Mozilla today launched Firefox 83 for Windows, Mac, and Linux. An anonymous reader shares a report: Firefox 83's highlight feature is HTTPS-Only Mode, in which the browser attempts to establish fully secure connections to every website (just like the EFF's HTTPS Everywhere). If it can't, Firefox asks for your permission before connecting to a website that doesn't support secure connections. To enable HTTPS-Only Mode, click on Firefox's menu button, hit Preferences, then Privacy & Security, scroll down to HTTPS-Only Mode, and choose "Enable HTTPS-Only Mode in all windows." [...] Firefox 83 also brings performance improvements (improved page load performance by up to 15%, page responsiveness by up to 12%, and reduced memory usage by up to 8%). Firefox 83 is also the penultimate version of the web browser that will run Flash software; Firefox 85 will completely disable it when it arrives on Jan. 12, 2021.

GitHub has reinstated today the youtube-dl open-source project, a Python library that lets users download the source audio and video files behind YouTube videos. From a report: GitHub, a code-hosting repository, had previously removed the library from its portal after it received a controversial DMCA takedown request from the Recording Industry Association of America (RIAA) on October 23. In a DMCA takedown letter, RIAA argued that the library was being used to "circumvent the technological protection measures used by authorized streaming services such as YouTube" and to allow users to "reproduce and distribute music videos and sound recordings [...] without authorization." RIAA also noted that the project's source code "expressly suggests its use to copy and/or distribute the following copyrighted works." More specifically, RIAA used Section 1201 of the Digital Millennium Copyright Act (DMCA) to claim that the youtube-dl library was breaking copyright by providing a tool to circumvent copyrighted material -- even if the youtube-dl library didn't contain copyright-infringing code itself.

But in a blog post today, GitHub said the library did not actually break Section 1201 of the DMCA, citing a letter it received from Electronic Frontier Foundation lawyers, who to take up the youtube-dl project's case. In the letter, the EFF team explained that Google does not have any technical measures in place to prevent the download of its videos -- all of which need to be made freely available to all kinds of apps, browsers, smart TVs, and more. Hence, EFF lawyers argued that the library could never be taken down under Section 1201 of the DMCA since the library doesn't actually circumvent any sort of copyright protection system in the first place.

Saturday saw 2020's virtual observation of the annual Aaron Swartz Day and International Hackathon, which the EFF describes as "a day dedicated to celebrating the continuing legacy of activist, programmer, and entrepreneur Aaron Swartz."

Its official web site notes the wide-ranging event includes "projects and ideas that are still bearing fruit to this day, such as SecureDrop, Open Library, and the Aaron Swartz Day Police Surveillance Project." The event even included a virtual session for the Atlas of Surveillance project which involved documenting instances of law enforcement using surveillance technologies like social media monitoring, automated license plate readers, and body-worn cameras. And EFF special advisor Cory Doctorow, director of strategy Danny O'Brien, and senior activist Elliot Harmon also spoke "about Aaron's legacy and how his work lives on today," according to the EFF's announcement: Aaron Swartz was a brilliant champion of digital rights, dedicated to ensuring the Internet remained a thriving ecosystem for open knowledge. EFF was proud to call him a close friend and collaborator. His life was cut short in 2013, after he was charged under the notoriously draconian Computer Fraud and Abuse Act for systematically downloading academic journal articles from the online database JSTOR.

Federal prosecutors stretch this law beyond its original purpose of stopping malicious computer break-ins, reserving the right to push for heavy penalties for any behavior they don't like that happens to involve a computer. This was the case for Aaron, who was charged with eleven counts under the CFAA. Facing decades in prison, Aaron died by suicide at the age of 26. He would have turned 34 this year, on November 8.

In addition to EFF projects, the hackathon will focus on projects including SecureDrop, Open Library, and the Aaron Swartz Day Police Surveillance Project. The full lineup of speakers includes Aaron Swartz Day co-founder Lisa Rein, SecureDrop lead Mickael E., researcher Mia Celine, Lucy Parsons Lab founder Freddy Martinez, and Brewster Kahle — co-founder of Aaron Swartz Day and the Internet Archive.
All of the presentations are now online.

"EFF is launching How to Fix the Internet, a new podcast mini-series to examine potential solutions to six ills facing the modern digital landscape," announces EFF.org: Over the course of 6 episodes, we'll consider how current tech policy isn't working well for users and invite experts to join us in imagining a better future... It's easy to see all the things wrong with the modern Internet, and how the reality of most peoples' experience online doesn't align with the dreams of its early creators. How did we go astray and what should we do now? And what would our world look like if we got it right...?

In each episode, we are joined by a guest to examine how the current system is failing, consider different possibilities for solutions, and imagine a better future. After all, we can't build a better world unless we can imagine it.

We are launching the podcast with two episodes: The Secret Court Approving Secret Surveillance, featuring the Cato Institute's specialist in surveillance legal policy Julian Sanchez; and Why Does My Internet Suck?, featuring Gigi Sohn, one of the nation's leading advocates for open, affordable, and democratic communications networks. Future episodes will be released on Tuesdays.
Other topics to be covered by the podcast mini-series:

• The third-party doctrine [which asserts "no reasonable expectation of privacy"]
• Barriers to interoperable technology
• Law enforcement's use of face recognition technology
• Digital first sale and the resale of intellectual property

In a new essay at EFF.org, Cory Doctorow re-visits HP's anti-consumer "security updates" that disabled third-party ink cartridges (while missing real vulnerabilities that could actually bypass network firewalls).

Doctorow writes that it was just the beginning: HP's latest gambit challenges the basis of private property itself: a bold scheme! With the HP Instant Ink program, printer owners no longer own their ink cartridges or the ink in them. Instead, HP's customers have to pay a recurring monthly fee based on the number of pages they anticipate printing from month to month; HP mails subscribers cartridges with enough ink to cover their anticipated needs. If you exceed your estimated page-count, HP bills you for every page (if you choose not to pay, your printer refuses to print, even if there's ink in the cartridges). If you don't print all your pages, you can "roll over" a few of those pages to the next month, but you can't bank a year's worth of pages to, say, print out your novel or tax paperwork. Once you hit your maximum number of "banked" pages, HP annihilates any other pages you've paid for (but continues to bill you every month).

Now, you may be thinking, "All right, but at least HP's customers know what they're getting into when they take out one of these subscriptions," but you've underestimated HP's ingenuity. HP takes the position that its offers can be retracted at any time. For example, HP's "Free Ink for Life" subscription plan offered printer owners 15 pages per month as a means of tempting users to try out its ink subscription plan and of picking up some extra revenue in those months when these customers exceeded their 15-page limit. But Free Ink for Life customers got a nasty shock at the end of last month: HP had unilaterally canceled their "free ink for life" plan and replaced it with "a $0.99/month for all eternity or your printer stops working" plan...

For would-be robber-barons, "smart" gadgets are a moral hazard, an irresistible temptation to use those smarts to reconfigure the very nature of private property, such that only companies can truly own things, and the rest of us are mere licensors, whose use of the devices we purchase is bound by the ever-shifting terms and conditions set in distant boardrooms. From Apple to John Deere to GM to Tesla to Medtronic, the legal fiction that you don't own anything is used to force you to arrange your affairs to benefit corporate shareholders at your own expense. And when it comes to "razors and blades" business-model, embedded systems offer techno-dystopian possibilities that no shaving company ever dreamed of: the ability to use law and technology to prevent competitors from offering their own consumables. From coffee pods to juice packets, from kitty litter to light-bulbs, the printer-ink cartridge business-model has inspired many imitators.

HP has come a long way since the 1930s, reinventing itself several times, pioneering personal computers and servers. But the company's latest reinvention as a wallet-siphoning ink grifter is a sad turn indeed, and the only thing worse than HP's decline is the many imitators it has inspired.

While the RIAA has objected to a tool for downloading online videos, EFF senior activist Elliot Harmon responds with this question. "Who died and put them in charge of YouTube?"

He asks the question in a new video "explainer" on the controversy, and argues in a new piece at EFF.org that the youtube-dl tool "doesn't infringe on any RIAA copyrights." RIAA's argument relies on a different section of the DMCA, Section 1201. DMCA 1201 says that it's illegal to bypass a digital lock in order to access or modify a copyrighted work. Copyright holders have argued that it's a violation of DMCA 1201 to bypass DRM even if you're doing it for completely lawful purposes; for example, if you're downloading a video on YouTube for the purpose of using it in a way that's protected by fair use. (And thanks to the way that copyright law has been globalized via trade agreements, similar laws exist in many other jurisdictions too.) RIAA argues that since youtube-dl could be used to download music owned by RIAA-member labels, no one should be able to use the tool, even for completely lawful purposes.

This is an egregious abuse of the notice-and-takedown system, which is intended to resolve disputes over allegedly infringing material online. Again, youtube-dl doesn't use RIAA-member labels' music in any way. The makers of youtube-dl simply shared information with the public about how to perform a certain task — one with many completely lawful applications.
Harmon wants to hear from people using youtube-dl for lawful purposes. And he also links to an earlier EFF piece arguing that DMCA 1201 "is incredibly broad, apparently allowing rightsholders to legally harass any 'trafficker' in code that lets users re-take control of their devices from DRM locks..."

And EFF's concern over DMCA 1201 has been ongoing: DMCA 1201 has been loaded with terrible implications for innovation and free expression since the day it was passed. For many years, EFF documented these issues in our "Unintended Consequences" series; we continue to organize and lobby for temporary exemptions to its provisions for the purposes of cellphone unlocking, restoring vintage videogames and similar fair uses, as well as file and defend lawsuits in the United States to try and mitigate its damage. We look forward to the day when it is no longer part of U.S. law.

But due to the WIPO Copyright Treaty, the DMCA's anti-circumvention provisions infest much of the world's jurisdictions too, including the European Union via the Information Society Directive 2001/29/EC.

An anonymous reader quotes a report from the Electronic Frontier Foundation: This is not a drill. Red alert: The police surveillance center in Jackson, Mississippi, will be conducting a 45-day pilot program to live stream the Amazon Ring cameras of participating residents. Now, our worst fears have been confirmed. Police in Jackson, Mississippi, have started a pilot program that would allow Ring owners to patch the camera streams from their front doors directly to a police Real Time Crime Center. The footage from your front door includes you coming and going from your house, your neighbors taking out the trash, and the dog walkers and delivery people who do their jobs in your street. In Jackson, this footage can now be live streamed directly onto a dozen monitors scrutinized by police around the clock. Even if you refuse to allow your footage to be used that way, your neighbor's camera pointed at your house may still be transmitting directly to the police.

Only a few months ago, Jackson stood up for its residents, becoming the first city in the southern United States to ban police use of face recognition technology. Clearly, this is a city that understands invasive surveillance technology when it sees it, and knows when police have overstepped their ability to invade privacy. If police want to build a surveillance camera network, they should only do so in ways that are transparent and accountable, and ensure active resident participation in the process. If residents say "no" to spy cameras, then police must not deploy them. The choices you and your neighbors make as consumers should not be hijacked by police to roll out surveillance technologies. The decision making process must be left to communities.

Science fiction writer Cory Doctorow (also a former EFF staffer and activist) explains why he's crowdfunding his new audiobook online. Despite the large publishers for his print editions, "I can't get anyone to do my audiobooks. Amazon and its subsidiary Audible, which controls 90% of the audiobook sales, won't carry any of my audiobooks because I won't let them put any of their digital rights management on it.

"I don't want you locked in with their DRM as a condition of experiencing my work," he explains in a video on Kickstarter. "And so I have to do it myself."

He's promising to sell the completed book through all the usual platforms "except Audible," because "I want to send a message. If we get a lot of pre-orders for this, it's going to tell something to Amazon and Audible about how people prioritize the stories they love over the technology they hate, and why technological freedom matters to people.

"It's also going to help my publisher and other major publishers understand that there is an opportunity here to work with crowdfunding platforms in concert with the major publishers' platforms to sell a lot of books in ways that side-step the monopolists, and that connect artists and audiences directly."

it's the third book in a series which began with the dystopian thriller Little Brother (recommended by Neil Gaiman) and continued with a sequel named Homeland. ("You may have seen Edward Snowden grab it off his bedstand and put it in his go bag and go into permanent exile in Hong Kong in the documentary Citizen 4," Doctorow says in his fundraising video.) The newest book, Attack Surface, finds a "technologist from the other side" — a surveillance contractor — now reckoning with their conscience while being hunted with the very cyber-weapons they'd helped to build. "There are a lot of technologists who are reckoning with the moral consequences of their actions these days," Doctorow says, adding "that's part of what inspired me to write this...

"Anyone who's been paying attention knows that there's been a collision between our freedom and our technology brewing for a long time."

Just three days after launching the Kickstarter campaign, Doctorow had already raised over $120,000 over his original goal of $7,000 — with 26 days left to go. And he also promises that the top pledge premium is for real....

$10,000	You and Cory together come up with the premise for his next story in the "Little Brother" universe.
$75 or more	All three novels as both audiobooks and ebooks
$40 or more	All three novels as audiobooks
$35 or more	All three novels as ebooks
$25 or more	The audiobook and the ebook of Cory's new novel, Attack Surface
$15 or more	The audiobook for Attack Surface
$14 or more	The new book Attack Surface in ebook format as a .mobi/.epub file
$11 or more	The second book in the series, Homeland, in ebook format as a .mobi/.epub file
$10 or more	The first novel in the series in ebook format as a .mobi/.epub file
$1 or more	Cory will email you the complete text of "Little Brother," the first book in the series, cryptographically signed with his private key

Blogger/science fiction writer Cory Doctorow (also a former EFF staffer and activist) has just published How to Destroy Surveillance Capitalism — a new book which he's publishing free online.

In a world swamped with misinformation and monopolies, Doctorow says he's knows what's missing from our proposed solutions: If we're going to break Big Tech's death grip on our digital lives, we're going to have to fight monopolies. That may sound pretty mundane and old-fashioned, something out of the New Deal era, while ending the use of automated behavioral modification feels like the plotline of a really cool cyberpunk novel... But trustbusters once strode the nation, brandishing law books, terrorizing robber barons, and shattering the illusion of monopolies' all-powerful grip on our society. The trustbusting era could not begin until we found the political will — until the people convinced politicians they'd have their backs when they went up against the richest, most powerful men in the world. Could we find that political will again...?

That's the good news: With a little bit of work and a little bit of coalition building, we have more than enough political will to break up Big Tech and every other concentrated industry besides. First we take Facebook, then we take AT&T/WarnerMedia. But here's the bad news: Much of what we're doing to tame Big Tech instead of breaking up the big companies also forecloses on the possibility of breaking them up later... Allowing the platforms to grow to their present size has given them a dominance that is nearly insurmountable — deputizing them with public duties to redress the pathologies created by their size makes it virtually impossible to reduce that size. Lather, rinse, repeat: If the platforms don't get smaller, they will get larger, and as they get larger, they will create more problems, which will give rise to more public duties for the companies, which will make them bigger still.

We can work to fix the internet by breaking up Big Tech and depriving them of monopoly profits, or we can work to fix Big Tech by making them spend their monopoly profits on governance. But we can't do both. We have to choose between a vibrant, open internet or a dominated, monopolized internet commanded by Big Tech giants that we struggle with constantly to get them to behave themselves...

Big Tech wired together a planetary, species-wide nervous system that, with the proper reforms and course corrections, is capable of seeing us through the existential challenge of our species and planet. Now it's up to us to seize the means of computation, putting that electronic nervous system under democratic, accountable control.
With "free, fair, and open tech" we could then tackle our other urgent problems "from climate change to social change" — all with collective action, Doctorow argues. And "The internet is how we will recruit people to fight those fights, and how we will coordinate their labor.

"Tech is not a substitute for democratic accountability, the rule of law, fairness, or stability — but it's a means to achieve these things."

An anonymous reader quotes a report from TechCrunch: Several companies offering phone-spying apps -- known as "stalkerware" -- are still advertising in Google search results, despite the search giant's ban that took effect today, TechCrunch has found. These controversial apps are often pitched to help parents snoop on their child's calls, messages, apps and other private data under the guise of helping to protect against online predators. But some repurpose these apps to spy on their spouses -- often without their permission. It's a problem that the wider tech industry has worked to tackle. Security firms and antivirus makers are working to combat the rise of stalkerware, and federal authorities have taken action when app makers have violated the law.

One of the biggest actions to date came last month when Google announced an updated ads policy, effectively banning companies from advertising phone-snooping apps "with the express purpose of tracking or monitoring another person or their activities without their authorization." Google gave these companies until August 11 to remove these ads. But TechCrunch found seven companies known to provide stalkerware -- including FlexiSpy, mSpy, WebWatcher and KidsGuard -- were still advertising in Google search results after the ban took effect. Google did not say explicitly say if the stalkerware apps violated its policy, but told TechCrunch that it removed ads for WebWatcher. Despite the deadline, Google said that enforcement is not always immediate. "We recently updated our policies to prohibit ads promoting spyware for partner surveillance while still allowing ads for technology that helps parents monitor their underage children," said a Google spokesperson. "To prevent deceitful actors who try to disguise the product's intent and evade our enforcement, we look at several signals like the ad text, creative and landing page, among others, for policy compliance. When we find that an ad or advertiser is violating our policies, we take immediate action."

An anonymous reader quotes a report from Ars Technica: House Democrats yesterday unveiled a $100 billion broadband plan that's gaining quick support from consumer advocates. "The House has a universal fiber broadband plan we should get behind," Electronic Frontier Foundation Senior Legislative Counsel Ernesto Falcon wrote in a blog post. House Majority Whip James Clyburn (D-SC.) announced the Accessible, Affordable Internet for All Act, saying it has more than 30 co-sponsors and "invests $100 billion to build high-speed broadband infrastructure in unserved and underserved communities and ensure that the resulting Internet service is affordable." The bill text is available here.

In addition to federal funding for broadband networks with speeds of at least 100Mbps downstream and upstream, the bill would eliminate state laws that prevent the growth of municipal broadband. There are currently 19 states with such laws. The Clyburn legislation targets those states with this provision: "No State statute, regulation, or other State legal requirement may prohibit or have the effect of prohibiting any public provider, public-private partnership provider, or cooperatively organized provider from providing, to any person or any public or private entity, advanced telecommunications capability or any service that utilizes the advanced telecommunications capability provided by such provider." The bill also has a Dig Once requirement that says fiber or fiber conduit must be installed "as part of any covered highway construction project" in states that receive federal highway funding. Similar Dig Once mandates have been proposed repeatedly over the years and gotten close to becoming US law, but never quite made it past the finish line.

STERIS Corporation, a company that makes sterilization and other medical equipment, sent a letter to iFixit claiming their online database of repair manuals for ventilators and medical equipment violates their copyrights. Motherboard reports: "It has come to my attention that you have been reproducing certain installation and maintenance manuals relating to our products, documentation which is protected by copyright law," the letter said. The letter then went on to tell [Kyle Wiens, CEO of iFixit] to remove all Steris copyrighted material from the iFixit website within 10 days of the letter. As Motherboard reported in March, major manufacturers of medical devices have long made it difficult for their devices to be repaired through third party repair professionals. Manufacturers have often lobbied against right to repair legislation and many medical devices are controlled by artificial "software locks" that allow only those with authorization to make modifications.

"I'm disappointed that Steris is resorting to legal threats to stop hospitals from having access to information about how to maintain critical sterilization equipment during a pandemic," Wiens told Motherboard in an email. "No manufacturer should be stopping hospitals from repairing their equipment," Wiens said. "The best way to ensure patient safety is to make sure that equipment is being maintained regularly using the manufacturer's recommended procedures. The only way to do that is if hospitals have up to date manuals." With regards to the letter sent by Steris, Wiens said iFixit has not removed any material from its website. "We explained to Steris that what we did is a lawful and protected fair use under the U.S. Copyright act," Wiens said. "iFixit is protected by Section 512 of the Digital Millennium Copyright Act, which allows online platforms to host content contributed by users provided they comply with the Act's requirements, which iFixit does," a letter to Steris from the Electronic Frontier Foundation on behalf of iFixit said.

Mozilla, Electronic Frontier Foundation (EFF), and more than 19,000 internet users today urged Zoom CEO Eric Yuan to reverse his decision to deny end-to-end encryption to users of its free service end-to-end encryption, saying it puts activists and other marginalized groups at risk. Earlier this month, Zoom announced it will offer end-to-end encryption, but only to those who pay. From a statement: The pressure to reverse the decision comes as racial justice activists are using tools like Zoom to organize protests. Without end-to-end encryption, information shared in their online meetings could be intercepted -- a concern that has been legitimized by both recent actions by law enforcement and a long-term history of discriminatory policing. Mozilla and EFF today are presenting an open letter to Yuan, co-signed by 19,000 people, maintaining that privacy and best-in-class security should be the default, not something that only the wealthy or businesses can afford.

Detections rates for stalkerware applications on Android and Windows devices are slowly improving, according to the findings of a seven-month research project carried out by independent antivirus testing lab AV-Comparatives and the Electronic Frontier Foundation. From a report: The study, published earlier this week, took place in two phases, with the first in November 2019, and the second in May 2020. Researchers looked at how 10 Android mobile antivirus apps and 10 Windows antivirus products detected some of today's most prevalent stalkerware strains. The stalkerware strains, 20 on Android and 10 on Windows, were chosen by AV-Comparatives together with the Electronic Frontier Foundation (EFF), based on their popularity in the US. The study discovered that many antivirus companies have improved their detection rates between the November 2019 scan and May 2020.

An anonymous reader quotes a report from the Electronic Frontier Foundation: A core part of EFF's mission is transparency and access to information, because we know that in a nation bound by the rule of law, the public must have the ability to know the law and how it is being applied. That's why the default rule is that the public must have full access to court records -- even if those records contain unsavory details. Any departure from that rule must be narrow and well-justified. But litigants and judges aren't always rigorous in upholding that principle. For example, when Brian Fargo sued Jennifer Tejas for allegedly defamatory Instagram posts, he asked that the court seal portions of his filings that contained those posts, references to other people and private medical information. The court granted Fargo's request, with little explanation or apparent care.

That approach set a dangerous precedent for others. The public has a right to know what courts consider defamatory. So, with help from the First Amendment Clinic at UCLA School of Law, EFF and the First Amendment Coalition moved to unseal the records containing the Instagram posts and references to other people. The judge denied that request. Undeterred, we appealed -- and won (PDF download). The appeals court chided the trial court for its failure to adequately justify its sealing order, and its equal failure to make sure the order was narrowly tailored so that as little as possible would be hidden from the public. While it did allow some information to remain sealed -- information related to private medical records can be kept from the public, and pseudonyms should be used in some exhibits to protect the privacy of third parties -- it ordered the rest released.

Charlotte Web shares a report from The Register: ICANN has halted the proposed $1.1 billion sale of the .org registry to an unknown private equity firm, claiming this was "the right thing to do." The DNS overseer has been under growing pressure to use its authority to refuse the planned transfer of the top-level domain from the Internet Society to Ethos Capital, most recently from the California Attorney General who said the deal "puts profits above the public interest." ICANN ultimately bowed to the US state's top lawyer when it concluded today it "finds the public interest is better served in withholding consent."

It gave several factors, all of which were highlighted by Attorney General Xavier Becerra as reasons to reject it: the fact that the sale would see the registry -- which has long served non-profit organizations -- turn from a non-profit itself into a for-profit vehicle; that Ethos Capital was a "wholly different form of entity" to the Internet Society; that the $360m in debt that was being used to finance the deal "raises further question about how the .org registrants will be protected"; and that the measures that Ethos Capital had put in place following an outcry were "untested." The decision will likely spark a mixture of relief and celebration from millions of .org domain holders, including some of the world's largest non-profit organizations, many of which were certain that their long-standing online addresses were going to be milked for profit by an organization that never fully revealed who its directors or investors were.

ICANN has again delayed a decision on the sale of the .org registry, pushing the issue off for another month. The Register reports: The organization's board of directors was due to decide today on whether to approve the $1.13 billion sale of the .org domain from the Internet Society to private equity firm Ethos Capital, but a last-minute letter from California's attorney general Xavier Becerra appears to have upended the plan. Rather than take a vote, the ICANN board debated the issue and ultimately decided to put off a decision until May 4 -- the fourth such delay. The organization formally acknowledged the decision late on Thursday evening local time.

"We have agreed to extend the review period to May 4, 2020, to permit additional time to complete our review," it said. The attorney general's letter [PDF] arrived just hours before the meeting and told the non-profit organization in stark terms that it should not approve the sale as it "raises serious concerns that cannot be overlooked." "Empowering a for-profit entity that could undermine the accessibility and affordability of the .org domain, which serves nonprofits, should concern all of us," the California AG's office told The Reg. "We're urging ICANN to deny the request to transfer control of the .org domain to a for-profit private equity firm. In California, we're committed to an Internet that serves everyone and we're simply concerned that this transfer puts profits above the public interest."

"If, as proposed, Ethos Capital is permitted to purchase PIR, it will no longer have the unique characteristics that ICANN valued at the time that it selected PIR as the nonprofit to be responsible for the .ORG registry," Becerra's letter notes. "In effect, what is at stake is the transfer of the world's second largest registry to a for-profit private equity firm that, by design, exists to profit from millions of nonprofit and non-commercial organizations." "Little is known about Ethos Capital and its multiple proposed subsidiaries," the letter states. "Even less is known about how these for-profit corporate entities and private investors will operate their businesses... Given the lack of transparency regarding Ethos' future plans, approval of the transfer may place at risk the operational stability of the .ORG registry."

The EFF's staff technologist -- also an engineer on Privacy Badger and HTTPS Everywhere, writes: Twitter greeted its users with a confusing notification this week. "The control you have over what information Twitter shares with its business partners has changed," it said. The changes will "help Twitter continue operating as a free service," it assured. But at what cost?

Twitter has changed what happens when users opt out of the "Allow additional information sharing with business partners" setting in the "Personalization and Data" part of its site. The changes affect two types of data sharing that Twitter does... Previously, anyone in the world could opt out of Twitter's conversion tracking (type 1), and people in GDPR-compliant regions had to opt in. Now, people outside of Europe have lost that option. Instead, users in the U.S. and most of the rest of the world can only opt out of Twitter sharing data with Google and Facebook (type 2).
The article explains how last August Twitter discovered that its option for opting out of device-level targeting and conversion tracking "did not actually opt users out." But after fixing that bug, "advertisers were unhappy. And Twitter announced a substantial hit to its revenue... Now, Twitter has removed the ability to opt out of conversion tracking altogether."

While users in Europe are protected by GDPR, "users in the United States and everywhere else, who don't have the protection of a comprehensive privacy law, are only protected by companies' self-interest..." BoingBoing argues that Twitter "has just unilaterally obliterated all its users' privacy choices, announcing the change with a dialog box whose only button is 'OK.'"

"White House officials are asking tech companies for more insight into our social networks and travel patterns," reports Wired, noting that Facebook even "created a disease mapping tool that tracks the spread of disease by aggregating user travel patterns." And Clearview AI "says it is in talks with public officials to use its software to identify anyone in contact with people who are infected." Such efforts clash with people's expectations of privacy. Now, there's a compelling reason to collect and share the data; surveillance may save lives. But it will be difficult to draw boundaries around what data is collected, who gets to use it, and how long the collection will continue...

"What's really important is for the government to be really clear in articulating what specific public health goals it's seeking to accomplish," said Kelsey Finch, senior counsel at the Future of Privacy Forum, an industry-backed group focused on tech policy. "And how it's limiting the collection of personal data to what's necessary to achieve those very specific goals, and then making sure that there are appropriate privacy safeguards put in place before data starts to change hands...."

Some privacy scholars question whether enhanced surveillance in the name of fighting disease can be dialed back once the danger has passed. "I'm not sure that we should be making longer-term judgments, in an emergency situation, about what the right balance is right now," said Jennifer Daskal, faculty director of the Tech, Law, and Security program at American University and a former national security official in the Department of Justice. "That often doesn't work out so well." Pointing back to 9/11, when Congress granted immense surveillance powers to the federal government, Daskal said decisions made during emergency situations tend to lead to overreach...

The rapid spread of the disease has prompted even some traditional defenders of personal privacy to acknowledge the potential benefits of digital tracking. "Public policy must reflect a balance between collective good and civil liberties in order to protect the health and safety of our society from communicable disease outbreaks," the Electronic Frontier Foundation wrote in a blog post earlier this month. But, the group continued, any data collection "must be scientifically justified and ⦠proportionate to the need."

America's Supreme Court will soon decide whether Google infringed on a copyright that Oracle says it holds on the APIs of Java. But this week Oracle's executive vice president also wrote a blog post arguing that Google "sought the support of outside groups to bolster its position" by using friend-of-the-court briefs to "create the impression that this case is of great import and controversy, and a ruling in Oracle's favor will impede innovation."

"Upon closer inspection, what these briefs reveal is a significantly different picture, one where Google is the outlier, with very little meaningful support outside the purview of its financial fingerprints." As we discussed in a previous post, this case is not about innovation, it is about theft. Google copied verbatim more than 11,000 lines of software code, and now attempts post hoc to change the rules in order to excuse its conduct... As those of us that have watched Google over the past few decades know, Google's view boils down to the self-absorbed position that the work it is doing is of such consequence that the rules shouldn't apply to them. The problem for Google is that very few outside of its self-generated atmosphere agree.

Let's be clear, it is not commonplace or foundational in the software industry to steal other developer's software code. Rather, what is commonplace is a confluence of interests where code is licensed to facilitate its widespread deployment, with the owner choosing the terms... Java embraced choice, with three different licensing alternatives, including a freely deployed open source license, and a commercial license designed to maintain interoperability. And it turns out that nobody except Google found it necessary to steal despite Java's enormous popularity. It is not in dispute in this matter that Google destroyed Java interoperability so it is unbelievable that many of its amici take the position that Google needs to prevail in order to protect interoperability...

Out of 26 briefs, we found:

- 7 briefs representing 13 entities that received "substantial contributions" from Google;

- 8 briefs filed by entities or individuals that have financial ties to Google through grants, dues, cy pres settlement proceeds or employment of individual amici;

- 2 briefs filed by companies with a clear commercial interest in Google prevailing;

- 1 brief filed by several former U.S. government employees all of whom worked for a small government agency run by a former Google executive, despite the U.S. government itself filing a brief in favor of Oracle;

- 4 separate briefs representing a total of 7 individuals;

- A few other briefs where Google financial ties are likely;

- 1 brief submitted by a serial copyright infringer repeatedly sanctioned by the Courts;

What masqueraded as a mass show of support for Google, may not be much more than an exercise in transactional interests.
The groups Oracle is criticizing include the American Library Association, EFF, and the Python Software Foundation, as well as a brief by 83 computer scientists which included Doug Lea, a former memeber of the executive committee of the Java Community Process. Oracle's blog post also makes the argument that besides Microsoft and IBM, "not a single brief from the other 98 of the Top 100 tech companies was filed."

There was a response on Twitter from Joshua Bloch, who worked on the Java platform at Sun before leaving in 2004 to become Google's chief Java architect for the next 8 years. He called Oracle's blog post "nonsense." For example, Doug Lea -- who is in no small measure responsible for Java's success -- accepted one small grant from Google fourteen years ago, and promptly doled it out to deserving undergrads who were testing java.util.concurrent. Have you no shame, Oracle?

We are not Google shills. We are scientists and engineers. Some of us laid the theoretical groundwork for the profession, some designed the computers you grew up on, and some wrote the software you use every day.

We depend on the right to reimplement each others' APIs, and we are truly afraid that your irresponsible lawsuit may deprive us of that right, which we've enjoyed throughout our long careers.