Canada

ISPs and Movie Industry Prepare Canadian Pirate Site Blocking Deal (torrentfreak.com) 86

An anonymous reader quotes a report from TorrentFreak: A coalition of movie industry companies and ISPs, including Bell, Rogers, and Cineplex are discussing a proposal to implement a plan to allow for website blockades without judicial oversight. The Canadian blocklist would be maintained by a new non-profit organization called "Internet Piracy Review Agency" (IPRA) and enforced through the CTRC, Canadaland reports. The plan doesn't come as a total surprise as Bell alluded to a nationwide blocking mechanism during a recent Government hearing. What becomes clear from the new plans, however, is that the telco is not alone. The new proposal is being discussed by various stakeholders including ISPs and local movie companies. As in other countries, major American movie companies are also in the loop, but they will not be listed as official applicants when the plan is submitted to the CRTC. Canadian law professor Micheal Geist is very critical of the plans. Although the proposal would only cover sites that "blatantly, overwhelmingly or structurally" engage in or facilitate copyright infringement, this can be a blurry line.

"Recent history suggests that the list will quickly grow to cover tougher judgment calls. For example, Bell has targeted TVAddons, a site that contains considerable non-infringing content," Geist notes. "It can be expected that many other sites disliked by rights holders or broadcasters would find their way onto the block list," he adds. While the full list of applicants is not ready yet, it is expected that the coalition will file its proposal to the CRTC before the end of the month.

Privacy

Germany Preparing Law for Backdoors in Any Type of Modern Device (bleepingcomputer.com) 251

Catalin Cimpanu, writing for BleepingComputer: German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more. Officials are expected to submit their proposed law for debate this week, according to local news outlet RedaktionsNetzwerk Deutschland (RND). The man supporting this proposal is Thomas de Maiziere, Germany's Interior Minister, who cites the difficulty law enforcement agents have had in past months investigating the recent surge of terrorist attacks and other crimes.
Privacy

Trump Is Looking at Plans For a Global Network of Private Spies (vice.com) 481

David Gilbert, writing for Vice: The White House is reportedly looking at a proposal to create a ghost network of private spies in hostile countries -- a way of bypassing the intelligence community's "deep state," which Donald Trump believes is a threat to his administration. The network would report directly to the president and CIA Director Mike Pompeo, and would be developed by Blackwater founder Erik Prince, according to multiple current and former officials speaking to The Intercept. "Pompeo can't trust the CIA bureaucracy, so we need to create this thing that reports just directly to him," a former senior U.S. intelligence official with firsthand knowledge of the proposals told the website. Described as "totally off the books," the network would be run by intelligence contractor Amyntor Group and would not share any data with the traditional intelligence community.
Security

A Popular Virtual Keyboard App Leaks 31 Million Users' Personal Data (zdnet.com) 65

Zack Whittaker, writing for ZDNet: Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app's developer failed to secure the database's server. The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the world. But the server wasn't protected with a password, allowing anyone to access the company's database of user records, totaling more than 577 gigabytes of sensitive data. The database appears to only contain records on the app's Android users.
Businesses

Gizmodo: Don't Buy Anyone an Amazon Echo Speaker (gizmodo.com) 257

Adam Clark Estes, writing for Gizmodo: Three years ago, we said the Echo was "the most innovative device Amazon's made in years." That's still true. But you shouldn't buy one. You shouldn't buy one for your family. [...] Your family members do not need an Amazon Echo or a Google Home or an AppleHomePod or whatever that one smart speaker that uses Cortana is called. And you don't either. You only want one because every single gadget-slinger on the planet is marketing them to you as an all-new, life-changing device that could turn your kitchen into a futuristic voice-controlled paradise. You probably think that having an always-on microphone in your home is fine, and furthermore, tech companies only record and store snippets of your most intimate conversations. No big deal, you tell yourself. Actually, it is a big deal. The newfound privacy conundrum presented by installing a device that can literally listen to everything you're saying represents a chilling new development in the age of internet-connected things. By buying a smart speaker, you're effectively paying money to let a huge tech company surveil you. And I don't mean to sound overly cynical about this, either. Amazon, Google, Apple, and others say that their devices aren't spying on unsuspecting families. The only problem is that these gadgets are both hackable and prone to bugs.
The Courts

State Board Concedes It Violated Free Speech Rights of Oregon Man Fined For Writing 'I Am An Engineer' (oregonlive.com) 178

According to Oregon Live, "A state panel violated a Beaverton man's free speech rights by claiming he had unlawfully used the title 'engineer' and by fining him when he repeatedly challenged Oregon's traffic-signal timing before local media and policymakers, Oregon's attorney general has ruled." From the report: Oregon's Board of Examiners for Engineering and Land Surveying unconstitutionally applied state law governing engineering practice to Mats Jarlstrom when he exercised his free speech about traffic lights and described himself as an engineer since he was doing so "in a noncommercial'' setting and not soliciting professional business, the state Department of Justice has conceded. "We have admitted to violating Mr. Jarlstrom's rights,'' said Christina L. Beatty-Walters, senior assistant attorney general, in federal court Monday. The state's regulation of Jarlstrom under engineering practice law "was not narrowly tailored to any compelling state interests,'' she wrote in court papers. The state has pledged the board will not pursue the Beaverton man any further when he's not acting in a commercial or professional manner, and on Monday urged a federal judge to dismiss the case. The state also sent a $500 check to Jarlstrom in August, reimbursing him for the state fine.

Jarlstrom and his lawyers argued that's not good enough. They contend Jarlstrom isn't alone in getting snared by the state board's aggressive and "overbroad'' interpretation of state law. They contend others have been investigated improperly and want the court to look broader at the state law and its administrative rules and declare them unconstitutional. In the alternative, the state law should be restricted to only regulating engineering communications that are made as part of paid employment or a contractual agreement.

Censorship

Cloudflare's CEO Has a Plan To Never Censor Hate Speech Again (arstechnica.com) 394

"Cloudflare CEO Matthew Prince hated cutting off service to the infamous neo-Nazi site the Daily Stormer in August," reports Ars Technica. "And he's determined not to do it again. 'I'm almost a free-speech absolutist.' Prince said at an event at the New America Foundation last Wednesday. But in a subsequent interview with Ars, Prince argued that in the case of the Daily Stormer, the company didn't have much choice." From the report: Prince's response was to cut Daily Stormer off while laying the groundwork to make sure he'd never have to make a decision like that again. In a remarkable company-wide email sent shortly after the decision, Prince described his own actions as "arbitrary" and "dangerous." "I woke up this morning in a bad mood and decided to kick them off the Internet," Prince wrote in August. "It was a decision I could make because I'm the CEO of a major Internet infrastructure company." He argued that "it's important that what we did today not set a precedent." Prior to August, Cloudflare had consistently refused to police content published by its customers. Last week, Prince made a swing through DC to help ensure that the Daily Stormer decision does not, in fact, set a precedent. He met with officials from the Federal Communications Commission and with researchers at the libertarian Cato Institute and the left-of-center New America Foundation -- all in an effort to ensure that he'd have the political cover he needed to say no next time he came under pressure to take down controversial content.

The law is strongly on Cloudflare's side here. Internet infrastructure providers like Cloudflare have broad legal immunity for content created by their customers. But legal rights may not matter if Cloudflare comes under pressure from customers to take down content. And that's why Prince is working to cultivate a social consensus that infrastructure providers like Cloudflare should not be in the censorship business -- no matter how offensive its customers' content might be.

Piracy

Gamer Streams Pay-Per-View UFC Fight By Pretending To Play It (theverge.com) 75

WheezyJoe writes: A pay-per-view UFC Match was streamed in its entirety on Twitch and other platforms by a gamer pretending he was "playing" the fight as a game. The gamer, AJ Lester, appearing in the corner of the image holding his game controller, made off like he was controlling the action of the "game" when in fact he was re-broadcasting the fight for free. A tweet showing Lester's antics went viral with over 63,000 retweets and 140,000 likes at the time of publication. Another clip shows him reacting wildly yelling "oooooooooooooooh!!!" and "damnnnnnn!" in response to the match.
Piracy

Not Even Free TV Can Get People To Stop Pirating Movies and TV Shows (qz.com) 221

An anonymous reader quotes a report from Quartz: Since the internet made it easier to illegally download and stream movies and TV shows, Hollywood struggled with people pirating its works online. About $5.5 billion in revenue was lost to piracy globally last year, Digital TV Research found (pdf), and it's expected to approach $10 billion by 2022. Streaming-video services like Netflix and Hulu have made it more affordable to access a wide-range of titles from different TV networks and movie studios. But the availability of cheap content online has done little to curb piracy, according to research published in Management Science (paywall) last month. Customers who were offered free subscriptions to a video-on-demand package (SVOD) were just as likely to turn to piracy to find programming as those without the offering, researchers at Catolica Lisbon School of Business & Economics and Carnegie Mellon University found.

The researchers partnered with an unnamed internet-service provider -- in a region they chose not to disclose -- to offer customers who were already prone to piracy an on-demand package for free for 45 days. About 10,000 households participated in the study, and about half were given the free service. The on-demand service was packaged like Netflix or Hulu in layout, appearance, and scope of programming, but was delivered through a TV set-top box. It had a personalized recommendation engine that surfaced popular programming based on what those customers were already watching illegally through BitTorrent logs, which were obtained from a third-party firm. The study found that while the participants watched 4.6% more TV overall when they had the free on-demand service, they did not stop using BitTorrent to pirate movies and TV shows that were not included in the offering.

Security

PayPal Says 1.6 Million Customer Details Stolen In Breach At Canadian Subsidiary (bleepingcomputer.com) 24

New submitter Kargan shares a report from BleepingComputer: PayPal says that one of the companies it recently acquired suffered a security incident during which an attacker appears to have accessed servers that stored information for 1.6 million customers. The victim of the security breach is TIO Networks, a Canadian company that runs a network of over 60,000 utility and bills payment kiosks across North America. PayPal acquired TIO Networks this past July for $238 million in cash. PayPal reportedly suspended the operations of TIO's network on November 10th. "PayPal says the intruder(s) got access to the personal information of both TIO customers and customers of TIO billers," reports BleepingComputer. "The company did not reveal what type of information the attacker accessed, but since this is a payment system, attackers most likely obtained both personally-identifiable information (PII) and financial details." The company has started notifying customers and is offering free credit monitoring memberships.
The Internet

FCC Won't Delay Vote, Says Net Neutrality Supporters Are 'Desperate' (arstechnica.com) 347

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission will move ahead with its vote to kill net neutrality rules next week despite an unresolved court case that could strip away even more consumer protections. FCC Chairman Ajit Pai says that net neutrality rules aren't needed because the Federal Trade Commission can protect consumers from broadband providers. But a pending court case involving AT&T could strip the FTC of its regulatory authority over AT&T and similar ISPs. A few dozen consumer advocacy groups and the City of New York urged Pai to delay the net neutrality-killing vote in a letter today. If the FCC eliminates its rules and the court case goes AT&T's way, there would be a "'regulatory gap' that would leave consumers utterly unprotected," the letter said. When contacted by Ars, Pai's office issued this statement in response to the letter: "This is just evidence that supporters of heavy-handed Internet regulations are becoming more desperate by the day as their effort to defeat Chairman Pai's plan to restore Internet freedom has stalled. The vote will proceed as scheduled on December 14."
Censorship

Apple, Google CEOs Bring Star Power as China Promotes Censorship (bloomberg.com) 38

An anonymous reader shares a Bloomberg report: Apple's Tim Cook and Google's Sundar Pichai made their first appearances at China's World Internet Conference, bringing star power to a gathering the Chinese government uses to promote its strategy of tight controls online. Apple's chief executive officer gave a surprise keynote at the opening ceremony on Sunday, calling for future internet and AI technologies to be infused with privacy, security and humanity. The same day, one of China's most-senior officials called for more aggressive government involvement online to combat terrorism and criminals. Wang Huning, one of seven men on China's top decision-making body, even called for a global response team to go well beyond its borders. It was Cook's second appearance in China in two months, following a meeting with President Xi Jinping in October. The iPhone maker has most of its products manufactured in the country and is trying to regain market share in smartphones against local competitors such as Huawei. "The theme of this conference -- developing a digital economy for openness and shared benefits -- is a vision we at Apple share," Cook said. "We are proud to have worked alongside many of our partners in China to help build a community that will join a common future in cyberspace."
Iphone

Should Apple Share iPhone X Face Data With App Developers? (washingtonpost.com) 66

The Washington Post ran a technology column asking what happens "when the face-mapping tech that powers the iPhone X's cutesy 'Animoji' starts being used for creepier purposes." It's not just that the iPhone X scans 30,000 points on your face to make a 3D model. Though Apple stores that data securely on the phone, instead of sending it to its servers over the Internet, "Apple just started sharing your face with lots of apps." Although their columnist praises Apple's own commitment to privacy, "I also think Apple rushed into sharing face maps with app makers that may not share its commitment, and it isn't being paranoid enough about the minefield it just entered." "I think we should be quite worried," said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. "The chances we are going to see mischief around facial data is pretty high -- if not today, then soon -- if not on Apple then on Android." Apple's face tech sets some good precedents -- and some bad ones... Less noticed was how the iPhone lets other apps now tap into two eerie views from the so-called TrueDepth camera. There's a wireframe representation of your face and a live read-out of 52 unique micro-movements in your eyelids, mouth and other features. Apps can store that data on their own computers.

To see for yourself, use an iPhone X to download an app called MeasureKit. It exposes the face data Apple makes available. The app's maker, Rinat Khanov, tells me he's already planning to add a feature that lets you export a model of your face so you can 3D print a mini-me. "Holy cow, why is this data available to any developer that just agrees to a bunch of contracts?" said Fatemeh Khatibloo, an analyst at Forrester Research.

"From years of covering tech, I've learned this much," the article concludes. "Given the opportunity to be creepy, someone will take it."
Botnet

How 'Grinch Bots' Are Ruining Online Christmas Shopping (nypost.com) 283

Yes, U.S. Senator Chuck Schumer actually called them "Grinch bots." From the New York Post: The senator said as soon as a retailer puts a hard-to-get toy -- like Barbie's Dreamhouse or Nintendo game systems -- for sale on a website, a bot can snatch it up even before a kid's parents finish entering their credit card information... "Bots come in and buy up all the toys and then charge ludicrous prices amidst the holiday shopping bustle," the New York Democrat said on Sunday... For example, Schumer said, the popular Fingerlings -- a set of interactive baby monkey figurines that usually sell for around $15 -- are being snagged by the scalping software and resold on secondary websites for as much as $1,000 a pop...

In December 2016, Congress passed the Better Online Ticket Sales (BOTS) Act, which Schumer sponsored, to crack down on their use to buy concert tickets, but the measure doesn't apply to other consumer products. He wants that law expanded but knows that won't happen in time for this holiday season. In the meantime, Schumer wants the National Retail Federation and the Retail Industry Leaders Association to block the bots and lead the effort to stop them from buying toys at fair retail prices and then reselling them at outrageous markups.

Intel

Dell Begins Offering Laptops With Intel's 'Management Engine' Disabled (liliputing.com) 140

An anonymous reader quotes Liliputing.com Linux computer vendor System76 announced this week that it will roll out a firmware update to disable Intel Management Engine on laptops sold in the past few years. Purism will also disable Intel Management Engine on computers it sells moving forward. Those two computer companies are pretty small players in the multi-billion dollar PC industry. But it turns out one of the world's largest PC companies is also offering customers the option of buying a computer with Intel Management Engine disabled.

At least three Dell computers can be configured with an "Intel vPro -- ME Inoperable, Custom Order" option, although you'll have to pay a little extra for those configurations... While Intel doesn't officially provide an option to disable its Management Engine, independent security researchers have discovered methods for doing that and we're starting to see PC makers make use of those methods.

The option appears to be available on most of Dell's Latitude laptops (from the 12- to 15-inch screens), including the 7480, 5480, and 5580 and the Latitude 14 5000 Series (as well as several "Rugged" and "Rugged Extreme" models).

Dell is charging anywhere from $20.92 to $40 to disable Intel's Management Engine.
Education

Massive Financial Aid Data Breach Proves Stanford Lied For Years To MBAs (poetsandquants.com) 116

14 terabytes of "highly confidential" data about 5,120 financial aid applications over seven years were exposed in a breach at Stanford's Graduate School of Business -- proving that the school "misled thousands of applicants and donors about the way it distributes fellowship aid and financial assistance to its MBA students," reports Poets&Quants. The information was unearthed by a current MBA student, Adam Allcock, in February of this year from a shared network directory accessible to any student, faculty member or staffer of the business school. In the same month, on Feb. 23, the student reported the breach to Jack Edwards, director of financial aid, and the records were removed within an hour of his meeting with Edwards. Allcock, however, says he spent 1,500 hours analyzing the data and compiling an 88-page report on it...

Allcock's discovery that more money is being used by Stanford to entice the best students with financial backgrounds suggests an admissions strategy that helps the school achieve the highest starting compensation packages of any MBA program in the world. That is largely because prior work experience in finance is generally required to land jobs in the most lucrative finance fields in private equity, venture capital and hedge funds.

Half the school's students are awarded financial aid, and though Stanford always insisted it was awarded based only on need, the report concluded the school had been "lying to their faces" for more than a decade, also identifying evidece of "systemic biases against international students."

Besides the embarrassing exposure of their financial aid policies, there's another obvious lesson, writes Slashdot reader twentysixV. "It's actually way too easy for users to improperly secure their files in a shared file system, especially if the users aren't particularly familiar with security settings." Especially since Friday the university also reported another university-wide file-sharing platform had exposed "a variety of information from several campus offices, including Clery Act reports of sexual violence and some confidential student disciplinary information from six to 10 years ago."
Businesses

Shouting 'Pay Your Taxes', Activists Occupy Apple Stores in France (marketwatch.com) 233

An anonymous reader quotes MarketWatch: A group of global activists stormed and occupied several Apple Stores in France on Saturday in a move aimed at pressuring the company to pay up on a €13 billion ($15.5 billion) tax bill to the European Union. In a press release, the France unit of the Association for the Taxation of Financial Transactions and Citizen's Action organization (Attac), said 100 of its members occupied the Opera Apple Store in Paris, demanding the company pay its taxes... Attac said dozens of protests were organized at other Apple store locations throughout France on Saturday. In the Paris store, activists were seen via videos circulating on Twitter, pushing past security and hanging a banner that said "We will stop when Apple pays." Security in Paris reportedly evacuated Apple workers from the building as those protests began.
After three hours they left the store -- leaving behind protest messages on the iPads on display. The group claims that Apple has stashed $230 billion in tax havens around the world, but also hopes to raise awareness about other issues.

"Attac said the action was part of the #PhoneRevolt movement aimed at highlighting unfair practices by Apple, that are not just about taxes, but also pollution via extraction of metals for its phones, worker exploitation and driving a global consumption binge."
The Courts

Free Game Company Sues 14-Year-Old Over 'Cheats' Video -- Claiming DMCA Violation (bbc.co.uk) 237

Bizzeh shared this report from the BBC: A mother has written a letter in defense of her 14-year-old son who is facing a lawsuit over video game cheats in the US. Caleb Rogers is one of two people facing legal action from gaming studio Epic Games for using cheat software to play the free game Fortnite. The studio says it has taken the step because the boy declined to remove a YouTube video he published which promoted how to use the software... "This company is in the process of attempting to sue a 14-year-old child," she wrote in the letter which has been shared online by the news site Torrentfreak.

Ms. Rogers added that she had not given her son parental consent to play the game as stated in its terms and conditions, and that as the game was free to play the studio could not claim loss of profit as a result of the cheats... In a statement given to the website Kotaku, Epic Games said the lawsuit was a result of Mr. Rogers "filing a DMCA counterclaim to a takedown notice on a YouTube video that exposed and promoted Fortnite Battle Royale cheats and exploits... Epic is not OK with ongoing cheating or copyright infringement from anyone at any age," it said.

Cory Doctorow counters that the 14-year-old "correctly asserted that there was no copyright infringement here. Videos that capture small snippets of a videogame do not violate that game creator's copyrights, because they are fair use..."
Transportation

Drone Pilot Arrested After Flying Over Two Stadiums, Dropping Leaflets (cbslocal.com) 108

"A man with an anti-media agenda was arrested in Oakland after he flew a drone over two different stadiums to drop leaflets" last Sunday, writes Slashdot reader execthis. A local CBS station reports: According to investigators, [55-year-old Tracy] Mapes piloted his drone over Levi's Stadium during the second quarter of the 49ers-Seattle game and released a load of pamphlets. He then quickly landed the drone, loaded it up and drove over to Oakland. He flew a similar mission over the Raiders-Broncos game. Santa Clara Police Lt. Dan Moreno said after Mapes was apprehended he defended the illegal action as a form of free speech.
USA Today reports there's now also an ongoing federal investigation "because the Federal Aviation Administration prohibits the flying of drones within five miles of an airport. Both Levi's Stadium and Oakland Coliseum are within that range."

"The San Francisco Chronicle added that the drone was a relatively ineffective messenger because 'most of the drone-dropped leaflets were carried away by the wind.'"
Communications

Volunteers Around the World Build Surveillance-Free Cellular Network Called 'Sopranica' (vice.com) 77

dmoberhaus writes: Motherboard's Daniel Oberhaus spoke to Denver Gingerich, the programmer behind Sopranica, a DIY, community-oriented cell phone network. "Sopranica is a project intended to replace all aspects of the existing cell phone network with their freedom-respecting equivalents," says Gingerich. "Taking out all the basement firmware on the cellphone, the towers that track your location, the payment methods that track who you are and who owns the number, and replacing it so we can have the same functionality without having to give up all the privacy that we have to give up right now. At a high level, it's about running community networks instead of having companies control the cell towers that we connect to." Motherboard interviews Gingerich and shows you how to use the network to avoid cell surveillance. According to Motherboard, all you need to do to join Sopranica is "create a free and anonymous Jabber ID, which is like an email address." Jabber is slang for a secure instant messaging protocol called XMPP that let's you communicate over voice and text from an anonymous phone number. "Next, you need to install a Jabber app on your phone," reports Motherboard. "You'll also need to install a Session Initiation Protocol (SIP) app, which allows your phone to make calls and send texts over the internet instead of the regular cellular network." Lastly, you need to get your phone number, which you can do by navigating to Sopranica's JMP website. (JMP is the code, which was published by Gingerich in January, and "first part of Sopranica.") "These phone numbers are generated by Sopranica's Voice Over IP (VOIP) provider which provides talk and text services over the internet. Click whichever number you want to be your new number on the Sopranica network and enter your Jabber ID. A confirmation code should be sent to your phone and will appear in your Jabber app." As for how JMP protects against surveillance, Gingerich says, "If you're communicating with someone using your JMP number, your cell carrier doesn't actually know what your JMP number is because that's going over data and it's encrypted. So they don't know that that communication is happening."

Slashdot Top Deals