An anonymous reader writes: For some time now, Comcast has setting up public Wi-Fi hotspots, some of which are run on the routers of paying subscribers. The public hotspots are free, but not without cost: Comcast uses JavaScript to inject self-promotional ads into the pages served to users. "Security implications of the use of JavaScript can be debated endlessly, but it is capable of performing all manner of malicious actions, including controlling authentication cookies and redirecting where user data is submitted. ... Even if Comcast doesn't have any malicious intent, and even if hackers don't access the JavaScript, the interaction of the JavaScript with websites could "create" security vulnerabilities in websites, [EFF technologist Seth Schoen] said. "Their code, or the interaction of code with other things, could potentially create new security vulnerabilities in sites that didn't have them," Schoen said."

jfruh writes A U.S. appeals court cleared Yelp of charges of extortion related to its interaction with several small businesses who claim Yelp demanded that they pay for advertising or face negative reviews. While Yelp says it never altered a business rating for money, the court's finding was instead based on a strict reading of the U.S. extortion law, classifying Yelp's behavior as, at most, "hard bargaining." Interestingly, the EFF supported Yelp here, arguing that "Section 230 of the Communications Decency Act (CDA) protects online service providers from liability and lawsuits over user-generated content, except in very narrow circumstances where the providers created or developed content themselves. In its amicus brief, EFF argued that mere conjecture about contributing content – like there was in this case – is not enough to allow a lawsuit to go forward."

An anonymous reader writes: A Los Angeles Superior Court judge has ruled that the Los Angeles Police Department is not required to hand over a week's worth of license plate reader data to the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF). He cited the potential of compromising criminal investigations and giving (un-charged) criminals the ability to determine whether or not they were being targeted by law enforcement (PDF). The ACLU and the EFF sought the data under the California Public Records Act, but the judge invoked Section 6254(f), "which protects investigatory files." ACLU attorney Peter Bibring notes, "New surveillance techniques may function better if people don't know about them, but that kind of secrecy is inconsistent with democratic policing."

Personal Audio has been trying to assert patents they claim cover podcasting for some time now; in March Adam Carolla was sued and decided to fight back. Via the EFF comes news that he has settled with Personal Audio, and the outcome is likely beneficial to those still fighting the trolls. From the article: Although the settlement is confidential, we can guess the terms. This is because Personal Audio sent out a press release last month saying it was willing to walk away from its suit with Carolla. So we can assume that Carolla did not pay Personal Audio a penny. We can also assume that, in exchange, Carolla has given up the opportunity to challenge the patent and the chance to get his attorney’s fees. ... EFF’s own challenge to Personal Audio’s patent is on a separate track and will continue ... with a ruling likely by April 2015. ... We hope that Personal Audio’s public statements on this issue mean that it has truly abandoned threatening and suing podcasters. Though a press release might not be legally binding, the company will have a hard time justifying any further litigation (or threats of litigation) against podcasters. Any future targets can point to this statement. Carolla deserves recognition for getting this result.

An anonymous reader writes: The Electronic Frontier Foundation has updated its guide for protecting yourself and your cell phone at a protest. In addition to being extremely powerful tools (real-time communication to many watchers via social media, and video recording functionality), cell phones can also give authorities a lot of information about you if they confiscate it. The EFF is trying to encourage cell phone use and prepare people to use them. (The guide is based on U.S. laws, but much of the advice makes sense for other places as well.) Here are a few small snippets: "Start using encrypted communications channels. Text messages, as a rule, can be read and stored by your phone company or by surveillance equipment in the area. ... If the police ask to see your phone, tell them you do not consent to the search of your device. Again, since the Supreme Court's decision in Riley, there is little question that officers need a warrant to access the contents of your phone incident to arrest, though they may be able to seize the phone and get a warrant later. ... If your phone or electronic device was seized, and is not promptly returned when you are released, you can file a motion with the court to have your property returned."

The EFF is only today able to release details of an attempt by the government to alter the historical record in the case brought by the EFF against the NSA in Jewel v. NSA. "On June 6, the court held a long hearing in Jewel in a crowded, open courtroom, widely covered by the press. We were even on the local TV news on two stations. At the end, the Judge ordered both sides to request a transcript since he ordered us to do additional briefing. But when it was over, the government secretly, and surprisingly sought permission to "remove" classified information from the transcript, and even indicated that it wanted to do so secretly, so the public could never even know that they had done so." As you'd expect of the EFF, they fought back with vigorous objections, and in the end the government did not get its way, instead deciding that it hadn't given away any classified information after all. "The transcript of a court proceeding is the historical record of that event, what will exist and inform the public long after the persons involved are gone. The government's attempt to change this history was unprecedented. We could find no example of where a court had granted such a remedy or even where such a request had been made. This was another example of the government's attempt to shroud in secrecy both its own actions, as well as the challenges to those actions. We are pleased that the record of this attempt is now public. But should the situation recur, we will fight it as hard as we did this time."

klapaucjusz writes: The EFF has released an experimental router firmware designed make it easy to deploy open (password-less) access points in a secure manner. The EFF's firmware is based on the CeroWRT fork of OpenWRT, but appears to remove some of its more advanced routing features. The EFF is asking for help to further develop the firmware. They want the open access point to co-exist on the same router as your typical private and secured access point. They want the owner to be able to share bandwidth, but with a cap, so guests don't degrade service for the owner. They're also looking to develop a network queueing, a minimalist web UI, and an auto-update mechanism. The EFF has also released the beta version of a plug-in called Privacy Badger for Firefox and Chrome that will prevent online advertisers from tracking you.

AHuxley (892839) writes The Sydney Morning Herald is reporting that Australian federal and state police are using a no warrant cell phone tower metadata access technique called a "tower dump". A "tower dump" provides the identity, activity and location of all cell phones that connect a cellphone tower(s) over time (an hour or two). The metadata from thousands of phones and numbers connected are then sorted. Australian law-enforcement agencies made 330,000 requests for metadata in 2012-13. AHuxley links to some U.S. views on the same kind of massive data grab: The Wall Street Journal says they caputure innocent users' data; the Chicago Police Department is being sued for information on its purchases of equipment associated with this kind of slurping; and the EFF asks whether warrant protection for users' data will be extended by voice-comm companies as it has been for ISPs. I wonder what people would think of an occasional "postal zone dump" employing the same kind of dragnet but for communications on paper.

Bismillah writes: The Preferred Network Offload feature in Android extends battery life, but it also leaks location data, according to the Electronic Frontier Foundation. What's more, the same flaw is found in Apple OS X and Windows 7. "This location history comes in the form of the names of wireless networks your phone has previously connected to. These frequently identify places you've been, including homes ('Tom’s Wi-Fi'), workplaces ('Company XYZ office net'), churches and political offices ('County Party HQ'), small businesses ('Toulouse Lautrec's house of ill-repute'), and travel destinations ('Tehran Airport wifi'). This data is arguably more dangerous than that leaked in previous location data scandals because it clearly denotes in human language places that you've spent enough time to use the Wi-Fi."

cartechboy writes What if you got into your car and you had to authenticate that it was you behind the wheel? That might be what's coming in the near future as Ford's working with Intel to bring facial recognition to the car. The idea would be to improve safety and in-car tech with this system which is being called Project Mobil. When someone enters a Project Mobil-equipped car the system uses front-facing cameras to authenticate the driver. If the driver can't be authenticated it'll send a photo to the vehicle owner's phone asking for permission for this person to drive the vehicle. Once identified, the car can then automatically adjust certain settings to the driver's preference. This could also theoretically allow parents to control how loud their kids listen to the music while driving, how fast they can drive, and even simply monitor them driving. Obviously this NSA-like surveillance tech is a bit creepy on some levels, but there could be a lot of terrific applications for it. While only an experiment, don't be surprised if your dashboard stares back at you eventually.

blottsie writes: The Supreme Court ruled this week that it is illegal for police to search your phone without a warrant. But just because that's the new rule doesn't mean all 7.5 million law enforcement officers in the U.S. will abide by it. This guide, put together with the help of the EFF and ACLU, explains what to do if a police officer tries to search your phone without a warrant. Of course, that doesn't mean they don't have other ways of getting your data.

An anonymous reader writes The U.S. Court of Appeals for the 2nd Circuit last week reversed a tax evasion conviction against an accountant because the government had used data from his computers that were seized under a warrant targeting different suspects. The Fourth Amendment, the court pointed out, "prevents the seizure of one thing under a warrant describing another." Law enforcement originally made copies of his hard drives and during off-site processing, separated his personal files from data related to the original warrant. However, 1.5 years later, the government sifted through his personal files and used what it found to build a case against him. The appeals court held that "[i]f the Government could seize and retain non-responsive electronic records indefinitely, so it could search them whenever it later developed probable cause, every warrant to search for particular electronic data would become, in essence, a general warrant," which the Fourth Amendment protects against. The EFF hopes that the outcome of this appeal will have implications for the NSA's dragnet surveillance practice.

hypnosec writes A new movement dubbed the Open Wireless Movement is asking users to open up their private Wi-Fi networks to total strangers – a random act of kindness – with an aim of better securing networks and facilitating better use of finite broadband resources. The movement is supported by non-profit and pro-internet rights organizations like the Electronic Frontier Foundation (EFF), Mozilla, Open Rights Group, and Free Press among others. The EFF is planning to unveil one such innovation – Open Wireless Router – at the Hackers on Planet Earth (HOPE X) conference to be held next month on New York. This firmware will allow individuals to share their private Wi-Fi to total strangers to anyone without a password.

itwbennett (1594911) writes "In a victory for the Electronic Frontier Foundation (EFF), which is suing to make the DOJ release information about surveillance on U.S. citizens, a California judge on Friday ordered the Department of Justice to produce 66 pages of documents for her review. The judge said the agency failed to justify keeping the documents secret and she will decide whether the documents, including one opinion and four orders by the U.S. Foreign Intelligence Surveillance Court (FISC), were improperly withheld from the public."

The Guardian reports that Alaa Abd El Fattah, "one of the activists most associated with the 2011 uprising that briefly ended 60 years of autocratic rule, was sentenced to 15 years in jail for allegedly organising a protest – an act banned under a law implemented last November, and used to jail several revolutionary leaders. ... Abd El Fattah was also jailed under Mubarak, the military junta that succeeded him, and Adly Mansour, the interim president installed after the overthrow of Mohamed Morsi last summer. Under Morsi, Abd El Fattah escaped prison, but was placed under investigation." The EFF points ou that Abd El Fattah "is one of many caught up in the Egyptian government’s attempt to assert powers. Alaa set an example for how the Internet could be used to organize and exercise free speech: Egypt's leaders should not be permitted to make an example of him to silence others." Update: 06/12 20:02 GMT by T : Reader Mostafa Hussein points out that Abd El Fattah took part in a Slashdot interview more than 10 years ago, too; it gives some insight into the tech scene (and a bit of the politics) of Egypt at that time.

Reader Bruce66423 (1678196) points out skeptical-sounding coverage at the Washington Post of the NSA's claim that it can't hold onto information it collects about users' online activity long enough for it to be useful as evidence in lawsuits about the very practice of that collection. From the article: 'The agency is facing a slew of lawsuits over its surveillance programs, many launched after former NSA contractor Edward Snowden leaked information on the agency's efforts last year. One suit that pre-dates the Snowden leaks, Jewel v. NSA, challenges the constitutionality of programs that the suit allege collect information about Americans' telephone and Internet activities. In a hearing Friday, U.S. District for the Northern District of California Judge Jeffrey S. White reversed an emergency order he had issued earlier the same week barring the government from destroying data that the Electronic Frontier Foundation had asked be preserved for that case. The data is collected under Section 702 of the Amendments Act to the Foreign Intelligence Surveillance Act. But the NSA argued that holding onto the data would be too burdensome. "A requirement to preserve all data acquired under section 702 presents significant operational problems, only one of which is that the NSA may have to shut down all systems and databases that contain Section 702 information," wrote NSA Deputy Director Richard Ledgett in a court filing submitted to the court. The complexity of the NSA systems meant preservation efforts might not work, he argued, but would have "an immediate, specific, and harmful impact on the national security of the United States.' Adds Bruce66423: "This of course implies that they have no backup system — or at least that the backup are not held for long."

Today, as the EFF notes, marks one year from Edward Snowden's first document leaks, and the group is using that as a good spur to install free software intended to make it harder for anyone (the NSA is certainly not the first, and arguably far from the worst) to spy on your electronic communications. Nowadays, that means nearly everything besides face-to-face communication, or paper shipped through the world's postal systems. Reader gnujoshua (540710) highlights one of the options: 'The FSF has published a (rather beautiful) infographic and guide to encrypting your email using GnuPG. In their blog post announcing the guide they write: "One year ago today, an NSA contractor named Edward Snowden went public with his history-changing revelations about the NSA's massive system of indiscriminate surveillance. Today the FSF is releasing Email Self-Defense, a guide to personal email encryption to help everyone, including beginners, make the NSA's job a little harder.'" Serendipitous timing: a year and a day ago, we mentioned a UN report that made explicit the seemingly obvious truth that undue government surveillance, besides being an affront in itself, chills free speech. (Edward Snowden agrees.)

An anonymous reader writes in with this latest bit of EFF vs NSA news. 'We followed the back and forth situation earlier this year, in which there were some legal questions over whether or not the NSA needed to hang onto surveillance data at issue in various lawsuits, or destroy it as per the laws concerning retention of data. Unfortunately, in the process, it became clear that the DOJ misled FISA court Judge Reggie Walton, withholding key information. In response, the DOJ apologized, insisting that it didn't think the data was relevant — but also very strongly hinting that it used that opportunity to destroy a ton of evidence. However, this appeared to be just the latest in a long history of the NSA/DOJ willfully destroying evidence that was under a preservation order.

The key case where this evidence was destroyed was the EFF's long running Jewel v. NSA case, and the EFF has now told the court about the destruction of evidence, and asked the court to thus assume that the evidence proves, in fact, that EFF's clients were victims of unlawful surveillance. The DOJ/NSA have insisted that they thought that the EFF's lawsuit only covered programs issued under executive authority, rather than programs approved by the FISA Court, but the record in the case shows that the DOJ seems to be making this claim up.'

An anonymous reader writes "Netflix yesterday furthered its plans to ditch Silverlight for HTML5 on Macs, having already done so last year in IE11 on Windows 8.1. HTML5 video is now supported by Netflix in Safari on OS X Yosemite, meaning you can stream your favorite movies and TV shows without having to install any plugins." Courtesy of encrypted media extensions.

samzenpus (5) writes "Recently you had a chance to ask Jennifer Granick, the Director of Civil Liberties for the Center for Internet and Society at Stanford Law School, about surveillance, data protection, copyright, and number of other internet privacy issues. Below you'll find her answers to those questions."