Internet News

Two email providers, forced to close their services after the NSA demanded a backdoor, have proposed a new open standard for secure email that would be harder for security services and others to eavesdrop upon.

The encrypted email service Lavabit, and Silent Circle, a firm also encrypting phone calls and texts, are the founding members of the Darkmail Alliance, a service that aims to prevent government agencies from listening in on the metadata of emails.

The metadata is the information bundled up with the content of an email such as that showing the sender, the recipient and date the message was sent. Conventional email can never be made fully secure because the standard requires some metadata to be sent unencrypted.

Mike Janke, Silent Circle's chief executive and co-founder, said:

We want to get another dozen to two dozen email providers up and running on Darkmail architecture so that at any one time citizens of the world can choose two dozen email providers to get their email service from.

He said that the services Lavabit and Silent Mail kept too much data on the provider's server:

So what happened is you saw nation states can go to an email provider and coerce them into turning over the keys and decrypting.

The proposal of the alliance, it says, is as close to being compatible with conventional email as can be; users can send and receive insecure emails with contacts on normal services, and it is only when an email is sent between two accounts within the alliance that the message is encrypted and routed from one peer to the other without going through a central server.

The ultimate aim is to get the big email providers, such as Microsoft , Yahoo ! and Gmail , using the new standard too.

People browsing the internet in censored spaces such as UK public WiFi will soon be able to access the web using the internet connection of friends in censorship-free zones of the web.

Google has thrown its weight behind an idea that lets people circumvent censorship by using the internet connection of a friend.

A collaboration between the University of Washington in Seattle and non-profit firm Brave New Software, uProxy lets users share their internet connection with friends on social networks through a browser extension.

When both parties have the uProxy extension installed, one can forge an encrypted link through the other person's browser and out onto the internet via their social network connection. As well as giving people access to censored content, it could allow people in the UK to watch the US version of Netflix via a US friend's connection, for example, or those in the US to log in to the BBC iPlayer to catch the latest episode of Sherlock. Or if you want to read Melon Farmers on the train then you can use your home connection.

So far it has only been tested in a closed trial for selected users, but its developers promise to open up the code to curious security researchers. This will also ease fears that any back door may have been left open for authorities such as the US National Security Agency to access and spy on users' browsing habits. Censors can't stop uProxy simply by blocking social networking websites either because, instead of the standard web, it accesses the contact lists via background, hard-to-block online processes.

UProxy was funded by Google's charitable arm, Google Ideas, and the firm is also helping in its development.

Another Brave New Software project, Lantern also relies on your social network to find a trusted computer to connect to the wider internet. Unlike uProxy, it can use friends of friends, widening the pool of potential proxies.

Laos authorities are preparing to introduce unprecedented social media censorship possibly modeled on Chinese and Vietnamese censorship laws, officials announced this week.

The Ministry of Post and Telecommunications is currently drawing up the censorship laws which are expected to take effect by the end of the year, the ministry's E-Government Centre Director General Phonpasit Phissamay said.

The rules are aimed at ensuring social networking sites are used in a manner supportive of the government Users may be prosecuted for posting  information the authorities don't like.

Amid the rapidly growing social media, Facebook users have been anticipating an online clampdown by the Lao Communist Party leadership, which has ruled the country with an iron fist since 1975.

I expected this would happen someday, even though government says we have a democracy, one Facebook user posted on the Laos News Update Facebook page. We won't be able to say anything [online] now. It's because the government can't stand criticism from people, another user said.

Facebook has announced it is working on new ways to keep users from stumbling across gruesome content such as beheading videos.

Facing sharp criticism from the likes of David Cameron, Facebook issued a statement clarifying that violent videos were only allowed if they were presented as news or held up as atrocities to be condemned.

If they were being celebrated, or the actions in them encouraged, our approach would be different. However, since some people object to graphic video of this nature, we are working to give people additional control over the content they see. This may include warning them in advance that the image they are about to see contains graphic content.

Facebook banned beheading videos in May but recently lifted the prohibition - a development flagged by the BBC.

Facebook's administrators face constant pressure from interest groups trying to impose their own forms of censorship or fighting to lift restrictions they see as oppressive. Women's rights groups want the company to ban sexy content; others have ridiculed Facebook's ban on the depiction of female breasts. Some believers have urged the site to ban what they see as blasphemous content.

Sean Gallagher of Index on Censorship said:

Films about beheadings may be deeply upsetting and offensive, but they do expose the reality of violent acts that are taking place in the world today. When trying to draw a line about what should or shouldn't be allowed, it's important to look at context, not just content.

Update: Heads Roll at Facebook

24th October 2013. See  article from  independent.co.uk

Facebook has removed a video of a woman being beheaded and updated its policy on graphic violence following a supposed 'public outcry'.

In a move which David Cameron described as irresponsible , Facebook had said that it would be allowing users to upload images and videos of graphic violence so that they could be condemned .

It has now backtracked on that decision, moving to take down a particular video which sparked this week's debate. Entitled only Challenge: Anybody can watch this video? it seemed to show a masked man beheading a woman in Mexico. In a statement, Facebook explained refinements to its policy on violent content:

When we review content that is reported to us, we will take a more holistic look at the context surrounding a violent image or video.

Second, we will consider whether the person posting the content is sharing it responsibly, such as accompanying the video or image with a warning and sharing it with an age-appropriate audience.

Based on these enhanced standards, we have re-examined recent reports of graphic content and have concluded that this content improperly and irresponsibly glorifies violence. For this reason, we have removed it.

A VPN provider says that concerns it may be forced to hand over its encryption keys to United States authorities have led it to take the decision to shut down its consumer services. CryptoSeal says that information revealed as part of the Lavabit case has undermined its original understanding of United States law and made its position untenable. Shutting down, the company says, is the only solution to protect customer privacy.

The company said in a statement:

With immediate effect as of this notice, CryptoSeal Privacy , our consumer VPN service, is terminated. All cryptographic keys used in the operation of the service have been zerofilled, and while no logs were produced (by design) during operation of the service, all records created incidental to the operation of the service have been deleted to the best of our ability.

Essentially, the service was created and operated under a certain understanding of current US law, and that understanding may not currently be valid. As we are a US company and comply fully with US law, but wish to protect the privacy of our users, it is impossible for us to continue offering the CryptoSeal Privacy consumer VPN product, the company says.

Google has unveiled supervised users for its Chrome browser. A supervised user is a special class of Chrome user account that's created and controlled by another user who acts as its manager or parent.

Additional restrictions can be assigned at the manager's discretion. For example, certain sites can be blocked, or the supervised user's account can be set to a whitelist configuration so that it can only visit approved sites.

Supervised users can contest these restrictions by filing access requests with their manager, which managers can approve or deny via the supervised users dashboard .

Managers also have the ability to view a supervised user's browsing history and to lock the Google search engine's SafeSearch feature to a restricted setting.

At the moment the feature is for beta users and has not been included in standard releases.

The Daily Mail goes into overdrive and asks:

Has American Apparel gone too far? Shoppers attack vile and disturbing T-shirt showing menstruation

A unisex T-shirt emblazoned with a drawing of a woman's vagina stained with menstrual blood has been deemed vile , gross and disturbing since going on sale at American Apparel.

The retailer notes on its website that the $32 Period Tee was designed by 20-year-old Toronto-based artist, Petra Collins, who creates portraits exploring female sexuality and teen girl culture.

However the Daily Mail couldn't really back up the 'outrage' All the have are a few unimaginative tweets eg:

@sawissinger wrote, this is the worst thing I can possibly think of, while

@kawaii_origami tweeted, are you kidding me?

Update: More 'outrage'

18th October 2013. See  article from  dailymail.co.uk

The designer behind American Apparel's menstruation T-shirt, has had her Instagram account deleted after uploading an image of her unshaven bikini line.

Petra Collins posted a snap of herself from the waist down wearing a bathing suit bottom with her pubic hair peeping out to the photo-sharing site last week.

However, she revealed to OysterMag.com today that the picture attracted so many complaints from users that her account - which had over 25,000 followers - has since been deleted.

The artist said dozens of people deemed her self-portrait horrible and disgusting.   Voicing her annoyance, she wrote:

To those who reported me, to those who are disgusted by my body . . . I want you to thoughtfully dissect your own reaction to these things.

Please think about WHY you felt this way, WHY this image was so shocking, WHY you have no tolerance for it.

Facebook took down a photo of two men kissing because it supposedly violated Community Standards.

Of course, it may also have been the fact that the photo was posted by gay porn star, Titan Men exclusive Jesse Jackman, who told sfist.com that in the aftermath of posting the picture of him kissing husband Dirk Caber:

I received multiple public death threats after posting this photo, endured countless homophobic slurs, and received dozens upon dozens of hate-filled messages, and yet Facebook did nothing about those disgusting comments, choosing to censor love instead of hate... This is a travesty. Hate must not be allowed to prevail in this world.

Jackman also took to Twitter to express his amazement at the censorship for something so sweet as a kiss and then the story went kind of viral, with HuffPo also taking stock.

As usual once a decision is widely criticised, Facebook rescinded the ban with the claim:

As our team processes more than one million reports each week, we occasionally make a mistake, Facebook told the site. In this case, we mistakenly removed content and worked to rectify the mistake as soon as we were notified. We apologize for the inconvenience caused due to the removal of this content.

Presumably thousands of similar 'mistakes' go unrectified as they lack the clout of Huffington Post  in putting things right.

An alarming judgment has been issued by the European Court of Human Rights that could seriously affect online comment threads.

The judgment in the case Delfi AS v Estonia suggests that if a commercial site allows anonymous comments, it is both practical and reasonable to hold the site responsible for content of the comments.

In 2006, Delfi ran a story about a ferry operator's changing of routes. This story lead to some heated debate in the comments thread, with, according to the judgment highly offensive or threatening posts about the ferry operator and its owner .

The ferry owner sued Delfi responsible for defamation and won. Delfi appealed on the grounds the the European eCommerce Directive suggested it should be regarded as a passive and neutral host.

The ruling stated:

Given the nature of the article, the company should have expected offensive posts, and exercised an extra degree of caution so as to avoid being held liable for damage to an individual's reputation.

The article's webpage did state that the authors of comments would be liable for their content, and that threatening or insulting comments were not allowed. The webpage also automatically deleted posts that contained a series of vulgar words, and users could tell administrators about offensive comments by clicking a single button, which would then lead to the posts being removed.

However none of the mechanisms prevented a large number of insulting comments from being published on the website.

The judgment also threatens online anonymity:

However, the identity of the authors would have been extremely difficult to establish, as readers were allowed to make comments without registering their names. Therefore many of the posts were anonymous. Making Delfi legally responsible for the comments was therefore practical; but it was also reasonable, because the news portal received commercial benefit from comments being made.

The ruling is not yet final and may be subject to further review.

Malaysia's former prime minister Tun Dr Mahathir Mohamad wants the authorities to impose internet censorship of pornography.

Once an advocate of non-censorship of the internet, Mahathir lamented that the easy access to sexually graphic sex sites are negatively stimulating the minds of the young.

He claims without evidence that online pornography has led to a rise in violent sexual crimes and a supposed decline in morals.

There must be some form of code of ethics to prevent such sites from being accessed. The governments of the respective countries should take action against those responsible for polluting the minds of young children with pornography.

He admitted that there was opposition towards censoring the internet when he launched the Multimedia Super Corridor over a decade ago. However, he said the recent rise in violent sexual crimes and declining morals due to exposure to online pornography was alarming.

Mahathir then claimed that such censorship would somehow not curb freedom of expression.

Malaysian Communications and Multimedia Commission (MCMC) corporate communications head Sheikh Abdul Rafie Sheikh Abd Rahman previously made similar claims that while pornography sites were usually censored, it somehow did not amount to censorship.

Thousands of Islamic extremists in the UK see the British public as a legitimate target for attacks, the director general of MI5 has warned. Andrew Parker was making his first public speech since taking over as head of the UK Security Service in April.

Al-Qaeda and its affiliates in Pakistan and Yemen present the most direct and immediate threats to the UK, he said. He added that the security services must have access to the many means of communication which terrorists now use. He warned:

It remains the case that there are several thousand Islamist extremists here who see the British public as a legitimate target. Being on our radar does not necessarily mean being under our microscope.

The reality of intelligence work in practice is that we only focus the most intense intrusive attention on a small number of cases at any one time. The challenge therefore concerns making choices between multiple and competing demands to give us the best chance of being in the right place at the right time to prevent terrorism.

Parker's speech also went on to reveal some of the fears and frustrations his service was experiencing over both the advances in technology and those who leak government secrets into the public domain. He warned that terrorists now had tens of thousands of means of communication through e-mail, IP telephony, in-game communication, social networking, chat rooms, anonymising services and a myriad of mobile apps .

Parker said it was vital for MI5 - and by inference its partner GCHQ - to retain the capability to access such information if the Security Service was to protect the country.

Intelligence officials in both the US and Britain have been absolutely dismayed at the wealth of secret data taken by the former CIA contractor Edward Snowden when he fled to Russia. Without mentioning Snowden by name, Parker said it causes enormous damage to make public the reach and limits of GCHQ techniques .

  More than two million people in China are employed by the government as internet censors or propagandaists.

The Beijing News says the censors, described as internet opinion analysts , are on state and commercial payrolls.

The report by the Beijing News said that these monitors were not required to delete postings. They are strictly to gather and analyse public opinions on microblog sites and compile reports for decision-makers .

Tang Xiaotao has been working as a monitor for less than six months, the report says, without revealing where he works.

He sits in front of a PC every day, and opening up an application, he types in key words which are specified by clients.

He then monitors negative opinions related to the clients, and gathers (them) and compile reports and send them to the clients.

China rarely reveals any details concerning the scale and sophistication of its internet police force. It is believed that the two million internet monitors are part of a huge army which the government relies on to control the internet.

Recent disclosures that the government routinely taps, stores and sifts through our internet data have alarmed experts and internet users alike. It is alleged that the government has used the US's PRISM programme to access data on British citizens stored by US internet corporations. Through its own TEMPORA programme, the government is alleged to tap into the sub-ocean cables that carry the UK's and the EU's internet activities around the world and stores and sifts through that data, even if it is an email or a call between two British or EU citizens. Furthermore, the UK has granted the US National Security Agency unlimited access to this data.

These practices appear to have been authorized by government ministers on a routine rolling basis, in secret. Existing oversight mechanisms (the Interception of Communications Commissioner, the Intelligence Services Commissioner, the Parliamentary Intelligence and Security Committee and the Investigatory Powers Tribunal) have failed. The legislation that is supposed to balance our rights with the interests of the security services is toothless.

That is why Big Brother Watch, Open Rights Group, English PEN and Constanze Kurz have taken the unusual step of instructing a legal team to pursue legal action on our behalf and on behalf of all internet users in the UK and EU. First, our lawyers wrote to the government demanding that it accepts that its authorization practices have been unlawful and that it consult on a new, transparent set of laws for the future. The government refused and invited us to submit a case to the Investigatory Powers Tribunal. But the Tribunal is a creature of the very statutory regime which has failed and would not offer an effective remedy. It is unable to rule that the legislative regime breaches our privacy rights, it is conducted largely in secret and there is no right of appeal. The European Court of Human Rights has previously decided that this tribunal does not provide an effective remedy for privacy victims. So we will take our case directly to the European Court of Human Rights. It will decide whether the government's surveillance activities and the existing legislation sufficiently protect the privacy of UK and EU internet users.

The group are seeking funding for the legal challenge. See privacynotprism.org.uk

The former operator of a secure email service once used by NSA leaker Edward Snowden has been fined $10,000 for failing to give government agents access to his customers' accounts, newly released court documents show.

In August, Ladar Levinson shut down Lavabit, his security-minded email business, rather than comply with government demands that he claimed would have made him complicit in crimes against the American people.

Court documents reveal that the FBI wanted Levinson to hand over encryption keys that would have given federal agents real time access to not just Snowden's account, but the accounts of all 40,000 of Lavabit's customers.

To Levinson, that was going too far. You don't need to bug an entire city to bug one guy's phone calls, he told The New York Times . In my case, they wanted to break open the entire box just to get to one connection.

Levinson claims he had complied with legal surveillance requests in the past, and that he proposed logging and decrypting just Snowden's communications and uploading them to a government server once per day. But this wasn't good enough for the FBI, they wanted the keys.

Levinson did his best to avoid handing over the keys but the court levied a fine of $5,000 per day until the keys were provided in electronic form. Levinson held out for two days but finally relented, only to shut down Lavabit at the same time he gave up the certificates .

Lawmakers in California have passed a bill targeting the posting of so called revenge porn , when compromising pictures are posted after a relationship has broken up.

The bill makes it a crime to post pictures of anyone in a state of full or partial undress even if the picture was originally taken with that person's consent. But a crime would have only been committed if the pictures were posted with the intent to cause serious emotional distress, and [that] the other person suffers serious emotional distress .

The bill reads:

This bill would provide that any person who photographs or records by any means the image of another, identifiable person without with his or her consent who is in a state of full or partial undress in any area in which the person being photographed or recorded has a reasonable expectation of privacy, and subsequently distributes the image taken, with the intent to cause serious emotional distress, and the other person suffers serious emotional distress would constitute disorderly conduct subject to that same punishment.

Both the Senate and Assembly unanimously passed Senate Bill 255. It is now awaiting state governor, Jerry Brown, to sign it into law. Brown has 30 days to sign the bill into law, though it's unclear if he will.

Much of the bill stayed intact during its movement through the state legislature, with a single change. The final version of the bill does not cover selfies but Senator. Anthony Cannella, author of the bill, will try to include selfies, in an update next year.

Update: The state governor gives his consent

2nd October 2013. See  article from  philly.com

California Governor Jerry Brown has signed a bill outlawing so-called revenge porn and levying possible jail time for people who post naked photos of their exes after bitter breakups.

Senate Bill 255, which takes effect immediately, makes it a misdemeanor to post identifiable nude pictures of someone else online without permission with the intent to cause emotional distress or humiliation. The penalty is up to six months in jail and a $1,000 fine.