Group items tagged

Today we are releasing the implementation guide for EFF’s Do Not Track (DNT) policy. For years users have been able to set a Do Not Track signal in their browser, but there has been little guidance for websites as to how to honor that request. EFF’s DNT policy sets out a meaningful response for servers to follow, and this guide provides details about how to apply it in practice. At its core, DNT protects user privacy by excluding the use of unique identifiers for cross-site tracking, and by limiting the retention period of log data to ten days. This short retention period gives sites the time they need for debugging and security purposes, and to generate aggregate statistical data. From this baseline, the policy then allows exceptions when the user's interactions with the site—e.g., to post comments, make a purchase, or click on an ad—necessitates collecting more information. The site is then free to retain any data necessary to complete the transaction. We believe this approach balances users’ privacy expectations with the ability of websites to deliver the functionality users want. Websites often integrate third-party content and rely on third-party services (like content delivery networks or analytics), and this creates the potential for user data to be leaked despite the best intentions of the site operator. The guide identifies potential pitfalls and catalogs providers of compliant services. It is common, for example, to embed media from platforms like You Tube, Sound Cloud, and Twitter, all of which track users whenever their widgets are loaded. Fortunately, Embedly, which offers control over the appearance of embeds, also supports DNT via its API, displaying a poster instead and loading the widget only if the user clicks on it knowingly.

Knowledge makes the difference between willing tracking and non-consensual tracking. Users should be able to choose whether they want to give up their privacy in exchange for using a site or a  particular feature. This means sites need to be transparent about their practices. A great example of this is our biggest adopter, Medium, which does not track DNT users who browse the site and gives clear information about tracking to users when they choose to log in. This is their previous log-in panel, the DNT language is currently being added to their new interface.

The information security world is focused on two new security vulnerabilities, “Spectre” and “Meltdown”, that represent vulnerabilities embedded in computer hardware. Lawfare readers should respond in two ways: keep their operating systems up to date and, critically, install an ad-blocker for your web browser. (Here are guides on how to do so in Chrome and Firefox.) In fact, a proper response to Spectre should involve ad-blocking on all government computers. Other than that, don’t worry. Readers who just wanted to know what to do can stop reading. But for those curious about some of the technical background on these vulnerabilities and why ad-blocking is an essential security measure for a modern computer, read on.

National plaintiffs’ law firm Keller Lenkner LLC and global business litigation firm Quinn Emanuel Urquhart & Sullivan, LLP filed a class-action lawsuit against Facebook, Inc. alleging violations of federal antitrust laws and California law on behalf of Facebook users.ADVERTISEMENTFiled in the U.S. District Court for the Northern District of California, the complaint alleges that Facebook obtained and maintained a social network and social media monopoly by consistently deceiving consumers about the data-privacy protections it provided to users, and by exploiting the data it extracted from users to target smaller startup companies for destruction or acquisition.The lawsuit seeks to put an end to Facebook’s misrepresentations about its privacy practices and its anticompetitive acquisition conduct; to require Facebook to engage in third-party auditing of its conduct; and to require Facebook to divest assets, such as Instagram and WhatsApp, that entrench its market power.

According to the complaint, which was filed on behalf of named plaintiffs Sarah Grabert and Maximilian Klein, Facebook did not achieve its Big Tech monopoly through innovation or vigorous competition. Despite its public pledge to protect user privacy, Facebook lied to users and violated their trust in a scheme to build a technology empire. Facebook also acquired technology from smaller firms that it used to track consumer activity across the internet so that it could identify and target competitors.ADVERTISEMENTThe complaint further alleges that in a strategic, intentional ploy for market domination, Facebook engaged in its scheme to destroy all competition without a care for the ultimate harm it would inflict on consumers. By the time Facebook’s deception about its lackluster privacy protections became public knowledge, Facebook had already achieved dominance, making it difficult for any firm to challenge its social media and social network monopoly.

The complaint notes that Facebook derives enormous economic value from the data it harvests from consumers on its platform. In fact, Facebook itself has described how it generates massive earnings per user from the data it collects. The complaint details how Facebook’s destruction of competition has caused consumers substantial economic injury. Consumers who sign up for Facebook agree to give up their valuable data and attention in exchange for using Facebook’s platform. That information and attention is then sold in measurable units to advertisers in exchange for money. The complaint alleges that consumers were harmed by Facebook’s anticompetitive conduct, as they did not receive the benefit of their bargain with Facebook.The lawsuit includes claims for violations of federal antitrust laws and California common law. It also seeks an order enjoining Facebook from continuing to engage in the alleged wrongful acts, requiring Facebook to engage third-party auditors to evaluate and correct problems with Facebook’s conduct, and requiring Facebook to divest assets like Instagram and WhatsApp. The lawsuit also seeks monetary damages, restitution and/or disgorgement of Facebook’s wrongful gains, attorneys’ fees, and costs.

NSO Group, an Israeli vendor of “lawful” hacking tools designed to infect a target’s phone with spyware, is regarded by many as a bad actor. The group claims to be shocked when its products are misused, as they have been in Mexico, Saudi Arabia and the United Arab Emirates. One incident might be excusable, but the group’s continued enabling of misbehavior has resulted in well-earned enmity. Recently, Facebook struck back. NSO Group deployed a weaponized exploit for Facebook’s WhatsApp messenger, integrated it into its Pegasus malcode system, and offered it to its customers (a mix of legitimate government agencies and nefarious government actors) interested in hacking WhatsApp users beginning in April. This was a particularly powerful exploit because it required no user interaction and the only sign of the exploit a user might discover would be a series of “missed calls” received on the user’s phone. Facebook patched the vulnerability on May 13, blocking the NSO campaign. Facebook wasn’t satisfied with simply closing the vulnerability. In cooperation with CitizenLab, Facebook identified more than 100 incidents in which NSO Group’s WhatsApp exploit appeared to target human rights activists and journalists. In total, Facebook and CitizenLab identified 1,400 targets (which apparently also included government officials in U.S. allied governments). They then filed a federal lawsuit against NSO Group, closed NSO Group member accounts, and, most damaging of all to NSO’s customers, sent a notice to all identified victims alerting them of the attack. This meant that all targets, both dissidents and drug lords alike, were notified of this surveillance. The lawsuit will be a case to watch. Facebook has already revealed a large amount of detail concerning NSO Group’s internal workings, including the hands-on nature of its business model: NSO Group actively assists countries in hacking targets. For example, we now know that while an NSO Group employee may not press the “Enter” key for a target, NSO employees do act to advise and consult on targeting; and NSO Group is largely responsible for running the infrastructure used to exploit targets and manage implants. Expect more revelations like this as the case proceeds.

Google and Facebook, the No. 1 and No. 2 players in online advertising, made a secret illegal pact in 2018 to divide up the market for ads on websites and apps, according to an antitrust suit filed Wednesday against the search giant. The suit — filed by Texas and eight other states — alleges that the companies colluded to fix prices and divvy up the market for mobile advertising between them.

The allegation that Google teamed up with Facebook to suppress competition mirrors a major claim in a separate antitrust suit the Justice Department filed against the company in October: that Google teamed up with Apple to help ensure the continued dominance of its search engine. Such allegations provide some of the strongest ammunition yet to advocates who argue that the U.S. major tech companies have gotten too big and are using their power — sometimes in conjunction with each other — to control markets.Many of the details about the Google-Facebook agreement, including its specific language, are redacted from the complaint. But the states say it “fixes prices and allocates markets between Google and Facebook as competing bidders in the auctions for publishers’ web display and in-app advertising inventory.”

The complaint alleges that the agreement was prompted by Facebook’s move in 2017 to use “header bidding” — a technology popular with website publishers that helped them increase the money they made from advertising. While Facebook sells ads on its own platform, it also operates a network to let advertisers offer ads on third-party apps and mobile websites.

The European Commission has opened formal antitrust investigations to assess whether Apple's rules for app developers on the distribution of apps via the App Store violate EU competition rules. The investigations concern in particular the mandatory use of Apple's own proprietary in-app purchase system and restrictions on the ability of developers to inform iPhone and iPad users of alternative cheaper purchasing possibilities outside of apps. The investigations concern the application of these rules to all apps, which compete with Apple's own apps and services in the European Economic Area (EEA). The investigations follow-up on separate complaints by Spotify and by an e-book/audiobook distributor on the impact of the App Store rules on competition in music streaming and e-books/audiobooks.

iPhone and iPad users can only download native (non web-based) apps via the App Store. The Commission will investigate in particular two restrictions imposed by Apple in its agreements with companies that wish to distribute apps to users of Apple devices: (i)   The mandatory use of Apple's own proprietary in-app purchase system “IAP” for the distribution of paid digital content. Apple charges app developers a 30% commission on all subscription fees through IAP. (ii)  Restrictions on the ability of developers to inform users of alternative purchasing possibilities outside of apps. While Apple allows users to consume content such as music, e-books and audiobooks purchased elsewhere (e.g. on the website of the app developer) also in the app, its rules prevent developers from informing users about such purchasing possibilities, which are usually cheaper.

The European Commission has informed Amazon of its preliminary view that it has breached EU antitrust rules by distorting competition in online retail markets. The Commission takes issue with Amazon systematically relying on non-public business data of independent sellers who sell on its marketplace, to the benefit of Amazon's own retail business, which directly competes with those third party sellers. The Commission also opened a second formal antitrust investigation into the possible preferential treatment of Amazon's own retail offers and those of marketplace sellers that use Amazon's logistics and delivery services. Executive Vice-President Margrethe Vestager, in charge of competition policy, said: “We must ensure that dual role platforms with market power, such as Amazon, do not distort competition.  Data on the activity of third party sellers should not be used to the benefit of Amazon when it acts as a competitor to these sellers. The conditions of competition on the Amazon platform must also be fair.  Its rules should not artificially favour Amazon's own retail offers or advantage the offers of retailers using Amazon's logistics and delivery services. With e-commerce booming, and Amazon being the leading e-commerce platform, a fair and undistorted access to consumers online is important for all sellers.”

Amazon has a dual role as a platform: (i) it provides a marketplace where independent sellers can sell products directly to consumers; and (ii) it sells products as a retailer on the same marketplace, in competition with those sellers. As a marketplace service provider, Amazon has access to non-public business data of third party sellers such as the number of ordered and shipped units of products, the sellers' revenues on the marketplace, the number of visits to sellers' offers, data relating to shipping, to sellers' past performance, and other consumer claims on products, including the activated guarantees. The Commission's preliminary findings show that very large quantities of non-public seller data are available to employees of Amazon's retail business and flow directly into the automated systems of that business, which aggregate these data and use them to calibrate Amazon's retail offers and strategic business decisions to the detriment of the other marketplace sellers. For example, it allows Amazon to focus its offers in the best-selling products across product categories and to adjust its offers in view of non-public data of competing sellers. The Commission's preliminary view, outlined in its Statement of Objections, is that the use of non-public marketplace seller data allows Amazon to avoid the normal risks of retail competition and to leverage its dominance in the market for the provision of marketplace services in France and Germany- the biggest markets for Amazon in the EU. If confirmed, this would infringe Article 102 of the Treaty on the Functioning of the European Union (TFEU) that prohibits the abuse of a dominant market position.

September 29, 2021, Google deleted my YouTube account for “violating community guidelines” they’d implemented that same morning September 28, 2022, I filed a lawsuit against Google, YouTube and Alphabet Inc. for breach of contract. YouTube unilaterally amended the contract without notice, which is a violation of its own terms, and then used this last-minute amendment to remove my content YouTube’s terms of service also include a “three strikes” policy, where users are supposed to be given three warnings and opportunities to remove content that violates the guidelines BEFORE being banned. I had no “strikes” against my channel on the day I was deplatformed and deleted We’re also suing YouTube for unjust enrichment, as for the last 16 years, my video content, having generated in excess of 50 million views, has been of great financial benefit to YouTube, allowing them to increase advertising revenue on the site November 8, 2021, I sued U.S. Sen. Elizabeth Warren, both in her official and personal capacities, for violating my First Amendment rights, as she tried to force Amazon.com to ban my book, “The Truth About COVID-19” September 29, 2021, Google deleted my YouTube account for “violating community guidelines” — guidelines they’d implemented that very same morning. September 28, 2022, I filed a lawsuit1 against Google, YouTube and Alphabet Inc. for breach of contract.2 As detailed in my complaint, YouTube unilaterally amended the contract without notice, which is a violation of its own terms, and then used this last-minute amendment to remove my content, which went back to 2005, the same year YouTube was founded. At the time YouTube deleted my content, I had more than 300,000 subscribers, and my videos had collectively garnered more than 50 million views. While I disagreed with YouTube’s censorship, when its “COVID-19 misinformation” policy was implemented back in April 2021, I carefully avoided posting any content on YouTube that might violate that guideline. In fact, over 16 years on the platform, I never once received notice of any “strike” against my channel for violation of community guidelines.

Economic justice advocates applauded on Tuesday as the Federal Trade Commission and 17 states filed a sweeping antitrust lawsuit against Seattle-based Amazon.com for illegally dominating the online retail economy at the expense of consumers.

The 172-page complaint "lays out how Amazon has used a set of punitive and coercive tactics to unlawfully maintain its monopolies," said FTC Chair Lina Khan in a statement. "The complaint sets forth detailed allegations noting how Amazon is now exploiting its monopoly power to enrich itself while raising prices and degrading service for the tens of millions of American families who shop on its platform and the hundreds of thousands of businesses that rely on Amazon to reach them." The document—filed in a federal court in Washington state—alleges that Amazon maintains "durable monopoly power" in the online superstore and marketplace services markets, including by stifling price competition and coercing sellers into using its fulfillment service.

An analysis of public comments on the FCC's plan to repeal net neutrality rules found that 2 million of them were filed using stolen identities. That's according to New York Attorney General Eric Schneiderman. "Millions of fake comments have corrupted the FCC public process—including two million that stole the identities of real people, a crime under New York law," Schneiderman said in an announcement today. "Yet the FCC is moving full steam ahead with a vote based on this corrupted process, while refusing to cooperate with an investigation."

Some comments were submitted under the names of dead people. "My LATE husband's name was fraudulently used after a valiant battle with cancer," one person told the AG's office. "This unlawful act adds to my pain that someone would violate his good name." Schneiderman set up a website where people can search the FCC comments for their names to determine if they've been impersonated. So far, "over 5,000 people have filed reports with the Attorney General's office regarding identities used to submit fake comments," the AG's announcement said.

While the 5,000 reports provide anecdotal evidence, the AG's office performed an analysis of the 23 million public comments in order to figure out how many were submitted under falsely assumed identities. Many comments for and against net neutrality rules are identical because advocacy groups urged people to sign form letters, so the text of a comment alone isn't enough to determine if it was submitted by a real person. The AG's office thus examined comment text along with other factors, such as whether names matched lists of stolen identities from known data breaches. Schneiderman's office also told Ars that it looked into whether or not the submission of comments was in alphabetical order, one after another, in short time periods. In general, analysis of formatting and metadata played a role in the analysis. The number of comments believed to be fake has grown as the A.G.'s investigation continues, and it isn't done yet. Schneiderman's office is still analyzing the public comments. We asked Schneiderman's office how many of the fake comments supported net neutrality rules, and how many opposed them, but were told that the information was not available. While fake comments used names and addresses of people from across the nation, more than "100,000 comments per state" came "from New York, Florida, Texas, and California," Schneiderman's announcement said.