Tag: internet

Back from the Dead: Senate Democrats Urge FCC to Reinstate ‘Net Neutrality’

Twenty-seven Senate Democrats have written a letter urging the Federal Communications Commission (FCC) to reinstate Title II common carrier regulations on internet service providers, a regulatory move marketed to the public as “net neutrality,” little more than two weeks after the Biden White House appointed a new commissioner to the agency.

The FCC has had an extended 2-2 deadlock between Republican and Democrat commissioners until this month, due to the White House’s repeated failed attempts to confirm a partisan progressive, Gigi Sohn, to the agency. The administration eventually relented, withdrawing Sohn’s nomination and submitting a new candidate, Anna Gomez, who was confirmed by a Senate vote earlier this month.

Democrats in the Senate are now urging the FCC, with its new Democrat majority, to revive an old hobby-horse of the party: Title II regulations on internet service providers, a measure progressives call “net neutrality.” The letter’s signatories include Sens. Dianne Feinstein (D-CA), Ron Wyden (D-OR), Cory Brooker (D-NJ), Elizabeth Warren (D-MA), Amy Klobuchar (D-MN), and Mazie Hirono (D-HI) among others.

The regulations were in place for one year under President Obama, before being undone under President Trump early in his administration.

Keep reading

These Are The Most Prevalent Forms Of Cyber Crime

Owed in part to the pandemic-induced increased shift from offline to online, cyber attacks have become a lucrative avenue for criminals in recent years. 

As Florian Zandt reports, Statista experts estimate global losses of $7.1 trillion in 2022 compared to 2019’s $1.2 trillion, with crypto exchange and protocol hacks by prolific groups like the state-affiliated North Korean hacking team Lazarus dramatically increasing in the years 2021 and 2022 according to Chainalysis. While the number of hacks and the damage caused has been on a constant uptick, the types of cyber attacks have shifted dramatically in the past five years.

In 2017, roughly 42 percent of recorded cyber crimes were connected to non-payment or non-delivery.

This category includes purchases made via fraudulent online stores that never materialize and promised payments never arriving.

Personal data breaches and phishing scams constituted an additional 28 percent, while identity theft, credit card fraud and other cyber attacks had a relatively low share in all reported cyber crimes.

Five years later, phishing has become the most prevalent cyber attack. This past year, more than half of criminal online activity was connected to this long-running type of cyber crime.

Keep reading

UK Quietly Passes “Online Safety Bill” Into Law

Buried behind the Brand-related headlines yesterday, the British House of Lords voted to pass the controversial “Online Safety Bill” into law. All that’s needed now is Royal assent, which Charles will obviously provide.

The bill’s (very catchy) long-form title is…

A Bill to make provision for and in connection with the regulation by OFCOM of certain internet services; for and in connection with communications offences; and for connected purposes.

…and that’s essentially it, it hands the duty of “regulating” certain online content to the UK’s Office of Communications (OfCom).

Ofcom Chief Executive Dame Melanie Dawes could barely contain her excitement in a statement to the press:

“Today is a major milestone in the mission to create a safer life online for children and adults in the UK. Everyone at Ofcom feels privileged to be entrusted with this important role, and we’re ready to start implementing these new laws.”

As always with these things, the bill’s text is a challenging and rather dull read, deliberately obscure in its language and difficult to navigate.

Of some note is the “information offenses” clause, which empowers OfCom to demand “information” from users, companies and employees, and makes it a crime to withhold it. The nature of this “information” is never specified, nor does it appear to be qualified. Meaning it could be anythingand will most likely be used to get private account information about users from social media platforms.

In one of the more worrying clauses, the Bill outlines what they call “communications offenses”Section 10 details crimes of transmitting “Harmful, false and threatening communications”.

It should be noted that sending threats is already illegal in the UK, so the only new ground covered here is “harmful” and/or “false” information, and the fact they feel the need to differentiate between those two things should worry you.

After all, the truth can definitely be “harmful”…Especially to a power-hungry elite barely controlling an angry populace through dishonest propaganda.

Keep reading

NEW YORK TIMES DOESN’T WANT ITS STORIES ARCHIVED

THE NEW YORK TIMES tried to block a web crawler that was affiliated with the famous Internet Archive, a project whose easy-to-use comparisons of article versions has sometimes led to embarrassment for the newspaper.

In 2021, the New York Times added “ia_archiver” — a bot that, in the past, captured huge numbers of websites for the Internet Archive — to a list that instructs certain crawlers to stay out of its website.

Crawlers are programs that work as automated bots to trawl websites, collecting data and sending it back to a repository, a process known as scraping. Such bots power search engines and the Internet Archive’s Wayback Machine, a service that facilitates the archiving and viewing of historic versions of websites going back to 1996.

The Internet Archive’s Wayback Machine has long been used to compare webpages as they are updated over time, clearly delineating the differences between two iterations of any given page. Several years ago, the archive added a feature called “Changes” that lets users compare two archived versions of a website from different dates or times on a single display. The tool can be used to uncover changes in news stories that have been made without any accompanying editorial notes, so-called stealth edits.

Keep reading

The UK Government Knows How Extreme The Online Safety Bill Is

The U.K.’s Online Safety Bill (OSB) has passed a critical final stage in the House of Lords, and envisions a potentially vast scheme to surveil internet users.

The bill would empower the U.K. government, in certain situations, to demand that online platforms use government-approved software to search through all users’ photos, files, and messages, scanning for illegal content. Online services that don’t comply can be subject to extreme penalties, including criminal penalties.

Such a backdoor scanning system can and will be exploited by bad actors. It will also produce false positives, leading to false accusations of child abuse that will have to be resolved. That’s why the OSB is incompatible with end-to-end encryption—and human rights. EFF has strongly opposed this bill from the start.

Now, with the bill on the verge of becoming U.K. law, the U.K. government has sheepishly acknowledged that it may not be able to make use of some aspects of this law. During a final debate over the bill, a representative of the government said that orders to scan user files “can be issued only where technically feasible,” as determined by Ofcom, the U.K.’s telecom regulatory agency. He also said any such order must be compatible with U.K. and European human rights law.

That’s a notable step back, since previously the same representative, Lord Parkinson of Whitley Bay, said in a letter to the House of Lords that the technology that would magically make invasive scanning co-exist with end-to-end encryption already existed. “We have seen companies develop such solutions for platforms with end-to-end encryption before,” wrote Lord Parkinson in that letter.

Keep reading

U.K. Government Finally Admits It Can’t Scan for Child Porn Without Violating Everybody’s Privacy

The U.K. government finally acknowledges that a component of the Online Safety Bill that would force tech companies to scan data and messages for child porn images can’t be implemented without violating the privacy rights of all internet users and undermining the data encryption tools that keep our information safe.

And so the government is backing down—for now—on what’s been called the “spy clause.” Using the justification of fighting the spread of child sexual abuse material (CSAM), part of the Online Safety Bill would have required online platforms to create “backdoors” that the British government could use to scan messages between social media users. The law also would’ve allowed the government to punish platforms or sites that implement end-to-end encryption and prevent the government from accessing messages and data.

While British officials have insisted that this intrusive surveillance power would be used only to track down CSAM, tech and privacy experts have warned repeatedly that there’s no way to implement a surveillance system that could be used only for this particular purpose. Encryption backdoors allow criminals and oppressive governments to snoop on people for dangerous and predatory purposes. Firms like Signal and WhatsApp threatened to pull their services from the U.K. entirely if this bill component moved forward.

Keep reading

Direct Government Censorship Of The Internet Is Here

Censorship of the Internet has been getting worse for years, but we just crossed a threshold which is going to take things to a whole new level. 

On August 25th, a new law known as the “Digital Services Act” went into effect in the European Union.  Under this new law, European bureaucrats will be able to order big tech companies to censor any content that is considered to be “illegal”, “disinformation” or “hate speech”.  That includes content that is posted by users outside of the European Union, because someone that lives in the European Union might see it.  I wrote about this a few days ago, but I don’t think that people are really understanding the implications of this new law.  In the past, there have been times when governments have requested that big tech companies take down certain material, but now this new law will give government officials the power to force big tech companies to take down any content that they do not like. 

Any big tech companies that choose not to comply will be hit with extremely harsh penalties.

Of course mainstream news outlets such as the Washington Post are attempting to put a positive spin on this new law.  We are being told that it will “safeguard” us from “illegal content” and “disinformation”…

New rules meant to safeguard people from illegal content, targeted ads, unwanted algorithmic feeds and disinformation online are finally in force, thanks to new regulation in the European Union that took effect this month.

Doesn’t that sound wonderful?

Keep reading

Talking About Sex Online Shouldn’t Be Illegal

Kayden Kross, an adult film entrepreneur and a former business partner of mine, sent me a text message a few months ago. She was excited—she was seeing a community of straight dudes gather on Deeper, the power exchange and BDSM-themed website she owns, to discuss their sexual preferences, turn-ons, and other various tastes. And she was seeing this across other platforms too. This felt rare to her, and groundbreaking to me. 

When I asked Lucie Fielding, a mental health counselor in Washington state, how many spaces she was aware of for straight men to have these conversations, she said “Oh, not many—unless we’re talking incels—there’s got to be stuff on Reddit, but apart from that, these are such important forums. Because there’s such a societal pressure for men not to be talking with one another about these things.” But on platforms like Deeper, PornHub, and other online providers of adult videos, the comments section is just that sort of conversation.

Kross described the communities as having creeds of acceptance, giving examples such as “The ‘don’t yuck my yum’ thing. It’s agreed upon that so long as you are not saying something that is a political minefield, it is not OK to dog on someone else’s expression of what they’re there for. And when people do, even if it’s something where you can’t imagine anyone would be into that, you’ll see people rush to that person’s defense. There’s very much this understanding that in order for this to work, everyone has to agree not to add shame to the pile.”

And it isn’t just sexuality being shared. Someone might say, according to Kross, “‘My dog died today.’ And then someone else will chime in with, ‘Oh, I’m so sorry.’ And then the person will say, ‘I had no one,’ and ‘I’m alone.’ And then someone else would be like, ‘Well, I would have given you a hug if I was there.’ We all know, there’s this kind of idea of traditional masculinity, and the expectations are that men don’t really talk about their feelings. And the fact is, in the comment section, when you’re anonymous, you’re not subject any longer to expectations, right? That’s why we have trolls. But it’s also why you end up with these kinds of conversations that, you know—otherwise, who would you have them with?”

But these conversations, like so many others, are at risk of being censored out of existence. New state laws requiring verification of consumers’ ages threaten to wipe out small producers and scare off subscribers concerned about threats to their own reputations in the event of a data breach. Laws like SESTA/FOSTA have made promotion of adult entertainment—already an uphill battle—even more starkly difficult, reaching as far as those Reddit communities Fielding mentioned and causing many subreddits about sexuality to shutter. And payment processors and banks have been denying adult workers access to financial infrastructure for decades.

Why does freedom of speech and freedom from shame matter in this context? According to Fielding, “Shame tells us that we are bad. That our desires are bad, that our pleasure isn’t valid. And the relationship between shame and isolation is that when we feel that we are bad or that there’s something to be ashamed of, we withdraw because we don’t want to share that.… That leads to social withdrawal.… It means that folks are trying things in very risky ways, because they don’t have the community around them.” One example is choking—without proper safety and risk-informed consent, this risky activity can turn deadly with alarming ease.

Keep reading

Hackers Can Silently Grab Your IP Through Skype — Microsoft Is In No Rush to Fix It

Hackers are able to grab a target’s IP address, potentially revealing their general physical location, by simply sending a link over the Skype mobile app. The target does not need to click the link or otherwise interact with the hacker beyond opening the message, according to a security researcher who demonstrated the issue and successfully discovered my IP address by using it.

Yossi, the independent security researcher who uncovered the vulnerability, reported the issue to Microsoft earlier this month, according to Yossi and a cache of emails and bug reports he shared with 404 Media. In those emails Microsoft said the issue does not require immediate servicing, and gave no indication that it plans to fix the security hole. Only after 404 Media contacted Microsoft for comment did the company say it would patch the issue in an upcoming update.

The attack could pose a serious risk to activists, political dissidents, journalists, those targeted by cybercriminals, and many more people. At minimum, an IP address can show what area of a city someone is in. An IP address can be even more revealing in a less densely populated area, because there are fewer people who could be associated with it.

“I think just about anybody could be harmed by this,” Cooper Quintin, a security researcher and senior public interest technologist at activist organization the Electronic Frontier Foundation (EFF), said when I explained the issue to him. Quintin said the major concern was “finding people’s location for physical escalations, and finding people’s IP address for digital escalations.”

To verify that the vulnerability has the impact that Yossi described, I asked him to test it out on me. To start, Yossi sent me a link via Skype text chat to google.com. The link was to the real Google site, and not an imposter.

I then opened Skype on an iPad and viewed the chat message. I didn’t even click the link. But very soon after, Yossi pasted my IP address into the chat. It was correct.

Keep reading

How a Well-Regarded Mac App Became a Trojan Horse

In the early days of macOS Mojave in 2018, Apple hadn’t offered users a way to automatically switch to dark and light mode at different times of the day. As usual, there were third-party developers eager to pick up the slack. One of the more well-regarded night mode apps to fix this issue was NightOwl, first released in the middle of 2018, a small app with a simple utility that could run in the background during day-to-day use.

With more official macOS features added in 2021 that enabled the “Night Shift” dark mode, the NightOwl app was left forlorn and forgotten on many older Macs. Few of those supposed tens of thousands of users likely noticed when the app they ran in the background of their older Macs was bought by another company, nor when earlier this year that company silently updated the dark mode app so that it hijacked their machines in order to send their IP data through a server network of affected computers, AKA a botnet.

After some users noted issues with the app after a June update, web developer Taylor Robinson discovered the problem ran deep, as the program redirected users’ computers’ connections without any notification. The real dark mode turned out to be the transformation of a respectable Mac app into a playground for data harvesters.

In an email with Gizmodo, Robinson broke down their own investigation into the app. They found that NightOwl installs a launcher that turns the users’ computer into a kind of botnet agent for data that’s sold to third parties. The updated 0.4.5.4 version of NightOwl, released June 13, runs a local HTTP proxy without users’ direct knowledge or consent, they said. The only hint NightOwl gives to users that something’s afoot is a consent notice after they hit the download button, saying the app uses Google Analytics for anonymized tracking and bugs. The botnet settings cannot be disabled through the app, and in order to remove the modifications made to a Mac, users need to run several commands in the Mac Terminal app to excise the vestiges of the code from their system, per Robinson.

It’s currently unclear how many users were affected by the seemingly malicious code, especially as NightOwl has since become unavailable on both the website and app store. The NightOwl site claims the app was downloaded more than 141,000 times, and that there were more than 27,000 active users on the app. Even if the app lost most of its users after Apple installed new Dark Mode software, there were potentially thousands of users running NightOwl on their old Macs.

Keep reading