My friends call me Lisa. My enemies can refer to me as the Dutch Ice Princess from Hell. Fortunately, I have no enemies. :-)
Yeah, Dutch, female, young, intelligent and I have a girlfriend, which makes me a Le..ia. and proud of it!
They might risk it if they can somehow get away with it and if risking it would increase their profits. In the end, Verizon just wants to make profits so if listening in on HTTPS traffic provides additional revenue, they will certainly look at the risks involved. If they risk compromising their root CA then they could just make use of a different root CA by someone else. Or they will limit it to specific areas, countries or perhaps even their free WiFi, if they offer that somewhere. Revoking a root CA isn't something Google or Mozilla will do that easily, since Verizon is big and powerful. The legal consequences might result in just a warning from Google and Mozilla and Verizon will reverse their changes. Providers in other countries might even have it easier. The Iranian or Chinese government could force all computer users to install a government-issued certificate that they can use to listen in on all traffic. The providers would then route all traffic through this system and the people might complain, but can't do much about it. That's the power of a monopoly.
As a CA, Verizon can create it's own certificate and use it to sign a specific domain like Google or TechDirt. The certificate would appear to be legitimate for the browser since it is signed by an official CA and mentions the right domain. The fact that Verizon created it on the fly doesn't really matter since it will look quite official. (Including any details found in the original public certificate!) To check it, you would need to check the certification path, which would differ from the original certificate. Without access to the original certificate to compare, you can't know if you have the real certificate or a proxy version created by your provider. But if your browser or App has the original certificate included in the executable, it should be able to validate the certificate with whatever the site provides. Which only works as long as your browser or app gets updated when the certificate changes...
Actually, some ISP have more or less made this happen already, but mostly to provide a better user experience for mobile phones. They would intercept all HTTP and HTTPS traffic and they would cache all large images on those sites to replace them with smaller versions for customers using their mobile phone to browse. This would reduce the amount of traffic but with HTTPS, they would have to become an in-between proxy and sign the traffic between proxy and user with their own certificate. ISPs have played with this option, noticed it "broke" the Internet and stopped doing it again. Nowadays, this is still possible as a special proxy so your mobile bandwidth is reduced. Since your provider is a trusted CA they could easily create their own certificates to use for this proxy and thus still capture all HTTPS traffic. Law Enforcement actually has the same option! And to protect yourself against it, you will have to check each certificate carefully before continuing browsing the specific webpage. That is, if you're really paranoid. There are additional securities, though. The Chrome browser knows the public certificates for Google and other popular sites so it can validate against those. And it should be possible to have browser extensions that can do the same checks for you. It is also a good reminder for App builders to include their public key inside the app so they don't need to ask for it from the web service. There are plenty of ways to detect these attacks and if Verizon would do something like this, like here on TechDirt. It is more secure than regular HTTP. But still, every security measure can fail and has weaknesses that can be exploited by parties willing to do so. With more and more sites moving towards HTTPS, it becomes more interesting to e.g. hack those certificates and recalculate the private key for all those public keys that are out there. It requires a lot of processing powers but it is not impossible. It is why we continuously have to find new and better encryption methods, simply because the old ones become too weak at some point in time.
Verizon does not need the private key since they can use their own private key to encrypt everything again. The only way that you'll notice this is when you check that public key that you've received. To prevent this, you would have to disable any Verizon certificate that's on your own system so the browser will warn you. Basically, Verizon would use a proxy server and as administrator they can tell you that the proxy certificate is the valid one. You try to connect to a HTTPS site through the proxy. The proxy detects this and Connects to the HTTPS server by itself, thus receiving the public key that it needs for the communication between proxy and site. And Verizon would use its own certificate to sign the connection between user and proxy. And as a result, your browser will think it has a valid public key, which is true. The Verizon certificate is probably already in your store. But if you check the certificate, you'll see it's the wrong one! There is a solution, though, which I think is done by Google. In Chrome a few public keys are stored in the browser executable instead of retrieved over the Internet. Thus, the Chrome browser will know if it is talking to the true Google server or not over a secure connection. If the certificate it receives differs from the one it already stored, alarmbells will go off. And then the user clicks them away because users are generally not that smart...
Sure, HTTPS is better but it requires certificates to be linked to your domain. As a result, hosting multiple domains becomes more troublesome since every domain needs its own certificate. It becomes even more troublesome when you also need SSL for your subdomains. It adds a lot of maintenance for the webmaster who hosts multiple domains. You need to renew the certificates and you need to know what SSL is and how to use it. And how to debug any SSL-related problems. It is generally a huge pain in the donkey. (Well, other word for donkey, that is.) And you have to consider if it really makes customers happy. Client-side, same problem. When you create an app for the iPad and/or Android then using SSL requires a little more coding action. A little more knowledge that most seem to be missing. The biggest problem is that the lack of knowledge about HTTPS and SSL will increase the vulnerability of specific systems, not decrease them. Certificates get lost or fall into the wrong hands. And it still doesn't protect you that well against a man-in-the-middle attack. Verizon could easily just intercept the HTTPS traffic, decrypt it and re-encrypt it with their own SSL certificate you your browser would not know about the "attack". Actually, they can encrypt it and just send a copy of the unencrypted data to the user, so they will analyze the content that the user was looking for. It makes tracking a bit harder but they still know whatever person at address xxx.xxx.xxx.xxx finds interesting. So, I think HTTPS just gives a fake sense of security. And Verizon including their own headers in the HTTP traffic should be a criminal offense. They're violating Net Neutrality.
I'm not taking it seriously. :-) But my head gets confused by all the styling issues in the code, so it doesn't compile in my head. Besides, it would not be a big problem to make the other strings to link to some page, thus making them the same style. :-)
Anyone can make such requests. And it's up to the hoster to decide if the content needs to be removed or not. Most hosters have restrictions in their policies that would ban certain content and would remove it anyways, no matter who reported it. Leaseweb, a company named in the article has these : General conditions (PDF). Article 12 is about the reasons for suspension of the site/account. And 12.1a is the rule that tells you why Leaseweb will immediately obey once they receive a request. They just blindly obey. They also have an "Acceptable Use Policy" and they might define a Jihad site to be unacceptable. More hosting companies have similar rules. My own host also has strict rules about the content I host. Even more strict than leaseweb since my host explicitly tells me what content is not allowed. (Basically anything hateful or racist is banned.)
These are not the cops making those requests. The Dutch article mentions "opsporingsinstanties" which Google translates to law enforcement. It doesn't completely cover the meaning, though. There are other government agencies in the Netherlands that have their own inspectors that could do similar things. Our tax office, for example, has similar powers. For the Internet we have the "Nationaal Coördinator Terrorismebestrijding en Veiligheid" a.k.a. NCTV (National Coordinator for Counterterrorism and Security) who are not police officers. They're just government employees who seek out possible threats against the Netherlands or our allies. The NCTV is just warning companies that their sites have some content that they might not want to support and thus take down. Those companies should then check out the content before deleting it from their servers but unfortunately most of them don't want to spend time to check it out and delete it immediately. But basically, the hosting companies themselves are supposed to check if the complaint is justified or not. The NCTV just notifies them that the content might be unwelcome.
Since I'm Dutch and also live in the Netherlands, I know that providers aren't forced to remove this content. They are just notified about it ang generally decide for themselves that they don't want to host Jihad messages. Hosting Providers are allowed to block certain content on their servers, especially when they suspect it would attract hackers and other hostiles towards their servers. Hosters generally have no time to judge the content of sites they host so they rely on external sources to warn them. Basically, these providers have clauses in their policies that don't allow these kinds of sites. (Hate-speech, supporting terrorism.) But the site ownerd then start complaining so the hosters refer to those orders as a valid excuse.
I think the court is correct in this case. Section 230 just doesn't apply because it has nothing to do with the case. MM is just as responsible for these rapes as your average phone directory so they don't even need the protection of section 230. The rapists could have preyed upon their victims with any means they would find. You can't hold a car factory responsible for these rapes simply because the models were kidnapped in a car. Or hold a gun manufacturer responsible because they made the gun used in these crimes. Those can do fine without the protection of section 230. So why would MM even need that protection? It has no fault in this all.
Actually, the Internet has no borders. The companies might be located in the USA but its customers are all over the World. And the bigger companies are actually located in multiple areas. It is ridiculous for e.g. Facebook to close discussions about Cannabis between Dutch citizens because drugs happen to be illegal in the USA. Frack that! It is legal in the Netherlands so we have the right to talk about it and it should just stay online! Which adds the complication of multiple laws deciding what is and what isn't legal to talk about. For the Internet, there should be just one law, and that should NOT be the First Amendment. It should look like it, but has to be much more open to really Free speech.
Problem with the First Amendment is that it should discourage censorship, yet there are many ways that lawmakers and companies manage to get around this. The freedom of religion, for example, is laughable considering that many non-Christians in the USA seem to have less freedom since some morons explain it as "Freedom in choosing as how to worship the Christian God". It's also complicated when people who worship a Spaghetti-monster as their god have trouble to get a public image of their religion in a public area without being ridiculed. Or how many oats in the USA contain references to the Christian God or other religious references. For example, the oath of citizenship ens with "so help me God" which is such a huge insult for those who don't believe in one. Or who have a different religious view.
But we're talking about free speech, not free religion. I wonder if communists noticed much of this freedom about 50 years ago. Or the Native American People when they start mentioning what happened to their ancestors. Or even the protesters in Ferguson at this moment! You can even wonder if America really has a free press, considering that many of them seem to support the current government and they tend to stay away from certain sensitive topics, to prevent them from becoming public knowledge. What's the value of freedom anyways if your choices of expression are still limited? Some people might have some very interesting news stories to tell but no one can hear it because the major newspapers are unwilling to report it. Or worse, they twist around the whole story. Don't be fooled! Even in the USA you don't have complete freedom of speech. There are certain topics people don't really want to consider. For example, legalizing Gay marriages or certain drugs tends to be so sensitive that certain media will not allow it within their systems. The same with discussions about pornography, legalizing prostitution or even having comments on the US laws. All those things are often frowned upon and often banned from most media, which limits people in their freedom to make a public discussion about those topics. This freedom is just relative. For a true Freedom of Speech, the Internet would have to allow those topics just as much as generic topics about flower arrangements or cars. The USA still has a few limits on this, not by law but by those people in Power who control what can and cannot be the next news item...
Applying the "First Amendment" on the Internet would be worse. The First Amendment is a law from the United States of America, and although other countries might have similar laws, they might not want to follow US laws. The name for it is completely wrong and will upset a lot of Americans, enforcing their ideas that the USA is trying to gain more control over the Internet, while they actually want less influence. Besides, the Internet is asking for new, International laws. It doesn't need old, restricted laws from one specific area of this planet. So, the First Amendment is hereby downvoted as Internet-law. Sorry if I hurt your feelings, but please keep in mind that the majority of people on this World are NOT Americans...
Actually, converting from HD to SD just means trimming some of the fat and delivering a smaller product. Converting can be fully automated so that's a couple of cents in the electricity bill but if the SD size is half the HD size, they will save a lot of bandwidth. (And they probably pay per gigabyte...) So, SD is slightly more expensive to create but a lot cheaper to distribute...
Katzenberg is dumb from a technical perspective in my opinion. I don't think he understands the difference between screen size and resolution. But he does know that bigger screens tend to have bigger resolutions thus he thinks the two are related. I also assume that devices know the resolution they are using and are thus capable to select the proper resolution based on this while streaming movies. If you have a 4K projector/screen then it will most likely ask for the best resolution streaming, thus the most expensive package. Your phone probably knows it's screen is too small or that it doesn't have enough bandwidth to support movies at bigger resolutions. It would request the smallest resolution and thus has a great performance while displaying the movie over a slow Wifi connection. - Also, if a device knows the screen resolution, the viewer software on the device would also know it. The software can tell the stream which resolution it wants, thus linking screen size through resolution to the price of the movie. You might be able to change this preference, but it would result in a different quality of your movie. Which for some movies won't make much difference. You could look "Rio Grande" with 'The Duke' on your 4K device but it still won't change the quality of the images, since they have been made with an analog camera in black&white instead of full color.
You're assuming that the player software needs to check the resolution of the device to determine the cost price. Its more likely that they just have to base the price based on the quality that you want for your device. If someone is happy with SD quality, yet is willing to pay a lot for a big 4K screen, fine. Would be a waste of your screen quality but some people will be happy with this. But it's more likely that people with a 4K device will set their preference to 4K quality movies. And people looking on low-quality mobile devices would set their standard preference to the lowest quality to save download bandwidth and storage. (And to improve performance since viewing a 4K movie on my Android phone will be really annoying.)