Privacy Digest

Chinese Skype Client Hands Confidential Communications to Eavesdroppers - Via EFF.org Updates:

This Wednesday, Information Warfare Monitor published damning evidence showing that TOM-Skype, the version of the voice and chat program distributed in China not only blocks keywords from chat conversations, but also spies on and remotely reports the contents of Skype users' private text conversations. This directly contradicts Skype's previous assurances that "full end-to-end security is preserved and there is no compromise of people’s privacy", even on the customized Chinese client.

This special breached version of Skype, distributed by the Chinese portal company TOM Online, has long been known to block certain contentious phrases from instant message conversations. IWM's Nart Villeneuve's research shows that when these keywords are mentioned in conversations, the client software also sends an encrypted message to one of eight remote servers hosted in China.

Due to poor security on these servers, Villeneuve was able to uncover what was being sent: extensive logs on user activity, including archives of more than 166,000 censored messages from 44,000 users.  read more »

New Jersey's Cablevision Hijacks DNS Error Pages - Via Slashdot:

Selikoff writes "I just noticed Cablevision's Optimum Online service has begun hijacking DNS Error pages with, you guessed it, ad-supported results. Aside from hurting the underlying stability of the Internet, there have been instances where hackers have used such tools against customers. I know Road Runner customers have had to deal with this for a couple months now, although at least they have an outlet to turn it off." --- Update: 09/30 13:18 GMT by T : Note, as several readers have pointed out, this hijacking is of DNS errors rather than 404 errors as originally presented.

(Read Original Article - Via Slashdot .)

Editor: My provider, Verizon, has been doing this also for a while. But if you push hard enought they will give you alternate DNS servers without this 'feature'.

BT to kick off fresh Phorm trial - Via BBC NEWS | Technology :

Telecoms giant BT is about to start further trials of a controversial internet advertising technology.

Developed by Phorm, the Webwise system watches what people do online and shows adverts tuned to their interests.

From 30 September, a sample of BT's customers will be invited to "opt in" to a trial of the technology.

Early trials ran without the consent of customers which led to complaints from rights groups who said this broke laws governing the interception of data.  read more »

Slashdot | Positive Rights News From Europe - Via Slashdot :

Various readers are sending in good news from Europe on the rights front. First, at the EU level, Mark.J brings word that the European Parliament has canned a number of controversial amendments to its updated Telecoms Package, which could have resulted in ISPs being forced to disconnect customers for involvement in illegal file-sharing of copyrighted material. Next, SplatMan_DK writes from Denmark on a recent ruling by the Danish High Court that means that Danes are still innocent until proven guilty  read more »

New Lobbying Group Calls for Internet Filtering - Via Threat Level:

A just-formed lobbying group of content producers, equipment makers and internet gatekeepers said Thursday that internet service providers should embrace filtering.

Behind the lobby are AT&T, Cisco Systems, Microsoft, NBC Universal, Viacom and the Songwriters Guild of America. Among other things, the lobby, called Arts+Labs, says "network operators must have the flexibility to manage and expand their networks to defend against net pollution and illegal file-trafficking which threatens to congest and delay the network for all consumers."

The creation of the lobbying group came almost two months after the Federal Communications Commission issued an open invitationto ISPs to filter for unauthorized copyright material. The Aug. 1 invite was buried in the text of the FCC's stinging rebukeof Comcast for throttling BitTorrent and other peer-to-peer traffic.

AT&T and NBChave already made it clear they support blocking streams of unauthorized works, for obvious reasons. NBC and the songwriters want to get paid for their works. and AT&T supports filtering because it could reduce high-volume, peer-to-peer traffic.

And Cisco has the means to produce filtering equipment, while Microsoft has recently secured a patentto watermark music and track it through the internet.  read more »

AT&T, Verizon Back Opt-In Approach for Behavioral Advertising - Via CDT - PolicyBeta:

Earlier this week, we set out our wish list for what we hoped to hear from witnesses during today’s Senate Commerce Committee hearing on behavioral advertising as this emerging online marketing practice comes under congressional scrutiny.

We are pleased that the telecom companies testifying today, AT&T and Verizon, appear headed in the right direction.

Both companies strongly embraced setting a high bar for engaging in behavioral advertising and challenged the rest of the industry to do the same. Dorothy Attwood, senior vice president of Public Policy and Chief Privacy Officer for AT&T, said her company was committing to a policy of “advance, affirmative consumer consent,” noting that the phrase is “generically referred to as “opt-in.”  read more »

Entertainment Lobby Calls for Internet Filtering - Via Threat Level:

It didn't take long for a consortium of content producers, equipment makers and internet gatekeepers to cling to a Federal Communications Commission decision embracing internet filtering.

Buried in the text of the FCC's stinging rebuke of Comcast for throttling BitTorrent and other peer-to-peer traffic was an open invitation to ISPs to filter for unauthorized copyrighted material. That August 1 invitation was embraced Thursday by a newly formed lobby named Arts + Labs.

Behind the lobby is AT&T, Cisco Systems, Microsoft, NBC Universal, Viacom and the Songwriters Guild of America. Among other things, the lobby says "network operators must have the flexibility to manage and expand their networks to defend against net pollution and illegal file trafficking which threatens to congest and delay the network for all consumers."  read more »

Comcast Admits Error In Requiring SSN Under "Patriot Act" (follow-up) - Via PogoWasRIght - Privacy News Headlines:

Comcast's customer service czar Frank responded to our post "Comcast: "The Patriot Act" Mandates We Need Your SSN" by saying it was an error on part of the agent. Via Twitter he said:

Our policy is SSN not required. I believe the agent came from financial services where that is the policy. We have coached them

Source - The Consumerist blog

(Read Original Article - Via PogoWasRIght - Privacy News Headlines.)

ISPs Facing Privacy Scrutiny Likely to Point At Google - Via Threat Level:

Google is not an ISP, but at Thursday’s Senate hearing on privacy and ISPs, expect the search and online advertising giant's name to be the keyword invoked by ISPs wishing to escape the attention of legislators.

ISPs have good reason to want to be forgotten.

Earlier this year, lawmakers all but killed off the idea of letting ISPs watch their customers' web usage in order to serve them targeted ads after Charter Communications retreated from its plan to test such technology and several smaller ISPs admitted to secret tests of such technology from NebuAd.

But ISPs are hungry for new revenue so expect that AT&T, Verizon and Time Warner – three of the nation’s top ISPs – will take the opportunity Thursday in front of the Senate Commerce committee to favorably compare their privacy practices and market reach to Google's.

In fact, don't be surprised if the ISPs suggest that Google is the one that needs some federal rules written for it and that ISPs need to be free to find ways to serve targeted ads to their customers.  read more »

Comcasts Spells Out Congestion Management Plans - Via CDT - PolicyBeta:

Back in March, CDT welcomed Comcast’s announcement that it would move to a “protocol agnostic” technique for managing network congestion. No technical details were provided, but the announcement certainly seemed to imply that the new technique would steer clear of singling out particular protocols, services, or content for inferior treatment. In other words, it would avoid the kind behavior that gives Internet neutrality advocates fits and that puts network operators in a position to undermine unfettered innovation. To use a potentially loaded term, the announcement seemed to imply that the new technique would be neutral.

But we also noted that we would have to wait and see how the new technique actually works. However promising the term “protocol agnostic” might sound, it doesn’t exactly have a widely accepted meaning.

Well, Comcast has now filed with the FCC a description of the new congestion management technique it is rolling out. Based on that description, it appears to be the real deal.  read more »

Comcast Unveils Its New Traffic Management Architecture - Via EFF.org Updates:

Late on Friday night, Comcast filed an overview of its new traffic management arrangements with the FCC. This is the long term replacement for its controversial practice of using forged TCP Reset packets to limit the use of peer to peer protocols.

The new system appears to be a reasonable attempt at sharing limited bandwidth amongst groups of users. Unlike TCP RST spoofing, it doesn't explicitly discriminate against some applications, and it doesn't threaten protocol developers with interoperability problems and uncertainty about network behavior.  read more »

What to Keep an Ear Out For at the Next Behavioral Advertising Hearing - Via CDT - PolicyBeta:

The Senate Commerce Committee has a hearing scheduled on Thursday to hear from ISPs about their plans for implementing behavioral advertising. CDT has been in discussions with many of these companies and believe that some have begun to make a commitment to getting policies and practices right and push others in the online industries to do the same, as they make decisions whether or not to go forward with behavioral targeting plans. Decoding congressional testimony is something of an art form; here’s what we’ll be listening for: words and phrases like “meaningful and affirmative consent,” “transparency,” and “user control.” If you check the box next to each of those you’ll know that things are on the right track, which will be a welcome change from the rhetoric we heard from the CEO of NebuAd during the last Senate hearing on behavioral advertising.  read more »

Comcast Discloses Throttling Practices -- BitTorrent Targeted - Via Threat Level:

Comcast came clean with the Federal Communications Commission late Friday, detailing how it throttled and targeted peer-to-peer traffic -- maneuvers it has repeatedly denied.

The cable concern said (.pdf) it indeed hit "particular protocols that were generating disproportionate amounts of traffic." The peer-to-peer protocols, Comcast said, include Ares, BitTorrent, eDonkey, FastTrack and Gnutella -- vehicles used to transport copyrighted material without the owners' permission.

On Aug. 1, when the FCC ordered it to abandon its throttling practices, Comcast denied that it was blocking any services including "peer-to-peer services" like BitTorrent or engaged in any blocking of services.  read more »

CDT Policy Post: Closer Look at ISP-Ad Network Partnerships - Via Center for Democracy and Technology:

CDT issued a policy post today that takes a closer look at the privacy concerns raised by the ISP-ad network partnership model within the online behavioral advertising field. Behavioral advertising involves the compilation of detailed information about an Internet user’s online activities. That data, when collected, can be turned into detailed consumer profiles including articles read, web sites visited, and items purchased. Today's policy post says the ISP-ad network model may violate federal law if it deployed without express consent of subscribers. CDT notes that Congress is taking a closer look at the practice and that online consumer privacy law may be introduced to address concerns.

(Read Original Article - Via Center for Democracy and Technology.)

DOJ View on Email Privacy May Hamper Prosecution of Palin Hackers - Via EFF.org Updates:

On Wednesday, some hackers apparently obtained unauthorized access to Gov. Sarah Palin's Yahoo! email account by posing as Gov. Palin and getting a new password (Michelle Malkin and Wired News have details). Yesterday we noted that, based on the facts in newspaper reporting, a court would likely consider this a violation of the Stored Communications Act (SCA).

However, the Department of Justice may be hamstrung in any prosecution of this invasion of privacy by its restrictive view of "electronic storage."  read more »