Fewer Plug-ins = Fewer Crashes

From CNET:
To improve security and cut crashes, Firefox will block plug-ins including Microsoft Silverlight, Adobe Reader, Apple's QuickTime and Oracle's Java, Mozilla said.
Only the newest version of Adobe Systems' Flash Player will be run by default, said Michael Coates, Mozilla's director of security assurance, in a blog post yesterday.
Plug-ins extend a browser's ability to run software or handle different media and file formats, but that extra ability opens new avenues for attack. They've been a staple of Web development for years, but browser makers are working hard to reproduce their abilities directly with Web standards that don't require plug-ins.

Mozilla Awarded for Privacy Controls

From Mozilla:
Mozilla has been named the Most Trusted Internet Company for Privacy in 2012, according to a study performed by the Ponemon Institute.  Their findings were released today in celebration of an internationally recognized holiday that we at Mozilla look forward to as much as any bank holiday: Data Privacy Day. The study surveyed more than 100,000 consumers in the U.S., and after all the number crunching, Mozilla ranked highest in the Internet & Social Media industry. We also made it onto the top 20 list for all companies.

This is certainly quite a distinction and the product of a user-centric philosophy implemented by contributors to the Mozilla project over the past decade. Engineers, UX designers, security, engagement, IT and privacy folks have made thousands of small decisions over the years that have collectively created the user trust reflected by this survey. This recognition is not something we sought, as we don’t view privacy as an end unto itself, but it’s greatly appreciated given all the complexities and nuances associated with privacy and security today.

Petition Seeks to Decriminalize Unlocking Your Smartphone

From Forbes:
This past weekend, the Library of Congress officially put down the hammer on the practice of unlocking smartphones without a carrier's permission, but now the people are standing up for their right to violate their wireless contracts.

In case you missed it, a new rule handed down by the Librarian of Congress (the office in charge of setting the rules to execute the recently updated Digital Millenium Copyright Act) went into effect on Saturday. It makes it illegal to unlock a a smartphone purchased after January 26 without permission from the carrier that locked it.

Naturally, plenty of folks on the Internet are none too happy with the government telling them what they can do with their devices. A petition on the White House "We the People" site asks "the Librarian of Congress to rescind this decision, and failing that, (the administration should) champion a bill that makes unlocking permanently legal."

Privacy is for Government not for the People

It appears to now be the conventional wisdom in the political class and in the criminal justice system, than privacy exists solely to protect the interests of the government.  From Tech Dirt:
You may recall that in its quixotic attempt to go after Wikileaks, the US government has been snooping through the private communications of a bunch of folks they're trying to connect to the organization, including Icelandic politician Birgitta Jonsdottir and Jacob Appelbaum, who gets detained and harassed every time he re-enters the country. All of this came to light only because Twitter actually stood up to the US government and refused to just hand over info that was requested using the obscure 2703(d) process. Twitter also got the court to allow it to reveal the existence of the order (something that every other company which has received one has kept secret). A court eventually ruled that Twitter had to hand over the requested info.

Following this, Jonsdottir, Appelbaum and one other person, Rop Gonggrijp, (represented by the ACLU and the EFF), chose not to challenge that ruling, but did appeal concerning the secrecy around the order -- asking the court to have the specific 2703(d) order unsealed -- arguing that they have the right to access judicial documents about themselves. However, last week, an appeals court rejected that appeal, and basically said that the feds can sniff through your digital data without your knowledge, and, well, too bad if you don't like it.

German Court Rules Internet Is "Essential"

From Reuters:
A German court ruled on Thursday that people have the right to claim compensation from service providers if their Internet access is disrupted, because the Internet is an "essential" part of life . . .

Google Demands Warrants from Law Enforcement for User Info

From Wired:
Google demands probable-cause, court-issued warrants to divulge the contents of Gmail and other cloud-stored documents to authorities in the United States — a startling revelation Wednesday that runs counter to federal law that does not always demand warrants.
The development surfaced as Google publicly announced that more than two-thirds of the user data Google forwards to government agencies across the United States is handed over without a probable-cause warrant.
A Google spokesman told Wired that the media giant demands that government agencies — from the locals to the feds — get a probable-cause warrant for content on its e-mail, Google Drive cloud storage and other platforms — despite the Electronic Communications Privacy Act allowing the government to access such customer data without a warrant if it’s stored on Google’s servers for more than 180 days.

The War on the Fourth Amendment Cont'd

The ongoing war on the Fourth Amendment to the US Constitution continues apace, led by law "enfarcement" agencies and the Republican and Democratic parties From The Hill:
Google said on Wednesday that 68 percent of the U.S. government's requests for users' information were without a warrant. The company said that just 22 percent of the requests were through a search warrant, and 10 percent relied on court orders or other processes. From July to December 2012, Google received 21,389 government requests for information about 33,634 users. The company said data requests have increased 70 percent since 2009.

Twitter: Beware the App Bug

From The Daily Dot:
Direct messages are supposed to be private, but thanks to a Twitter bug, some apps can bust open your account and start accessing them anyway.  Cesar Cerrudo, a security researcher, discovered a bug that allowed third-party applications to access his DMs. Unfortunately, he didn't give the name of the app and blacked out a screenshot proving his privacy was violated.  Cerrudo, chief technical officer for IOActive, wrote that he is usually reluctant to sign in to applications using his Twitter or Facebook accounts due to "security implications," but needed to in order to test the software . . .

New Mega Site Launch Hits 1 Million Users on Day One

From The Next Web:
Mega, the new file sharing service from Kim Dotcom, has passed 1 million users, according to Kim Dotcom who spoke at the launch of the service at his mansion in New Zealand today.
We’re here on the ground , where the larger than life internet mogul is set to launch his latest venture officially. Mega is now open to the public, but Dotcom doesn’t do anything without some style so we’re here to see what he’s got up his sleeves.

Facebook Graph and the Problem of Discoverability

From EFF:
Facebook's Graph Search presents the problem of discoverability. One can have a good balance of privacy and openness if information is available, but not easily discoverable. You might not mind if people specifically interested in you look at your Likes, but you may not want to have a market researcher pull the list and add it to an ad targeting profile. You might be okay if a new person you met at a conference looks you up on Facebook, but you may not want a creepy guy searching through Facebook's loose networks to find someone to stalk. All of a sudden, what people once thought was shared only to their Facebook audience—whether friends, friends of friends, or member of the public with a specific reason to look you up—is now readily available via Graph Search. This feature has rolled everyone, by default, into a dating service ("Single females in San Francisco who like Radiohead") and a marketing database ("People under 25 who like Coca-Cola").

The Coming End of the Password?

From Wired:
Want an easier way to log into your Gmail account? How about a quick tap on your computer with the ring on your finger?

This may be closer than you think. Google’s security team outlines this sort of ring-finger authentication in a new research paper, set to be published late this month in the engineering journal IEEE Security & Privacy Magazine. In it, Google Vice President of Security Eric Grosse and Engineer Mayank Upadhyay outline all sorts of ways they think people could wind up logging into websites in the future — and it’s about time. . . .

Thus, they’re experimenting with new ways to replace the password, including a tiny Yubico cryptographic card that — when slid into a USB (Universal Serial Bus) reader — can automatically log a web surfer into Google. They’ve had to modify Google’s web browser to work with these cards, but there’s no software download and once the browser support is there, they’re easy to use. You log into the website, plug in the USB stick and then register it with a single mouse click.

They see a future where you authenticate one device — your smartphone or something like a Yubico key — and then use that almost like a car key, to fire up your web mail and online accounts. 

In the future, they’d like things to get even easier, perhaps connecting to the computer via wireless technology.

Overcriminalization and the Criminal Congress

How many crimes do you commit every day?  It is probably way more than you imagine.  From Overcriminalized:
“Overcriminalization” describes the trend in America – and particularly in Congress – to use the criminal law to “solve” every problem, punish every mistake (instead of making proper use of civil penalties), and coerce Americans into conforming their behavior to satisfy social engineering objectives. Criminal law is supposed to be used to redress only that conduct which society thinks deserving of the greatest punishment and moral sanction.

But as a result of rampant overcriminalization, trivial conduct is now often punished as a crime.  Many criminal laws make it possible for the government to convict a person even if he acted without criminal intent (i.e., mens rea). Sentences have skyrocketed, particularly at the federal level.
Sound far fetched?  Consider the case of the Computer Fraud and Abuse Act.  From Tech News Daily:
The CFAA is a 1986 law, section 1030 of the federal criminal code, which makes any unauthorized access into a protected network or computer a federal crime and permits harsh penalties for those convicted.

But 1986 was a long time ago. Today, any Web server can be defined as a protected computer, and almost anything can be defined as unauthorized access.  Use your roommate's Netflix account to watch movies on your iPad? You're violating the CFAA.  Trim the URLs of articles on the New York Times website so you can read them for free? You're breaking federal law.  Check your Facebook page at work, even if your employer forbids it? Better call your lawyer. . . . 
To Robert Graham, chief executive officer of Errata Security in Atlanta, the CFAA is "hopelessly out of date, and can be used to prosecute anybody for almost anything."
"The issue is 'authorization,'" Graham said. "Back in 1986, everyone had to be explicitly authorized to use a computer with an assigned username and password.

"But today, with the Web, we access computers with reckless abandon without knowing whether we are authorized or not," he added. "When you click on a URL, you are technically in violation of the law as it was designed."
Of course, these laws only apply to the people and are rarely if ever used to prosecute ruling elites.  The US Congress, for instance, is a hot bed of cyber criminality.  From the Guardian:
Employees of the US Congress were found to be downloading a host of television shows and movies illegally on congressional computers, according to a report by anti-piracy service ScanEye.

The report shared by US News and World Reports showed that since early October, congressional employees have downloaded movies and television shows including The Walking Dead, The Dark Knight Rises and 30 Rock.

The report demonstrates that even though Congress has found itself at the forefront of measures to stop piracy, including the much-maligned Stop Online Piracy Act (Sopa), its staff do not always follow the legislators' lead. . . .

The blog TorrentFreak has found that IP addresses associated with the biggest players in the anti-piracy legislative campaign are used for illegal downloading. People at Hollywood studios, major record labels and the US department of homeland security have downloaded music, film and television on their employers' networks.

As TorrentFreak noted in a 2011 blogpost, Congress was illegally downloading television shows and self-help books around the same time some members were drafting Sopa.
It is time to put these criminals in prison and throw away the key.

You Are Being Monetized

From Forbes:
With Tuesday’s announcement of Graph Search, Facebook has confirmed what we’ve known all along: we users aren’t there to enjoy content as much as we are the content. That means we’re the products it intends to monetize. . . .

We are the product on Facebook, and the platform’s very premise depends on our willingness to share our lives openly (there’s lots of theology on why we should reveal everything about ourselves online, though it’s usually written by people who do no such thing). Graph Search will eventually provide more pages for advertising, perhaps ever-better keyed to whatever it is we’re searching for. Maybe brands will be given a way to crap out the results with sponsored links, so it could get even worse than all those recommendations you get now from friends who made the mistake of clicking on something. I’d bet on ads running down the sides of every page, too. . . .

Speech Recognition Coming to Web Apps

From Tech Crunch:
Google just launched the latest beta version of its Chrome browser (version 25) for the desktop and Android and this one is chock-full of new tools for developers. The most important update – and the one that Google chose to highlight – is the inclusion of the Web Speech API in Chrome. This, says Google, will allow developers to integrate speech recognition into their web apps so that “in the near future you’ll be able to talk apps into doing all sorts of things.”

Illegal Surveillance on the Basis of Secret Laws Should be Repugnant to a Free People

President John F. Kennedy famously stated, "The very word 'secrecy' is repugnant in a free and open society; and we are as a people inherently and historically opposed to secret societies, to secret oaths, and to secret proceedings."  Unfortunately, today, this is no longer the case among our elected representatives in the legislative and executive branches of government, who wield secrecy like a weapon in their ongoing war against the constitutional rights and liberties of the people.  From the EFF:
As 2012 came to a close, Congress reauthorized the FISA Amendments Act (FAA) for another 5 years. Yes, the same FAA under which the government cohttp://www.google.com/nducted unconstitutional surveillance; the same FAA for which the government refuses to estimate the number of Americans who have been spied on; and yes, the same FAA that has been interpreted in substantial ways within secret court opinions. . . . 

Senators have repeatedly complained that provisions of FISA have been secretly interpreted in ways that differ markedly from the language of the statute. These interpretations, according to the Senators, are contained in opinions issued by the FISC.
But perplexingly, both the executive branch and other members of the Senate have taken the position that, despite the secrecy of the FISC opinions, those opinions do not constitute “the law” or “secret law.” . . .  
But this much is clear: when a court issues an opinion containing a significant interpretation of a public statute, that court’s opinion is the law. When the court’s opinion is withheld from the public, that opinion is a “secret,” even if the statute the opinion interprets is already publicly available. Because a court’s opinion constitutes the “law,” refusing to disclose those opinions to the public results in “secret law.”
The basis for the government’s secrecy claim is irrelevant: the law is still “secret” whether the opinion is classified, protected by the attorney-client privilege, or kept secret for any other of the host of legal privileges available to the government.
The only relevant issue is whether the law is publicly disclosed. And EFF joins with Senators Merkley, Wyden, Udall, Paul, and the other 33 Senators that voted to support this simple principle: when the government interprets federal surveillance law in a way that fundamentally affects citizens rights, that interpretation must be disclosed.

Governments "Threatened by Freedom and Openness of Expression" on Internet

From an interview with Vint Cerf in the Financial Post:
VC: The Internet is threatened by governments that want to control content and use of the network. All of us have gotten accustomed to freedom of expression and freedom of access to content on the net, but we have also gotten accustomed to something called permissionless innovation, which is a phrase I use to explain why it’s so important to keep the network relatively open and freely accessible. It’s so that anyone who wants to try a new application out can just do so.

We all have to appreciate that there are harms that occur on the net, no one who tells you otherwise should be believed, there’s viruses, worms, trojan horses and other kinds of technical attacks on the net turning your machine into a member of a botnet that generates spam or generates denial of service attacks or directly goes after content on your machine, there’s key loggers that go looking for passwords and account numbers. Those are bad.

The problem is that sometimes the proposed cure is worse than the disease, and in some cases it is to shut down the Internet or block websites or to interfere with our ability to make use of the system, and these harms and their remedies are used as an excuse to prevent political speech, to prevent people from sharing information from knowing what is going on, it’s to obscure transparent visibility of what the government is doing. Governments that are authoritarian are feeling threatened by the freedom and openness of expression and discovery of information on the Internet so they will use any excuse they can find to shut that network down. That’s what you’re seeing right now.

Petition: DDoS Should Be Recognized as Valid Form of Protest

From Slashdot:
Anonymous has filed a petition with the U.S. Government asking the Obama administration to make Distributed Denial of Service (DDoS) attacks a legal form of protest. Anonymous has argued that because of advancements in internet technology, there is a need for new ways of protest. The hacking collective doesn't consider DDoS as a form of attack and equates it to hitting the 'refresh' button on a webpage. Comparing these attacks to the 'occupy' protests, Anonymous notes that instead of people occupying an area, it is their computers occupying a website for a particular period of time.

The FBI Demands Back Door Internet Surveillance

The Republican-Democrat war on the fourth amendment continues apace.  From CNET:
The FBI is renewing its request for new Internet surveillance laws, saying technological advances hinder surveillance and warning that companies should be required to build in back doors for police. 
"We must ensure that our ability to obtain communications pursuant to court order is not eroded," FBI director Robert Mueller told a U.S. Senate committee this week. Currently, he said, many communications providers "are not required to build or maintain intercept capabilities." 
Mueller's prepared remarks reignite a long-simmering debate pitting the values of privacy, limited government, and freedom to innovate against law enforcement requests that often find a receptive audience on Capitol Hill. Two days ago, for instance, senators delayed voting on a privacy bill that would require search warrants for e-mail after sheriffs and district attorneys objected.  
In May, CNET disclosed that the FBI is asking Internet companies not to oppose a proposed law that would require firms, including Microsoft, Facebook, Yahoo, and Google, to build in back doors for government surveillance. The bureau's draft proposal would require that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly.

New Law Prepares Way for Massive Surveillance Program in Europe and Around the World

From Slate:
Europeans, take note: The U.S. government has granted itself authority to secretly snoop on you.
That’s according to a new report produced for the European Parliament, which has warned that a U.S. spy law renewed late last year authorizes “purely political surveillance on foreigners' data” if it is stored using U.S. cloud services like those provided by Google, Microsoft and Facebook. 
Europeans were previously alarmed by the fact that the PATRIOT Act could be used to obtain data on citizens outside the United States. But this time the focus is a different law—the Foreign Intelligence and Surveillance Amendments Act—which poses a “much graver risk to EU data sovereignty than other laws hitherto considered by EU policy-makers,” according to the recently published report, Fighting Cyber Crime and Protecting Privacy in the Cloud, produced by the Centre for the Study of Conflicts, Liberty and Security. 
The FISA Amendments Act was introduced in 2008, retroactively legalizing a controversial “warrantless wiretapping” program initiated following 9/11 by the Bush administration. Late last month, it was renewed through 2017. During that process, there was heated debate over how it may violate Americans’ privacy. But citizens in foreign jurisdictions have even greater cause for concern, says the report’s co-author, Caspar Bowden, who was formerly chief privacy adviser to Microsoft Europe. 
According to Bowden, the 2008 FISA amendment created a power of “mass surveillance” specifically targeted at the data of non-U.S. persons located outside America, which applies to cloud computing . . .

Google Rolls Out Free Wi-Fi in NYC

From Business Week:
Google Inc., the world’s biggest Internet-search company, plans to offer free wireless Internet access in parts of New York’s Chelsea neighborhood, creating the largest public outdoor network in the city. 
The Wi-Fi network, which doesn’t require a password, is available today, Google said in a statement. U.S. Senator Charles Schumer, Mayor Michael Bloomberg and other officials attended an event to announce the service in Chelsea, where Google has offices. . . .  
The new network is part of an effort to cultivate Silicon Alley, a concentration of startups in Manhattan. Wi-Fi will be available to thousands of New Yorkers between Gansevoort Street and 19th Street from 8th Avenue to the West Side Highway, according to a statement.

Faceless on Facebook

From Tech Crunch:
A Northern German state’s data protection commissioner has threatened to fine Mark Zuckerberg $26,000 for Facebook allegedly violating the country’s law stating citizens may use media services anonymously. Facebook plans to “fight [the threat] vigorously”. That’s wise, as altering its real-name policy could jeopardize Facebook’s future. Prohibiting pseudonyms lets Facebook remove spammers and serve as an identity provider for the web.

The Guardian reports that Thilo Weichert, the data protection commissioner of northern German state Schleswig-Holstein has informed Facebook Ireland and Zuckerberg that the CEO may be fined €20,000 for breaking German privacy law unless Facebook provides an option for Germans to use the service anonymously.

Secret Laws, Secret Courts and Illegal Wiretapping

From Techdirt:
The folks over at the CATO Institute have put together a short five minute video onthe rush by the federal government to renew the FISA Amendments Act, with no changes, which effectively has sanctioned warrantless wiretapping on millions of Americans. Even though the plain language of the bill suggests it only should be used on foreigners, it's become clear that thanks to weasel language in the bill, and a "secret" interpretation by a secret court, the definition of "targeting" foreigners has been interpreted to mean any communication that might possibly somehow shed light on some sort of illegal activity that might possibly maybe involve foreigners sometimes in some manner. As such, it seems likely that the NSA, in particular, has used this bill and its secret interpretation to sweep up huge databases of information about Americans, even as most people (including many in Congress) believe the bill only is used to spy on foreigners.

Programmers Beware: Any Code You Write May Be Used Against You in a Court of Law

From Wired:
In a criminal case sure to make programmers nervous, a software maker who licenses a program used by online casinos and bookmakers overseas is being charged with promoting gambling in New York because authorities say his software was used by others for illegal betting in that state. 
New York authorities say that about $2.3 million that Robert Stuart and his company, Extension Software, received in cash and money orders for licensing his software constitutes direct proceeds of illegal, U.S.-based bookmaking operations. . . .

“It’s overreaching where they’re going after a software developer who sells the software with a legal license, and yet we’re still being prosecuted on how it’s being used,” Stuart says. He notes that authorities have not told him yet who exactly he’s accused of aiding and abetting.
It appears the government is prosecuting Stuart because he refused to be blackmailed by New York State authorities:
Stuart asserts that New York authorities only came after him because they wanted to use him as a conduit to uncover illegal gambling operations in that state. He says the New York district attorney’s office tried to strong-arm him into a plea agreement that would have had him hacking into the systems of his software clients in order to obtain the usernames and passwords of gamblers and their bookmakers to help authorities gather evidence of illegal gambling. 
Although Stuart initially agreed to the terms of the plea, he later recanted because he said he was uncomfortable being used as a pawn to secretly collect information on his customers. He claims authorities are charging him now in retaliation for refusing to cooperate with them.

Typical: FAA Can't Explain Its Tech Rules and Regulations

From the New York Times:
Federal Aviation Administration [continues] to uphold a rule that is based on the unproven idea that a phone or tablet can interfere with the operation of a plane.  
These conflicts have been going on for several years. In 2010, a 68-year-old man punched a teenager because he didn’t turn off his phone. Lt. Kent Lipple of the Boise Police Department in Idaho, who arrested the puncher, said the man “felt he was protecting the entire plane and its occupants.” . . .  
Dealing with the F.A.A. on this topic is like arguing with a stubborn teenager. The agency has no proof that electronic devices can harm a plane’s avionics, but it still perpetuates such claims, spreading irrational fear among millions of fliers.