Geek Stuff

CloudFlare Protects Internet Users By Insisting On Lawful Orders Before Blocking Customers

EFF's Deeplinks -

This month, the online service provider CloudFlare stood up for its website-owner customers, and for all users of those websites, by telling a court that CloudFlare shouldn’t be forced to block sites without proper legal procedure. Copyright law limits the kinds of orders that a court can impose on Internet intermediaries, and requires courts to consider the pros and cons thoroughly. In this case, as in other recent cases, copyright (and trademark) holders are trying to use extremely broad interpretations of some basic court rules to bypass these important protections. As special interests keep trying to make things disappear from the Internet quickly, cheaply, and without true court supervision, it’s more important than ever that Internet companies like CloudFlare are taking a stand.

The current dispute between CloudFlare and a group of record labels arose from the labels’ case against the music streaming site MP3Skull. The website’s owners never appeared in court to defend themselves against a lawsuit by the labels. The labels, who are all members of the Recording Industry Association of America, won a court judgment by default in March of this year. The judgment included a permanent injunction against the site and those in “active concert and participation” with it. On the last day of June, the labels’ lawyers sent the order to CloudFlare and demanded that they immediately stop providing services to various Internet addresses and domain names connected with MP3Skull.

CloudFlare provides content delivery network services, optimization, and security for websites. Its CEO previously said on the company’s blog that “if we were to receive a valid court order that compelled us to not provide service to a customer then we would comply with that court order,” but that “there will be things on our network that make us uncomfortable[, and] our proper role is not that of Internet censor.” Last year, with help from EFF, CloudFlare successfully fought back against a court order that would have required it to act as trademark police for the music labels by shutting down any customer who used domain names like “grooveshark.”

CloudFlare is keeping up that legal approach in the MP3Skull case. It wrote to the U.S. District Court for the Southern District of Florida to say that while it “does not oppose an appropriate injunction,” the RIAA members should be required to follow the procedure set out in Section 512(j) of the Digital Millennium Copyright Act (the DMCA). That law limits the kinds of injunctions that can be imposed on Internet intermediaries like CloudFlare. It also requires courts to consider the pros and cons of ordering an intermediary to help enforce a copyright. Specifically, a court has to consider whether an order would “significantly burden” the service provider or its operations, how much harm the copyright holder is likely to experience without an order, whether the order would be technically feasible and effective, whether it would tend to block non-infringing material, and whether less burdensome measures are available.

None of that happened in this case. The court simply entered a broad injunction against the MP3Skull defendants by default after they failed to show up in court, and the labels then attempted to bind CloudFlare with that order months later. The labels didn’t mention the DMCA at all in their request to the court. Instead, they pointed to Rule 65 of the Federal Rules of Civil Procedure, which says that a court can issue injunctions against a party to the case or anyone in “active concert and participation” with a party. It’s that phrase that rightsholders have used to try to bind Internet intermediaries like CloudFlare without following the procedure laid out in DMCA 512(j), and similar limitations that the courts have created for trademark law.1

The “active concert” clause of Rule 65 is actually quite narrow: it’s meant to keep parties to a case from evading a court order by acting indirectly through a friend or associate. It doesn’t sweep every company that provides services to a defendant under the court’s power, and it doesn’t bypass more specific rules like DMCA 512(j). Making Rule 65 into an injunction trump card would lead to bizarre results: the courts would have more power over a service provider like CloudFlare if it is not named as a defendant in a lawsuit, and less power if the service provider were actually sued, given their day in court, and found liable. It’s easy to see why the law shouldn’t work that way.

Although another court found that CloudFlare was in “active concert and participation” with a trademark-infringing customer last year, that court also narrowed its injunction against CloudFlare, as trademark law requires. Still, the court should reject the record labels' argument that one injunction obtained by default can bind "countless conduit online service providers, search engines, web hosts, content delivery networks, and other service providers" -- in other words, the entire Internet -- without considering the burdens, costs, and alternatives for each, as Congress required.

The limits on court orders against intermediaries are vital safeguards against censorship, especially where the censorship is done on behalf of a well-financed party. That’s why it’s important for courts to uphold those limits even in cases where copyright or trademark infringement seems obvious. Court precedents and technical tools built today to go after “notorious pirates” will be used tomorrow against popular blogs, political commentators, satirists, and innocent businesses. Insisting on a full and fair legal process before blocking users becomes more important the larger an online service provider gets. That's why it’s great to see a service like CloudFlare stepping up to protect all Internet users by doing just that.

  • 1. Tiffany (NJ) Inc. v. eBay Inc., 600 F. 3d 93 (2d. Cir. 2010)

Share this: Join EFF

FBI Authorized Informants To Break The Law 22,800 Times In 4 Years

Slashdot -

blottsie quotes a report from the Daily Dot: Over a four-year period, the FBI authorized informants to break the law more than 22,800 times, according to newly reviewed documents. Official records obtained by the Daily Dot under the Freedom of Information Act show the Federal Bureau of Investigation gave informants permission at least 5,649 times in 2013 to engage in activity that would otherwise be considered a crime. In 2014, authorization was given 5,577 times, the records show. USA Today previously revealed confidential informants engaged in "otherwise illegal activity," as the bureau calls it, 5,658 times in 2011. The figure was at 5,939 the year before, according to documents acquired by the Huffington Post. In total, records obtained by reporters confirm the FBI authorized at least 22,823 crimes between 2011 and 2014. Unfortunately, many of those crimes can have serious and unintended consequences. One of the examples mentioned in the Daily Dot's report was of an FBI informant who "was responsible for facilitating the 2011 breach of Stratfor in one of the most high-profile cyberattacks of the last decade. While a handful of informants ultimately brought down the principal hacker responsible, the sting also caused Stratfor, an American intelligence firm, millions of dollars in damages and left and estimated 700,000 credit card holders vulnerable to fraud."

Read more of this story at Slashdot.

Ashley Madison Security Protocols Violated Canada, Austrialia Privacy Laws

Slashdot -

The Office of the Privacy Commissioner of Canada said Tuesday that the Canada-based online dating and social networking service Ashely Madison used inadequate privacy and security technology while marketing itself as a discreet and secure way for consenting adults to have affairs. CBC.ca reports: "In a report Tuesday, the privacy watchdog says the Toronto-based company violated numerous privacy laws in Canada and abroad in the era before a massive data breach exposed confidential information from their clients to hackers. The hack stole correspondence, identifying details and even credit card information from millions of the site's users. The resulting scandal cost the company about a quarter of its annual revenues from irate customers who demanded refunds and cancelled their accounts. Working with a similar agency in Australia, the privacy group says the company knew that its security protocols were lacking but didn't do enough to guard against being hacked. The company even adorned its website with the logo of a 'trusted security award' -- a claim the company admits it fabricated." The report found that "poor habits such as inadequate authentication processes and sub-par key and password management practices were rampant at the company" and that "much of the company's efforts to monitor its own security were 'focused on detecting system performance issues and unusual employee requests for decryption of sensitive user data.'" What's more is that Ashley Madison continued to store personal information of its users even after some of which had deleted or deactivated their account(s). These people then had their information included in databases published online after the hack.

Read more of this story at Slashdot.

WikiLeaks Published Rape Victims' Names, Credit Cards, Medical Data

Slashdot -

Joe Mullin, writing for ArsTechnica: Even as WikiLeaks founder Julian Assange sits trapped in the Ecuadorean embassy, the WikiLeaks website continues to publish the secrets of various governments worldwide. But that's not all it's publishing. A report today by the Associated Press highlights citizens who had "sensitive family, financial or identity records" published by the site. "They published everything: my phone, address, name, details," said one Saudi man whose paternity dispute was revealed in documents published by the site. "If the family of my wife saw this... Publishing personal stuff like that could destroy people." One document dump, from Saudi diplomatic cables, held at least 124 medical files. The files named sick children, refugees, and patients with psychiatric conditions. In one case, the cables included the name of a Saudi who was arrested for being gay. In Saudi Arabia, homosexuality is punishable by death. In two other cases, WikiLeaks published the names of teenage rape victims. "This has nothing to do with politics or corruption," said Dr. Nayef al-Fayez, who had a patient with brain cancer whose personal details were published.

Read more of this story at Slashdot.

E Fun launches Nextbook 10.1 2-in-1 Windows tablet for $180

Liliputing -

E Fun’s latest low-cost tablet is a 2-in-1 model with a detachable keyboard, an Intel Atom x5-Z8300 Cherry Trail processor and Windows 10 software.

The E Fun Nextbook 10.1 is now available from Target for $180.

The tablet’s specs aren’t all that impressive, and it’s not unusual to find low-cost Windows tablets these days. But it’s nice to see that even cheap models from budget device makers like E Fun seem to offer at least a somewhat respectable set of features, given the low price tag.

Continue reading E Fun launches Nextbook 10.1 2-in-1 Windows tablet for $180 at Liliputing.

Tesla Unveils New Model S, Its Quickest Production Car

Slashdot -

Electric car maker Tesla said Tuesday that it is launching a 100-kilowatt-hour (kWh) battery for its Model S and Model X cars. A report on Bloomberg says: Tesla is adding versions of its Model S sedan and Model X sport utility vehicle with a more powerful battery pack that the company said makes the Model S the world's quickest production car and gives it range of 315 miles on a single charge. Chief Executive Officer Elon Musk is trying to appeal to sports car enthusiasts with the new Model S P100D with a 100 kilowatt-hour battery, which with Ludicrous mode can go from a standstill to 60 miles per hour in 2.5 seconds, compared with 2.8 seconds for the P90D Ludicrous version. The P100D Ludicrous upgrade costs $10,000 for customers who have ordered a P90D Ludicrous but haven't taken delivery, or $20,000 for owners who already have that vehicle type.

Read more of this story at Slashdot.

Opera’s VPN is now available as a standalone Android app

Liliputing -

The developers of the Opera web browser have been tacking new features into their browser apps in recent months, including a built-in ad blocker and built-in VPN service.

But now you can take advantage of one of those new tools without actually using the Opera browser. The company has launched an Opera VPN app for Android. An iOS version was released earlier this year.

Opera’s free VPN app lets you connect to a virtual private network, allowing you to surf the web somewhat anonymously by hiding your location and preventing ad networks, analytics trackers, and other web tools from collecting accurate information about you and your browsing habits.

Continue reading Opera’s VPN is now available as a standalone Android app at Liliputing.

Facebook Knows Your Political Preferences

Slashdot -

Facebook knows a lot more about its users than they think. For instance, the New York Times reports, the company is categorizing its users as liberal, conservative, or moderate. These details are valuable for advertisers and campaign managers, especially ahead of the election season. From a BusinessInsider report: For some, Facebook is able to come to conclusions about your political leanings easily, if you mention a political party on your page. For those that are less open about politics on social media, Facebook makes assumptions based on pages you like. As The New York Times explained, if you like Ben and Jerry's Facebook page and most of the other people that like that page identify as liberal, Facebook might assume you too are liberal.

Read more of this story at Slashdot.

PlayStation 3 Games Are Coming To PC

Slashdot -

PlayStation 3 games are coming to Windows. Sony said Tuesday that it is bringing its PlayStation Now game-streaming program to Windows PCs. The service broadcasts PlayStation 3 games over the internet similar to the way Netflix beams movies to devices like Roku. CNET reports: This fall, you'll be able to play previously exclusive games like Uncharted 3 and Shadow of the Colossus on a Windows laptop. The catch: you'll be playing those games over the internet with Sony's streaming game service, PlayStation Now. Think Netflix. PlayStation Now has already been around for a couple of years on the PS4, PS3, PS Vita handheld, plus a handful of Blu-ray players and smart TVs. For $20 a month or $45 for three, the service gives players unlimited access to a long list of over 400 PlayStation 3 games. Like Netflix or any other streaming service, the quality can vary wildly depending on your internet connection -- Sony requires a solid 5Mbps connection at all times, and that doesn't change today. What changes is the size of Sony's audience. With a Windows laptop or tablet, you aren't tethered to a big-screen TV. You could theoretically take these PlayStation games anywhere -- and wherever you go, your save games stream with you.

Read more of this story at Slashdot.

PlayStation Now game streaming coming to Windows PCs (play PS3 games on a PC)

Liliputing -

PlayStation Now is a service that lets you stream PlayStation 3 games over the internet for $20 per month (or less if you sign up for a longer period).

First launched in 2014, the game streaming service works on a handful of devices including the PS3 and PS4 game consoles, PS Vita handheld game system, and recent Sony smart TVs and Blu-ray players.

Soon you’ll be able to use PlayStation Now to play PS3 games on a Windows computer.

Continue reading PlayStation Now game streaming coming to Windows PCs (play PS3 games on a PC) at Liliputing.

FBI Investigating Russian Hack Of New York Times Reporters, Others

Slashdot -

Hackers thought to be working for Russian intelligence have carried out a series of cyber breaches targeting reporters at the New York Times and other U.S. news organizations, reports CNN, citing US officials briefed on the matter. From the report: The intrusions, detected in recent months, are under investigation by the FBI and other US security agencies. Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said. "Like most news organizations we are vigilant about guarding against attempts to hack into our systems," said New York Times Co. spokeswoman Eileen Murphy. "There are a variety of approaches we take up to and including working with outside investigators and law enforcement. We won't comment on any specific attempt to gain unauthorized access to The Times." The breaches targeting reporters and news organizations are part of an apparent surge in cyber attacks in the past year against entities beyond US government agencies.

Read more of this story at Slashdot.

Amazon may launch an Echo-only music service for $5 per month

Liliputing -

Pay $10 per month and you can stream millions of songs from the internet. That’s how today’s top music streaming services, including Spotify, Apple Music, Microsoft Groove Music, and Google Play Music work. Amazon is said to be planning to launch its own $10/month music service too.

But Amazon may also have a second, cheaper plan. According to a report from Recode, Amazon wants to let Amazon Echo owners stream music for about half the price.

Continue reading Amazon may launch an Echo-only music service for $5 per month at Liliputing.

Steve Wozniak Says Apple Must Fix iPhone 7 Bluetooth Or Revive Its Headphone Jack

Slashdot -

We've talked extensively about the missing headphone jack on the upcoming iPhone. While some say that the move will ruin user experience -- something that has already started to seem that way in the real world -- a few argue that someone needs to push the needle to move the technology forward. Now Apple co-founder Steve Wozniak has something to say about the missing legacy audio jack as well. He is asking Apple to fix the Bluetooth first if the company intends to give users to move to wireless headphones. From a Financial Review report: Apple co-founder Steve Wozniak has warned Apple is going to frustrate a lot of customers if it removes the headphone jack from the upcoming iPhone 7. [...] Customers wanting to use their existing, wired earbuds and headphones might have to buy an adaptor that attaches to the iPhone's Lightning port, or to whatever port does remain on the phone. "If it's missing the 3.5mm earphone jack, that's going to tick off a lot of people," Mr Wozniak told The Australian Financial Review. "I would not use Bluetooth ... I don't like wireless. I have cars where you can plug in the music, or go through Bluetooth, and Bluetooth just sounds so flat for the same music." Mr Wozniak said he would probably use the adaptor to connect his existing earphones to his next iPhone, and said that, like many other users he is attached to the accessories that he uses alongside the phone. "Mine have custom ear implants, they fit in so comfortably, I can sleep on them and everything. And they only come out with one kind of jack, so ''ll have to go through the adaptor," he said. "If there's a Bluetooth 2 that has higher bandwidth and better quality, that sounds like real music, I would use it. But we'll see. Apple is good at moving towards the future, and I like to follow that."

Read more of this story at Slashdot.

Didi Launches Car Rental Service In China

Slashdot -

An anonymous reader writes: Ride-hailing giant Didi Chuxing is adding a car rental service for customers in several cities, to take advantage of the enormous domestic tourism market in China. Users can reserve a car through the Didi app and have it delivered to their door within two hours. The service, which is currently in beta testing in Shanghai, is expected to expand to several more cities in China over the next year. In a statement the company said, "Didi car rental is launched in response to the boom in China's short-term and tourist car rental market as the population goes through a lifestyle revolution." In 2015, 2.34 billion cars were rented for domestic tourists in China. That number is expected to more than double, reaching 5.8 billion by 2020.The move comes weeks after Uber announced it was selling its Chinese operation to Didi.

Read more of this story at Slashdot.

Hey Google, Want To Fix Android Updates? Hit OEMs Where It Hurts

Slashdot -

Yesterday we talked about some of Nexus devices, including 2013's Nexus 5 not receiving an update, because it has been more than two years since the launch of the phone. But as you may know, this commitment to keeping the devices up to date is even worse when you look at what other Android OEMs are doing. ArsTechnica's Ron Amadeo has a solution: Google keeps missing the point when it comes to addressing Android's update situation. It keeps coming up with strategies to make updating "easier" for OEMs, but I don't think the problem is "ease of updating" -- it's creating any incentive for OEMs to update at all. Google seems to think that its partners will update phones because it's The Right Thing To Do by their customers and that handing out gold stars will send them scrambling to produce updates for their devices. I don't think that's ever going to happen. Google actually already tried the "shame" tactic and it didn't work. When Google-owned Motorola, Moto's update speed went through the roof. Motorola was achieving near-Nexus-like update speeds on many of its phones and was definitely putting other manufacturers to shame. But the increased update competition never really spurred other OEMs to start competing on update speeds. The bottom line is that Android partners only care about, well, the bottom line -- money. These companies already have your money, so updating a device that's already been sold is a needless expense. There's also a good argument to be made that updating a device hurts future sales. If your phone isn't updated, it will start to feel old, so you're more likely to buy a new phone sooner.

Read more of this story at Slashdot.

Next-gen Amazon Fire tablet may be coming soon (FCC leaks)

Liliputing -

It’s been nearly a year since Amazon introduced its first $50 Amazon Fire tablet. Now it looks like there may be a new model on the way.

As AFTV News notes, a new tablet showed up at the FCC website this week, and while the documentation doesn’t use the words “Amazon,” or “Fire,” the listing has all the hallmarks of an unannounced Amazon device… complete with the use of a shell company to make it a little harder for people to find.

Continue reading Next-gen Amazon Fire tablet may be coming soon (FCC leaks) at Liliputing.

Epic Games Forums Hacked, Again

Slashdot -

An anonymous reader writes: Epic Games, maker of popular games such as Unreal and Infinity Blade, announced today that its forums have been hacked. Now, if you don't reuse password that isn't a huge deal. But if you have used the same password on any service, perhaps even a variation of that password, you will want to ensure that you have changed password of all your accounts. In the meanwhile, here's Epic Games: "We believe a recent Unreal Engine and Unreal Tournament forum compromise revealed email addresses and other data entered into the forums, but no passwords in any form, neither salted, hashed, nor plaintext. While the data contained in the vBulletin account databases for these forums were leaked, the passwords for user accounts are stored elsewhere. These forums remain online and no passwords need to be reset", says Epic Games.ZDNet is reporting that thousands of passwords have been stolen.

Read more of this story at Slashdot.

Google Android 7.0 source and Nexus factory images released

Liliputing -

Google started rolling out Android 7.0 Nougat to folks with recent Nexus devices yesterday. Now the company has made factory images, OTA images, and binaries available for those devices.

The source code for Android 7.0 is also being uploaded.

In plain English, that means if you’ve got a supported device you can download and install the update without waiting for Google to push it out over the air, and if you’re a developer you can start examining (and modifying) the code for your own purposes.

Continue reading Google Android 7.0 source and Nexus factory images released at Liliputing.

Internaut Day Might Not Be the Web Anniversary You're Looking For

Slashdot -

David Meyer, reporting for Fortune: The web arguably went public before August 23, 1991. Social media users are enthusiastically celebrating "Internaut Day" on Tuesday. They're thanking Tim Berners-Lee, the creator of the World Wide Web, for first providing public access to it on this day in 1991, precisely a quarter of a century back. The only problem is that the supposed importance of Internaut Day doesn't seem to be supported by much evidence. Berners-Lee submitted his seminal proposal for a new information management system to CERN on March 12, 1989, a date which Berners-Lee celebrates as the birthday of the web. The building blocks were specified and written up by October 1990, and the first webpage went live in December that year. So when somebody celebrates the "Internaut Day" today, it really doesn't seem like the right occasion. The report adds: According to Wikipedia, that's when "new users could [first] access" the web -- and that's what a gazillion news stories on Tuesday are supposedly celebrating. But it doesn't square with what the Web Foundation and CERN say.

Read more of this story at Slashdot.

Pages

Subscribe to debianHELP aggregator - Geek Stuff