Friday, June 23, 2017

OpenStack 06/23/2017 (p.m.)

  • Tags: surveillance state, CIA, malware, brutal-kangaroo, air-gapped-networks

    • WikiLeaks’ latest release in its Vault7 series details how the CIA’s alleged ‘Brutal Kangaroo’ program is being used to penetrate the most secure networks in the world.
    • Brutal Kangaroo, a tool suite for Microsoft Windows, targets closed air gapped networks by using thumb drives, according to WikiLeaks.

      Air gapping is a security measure employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks.

    • These networks are used by financial institutions, military and intelligence agencies, the nuclear power industry, as well as even some advanced news networks to protect sources, according to La Repubblica journalist Stefania Maurizi.

      READ MORE: ‘CIA’s Cherry Bomb’: WikiLeaks #Vault7 reveals wireless network targets

      These newly released documents show how closed networks not connected to the internet can be compromised by this malware. However, the tool only works on machines with a Windows operating system.

      Firstly, an internet-connected computer within the targeted organization is infected with the malware. When a user inserts a USB stick into this computer, the thumbdrive itself is infected with a separate malware.

      Once this is inserted into a single computer on the air gapped network the infection jumps – like a kangaroo – across the entire system, enabling sabotage and data theft.

      If multiple computers on the closed network are under CIA control, they “form a covert network to coordinate tasks and data exchange,” according to Wikileaks.

      Data can be returned to the CIA once again, although this does depend on someone connecting the USB used on the closed network computer to an online device.

    • While it may not appear to be the most efficient CIA project, it allows the intelligence agency to infiltrate otherwise unreachable networks.

      This method is comparable to the Stuxnet virus, a cyberweapon purportedly built by the US and Israel. Stuxnet is thought to have caused substantial damage to Iran's nuclear program in 2010.

      The CIA allegedly began developing the Brutal Kangaroo program in 2012 – two years after Stuxnet incident in Iran.

      The most recent of these files were to intended to remain secret until at least 2035. The documents released by WikiLeaks are dated February 2016, indicating that the scheme was likely being used until that point.


Posted from Diigo. The rest of Open Web group favorite links are here.

Saturday, June 10, 2017

OpenStack 06/10/2017 (p.m.)

  • Tags: surveillance state, NSA, 702, legislation

    • The White House and U.S. intelligence chiefs Wednesday backed making permanent a law that allows for the collection of digital communications of foreigners overseas, escalating a fight in Congress over privacy and security.

      The law, enshrined in Section 702 of the Foreign Intelligence Surveillance Act, is due to expire on December 31 unless Congress votes to reauthorize it, but is considered vital by U.S. intelligence agencies.

      Privacy advocates have criticized the law though for allowing the incidental collection of data belonging to millions of Americans without a search warrant.

      The push to make the law permanent may lead to a contentious debate over renewal of Section 702 in Congress, where lawmakers in both parties are deeply divided over whether to adopt transparency and oversight reforms

    • Reuters reported in March that the Trump administration supported renewal of Section 702 without any changes, citing an unnamed White House official, but it was not clear at the time whether it wanted the law made permanent.

Posted from Diigo. The rest of Open Web group favorite links are here.

Monday, June 05, 2017

OpenStack 06/05/2017 (p.m.)

  • Tags: open web, net-neutrality, FCC, regulations

    • Since taking office, President Donald Trump has wasted no time in proposing rollbacks to Obama-era federal regulations. So, it should come as no surprise that the Federal Communications Commission (FCC) voted last month to propose changes to current regulations on Internet service providers.

      Spearheaded by Ajit Pai — the Trump-appointed FCC chairman and former lawyer for Verizon — the 2-1 vote is the first step in dismantling the Open Internet Order. The lone FCC Democrat, Mignon Clyburn, was overruled by Pai and fellow commissioner Michael O’Reilly.

      The 2015 order classified broadband internet as a utility under Title II of the Communications Act of 1934. Opponents of the current state of net neutrality argue that the rules are archaic and place unnecessary — even harmful — restrictions on internet service providers (ISPs), leading to lack of innovation and investment.

      While it’s true that policies conceived in the 1930s could hardly anticipate the complexities of the modern Internet, a complete rollback of Title II protections would leave ISPs free to favor their own services and whichever company pays for upgraded service. Considering relaxed FEC rules on media ownership and lack of antitrust enforcement, some could argue that a rollback of net neutrality is even more toxic to innovation and affordable pricing.

      That is, fast lanes could be created for companies with deeper pockets, effectively giving them an advantage over companies and individuals who can’t pay extra. This approach effectively penalizes small businesses, nonprofits and innovative start-ups.

      Today’s Internet is so vast and so pervasive that it’s hard to grasp the impact that an abandonment of net neutrality would have on every aspect of our culture.

    • While the FCC’s proposed change will touch most Americans, net neutrality remains a mystifying concept to non-techies. To help our readers better understand the issue, we have compiled some videos that explain net neutrality and its importance.

      The FCC will be accepting comments from the public on their website until August 16, 2017.


Posted from Diigo. The rest of Open Web group favorite links are here.

Sunday, June 04, 2017

OpenStack 06/05/2017 (a.m.)

  • Tags: open web, net-neutrality, FCC, regulations

    • Since taking office, President Donald Trump has wasted no time in proposing rollbacks to Obama-era federal regulations. So, it should come as no surprise that the Federal Communications Commission (FCC) voted last month to propose changes to current regulations on Internet service providers.

      Spearheaded by Ajit Pai — the Trump-appointed FCC chairman and former lawyer for Verizon — the 2-1 vote is the first step in dismantling the Open Internet Order. The lone FCC Democrat, Mignon Clyburn, was overruled by Pai and fellow commissioner Michael O’Reilly.

      The 2015 order classified broadband internet as a utility under Title II of the Communications Act of 1934. Opponents of the current state of net neutrality argue that the rules are archaic and place unnecessary — even harmful — restrictions on internet service providers (ISPs), leading to lack of innovation and investment.

      While it’s true that policies conceived in the 1930s could hardly anticipate the complexities of the modern Internet, a complete rollback of Title II protections would leave ISPs free to favor their own services and whichever company pays for upgraded service. Considering relaxed FEC rules on media ownership and lack of antitrust enforcement, some could argue that a rollback of net neutrality is even more toxic to innovation and affordable pricing.

      That is, fast lanes could be created for companies with deeper pockets, effectively giving them an advantage over companies and individuals who can’t pay extra. This approach effectively penalizes small businesses, nonprofits and innovative start-ups.

      Today’s Internet is so vast and so pervasive that it’s hard to grasp the impact that an abandonment of net neutrality would have on every aspect of our culture.

    • While the FCC’s proposed change will touch most Americans, net neutrality remains a mystifying concept to non-techies. To help our readers better understand the issue, we have compiled some videos that explain net neutrality and its importance.

      The FCC will be accepting comments from the public on their website until August 16, 2017.


Posted from Diigo. The rest of Open Web group favorite links are here.

Friday, May 19, 2017

OpenStack 05/20/2017 (a.m.)

  • Tags: Internet, net-neutrality, FCC, rulemaking

    • The Federal Communications Commission (FCC) under President Donald Trump on Thursday afternoon voted to begin slashing regulations protecting a free and open internet.

      The decision (pdf) ran along party lines, with the FCC’s two Republican members voting to dismantle net neutrality. Mignon Clyburn, the Commission’s Democratic member, was the sole dissenting vote.

      “While the majority engages in flowery rhetoric about light-touch regulation and so on, the endgame appears to be no-touch regulation and a wholesale destruction of the FCC’s public interest authority in the 21st century,” Clyburn wrote in her dissent, according to The Hill.


Posted from Diigo. The rest of Open Web group favorite links are here.

Saturday, May 06, 2017

OpenStack 05/07/2017 (a.m.)

  • Tags: privacy rights, Internet, user-data, Congress, fight-back

    • Billboards targeting legislators who voted to end online privacy measures earlier this year have gone up in key districts, as promised by activists.

      Digital rights group Fight for the Future vowed to put up the ads against Reps. Marsha Blackburn (R-Tenn.) and John Rutherford (R-Fla.), Sens. Jeff Flake (R-Ariz.) and Dean Heller (R-Nev.), as well as other lawmakers after they voted in favor of a resolution, introduced by Flake, that overturned federal rules preventing broadband providers from selling user data to third parties without consent.

      Blackburn, Rutherford, Flake, and Heller took large contributions from the telecommunications industry before supporting the resolution, Fight for the Future said. The billboards—paid for through a crowdfunded campaign—encourage viewers to contact the lawmakers’ offices and ask why they voted against their constituents’ privacy rights.

    • Flake’s resolution was introduced under the Congressional Review Act (CRA), which gives lawmakers the authority to overturn recently-introduced agency rules with a simple majority. The Federal Communications Commission (FCC) implemented the data-sharing ban in October.

      Once a rule is repealed under the CRA, an agency cannot reintroduce it without specific authorization by a new law.


Posted from Diigo. The rest of Open Web group favorite links are here.

Friday, May 05, 2017

OpenStack 05/06/2017 (a.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

Wednesday, April 19, 2017

OpenStack 04/20/2017 (a.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

Monday, April 17, 2017

OpenStack 04/18/2017 (a.m.)

  • Tags: surveillance state, CIA, hacking-tools, Windows, Wikileaks, Vault7

    • WikiLeaks has published what it says is another batch of secret hacking manuals belonging to the US Central Intelligence Agency as part of its Vault7 series of leaks. The site is billing Vault7 as the largest publication of intelligence documents ever.

      Friday's installment includes 27 documents related to "Grasshopper," the codename for a set of software tools used to build customized malware for Windows-based computers. The Grasshopper framework provides building blocks that can be combined in unique ways to suit the requirements of a given surveillance or intelligence operation. The documents are likely to be of interest to potential CIA targets looking for signatures and other signs indicating their Windows systems were hacked. The leak will also prove useful to competing malware developers who want to learn new techniques and best practices.

      "Grasshopper is a software tool used to build custom installers for target computers running Microsoft Windows operating system," one user guide explained. "An operator uses the Grasshopper builder to construct a custom installation executable."

  • Tags: surveillance state, NSA, Shadow-Brokers, hacking-tools, leaks

    • The elusive Shadow Brokers didn't have much luck selling the NSA's hacking tools, so they're giving more of the software away -- to everyone. In a Medium post, the mysterious team supplied the password for an encrypted file containing many of the Equation Group surveillance tools swiped back in 2016. Supposedly, the group posted the content in "protest" at President Trump turning his back on the people who voted for him. The leaked data appears to check out, according to researchers, but some of it is a couple of decades old and focused on platforms like Linux.

      If anything, the leak might backfire. Edward Snowden notes that while the leak is "nowhere near" representing the NSA's complete tool set, there's enough that the NSA should "instantly identify" where and how the kit leaked. This doesn't mean the Shadow Brokers themselves are about to face capture. However, this may give the agency info it needs to both connect the dots (how much of a role did NSA contractor Harold Thomas Martin III play in the online leak, for instance?) and prevent a repeat incident.

      Does this open a can of worms? It's hard to say -- researchers are still combing over the data. If there are any hacks that can be made useful, though, this could be problematic for server operators worried about cybercrime. If nothing else, it shows that the Shadow Brokers didn't reveal their full hand.


Posted from Diigo. The rest of Open Web group favorite links are here.

Tuesday, April 11, 2017

OpenStack 04/12/2017 (a.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

OpenStack 04/11/2017 (p.m.)

  • Tags: Russia, internet, censorship, anonymity

    • Russian lawmaker Vitaly Milonov, on Monday, proposed a bill aimed to ban children under the age of 14 from social media. Although the bill is touted under the banner of child protection, it also aims to introduce the mandatory submission of passport data. In January Russia introduced semi-fascist regulations to severely curb the rights of bloggers and independent media.
    • Vitaly Milnov, generally known for being ultra-conservative, introduced the controversial bill on Monday. Touting the bill under the banner of wanting to protect children and limit their access to social media the bill has far deeper implications. Parents could very well self-regulate their children’s access to social media.

      The bill, however, implies that it would become mandatory for social media users to submit their passport data. Moreover, the bill also proposes that the use of pseudonyms will be banned. The proposed legislation also aims to introducing strict rules, requiring two-party consent before the publication of screenshots of online correspondence.

      The bill reads, among others: “Social networks create a special virtual world where a person spends significant part of their life, contacting other people and essentially doing everything that they would do in real world. This world can’t be left unregulated by law. Especially now, when growing number of users are falling victim to different types of fraud.”

      Even though Milonov is generally viewed as ultra-conservative, there are about 62 percent of Russians who according to polls support the ban of social networks for children while 39 percent supported using passport data to create an online account, a poll by the state-funded pollster VTsIOM revealed Monday.

    • Social media has come under intense scrutiny in Russia in recent months. Disturbingly, there are very few Russians who have received independent information about the not so overtly advertised implications of this scrutiny, of the proposed bill, and of plans to create a “Russian internet” to filter “unwanted foreign content. Russia also cracks down on independent bloggers and journalists.

      On January 1, 2016 the Russian Federation implemented amendments to laws that further censor the internet and potentially independent media. These laws are being sold under the guise of empowering internet users and the right to protect personal information. The amendments follow legislation from 2014 that infringed on the rights of bloggers.


Posted from Diigo. The rest of Open Web group favorite links are here.

Saturday, April 01, 2017

OpenStack 04/01/2017 (p.m.)

  • But it was the Russians who hacked the 2016 U.S. election. Really.

    Tags: surveillance-state, cyberwar, CIA, Marble, malware-obfuscator

    • Today, March 31st 2017, WikiLeaks releases Vault 7 "Marble" -- 676 source code files for the CIA's secret anti-forensic Marble Framework. Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

      Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivallent of a specalized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA.

      Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code. It is "[D]esigned to allow for flexible and easy-to-use obfuscation" as "string obfuscation algorithms (especially those that are unique) are often used to link malware to a specific developer or development shop."

      The Marble source code also includes a deobfuscator to reverse CIA text obfuscation. Combined with the revealed obfuscation techniques, a pattern or signature emerges which can assist forensic investigators attribute previous hacking attacks and viruses to the CIA. Marble was in use at the CIA during 2016. It reached 1.0 in 2015.

    • The source code shows that Marble has test examples not just in English but also in Chinese, Russian, Korean, Arabic and Farsi. This would permit a forensic attribution double game, for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion, --- but there are other possibilities, such as hiding fake error messages.

      The Marble Framework is used for obfuscation only and does not contain any vulnerabilties or exploits by itself.


Posted from Diigo. The rest of Open Web group favorite links are here.

Thursday, March 23, 2017

OpenStack 03/24/2017 (a.m.)

  • Tags: surveillance state, CIA, -malware, Vault, 7, Wikileaks, iPhone, OSX

    • The latest leaks from WikiLeaks' Vault 7 is titled “Dark Matter” and claims that the CIA has been bugging “factory fresh” iPhones since at least 2008 through suppliers.
    • And here is the full press release from WikiLeaks:

      Today, March 23rd 2017, WikiLeaks releases Vault 7 "Dark Matter", which contains documentation for several CIA projects that infect Apple Mac Computer firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA's Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain 'persistence' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware.

       

      Among others, these documents reveal the "Sonic Screwdriver" project which, as explained by the CIA, is a "mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting" allowing an attacker to boot its attack software for example from a USB stick "even when a firmware password is enabled". The CIA's "Sonic Screwdriver" infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

       

      "DarkSeaSkies" is "an implant that persists in the EFI firmware of an Apple MacBook Air computer" and consists of "DarkMatter", "SeaPea" and "NightSkies", respectively EFI, kernel-space and user-space implants.

       

      Documents on the "Triton" MacOSX malware, its infector "Dark Mallet" and its EFI-persistent version "DerStake" are also included in this release. While the DerStake1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0.

       

      Also included in this release is the manual for the CIA's "NightSkies 1.2" a "beacon/loader/implant tool" for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008.

       

      While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization's supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.


Posted from Diigo. The rest of Open Web group favorite links are here.

Thursday, March 16, 2017

OpenStack 03/16/2017 (p.m.)

  • Tags: surveillance state, NSA, spying-on-Americans, Trump, Obama

    • On Sunday’s Face the Nation, Sen. Rand Paul was asked about President Trump’s accusation that President Obama ordered the NSA to wiretap his calls. The Kentucky senator expressed skepticism about the mechanics of Trump’s specific charge, saying: “I doubt that Trump was a target directly of any kind of eavesdropping.” But he then made a broader and more crucial point about how the U.S. government spies on Americans’ communications — a point that is deliberately obscured and concealed by U.S. government defenders.

      Paul explained how the NSA routinely and deliberately spies on Americans’ communications — listens to their calls and reads their emails — without a judicial warrant of any kind:

      The way it works is, the FISA court, through Section 702, wiretaps foreigners and then [NSA] listens to Americans. It is a backdoor search of Americans. And because they have so much data, they can tap — type Donald Trump into their vast resources of people they are tapping overseas, and they get all of his phone calls.

      And so they did this to President Obama. They — 1,227 times eavesdrops on President Obama’s phone calls. Then they mask him. But here is the problem. And General Hayden said this the other day. He said even low-level employees can unmask the caller. That is probably what happened to Flynn.

      They are not targeting Americans. They are targeting foreigners. But they are doing it purposefully to get to Americans.

    • Paul’s explanation is absolutely correct. That the NSA is empowered to spy on Americans’ communications without a warrant — in direct contravention of the core Fourth Amendment guarantee that “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause” — is the dirty little secret of the U.S. Surveillance State.

      As I documented at the height of the controversy over the Snowden reporting, top government officials — including President Obama — constantly deceived (and still deceive) the public by falsely telling them that their communications cannot be monitored without a warrant. Responding to the furor created over the first set of Snowden reports about domestic spying, Obama sought to reassure Americans by telling Charlie Rose: “What I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls … by law and by rule, and unless they … go to a court, and obtain a warrant, and seek probable cause.”

      The right-wing chairman of the House Intelligence Committee at the time, GOP Rep. Mike Rogers, echoed Obama, telling CNN the NSA “is not listening to Americans’ phone calls. If it did, it is illegal. It is breaking the law.”

      Those statements are categorically false. A key purpose of the new 2008 FISA law — which then-Senator Obama voted for during the 2008 general election after breaking his primary-race promise to filibuster it — was to legalize the once-controversial Bush/Cheney warrantless eavesdropping program, which the New York Times won a Pulitzer Prize for exposing in 2005. The crux of the Bush/Cheney controversy was that they ordered NSA to listen to Americans’ international telephone calls without warrants — which was illegal at the time — and the 2008 law purported to make that type of domestic warrantless spying legal.


Posted from Diigo. The rest of Open Web group favorite links are here.

Tuesday, February 28, 2017

OpenStack 03/01/2017 (a.m.)

  • Tags: Mozilla, acquisitions, Pocket

    • e are excited to announce that the Mozilla Corporation has completed the acquisition of Read It Later, Inc. the developers of Pocket.

      Mozilla is growing, experimenting more, and doubling down on our mission to keep the internet healthy, as a global public resource that’s open and accessible to all. As our first strategic acquisition, Pocket contributes to our strategy by growing our mobile presence and providing people everywhere with powerful tools to discover and access high quality web content, on their terms, independent of platform or content silo.

      Pocket will join Mozilla’s product portfolio as a new product line alongside the Firefox web browsers with a focus on promoting the discovery and accessibility of high quality web content. (Here’s a link to their blog post on the acquisition).  Pocket’s core team and technology will also accelerate Mozilla’s broader Context Graph initiative.

    • “We believe that the discovery and accessibility of high quality web content is key to keeping the internet healthy by fighting against the rising tide of centralization and walled gardens. Pocket provides people with the tools they need to engage with and share content on their own terms, independent of hardware platform or content silo, for a safer, more empowered and independent online experience.” – Chris Beard, Mozilla CEO

      Pocket brings to Mozilla a successful human-powered content recommendation system with 10 million unique monthly active users on iOS, Android and the Web, and with more than 3 billion pieces of content saved to date.

      In working closely with Pocket over the last year around the integration within Firefox, we developed a shared vision and belief in the opportunity to do more together that has led to Pocket joining Mozilla today.

      “We’ve really enjoyed partnering with Mozilla over the past year. We look forward to working more closely together to support the ongoing growth of Pocket and to create great new products that people love in support of our shared mission.” – Nate Weiner, Pocket CEO

      As a result of this strategic acquisition, Pocket will become a wholly owned subsidiary of Mozilla Corporation and will become part of the Mozilla open source project.


Posted from Diigo. The rest of Open Web group favorite links are here.

Friday, February 24, 2017

OpenStack 02/25/2017 (a.m.)

  • HTTPS connections don't work for you if you don't use them. If you're not using HTTPS Everywhere in your browser, you should be; it's your privacy that is at stake. And every encrypted communication you make adds to the backlog of encrypted data that NSA and other internet voyeurs must process as encrypted traffic; because cracking encrypted messages is computer resource intensive, the voyeurs do not have the resources to crack more than a tiny fraction. HTTPS is a free extension for Firefox, Chrome, and Opera. You can get it here. https://www.eff.org/HTTPS-everywhere

    Tags: Internet, encryption, https, adoption

    • The movement to encrypt the web has reached a milestone. As of earlier this month, approximately half of Internet traffic is now protected by HTTPS. In other words, we are halfway to a web safer from the eavesdropping, content hijacking, cookie stealing, and censorship that HTTPS can protect against.

      Mozilla recently reported that the average volume of encrypted web traffic on Firefox now surpasses the average unencrypted volume

    • Google Chrome’s figures on HTTPS usage are consistent with that finding, showing that over 50% of of all pages loaded are protected by HTTPS across different operating systems.
    • This milestone is a combination of HTTPS implementation victories: from tech giants and large content providers, from small websites, and from users themselves.
    • Starting in 2010, EFF members have pushed tech companies to follow crypto best practices. We applauded when Facebook and Twitter implemented HTTPS by default, and when Wikipedia and several other popular sites later followed suit. Google has also put pressure on the tech community by using HTTPS as a signal in search ranking algorithms and, starting this year, showing security warnings in Chrome when users load HTTP sites that request passwords or credit card numbers.

      EFF’s Encrypt the Web Report also played a big role in tracking and encouraging specific practices. Recently other organizations have followed suit with more sophisticated tracking projects. For example, Secure the News and Pulse track HTTPS progress among news media sites and U.S. government sites, respectively.

    • But securing large, popular websites is only one part of a much bigger battle. Encrypting the entire web requires HTTPS implementation to be accessible to independent, smaller websites. Let’s Encrypt and Certbot have changed the game here, making what was once an expensive, technically demanding process into an easy and affordable task for webmasters across a range of resource and skill levels.

      Let’s Encrypt is a Certificate Authority (CA) run by the Internet Security Research Group (ISRG) and founded by EFF, Mozilla, and the University of Michigan, with Cisco and Akamai as founding sponsors. As a CA, Let’s Encrypt issues and maintains digital certificates that help web users and their browsers know they’re actually talking to the site they intended to. CAs are crucial to secure, HTTPS-encrypted communication, as these certificates verify the association between an HTTPS site and a cryptographic public key. Through EFF’s Certbot tool, webmasters can get a free certificate from Let’s Encrypt and automatically configure their server to use it.

      Since we announced that Let’s Encrypt was the web’s largest certificate authority last October, it has exploded from 12 million certs to over 28 million. Most of Let’s Encrypt’s growth has come from giving previously unencrypted sites their first-ever certificates.

      A large share of these leaps in HTTPS adoption are also thanks to major hosting companies and platforms--like WordPress.com, Squarespace, and dozens of others--integrating Let’s Encrypt and providing HTTPS to their users and customers.

    • Unfortunately, you can only use HTTPS on websites that support it--and about half of all web traffic is still with sites that don’t. However, when sites partially support HTTPS, users can step in with the HTTPS Everywhere browser extension.

      A collaboration between EFF and the Tor Project, HTTPS Everywhere makes your browser use HTTPS wherever possible. Some websites offer inconsistent support for HTTPS, use unencrypted HTTP as a default, or link from secure HTTPS pages to unencrypted HTTP pages. HTTPS Everywhere fixes these problems by rewriting requests to these sites to HTTPS, automatically activating encryption and HTTPS protection that might otherwise slip through the cracks.

    • Our goal is a universally encrypted web that makes a tool like HTTPS Everywhere redundant. Until then, we have more work to do. Protect your own browsing and websites with HTTPS Everywhere and Certbot, and spread the word to your friends, family, and colleagues to do the same. Together, we can encrypt the entire web.

Posted from Diigo. The rest of Open Web group favorite links are here.

Monday, February 13, 2017

OpenStack 02/14/2017 (a.m.)

  • One of the bravest patriots in U.S. history, forced to live abroad. Ain't that life?

    Tags: surveillance state, Snowden, extradition

    • Amid reports that Moscow is considering handing over NSA whistleblower Edward Snowden as a “gift” to U.S. President Donald Trump, a Russian government spokesperson said Monday that the Kremlin and the White House have not discussed the matter, Russia’s state TASS agency reported.

      “No, this issue (Snowden’s fate) was not raised,” presidential spokesperson Dmitry Peskov told reporters Monday, adding that Russian officials have not taken a position on whether Snowden should be extradited to the U.S. or granted Russian citizenship.

      “The issue was not raised (during the Russian-US contacts),” Peskov said. “At the moment it is not among bilateral issues.”

      The statement comes after Snowden — who has lived in Russia since 2013, first with one-year temporary asylum then a residence permit — revealed in recent days that he is “not afraid” of being handed over to the United States, where he faces espionage charges for his explosive 2013 leak of documents on secret U.S. mass surveillance programs.

    • However, Snowden also said in an interview with Yahoo News that talk of a possible trade between Moscow and Washington makes him feel “encouraged” because it vindicates him in the face of accusations that he has been a spy for Russia by laying bare the fact that he has always been independent and “worked on behalf of the United States.”

      “Finally: irrefutable evidence that I never cooperated with Russian intel,” he tweeted on Friday. “No country trades away spies, as the rest would fear they’re next.”

      In the U.S., Snowden faces charges of theft of government property and violation of the Espionage Act on two counts, which each carry a maximum sentence of 10 years.

    • “What I am proud of,” Snowden told Yahoo News, “is the fact that every decision that I have made I can defend.”

      Snowden is set to be eligible to apply for Russian citizenship next year, according to his lawyer. Last month, Moscow extended his residence permit, which is now valid until 2020.


Posted from Diigo. The rest of Open Web group favorite links are here.

Wednesday, January 25, 2017

OpenStack 01/25/2017 (p.m.)

  • Tags: Communications-Decency-Act, litigation, news-aggregators, EFF

    • EFF filed a brief in federal court arguing that a lower court’s ruling jeopardizes the online platforms that make the Internet a robust platform for users’ free speech.

      The brief, filed in the U.S. Court of Appeals for the Ninth Circuit, argues that 47 U.S.C. § 230, enacted as part of the Communications Decency Act (known simply as “Section 230”) broadly protects online platforms, including review websites, when they aggregate or otherwise edit users’ posts.

      Generally, Section 230 provides legal immunity for online intermediaries that host or republish speech by protecting them against a range of laws that might otherwise be used to hold them legally responsible for what others say and do.

      Section 230’s immunity directly led to the development of the platforms everyone uses today, allowing people to upload videos to their favorite platforms such as YouTube, as well as leave reviews on Amazon or Yelp. It also incentivizes the creation of new platforms that can host users’ content, leading to more innovation that enables the robust free speech found online.

      The lower court’s decision in Consumer Cellular v. ConsumerAffairs.com, however, threatens to undermine the broad protections of Section 230, EFF’s brief argues.

    • In the case, Consumer Cellular alleged, among other things, that ConsumerAffairs.com should be held liable for aggregating negative reviews about its business into a star rating. It also alleged that ConsumerAffairs.com edited or otherwise deleted certain reviews of Consumer Cellular in bad faith.

      Courts and the text of Section 230, however, plainly allow platforms to edit or aggregate user-generated content into summaries or star ratings without incurring legal liability, EFF’s brief argues. It goes on: “And any function protected by Section 230 remains so regardless of the publisher’s intent.”

      By allowing Consumer Cellular’s claims against ConsumerAffairs.com to proceed, the lower court seriously undercut Section 230’s legal immunity for online platforms. If the decision is allowed to stand, EFF’s brief argues, then platforms may take steps to further censor or otherwise restrict user content out of fear of being held liable.

      That outcome, EFF warns, could seriously diminish the Internet’s ability to serve as a diverse forum for free speech.

      The Internet it is constructed of and depends upon intermediaries. The many varied online intermediary platforms, including Twitter, Reddit, YouTube, and Instagram, all give a single person, with minimal resources, almost anywhere in the world the ability to communicate with the rest of the world. Without intermediaries, that speaker would need technical skill and money that most people lack to disseminate their message. If our legal system fails to robustly protect intermediaries, it fails to protect free speech online.


Posted from Diigo. The rest of Open Web group favorite links are here.

Friday, January 13, 2017

OpenStack 01/14/2017 (a.m.)


Posted from Diigo. The rest of Open Web group favorite links are here.

Wednesday, January 11, 2017

OpenStack 01/11/2017 (p.m.)

  • Tags: surveillance state, Europe, legislation, Germany, France, UK

    • The world was a different place when, in October 2015, the Court of Justice of the European Union (CJEU) struck down the “Safe Harbour” data-sharing agreement that allowed the transfer of European citizens’ data to the US. The Court’s decision concluded that the indiscriminate nature of the surveillance programs carried out by U.S. intelligence agencies, exposed two years earlier by NSA-contractor-turned-whistleblower Edward Snowden, had made it impossible to ensure that the personal data of E.U. citizens would be adequately protected when shared with American companies. The ruling thus served to further solidify the long-standing conventional wisdom that Continental Europe is better at protecting privacy than America.

      However, Europe’s ability to continue to take this moral high ground is rapidly declining. In recent months, and in the wake of a series of terrorist attacks across Europe, Germany, France and the United Kingdom — Europe’s biggest superpowers — have passed laws granting their surveillance agencies virtually unfettered power to conduct bulk interception of communications across Europe and beyond, with limited to no effective oversight or procedural safeguards from abuse.


Posted from Diigo. The rest of Open Web group favorite links are here.

Saturday, January 07, 2017

OpenStack 01/08/2017 (a.m.)

  • Tags: surveillance state, NSA, Wikileaks

    • An entry in something the government calls a “Manhunting Timeline” suggests that the United States pressured officials of countries around the world to prosecute WikiLeaks editor-in-chief, Julian Assange, in 2010.

      The file—marked unclassified, revealed by National Security Agency whistleblower Edward Snowden and published by The Intercept—is dated August 2010. Under the headline, “United States, Australia, Great Britain, Germany, Iceland” – it states:

      The United States on 10 August urged other nations with forces in Afghanistan, including Australia, United Kingdom and Germany, to consider filing criminal charges against Julian Assange, founder of the rogue WikiLeaks Internet website and responsible for the unauthorized publication of over 70,000 classified documents covering the war in Afghanistan. The documents may have been provided to WikiLeaks by Army Private First Class Bradley Manning. The appeal exemplifies the start of an international effort to focus the legal element of national power upon non-state actor Assange and the human network that supports WikiLeaks.

      Another document—a top-secret page from an internal wiki—indicates there has been discussion in the NSA with the Threat Operations Center Oversight and Compliance (NOC) and Office of General Counsel (OGC) on the legality of designating WikiLeaks a “malicious foreign actor” and whether this would make it permissible to conduct surveillance on Americans accessing the website.

      “Can we treat a foreign server who stores or potentially disseminates leaked or stolen data on its server as a ‘malicious foreign actor’ for the purpose of targeting with no defeats?” Examples: WikiLeaks, thepiratebay.org). The NOC/OGC answered, “Let me get back to you.” (The page does not indicate if anyone ever got back to the NSA. And “defeats” essentially means protections.)

    • GCHQ, the NSA’s counterpart in the UK, had a program called “ANTICRISIS GIRL,” which could engage in “targeted website monitoring.” This means data of hundreds of users accessing a website, like WikiLeaks, could be collected. The IP addresses of readers and supporters could be monitored. The agency could even target the publisher if it had a public dropbox or submission system. NSA and GCHQ could also target the foreign “branches” of the hacktivist group, Anonymous.

      An answer to another question from the wiki entry involves the question, “Is it okay to query against a foreign server known to be malicious even if there is a possibility that US persons could be using it as well? Example: thepiratebay.org.” The NOC/OGC responded, “Okay to go after foreign servers which US people use also (with no defeats). But try to minimize to ‘post’ only for example to filter out non-pertinent information.”

      WikiLeaks is not an example in this question, however, if it was designated as a “malicious foreign actor,” then the NSA would do queries of American users.

    • Michael Ratner, a lawyer from the Center for Constitutional Rights (CCR) who represents WikiLeaks, said on “Democracy Now!”, this shows he has every reason to fear what would happen if he set foot outside of the embassy. The files show some of the extent to which the US and UK have tried to destroy WikiLeaks.

      CCR added in a statement, “These NSA documents should make people understand why Julian Assange was granted diplomatic asylum, why he must be given safe passage to Ecuador, and why he must keep himself out of the hands of the United States and apparently other countries as well. These revelations only corroborate the expectation that Julian Assange is on a US target list for prosecution under the archaic “Espionage Act,” for what is nothing more than publishing evidence of government misconduct.”

      “These documents demonstrate that the political persecution of WikiLeaks is very much alive,”Baltasar Garz√≥n, the Spanish former judge who now represents the group, told The Intercept. “The paradox is that Julian Assange and the WikiLeaks organization are being treated as a threat instead of what they are: a journalist and a media organization that are exercising their fundamental right to receive and impart information in its original form, free from omission and censorship, free from partisan interests, free from economic or political pressure.”


Posted from Diigo. The rest of Open Web group favorite links are here.

Monday, January 02, 2017

OpenStack 01/02/2017 (p.m.)

  • Tags: web, video, Flash, HTML5, Google, Chrome

    • The inexorable slide into a world without Flash continues, with Google revealing plans to phase out support for Adobe's Flash Player in its Chrome browser for all but a handful of websites. And the company expects the changes to roll out by the fourth quarter of 2016.

      While it says Flash might have "historically" been a good way to present rich media online, Google is now much more partial to HTML5, thanks to faster load times and lower power use.

      As a result, Flash will still come bundled with Chrome, but "its presence will not be advertised by default." Where the Flash Player is the only option for viewing content on a site, users will need to actively switch it on for individual sites. Enterprise Chrome users will also have the option of switching Flash off altogether.

      Google will maintain support in the short-term for the top 10 domains using the player, including YouTube, Facebook, Yahoo, Twitch and Amazon. But this "whitelist" is set to be periodically reviewed, with sites removed if they no longer warrant an exception, and the exemption list will expire after a year.

      A spokesperson for Adobe said it was working with Google in its goal of "an industry-wide transition to Open Web standards," including the adoption of HTML5.

      "At the same time, given that Flash continues to be used in areas such as education, web gaming and premium video, the responsible thing for Adobe to do is to continue to support Flash with updates and fixes, as we help the industry transition," Adobe said in an emailed statement. "Looking ahead, we encourage content creators to build with new web standards."


Posted from Diigo. The rest of Open Web group favorite links are here.