FSF Certifies Another Batch Of Old Hardware For Respecting Your Freedom

The Free Software Foundation has endorsed fifteen “new” devices under their Respects Your Freedom (RYF) certification. These new devices though amount to another supplier ,Technoethical, selling old, refurbished ThinkPad laptops shipping with Libreboot and using the FSF-approved Trisquel Gnu/Linux distribution. The ThinkPad X200, X200T, X200s, T400, T400s, and T500 are among the models being spun by this company, Technoethical, which is a Romanian-based firm. The X200T is the first “tablet” receiving the FSF RYF blessing.

— source phoronix.com, fsf.org

CIA malware BothanSpy and Gyrfalcon targeting Windows and Linux

WikiLeaks has dumped its newest Vault 7 documents, detailing the capabilities of two alleged CIA hacking tools dubbed BothanSpy and Gyrfalcon. The malware payloads have allegedly been designed to steal SSH credentials from systems running both Windows and Linux operating systems (OS).

According to WikiLeaks, while BothanSpy targets Windows computers, Gyrfalcon goes after Linux platforms. SSH credentials or Secure Shell credentials are cryptographic keys designed to securely access a remote computer or server. In other words, the two alleged CIA malware strains would allow spies to remotely hack into systems, likely without being detected.

— source ibtimes.co.uk

Backdoor built in to widely used tax app seeded NotPetya outbreak

The third-party software updater used to seed last week’s NotPetya worm that shut down computers around the world was compromised more than a month before the outbreak. This is yet another sign the attack was carefully planned and executed. malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that’s widely used in Ukraine.

— source arstechnica.com

To avoid this kind of situation all softwares must be Free Software.

Selling User Data

For months, Uber has paid a public price for some of the questionable tactics it has used to conquer the transportation industry. Now another company is experiencing some of the fallout for working with Uber.

Slice Intelligence, a data firm that uses an email management program called Unroll.me to scan people’s inboxes for information, faced an outcry that began on Sunday after The New York Times reported that Uber had used Slice’s data to keep tabs on its ride-hailing rival Lyft.

Unroll.me, a free service to unsubscribe from email lists, can scour people’s inboxes for receipts from services like Lyft and then sell the information to companies like Uber. The data is anonymized, meaning individuals’ names are not attached to the information, and can be used as a proxy for the health of a rival.

After the revelation, angry users demanded that Unroll.me explain why the company had gone into their inboxes and betrayed their trust. Late on Sunday, Jojo Hedaya, the chief executive of Unroll.me, apologized in response to the surprised reaction to a practice that he said the company had been open about in the past.

“It was heartbreaking to see that some of our users were upset,” Mr. Hedaya said in a blog post. “Recent customer feedback tells me we weren’t explicit enough.”

What Unroll.me does is far from an anomaly — it is part of an expansive and largely unregulated world of selling personal data collected by online consumer services. As long as a service like Unroll.me has a privacy policy, adheres to it and does not sell personally identifiable information, like someone’s name, it is fairly free to package and sell the data it collects.

Yet privacy advocates said the modern technology of data analytics allowed such fine-grained measurement of a person’s online behavior that the concept of personally identifiable information was all but obsolete.

“Many of the services or apps we use for ‘free’ are monetizing data about us,” said Lee Tien, a lawyer at the Electronic Frontier Foundation, an organization focused on digital rights.

Companies like Unroll.me have long acted as intelligence services offering insights to businesses seeking to gain a competitive edge. Both Uber and Lyft pay for information from Slice as well as other data services, according to two people familiar with the companies’ competitive intelligence programs, who asked to remain anonymous because the programs were confidential. Uber and Lyft declined to comment.

Unroll.me, which was bought by Slice in 2014, is a tiny player in the personal data market. The larger data brokers — with names like Acxiom, CoreLogic, Datalogix and ID Analytics — have been the subject of inquiries by a congressional committee and the Federal Trade Commission.

In 2014, after concluding its investigation, the F.T.C. called on Congress to protect consumers against the unchecked collection and marketing of their digital data. The F.T.C. report detailed how some of the companies classify consumers in data-driven social and demographic groups for marketing purposes with labels like “financially challenged,” “diabetes interest” and “smoker in the household.” The concern is that such classifications could be used to limit fair access to financial services or health insurance.

The F.T.C. recommendation, which was endorsed in a separate report by the Obama administration, was not taken up in Congress.

Unroll.me bills itself as offering an easy way to “clean up your inbox.” After someone grants the service access to his or her email account, Unroll.me serves up a list of all the subscriptions they are a part of, with the option to quickly opt out of the ones they no longer want to receive. The company also organizes subscription emails and delivers a newsletter-style digest of some subscriptions.

The service, which began as a test in 2011, quickly took off with users, attracting the attention of Rakuten, the Japanese e-commerce giant that now owns Slice. Rakuten invested in Unroll.me before Slice ultimately bought it.

Unroll.me discloses its freewheeling use of personal data in its privacy policy, which says that “we may collect, use, transfer, sell and disclose nonpersonal information for any purpose” and that the data can be used “to build anonymous market research products and services.”

Yet few people read such policies closely, privacy advocates said. Katharina Kopp, director of policy at the Center for Digital Democracy, said of Unroll.me, “Under the disguise of being customer friendly and helping their customers to get rid of ‘email junk,’ they allow the profiling and targeting of their unwitting customers by third parties.”

Ms. Kopp called the Unroll.me tactic a “particularly misleading practice,” despite the disclosure in its privacy policy.

In its blog post on Sunday, Unroll.me said it had underestimated how many people would be surprised at the methods it used to build its business. The company said it was working on making its business model more transparent to users, with clearer messaging on its website, on its app and in its frequently asked questions section.

In several posts on Twitter, Unroll.me pointed fingers at Google’s Gmail and at Facebook as having more personal data on people. “Just know, Gmail has more data on you than we ever would,” Unroll.me posted.

Some of those who were upset with the practices of Unroll.me chalked it up to a learning experience.

“If it is on the internet and is free, then you are not the client or the user,” wrote Craig, a commenter on the Unroll.me blog post. “You are the product.”

— source nytimes.com by MIKE ISAAC and STEVE LOHR

Lessons on digital swaraj

When faced with the exploitative economics and technology of British rule, Mohandas Gandhi found innovative answers. Responding to the dumping of overpriced mill cloth from England, he resorted to khadi. The charkha was a lot more than image-making gimmickery: Gandhi had renegotiated the terms of technology and economics.

His approach to intellectual property was no different. His 1909 masterpiece Hind Swaraj was free of copyright. “I have never yet copyrighted any of my writings. Tempting offers have come to me…even so, I dare not be exclusive… Writings in the journals which I have the privilege of editing must be common property. Copyright is not a natural thing. It is a modern institution, perhaps desirable to a certain extent,” he wrote in March 1926. “I have not the heart to copyright my articles,” he iterated in June 1940.

Four years later, he changed tack, bequeathing all rights over his writings to the Navjivan Trust. “It was after much thought that I declared a trust in connection with my writings. I had observed misuse of Tolstoy’s writings for want of a trust. By curing the defect, I preserved fully the idea lying behind dislike for copyright, i.e., for personal gain for one’s writings. The idea also was to prevent profiteering by publishers or distortion or misrepresentation, wilful or unintentional.”

Gandhi engaged with the copyright law to subvert the economics he disagreed with, and to infuse it with values close to his heart, wrote a US law professor in a 2013 paper titled ‘Gandhi and Copyright Pragmatism’. “Toward the later part of his life, he also came to deploy copyright law to curtail market-based exploitation when he could. In many ways then, Gandhi’s approach did with copyright law what open source licensing and the Creative Commons Project would begin doing with copyright in the 21st century,” wrote Shyamkrishna Balganesh of University of Pennsylvania Law School.

Now, consider the life and work of Richard M Stallman (callsign RMS in the geek-verse). A champion of the movement for Free and Open Source Software (FOSS), he is more commonly known as the pioneer of ‘Copyleft’. “If you want to accomplish something in the world,” says his Wikiquote page, “idealism is not enough — you need to choose a method that works to achieve the goal. In other words, you need to be pragmatic.” RMS was among the first to call for a free online encyclopaedia. Wikipedia, no surprise, is governed by Creative Commons licensing.

Many software giants do not give their customers any control over their source codes, asserting proprietary ownership. Stallman compares this to car owners not being able to open up their engines. Yet, such companies have used Gandhi in their ads. Remember Apple’s ‘Think Different’ ad?

Gandhi and Stallman is a ready comparison. Two public-spirited individuals, original and subversive. Freaks in their own ways, as pioneers tend to be. Both used radical rethinking to find practical responses to what they opposed. The [Free]-source software movement, says Stallman, has much in common with Gandhi.

So is this movement a fringe concern in the digital world? Far from it. In May 2015, the government of India released its e-governance policy; it had a heavy slant towards open source software, even if the government machinery is very slow to actually adopt this policy. In today’s world, software isn’t just a matter of choosing an OS platform for your phone. It spreads from day-to-day government work and data management to matters of national security.

While the government has taken a step forward, social organizations fare poorly. India’s small but enthusiastic Free Software community lacks a sense of its cultural heritage, including the values of our freedom movement. Gandhian institutions, too, remain inert to possibilities of wider social cooperation. So, even as calls for engaging young people with Gandhian values has become a trope, there is no collaboration on the new frontiers of technology and economics. No renegotiation of terms, no pragmatism. Call it a cultural version of the digital divide. This is one reason for the dismal state of Indian language computing.

There will be renewed interest in Gandhi in the build-up to 2019, his 150th anniversary year. One part of this will be the tiresome discussions on “how relevant is Gandhi to our times?”, a Gandhi Jayanti ritual now. To find answers, we needn’t look further than our digital devices, actually. If we stop for a moment and take a hard look at the economics and politics of technology, the relevance is all around. How serious an enquirer are you?

— source timesofindia.indiatimes.com By Invitation-Sopan Joshi

Debian Warns Of Hyper Threading Issue With Intel Sky/Kaby Lake CPUs

The Debian project is warning Intel Skylake and Kaby Lake users to disable Hyper Threading (HT) on their CPUs due to a possible issue affecting those with out-of-date microcode. Intel Skylake and Kabylake (6th and 7th gen CPUs) could “dangerously misbehave” when Hyper Threading is enabled. Users are advised to get an updated BIOS/UEFI while for some Skylake CPUs the updated Intel microcode packages available on Linux have a fix.

— source phoronix.com