Social Networks

Former Reddit Executive Sees 'No Hope' For Reddit (nymag.com) 113

An anonymous reader quotes former Reddit product head Dan McComas: I think, ultimately, the problem that Reddit has is the same as Twitter and Discord. By focusing on growth and growth only and ignoring the problems, they amassed a large set of cultural norms on their platforms. Their cultural norms are different for every community, but they tend to stem from harassment or abuse or bad behavior, and they have worked themselves into a position where they're completely defensive... I really don't believe it's possible for either of them to catch up on the problem. I think the best that they can do is figure out how to hide this behavior from an average user.

I don't see any way that it's going to improve. I have no hope for either of those platforms. I just think that the problems are too ingrained, in not only the site and the site's communities and users but in the general understanding and expectations of the public... I don't think that they're going to be able to turn these things around...

I fundamentally believe that my time at Reddit made the world a worse place. And that sucks, and it sucks to have to say that about myself... I've got a lot of advice for start-ups, and it's not very fucking complicated. It's just: Think about the impact that you want to have on your users and on the people consuming your content and do the right thing... Don't be idiots about it. You're people, you see what's going on, you see trends that are forming, just fucking do something. It's not that hard.

The Internet

Lycos Finally Discontinues Its Free Email Service (lycos.com) 43

Long-time Slashdot reader williamyf writes: You may think of it as the end of an era, or as the final nail in the coffin. Today Lycos, one of the pioneering web portals of the '90s, notified all it's users that "On May 15th, 2018, we will no longer be offering free Lycos Mail accounts." They have been very upfront about the reason:

"Q: Why are you doing this?

A: Providing mailboxes costs us money, and we no longer make enough from ads to support the cost of the mailboxes."


At it's heyday, Lycos was acquired by Terra Networks (a division of Telefonica), then sold to Daum Communications in Korea and then to Ybrant Digital in India. The search engine and other parts (like Angelfire, Tripod and Gamesville) continue working. In the meantime, instructions are provided to download all your mail via POP3 for offline archiving, or to upgrade to Paid Accounts.

Facebook

Facebook Starts Its Facial Recognition Push To Europeans (techcrunch.com) 37

An anonymous reader quotes a report from TechCrunch: Jimmy Nsubuga, a journalist at Metro, is among several European Facebook users who have reported getting notifications asking if they want to turn on face recognition technology. Facebook has previously said an opt-in option would be pushed out to all European users, and also globally, as part of changes to its T&Cs and consent flow. In Europe, the company is hoping to convince users to voluntarily allow it to deploy the privacy-hostile tech -- which was turned off in the bloc after regulatory pressure, back in 2012, when Facebook began using facial recognition to offer features such as automatically tagging users in photo uploads. But under impending changes to its T&Cs -- ostensibly to comply with the EU's incoming GDPR data protection standard -- the company has crafted a manipulative consent flow that tries to sell people on giving it their data; including filling in its own facial recognition blanks by convincing Europeans to agree to it grabbing and using their biometric data after all. Users who choose not to switch on facial recognition still have to click through a "continue" screen before they get to the off switch. On this screen Facebook attempts to convince them to turn it on -- using manipulative examples of how the tech can "protect" them.
The Internet

The 'Terms and Conditions' Reckoning Is Coming (bloomberg.com) 127

Everyone from Uber to PayPal is facing a backlash against their impenetrable legalese. From a report: Personal finance forums online are brimming with complaints from hundreds of PayPal customers who say they've been suspended because they signed up before age 18. PayPal declined to comment on any specific cases, but says it's appropriate to close accounts created by underage people "to ensure our customers have full legal capacity to accept our user agreement." While that may seem "heavy-handed," says Sarah Kenshall, a technology attorney with law firm Burges Salmon, the company is within its rights because the users clicked to agree to the rules -- however difficult the language might be to understand.

Websites have long required users to plow through pages of dense legalese to use their services, knowing that few ever give the documents more than a cursory glance. In 2005 security-software provider PC Pitstop LLC promised a $1,000 prize to the first user to spot the offer deep in its terms and conditions; it took four months before the reward was claimed. The incomprehensibility of user agreements is poised to change as tech giants such as Uber Technologies and Facebook confront pushback for mishandling user information, and the European Union prepares to implement new privacy rules called the General Data Protection Regulation, or GDPR. The measure underscores "the requirement for clear and plain language when explaining consent," British Information Commissioner Elizabeth Denham wrote on her blog last year.

The Internet

Cloudflare: FOSTA Was a 'Very Bad Bill' That's Left the Internet's Infrastructure Hanging (vice.com) 192

Last week, President Donald Trump signed the Fight Online Sex Trafficking Act (FOSTA) into law. It's a bill that penalizes any platform found "facilitating prostitution," and has caused many advocacy groups to come out against the bill, saying that it undermines essential internet freedoms. The most recent entity to decry FOSTA is Cloudflare, which recently decided to terminate its content delivery network services for an alternative, decentralized social media platform called Switter. Motherboard talked to Cloudflare's general counsel, Doug Kramer, about the bill and he said that FOSTA was an ill-consider bill that's now become a dangerous law: "[Terminating service to Switter] is related to our attempts to understand FOSTA, which is a very bad law and a very dangerous precedent," he told me in a phone conversation. "We have been traditionally very open about what we do and our roles as an internet infrastructure company, and the steps we take to both comply with the law and our legal obligations -- but also provide security and protection, let the internet flourish and support our goals of building a better internet." Cloudflare lobbied against FOSTA, Kramer said, urging lawmakers to be more specific about how infrastructure companies like internet service providers, registrars and hosting and security companies like Cloudflare would be impacted. Now, he said, they're trying to figure out how customers like Switter will be affected, and how Cloudflare will be held accountable for them.

"We don't deny at all that we have an obligation to comply with the law," he said. "We tried in this circumstance to get a law that would make sense for infrastructure companies... Congress didn't do the hard work of understanding how the internet works and how this law should be crafted to pursue its goals without unintended consequences. We talked to them about this. A lot of groups did. And it was hard work that they decided not do." He said the company hopes, going forward, that there will be more clarity from lawmakers on how FOSTA is applied to internet infrastructure. But until then, he and others there are having to figure it out along with law enforcement and customers. "Listen, we've been saying this all along and I think people are saying now, this is a very bad law," Kramer said. "We think, for now, it makes the internet a different place and a little less free today as a result. And there's a real-world implication of this that people are just starting to grapple with."

Advertising

German Supreme Court Rules Ad Blockers Legal (faz.net) 125

New submitter paai writes: The publishing company Axel Springer tried to ban the use of ad blockers in Germany because they endanger the digital publishing of news stories. The Oberlandesgericht Koln (Germany's Higher Regional Court of Cologne) followed this reasoning and forbade the use of ad blockers on the grounds that the use of white lists was an aggressive marketing technique. [The business model allows websites to pay a fee so that their "non aggressive" advertisements can bypass AdBlock Pro's filters. Larger companies like Google can afford to pay to have the ban lifted on their website.] The Bundesgerichtshof (Federal Court of Justice or BGH) destroyed this court ruling today and judged that users had a right to filter out advertisements in web pages.
Security

LinkedIn's AutoFill Plugin Could Leak user Data, Secret Fix Failed (techcrunch.com) 24

TechCrunch reports of a flaw in LinkedIn's AutoFill plugin that could have allowed hackers to steal your full name, phone number, email address, location (ZIP code), company, and job title. "Malicious sites have been able to invisibly render the plugin on their entire page so if users who are logged into LinkedIn click anywhere, they'd effectively be hitting a hidden 'AutoFill with LinkedIn' button and giving up their data." From the report: Researcher Jack Cable discovered the issue on April 9th, 2018 and immediately disclosed it to LinkedIn. The company issued a fix on April 10th but didn't inform the public of the issue. Cable quickly informed LinkedIn that its fix, which restricted the use of its AutoFill feature to whitelisted sites who pay LinkedIn to host their ads, still left it open to abuse. If any of those sites have cross-site scripting vulnerabilities, which Cable confirmed some do, hackers can still run AutoFill on their sites by installing an iframe to the vulnerable whitelisted site. He got no response from LinkedIn over the last 9 days so Cable reached out to TechCrunch. A LinkedIn spokesperson issued this statement to TechCrunch: "We immediately prevented unauthorized use of this feature, once we were made aware of the issue. We are now pushing another fix that will address potential additional abuse cases and it will be in place shortly. While we've seen no signs of abuse, we're constantly working to ensure our members' data stays protected. We appreciate the researcher responsibly reporting this and our security team will continue to stay in touch with them. For clarity, LinkedIn AutoFill is not broadly available and only works on whitelisted domains for approved advertisers. It allows visitors to a website to choose to pre-populate a form with information from their LinkedIn profile."
The Internet

4.9% of Websites Use Flash, Down From 28.5% in 2011 (bleepingcomputer.com) 129

Web makers continue to ditch the infamous Flash for other safer, improved technologies. In 2011, more than 28.5 percent of websites used Flash in their code, a figure technology survey site W3Techs estimates to have dropped to 4.9 percent today. BleepingComputer: The number confirms Flash's decline, and a reason why Adobe has decided to retire the technology at the end of 2020. A decline from 28.5 percent to 4.9 percent doesn't look that bad, but we're talking about all Internet sites, not just a small portion of Top 10,000 or Top 1 Million sites. Taking into account the sheer number of abandoned sites on today's Internet, the decline is quite considerable, and W3Techs' findings confirm similar statistics put out by a Google security engineer in February.
EU

Facebook To Put 1.5 Billion Users Out of Reach of New EU Privacy Law (reuters.com) 95

An anonymous reader quotes a report from Facebook: If a new European law restricting what companies can do with people's online data went into effect tomorrow, almost 1.9 billion Facebook users around the world would be protected by it. The online social network is making changes that ensure the number will be much smaller. Facebook members outside the United States and Canada, whether they know it or not, are currently governed by terms of service agreed with the company's international headquarters in Ireland. Next month, Facebook is planning to make that the case for only European users, meaning 1.5 billion members in Africa, Asia, Australia and Latin America will not fall under the European Union's General Data Protection Regulation (GDPR), which takes effect on May 25. That removes a huge potential liability for Facebook, as the new EU law allows for fines of up to 4 percent of global annual revenue for infractions, which in Facebook's case could mean billions of dollars.
Censorship

Google Is Shuttering Domain Fronting, Creating a Big Problem For Anti-Censorship Tools (theverge.com) 59

"The Google App Engine is discontinuing a practice called domain fronting, which lets services use Google's network to get around state-level internet blocks," reports The Verge. While the move makes sense from a cybersecurity perspective as domain fronting is widely used by malware to evade network-based detection, it will likely frustrate app developers who use it to get around internet censorship. From the report: First spotted by Tor developers on April 13th, the change has been rolling out across Google services and threatens to disrupt services for a number of anti-censorship tools, including Signal, GreatFire.org and Psiphon's VPN services. Reached by The Verge, Google said the changes were the result of a long-planned network update. "Domain fronting has never been a supported feature at Google," a company representative said, "but until recently it worked because of a quirk of our software stack. We're constantly evolving our network, and as part of a planned software update, domain fronting no longer works. We don't have any plans to offer it as a feature."

Domain-fronting allowed developers to use Google as a proxy, forwarding traffic to their own servers through a Google.com domain. That was particularly important for evading state-level censorship, which might try to block all the traffic sent to a given service. As long as the service was using domain-fronting, all the in-country data requests would appear as if they were headed for Google.com, with encryption preventing censors from digging any deeper.
We do not yet know exactly why and when Google is shutting down the practice, but will update this post once we learn more.
Facebook

'Login With Facebook' Data Hijacked By JavaScript Trackers (techcrunch.com) 91

An anonymous reader quotes a report from TechCrunch: Facebook confirms to TechCrunch that it's investigating a security research report that shows Facebook user data can be grabbed by third-party JavaScript trackers embedded on websites using Login With Facebook. The exploit lets these trackers gather a user's data including name, email address, age range, gender, locale, and profile photo depending on what users originally provided to the website. It's unclear what these trackers do with the data, but many of their parent companies including Tealium, AudienceStream, Lytics, and ProPS sell publisher monetization services based on collected user data. The abusive scripts were found on 434 of the top 1 million websites including freelancer site Fiverr.com, camera seller B&H Photo And Video, and cloud database provider MongoDB. That's according to Steven Englehardt and his colleagues at Freedom To Tinker, which is hosted by Princeton's Center For Information Technology Policy.
The Internet

Russia Admits To Blocking Millions of IP Addresses (sfgate.com) 72

It turns out, the Russian government, in its quest to block Telegram, accidentally shut down several other services as well. From a report: The chief of the Russian communications watchdog acknowledged Wednesday that millions of unrelated IP addresses have been frozen in a so-far futile attempt to block a popular messaging app. Telegram, the messaging app that was ordered to be blocked last week, was still available to users in Russia despite authorities' frantic attempts to hit it by blocking other services. The row erupted after Telegram, which was developed by Russian entrepreneur Pavel Durov, refused to hand its encryption keys to the intelligence agencies. The Russian government insists it needs them to pre-empt extremist attacks but Telegram dismissed the request as a breach of privacy. Alexander Zharov, chief of the Federal Communications Agency, said in an interview with the Izvestia daily published Wednesday that Russia is blocking 18 networks that are used by Amazon and Google and which host sites that they believe Telegram is using to circumvent the ban.
The Internet

Chrome 66 Arrives With Autoplaying Content Blocked By Default (venturebeat.com) 88

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 66 for Windows, Mac, Linux, and Android. The desktop release includes autoplaying content muted by default, security improvements, and new developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. In our tests, autoplaying content that is muted still plays automatically. Autoplaying content with sound, whether it has visible controls or not, and whether it is set to play on loop or not, simply does not start playing. Note that this is all encompassing -- even autoplaying content you are expecting or is the main focus of the page does not play. YouTube videos, for example, no longer start playing automatically. And in case that's not enough, or if a page somehow circumvents the autoplaying block, you can still mute whole websites.
Facebook

Facebook Admits To Tracking Users, Non-Users Off-Site (theguardian.com) 146

Facebook said in a blog post yesterday that they tracked users and non-users across websites and apps for three main reasons: providing services directly, securing the company's own site, and "improving our products and services." The statement comes as the company faces a U.S. lawsuit over a controversial facial recognition feature launched in 2011. The Guardian reports: "When you visit a site or app that uses our services, we receive information even if you're logged out or don't have a Facebook account. This is because other apps and sites don't know who is using Facebook," Facebook's product management director, David Baser, wrote. "Whether it's information from apps and websites, or information you share with other people on Facebook, we want to put you in control -- and be transparent about what information Facebook has and how it is used."

But the company's transparency has still not extended to telling non-users what it knows about them -- an issue Zuckerberg also faced questions over from Congress. Asked by Texas representative Gene Green whether all information Facebook holds about a user is in the file the company offers as part of its "download your data" feature, Zuckerberg had responded he believed that to be the case. Privacy campaigner Paul-Olivier Dehaye disagreed, noting that, even as a Facebook user, he had been unable to access personal data collected through the company's off-site tracking systems. Following an official subject access request under EU law, he told MPs last month, Facebook had responded that it was unable to provide the information.

United States

Online Tax Filers Will Get Extension After IRS Payment Website Outage (cnbc.com) 39

An anonymous reader quotes a report from CNBC: The IRS will give last-minute filers additional time to file their tax returns after the page for paying their tax bills using their bank accounts crashed, Treasury Secretary Steven Mnuchin told the Associated Press. The IRS "Direct Pay" page allows filers to transfer funds from their checking or savings account to pay what they owe. As of 5 p.m. ET on April 17 -- Tax Day -- the page was still unavailable. Direct Pay is a free service. The "Payment Plan" page, where filers can pay their tax bill in installments also appears to have crashed. "I'd strongly advise folks who owe any federal taxes and cannot pay online to mail a check or money order to the IRS to the appropriate address," said Patrick Thomas, director of Notre Dame Law School's Tax Clinic. According to a TurboTax spokesperson, the IRS's technical difficulties are affecting all tax preparers and tax returns. "Taxpayers should go ahead and continue to prepare and file their taxes as normal with TurboTax," the spokesperson said. "TurboTax has uninterrupted service and is available and accepting e-filed returns," she said. "We will hold returns until the IRS is ready to begin accepting them again." H&R Block said it will continue to accept returns from filers.
Communications

What It's Like To Live in America Without Broadband Internet (vice.com) 139

Motherboard has an interesting piece which serves as a reminder that even today in every single state, a portion of the population doesn't have access to broadband, and some have no access to the internet at all. From the piece: Wilfong (an anecdote used in the story) is one of the more than 24 million Americans, or about 8 percent of the country, who don't have access to high-speed internet, according to the Federal Communications Commission (FCC) -- and that's a conservative estimate. Most of them live in rural and tribal areas, though the problem affects urban communities, too. In every single state, a portion of the population doesn't have access to broadband.

The reasons these communities have been left behind are as diverse as the areas themselves. Rural regions like Wilfong's hometown of Marlinton are not densely populated enough to get telecom companies to invest in building the infrastructure to serve them. Some areas can be labeled as "served" by telecoms even if many homes don't actually have internet access, as in Sharon Township, Michigan, just a short drive from the technology hub of Ann Arbor. Others are just really far away. These places are so geographically remote that laying cable is physically and financially prohibitive, so towns like Orleans, California, have started their own nonprofit internet services instead.

Businesses

Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks (cybertechaccord.org) 67

Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.

The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.

Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
Movies

MPAA Silently Shut Down Its Legal Movies Search Engine (techdirt.com) 62

Back in 2015, the Motion Picture Association of America (MPAA) released its own search engine to combat the argument that people pirate films because there are too few legal alternatives. According to TorrentFreak, the search engine, WhereToWatch.com, has since been quietly shut down by the movie industry group, stating that there are plenty of other search options available today. From the report: The MPAA pulled the plug on the service a few months ago. And where the mainstream media covered its launch in detail, the shutdown received zero mentions. So why did the site fold? According to MPAA Vice President of Corporate Communications, Chris Ortman, it was no longer needed as there are many similar search engines out there. "Given the many search options commercially available today, which can be found on the MPAA website, WheretoWatch.com was discontinued at the conclusion of 2017," Ortman informs TF. "There are more than 140 lawful online platforms in the United States for accessing film and television content, and more than 460 around the world," he adds. "That is all absolutely true today, though it was also true three years ago when the site was launched," adds Techdirt. "The simple fact of the matter is that the site did little to serve any real public customer base. Yes, legal alternatives to piracy exist. Everyone knows that, just as they know that there are far too many hoops and restrictions around which to jump that have nothing to do with price. The MPAA and its client organizations have long asserted strict control over their product to the contrary of public demand. That is, and has always been, the problem. On top of all that, the MPAA showed its no better at promoting its site than it was at promoting the legal alternatives to pirating movies."
Canada

19-Year-Old Archivist Charged For Downloading Freedom-of-Information Releases (www.cbc.ca) 420

Ichijo writes: According to CBC News, a Canadian teen "has been charged with 'unauthorized use of a computer,' which carries a possible 10-year prison sentence, for downloading approximately 7,000 freedom-of-information releases. The provincial government says about 250 of those contain Nova Scotians' sensitive personal information."

"When he was around eight [...] his Grade 3 class adopted an animal at a shelter, receiving an electronic adoption certificate," reports CBC. "That lead to a discovery on the classroom computer. 'The website had a number at the end, and I was able to change the last digit of the number to a different number and was able to see a certificate for someone else's animal that they adopted,' he said. 'I thought that was interesting.' The teenager's current troubles arose because he used the same trick on Nova Scotia's freedom-of-information portal, downloading about 7,000 freedom-of-information requests."
The teen is estimated to have around 30 terabytes of online data on his hard drives, which equates to "millions" of webpages. "He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
The Courts

Supreme Court Set To Hear Landmark Online Sales Tax Case (gizmodo.com) 246

An anonymous reader quotes a report from Gizmodo: On Tuesday, the U.S. Supreme Court will hear arguments in a case that could at least somewhat clarify Donald Trump's complaints about Amazon "not paying internet taxes." It will also decide if those cheap deals on NewEgg are going to be less of a steal. The case concerns the state of South Dakota versus online retailers Wayfront, NewEgg, and Overstock.com in a battle over whether or not state sales tax should apply to all online transactions in the U.S., regardless of where the customer or retailer is located. It promises to have an impact on the internet's competition with brick-and-mortar retailers, as well as continue to address the ongoing legal questions surrounding real-world borders in the borderless world of online.

Slashdot Top Deals