Remember our discussion on app location information?
Based on the article below, I installed Muslim Pro on my android phone. This app is used by Muslims worldwide. When started, it said
The app needs your location to calculate accurate prayer times
Of course, that meant enabling location on the phone, and also granting that permission to the app. The app does have an option to work without location data, but it's definitely something one has to search for.
It turns out that someone is buying this location data from the app maker: the US military.
See https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x.
The developer, Bitsmedia, by default shares information with a company named Tutela, and a company named Quadrant. From the privacy policy:
Bitsmedia partners with Quadrant to collect and share precise location information via mobile SDKs. You can supposedly opt out of their reselling of the data.
But if you do not, Quadrant apparently sells your location data to a company named X-Mode, who in turn sells it to the US army.
Again, a big issue here is that Android does not support different levels of location data. There's a big difference between location data accurate enough to determine the approximate time of sunrise and location data accurate enough for a drone strike.
It's baack! See github.blog/2020-11-16-standing-up-for-developers-youtube-dl-is-back.
Section 1201 does not include language for immediate takedowns claims (that's in Section 512), but Github presumably wanted to play it safe. Github writes:
And our reinstatement, based on new
information that showed the project was not circumventing a technical
protection measure (TPM), was inline with our values of putting
developers first.
Also, Google
issued a takedown request to Github for the takedown of the
widevine-L3-decryptor. Widevine is Google's DRM for streaming video in
the browser, used by Netflix and everyone else. Level 3 is the weakest
level; a vulnerability was announced in early 2019. Level 3 is used by
most desktop viewers; it does not allow for HD content streaming.
See github.com/github/dmca/blob/master/2020/11/2020-11-09-Google.md.
This takedown may stick.
See slate.com/technology/2020/11/austria-facebook-eva-glawischnig-piesczek-censorship.html. Here's what's going on:
[The] Austrian Supreme Court ordered, pursuant to local defamation rules, that Facebook remove a post insulting a former Green Party leader, keep equivalent posts off its site, and do so on a global scale
The CJEU ruled a year ago that the EU's e-commerce directive, forbidding member states from creating content-monitoring requirements, did not prevent the Austrian action. That was a little weird, but as I understand it the point is that this is a specific post that must be taken down, not a general category.
The case is not entirely over, but is definitely part of a disturbing trend.
Here are the practical grounds for appealing someone else's patent
What about the XOR-mouse patent? KSR doesn't help here (though prior-art algorithms might). This example galvanized a lot of opposition to software patents, by software engineers who felt the use of XOR here was entirely obvious.
What about the 1994 Eolas patent? Points 2, 4 and 5 don't apply. Point 3 is difficult, as there was no prior art for embedding applets in a browser. Browsers were very obscure until 1993. However, once you have a browser, and use it regularly, the idea of embedding other content is quite compelling.
(The Patent Office often sets a very low bar for how innovative an application of an algorithm must be, so the XOR patent might win on that.)
KSR v Teleflex / Bilski / Alice / Heartland v Kraft
Crime
Hacking was not always about crime.
Hacking and the CFAA
TJX, Target and PCI-DSS
Some felonies: