Avast CEO Downplays Collection Of 400 Million Users' Browsing Data

from the you're-not-helping dept

In an ideal world, companies that profess to be dedicated to protecting users from malware and privacy threats probably shouldn't contribute to the problem. In the world we live in however, that's often not the case--as everybody saw when Facebook tried to sell its users on a "privacy protecting VPN" that actually hoovered up their browsing data, providing insight into user behavior when they aren't using Facebook. Facebook did ultimately shut the project down, but it took a year before they were willing to do so.

Enter antivirus and security firm Avast, which has been taking heat after it was discovered that the company's services are collecting user browsing data. Back in August, Wladimir Palant, the creator behind Adblock Plus, wrote a blog post detailing how Avast Online Security and Avast Secure Browser were covertly collecting the browsing data of the Czech company's 400 million users. In response earlier this month, both Opera and Mozilla pulled Avast extensions from their respective add on markets, though Google has lagged in any comparable response.

Hoping to calm the waters a bit, Avast CEO Ondrej Vlcek talked with Forbes, who informs its readers there's "no privacy scandal here":

"Recently-appointed chief executive Ondrej Vlcek tells Forbes there's no privacy scandal here. All that user information that it sells cannot be traced back to individual users, he asserts. Here's how it works, according to Vlcek: Avast users have their web activity harvested by the company's browser extensions. But before it lands on Avast servers, the data is stripped of anything that might expose an individual's identity, such as a name in the URL as when a Facebook user is logged in. All that data is analysed by Jumpshot, a company that's 65%-owned by Avast, before being sold on as "insights" to customers. Those customers might be investors or brand managers."

There's several problems here. One, it's not up to the CEO of a company collecting user data or Forbes to dictate what is or isn't a "privacy scandal." I mean sure, executives in the middle of the scandal would like to proclaim there is no scandal, but reality doesn't work that way. The people who determine what's a privacy scandal are the consumers who feel their private data has been abused without consent or transparency.

Two, study after study after study have showcased how anonymized data isn't actually anonymous.

Should that data get into the wild (pretty easy to do when it's being shared with an ocean of companies), it's fairly easy to compare it with existing data sets and obtain a real world identity with relatively little work. One study built a machine learning model that was able to correctly re-identify 99.98% of Americans in any anonymised dataset using just 15 characteristics including age, gender and marital status. Another study looking at vehicle data found that 15 minutes’ worth of data from just brake pedal use could lead them to choose the right driver, out of 15 options, 90% of the time.

In Avast's case, researchers found their apps collected way more data than was reasonably needed, including whether you'd visited a page in the past, your browser version, your country code, your browsing URLs, the websites you navigated from, etc. If Avast Antivirus was installed even more data was collected and shared, including the OS version of your devices.

No, collecting "clickstream" data isn't the end of the world. Nor is it new. After all, nearly every ISP has been doing something similar for the last twenty years (and routinely lying about it). Still, companies that profess to be protectors of your private data should be held to a slightly higher standard than telecom, which shouldn't be too hard since telecom isn't held to any real standard whatsoever.

Filed Under: data, data collection, free software, malware, ondrej vicek, online security, privacy, secure browser
Companies: avast

Free Software Foundation Europe Comes To Its Senses After Calling For EU To Fund Open Source Upload Filters

from the producing-better-shackles dept

Most EU digital rights groups are still reeling from the approval of the EU Copyright Directive and its deeply-flawed idea of upload filters, which will seriously harm the way the Internet operates in the region and beyond. Matters are made even worse by the fact that some MEPs claim they blundered when they voted -- enough of them that Article 13 might have been removed from the legislation had they voted as they intended.

But one organization quick off the mark in its response was the Free Software Foundation Europe (FSFE), the local offshoot of the main Free Software Foundation. Shortly after the EU vote, it issued a press release entitled "Copyright Directive -- EU safeguards Free Software at the last minute". This refers to a campaign spear-headed by the FSFE and Open Forum Europe called "Save Code Share" that sought successfully to exclude open source software sharing from Article 13. As the press release said:

We are glad we were able to raise awareness and understanding of what drives software development in Europe nowadays among many policy makers. The exclusion of Free Software code hosting and sharing providers from this directive is crucial to keep Free Software development in Europe healthy, solid and alive.

It went on to say:

As upload filters are now introduced, we urge the European Commission to avoid filtering monopolies by companies this directive actually intended to regulate.

That is, indeed, a real threat: Google has spent over $100 million developing its Content ID filtering system for YouTube. Few other companies will be able to match that. Rather ironically, Article 13 may end up giving Google a near-monopoly over large parts of the upload filtering market. Here’s how the FSFE proposed to tackle that problem:

We call on the European Commission to promote the dissemination of Free Software filter technologies, including financial support, for instance within the framework of research programmes Horizon2020 and Horizon Europe.

Perhaps the FSFE was so keen to promote free software everywhere that it didn't really think this through. Anyway, a couple of days later, the FSFE came to its senses, and deleted the call for "Free Software filter technologies", and half-apologized:

The original version of this press release urged the European Commission to act to avoid filtering-monopolies, but our description of our position on filters was unclear and incomplete. The FSFE is not, and has never been, in favour of developing "fundamentally flawed filtering technologies". The FSFE has been fighting against upload filters since the beginning, e.g., as a signatory of Copyright for Creativity or Create Refresh, and joined more than 80 organisations asking the EU member states to reject the harmful Article 13 (now, Art. 17). The FSFE will support solutions to preserve users' right to be in control of technology and ethical standards for service operators.

That's more like it: the correct response to the authorities making shackles compulsory is not to try to make better shackles, but to point out how bad any kind of shackle is. The FSFE now seems to agree unequivocally.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: copyright, eu, eu copyright directive, filters, free software, open source
Companies: fsfe

Oracle's Lead Lawyer Against Google Vents That The Ruling 'Killed' The GPL

from the but-that's-not-true dept

When the Federal Circuit Appeals Court (CAFC) initially made its nutty ruling saying that APIs are copyright-eligible subject matter, many in the copyright and tech world were not only shocked, but were tremendously worried about how the ruling would impact innovation and software development going forward -- while supporters on the other side brushed off such concerns.

Now that the second trial has found that, even if APIs are covered by copyright, Google's use of the Java APIs in Android was fair use, perhaps it's only fair that people on the losing side are lashing out in the same manner as people on the other side did after the CAFC ruling.

Annette Hurst, the lawyer who led the case on the Oracle side, posted her thoughts to LinkedIn, claiming that the ruling represents the "death of free software," and, more specifically, saying that the ruling "killed" the GPL (General Public License, even though at the trial one witness insisted it was the Gnu Public License). From reading her post, it appears that she either doesn't understand that software and APIs are not the same thing, or that she just doesn't care. The whole argument is strange, and starts off with a bizarre, and simply wrong, assertion that "no copyright expert" would have predicted this result:

The developer community may be celebrating today what it perceives as a victory in Oracle v. Google. Google won a verdict that an unauthorized, commercial, competitive, harmful use of software in billions of products is fair use. No copyright expert would have ever predicted such a use would be considered fair. Before celebrating, developers should take a closer look. Not only will creators everywhere suffer from this decision if it remains intact, but the free software movement itself now faces substantial jeopardy.

Except, of course, tons of copyright experts predicted exactly this result (and many more argued that APIs should not be subject to copyright at all). Famed copyright scholar Pam Samuelson has been writing extensively about the case, focusing both on why APIs should not be covered by copyright (and, why basically every other court has agreed) as well as why, even if it is covered, it's fair use. Hell, she even wrote a response to the Hurst piece, explaining why Hurst was wrong. It's weird for Hurst to take a position that actually seems at odds with a huge number of copyright experts, and then state that none would take the position that many did.

From there, she appears to misunderstand the point made by the other side in the very case she led:

While we don't know what ultimately swayed the jury, Google's narrative boiled down to this: because the Java APIs have been open, any use of them was justified and all licensing restrictions should be disregarded. In other words, if you offer your software on an open and free basis, any use is fair use.

If that narrative becomes the law of the land, you can kiss GPL goodbye.

Except she's exaggerating here and misrepresenting the key issues in the case. No one was arguing, as she implies, that any software that is described as "free and open" or that is using the GPL means that any use is fair. Again, she's conflating APIs with actual software. The ruling doesn't impact software the way she thinks it does because she doesn't seem to want to acknowledge that APIs are not software. They're just a structure -- a table of contents effectively.

No business trying to commercialize software with any element of open software can afford to ignore this verdict. Dual licensing models are very common and have long depended upon a delicate balance between free use and commercial use. Royalties from licensed commercial distribution fuel continued development and innovation of an open and free option. The balance depends upon adherence to the license restrictions in the open and free option. This jury's verdict suggests that such restrictions are now meaningless, since disregarding them is simply a matter of claiming "fair use."

This is simply not true. The case revolved around the fact that the API and its "declaring code" are fundamentally different from the actual source code within the operating system. It serves an entirely different purpose. Part of the reason why the use of the same API is considered fair use is because of that very nature of it: the API is more functional -- it's like a pointer or a reference, rather than an actual bit of code. It's only if you don't understand that the two things are different that this ruling leads to the problems that Hurst describes. A case with the same facts, but where straight up source code was copied would have a much tougher uphill battle on the fair use front.

Developers beware. You may think you got a win yesterday. But it's time to think about more than your desires to copy freely when you sit down at a keyboard.

Once again, this shows a rather unfortunate ignorance of how coding works. It's not about a desire to "copy freely." It's about building amazing and innovative services, and making use of APIs to increase interoperability, which increases value. Copying an API structure is also just much more about making developers comfortable in using new environments. You know, like how Oracle copied SQL from IBM. Because lots of people understood SELECT-FROM-WHERE and it made little sense to create a relational database that didn't use that structure. It's not about copying freely. It's about interoperability.

And, really, the idea that an Oracle lawyer is "concerned" about the future of the GPL is fairly laughable. Thankfully, many people have weighed in in the comments -- including plenty who are quite familiar with the GPL and software development to explain to Hurst why she's wrong. Somehow, I think she has some fairly strong reasons to ignore those responses.

Filed Under: annette hurst, apis, copyright, fair use, free software, gpl, software, source code
Companies: google, oracle

Free Software Foundation Certifies 3D Printer -- And Why That Matters

from the I'm-sorry,-Dave,-I'm-afraid-I-can't-do-that dept

Last week Mike wrote about a new patent from Intellectual Ventures that seeks to assert ownership of the idea of DRM for 3D printing. The article in Technology Review that Techdirt linked to explains how things would work:

"You load a file into your printer, then your printer checks to make sure it has the rights to make the object, to make it out of what material, how many times, and so on," says Michael Weinberg, a staff lawyer at the nonprofit Public Knowledge, who reviewed the patent at the request of Technology Review. "It’s a very broad patent."

That's a pretty obvious approach, which any halfway competent engineer would come up with, so it's hard to see how it was ever granted a patent. But leaving aside this familiar problem with the patent system, there's an important issue skated over in the above explanation. It assumes that the printer has the power to disobey you -- that is, to refuse to print out an object that you want, because of the DRM in the file describing it, or because it doesn't have DRM at all. This parallels the situation for computers, where DRM is based on the assumption that your computer is not fully under your control, and has the ability to ignore your commands. That's one of the reasons why free software is so important: it is predicated on the idea that the user is always in control.

Against the background of the new 3D-printing patent, this announcement from the Free Software Foundation (FSF) that it has recently certified a 3D printer made by Aleph Objects as "respecting the user's freedom", takes on a particular significance:

The Free Software Foundation (FSF) today awarded its first Respects Your Freedom (RYF) certification to the LulzBot AO-100 3D Printer sold by Aleph Objects, Inc. The RYF certification mark means that the product meets the FSF's standards in regard to users' freedom, control over the product, and privacy.

Here are the FSF's criteria for making the award:

The desire to own a computer or device and have full control over it, to know that you are not being spied on or tracked, to run any software you wish without asking permission, and to share with friends without worrying about Digital Restrictions Management (DRM) -- these are the desires of millions of people who care about the future of technology and our society. Unfortunately, hardware manufacturers have until now relied on close cooperation with proprietary software companies that demanded control over their users. As citizens and their customers, we need to promote our desires for a new class of hardware -- hardware that anyone can support because it respects your freedom.

That is, in making the award, the FSF has established that the LulzBot remains fully under the user's control.

Until now, that hasn't been an issue -- there's no practical way to stop someone from simply downloading a file and then printing it out on a compatible 3D printer. But the patent from Intellectual Ventures is the first step towards a time when users of 3D printers will be confronted with issues of control in exactly the same way that computer users are today.

Once 3D printing becomes more widespread, we can certainly expect pressure from manufacturers to bring in laws against unauthorized copying of physical objects and circumvention of 3D DRM schemes, just as the copyright industries have pushed for ever-harsher laws against file sharing. They may even try to get open hardware systems like the LulzBot made illegal on the grounds that the user is fully in control – just as media companies would doubtless love to make computers running free software illegal. That's a battle they lost, largely because free software existed long before digital media files were sold to consumers. We may not be so lucky next time.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Filed Under: 3d printing, free software, open source, user freedom

Free As In Freedom: But Whose Freedom?

from the nobody-said-it-would-be-easy dept

It would be hard to overstate the contribution of Richard Stallman to the digital world. The founding of the GNU project and the creation of the GNU General Public License laid the foundations for a wide range of free software that permeates computing from smartphones to supercomputers. Free software has also directly inspired like-minded movements based around sharing, such as open access and open content (Wikipedia, notably).

At the heart of everything Stallman does lies a desire to promote freedom, specifically the freedom of the software user, by constraining the freedom of the developer in the way the code is distributed. That's in contrast to BSD-style licenses, say, where the developer is free to place additional restrictions on the code, thus reducing the freedom of the user.

Karl Fogel on QuestionCopyright.org recently asked why Stallman doesn't grant readers of his texts the same freedoms as for software, for example to create derivatives:

Recently we had some correspondence with an Internetizen known to us only as "openuniverse" or "libreuniverse", who resigned his membership in the Free Software Foundation over Stallman's insistence on exercising his state-granted monopoly to prevent derivative works from being made of his writings and speeches.

I phrase it that way for a reason. Elsewhere, you might see it expressed as "Stallman's insistence on using his copyright to control what can be done with his works". But Stallman himself understands these issues very well, and could easily spot the unspoken assumptions in that way of putting it. No one was asking to change his works, or to attribute to him thoughts or expressions not his. No one's existing copies of Stallman's works would be changed. Rather, openuniverse wanted to make a new work, using material from one of Stallman's books -- and Stallman quashed it.

The main GNU site explains:

Works that express someone's opinion—memoirs, editorials, and so on—serve a fundamentally different purpose than works for practical use like software and documentation. Because of this, we expect them to provide recipients with a different set of permissions: just the permission to copy and distribute the work verbatim. Richard Stallman discusses this frequently in his speeches.

Here's what Stallman said:

The second class of work is works whose purpose is to say what certain people think. Talking about those people is their purpose. This includes, say, memoirs, essays of opinion, scientific papers, offers to buy and sell, catalogues of goods for sale. The whole point of those works is that they tell you what somebody thinks or what somebody saw or what somebody believes. To modify them is to misrepresent the authors; so modifying these works is not a socially useful activity. And so verbatim copying is the only thing that people really need to be allowed to do.

Nina Paley, writing on the QuestionCopyright.org site, disagrees with the idea that "Works that express someone's opinion—memoirs, editorials, and so on—serve a fundamentally different purpose than works for practical use like software and documentation":

The problem with this is that it is dead wrong. You do not know what purposes your works might serve others. You do not know how works might be found “practical” by others. To claim to understand the limits of “utility” of cultural works betrays an irrational bias toward software and against all other creative work. It is anti-Art, valuing software above the rest of culture. It says coders alone are entitled to Freedom, but everyone else can suck it. Use of -ND [No Derivatives] restrictions is an unjustifiable infringement on the freedom of others.

As with software licenses, the question once more comes down to: whose freedom are we talking about here? The freedom for creators to decide how their creations are to be used, or the freedom of users to do with those creations as they wish? The fact that Stallman straddles this divide shows there are no easy answers.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Filed Under: copyright, free software, freedom, richard stallman

Shouldn't Free Mean The Same Thing Whether Followed By 'Culture' Or 'Software'?

from the principles dept

Adapted from a talk and slide show I presented at the Open Knowledge Conference in Berlin on July 1, 2011. --NP
Crossposted from ninapaley.com

Free software is a matter of the users' freedom to run, copy, distribute, study, change and improve the software. More precisely, it means that the program's users have the four essential freedoms:

• The freedom to run the program, for any purpose (freedom 0).
• The freedom to study how the program works, and change it to make it do what you wish (freedom 1). Access to the source code is a precondition for this.
• The freedom to redistribute copies so you can help your neighbor (freedom 2).
• The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

-- The Free Software Definition

These are the Four Freedoms of Free Software. They are foundational principles, and they are exactly right. They have served and continue to serve the Free Software Movement very well. They place the user's freedom ahead of all other concerns. Free Software is a principled movement, but Free Culture is not – at least not so far. Why?

1. The No Derivatives (-ND) Restriction

If you tinker with software, you can improve it. You can also break it or make it worse, but the Freedom to Tinker is one of the foundational 4 Freedoms of Free Software. Your software may also be used for purposes you don't like, used by “bad people,” or even used against you; the Four Freedoms wisely counsel us to GET OVER IT.
Unfortunately, The Free Software Foundation does not extend “Freedom to Tinker” to Culture:



Cultural works released by the Free Software Foundation come with “No Derivatives” restrictions. They rationalize it here:

Works that express someone's opinion—memoirs, editorials, and so on—serve a fundamentally different purpose than works for practical use like software and documentation. Because of this, we expect them to provide recipients with a different set of permissions (notice how users are now called "recipients," and their Freedoms are now called "permissions" --NP): just the permission to copy and distribute the work verbatim. (link)

The problem with this is that it is dead wrong. You do not know what purposes your works might serve others. You do not know how works might be found “practical” by others. To claim to understand the limits of “utility” of cultural works betrays an irrational bias toward software and against all other creative work. It is anti-Art, valuing software above the rest of culture. It says coders alone are entitled to Freedom, but everyone else can suck it. Use of -ND restrictions is an unjustifiable infringement on the freedom of others.

For example, here I have violated the Free Software Foundation's No-Derivatives license:

The Four Freedoms of Free Culture:

1. The freedom to run, view, hear, read, play, perform, or otherwise attend to the Work;
2. The freedom to study, analyze, and dissect copies of the Work, and adapt it to your needs;
3. The freedom to redistribute copies so you can help your neighbor;
4. The freedom to distribute copies of your modified versions to others. By doing this you can give the whole community a chance to benefit from your changes.
(link)

Without permission, I've created a derivative work: the Four Freedoms of Free Culture. Although I violated FSF's No-Derivatives license, they violated Freedoms # 2 and 4, so we're even.

1. The Non-Commercial (-NC) Restriction

The Freedom to Distribute Free Software is essential to its success. It has given rise to many for-profit businesses that benefit the larger community.

Red Hat, Canonical – would the world be better if such companies were forbidden? Would Free Software benefit from a ban on those businesses?

Yet the Cultural ecosystem is stunted by the prevalence of Non-Commercial restrictions. These maintain commercial monopolies around works, and – especially for vocational artists like me – are functionally as restrictive as unmodified copyright. Yet they are widely mislabeled “Free Culture,” or even “Copyleft.”

This is a still from the mostly excellent and popular documentary RiP: A Remix Manifesto. This film is many peoples' introduction to the term “Free Culture” and “Copyleft.” But as you can see, the Non-Commercial restriction is lumped in with actual Free license terms.

See that dollar sign with the slash in it? That means Non-Commercial restrictions, which are most definitely NOT Copyleft. (I've posted about Creative Commons' branding confusion before, but it's only gotten worse since then.) This film is itself licensed under unFree Non-Commercial restrictions. As an artist and filmmaker, I have found confusion is rampant among my creative colleagues. Some filmmakers are beginning to think the term “Free Culture” is cool, but they still want to restrict others' freedom and impose commercial monopolies on their works. The book Free Culture by Lawrence Lessig its itself not Free culure, but it is widely looked up to. It sets an unfortunate and confusing example with its Non-Commercial license. It illustrates the absence of guiding principles in the Free Culture movement.

I have spoken to many artists who insist there's “no real difference” between Non-Commercial licenses and Free alternatives. Yet these differences are well known and unacceptable in Free Software, for good reason.
Calling  Non-Commercial restrictions “Free Culture” neuters what could be an effective movement, if it only had principles.

So what do I want?

I want a PRINCIPLED Free Culture Movement.

I want Free Software people to take Culture seriously. I want a Free Culture movement guided by principles of Freedom, just as the Free Software movement is guided by principles of Freedom. I want a name I can use that means something – the phrase “Free Culture” is increasingly meaningless, as it is often applied to unFree practices, and is also the name of a famous book that is itself encumbered with Non-Commercial restrictions.

I want a Free Culture ecosystem that allows artists to make money. I want anyone to be able to accept money for their work of remixing and building on Culture – just as a trucker can accept money for driving on a road. I want money to be among the many incentives to participate in building culture. Without the freedoms to Tinker and Redistribute without restriction, there is little incentive to build on  and improve cultural works. There is little reward to help your neighbor, when you are guaranteed to lose money doing so. “Free Culture” with non-Commercial restrictions will remain a hobby for those with a surplus of time and labor, and those who only accept money from monopolists.

I want commerce without monopolies. I want people to understand the difference.

I want a Free Culture ecosystem that includes equivalents of  businesses like Red Hat and Canonical. I want cultural businesses that give back to their communities, that work with their customers instead of against them. Only if we refuse to place Non-Commercial and No-Derivatives restrictions on our works will a robust Free Culture ecosystem be able to emerge.

I want the Free Software community – those who currently best understand the Four Freedoms – to champion the rest of Culture, not just Software. I want Freedom for All.

Filed Under: free, free culture, free software, freedom

Teacher Threatens Linux Distributor: No Software Is Free

from the corrupting-the-youth-with-linux dept

Rich Kulawiec writes in to point to the rather amusing story of a teacher in Austin, Texas who supposed sent a threatening letter to the HeliOS Project, which builds and provides Linux computers to disadvantaged or "exceptionally promising" students. The letter complains that in distributing free software, the teacher believes it's likely that something illegal is happening, and everyone should be using Windows. To be honest, the letter is so over-the-top that it almost makes me wonder if it's real. It feels a bit like a put on of the drug wars (especially the whole "I along with many others tried Linux during college..."). However, if it's real...

....observed one of my students with a group of other children gathered around his laptop. Upon looking at his computer, I saw he was giving a demonstration of some sort. The student was showing the ability of the laptop and handing out Linux disks. After confiscating the disks I called a confrence with the student and that is how I came to discover you and your organization.

Mr. Starks, I am sure you strongly believe in what you are doing but I cannot either support your efforts or allow them to happen in my classroom. At this point, I am not sure what you are doing is legal. No software is free and spreading that misconception is harmful. These children look up to adults for guidance and discipline. I will research this as time allows and I want to assure you, if you are doing anything illegal, I will pursue charges as the law allows. Mr. Starks, I along with many others tried Linux during college and I assure you, the claims you make are grossly over-stated and hinge on falsehoods. I admire your attempts in getting computers in the hands of disadvantaged people but putting linux on these machines is holding our kids back.

This is a world where Windows runs on virtually every computer and putting on a carnival show for an operating system is not helping these children at all. I am sure if you contacted Microsoft, they would be more than happy to supply you with copies of an older verison of Windows and that way, your computers would actually be of service to those receiving them..."

The guy's response to the letter is equally over-the-top. But, if the letter is true, he's right that supporters of free software still have quite a long ways to go in their education campaign. Perhaps they should start suing. After all, the RIAA and MPAA have been telling us that lawsuits=education campaign for years now...

Filed Under: austin, free software, helios project, linux, teacher