -- most likely by von Fersen's great-nephew -- to protect the writers' reputations. Now, she says, scholars will need to rethink the cover-up -- and the reasons behind it.

The newly legible passages are largely sentimental, phrases like "made my heart happy," and "you that I love." Comments on politics and world events, meanwhile, remain uncensored. But even these seemingly intimate phrases don't definitively tell historians anything new about Marie Antoinette and von Fersen's relationship, Seth says. Scholars, she notes, already knew Marie Antoinette had "a very deep affection for him." Still, she adds, the letters offer "direct insight into the thoughts and feelings of Marie Antoinette." In the future, the techniques in this study could be used in combination with machine algorithms to automatically transcribe old texts, the researchers say, making it easier to understand these important documents -- and others like them. The researchers published their findings in the journal Science Advances.

Sen. Rick Scott (R-Fla.) sent a letter to Microsoft and LinkedIn leadership on Thursday questioning why LinkedIn censored the profiles of U.S. journalists from the company's China-based platform this week, according to a letter obtained by Axios. From a report: LinkedIn -- which is owned by Microsoft -- notified several U.S. journalists this week, including Axios' Bethany Allen-Ebrahimian, that their accounts will no longer be viewable in China due to "prohibited content" on their profile. In addition to Allen-Ebrahimian, affected journalists include VICE News' Melissa Chan and freelance reporter Greg Bruno. All three have reported on human rights abuses in China.

"I am deeply concerned that an American company is actively censoring American journalists on behalf of the Chinese Communist Party," Scott said in the letter addressed to Microsoft CEO Satya Nadella and LinkedIn CEO Ryan Roslansky. "Members of the media report information that is critical to helping Americans, including members of Congress, understand the scope of Communist China's abuses, especially its abuses against and surveillance of Uyghurs in Xinjiang," the senator continued. "The censorship of these journalists raises serious questions about Microsoft's intentions and its commitment to standing up against Communist China's horrific human rights abuses and repeated attacks against democracy."

Germany's federal cybersecurity watchdog, the BSI, is conducting a technical examination of a mobile phone manufactured by China's Xiaomi, a spokesperson for the interior ministry told Reuters on Wednesday. From the report: The spokesperson did not provide further details on what kind of examination the agency was carrying out. Lithanua's state cybersecurity body said last week that Xiaomi phones had a built-in ability to detect and censor terms such as "Free Tibet," "Long live Taiwan independence" or "democracy movement." Xiaomi said on Monday it was engaging a third-party expert to assess the allegations by Lithuania that its smartphones carry built-in censorship capabilities.

"Harassment and abuse are all too common on the modern internet," writes the New York Times. "Yet it was supposed to be different in Germany." In 2017, the country enacted one of the world's toughest laws against online hate speech. It requires Facebook, Twitter and YouTube to remove illegal comments, pictures or videos within 24 hours of being notified about them or risk fines of up to 50 million euros, or $59 million. Supporters hailed it as a watershed moment for internet regulation and a model for other countries. But an influx of hate speech and harassment in the run-up to the German election, in which the country will choose a new leader to replace Angela Merkel, its longtime chancellor, has exposed some of the law's weaknesses...

Some critics of the law say it is too weak, with limited enforcement and oversight. They also maintain that many forms of abuse are deemed legal by the platforms, such as certain kinds of harassment of women and public officials. And when companies do remove illegal material, critics say, they often do not alert the authorities or share information about the posts, making prosecutions of the people publishing the material far more difficult. Another loophole, they say, is that smaller platforms like the messaging app Telegram, popular among far-right groups, are not subject to the law. Free-expression groups criticize the law on other grounds. They argue that the law should be abolished not only because it fails to protect victims of online abuse and harassment, but also because it sets a dangerous precedent for government censorship of the internet.

To address concerns that companies were not alerting the authorities to illegal posts, German policymakers this year passed amendments to the law. They require Facebook, Twitter and YouTube to turn over data to the police about accounts that post material that German law would consider illegal speech. The Justice Ministry was also given more powers to enforce the law... Facebook and Google have filed a legal challenge to block the new rules, arguing that providing the police with personal information about users violates their privacy.
An activist for the Electronic Frontier Foundation in Berlin tells the Times the law could encourage companies to remove offensive-but-legal speech. And Twitter shared a statement with additional concerns. "Threats, abusive content and harassment all have the potential to silence individuals. However, regulation and legislation such as this also has the potential to chill free speech by emboldening regimes around the world to legislate as a way to stifle dissent and legitimate speech."

Yet Germany's experience may ultimately influence policy across Europe, the Times points out, since German officials "are playing a key role in drafting one of the world's most anticipated new internet regulations, a European Union law called the Digital Services Act, which will require Facebook and other online platforms to do more to address the vitriol, misinformation and illicit content on their sites."

Lithuania's Defense Ministry recommended that consumers avoid buying Chinese mobile phones and advised people to throw away the ones they have now after a government report found the devices had built-in censorship capabilities. From a report: Flagship phones sold in Europe by China's smartphone giant Xiaomi have a built-in ability to detect and censor terms such as "Free Tibet", "Long live Taiwan independence" or "democracy movement", Lithuania's state-run cybersecurity body said on Tuesday. The capability in Xiaomi's Mi 10T 5G phone software had been turned off for the "European Union region", but can be turned on remotely at any time, the Defence Ministry's National Cyber Security Centre said in the report. "Our recommendation is to not buy new Chinese phones, and to get rid of those already purchased as fast as reasonably possible," Defence Deputy Minister Margiris Abukevicius told reporters in introducing the report.

Apple and Google removed an app meant to coordinate protest voting in this weekend's Russian elections from the country on Friday, a blow to the opponents of President Vladimir V. Putin and a display of Silicon Valley's limits when it comes to resisting crackdowns on dissent around the world. From a report: The decisions came after Russian authorities, which claim the app is illegal, threatened to prosecute local employees of Apple and Google -- a sharp escalation in the Kremlin's campaign to rein in the country's largely uncensored internet. A person familiar with Google's decision said the authorities had named specific individuals who would face prosecution, prompting it to remove the app.

The person declined to be identified for fear of angering the Russian government. Google has more than 100 employees in the country. Apple did not respond to phone calls, emails or text messages seeking comment. The app was created and promoted by allies of the opposition leader Aleksei A. Navalny, who were hoping to use it to consolidate the opposition vote in each of Russia's 225 electoral districts. It disappeared from the two technology platforms just as voting got underway in the three-day parliamentary election, in which Mr. Putin's United Russia party -- in a carefully stage-managed system -- holds a commanding advantage.

Mr. Navalny's team reacted with outrage to the decision, suggesting the companies had made a damaging concession to the Russians. "Removing the Navalny app from stores is a shameful act of political censorship," an aide to Mr. Navalny, Ivan Zhdanov, said on Twitter. "Russia's authoritarian government and propaganda will be thrilled." The decisions also drew harsh condemnation from free-speech activists in the West. "The companies are in a really difficult position but they have put themselves there," David Kaye, a former United Nations official responsible for investigating freedom of expression issues, said in an interview. "They are de facto carrying out an element of Russian repression. Whether it's justifiable or not, it's complicity and the companies need to explain it."

"On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack," the site reports.

Citing a new blog post from DDoS protection firm Qrator Labs, Krebs writes that "The assault came from 'Meris,' the same new botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer." A titanic and ongoing DDoS that hit Russian Internet search giant Yandex last week is estimated to have been launched by roughly 250,000 malware-infected devices globally, sending 21.8 million bogus requests-per-second. While last night's Meris attack on this site was far smaller than the recent Cloudflare DDoS, it was far larger than the Mirai DDoS attack in 2016 that held KrebsOnSecurity offline for nearly four days. The traffic deluge from Thursday's attack on this site was more than four times what Mirai threw at this site five years ago. This latest attack involved more than two million requests-per-second. By comparison, the 2016 Mirai DDoS generated approximately 450,000 requests-per-second.

According to Qrator, which is working with Yandex on combating the attack, Meris appears to be made up of Internet routers produced by MikroTik. Qrator says the United States is home to the most number of MikroTik routers that are potentially vulnerable to compromise by Meris — with more than 42 percent of the world's MikroTik systems connected to the Internet (followed by China — 18.9 percent- and a long tail of one- and two-percent countries). It's not immediately clear which security vulnerabilities led to these estimated 250,000 MikroTik routers getting hacked by Meris. "The spectrum of RouterOS versions we see across this botnet varies from years old to recent," the company wrote. "The largest share belongs to the version of firmware previous to the current stable one."
Krebs writes that the biggest contributor to the IoT botnet problem remains "a plethora of companies white-labeling [cheap] IoT devices that were never designed with security in mind and are often shipped to the customer in default-insecure states...

"The good news is that over the past five years, large Internet infrastructure companies like Akamai, Cloudflare and Google (which protects this site with its Project Shield initiative) have heavily invested in ramping up their ability to withstand these outsized attacks..."

One year earlier, back in 2015, Krebs had answered questions from Slashdot's readers.