by Mike Masnick
Fri, Oct 12th 2012 2:30pm
Thu, Sep 27th 2012 9:07am
from the i-see-you dept
But they were spying on you before federal charges were brought against them. It turns out that seven rent to own PC companies were employing software that logged your keystrokes, retained your social media passwords, recorded your social security passwords, snapped photos of people having sex with web cams, and even allowed rental company employees to deploy a French tickler through the screen to rub people's naughty bits (fine, fine, I made that last one up).
The companies captured screenshots of confidential and personal information, logged keystrokes and took webcam pictures of people in their homes. Their aim was to track the computers belonging to costomers who were behind with their payments.Yes, thank God for the FTC, because if anyone is going to watch me have sex, it's going to be the neighbors (no, I will not close the window and draw the shades, damn it, I like the breeze!). My question is why the hell anyone, especially the company that made the spying software used, DesignerWare, thought this kind of intrusion was necessary to begin with. Hell, this isn't even the first time a rental company using this software has gotten into trouble over it. The rental companies said they needed the software to remotely shut down and wipe stolen machines, as well as to initiate a kill switch on customer's machines when they were behind in payments. Those both make sense to me. Where do we get the explanation for logging keystrokes and in any way using the web cam?
"An agreement to rent a computer doesn’t give a company license to access consumers’ private emails, bank account information, and medical records, or, even worse, webcam photos of people in the privacy of their own homes," says FTC chairman Jon Leibowitz. "The FTC orders today will put an end to their cyber spying."
At least the FTC must have brought the hammer down for such a gross violation of privacy, right?
The rent-to-own companies are Aspen Way Enterprises, Watershed Development, Showplace, JAG Rents, Red Zone, B Stamper Enterprises and CALM Ventures. They've got off lightly, agreeing to stop using the data-collection software and to stop deceiving customers.I'll have to keep this in mind the next time I break the law. Just agree not to do it again and everything is okay, apparently. In the meantime, anyone who is renting computers can avoid these companies.
by Mike Masnick
Fri, Sep 21st 2012 5:30pm
from the well-meaning,-but-bad-policy dept
And, of course, the FTC wants to expand it even further.
They're asking for comments on the proposed changes in the rules, and if you develop websites or apps, you might want to speak up. CDT has put together a letter people can sign if they don't want to write up some comments themselves. They also have explained many of the problems with the new proposals. For example, it expands what COPPA applies to in very broad ways, potentially creating liability for developers without them even realizing it:
The FTC plans to put COPPA obligations on plugin developers if they “know or have reason to know” that their plugin has been installed on a children’s site. “Plugins” include analytics providers, advertising networks, social media plugins, embedded videos, or anyone else who provides third-party code for websites. Under the FTC's proposed change, if plugin developers receive a user’s IP address through a plugin that’s been installed on a children’s site, they could face legal liability for collecting children’s personal information.The end result would almost certainly involve those companies putting a lot more limits on their apps, and create a huge cost (and potential liability) for all sorts of plugin and app writers. But there's an even bigger problem. While COPPA was clearly limited at sites directed at children, the FTC seems to think this wasn't enough, because other sites not directed at children might still attract children... and so they want this problematic rule to expand to sites who don't even cater to children:
It’s unclear how a plugin or platform like Twitter is supposed to “know or have reason to know” that someone has cut and pasted a line of their code into a children’s site. The FTC says that plugin developers “will not be free to ignore credible information brought to their attention.” But the FTC doesn’t say what counts as “credible.” Would developers have to assume every random e-mail is a credible tip that could saddle them with legal liability? Even if the FTC did provide clarity, though, it would still be extraordinarily burdensome to place legal obligations on plugin developers based on the actions of others.
Things get worse with the FTC’s second major proposal: expanding the scope of sites deemed “directed to children” from sites aimed primarily at a very young audience to include sites and services that are “likely to attract an audience that includes a disproportionately large percentage of children under 13 as compared to the percentage of such children in the general population.”In fact, as CDT notes, this change almost certainly will do the exact opposite of what the rule intends. That is, it will make sites feel they need to collect more data about who is accessing their sites to make sure that they know if their audience includes kids, in which case they'll have to take steps. But that means they'll be... collecting more data about kids -- which is exactly what COPPA is supposed to stop.
This convoluted standard raises a number of serious issues. Not only is it difficult for site operators to gauge what proportions of their audience fall into arbitrary age buckets, but the FTC also gives operators no sense of what it means for an audience to be “disproportionately” composed of children in comparison to the general population. If a site’s audience is 20 percent children, is it disproportionately composed of children? What about at 30 percent? It’s not clear from the language, and it won’t be clear to website operators trying to run their sites while staying within the bounds of the law.
The FTC folks who support COPPA are certainly well meaning, but they seem to have little concern or interest about the real impact of the law and their specific rules around it, and how it not only fails to help protect children, but puts a serious damper on innovation as well.
by Mike Masnick
Fri, Aug 17th 2012 3:01pm
from the not-so-nice dept
We appreciate and value you as one of Joyent's lifetime Shared Hosting customers. As this service is one of our earliest offerings, and has now run its course, your lifetime service will end on October 31, 2012One would imagine that the FTC might have some questions for Joyent's management on the nature of living up to the promises of what was offered. Jason Hoffman, who apparently co-founded both TextDrive and Joyent, seemed to make things worse with his defense of the decision, basically admitting that this is screwing over their earliest supporters and biggest advocates:
Having co-founded two companies that ultimately became Joyent, growing from a tiny startup to where we are today has had its ups and downs, and this is one of the toughest decisions I’ve made. In particular because I've always been the biggest advocate for pushing a shared hosting product forward, and then here I am, the only remaining "founder" that is active.This seems to go back and forth. First off, it's not "ironic" that you're screwing over your early supporters and not giving them what was promised. It's a highly questionable business practice. As for not being able to make an argument for why the service can continue, one would think keeping Joyent's name and reputation from being dragged through the mud would be a potential argument. Also, avoiding possible smackdowns from government officials for selling one thing and delivering another.
It's ironic that our biggest advocates are the ones most affected by this and I know many of you are disappointed in me. I’ve received many questions and comments about why the service is being discontinued and I'm listening and will continue to listen. And like the past, this response won't be my last.
Making the decision to discontinue the service was extremely difficult. It was driven by some simple things: the hardware is simply old (6-8 years old), it's failing, there isn't an upgrade path from it, there's more than many of you likely realize and oddly enough it's more expensive with time (while not being used much). The rest of the Joyent's business has been paying for that, and I can't make the argument as to why it can continue.
Yet, we're only here because of the initial community that trusted us, and I'm genuinely grateful for the support. I’m sorry that I've lost that trust and I've upset you. You have a right to be upset. This was a tough decision with some nuance to it and none of this is lost on me.
I recognize that things change and businesses change over times. But the company did make the promise that these were lifetime accounts and that they'd stay up for as long as the company was around. It seems only reasonable that it should not just cut off those accounts without any sort of recompense.
by Mike Masnick
Tue, Jun 5th 2012 10:35am
from the that's-not-unlimited dept
Basically, with no warning, effective immediately, Sprint has unilaterally changed our deal from one where I was paying for unlimited data via the phone as a modem -- to one where it's capped at a stupidly low 5GB. And, the company even has the gall to then happily tell me (below the screenshot cut off) that this change won't impact how much I pay -- as if I should have expected them to increase the fees while taking away a feature I like.
Considering that unlimited mobile broadband was not only part of the marketing pitch, but also a big part of the reason for why I signed up for the plan I did, this certainly seems like a bait-and-switch deal... and I'd thought that bait-and-switch deals like this were violations of FTC rules, but what do I know?
Of course, on a whim, I wondered if Sprint's marketing had changed... and I did a quick search on "Sprint unlimited broadband" and turned up the following advertisement:
If you can't see it clearly -- it appears Sprint is still advertising unlimited mobile broadband -- highlighting that you can "avoid the data dilemma" and "get truly Unlimited data." Except, um, that's clearly not the case. Changing your plans unilaterally for those who specifically signed up for unlimited broadband is one thing. But continuing to advertise such plans while limiting them and -- even worse, effectively mocking such limited plans -- is simply adding rather obnoxious insult to injury. Sorry Sprint, but you may have finally convinced me it's time to explore other options.
by Mike Masnick
Thu, May 10th 2012 11:20am
from the why-you-write-broad-privacy-policies dept
by Mike Masnick
Tue, May 1st 2012 11:04am
Details Of Google Wi-Spy Investigation Show Disorganization And Bad Controls, Rather Than Malicious Spying
from the why-you-don't-use-open-wifi dept
That said, over the weekend, Google released the full FCC report redacting just names -- and even the name of the key engineer has since been revealed. The FCC had released a report that redacted a lot more info. The report reveals a lot more of the background here, and it's giving new ammo to critics, who are insisting that it shows a much more evil situation than had come out before. Specifically, it shows that Marius Milner -- working on Google's famed "20% time" -- came up with the code, and shared the details with some others, including one who debugged the code, and a supervisor. Milner, among other things, helped create NetStumbler, a tool that plenty of folks have used to monitor WiFi networks.
Some are trying to claim that this shows the effort was planned and not an "accident." Though, in actuality, the details still suggest nothing nefarious at all. It was still just this engineer coding it up, rather than some big plan. And yes, he shared the fact with a few others, but none of them seem to have paid much attention or done anything. In fact, while it was suggested to some that such data might be useful, that idea was dropped when people told the engineer that it wouldn't. There still doesn't appear to be a single shred of evidence that Google ever touched this data or did anything with it. Furthermore, the whole reason that three federal agencies all closed their investigation without charging Google with anything is because -- as many people pointed out from the beginning -- nothing illegal was done. Broadcasting your internet connection over an open WiFi network means that anyone can collect that data. That's not illegal. It may be silly for individuals to do that, but the responsibility is on them.
Also, pretty much every mainstream press report on this whole thing totally ignores that Google could not get access to any encrypted data -- meaning that most email, financial transactions, etc were always protected anyway. Instead, lots of reports talk about "emails and passwords," but that's only true if people used insecure sites in the first place -- and, again, they would be just as vulnerable to anyone who wanted to capture that content.
In the end, it's no surprise that Google haters will try to make more of this than is really there -- they have to grasp at whatever straws they can find. However, about the only thing this really seems to show is that Google had ridiculously poor process and controls concerning putting code into live projects. That allowed this code to get in there, without anyone really thinking through the consequences. Google has more or less admitted that these weak controls were a problem in the past and things are better these days. Of course, you can also understand why Google would have loose controls in the first place, seeking to encourage people to be creative (the reason for the 20% time concept in the first place). The problem, of course, is that if you have someone with nefarious intent -- or just tremendous naivete -- bad stuff can occur. In this case, it seems being naive was the key issue, rather than anything nefarious, and with three federal agencies all coming to the same conclusion that no laws were broken, it's pretty bizarre to see people still freaking out about this. It's fine not to trust Google. But that distrust shouldn't lead to simply making up crimes that don't exist.
by Mike Masnick
Thu, Apr 5th 2012 12:13pm
from the say-what-now? dept
"This unfairness harms the affected companies and their employees, as well as consumers and the broader economy," the senators wrote. "It also stifles innovation by forcing law-abiding American businesses — large and small — to compete against those businesses that reduce their operating costs through the use of pirated IT."Except that much of that is misleading. First of all, it's unclear that the companies in question would have bought the software otherwise, so arguing that it impacts the software companies isn't necessarily true. It is true that US companies have to compete against those other companies, but is the cost of the software they're using really the difference maker here? Besides, for all types of software there is growing competition from open source alternatives. If US companies want to compete, why not adopt more open source alternatives?
Also, what exactly do these Senators think the FTC can do here? The FTC has no jurisdiction over foreign companies and how they operate at home. Finally, even if the FTC could magically stop these companies from using unauthorized software, the end result is likely that those companies would simply shift to alternatives, such as open source software themselves.
by Mike Masnick
Fri, Mar 2nd 2012 1:25pm
from the paying-a-little-too-much-attention-to-the-competition dept
Either way, Microsoft appears to be stepping up its "saddle Google with antitrust charges" battle by hiring Randall Long from the FTC. Long was the key "anti-Google" lawyer within the FTC, who led multiple antitrust investigations into Google, and recommended that the FTC block Google's acquisition of AdMob (something he was outvoted on). Microsoft doesn't even seem to want to hide the fact that his role will be to lobby politicians in DC to hit Google with antitrust charges. The WSJ's report on the hiring is pretty explicit:
As part of his new job, Mr. Long will likely continue those efforts before the FTC and other agencies, a person familiar with the matter said.Of course, if Long actually follows the rules, he shouldn't be allowed to do anything concerning any FTC investigations into Google for quite some time. The ethics rules are pretty clear -- even barring "behind-the-scenes" help on such investigations:
Except as provided in this section, or otherwise specifically authorized by the Commission, no former member or employee (“former employee” or “employee”) of the Commission may communicate to or appear before the Commission, as attorney or counsel, or otherwise assist or advise behind-the-scenes, regarding a formal or informal proceeding or investigation...That certainly suggests that Long cannot and should not "continue those efforts before the FTC" for some time. Either way, it's yet another example of the questionable revolving door between government and the private sector, where ex-government officials end up in roles that have a very close connection to their former government role (or vice versa). Even assuming that Long follows all the rules, as I'm sure he intends to do, this kind of thing just looks really bad.
by Mike Masnick
Thu, Mar 1st 2012 4:15pm
from the this-is-going-to-end-up-in-court dept
There are ways to avoid having Google collect too much info on you, but they are a bit clunky, even if Google insists otherwise. It seems that a much better policy would have been to have given much more notice for such a change, along with much greater control for the users in terms of how it's implemented. I don't understand the gleeful cries of some suggesting that the new setup is a sign of "evil," but from a positioning standpoint, Google didn't do a very good job at all in explaining this to users.