mspohr shares a report from Ars Technica: In September 2018, Shipping & Transit LLC (formerly known as ArrivalStar) filed for Chapter 7 bankruptcy -- voluntary liquidation -- but no one seems to have noticed until the Electronic Frontier Foundation pointed it out on October 31. The company claimed that it held the patent on vehicle tracking and related alerts. But about 15 months ago, judges began to rule against Shipping & Transit for the first time. That seems to have put a damper on its entire business model.

Now, according to Shipping & Transit LLC's federal bankruptcy filings, its global patent holdings (34 in the United States and 29 elsewhere) are worth a whopping $2. Meanwhile, it owes more than $423,000 to numerous creditors, including banks, law firms, and something called the "West African Investment Trust," based in Geneva, Switzerland.

An anonymous reader quotes a report from Motherboard: Printer maker Epson is under fire this month from activist groups after a software update prevented customers from using cheaper, third party ink cartridges. It's just the latest salvo in a decades-long effort by printer manufacturers to block consumer choice, often by disguising printer downgrades as essential product improvements. For several decades now printer manufacturers have lured consumers into an arguably-terrible deal: shell out a modest sum for a mediocre printer, then pay an arm and a leg for replacement printer cartridges that cost relatively-little to actually produce.

The Electronic Frontier Foundation now says that Epson has been engaged in the same behavior. The group says it recently learned that in late 2016 or early 2017, Epson issued a "poison pill" software update that effectively downgraded user printers to block third party cartridges, but disguised the software update as a meaningful improvement. The EFF has subsequently sent a letter to Texas Attorney General Ken Paxton, arguing that Epson's lack of transparency can easily be seen as "misleading and deceptive" under Texas consumer protection laws. "When restricted to Epson's own cartridges, customers must pay Epson's higher prices, while losing the added convenience of third party alternatives, such as refillable cartridges and continuous ink supply systems," the complaint notes. "This artificial restriction of third party ink options also suppresses a competitive ink market and has reportedly caused some manufacturers of refillable cartridges and continuous ink supply systems to exit the market."

An anonymous reader shares a report: Neustar, the registry operator of the .US domain and NTIA have reversed course, allowing the inclusion of previously restricted "seven dirty words" from future .US domain name registrations. The decision came after EFF and the Cyberlaw Clinic at Harvard Law School intervened in the cancelation of a domain name containing a restricted word. The domain name -- fucknazis.us -- registered by Mr. Rubin was suspended by Neustar calling it a violation of an NTIA "seven dirty words" policy -- "a phrase with particular First Amendment significance," said EFF. Further reading: EFF: Yes, You Can Name A Website "Fucknazis.us".

An anonymous reader quotes a report from Motherboard: While the European Union voted this week to pass its widely-criticized new Copyright Directive, activists and members of European Parliament say there's still a chance of keeping the EU from fully implementing the worst parts of the troubling proposal. The most controversial aspects of the plan remain twofold: Article 11, which would require EU News outlets to pay a "link tax" just to share anything more than "insubstantial" snippets of published content, and Article 13, which would require that EU member countries implement the kind of automated copyright filters that have been a chaotic mess here in the States. Other problematic measures were passed as well, including Article 12a, which prohibits sports fans from posting their own photos or videos of sporting events online, while stating that only event "organizers" have the right to do so.

That said, all hope is not lost. While some variant of Article 11 and Article 13 is likely be approved next spring, public pressure could force inclusion of additional safeguards for end users, Member of the European Parliament Julia Reda told me in an email. "While the overall bill was adopted with a comfortable majority, the outcome was more narrow for the two controversial articles (366:297 and 393:279)," Reda said. "Since the final vote will be close to the next European elections, that leaves open a small chance that massive public protest against these provisions may still convince MEPs to kill the entire bill." If passed, individual EU countries will be able to interpret the Directive as they see fit, though Reda believes they will likely steer toward stricter interpretation. "The real hope for repeal in my opinion is in the courts," author and activist Cory Doctorow said. "There's simply no way this passes EU Constitutional muster -- it's generalized filtering and mass surveillance by another name. The fact that they claim to be looking for 'infringement' doesn't change that."

Longtime Slashdot reader Lauren Weinstein adds: [...] These articles now enter a period of negotiation with EU member states, and then are subject to final votes next year, probably in the spring. So now's the time for the rest of the world to show Europe some special "tough love" -- to help them understand what their Internet island universe will look like if these terrible articles are ever actually implemented.
UPDATE: The Electronic Frontier Foundation issued a report slamming the proposal, offering a number of ways people can fight back.

Websites dedicated to "stream ripping" music from YouTube represent the biggest threat to the global music business, UK news outlet The Independent reported this week, citing industry figures, who added that that these shady sites are also posing business threat to "fantastic range" of legal streaming services such as Spotify and Apple Music. The report describes the nature of the issue: Sites that allow YouTube videos to be converted into an MP3 file and illegally downloaded to someone's phone or computer are attracting millions of visitors, with estimates suggesting that a third of 16-24-year-olds in the UK have ripped music from the Google-owned platform. Other platforms affected by the illegal ripping sites include DailyMotion, SoundCloud and Vimeo, however YouTube is by far the most pirated. The results of a crackdown that began in 2016 are beginning to be seen, thanks to a coordinated effort by organizations representing record companies in the US and the UK. Earlier this week, stream ripping website MP3Fiber was forced to shut down following legal pressure. However, dozens of sites offering similar services still remain active and are easily accessible through Google, whose search engine provides more than 100 million results for the term "YouTube MP3 converter." The Electronic Frontier Foundation (EFF) said that even referring to the aforementioned questionable websites as "stream ripping" sites is misstating copyright law. "There exists a vast and growing volume of online video that is licensed for free downloading and modification, or contains audio tracks that are not subject to copyright," the EFF told the US Office of the United States Trade Representative last year. "Moreover, many audio extractions qualify as non-infringing fair uses under copyright. Providing a service that is capable of extracting audio tracks for these lawful purposes is itself lawful, even if some users infringe."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Last month, Gmail's big redesign became default for everyone, changing up the aesthetic appearance of the email service and introducing several new features. One of the key features, Confidential Mode, lets you add an "expiration date" and passcode to emails either in the web interface or via SMS, but not everyone is so trusting of its ability to keep your private data secure. "Recipients of these confidential emails won't be able to copy, paste, download, print or forward the message, and attachments will be disabled," notes Engadget.

The Electronic Frontier Foundation (EFF) doesn't think this new mode is secure at all. It's not encrypted end-to-end, so Google could read your messages in transit, and the expiring messages do not disappear from your Sent mail, which means they are retrievable. What's more is that if you use an SMS passcode, you might need to give Google your recipient's phone number. Because of these reasons, Slashdot reader shanen doesn't believe the new feature goes far enough to secure your data. They write: [M]y initial reaction is that I now need a new feature for Gmail. I want an option to reject incoming email from any person who wants to use confidential mode to communicate with me. Whatever conspiracy you are trying to hide, I'm not interested. So can anyone convince me you have a legitimate need for confidential mode? The main features I still want are completely different. Easiest one to describe would be future delivery of email, preferably combined with a tickler system.

According to a report from the Sacramento Bee, officials in Sacramento County have been accessing license plate reader data to track welfare recipients suspected of fraud. The practice dates back to 2016. Gizmodo reports: Sacramento County Department of Human Assistance Director Ann Edwards confirmed to the paper that welfare fraud investigators working under the DHA have used the data for two years on a "case-by-case" basis. Edwards said the DHA pays about $5,000 annually for access to the database. Abbreviated LPR, license plate readers are essentially cameras that upload photographs to a searchable database of images of license plates. If a driver passed by an LPR four times throughout a city, an officer with access would know where and at what time of day. Anyone with access to that data could use it track where someone drove and when, provided they were scanned by the LPR.

It's not immediately clear how travel patterns might reveal welfare fraud. As noted by the Electronic Frontier Foundation, welfare fraud is statistically speaking, extremely rare. In 2012, the DHA found only 500 cases of fraud among Sacramento's 193,000 recipients. Following an inquiry from the EFF, the DHA has instituted a privacy policy (one that didn't exist before their initial inquiry) requiring investigators to justify each request for LPR data. The Sacramento Bee reports the DHA accessed the data over a thousand times in two years.

An anonymous reader quotes a report from the Electronic Frontier Foundation: The latest country to consider a website blocking proposal is Japan, and EFF has responded to the call for comment by sharing all the reasons that cutting off websites is a terrible solution for copyright violations. In response to infringement of copyrighted material, specifically citing a concern for manga, the government of Japan began work on a proposal that would make certain websites inaccessible in Japan. In response to Japan's proposal, EFF explained that website blocking is not effective at the stated goal of protecting artists and their work. First, it can be easily circumvented. Second, it ends up capturing a lot of lawful expression. Blocking an entire website does not distinguish between legal and illegal content, punishing both equally. According to numerous studies, the best answer to the problem of online infringement is providing easy, lawful alternatives. Doing this also has the benefit of not penalizing legitimate expression the way blocking does. According to The Japan Times, the "emergency measure" would "encourage [ISPs] to restrict access to such 'malicious' websites 'on a voluntary basis' in order to protect the nation's famed manga and anime industries from free-riders."

Presto Vivace shares a report from The Week with the caption, "And they wonder why some of us prefer to shop online." From the report: Surveillance systems at more than 46 malls in California are capturing license plate information that is fed to Immigration and Customs Enforcement, the Electronic Frontier Foundation reported Tuesday. One company, Irvine Company Retail Properties, operates malls all over the state using a security network called Vigilant Solutions. Vigilant shares data with hundreds of law enforcement agencies, insurance companies, and debt collectors -- including ICE, which signed a contract with the security company earlier this year, reports The Verge. "[Irvine Company] is putting not only immigrants at risk, but invading the privacy of its customers by allowing a third-party to hold onto their data indefinitely," EFF wrote in its report, urging the chain of malls to stop providing information to ICE.

schwit1 quotes a report from the Electronic Frontier Foundation: We are asking a court to declare the Allow States and Victims to Fight Online Sex Trafficking Act of 2017 ("FOSTA") unconstitutional and prevent it from being enforced. The law was written so poorly that it actually criminalizes a substantial amount of protected speech and, according to experts, actually hinders efforts to prosecute sex traffickers and aid victims. In our lawsuit, two human rights organizations, an individual advocate for sex workers, a certified non-sexual massage therapist, and the Internet Archive, are challenging the law as an unconstitutional violation of the First and Fifth Amendments. Although the law was passed by Congress for the worthy purpose of fighting sex trafficking, its broad language makes criminal of those who advocate for and provide resources to adult, consensual sex workers and actually hinders efforts to prosecute sex traffickers and aid victims. The EFF goes on to cite some examples of how FOSTA has already censored the internet. Most notably, two days after FOSTA was passed in the Senate, "Craigslist eliminated its Personals section, including non-sexual subcategories such as 'Missed Connections' and 'Strictly Platonic,'" reports the EFF. Reddit even removed some of its subreddits out of fear of future lawsuits.

Mark Wilson writes: When it comes to messaging tools, people have started to show greater interest in whether encryption is used for security, and the same for websites -- but not so much with email. Thanks to the work of the Electronic Frontier Foundation, however, email security is being placed at the top of the agenda. The privacy group today announces STARTTLS Everywhere, its new initiative to improve the security of the email ecosystem. STARTTLS is an addition to SMTP, and while it does not add end-to-end encryption, it does provide hop-to-hop encryption, which is very much a step in the right direction. In a blog post, EFF elaborates SMARTTLS for the uninitiated, and outlines how it worked around some of the tech's underlying challenges: There are two primary security models for email transmission: end-to-end, and hop-to-hop. Solutions like PGP and S/MIME were developed as end-to-end solutions for encrypted email, which ensure that only the intended recipient can decrypt and read a particular message. Unlike PGP and S/MIME, STARTTLS provides hop-to-hop encryption (TLS for email), not end-to-end. Without requiring configuration on the end-user's part, a mailserver with STARTTLS support can protect email from passive network eavesdroppers. For instance, network observers gobbling up worldwide information from Internet backbone access points (like the NSA or other governments) won't be able to see the contents of messages, and will need more targeted, low-volume methods. In addition, if you are using PGP or S/MIME to encrypt your emails, STARTTLS prevents metadata leakage (like the "Subject" line, which is often not encrypted by either standard) and can negotiate forward secrecy for your emails.

A large group of Internet pioneers have sent an open letter to the European Union urging it to scrap a proposal to introduce automated upload filters, arguing that it could damage the internet as we know it. The Register: The European Parliament's Legal Affairs (Juri) Committee will vote on the proposal contained in Article 13 of the Copyright in the Digital Single Market Directive next week. The proposal would see all companies that "store and provide to the public access to large amounts of works" obliged to "prevent the availability... of works... identified by rightholders." Despite the inclusion of language that says such measures need to be "appropriate and proportionate," it has caused many to worry that the law will lead to a requirement for all platforms to introduce automated content filtering, and shift liability for any copyrighted material that appears online from the user that posts it to the platform itself.

"By inverting this liability model and essentially making platforms directly responsible for ensuring the legality of content in the first instance, the business models and investments of platforms large and small will be impacted," warns the letter [PDF] signed by "Father of the Internet" Vint Cerf, world world web inventor Tim Berners-Lee, as well a host of other internet luminaries including Wikipedia's Jimmy Wales, security expert Bruce Schneier and net neutrality namer Tim Wu.

"Because it apparently isn't bad enough already, Congress is looking to extend the copyright term to 144 years," writes Slashdot reader llamalad. "Please write to your representatives and consider donating to the EFF." American attorney Lawrence Lessig writes via Wired: Almost exactly 20 years ago, Congress passed the Sonny Bono Copyright Term Extension Act, which extended the term of existing copyrights by 20 years. The Act was the 11th extension in the prior 40 years, timed perfectly to assure that certain famous works, including Mickey Mouse, would not pass into the public domain. Immediately after the law came into force, a digital publisher of public domain works, Eric Eldred, filed a lawsuit challenging the act [which the Supreme Court later rejected].

Twenty years later, the fight for term extension has begun anew. Buried in an otherwise harmless act, passed by the House and now being considered in the Senate, this new bill purports to create a new digital performance right -- basically the right to control copies of recordings on any digital platform (ever hear of the internet?) -- for musical recordings made before 1972. These recordings would now have a new right, protected until 2067, which, for some, means a total term of protection of 144 years. The beneficiaries of this monopoly need do nothing to get the benefit of this gift. They don't have to make the work available. Nor do they have to register their claims in advance.

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. From a report: EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages. The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific).

In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication. Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email. Further reading: People Are Freaking Out That PGP Is 'Broken' -- But You Shouldn't Be Using It Anyway (Motherboard).

On Thursday, a federal appeals court ruled that U.S. border agents need some sort of reason to believe a traveler has committed a crime before searching their cellphone. Slashdot reader Wrath0fb0b shares an analysis via Reason, written by Fourth Amendment scholar Orin Kerr: Traditionally, searches at the border don't require any suspicion on the theory that the government has a strong sovereign interest in regulating what enters and exits the country. But there is caselaw indicating that some border searches are so invasive that they do require some kind of suspicion. In the new case, Kolsuz (PDF), the Fourth Circuit agrees with the Ninth Circuit that at least some suspicion is required for a forensic search of a cell phone seized at the border. This is important for three reasons. First, the Fourth Circuit requires suspicion for forensic searches of cell phones seized at the border. Second, it clarifies significantly the forensic/manual distinction, which has always been pretty uncertain to me. Third, it leaves open that some suspicion may be required for manual searches, too.

But wait, that's not all. In fact, I don't think it's the most important part of the opinion. The most important part of the opinion comes in a different section, where the Fourth Circuit adds what seems to be a new and important limit on the border search exception: a case-by-case nexus requirement to the government interests that justify the border search exception. Maybe I'm misreading this passage, but it strikes me as doing something quite new and significant. It scrutinizes the border search that occurred to see if the government's cause for searching in this particular case satisfied "a 'nexus' requirement" of showing sufficient connection between the search and "the rationale for the border search exception," requiring a link between the "predicate for the search and the rationale for the border exception." In other words, the Fourth Circuit appears to be requiring the government to identify the border-search-related interest justifying that particular search in order to rely on the border search exception. "The analysis is interesting throughout, and it would be a fairly large limitation on digital searches conducted at the border, both in requiring some articulable suspicion for digital searches and in the requirement to justify the relationship between the search and the border inspection," writes Wrath0fb0b.

lod123 shares a report from Threatpost: As Georgia Governor Nathan Deal considers whether to sign a controversial piece of legislation that would allow companies to 'hack back' with offensive initiatives in the face of a cyberattack, companies from across the tech spectrum are lining up to protest the measure. Also, a hacktivist group has targeted Georgia Southern University, two restaurants and a church to protest the bill. Opponents have twin beefs when it comes to Senate Bill 315: Some are questioning whether legitimizing offensive attacks will open the door to a new kind of corporate warfare; and others are concerned that the law will have a chilling effect on cyber-research by criminalizing white-hat activity like vulnerability research and pen-testing.

Google and Microsoft are in the former camp, and have asked Deal to veto the bill, which was passed by the Georgia General Assembly in March and which is nearing its deadline for signing into law. The two giants take issue with a provision in the bill that allows "active defense measures that are designed to prevent or detect unauthorized computer access." In a letter to the governor, the two argued that S.B. 315 "will make Georgia a laboratory for offensive cybersecurity practices that may have unintended consequences and that have not been authorized in other jurisdictions," and that "provisions such as this could easily lead to abuse and be deployed for anti-competitive, not protective purposes." They added: "On its face, this provision broadly authorizes the hacking of other networks and systems under the undefined guise of cybersecurity... [B]efore Georgia endorses the 'hack back' authority in 'defense' or even anticipation of a potential attack with no statutory criteria, it should have a much more thorough understanding of the ramifications of such a policy." Tripwire also filed a letter with the governor's office: "[A]ccording to the wording of S.B. 315, well-intentioned ('white-hat') researchers could be subject to civil or criminal prosecution when following industry best practices in investigating a website for protection from a potential cyber-attack. It is our firm belief that an explicit exception is required to exclude prosecution when the party in question is acting in good-faith to protect a business or their customers from attack. Without this exclusion, S.B. 315 will discourage good actors from reporting vulnerabilities and ultimately increase the likelihood that adversaries will find and exploit the underlying weaknesses."

Remember that popular browser extension that let you sync your bookmarks on multiple devices? Launched in 2006 by Foxmarks (a company created by EFF co-founder Mitch Kapor), it was saved from death in 2010 when it was acquired by the password-management service LastPass. But now BetaNews reports: If you're a user of Xmarks, there's some bad news for you -- the service is closing down... The bookmark syncing tool, which is available as an addon for Chrome, Firefox, Internet Explorer and Safari, is to be shuttered on May 1... Emails have also been sent out to registered users notifying them of the impending closure.

"On May 1, 2018, we will be shutting down Xmarks... After this date, your bookmarks should remain available in any previously accessed browser, but they will no longer sync and your Xmarks account will be deactivated... After careful consideration and evaluation, we have decided to discontinue the Xmarks solution so that we can continue to focus on offering the best possible password vaulting to our community."
It was apparently especially popular with long-time Slashdot reader vm, who writes "I have held on to my Xmarks account over the years because I can always get to them despite changes in operating systems, browsers, employers, etc.

"What do other folks use that may also have a mobile option?"

An anonymous reader quotes a report from the Electronic Frontier Foundation: Facebook took a step toward greater accountability this week, expanding the text of its community standards and announcing the rollout of a new system of appeals. Digital rights advocates have been pushing the company to be more transparent for nearly a decade, and many welcomed the announcements as a positive move for the social media giant. The changes are certainly a step in the right direction. Over the past year, following a series of controversial decisions about user expression, the company has begun to offer more transparency around its content policies and moderation practices, such as the "Hard Questions" series of blog posts offering insight into how the company makes decisions about different types of speech.

The expanded community standards released on Tuesday offer a much greater level of detail of what's verboten and why. Broken down into six overarching categories -- violence and criminal behavior, safety, objectionable content, integrity and authenticity, respecting intellectual property, and content-related requests -- each section comes with a "policy rationale" and bulleted lists of "do not post" items. Facebook's other announcement -- that of expanded appeals -- has received less media attention, but for many users, it's a vital development. In the platform's early days, content moderation decisions were final and could not be appealed. Then, in 2011, Facebook instituted a process through which users whose accounts had been suspended could apply to regain access. That process remained in place until this week.

The new version of Firefox 11.0 for iOS turns on tracking protection by default, lets you reorder your tabs, and adds a handful of iPad-specific features. The latest version is currently available via Apple's App Store. VentureBeat details the new features: Tracking protection means Firefox blocks website elements (ads, analytics trackers, and social share buttons) that could track you while you're surfing the web. It's almost like a built-in ad blocker, though it's really closer to browser add-ons like Ghostery and Privacy Badger because ads that don't track you are allowed through. The feature's blocking list, which is based on the tracking protection rules laid out by the anti-tracking startup Disconnect, is published under the General Public License and available on GitHub. The feature is great for privacy, but it also improves performance. Content loads faster for many websites, which translates into less data usage and better battery life. If tracking protection doesn't work well on a given site, just turn it off there and Firefox for iOS should remember your preference.

Tracking protection aside, iOS users can now reorder their tabs. Organizing your tabs is very straightforward: Long-press the specific tab and drag it either left or right. iPad users have gained two new features, as well. You can now share URLs by just dragging and dropping links to and from Firefox with any other iOS app. If you're in side-by-side view, just drag the link or tab into the other app. Otherwise, bring up the doc or app switcher, drag the link into the other app until it pulses, release the link, and the other app will open the link. Lastly, iPad users have gained a few more keyboard shorts, including the standard navigation keys from the desktop. There's also cursor navigation through the bookmarks and history results, an escape key in the URL bar, and easier tab tray navigation (try using the keyboard shortcut Command + Option + Tab to get to and from the tabs view).