lod123 shares a report from Threatpost: As Georgia Governor Nathan Deal considers whether to sign a controversial piece of legislation that would allow companies to 'hack back' with offensive initiatives in the face of a cyberattack, companies from across the tech spectrum are lining up to protest the measure. Also, a hacktivist group has targeted Georgia Southern University, two restaurants and a church to protest the bill. Opponents have twin beefs when it comes to Senate Bill 315: Some are questioning whether legitimizing offensive attacks will open the door to a new kind of corporate warfare; and others are concerned that the law will have a chilling effect on cyber-research by criminalizing white-hat activity like vulnerability research and pen-testing.

Google and Microsoft are in the former camp, and have asked Deal to veto the bill, which was passed by the Georgia General Assembly in March and which is nearing its deadline for signing into law. The two giants take issue with a provision in the bill that allows "active defense measures that are designed to prevent or detect unauthorized computer access." In a letter to the governor, the two argued that S.B. 315 "will make Georgia a laboratory for offensive cybersecurity practices that may have unintended consequences and that have not been authorized in other jurisdictions," and that "provisions such as this could easily lead to abuse and be deployed for anti-competitive, not protective purposes." They added: "On its face, this provision broadly authorizes the hacking of other networks and systems under the undefined guise of cybersecurity... [B]efore Georgia endorses the 'hack back' authority in 'defense' or even anticipation of a potential attack with no statutory criteria, it should have a much more thorough understanding of the ramifications of such a policy." Tripwire also filed a letter with the governor's office: "[A]ccording to the wording of S.B. 315, well-intentioned ('white-hat') researchers could be subject to civil or criminal prosecution when following industry best practices in investigating a website for protection from a potential cyber-attack. It is our firm belief that an explicit exception is required to exclude prosecution when the party in question is acting in good-faith to protect a business or their customers from attack. Without this exclusion, S.B. 315 will discourage good actors from reporting vulnerabilities and ultimately increase the likelihood that adversaries will find and exploit the underlying weaknesses."

Remember that popular browser extension that let you sync your bookmarks on multiple devices? Launched in 2006 by Foxmarks (a company created by EFF co-founder Mitch Kapor), it was saved from death in 2010 when it was acquired by the password-management service LastPass. But now BetaNews reports: If you're a user of Xmarks, there's some bad news for you -- the service is closing down... The bookmark syncing tool, which is available as an addon for Chrome, Firefox, Internet Explorer and Safari, is to be shuttered on May 1... Emails have also been sent out to registered users notifying them of the impending closure.

"On May 1, 2018, we will be shutting down Xmarks... After this date, your bookmarks should remain available in any previously accessed browser, but they will no longer sync and your Xmarks account will be deactivated... After careful consideration and evaluation, we have decided to discontinue the Xmarks solution so that we can continue to focus on offering the best possible password vaulting to our community."
It was apparently especially popular with long-time Slashdot reader vm, who writes "I have held on to my Xmarks account over the years because I can always get to them despite changes in operating systems, browsers, employers, etc.

"What do other folks use that may also have a mobile option?"

An anonymous reader quotes a report from the Electronic Frontier Foundation: Facebook took a step toward greater accountability this week, expanding the text of its community standards and announcing the rollout of a new system of appeals. Digital rights advocates have been pushing the company to be more transparent for nearly a decade, and many welcomed the announcements as a positive move for the social media giant. The changes are certainly a step in the right direction. Over the past year, following a series of controversial decisions about user expression, the company has begun to offer more transparency around its content policies and moderation practices, such as the "Hard Questions" series of blog posts offering insight into how the company makes decisions about different types of speech.

The expanded community standards released on Tuesday offer a much greater level of detail of what's verboten and why. Broken down into six overarching categories -- violence and criminal behavior, safety, objectionable content, integrity and authenticity, respecting intellectual property, and content-related requests -- each section comes with a "policy rationale" and bulleted lists of "do not post" items. Facebook's other announcement -- that of expanded appeals -- has received less media attention, but for many users, it's a vital development. In the platform's early days, content moderation decisions were final and could not be appealed. Then, in 2011, Facebook instituted a process through which users whose accounts had been suspended could apply to regain access. That process remained in place until this week.

The new version of Firefox 11.0 for iOS turns on tracking protection by default, lets you reorder your tabs, and adds a handful of iPad-specific features. The latest version is currently available via Apple's App Store. VentureBeat details the new features: Tracking protection means Firefox blocks website elements (ads, analytics trackers, and social share buttons) that could track you while you're surfing the web. It's almost like a built-in ad blocker, though it's really closer to browser add-ons like Ghostery and Privacy Badger because ads that don't track you are allowed through. The feature's blocking list, which is based on the tracking protection rules laid out by the anti-tracking startup Disconnect, is published under the General Public License and available on GitHub. The feature is great for privacy, but it also improves performance. Content loads faster for many websites, which translates into less data usage and better battery life. If tracking protection doesn't work well on a given site, just turn it off there and Firefox for iOS should remember your preference.

Tracking protection aside, iOS users can now reorder their tabs. Organizing your tabs is very straightforward: Long-press the specific tab and drag it either left or right. iPad users have gained two new features, as well. You can now share URLs by just dragging and dropping links to and from Firefox with any other iOS app. If you're in side-by-side view, just drag the link or tab into the other app. Otherwise, bring up the doc or app switcher, drag the link into the other app until it pulses, release the link, and the other app will open the link. Lastly, iPad users have gained a few more keyboard shorts, including the standard navigation keys from the desktop. There's also cursor navigation through the bookmarks and history results, an escape key in the URL bar, and easier tab tray navigation (try using the keyboard shortcut Command + Option + Tab to get to and from the tabs view).

President Donald Trump has signed a new law aimed at curbing sex trafficking. From a report: The bill -- a mashup of the Fight Online Sex Trafficking Act (FOSTA) and the Stop Enabling Sex Traffickers Act (SESTA), which is commonly referred to as the latter -- passed Congress in March. It makes websites liable for what users say and do on their platforms, and many advocacy groups have come out against the bill, saying that it undermines essential internet freedoms.

It could be months -- or as late as January 2019 -- before FOSTA is enacted and anyone could be charged under the law. But even in the days immediately after the bill passed in Congress, platforms started scrambling to proactively shut down forums or whole sites where sex trafficking could feasibly happen. Fringe dating websites, sex trade and advertising forums, and even portions of Craigslist were taken down in the weeks following, while companies like Google started strictly enforcing terms of service around sexual speech. Commenting on the development, EFF said, "As we've already seen, this bill silences online speech by forcing Internet platforms to censor their users."

The Electronic Frontier Foundation's Peter Eckersley writes: Yesterday, The New York Times reported that there is widespread unrest amongst Google's employees about the company's work on a U.S. military project called "Project Maven." Google has claimed that its work on Maven is for "non-offensive uses only," but it seems that the company is building computer vision systems to flag objects and people seen by military drones for human review. This may in some cases lead to subsequent targeting by missile strikes. EFF has been mulling the ethical implications of such contracts, and we have some advice for Google and other tech companies that are considering building military AI systems.
The EFF lists several "starting points" any company, or any worker, considering whether to work with the military on a project with potentially dangerous or risk AI applications should be asking:

1. Is it possible to create strong and binding international institutions or agreements that define acceptable military uses and limitations in the use of AI? While this is not an easy task, the current lack of such structures is troubling. There are serious and potentially destabilizing impacts from deploying AI in any military setting not clearly governed by settled rules of war. The use of AI in potential target identification processes is one clear category of uses that must be governed by law.
2.Is there a robust process for studying and mitigating the safety and geopolitical stability problems that could result from the deployment of military AI? Does this process apply before work commences, along the development pathway and after deployment? Could it incorporate the sufficient expertise to address subtle and complex technical problems? And would those leading the process have sufficient independence and authority to ensure that it can check companies' and military agencies' decisions?
3.Are the contracting agencies willing to commit to not using AI for autonomous offensive weapons? Or to ensuring that any defensive autonomous systems are carefully engineered to avoid risks of accidental harm or conflict escalation? Are present testing and formal verification methods adequate for that task?
4.Can there be transparent, accountable oversight from an independently constituted ethics board or similar entity with both the power to veto aspects of the program and the power to bring public transparency to issues where necessary or appropriate? For example, while Alphabet's AI-focused subsidiary DeepMind has committed to independent ethics review, we are not aware of similar commitments from Google itself. Given this letter, we are concerned that the internal transparency, review, and discussion of Project Maven inside Google was inadequate. Any project review process must be transparent, informed, and independent. While it remains difficult to ensure that that is the case, without such independent oversight, a project runs real risk of harm.

An anonymous reader writes: The EFF is announcing "a celebration of the life and leadership of the recently departed founder of EFF, John Perry Barlow," to be held next Saturday at the Internet Archive in San Francisco from 2:00 to 6:00. The event will also be streamed live on the Internet Archive's YouTube channel.

Confirmed speakers include Edward Snowden, Cory Doctorow, EFF co-founders John Gilmore and Mitch Kapor, and Shari Steele, the executive director of the Tor Project (and a former EFF executive director).

An anonymous reader quotes a report from Ars Technica: In the wake of this week's passage of the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA) bill in both houses of Congress on Wednesday, Craigslist has removed its "Personals" section entirely, and Reddit has removed some related subreddits, likely out of fear of future lawsuits. FOSTA, which awaits the signature of President Donald Trump before becoming law, removes some portions of Section 230 of the Communications Decency Act. The landmark 1996 law shields website operators that host third-party content (such as commenters, for example) from civil liability. The new bill is aimed squarely at Backpage, a notorious website that continues to allow prostitution advertisements and has been under federal scrutiny for years. In a bizarre turn of events, the Department of Justice also warned the House in February 2018 that the bill "raises a serious constitutional concern," as it would apply retroactively -- a seeming violation of the Constitution's ex post facto clause. Congress passed it anyway. The Electronic Frontier Foundation wrote in a blog post: "It's easy to see the impact that this ramp-up in liability will have on online speech: facing the risk of ruinous litigation, online platforms will have little choice but to become much more restrictive in what sorts of discussion -- and what sorts of users -- they allow, censoring innocent people in the process."

The Senate today gave final approval to a bill aimed at cracking down on online sex trafficking, sending the measure to the White House where President Trump is expected to sign it into law. From a report: The legislation, called the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA), but also referred to as SESTA, would cut into the broad protections websites have from legal liability for content posted by their users. Those protections are codified in Section 230 of the Communications Decency Act from 1996, a law that many internet companies see as vital to protecting their platforms and that SESTA would amend to create an exception for sex trafficking.

Sen. Ron Wyden (D-Ore.), the most outspoken critic of SESTA and one of the authors of the 1996 law, said that making exceptions to Section 230 will lead to small internet companies having to face an onslaught of frivolous lawsuits. EFF expressed its disappointment, saying, "Today is a dark day for the Internet. Congress just passed the Internet censorship bill SESTA/FOSTA. SESTA/FOSTA will silence online speech by forcing Internet platforms to censor their users. As lobbyists and members of Congress applaud themselves for enacting a law ostensibly tackling the problem of trafficking, let's be clear: Congress just made trafficking victims less safe, not more. Sex trafficking experts have tried again and again to explain to Congress how SESTA/FOSTA will put trafficking victims in danger. Sex workers have spoken out too, explaining how online platforms have literally saved their lives. Why didn't Congress consult with the people their bill would most directly affect? [...] When platforms choose to err on the side of censorship, marginalized voices are censored disproportionately. SESTA/FOSTA will make the Internet a less inclusive place, something that hurts all of us. This might just be the beginning. Some of these groups behind SESTA / FOSTA seem to see the bill as a mere stepping stone to banning pornography from the Internet."

An anonymous reader quotes the public records reporter from North Carolina TV station WRAL: In at least four investigations last year -- cases of murder, sexual battery and even possible arson at the massive downtown fire in March 2017 -- Raleigh police used search warrants to demand Google accounts not of specific suspects, but from any mobile devices that veered too close to the scene of a crime, according to a WRAL News review of court records... The demands Raleigh police issued for Google data [in two homicide cases] described a 17-acre area that included both homes and businesses... The account IDs aren't limited to electronics running Android. The warrant includes any device running location-enabled Google apps, according to Raleigh Police Department spokeswoman Laura Hourigan...

On March 16, 2017, a five-alarm fire ripped through the unfinished Metropolitan apartment building on West Jones Street... About two months later, Raleigh police obtained a search warrant for Google account IDs that showed up near the block of the Metropolitan between 7:30 and 10 p.m. the night of the fire... In addition to anonymized numerical identifiers, the warrant calls on Google to release time stamped location coordinates for every device that passed through the area. Detectives wrote that they'd narrow down that list and send it back to the company, demanding "contextual data points with points of travel outside of the geographical area" during an expanded timeframe. Another review would further cull the list, which police would use to request user names, birth dates and other identifying information of the phones' owners.
"Do people understand that in sharing that information with Google, they're also potentially sharing it with law enforcement?" asks a former Durham prosecutor who directs the North Carolina Open Government Coalition at Elon University. And Stephanie Lacambra, criminal defense staff attorney at the Electronic Frontier Foundation, also criticized the procedure. "To just say, 'Criminals commit crimes, and we know that most people have cell phones,' that should not be enough to get the geo-location on anyone that happened to be in the vicinity of a particular incident during a particular time." She believes that without probable cause the police department is "trying to use technology as a hack for their job... It does not have to be that we have to give up our privacy rights in order to participate in the digital revolution."

Nathan Freed Wessler, staff attorney with the ACLU's Speech, Privacy and Technology Project, put it succinctly. "At the end of the day, this tactic unavoidably risks getting information about totally innocent people."

A new copyright proposal in the EU would require code-sharing platforms like GitHub and SourceForge to monitor all content that users upload for potential copyright infringement. "The proposal is aimed at music and videos on streaming platforms, based on a theory of a 'value gap' between the profits those platforms make from uploaded works and what copyright holders of some uploaded works receive," reports The GitHub Blog. "However, the way it's written captures many other types of content, including code."

Upload filters, also known as "censorship machines," are some of the most controversial elements of the copyright proposal, raising a number of concerns including: -Privacy: Upload filters are a form of surveillance, effectively a "general monitoring obligation" prohibited by EU law
-Free speech: Requiring platforms to monitor content contradicts intermediary liability protections in EU law and creates incentives to remove content
-Ineffectiveness: Content detection tools are flawed (generate false positives, don't fit all kinds of content) and overly burdensome, especially for small and medium-sized businesses that might not be able to afford them or the resulting litigation Upload filters are especially concerning for software developers given that: -Software developers create copyrightable works -- their code -- and those who choose an open source license want to allow that code to be shared
-False positives (and negatives) are especially likely for software code because code often has many contributors and layers, often with different licensing for different components
-Requiring code-hosting platforms to scan and automatically remove content could drastically impact software developers when their dependencies are removed due to false positives The EU Parliament continues to introduce new proposals for Article 13 but these issues remain. MEP Julia Reda explains further in a recent proposal from Parliament.

An anonymous reader quotes a report from Medium: Lawmakers behind a new anti-privacy bill are trying to sneak it through Congress by attaching it to the must-pass government spending bill. The CLOUD Act would hand police in the U.S., and other countries, extreme new powers to obtain and monitor data directly from tech companies instead of requiring a warrant and judicial review. Congressional leadership will decide whether the CLOUD Act gets attached to the omnibus government spending bill sometime this week, potentially as early as tomorrow... If passed, this bill would give law enforcement the power to go directly to tech companies, no matter where they or their servers are, to obtain our data. They wouldn't need a warrant or court oversight, and we'll be left with no protections to ensure law enforcement isn't violating our rights. A recent report from the Electronic Frontier Foundation explains how the CLOUD Act circumvents the Fourth Amendment. "This new backdoor for cross-border data mirrors another backdoor under Section 702 of the FISA Amendments Act, an invasive NSA surveillance authority for foreign intelligence gathering," reports the EFF. "That law, recently reauthorized and expanded by Congress for another six years, gives U.S. intelligence agencies, including the NSA, FBI, and CIA, the ability to search, read, and share our private electronic messages without first obtaining a warrant. The new backdoor in the CLOUD Act operates much in the same way. U.S. police could obtain Americans' data, and use it against them, without complying with the Fourth Amendment."

According to newly released documents by the Electronic Frontier Foundation, federal agents would pay Geek Squad employees to flag illegal materials on devices sent in by customers for repairs. "The relationship goes back at least ten years, according to documents released as a result of the lawsuit [filed last year]," reports ZDNet. "The agency's Louisville division aim was to maintain a 'close liaison' with Geek Squad management to 'glean case initiations and to support the division's Computer Intrusion and Cyber Crime programs.'" From the report: According to the EFF's analysis of the documents, FBI agents would "show up, review the images or video and determine whether they believe they are illegal content" and seize the device so an additional analysis could be carried out at a local FBI field office. That's when, in some cases, agents would try to obtain a search warrant to justify the access. The EFF's lawsuit was filed in response to a report that a Geek Squad employee was used as an informant by the FBI in the prosecution of child pornography case. The documents show that the FBI would regularly use Geek Squad employees as confidential human sources -- the agency's term for informants -- by taking calls from employees when they found something suspect.

An anonymous reader quotes the EFF: Playboy Entertainment has given up on its lawsuit against Happy Mutants, LLC, the company behind Boing Boing. Earlier this month, a federal court dismissed Playboy's claims but gave Playboy permission to try again with a new complaint, if it could dig up some new facts. The deadline for filing that new complaint passed this week, and today Playboy released a statement suggesting that it is standing down...

It's hard to understand why Playboy brought this case in the first place, turning its legal firepower on a small news and commentary website that hadn't uploaded or hosted any infringing content. We're also a little perplexed as to why Playboy seems so unhappy that the Boing Boing post is still up when the links they complain about have been dead for almost two years.

An anonymous reader quotes a report from the Electronic Frontier Foundation: Rejecting years of settled precedent, a federal court in New York has ruled [PDF] that you could infringe copyright simply by embedding a tweet in a web page. Even worse, the logic of the ruling applies to all in-line linking, not just embedding tweets. If adopted by other courts, this legally and technically misguided decision would threaten millions of ordinary Internet users with infringement liability.

This case began when Justin Goldman accused online publications, including Breitbart, Time, Yahoo, Vox Media, and the Boston Globe, of copyright infringement for publishing articles that linked to a photo of NFL star Tom Brady. Goldman took the photo, someone else tweeted it, and the news organizations embedded a link to the tweet in their coverage (the photo was newsworthy because it showed Brady in the Hamptons while the Celtics were trying to recruit Kevin Durant). Goldman said those stories infringe his copyright. "[W]hen defendants caused the embedded Tweets to appear on their websites, their actions violated plaintiff's exclusive display right; the fact that the image was hosted on a server owned and operated by an unrelated third party (Twitter) does not shield them from this result," Judge Katherine Forrest said.

TorrentFreak: As entertainment companies and Internet services spar over the boundaries of copyright law, the EFF is urging the US Copyright Office to keep "copyright's safe harbors safe." In a petition just filed with the office, the EFF warns that innovation will be stymied if Congress goes ahead with a plan to introduce proactive 'piracy' filters at the expense of the DMCA's current safe harbor provisions. [...] "Major media and entertainment companies and their surrogates want Congress to replace today's DMCA with a new law that would require websites and Internet services to use automated filtering to enforce copyrights. "Systems like these, no matter how sophisticated, cannot accurately determine the copyright status of a work, nor whether a use is licensed, a fair use, or otherwise non-infringing. Simply put, automated filters censor lawful and important speech," the EFF warns.

The Electronic Frontier Foundation reports that its founder, John Perry Barlow, has passed away quietly in his sleep this morning. He was 70 years old. From the report: It is no exaggeration to say that major parts of the Internet we all know and love today exist and thrive because of Barlow's vision and leadership. He always saw the Internet as a fundamental place of freedom, where voices long silenced can find an audience and people can connect with others regardless of physical distance. Barlow was sometimes held up as a straw man for a kind of naive techno-utopianism that believed that the Internet could solve all of humanity's problems without causing any more. As someone who spent the past 27 years working with him at EFF, I can say that nothing could be further from the truth.

Barlow knew that new technology could create and empower evil as much as it could create and empower good. He made a conscious decision to focus on the latter: "I knew it's also true that a good way to invent the future is to predict it. So I predicted Utopia, hoping to give Liberty a running start before the laws of Moore and Metcalfe delivered up what Ed Snowden now correctly calls 'turn-key totalitarianism.'" Barlow's lasting legacy is that he devoted his life to making the Internet into "a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth... a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity."

An anonymous reader quotes the EFF: The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients. The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.

The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut. "People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos," said EFF Director of Cybersecurity Eva Galperin. "This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person's day-to-day life."
Dark Caracal apparently gets installed through carefully-targeted spearphishing attacks, accoridng to the EFF. "Several types of phishing emails directed people -- including military personnel, activists, journalists, and lawyers -- to go to a fake app store-like page, where fake Android apps waited. There is even evidence that, in some cases, Dark Caracal used physical access to people's phones to install the fake apps."

An anonymous reader shares a report: The popular blog Boing Boing has asked a federal court in California to drop the copyright infringement lawsuit filed against it by Playboy. With help from the EFF, Boing Boing argues that its article linking to an archive of hundreds of centerfold playmates is clearly fair use. Or else it will be "the end of the web as we know it," the blog warns. Late last year Playboy sued the popular blog Boing Boing for publishing an article that linked to an archive of every playmate centerfold till then. "Kind of amazing to see how our standards of hotness, and the art of commercial erotic photography, have changed over time," Boing Boing's Xena Jardin commented. Playboy, instead, was amazed that infringing copies of their work were being shared in public. While Boing Boing didn't upload or store the images in question, the publisher took the case to court.

An anonymous reader quotes Open Source Observatory: The City of Barcelona is migrating its computer systems away from the Windows platform, reports the Spanish newspaper El País. The City's strategy is first to replace all user applications with open-source alternatives, until the underlying Windows operating system is the only proprietary software remaining. In a final step, the operating system will be replaced with Linux... According to Francesca Bria, the Commissioner of Technology and Digital Innovation at the City Council, the transition will be completed before the current administration's mandate ends in spring 2019. For starters, the Outlook mail client and Exchange Server will be replaced with Open-Xchange. In a similar fashion, Internet Explorer and Office will be replaced with Firefox and LibreOffice, respectively. The Linux distribution eventually used will probably be Ubuntu, since the City of Barcelona is already running 1,000 Ubuntu-based desktops as part of a pilot...

Barcelona is the first municipality to have joined the European campaign 'Public Money, Public Code'. This campaign is an initiative of the Free Software Foundation Europe (FSFE) and revolves around an open letter advocating that publicly funded software should be free. Currently, this call to public agencies is supported by more than 100 organisations and almost 15,000 individuals. With the new open-source strategy, Barcelona's City Council aims to avoid spending large amounts of money on licence-based software and to reduce its dependence on proprietary suppliers through contracts that in some cases have been closed for decades.