The Wikimedia Foundation believes strongly in protecting the privacy of its readers and editors. Recent leaks of the NSA’s XKeyscore program have prompted our community members to push for the use of HTTPS by default for the Wikimedia projects. Thankfully, this is already a project that was being considered for this year’s official roadmap and it has been on our unofficial roadmap since native HTTPS was enabled. Our current architecture cannot handle HTTPS by default, but we’ve been incrementally making changes to make it possible. Since we appear to be specifically targeted by XKeyscore, we’ll be speeding up these efforts . . .
Wikimedia to FastTrack HTTPS in Response to Surveillance Leaks
From Wikimedia:
Lavabit Shuts Down Email Service Rather Than Comply With Government
Lavabit is (or rather was) an email service that took its users' privacy seriously. And for that reason it appears the service has been forced to shut down. From owner Ladar Levison:
My Fellow Users,
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.
What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.
Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC
Defending the constitution is expensive! Help us by donating to the Lavabit Legal Defense Fund here.
Federal Judge Rules that Bitcoin Is Money
A federal judge has ruled that bitcoin is money. The suit before the court involves the case of Trendon Shavers, who is being prosecuted by the SEC for running what has been called a Bitcoin ponzi scheme. In response to the SEC action, Shavers argued before the court that the SEC had no jurisdiction in the case because bitcoin is not money. The court did not agree. From the ruling:
First, the Court must determine whether the BTCST investments constitute an investment of money. It is clear that Bitcoin can be used as money. It can be used to purchase goods or services, and as Shavers stated, used to pay for individual living expenses. The only limitation of Bitcoin is that it is limited to those places that accept it as currency. However, it can also be exchanged for conventional currencies, such as the U.S. dollar, Euro, Yen, and Yuan. Therefore, Bitcoin is a currency or form of money, and investors wishing to invest in BTCST provided an investment of money.Ironically, both Bitcoin enthusiasts and detractors see this ruling as a evidence in favor of their own positions. Enthusiasts state that rulings like this will make the crypto-currency more palatable to the economic mainstream, while its detractors state that this is one more nail in the Bitcoin coffin. Of course, only time will tell. But the ruling does not seem to have affected the price of Bitcoin, which is currently trading at just over $100 per BTC.
How To Access Someone's Stored Passwords on Google Chrome
If a trouble-making friend gained access to your browser, what could they access? Depending on your choice of browser and its security settings, the answer may be: everything. From The Guardian:
A serious flaw in the security of Google's Chrome browser lets anyone with access to a user's computer see all the passwords stored for email, social media and other sites, directly from the settings panel. No password is needed to view them.
Besides personal accounts, sensitive company login details would be compromised if someone who used Chrome left their computer unattended with the screen active.
Seeing the passwords is achieved simply by clicking on the Settings icon, choosing "Show advanced settings…" and then "Manage saved passwords" in the "Passwords and forms" section. A list of obscured passwords is then revealed for sites - but clicking beside them reveals the plain text of the password, which could be copied, or sent via a screenshot to an outside site.
Overcriminalization: Felony Streaming
Are you familiar with the term overcriminalization? From Overcriminalized, a project of the Heritage Foundation:
“Overcriminalization” describes the trend in America – and particularly in Congress – to use the criminal law to “solve” every problem, punish every mistake (instead of making proper use of civil penalties), and coerce Americans into conforming their behavior to satisfy social engineering objectives. Criminal law is supposed to be used to redress only that conduct which society thinks deserving of the greatest punishment and moral sanction.
But as a result of rampant overcriminalization, trivial conduct is now often punished as a crime. Many criminal laws make it possible for the government to convict a person even if he acted without criminal intent (i.e., mens rea). Sentences have skyrocketed, particularly at the federal level.The Washington Post provides us with a perfect example of this creeping trend in US society and government. The criminalization of online streaming. Have you ever watched a streaming video on a site that may not have had all the proper licenses? The federal government wants to make that a felony:
You probably remember the online outrage over the Stop Online Piracy Act (SOPA) copyright enforcement proposal. Last week, the Department of Commerce’s Internet Policy Task Force released a report on digital copyright policy that endorsed one piece of the controversial proposal: making the streaming of copyrighted works a felony.
As it stands now, streaming a copyrighted work over the Internet is considered a violation of the public performance right. The violation is only punishable as a misdemeanor, rather than the felony charges that accompany the reproduction and distribution of copyrighted material.
Fed Malware Takes Down Tor Host
From Wired:
Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.
The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal “drive-by” hack attack, but nobody’s calling in the FBI this time. The FBI is the prime suspect.
“It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsrklevich. “It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.”
If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007.
FBI "Harvests" Your Digital Information, Pressures ISP's to Install Surveillance Machines
New revelations of the breadth and scope of the federal government's digital spying and surveillance operations continue apace. No one is safe from their prying eyes. From CNET:
The U.S. government is quietly pressuring telecommunications providers to install eavesdropping technology deep inside companies' internal networks to facilitate surveillance efforts.
FBI officials have been sparring with carriers, a process that has on occasion included threats of contempt of court, in a bid to deploy government-provided software capable of intercepting and analyzing entire communications streams. The FBI's legal position during these discussions is that the software's real-time interception of metadata is authorized under the Patriot Act.
Attempts by the FBI to install what it internally refers to as "port reader" software, which have not been previously disclosed, were described to CNET in interviews over the last few weeks. One former government official said the software used to be known internally as the "harvesting program."
Subscribe to:
Posts (Atom)