A recently published paper found that it is relatively easy to expose BitTorrent’s biggest content providers. The researchers were able to identify 70% of the initial seeds of publicly available torrent files that were uploaded to The Pirate Bay, something that might peek the interest of the entertainment industry.
EFF will be attending PrivacyCamp SF on Friday May 7th after the end of the Web 2.0 Expo, and we hope you will join us. The topic of the day will be Privacy and Social Networks.
This first annual PrivacyCamp in San Francisco will be a day-long user-generated “unconference” of engineers, privacy advocates, professors, lawyers, entrepreneurs and social network users that will focus on the privacy implications of social networks like Facebook, Twitter, and Google Buzz. If you will be in the Bay Area and want to engage in smart conversation with experts in tech and policy about what social networks mean for privacy and to brainstorm about how social networks can be designed to better protect privacy, register now.
| What: | PrivacyCamp SF 2010 |
| When: | Friday May 7, 2010 from 9:30 AM to 4:00 PM |
| Where: | UC Hastings, Alumni Reception Center (ARC) |
| 200 McAllister Street, San Francisco, CA 94102 |
On the heels of the second annual PrivacyCamp DC and just a week after Facebook rolled out it’s latest changes reducing Facebook users’ privacy, the first annual PrivacyCamp SF will bring together interested parties for smart and topical conversation about what a privacy-respecting social network would look like.
What is an unconference? Well, there’s no pre-planned agenda, no keynotes, no panels, and no “Q&As,” just a space to meet, discuss, debate, and share knowledge with others who are interested in a particular topic–in this case, Privacy and Social Networks. We at EFF certainly have a lot to say on that topic, and we hope you’ll join us to help define the dialogue. Helping us with that will be Craig Newmark of Craigslist, who’s planning to speak with conference participants before lunch, and we hope to see representatives from other Web 2.0 companies participating in the discussion as well.
Since there’s no pre-planned agenda, the topics of discussion will be collaboratively defined the morning of the conference (for example, here‘s the agenda that was settled on for the DC PrivacyCamp, which focused on privacy and government policy). But to give you an idea of possible topics for discussion, here are a few initial ideas and questions suggested by the PrivacyCamp blog:
What would you like to see discussed at PrivacyCamp SF? Register now to get in on the conversation. You can also participate in or follow the discussion on Twitter via @privacycampdc and hashtags #privacycamp and #privacy2010, on the PrivacyCamp Facebook page, and on the PrivacyCamp blog.
Following the joint signing of an IFPI / Bulgarian Interior Ministry memorandum declaring a crackdown on piracy, the head of the Computer Crimes Department appeared on TV and said that the country’s two largest BitTorrent sites will be closed down. Both Zamunda.net and Arena.bg are currently in the spotlight but it is feared more could join them in the future.
The Federal Trade Commission has announced that it has completed its first investigation under the "blog-ola" rules it adopted last year, which require bloggers and other social media posters who receive a free or discounted product
or service to disclose the freebie in their reviews or commentary about
the product or service, or face the possibility of an FTC enforcement
action. See "Guides
Concerning the Use of Endorsements and Testimonials in Advertising," 16
CFR Part 255 (2010) (html) (pdf).
In the end, the FTC decided not to take any action against Ann Taylor (decision letter), whose Loft division (formerly Ann Taylor Loft) offered gifts to bloggers who attended a January 26 "exclusive blogger preview" of the chain’s summer 2010 line.
"Bloggers who attend will receive a special gift," the invitation to the event read, "and those who post
coverage from the event will be entered in a mystery gift card drawing
where you can win up to $500 at LOFT!"
The details were in smaller print: "Please note all bloggers must post coverage from our event to their blog
within 24 hours in order to be eligible. Links to post must be sent to
[e-mail address], along with the code on the back of your gift card distributed
to you at the event. You will be notified of your gift card amount by
February 2. Gift card amounts will vary from $10 to $500." The invitation is available here.
The FTC guidelines are complex, but fundamentally they require bloggers (and those who post on
other social media, such as Twitter and Facebook) who receive a free or discounted product or service in
exchange for writing a review to disclose the freebie or face
the possibility of an FTC enforcement action.
So, under the FTC guidelines, bloggers who received the gift cards and wrote about the event were obliged to disclose the freebies.
A number of bloggers covered the event, including here, here, here, here, here, here, and here. Some disclosed the gifts, some said that they
hadn’t received them, and some didn’t comment on the issue. But some
commentators criticized Ann Taylor for even making the offer, including here and here.
This also wasn’t the first time that Loft offered prizes to bloggers. In December, Loft held a "Blog Wars" poll, in which fashion bloggers asked their readers to visit Loft’s Facebook page and vote for their favorite blog. The winning blogger received a $500 gift card.
As noted in CMLP’s legal guide,
after adopting the rule the FTC assured bloggers and social media contributors that
it was not likely to pursue them for not following the disclosure
guidelines. Instead, the Commission said that it would target the advertisers who offer the freebies (PRNewser; Dow Jones Newswires).
While I pointed out some questionable incidents earlier this year, the Commission’s inquiry into Loft’s 2010 Summer Preview is apparently the first investigation that the FTC has undertaken under the endorsement rules.
In a letter to Loft’s attorney announcing that it was taking no action in the matter, the FTC stated that
Upon careful review of this matter, we have determined not to recommend enforcement action at this time. We considered a number of factors in reaching this decision. First, according to LOFT, the January 26, 2010 preview was the first (and, to date, only) such preview event. Second, only a very small number of bloggers posted content about the preview, and several of those bloggers disclosed that LOFT had provided them gifts at the preview. Third, LOFT adopted a written policy in February 2010 stating that LOFT will not issue any gift to any blogger without first telling the blogger that the blogger must disclose the gift in his or her blog. The FTC staff expects that LOFT will both honor that written policy and take reasonable steps to monitor bloggers’ compliance with the obligation to disclose gifts they receive from LOFT.
The FTC letter also noted that LOFT posted a sign at the preview telling bloggers that they should disclose the gifts, but noted that "[i]t is not clear, however, how many bloggers actually saw that sign."
In past, I’ve criticized the FTC rules for assuming that all offline media are more ethical than online media, and for imposing by regulation what should be a matter of blogger ethics.
But while the FTC took no action against Loft or the bloggers who covered the event, it is clear that the Commission is keeping an eye out for blatant offers to bloggers and other
social media posters in return for coverage. For those who post on blogs and other social media, this means that its important to be familiar with the rules — the Legal Guide is a great start — and to be careful to disclose any product or service, including discounts, they receive in return for writing about that product or service.
The U.S. government has released its annual Special 301 report in which it purports to identify those countries with inadequate intellectual property laws. Given the recent history and the way in which the list is developed, it will come as no surprise that the U.S. is again implausibly claiming that Canada is among the worst of the worst. As a starting point, it should be noted that the Canadian government does not take this exercise particularly seriously. As an official with the Department of Foreign Affairs once told a House of Commons committee:
In regard to the watch list, Canada does not recognize the 301 watch list process. It basically lacks reliable and objective analysis. It's driven entirely by U.S. industry. We have repeatedly raised this issue of the lack of objective analysis in the 301 watch list process with our U.S. counterparts.
This year's report is particularly embarrassing for the U.S. since it not only lacks in credible data, but ignores the submission from CCIA (which represents some of the world's largest technology and Internet companies including Microsoft, Google, T-Mobile, Fujitsu, AMD, eBay, Intuit, Oracle, and Yahoo) that argued that it is completely inappropriate to place Canada on the list. The technology giants reminded the USTR that "Canada’s current copyright law and practice clearly satisfy the statutory 'adequate and effective' standard. Indeed, in a number respects, Canada's laws are more protective of creators than those of the United States."
With respect to the actual data, the USTR report is largely rhetoric rather than reality. The reality is:
Looking beyond just Canada, the list is so large, that it is rendered meaningless. According to the report, approximately 4.3 billion people live in countries without effective intellectual property protection. Since the report does not include any African countries outside of North Africa, the U.S. is effectively saying that only a small percentage of the world meet its standard for IP protection. Canada is not outlier, it's in good company with the fastest growing economies in the world (the BRIC countries are there) and European countries like Norway, Italy, and Spain.
In other words, the embarrassment is not Canadian law. Rather, the embarrassment falls on the U.S. for promoting this bullying exercise and on the Canadian copyright lobby groups who seemingly welcome the chance to criticize their own country.
The IFPI, the global RIAA, this week released its annual Recording Industry in Numbers report that tracks global record sales. In its release, it chose to target two countries – Canada and Spain – for declining sales and linked those declines to copyright law. As it no doubt intended, the IFPI release succeeded in generating media coverage, including two Globe and Mail stories (here and here) that dutifully reported that Canada was perceived a piracy haven and was being criticized (again) by the global recording industry.
Yet it doesn't take much digging to see that the IFPI targeted the wrong country. Canadian sales declined by 7.4 percent last year. That is obviously bad news for the industry, but it is almost identical to the global average of 7.2 percent. In other words, far from a piracy outlier, Canada was actually consistent with declines around the world. Moreover, while the IFPI chose to target Canada, the reality is the declines were far bigger in the United States (10.7 percent) and Japan (10.8 percent) yet neither country is described as a piracy haven. The IFPI data also shows that Canada was ahead of the curve on digital music sales growth. Canadian digital sales grew by 38 percent last year, while globally the number was 9.2 percent (the U.S. grew at 8 percent, below the global average).
Of course, none of these data points helped advance the agenda of painting Canada as a piracy haven, so they are conveniently ignored. Look for more of the same later today when the U.S. government releases it annual Special 301 report and implausibly claims that Canada is one of the world's worst copyright outlaws.
Ok, actually no Hitler at all, but a usefully cynical video:-)
We’re excited to report a great response to our inaugural Defcon 18 Getaway Contest since we announced it two weeks ago. Seventy-one participants have raised over $1900 so far!
Registration is still open, and the contest is still very much up for grabs! Current first place team Holy Handgrenades is sitting pretty at $575, with individual contestants Evan Keiser at second place with $65 and Robert Rowley at third place with $25. The pool of fabulous prizes is still within your reach!
Big thanks to Ninja Networks and Friends for sponsoring the contest and raising over $1200; however, contestants please note that its team has declared themselves ineligible for the prize package, leaving the contest wide open. Form a team; put a badge up on your blog; ask your friends and family — there are lots of ways to help EFF and compete for the prizes. (See Official Rules for full details).
EFF is also thrilled to announce that security firms iSEC Partners and IOActive have joined us to sponsor the Defcon Getaway Contest! We’re grateful for their support of the contest and EFF’s Coders’ Rights Project.
iSEC Partners is a proven full-service security consulting firm that provides penetration testing, secure systems development, security education and software design verification. iSEC Partners’ security assessments leverage our extensive knowledge of current security vulnerabilities, penetration techniques and software development best practices to enable customers to secure their applications against ever-present threats on the Internet.
Established in 1998, IOActive is an industry leader that offers comprehensive computer security services with specializations in smart grid technologies, software assurance, and compliance. Boasting a well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including power and utility, hardware, retail, financial, media, router, aerospace, high-tech, and software development organizations.
Stay tuned for more developments and updates regarding EFF’s Defcon Getaway Contest. If you haven’t already registered, what are you waiting for? Click here, and see you in Vegas!
Social networking companies don’t have it easy. Advertisers covet their users’ data, and in a niche that often seems to lack a clear business model, selling (or otherwise leveraging) that data is a tremendously tempting opportunity. But most users simply don’t want to share as much information with marketers or other “partners” as corporations would like them to. So it’s no surprise that some companies try to have it both ways.
Monday evening, after an exasperating few days trying to make sense of Facebook’s bizzare new “opt-out” procedures, we asked folks on Twitter and Facebook a question:
The world needs a simple word or term that means “the act of creating deliberately confusing jargon and user-interfaces which trick your users into sharing more info about themselves than they really want to.” Suggestions?
And the suggestions rolled in! Our favorites include “bait-and-click”, “bait-and-phish”, “dot-comfidence games”, and “confuser-interface-design”.
Although we didn’t specifically mention Facebook in our question, by far the most popular suggestions were variations on this one from @heisenthought on Twitter:
How about “zuck”? As in: “That user-interface totally zuckered me into sharing 50 wedding photos. That kinda zucks”
Other suggestions included “Zuckermining”, “Infozuckering”, “Zuckerpunch” and plenty of other variations on the name of Facebook’s Founder and CEO, Mark Zuckerberg. Others suggested words like “Facebooking”, “Facebaiting”, and “Facebunk”.
It’s clear why folks would associate this kind of deceptive practice with Zuckerberg. Although Zuckerberg told users back in 2007 that privacy controls are “the vector around which Facebook operates,” by January 2010 he had changed his tune, saying that he wouldn’t include privacy controls if he were to restart Facebook from scratch. And just a few days ago, a New York Times reporter quoted a Facebook employee as saying Zuckerberg “doesn’t believe in privacy“.
Despite this, we’d rather not use Zuckerberg’s name as a synonym for deceptive practices. Although the popularity of the suggestion shows how personal the need for privacy has become for many Facebook users, we’d prefer to find a term that’s less personal and more self-explanatory.
No, our favorite idea came from Twitter user @volt4ire, who suggested we use the phrase “Evil Interfaces”. The name refers to a talk by West Point Professor Greg Conti at the 2008 Hackers On Planet Earth conference.
Here’s Conti explaining Evil Interfaces to a puppet named Weena:
As Conti describes it, a good interface is meant to help users achieve their goals as easily as possible. But an “evil” interface is meant to trick users into doing things they don’t want to. Conti’s examples include aggressive pop-up ads, malware that masquerades as anti-virus software, and pre-checked checkboxes for unwanted “special offers”.
The new Facebook is full of similarly deceptive interfaces. A classic is the “Show Friend List to everyone” checkbox. You may remember that when Facebook announced it would begin treating friend-lists as “publicly available information” last December, the change was met with user protests and government investigation. The objections were so strong that Facebook felt the need to take action in response. Just one problem: Facebook didn’t actually want to give up any of the rights it had granted itself. The result was the obscure and impotent checkbox pictured here. It’s designed to be hard to find — it’s located in an unlikely area of the User Profile page, instead of in the Privacy Settings page. And it’s worded to be as weak as possible — notice that the language lets a user set their friend-list’s “visibility”, but not whether Facebook has the right to use that information elsewhere.
A more recent example is the process introduced last week for opting out of Instant Personalization. This new feature allows select Facebook partner websites to collect and log all of your “publicly available” Facebook information any time you visit their websites. We’ve already documented the labyrinthine process Facebook requires users to take to protect their data, so I won’t repeat it here. Suffice to say that sharing your data requires radically less work than protecting it.
Of course, Facebook is far from the only social networking company to use this kind of trick. Memorably, users of GMail were surprised last February by the introduction of Google Buzz, which threatened to move private GMail recipients into a public “frequent contacts” list. As we noted at the time, Buzz’s needlessly complex “opt-out” user-interface was a big part of the problem.
OK, perhaps the word “evil” is a little strong. There’s no doubt that bad user-interfaces can come from good intentions. Design is difficult, and accidents do happen. But when an accident coincidentally bolsters a company’s business model at the expense of its users’ rights, it begins to look suspicious. And when similar accidents happen over and over again in the same company, around the same issues, it’s more than just coincidence. It’s a sign something’s seriously wrong.
Last year The Pirate Bay lost its case in The Netherlands with a court ruling that the site must cease its activities in the country. Despite this decision the site is still accessible in The Netherlands, but anti-piracy group BREIN isn’t sitting still. According to information received by TorrentFreak, they are now taking action to force an ISP to start blocking the site.