The New York Times: Protests to preserve net neutrality, or rules that ensure equal access to the internet, migrated online on Tuesday, with numerous online companies posting calls on their sites for action to stop a vote later this week. Reddit, Etsy and Kickstarter were among the sites warning that the proposal at the Federal Communications Commission to roll back so-called net neutrality rules would fundamentally change the way the internet is experienced. Kickstarter, the crowdfunding site, cleared its entire home screen for a sparse white screen reading "Defend Net Neutrality" in large letters. Reddit, the popular online message board, pushed in multiple ways on its site for keeping the rules, including a pop-up box on its home screen. But the online protests also highlighted how the biggest tech companies, such as Facebook and Google, have taken a back seat in the debate about protecting net neutrality (Editor's note: the link may be paywalled; syndicated source), rules that prohibit internet service providers like AT&T and Comcast from blocking or slowing sites or for charging people or companies for faster speeds of particular sites. For the most part, the large tech companies did not engage in the protest on Tuesday. In the past, the companies have played a leading role in supporting the rules.

An anonymous reader quotes a report from Ars Technica: To further increase its enterprise appeal, Chrome 63 -- which hit the browser's stable release channel yesterday -- includes a couple of new security enhancements aimed particularly at the corporate market. The first of these is site isolation, an even stricter version of the multiple process model that Chrome has used since its introduction. Chrome uses multiple processes for several security and stability reasons. On the stability front, the model means that even if a single tab crashes, other tabs (and the browser itself) are unaffected. On the security front, the use of multiple processes makes it much harder for malicious code from one site to steal secrets (such as passwords typed into forms) of another. [...]

Naturally, this greater use of multiple processes incurs a price; with this option enabled, Chrome's already high memory usage can go up by another 15 to 20 percent. As such, it's not enabled by default; instead, it's intended for use by enterprise users that are particularly concerned about organizational security. The other new capability is the ability for administrators to block extensions depending on the features those extensions need to use. For example, an admin can block any extension that tries to use file system access, that reads or writes the clipboard, or that accesses the webcam or microphone. Additionally, Google has started to deploy TLS 1.3, the latest version of Transport Layer Security, the protocol that enables secure communication between a browser and a Web server. In Chrome 63, this is only enabled between Chrome and Gmail; in 2018, it'll be turned on more widely.

An anonymous reader quotes a report from Ars Technica: The Securities and Exchange Commission on Monday announced that it was taking action against an initial coin offering (ICO) that the SEC alleges is fraudulent. The announcement represents the first enforcement action by the SEC's recently created cyber fraud unit. In July, the agency fired a warning shot. It announced that a 2016 fundraising campaign had run afoul of securities law, but that the SEC would decline to prosecute those responsible. The hope was to get the cryptocurrency world to take securities laws more seriously without doing anything drastic. Now the SEC is taking the next step by prosecuting what it considers to be one of the most egregious scams in the ICO world. The SEC's complaint, filed in federal court in New York, is against Dominic Lacroix, whom the SEC describes as a "recidivist securities law violator." The SEC considers Lacroix's cryptocurrency project, PlexCoin, to be a "fast-moving Initial Coin Offering (ICO) fraud that raised up to $15 million from thousands of investors since August by falsely promising a 13-fold profit in less than a month." The PlexCoin website has a hilariously vague description of this supposedly revolutionary cryptocurrency. "The PlexCoin's new revolutionary operating structure is safer and much easier to use than any other current cryptocurrency," the site proclaims. "One of the many features of PlexBank will be to secure your cryptocurrency from market variation, which is highly volatile, and invest your money in a place where you can get interesting guaranteed returns." According to Ars, "The SEC isn't impressed and is arguing that PlexCoin has 'all of the characteristics of a full-fledged cyber scam.' The agency is seeking to freeze the assets of the PlexCoin project in hopes of getting investors' funds back to them."

An anonymous reader quotes a report from TorrentFreak: A coalition of movie industry companies and ISPs, including Bell, Rogers, and Cineplex are discussing a proposal to implement a plan to allow for website blockades without judicial oversight. The Canadian blocklist would be maintained by a new non-profit organization called "Internet Piracy Review Agency" (IPRA) and enforced through the CTRC, Canadaland reports. The plan doesn't come as a total surprise as Bell alluded to a nationwide blocking mechanism during a recent Government hearing. What becomes clear from the new plans, however, is that the telco is not alone. The new proposal is being discussed by various stakeholders including ISPs and local movie companies. As in other countries, major American movie companies are also in the loop, but they will not be listed as official applicants when the plan is submitted to the CRTC. Canadian law professor Micheal Geist is very critical of the plans. Although the proposal would only cover sites that "blatantly, overwhelmingly or structurally" engage in or facilitate copyright infringement, this can be a blurry line.

"Recent history suggests that the list will quickly grow to cover tougher judgment calls. For example, Bell has targeted TVAddons, a site that contains considerable non-infringing content," Geist notes. "It can be expected that many other sites disliked by rights holders or broadcasters would find their way onto the block list," he adds. While the full list of applicants is not ready yet, it is expected that the coalition will file its proposal to the CRTC before the end of the month.

"Cloudflare CEO Matthew Prince hated cutting off service to the infamous neo-Nazi site the Daily Stormer in August," reports Ars Technica. "And he's determined not to do it again. 'I'm almost a free-speech absolutist.' Prince said at an event at the New America Foundation last Wednesday. But in a subsequent interview with Ars, Prince argued that in the case of the Daily Stormer, the company didn't have much choice." From the report: Prince's response was to cut Daily Stormer off while laying the groundwork to make sure he'd never have to make a decision like that again. In a remarkable company-wide email sent shortly after the decision, Prince described his own actions as "arbitrary" and "dangerous." "I woke up this morning in a bad mood and decided to kick them off the Internet," Prince wrote in August. "It was a decision I could make because I'm the CEO of a major Internet infrastructure company." He argued that "it's important that what we did today not set a precedent." Prior to August, Cloudflare had consistently refused to police content published by its customers. Last week, Prince made a swing through DC to help ensure that the Daily Stormer decision does not, in fact, set a precedent. He met with officials from the Federal Communications Commission and with researchers at the libertarian Cato Institute and the left-of-center New America Foundation -- all in an effort to ensure that he'd have the political cover he needed to say no next time he came under pressure to take down controversial content.

The law is strongly on Cloudflare's side here. Internet infrastructure providers like Cloudflare have broad legal immunity for content created by their customers. But legal rights may not matter if Cloudflare comes under pressure from customers to take down content. And that's why Prince is working to cultivate a social consensus that infrastructure providers like Cloudflare should not be in the censorship business -- no matter how offensive its customers' content might be.

Launched a few days ago, CryptoKitties is essentially like an digital version of Pokemon cards but based on the Ethereum blockchain. And like most viral sensations that catch on in the tech world, it's blowing up fast. From a report, shared by an anonymous reader: Built by Vancouver and San Francisco-based design studio AxiomZen, the game is the latest fad in the world of cryptocurrency and probably soon tech in general. People are spending a crazy amount of real money on the game. So far about $1.3M has been transacted, with multiple kittens selling for ~50 ETH (around $23,000) and the "genesis" kitten being sold for a record ~246 ETH (around $113,000). This third party site tracks the largest purchases made to date on the game. And like any good viral sensation prices are rising and fluctuating fast. Right now it will cost you about .03 ETH, or $12 to buy the least expensive kitten in the game. So now we have people using Ether, an asset with arguably little tangible utility -- to purchase an asset with unarguably zero tangible utility. Welcome to the internet in 2017.

Last year, the six-second video social media app called Vine was shut down by Twitter. The Verge reports that Vine's co-founder, Dom Hofmann, says he's working on "a follow-up to Vine," where he will be funding the project himself outside of his current company, Interspace. "I'm going to work on a follow-up to vine. i've been feeling it myself for some time and have seen a lot of tweets, dms, etc.," Hofmann tweeted.

Unfortunately, he didn't elaborate on his plans. It's possible the follow-up site could be another short-term video app similar to the original Vine, or some other project that will look to build on the foundation Vine started. Would you be interested in a new Vine-like social media app, or did Vine never really appeal to you to begin with?

Facebook is rolling out "proactive detection" artificial intelligence technology that will scan all posts on the site for patterns of suicidal thoughts, and when necessary send mental health resources to the user at risk or their friends, or contact local first-responders. The goal is to use AI to decrease how long it takes to send help to those in need. TechCrunch reports: Facebook previously tested using AI to detect troubling posts and more prominently surface suicide reporting options to friends in the U.S. Now Facebook is will scour all types of content around the world with this AI, except in the European Union, where General Data Protection Regulation privacy laws on profiling users based on sensitive information complicate the use of this tech. Facebook also will use AI to prioritize particularly risky or urgent user reports so they're more quickly addressed by moderators, and tools to instantly surface local language resources and first-responder contact info. It's also dedicating more moderators to suicide prevention, training them to deal with the cases 24/7, and now has 80 local partners like Save.org, National Suicide Prevention Lifeline and Forefront from which to provide resources to at-risk users and their networks.

Rotten Tomatoes launched a new movie-review series called See It/Skip It last week -- but it just made some people hate the site even more. An anonymous reader quotes Wired: Rotten Tomatoes, the review-aggregator-slash-Hollywood-agitator, had irked DC fans by withholding its Justice League score until Thursday night's See It/Skip It premiere -- even though a wave of reviews for the film had already been posted online. The move was ostensibly a ploy to get viewers to tune in for the show, yet others saw a greater villainy at work: Was Rotten Tomatoes, which is owned in part by Warner Bros., actually trying to shield the studio from an inevitably bad grade that could help kill its opening weekend?

The See It/Skip It pushback -- which involved a lot of Tweet-screaming -- was a reminder of just how controversial Justice League had become... With Justice League having earned a less-than-expected $96 million in its opening weekend, the lowest ever for a DCEU title, the movie will likely be seen as a Flash-point moment for DC movies as a whole. Considering how some DC obsessives have reacted to the films' bad reviews -- there have been death threats in the past -- the conspiracy theory is actually a somewhat measured response... But there's another reason for all the pre-release pressure on Justice League: With the exception of this summer's Wonder Woman, the previous DC entries have all earned disappointingly low scores on Rotten Tomatoes... For some fans, the low scores felt like a referendum not only on [director Zack] Snyder's work, but the DC Extended Universe franchise as a whole -- so much so, a few defenders even began to speculate as to whether Rotten Tomatoes was manipulating the DCEU data (or, at the very least, grading the reviews on a much steeper curve than the Marvel films). Such theories filled message boards and Quora discussions, and there was even a Change.org petition to shut the site down that collected more than 23,000 signatures... Dangling the [Justice League] verdict in front of fans, and putting off the inevitable, felt like a misuse of power.
"They just want to focus on the negative," one DC fan told the Chicago Tribune. Meanwhile, the film's director has endorsed a Change.org petition calling for the release of his original edit of the film.

Justice League cost nearly a third of a billion dollars to produce. On Thanksgiving Day, it earned less money than Disney-Pixar's film Coco.

If you venture over to Battle For the Net, which encourages internet users to call Congress to advocate for the preservation of net neutrality rules, you'll find something peculiar: Several of the top sites that direct calls are Phish-related. (Phish is an American rock band.) From a report: As someone on Twitter pointed out, the traffic from phish.net -- which describes itself as "a non-commercial project run by Phish fans and for Phish fans" -- appears to be coming from a pop-up message that greets visitors to the site. The same pop-up, which directs to www.battleforthenet.com, appears when you visit the site's forums and setlist pages. So, it appears that Phish fans, while in the midst of discussing their favorite extended noodling sessions, are leading the charge to save us from our impending telecom-dominated hellscape. Thanks, guys!" Phish.net sees over 400,000 unique visitors each month, according to web analytics firm SimilarWeb. In July, the website served over one million unique visitors.

An anonymous reader writes: Mozilla engineers are working on a notifications system for Firefox that shows a security warning to users visiting sites that have suffered data breaches. The notifications system will use data provided by Have I Been Pwned?, a website that indexes public data breaches and allows users to search and see if their details have been compromised in any of these incidents. Work on this project has only recently started. The code to show these warnings is not even in the Firefox codebase but managed separately as an add-on available (on GitHub). The alert also includes an input field. In the add-ons current version this field doesn't do anything, but we presume it's there to allow users to search and see if their data was exposed during that site's security breach. Troy Hunt, Have I Been Pwned's author has confirmed his official collaboration with Mozilla on this feature.

Late Wednesday night, TechCrunch reporter Josh Constine pleaded to tech billionaires to purchase local ISPs near FCC chairman Ajit Pai's home and slow down his Internet speeds. One of the responders to that tweet was Matthew Prince, co-founder and chief executive of Cloudflare, who said: I could do this in a different, but equally effective, way. Sent note to our GC to see if we can without breaking any laws. In a statement to Slashdot, Mr. Prince said: Probably the easiest thing would be to slow down requests from the FCC's IP ranges. Or put up an interstitial whenever someone from those IPs visits a site behind us. I think it's less likely we'd do it across the board ourselves, more likely we'd implement it as an option our customers could opt in to. Basically taking this a step further.

An anonymous reader writes: Unbeknown to most users, Mozilla added a privacy-enhancing feature to the Firefox browser over the summer that can help users block online advertisers from tracking them across the Internet. The feature is named First-Party Isolation (FPI) and was silently added to the Firefox browser in August, with the release of Firefox 55. FPI works by separating cookies on a per-domain basis.

This is important because most online advertisers drop a cookie on the user's computer for each site the user visits and the advertisers loads an ad. With FPI enabled, the ad tracker won't be able to see all the cookies it dropped on that user's PC, but only the cookie created for the domain the user is currently viewing. This will force the ad tracker to create a new user profile for each site the user visits and the advertiser won't be able to aggregate these cookies and the user's browsing history into one big fat profile. This feature was first implemented in the Tor Browser, a privacy-focused fork of the Firefox browser managed by the Tor Project, where it is known as Cross-Origin Identifier Unlinkability. FPI was added to Firefox as part of the Tor Uplift project, an initiative to bolster the Firefox codebase with some of the Tor Browser's unique privacy-focused features. The feature is not enabled by default. Information on how to enable it is in the linked article.

"Google today announced a forthcoming update to its Accelerated Mobile Pages, or AMP, web format that aims to discourage website owners from misusing the service," reports The Verge. "The company says that, starting in February 2018, AMP pages must contain content nearly identical to that of the standard page they're replicating." From the report: Currently, because AMP pages load faster and more clutter-free versions of a website, they naturally contain both fewer ads and less links to other portions of a site. That's led some site owners to publish two versions of a webpage: a standard page and an AMP-specific one that acts a teaser of sorts that directs users to the original. That original page, or canonical page in Google parlance, is by nature a slower loading page containing more ads and with a potentially lower bounce rate, which is the percentage of viewers who only view one page before leaving. Now, Google is cracking down on that behavior. "AMP was introduced to dramatically improve the performance of the web and deliver a fast, consistent content consumption experience," writes Ashish Mehta, an AMP product manager. "In keeping with this goal, we'll be enforcing the requirement of close parity between AMP and canonical page, for pages that wish to be shown in Google Search as AMPs."

Catalin Cimpanu, writing for BleepingComputer: Mozilla will soon block the loading of data URIs in the Firefox navigation bar as part of a crackdown on phishing sites that abuse this protocol. The data: URI scheme (RFC 2397) was deployed in 1998 when developers were looking for ways to embed files in other files. What they came up with was the data: URI scheme that allows a developer to load a file represented as an ASCII-encoded octet stream inside another document. Since then, the URI scheme has become very popular with website developers as it allows them to embed text-based (CSS or JS) files or image (PNG, JPEG) files inside HTML documents instead of loading each resource via a separate HTTP request. This practice became hugely popular because search engines started ranking websites based on their page loading speed and the more HTTP requests a website made, the slower it loaded, and the more it affected a site's SERP position.

Sci-Hub, a scientific research piracy site home to thousands of research papers, has suffered another blow in a U.S. federal court. According to TorrentFreak, "The American Chemical Society has won a default judgment of $4.8 million for alleged copyright infringement against the site. In addition, the publisher was granted an unprecedented injunction which requires search engines and ISPs to block the platform." This comes after a $15 million fine was imposed on Sci-Hub by a New York federal judge earlier this year. From the report: Just before the weekend, U.S. District Judge Leonie Brinkema issued a final decision which is a clear win for ACS. The publisher was awarded the maximum statutory damages of $4.8 million for 32 infringing works, as well as a permanent injunction. The injunction is not limited to domain name registrars and hosting companies, but expands to search engines, ISPs and hosting companies too, who can be ordered to stop linking to or offering services to Sci-Hub. The injunction means that Internet providers, such as Comcast, can be requested to block users from accessing Sci-Hub. That's a big deal since pirate site blockades are not common in the United States. The same is true for search engine blocking of copyright-infringing sites.

"Ordered that any person or entity in active concert or participation with Defendant Sci-Hub and with notice of the injunction, including any Internet search engines, web hosting and Internet service providers, domain name registrars, and domain name registries, cease facilitating access to any or all domain names and websites through which Sci-Hub engages in unlawful access to, use, reproduction, and distribution of ACS's trademarks or copyrighted works," the injunction reads.

"Someone or something or some combination of people and things is using YouTube to systematically frighten, traumatize, and abuse children, automatically and at scale, and it forces me to question my own beliefs about the internet, at every level," writes James Bridle. From the article: To begin: Kid's YouTube is definitely and markedly weird. I've been aware of its weirdness for some time. Last year, there were a number of articles posted about the Surprise Egg craze. Surprise Eggs videos depict, often at excruciating length, the process of unwrapping Kinder and other egg toys. That's it, but kids are captivated by them. There are thousands and thousands of these videos and thousands and thousands, if not millions, of children watching them. [...] What I find somewhat disturbing about the proliferation of even (relatively) normal kids videos is the impossibility of determining the degree of automation which is at work here; how to parse out the gap between human and machine. The New York Times, last week: Parents and children have flocked to Google-owned YouTube Kids since it was introduced in early 2015. The app's more than 11 million weekly viewers are drawn in by its seemingly infinite supply of clips, including those from popular shows by Disney and Nickelodeon, and the knowledge that the app is supposed to contain only child-friendly content that has been automatically filtered from the main YouTube site. But the app contains dark corners, too, as videos that are disturbing for children slip past its filters, either by mistake or because bad actors have found ways to fool the YouTube Kids algorithms. In recent months, parents like Ms. Burns have complained that their children have been shown videos with well-known characters in violent or lewd situations and other clips with disturbing imagery, sometimes set to nursery rhymes.

An anonymous reader quotes a report from Ars Technica: Today, the Central Intelligence Agency posted a cache of files obtained from Osama Bin Laden's personal computer and other devices recovered from his compound in Abbottabad, Pakistan by Navy SEALs during the raid in which he was killed on May 2, 2011. The 470,000 files, 321 gigabytes in all, include documents, images, videos, and audio recordings, including Al Qaeda propaganda and planning documents, home videos of Bin Laden's son Hazma, and "drafts" of propaganda videos. There is also a lot of digital junk among the files.

The CIA site presents a raft of warnings about the content of the downloads: "The material in this file collection may contain content that is offensive and/or emotionally disturbing. This material may not be suitable for all ages. Please view it with discretion. Prior to accessing this file collection, please understand that this material was seized from a terrorist organization. While the files underwent interagency review, there is no absolute guarantee that all malware has been removed."

Dan Goodin, writing for ArsTechnica: The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites. The latest examples came on Monday with the revelation from antivirus provider Trend Micro that at least two Android apps with as many as 50,000 downloads from Google Play were recently caught putting crypto miners inside a hidden browser window. The miners caused phones running the apps to run JavaScript hosted on Coinhive.com, a site that harnesses the CPUs of millions of PCs to mine the Monero crypto currency. In turn, Coinhive gives participating sites a tiny cut of the relatively small proceeds. Google has since removed the apps, which were known as Recitiamo Santo Rosario Free and SafetyNet Wireless App. Last week, researchers from security firm Sucuri warned that at least 500 websites running the WordPress content management system alone had been hacked to run the Coinhive mining scripts. Sucuri said other Web platforms -- including Magento, Joomla, and Drupal -- are also being hacked in large numbers to run the Coinhive programming interface.

An anonymous reader writes: Google and The Pirate Bay have had an interesting relationship over the years, to say the least. This week, users pointed out that The Pirate Bay can appear significantly lower down in search results (and definitely not on the first page), depending on which country you are searching in. We reached out to Google, and it denied the allegations that it was demoting the site. TorrentFreak first spotted the odd behavior. The publication used Chrome in incognito mode to search for "The Pirate Bay" in Google with different IP addresses to see where the site's thepiratebay.org domain showed up. An IP address in the U.K., for example, would result in The Pirate Bay showing up on the fifth or sixth page, while an IP address in the U.S. would bring back The Pirate Bay as the top result.