Patents

EFF Beats 'Stupid' Patent Troll In Court (courthousenews.com) 26

An Australian court can't make a California advocacy group take down a web page, a U.S. federal judge just ruled on Friday. Even if that web page calls a company's patents "stupid." Courthouse News reports: San Francisco-based Electronic Frontier Foundation sued Global Equity Management, or GEMSA, in April, claiming the Australian firm exploited its home country's weaker free speech protections to secure an unconstitutional injunction against EFF. Kurt Opsahl, EFF's deputy executive director and general counsel, hailed the ruling as a victory for free speech. "We knew all along the speech was protected by the First Amendment," Opsahl said in a phone interview Friday. "We were pleased to see the court agree." Opsahl said the ruling sends a strong message EFF and other speakers can weigh in on important topics, like patent reform, without fear of being muzzled by foreign court orders.

The dispute stems from an article EFF published in June 2016, featuring GEMSA in its "Stupid Patent of the Month" series. The GEMSA patent is for a "virtual cabinet" to store data. In the article, EFF staff attorney Daniel Nazer called GEMSA a "classic patent troll" that uses its patent on graphic representations of data storage to sue "just about anyone who runs a website." The article also says GEMSA "appears to have no business other than patent litigation."

The judge granted EFF a default judgment, saying the Australian court's injunction was not only unenforceable in the United States but also "repugnant" to the U. S. Constitution.
The Courts

FOSS Community Criticizes SFLC over SFC Trademark War (lunduke.com) 24

Earlier this month Bruce Perens notified us that "the Software Freedom Law Center, a Linux-Foundation supported organization, has asked USPTO to cancel the trademark of the name of the Software Freedom Conservancy, an organization that assists and represents Free Software/Open Source developers." Now Slashdot reader curcuru -- director of the Apache Software Foundation -- writes: No matter how you look at it, this kind of lawsuit is a loss for software freedom and open source in general, since this kind of USPTO trademark petition (like a lawsuit) will tie up both organizations, leaving less time and funds to help FOSS projects. There's clearly more to the issue than the trademark issue; the many community members' blog posts make that clear.

GNOME executive director Neil McGovern
Apache Software Foundation director Shane Curcuru
Google security developer Matthew Garrett
Linux industry journalist Bryan Lunduke


The key point in this USPTO lawsuit is that the legal aspects aren't actually important. What's most important is the community reaction: since SFLC and Conservancy are both non-profits who help serve free software communities, it's the community perception of what organizations to look to for help that matters. SFLC's attempt to take away the Conservancy's very name doesn't look good for them.

Bryan Lunduke's video covers the whole case, including his investigation into the two organizations and their funding.

Education

The House's Tax Bill Levies a Tax On Graduate Student Tuition Waivers (nytimes.com) 466

Camel Pilot writes: The new GOP tax plan -- which just passed the House -- will tax tuition waivers as income. Graduate students working as research assistants on meager stipends would have to declare tuition waivers as income on the order of $80,000 income. This will force many graduate students of modest means to quit their career paths and walk away from their research. These are the next generation of scientists, engineers, inventors, educators, medical miracle workers and market makers. As Prof Claus Wilke points out: "This would be a disaster for U.S. STEM Ph.D. education." Slashdot reader Camel Pilot references a report via The New York Times, where Erin Rousseau explains how the House of Representatives' recently passed tax bill affects graduate research in the United States. Rousseau is a graduate student at M.I.T. who studies the neurological basis of mental health disorders. "My peers and I work between 40 and 80 hours a week as classroom teachers and laboratory researchers, and in return, our universities provide us with a tuition waiver for school. For M.I.T. students, this waiver keeps us from having to pay a tuition bill of about $50,000 every year -- a staggering amount, but one that is similar to the fees at many other colleges and universities," he writes. "No money from the tuition waivers actually ends up in our pockets, so under Section 117(d)(5), it isn't counted as taxable income." Rousseau continues by saying his tuition waivers will be taxed under the House's tax bill. "This means that M.I.T. graduate students would be responsible for paying taxes on an $80,000 annual salary, when we actually earn $33,000 a year. That's an increase of our tax burden by at least $10,000 annually."
The Military

Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets (theregister.co.uk) 79

An anonymous reader quotes a report from The Register: Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages -- all scraped from around the world by the U.S. military to identify and profile persons of interest. The archives were found by veteran security breach hunter UpGuard's Chris Vickery during a routine scan of open Amazon-hosted data silos, and these ones weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive. CENTCOM is the common abbreviation for the U.S. Central Command, which controls army operations in the Middle East, North Africa and Central Asia. PACOM is the name for U.S. Pacific Command, covering the rest of southern Asia, China and Australasia.

"For the research I downloaded 400GB of samples but there were many terabytes of data up there," he said. "It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate." Just one of the buckets contained 1.8 billion social media posts automatically fetched over the past eight years up to today. It mainly contains postings made in central Asia, however Vickery noted that some of the material is taken from comments made by American citizens. The databases also reveal some interesting clues as to what this information is being used for. Documents make reference to the fact that the archive was collected as part of the U.S. government's Outpost program, which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism.

Television

FCC Approves Next-Gen ATSC 3.0 TV Standard (reuters.com) 143

New submitter mikeebbbd writes: "U.S. regulators on Thursday approved the use of new technology that will improve picture quality on mobile phones, tablets and television, but also raises significant privacy concerns by giving advertisers dramatically more data about viewing habits," reports Reuters. ATSC3.0 will apparently make personal data collection and targeted ads possible. New TVs will be necessary, and broadcasters will need to transmit both ATSC 2.0 (the current standard) for 3 to 5 years before turning off the older system. For now, the conversion is voluntary. There appears to be no requirement (as there was when ATSC 2.0 came out) for low-cost adapter boxes to make older TVs work; once a channel goes ATSC 3.0-only, your old TV will not display it any more.
Privacy

Germany Bans Children's Smartwatches (bbc.com) 44

A German regulator has banned the sale of smartwatches aimed at children, describing them as spying devices. From a report: It had previously banned an internet-connected doll called, My Friend Cayla, for similar reasons. Telecoms regulator the Federal Network Agency urged parents who had such watches to destroy them. One expert said the decision could be a "game-changer" for internet-connected devices. "Poorly secured smart devices often allow for privacy invasion. That is really concerning when it comes to kids' GPS tracking watches - the very watches that are supposed to help keep them safe," said Ken Munro, a security expert at Pen Test Partners.
Privacy

Why is this Company Tracking Where You Are on Thanksgiving? (theoutline.com) 97

Earlier this week, several publications published a holiday-themed data study about how families that voted for opposite parties spent less time together on Thanksgiving, especially in areas that saw heavy political advertising. The data came from a company called SafeGraph that supplied publications with 17 trillion location markets for 10 million smartphones. A report looks at the bigger picture: The data wasn't just staggering in sheer quantity. It also appears to be extremely granular. Researchers "used this data to identify individuals' home locations, which they defined as the places people were most often located between the hours of 1 and 4 a.m.," wrote The Washington Post. The researchers also looked at where people were between 1 p.m. and 5 p.m. on Thanksgiving Day in order to see if they spent that time at home or traveled, presumably to be with friends or family. "Even better, the cellphone data shows you exactly when those travelers arrived at a Thanksgiving location and when they left," the Post story says. To be clear: This means SafeGraph is looking at an individual device and tracking where its owner is going throughout their day. A common defense from companies that creepily collect massive amounts of data is that the data is only analyzed in aggregate; for example, Google's database BigQuery, which allows organizations to upload big data sets and then query them quickly, promises that all its public data sets are "fully anonymized" and "contain no personally-identifying information." In multiple press releases from SafeGraph's partners, the company's location data is referred to as "anonymized," but in this case they seem to be interpreting the concept of anonymity quite liberally given the specificity of the data.
Social Networks

Report Claims That 18 Nation's Elections Were Impacted By Social Engineering Last Year (bbc.com) 228

sqorbit writes: Independent watchdog group Freedom House released a report that claims that 18 nation's elections were "hacked." Of the 65 countries that Freedom House monitors, 30 appear to be using social media in order to affect elections by attempting to control online discussions. The report covers fake news posts, paid online opinion writers and trolling tactics. Other items in the report speak to online censorship and VPN blocking that blocks information within countries to interfere with elections. The report says net freedom could be aided by: large-scale programs that showed people how to spot fake news; putting tight controls on political adverts; and making social media giants do more to remove bots and tune algorithms to be more objective.
Security

Bluetooth Hack Affects 20 Million Amazon Echo, Google Home Devices (thehackernews.com) 39

In September, security researchers discovered eight vulnerabilities -- codenamed collectively as BlueBorne -- in the Bluetooth implementations used by over 5.3 billion devices. We have now learned that an estimated 20 million Amazon Echo and Google Home devices are also vulnerable to attacks leveraging the BlueBorne vulnerabilities. The Hacker News reports: Amazon Echo is affected by the following two vulnerabilities: a remote code execution vulnerability in the Linux kernel (CVE-2017-1000251); and an information disclosure flaw in the SDP server (CVE-2017-1000250). Since different Echo's variants use different operating systems, other Echo devices are affected by either the vulnerabilities found in Linux or Android. Whereas, Google Home devices are affected by one vulnerability: information disclosure vulnerability in Android's Bluetooth stack (CVE-2017-0785). This Android flaw can also be exploited to cause a denial-of-service (DoS) condition. Since Bluetooth cannot be disabled on either of the voice-activated personal assistants, attackers within the range of the affected device can easily launch an attack. The security firm [Armis, who disclosed the issue] notified both Amazon and Google about its findings, and both companies have released patches and issued automatic updates for the Amazon Echo and Google Home that fixes the BlueBorne attacks.
Businesses

FCC Repeals Decades-Old Rules Blocking Broadcast Media Mergers (variety.com) 140

An anonymous reader quotes a report from The Washington Post (Warning: source may be paywalled; alternative source): Federal regulators rolled back decades-old rules on Thursday, making it far easier for media outlets to be bought and sold -- potentially leading to more newspapers, radio stations and television broadcasters being owned by a handful of companies. The regulations, eliminated in a 3-to-2 vote by the Federal Communications Commission, were first put in place in the 1970s to ensure that a diversity of voices and opinions could be heard on the air or in print. But now those rules represent a threat to small outlets that are struggling to survive in a vastly different media world, according to FCC Chairman Ajit Pai. One long-standing rule repealed Thursday prevented one company in a given media market from owning both a daily newspaper and a TV station. Another rule blocked TV stations in the same market from merging with each other if the combination would leave fewer than eight independently owned stations. The agency also took aim at rules restricting the number of TV and radio stations that any media company could simultaneously own in a single market. A major beneficiary of the deregulatory moves, analysts say, is Sinclair, a conservative broadcasting company that is seeking to buy up Tribune Media for $3.9 billion.
Twitter

Jack Dorsey Responds To Serial Killer Who Found His Victims Through Suicidal Twitter Posts (nhk.or.jp) 70

AmiMoJo shares a report from NHK WORLD: Twitter's CEO is reacting to a grisly case in Japan where a suspected serial killer allegedly found his victims through their suicidal posts on the social media platform. In an interview with NHK, Jack Dorsey said it is unrealistic and impossible to remove suicidal tweets. But he said he hoped Twitter could become a tool for prevention. Last month, the dismembered bodies of 9 people were found in 27-year-old Takahiro Shiraishi's apartment near Tokyo. Police say he admitted to the killings. They believe he preyed on people who posted about wanting to kill themselves on Twitter. Recently, Twitter updated its rules regarding posts about self-harm: "You may not promote or encourage suicide or self-harm. When we receive reports that a person is threatening suicide or self-harm, we may take a number of steps to assist them, such as reaching out to that person and providing resources such as contact information for our mental health partners."
EU

New EU Consumer Protection Law Contains a Vague Website Blocking Clause (bleepingcomputer.com) 45

An anonymous reader quotes a report from Bleeping Computer: The European Union (EU) has voted on Tuesday, November 14, to pass the new Consumer Protection Cooperation regulation, a new EU-wide applicable law that gives extra power to national consumer protection agencies, but which also contains a vaguely worded clause that also grants them the power to block and take down websites without judicial oversight. The new law "establishes overreaching Internet blocking measures that are neither proportionate nor suitable for the goal of protecting consumers and come without mandatory judicial oversight," Member of the European Parliament Julia Reda said in a speech in the European Parliament Plenary during a last ditch effort to amend the law. "According to the new rules, national consumer protection authorities can order any unspecified third party to block access to websites without requiring judicial authorization," Reda added later in the day on her blog. This new law is an EU regulation and not a directive, meaning its obligatory for all EU states, which do not have to individually adopt it.
Privacy

Federal Extreme Vetting Plan Castigated By Tech Experts (apnews.com) 155

An anonymous reader shares an Associated Press report: Leading researchers castigated a federal plan that would use artificial intelligence methods to scrutinize immigrants and visa applicants, saying it is unworkable as written and likely to be "inaccurate and biased" if deployed. The experts, a group of more than 50 computer and data scientists, mathematicians and other specialists in automated decision-making, urged the Department of Homeland Security to abandon the project, dubbed the "Extreme Vetting Initiative." That plan has its roots in President Donald Trump's repeated pledge during the 2016 campaign to subject immigrants seeking admission to the United States to more intense ideological scrutiny -- or, as he put it, "extreme vetting." Over the summer, DHS published a "statement of objectives" for a system that would use computer algorithms to scan social media and other material in order to automatically flag undesirable entrants -- and to continuously scan the activities of those allowed into the U.S.
Firefox

Firefox Will Block Navigational Data URIs as Part of an Anti-Phishing Feature (bleepingcomputer.com) 57

Catalin Cimpanu, writing for BleepingComputer: Mozilla will soon block the loading of data URIs in the Firefox navigation bar as part of a crackdown on phishing sites that abuse this protocol. The data: URI scheme (RFC 2397) was deployed in 1998 when developers were looking for ways to embed files in other files. What they came up with was the data: URI scheme that allows a developer to load a file represented as an ASCII-encoded octet stream inside another document. Since then, the URI scheme has become very popular with website developers as it allows them to embed text-based (CSS or JS) files or image (PNG, JPEG) files inside HTML documents instead of loading each resource via a separate HTTP request. This practice became hugely popular because search engines started ranking websites based on their page loading speed and the more HTTP requests a website made, the slower it loaded, and the more it affected a site's SERP position.
Piracy

Hollywood Strikes Back Against Illegal Streaming Kodi Add-ons (engadget.com) 77

An anonymous reader shares a report: An anti-piracy alliance supported by many major US and UK movie studios, broadcasters and content providers has dealt a blow to the third-party Kodi add-on scene after it successfully forced a number of popular piracy-linked streaming tools offline. In what appears to be a coordinated crackdown, developers including jsergio123 and The_Alpha, who are responsible for the development and hosting of add-ons like urlresolver, metahandler, Bennu, DeathStreams and Sportie, confirmed that they will no longer maintain their Kodi creations and have immediately shut them down.
Security

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera (wired.com) 106

Security researchers claim to have discovered a flaw in Amazon's Key Service, which if exploited, could let a driver re-enter your house after dropping off a delivery. From a report: When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery. Security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled, but frozen. A viewer watching its live or recorded stream sees only a closed door, even as their actual door is opened and someone slips inside. That attack would potentially enable rogue delivery people to stealthily steal from Amazon customers, or otherwise invade their inner sanctum. And while the threat of a camera-hacking courier seems an unlikely way for your house to be burgled, the researchers argue it potentially strips away a key safeguard in Amazon's security system. When WIRED brought the research to Amazon's attention, the company responded that it plans to send out an automatic software update to address the issue later this week.
The Internet

China Cyber Watchdog Rejects Censorship Critics, Says Internet Must Be 'Orderly' (reuters.com) 78

China's top cyber authority on Thursday rejected a recent report ranking it last out of 65 countries for press freedom, saying the internet must be "orderly" and the international community should join it in addressing fake news and other cyber issues. From a report: Ren Xianliang, vice minister of the Cyberspace Administration of China (CAC), said the rapid development of the country's internet over two decades is proof of its success and that it advocates for the free flow of information. "We should not just make the internet fully free, it also needs to be orderly... The United States and Europe also need to deal with these fake news and rumors," Ren told journalists without elaborating.
Businesses

The Brutal Fight To Mine Your Data and Sell It To Your Boss (bloomberg.com) 74

An anonymous reader shares a report from Bloomberg, explaining how Silicon Valley makes billions of dollars peddling personal information, supported by an ecosystem of bit players. Editor Drake Bennett highlights the battle between an upstart called HiQ and LinkedIn, who are fighting for your lucrative professional identity. Here's an excerpt from the report: A small number of the world's most valuable companies collect, control, parse, and sell billions of dollars' worth of personal information voluntarily surrendered by their users. Google, Facebook, Amazon, and Microsoft -- which bought LinkedIn for $26.2 billion in 2016 -- have in turn spawned dependent economies consisting of advertising and marketing companies, designers, consultants, and app developers. Some operate on the tech giants' platforms; some customize special digital tools; some help people attract more friends and likes and followers. Some, including HiQ, feed off the torrents of information that social networks produce, using software bots to scrape data from profiles. The services of the smaller companies can augment the offerings of the bigger ones, but the power dynamic is deeply asymmetrical, reminiscent of pilot fish picking food from between the teeth of sharks. The terms of that relationship are set by technology, economics, and the vagaries of consumer choice, but also by the law. LinkedIn's May 23 letter to HiQ wasn't the first time the company had taken legal action to prevent the perceived hijacking of its data, and Facebook and Craigslist, among others, have brought similar actions. But even more than its predecessors, this case, because of who's involved and how it's unfolded, has spoken to the thorniest issues surrounding speech and competition on the internet.
Privacy

Consumers Are Holding Off On Buying Smart-Home Gadgets Due To Security, Privacy Fears (businessinsider.com) 142

According to a new survey from consulting firm Deloitte, consumers are uneasy about being watched, listened to, or tracked by devices they place in their homes. The firm found that consumer interest in connected home technology lags behind their interest in other types of IoT devices. Business Insider reports: "Consumers are more open to, and interested in, the connected world," the firm said in its report. Noting the concerns about smart home devices, it added: "But not all IoT is created equal." Nearly 40% of those who participated in the survey said they were concerned about connected-home devices tracking their usage. More than 40% said they were worried that such gadgets would expose too much about their daily lives. Meanwhile, the vast majority of consumers think gadget makers weren't doing a good job of telling them about security risks. Fewer than 20% of survey respondents said they were very well informed about such risks and almost 40% said they weren't informed at all.
The Internet

FCC Plans December Vote To Kill Net Neutrality Rules (bloomberg.com) 114

An anonymous reader quotes a report from Bloomberg: The U.S. Federal Communications Commission under its Republican chairman plans to vote in December to kill the net neutrality rules passed during the Obama era, said two people briefed on the plans. Chairman Ajit Pai in April proposed gutting the rules that he blamed for depressing investment in broadband, and said he intended to "finish the job" this year. The chairman has decided to put his proposal to a vote at the FCC next month, said the people. The agency's monthly meeting is to be held Dec. 14. The people asked not to be identified because the plan hasn't been made public. It's not clear what language Pai will offer to replace the rules that passed with only Democratic votes at the FCC in 2015. He has proposed that the FCC end the designation of broadband companies such as AT&T Inc. and Comcast Corp. as common carriers. That would remove the legal authority that underpins the net neutrality rules. One of the people said Pai may call for vacating the rules except for portions that mandate internet service providers inform customers about their practices. The current regulations forbid broadband providers from blocking or slowing web traffic, or from charging higher fees in return for quicker passage over their networks.

Slashdot Top Deals