Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process

from the tales-from-the-crypto dept

If you're in the IT industry, as I am, and you come across someone talking about using Norton or Symantec antivirus software, as I occasionally do, it typically sends you diving for your calendar to check what year we're in. The a/v provider, once dominant in the space, has since built a reputation for itself as bloated software that is mostly effective at grinding your computer to a halt. Whether or not that reputation is deserved, the company has also had issues in the past with users claiming an inability to fully remove Norton software when attempting an uninstall. So, a checkered recent past is the point.

Which makes Norton the perfect antivirus company to rollout an update to its Norton 360 platform to allow customers to mine Ethereum with its software!

What is Norton Crypto?
Norton Crypto is a feature made available in Norton 360 which you can utilize for mining cryptocurrency when your PC is idle. Currently, Norton Crypto is limited to users with devices that meet the required system requirements.

Now, the FAQ has, as its second bullet point, a notification that this is all opt-in... but I am 99% sure that wasn't there when I first viewed it. (Editor's note: Sure enough, Wayback Machine shows that the page did not originally say that it was only opt-in -- though it also does not say that it's only opt-out). Shame on me for not grabbing a screenshot to be sure, but there were plenty of folks on Twitter who read through it and took this all as sneaky and opt-out.

Now, about that cut that Doctorow references. The FAQ notes that there is no software licensing fee needed to utilize this feature. It's included in your Norton 360 subscription. However, Norton also takes a 15% cut of all cryptocurrency that is mined by the user's computer. Twitter had much to say about this as well. Some see this as mostly a free money-grab by Norton, getting a 15% cut when nearly all the mining work is being done on its customers' computers. Others pointed out that, based on the price of Ethereum, current mining rate projections, and the cost of energy... using this software might actually be a net-negative revenue generator for anyone using it, due to the increase in energy consumption to keep an otherwise idle machine spending GPU cycles to mine crypto.

And still others have pointed out that there are already complaints from users of the platform over, you guessed it, a convoluted process for uninstalling the feature from their computers.

However, according to mAxius and other users, there is no way to fully opt out of the program, and you actually have to dig into NCrypt.exe in your computer’s directory to delete it.

That may not seem like a big deal, but Norton has a rocky relationship with its user base, and the company has seen controversy in the past for poor transparency and not entirely deleting files when uninstalled.

So, in summary, Norton proudly announced that it was adding a feature for users to repurpose antivirus software to mine cryptocurrency, which likely wasn't clearly labeled as an opt-in feature, in order to take a 15% cut from its own customer base when its used and which it made difficult to actually uninstall if a customer wants to be rid of it.

I'll give Norton this, at least: this is all very on-brand.

Filed Under: cryptomining, ethereum, minining, norton 260, norton crypto, opt-in, opt-out, skimming
Companies: norton

Apple's 'Do Not Track' Button Is Privacy Theater

from the privacy-theater-incorporated dept

Earlier this year Apple received ample coverage about how the company was making privacy easier for its customers by introducing a new, simple, tracking opt-out button for users as part of an iOS 14.5 update. Early press reports heavily hyped the concept, which purportedly gave consumers control of which apps were able to collect and monetize user data or track user behavior across the internet. Advertisers (most notably Facebook) cried like a disappointed toddler at Christmas, given the obvious fact that giving users more control over data collection and monetization, means less money for them.

By September researchers had begun to notice that Apple's opt-out system was somewhat performative anyway. The underlying system only really blocked app makers from accessing one bit of data: your phone's ID for Advertisers, or IDFA. There were numerous ways for app makers to track users anyway, so they quickly got to work doing exactly that, collecting information on everything from your IP address and battery charge and volume levels, to remaining device storage, metrics that can be helpful in building personalized profiles of each and every Apple user.

Privacy advocates and the press noted how this was all giving Apple users a false sense of security without really fixing much. Privacy experts and press outlets also repeatedly informed Apple this was happening, but nothing changed. In fact, the Financial Times notes that six months after the feature was introduced, Apple has further softened its stance on the whole effort:

"But seven months later, companies including Snap and Facebook have been allowed to keep sharing user-level signals from iPhones, as long as that data is anonymised and aggregated rather than tied to specific user profiles.

Here's the thing. There's been just an absolute torrent of studies showing how "anonymizing" data is a gibberish term. It only takes a few additional snippets of data to identify "anonymized" users, yet the term is still thrown around by companies as a sort of "get out of jail free" card when it comes to not respecting user privacy. There's an absolute ocean of data floating around the data broker space that comes from apps, OS makers, hardware vendors, and telecoms, and "anonymizing" data doesn't really stop any of them from building detailed profiles on you.

Apple's opt-out button is largely decorative, helping the company brand itself as hyper privacy conscious without actually doing the heavy lifting required of such a shift:

"Lockdown Privacy, an app that blocks ad trackers, has called Apple’s policy “functionally useless in stopping third-party tracking”. It performed a variety of tests on top apps and observed that personal data and device information is still “being sent to trackers in almost all cases."

A lot of folks spend a lot of time trying to tap dance around a fundamental truth: any effort to give consumers more control and clear insight over what's being collected or sold reduces revenues by billions of dollars annually, even if only a fraction of existing users take advantage. And nobody with their face buried deep in the data monetization trough wants that. It's why it's 2021 and the U.S. still doesn't even have a basic, clear privacy law for the internet era. Not even a super clean one mandating basic transparency requirements and working opt-out tools.

So what we get instead is a lot of gibberish and privacy theater by a lot of folks who don't want to take even a tiny hit in revenues in exchange for healthier markets and happier users.

We also get just an endless parade of semantics, like ISP claims they "don't sell access to your data" (no, they just give massive "anonymized" datasets away for free as part of a nebulous, broader arrangement they do get paid for). We get tracking opt-out tools that don't actually opt you out of tracking, or opt you back in any time changes are made. And we get endless proclamations about how everybody supports codifying federal privacy laws from companies that immediately turn around and spend millions of dollars lobbying to ensure even a basic privacy law never sees the light of day.

At some point this combination of feckless oversight, rampant overcollection of data, minimal transparency, and repeated failure to adhere to the basics on data security will result in a privacy scandal that makes the last fives years' worth of scandals look like a grade school picnic. When that happens, we might finally see some traction on at least a basic law that mandates transparency, opt-out tools that actually work, and penalties for lax security. Until that momentum shift happens, the majority of "privacy reform" efforts are going to have a high ratio of meaningless song and dance.

Filed Under: apps, data, do not track, ios, opt-in, opt-out, privacy
Companies: apple, facebook, snap

Amazon's Idea For A Mesh Network Is Cool; Its Method Of Rolling It Out Is Not

from the c'mon-guys dept

Over the weekend there was a bit of a reasonable fuss raised after Ars Technica noted that all of the various Amazon connected devices (including Alexa, Echo, Ring, etc.) would become part of a mesh network called Amazon Sidewalk, in which the devices would be sharing a tiny tiny bit of bandwidth across the network of devices. The idea behind the mesh network is kind of cool, and there are some clear benefits to using it.

But, of course, this is Amazon we're talking about -- a giant company, and the method of rolling this out seems to have caught a ton of people by surprise: namely opting everyone into the program with a short timeline to opt-out. That seems less than ideal. Lots of privacy folks are concerned, in general, with two aspects of this: the fact that people may be suddenly sharing data with their neighbors without necessarily realizing it, and the tie-in to Amazon, which is (again) a large company that tends to collect quite a bit of data on people. To its credit, Amazon released a pretty comprehensive whitepaper exploring the privacy and security protections they've built in to Sidewalk, and my guess is that for many consumers the benefits of easier setup and better connectivity via Sidewalk will seem worth it to them.

The real issue, then, is forcing everyone into the network. Obviously, it's no surprise why this was done. A mesh network really only works if you have enough nodes on the network to make it useful. So it makes sense that Amazon would want as many of the devices to be on the network on day one as possible. However, given the company and the public scrutiny it has received of late, it seems like it should have anticipated these concerns a lot more, pushed for an opt-in setup (perhaps with incentives), rather than jumping to the "hey, we're adding this automatically" approach.

While it's possible that Amazon is betting that the concerns over this will blow over, and having so many nodes on the network will make it worthwhile to take the short-term heat, it still surprises me that the big internet companies don't take more steps to alleviate these kinds of concerns up front, including taking a more cautious approach. But, perhaps that's why I don't run a giant internet company.

Filed Under: alexa, amazon sidewalk, echo, iot, mesh network, opt-in, opt-out, privacy, ring, sharing
Companies: amazon

Many Of Those Desperate GDPR Emails You've Been Getting Are Violating A Different EU Regulation

from the not-to-mention-unnecessary dept

As we careen wildly into a post-GDPR world at the end of this week, you've probably already been inundated with tons upon tons of emails from various companies where you either have an account or have been signed up for their mailing list. Some of these emails likely note that they want you to confirm that you want to remain on their list because of the GDPR. Others pretend they're just checking in with you for the hell of it. According to an expert in EU regulation, many of these emails probably violate another EU regulation, one designed to make spamming illegal. As for the others? They're almost certainly not necessary under the GDPR and appear to be people misunderstanding the GDPR "out of an abundance of caution."

In short, if a service already has proper permission from you, then it doesn't need to get it again. If it doesn't, it's violating EU spam regulations by asking you to give your consent to receive such messages.

Vitale said, if the business really does lack the necessary consent to communicate with you, it probably lacks the consent even to email to ask you to give it that consent.

“In many cases the sender will be breaching another set of regulations, the Privacy and Electronic Communications Regulations, which makes it an offence to email someone to ask them for consent to send them marketing by email.”

And, yes, EU regulators are aware of all of this:

“We’ve heard stories of email inboxes bursting with long emails from organisations asking people if they’re still happy to hear from them,” Steve Wood, the deputy information commissioner, wrote in guidance for businesses. “So think about whether you actually need to refresh consent before you send that email, and don’t forget to put in place mechanisms for people to withdraw their consent easily.”

Like Vitale, Wood emphasised that asking for marketing consent from people who had not given it initially could be illegal. “It’s also important to remember that in some cases it may not be appropriate to seek fresh consent if you are unsure how you collected the contact information in the first place, and the consent would not have met the standard under our existing Data Protection Act,” he said.

Depending on how you look at this, it's either the most European of European regulation situations -- in which efforts to comply with a new set of convoluted regulations means violating existing convoluted EU regulations -- or just another example of how ridiculous companies act. Still, it does seem fairly clear that the whole GDPR situation is an utter mess, with tons of companies having no idea what they actually need to do, or how to actually comply with the law.

Whether you think the GDPR is a wonderful innovation in protecting our privacy, or you think it's a giant clusterfuck of bureaucratic virtue signaling, it does seem like it could be something of a general problem if basically every internet company everywhere has no idea how to actually be in compliance.

Filed Under: data protection, email, eu, gdpr, opt-in, permission, privacy, spam

ISP-Loyal Marsha Blackburn Pushing New Broadband Privacy Law, But It's A Hollow PR Show Pony With No Chance Of Passing

from the legislative-lambada dept

You might recall that Tennessee Representative Marsha Blackburn recently played a starring role in gutting FCC consumer broadband privacy protections using the Congressional Review Act. It was one of the more bare-knuckled examples of pay to play government in recent memory, and many of the straight GOP-line voters have been getting an earful from their constituents back home. Utterly unmoved, most of those lawmakers have quickly shifted on their heels and are now busy trying to gut net neutrality with the same blatent disregard for public opinion they showed while killing privacy protections.

In what appears to be largely a PR move to try and deflect significant criticism for her large ISP-friendly policies, Blackburn has subsequently introduced the BROWSER Act -- aka the Balancing the Rights of Web Surfers Equally and Responsibly Act. The act, as the FCC's now-discarded rules would have done, requires that consumers must opt in before a broadband provider is allowed to collect and sell subscriber information.

According to a Blackburn press statement on the legislation, killing the FCC's popular privacy protections, then introducing this new bill (which has little more than zero chance of passing for reasons we'll get into) was necessary to eliminate "confusion":

"As a Member of the House Homeland Security Committee's Cybersecurity Subcommittee, internet privacy and security must be a top priority. Step one in that process was to override any regulation that creates more confusion by giving jurisdiction to multiple agencies, only to have them regulate only one-half of the digital world.

Step two in that process is to introduce comprehensive internet privacy legislation that will more fully protect online users in their use of Internet Service Providers (ISPs), search engines and social media,” said Fitzpatrick. “The BROWSER Act does just that. We must offer American citizens real internet privacy protection, not mere lip service which gives internet users false expectations about their level of online security. I encourage all House members who are serious about protecting our constituents' online privacy to join me in advancing this bill."

So, as we already noted in great detail, this appears to be part of a script that was hashed out months ago by the GOP. Step one is to gut FCC oversight authority over one of the least-competitive sectors in American industry by killing the privacy protections, walking back net neutrality, and dismantling the FCC's 2015 decision to classify ISPs as common carriers under Title II of the Communications Act. From there, the plan is to shovel any remaining oversight of giant broadband duopolies to an FTC Blackburn (and the ISPs that adore her) know is ill suited to provide meaningful, real oversight.

The FTC lacks rule-making authority, is already under-funded and over-extended, and AT&T lawyers have shown they may already be able to tapdance around the agency's authority anyway. This was all pretty well spelled out in a recent interview by former FCC boss Tom Wheeler, during which he called this particular plan a "fraud":

It’s a fraud. The FTC doesn’t have rule-making authority. They’ve got enforcement authority and their enforcement authority is whether or not something is unfair or deceptive. And the FTC has to worry about everything from computer chips to bleach labeling. Of course, carriers want [telecom issues] to get lost in that morass. This was the strategy all along.

With the attacks on net neutrality and privacy becoming politically toxic, it's highly unlikely that Blackburn's proposal sees any serious support among Democrats. And because it actually would wind up expanding regulatory authority over "edge providers" (Netflix, Google, other content companies), it's not likely to see support among many Republicans, either. According to a joint statement made under the umbrella of the Internet Association, internet companies like Google, Netflix, and Twitter also oppose the new law:

We, along with a broad swath of the American economy, are aware of the BROWSER Act and are tracking the proposal. This bill has the potential to upend the consumer experience online and stifle innovation. Policymakers must recognize that websites and apps continue to be under strict FTC privacy enforcement and are not in an enforcement gap, unlike other stakeholders in the ecosystem.

This is all an arguably bizarre move for a politician that has shown, time and time again, that her very top priority is always the interest of giant ISPs like Comcast and AT&T -- coincidentally her top campaign contributors. Blackburn, who supported SOPA, has pushed legislation repeatedly trying to kill net neutrality under the banner of "restoring freedom." She's also gone out of her way to defend AT&T and Comcast's efforts to pass state-level protectionist laws hindering competition, which is a major reason her home state of Tennesee is one of the least connected states in the nation.

And this new privacy legislation -- which again expands regulation of internet content companies -- is also strange for a lawmaker that has consistently insisted over the years that "regulating the internet" kills innovation:

Which brings us to the multi-million-dollar question: if Blackburn is such an obvious servant to the interests of telecom duopolies, why is she pushing a law that would add regulatory burdens on both ISPs and content companies alike?

As the ACLU was quick to note in their review of the bill, the biggest goal appears to be to preempt a lot of the state and city regulations that have been popping up all over the country in response to the killing of the FCC's rules. More than 17 states have introduced privacy broadband rules in the wake of the death of the FCC rules, and whatever loophole-filled final draft Blackburn submits would be certain to preempt these already tougher protections:

In some cases, state legislation being considered is stronger than what would have been required under the FCC rules. For example, in New Hampshire, a bipartisan bill would prohibit providers from offering discounts to individuals who waive their privacy rights – something the ACLU urged but the FCC declined to do in its rules. Many states have also pressed for limits on not just the use but also the collection of information.

...Skepticism of Rep. Blackburn’s motives is also warranted given her voting history. Rep. Blackburn introduced the legislation to gut the FCC rules. If she had truly been interested in creating parity between the privacy standards applied to edge and internet providers, she could and should have worked to strengthen and replace the rules. Instead, she irresponsibly pushed for reversal of the rules, leaving an enormous privacy gap. Introduction of this legislation, which thus far shows no indication that it will become law and could easily be watered-down, does not remedy this reckless act."

Indeed, killing these state-level privacy protections does appear to be a top GOP priority after the March vote to kill the FCC rules. FCC majority Commissioners Ajit Pai and Mike O'Rielly have already said they plan to somehow prevent states from imposing such protections. You're to ignore that Pai and Blackburn have argued that anti-competitive protectionist laws written by the likes of AT&T are a "states' rights" issue, but now when states are looking to actually protect consumers it's a bridge too far.

But the primary reason Blackburn is pushing this proposal is that she knows it has absolutely no chance of passing, but may provide PR cover for her increasingly-obvious, duopoly-favoring telecom policy proposals ahead of the 2018 elections. Blackburn has been hammered in recent months via giant billboard ads purchased by activists criticizing her privacy sell out in her home state of Tennessee. There's nothing particularly subtle about the campaign:

Either way it's a win/win for Blackburn. If it passes, Blackburn's friends at AT&T and Comcast will ensure it's crafted to be aggressively weaker than state-level laws, overseen by an FTC they know won't have the authority, funding or time to actually police the subject. If it doesn't pass, it still functions as a marketing message designed to try and convince the voters that Blackburn isn't the anti-consumer Comcast coddler her voting record and campaign contributions clearly show she is.

Filed Under: broadband privacy, browser act, isps, marsha blackburn, opt-in, privacy

Network Solutions Tries To Auto-Enroll Users Into Its $1,850/Year Domain 'Protection Plan'

from the network-solutions-execs-decide-to-take-company-down-from-the-inside dept

Any service that is going to require additional time, money or labor from a user should be opt in, period. Making something opt out is for cowards and scammers. If you think the new whatever might be unpopular but you want to make it happen anyway, you make it opt out and delay the outrage until after the implementation. That's how cowards run the shop. If you're just trying to generate some income without actually earning it, you make the new paid service (or pricier service) opt out, and hope that the additional funds outweigh the cost of lost business.

Here's what hosting company Network Solutions (a.k.a. Web.com) recently tried to hit software developer Brent Simmons with, in the form of an "opt out" service. (via Techdirt reader Andrew F)

I got an email from Network Solutions — where I still have two domains, originally registered in the ’90s — that informed me I have been enrolled in their WebLock Program.

To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.

That's must be some pretty hefty security, especially considering Web.com hosting usually runs about $40 a year. Simmons first thought was that it was a scam (which it kind of is…) being run by someone not related to Network Solutions. He contacted the company and was somewhat surprised to hear that it was indeed planning to jack his plan up from $40/year to $1,850/year on the anniversary date. Needless to say, Simmons informed Network Solutions that he would find somewhere else to host his domains.

Kevin Poulsen at Wired followed up with Network Solutions to see if it could explain why it was planning on increasing Simmons' rates by 2,300% and, as if that wasn't bad enough, doing it as an opt out program. Web.com's COO, Jason Teichman, offered this explanation:

“I will admit that email is not worded properly, and not worded in any way what represents what we’re going to do,” says Teichman. “No customer will be enrolled in this program without their consent, period. No customer will have to opt out, period.”

Teichman declined to elaborate on how the email came to be phrased as it did. He says the email went to only 50 customers, and that only 30,000 customers — about one percent of Network Solution’s base — will even be offered the program. “Our intent is to focus on customers who have a lot of traffic and who have highly visible brands,” he says. “When these domains are hijacked the cost is insane.”

"Not worded properly." Simmon's has a screenshot of the entire email at his website, and to say the email wasn't "worded properly" is to call into question much of the language surrounding the astronomical leap in price.

The first few paragraphs rationalize the price jump, citing stats about the increase in domain hijackings. It's when the email finally starts talking money that phrasing becomes important. There's nothing in here that indicates a word or two was simply out of place.

Starting 9:00 AM EST on 2/4/2014 all of your domains will be protected via our WebLock Program.

This doesn't look ambiguous. Whether Simmons wants or needs "WebLock," he's getting it, starting on Feb. 4th.

To help recapture the costs of maintaining this extra level of security for your account, your credit card will be billed $1,850 for the first year of service on the date your program goes live. After that you will be billed $1,350 on every subsequent year from that date. If you wish to opt out of this program you may do so by calling us at 1-888-642-0265.

Nothing here seems unclear, either. Maybe the email was supposed to say "opt in" instead of "opt out" in this paragraph, but the wording earlier in the letter seems to indicate the choice has already been made for Simmons by Network Solutions. That definitely makes it "opt out" in the context.

Now, Web.com's apology and non-explanation is accurate about one thing: this won't be happening to all of its users. It's targeted at the more popular sites it hosts. Larry Seltzer at ZDNet tracked down exactly who Web.com is (well, was) attempting to force to "take advantage" of its auto-enroll, opt out, extremely expensive service.

Web.com's criteria for selecting sites for WebLock were:

1. Domains registered to a Fortune 1000 or a Global 5000 company

2. High Traffic: Domains that fell within Google Page Rank >6 and an Alexa rank of 1-250,000.

(Sidebar: always great to see a forward-thinking internet hosting company is relying on Alexa for traffic rank data… [insert eyeroll emoji before going to press])

If Network Solutions had been able to auto-bill 50 users for $1,850, then it grosses almost $200k for a service that's about as useful as an extended warranty. Sure, if you do get hijacked, it's worth it, but the odds are low that it will happen and any hosting company should be doing its best to prevent this from happening anyway, even without stealthily lifting nearly two grand from your credit card balance (almost) unannounced. And there's no way this service should cost this much. Seltzer points out that "any honest registrar" already offers Weblock-style protection… for free.

First, a little background: Back in the middle of the last decade there was a major problem with domain name theft. Through a variety of fraudulent techniques, bad actors could trick a domain name registrar into transferring your domain name to them. Good luck getting it back when that happened.

It took a long time, but to address the situation a new feature was added which is standard with domain names: the REGISTRAR-LOCK option. When you turn this option on, then modification of the domain name or contact details, as well as deleting or transferring the domain, are all prevented. You have to unlock it first, and the procedures for that are intentionally cumbersome. And REGISTRAR-LOCK is free from any honest registrar.

Seltzer also notes that he spoke to another rep from Network Solutions, CTO Jane Landon, who explained the email to Simmons was a mistake (because his domains weren't ranked high enough to qualify for the extra protection) and that making it opt out was a completely legit way to do business. Obviously, things changed in the few hours between ZDNet's conversation and Wired's conversation.

But Landon's wrong there as well. Chances are the big name customers wouldn't even give the email a second glance if it landed in their inboxes. This is the subject line Network Solutions chose to use:

Your domain is being enrolled in the WebLock Security Program

To anyone scanning their inbox, it looks like nothing more than a commonplace announcement from a company they do business with. It would possibly prompt a "well, that's nice" from the recipient and not much else. Nothing indicates there's an $1850 charge hiding in the wings. Nothing about it demands additional attention -- and that seems to be the point.

Network Solutions meant to target big names and popular sites, ones whose inboxes are stuffed full every day and who would very likely not notice a large expenditure being billed to the corporate card. While the service does indeed have some value, it relies on trusting your hosting company to have your back when your site is compromised. But sneaking a rate hike in under the cover of "A boring, routine announcement about your site" eliminates that trust and results in a growing number of former customers.

Maybe Network Solutions felt it could mitigate the losses in its customer base by collecting $1850 a piece from a percentage of the 30,000 customers it chose to opt in to its program. If so, that's an even worse way to run a business. Service providers should not be actively undermining their customers' expectations and trust in this fashion, and even with all the post-exposure explanations and hand-waving, there's no indication that the company thought handling it this way was a bad idea until it was caught.

Filed Under: auto-enroll, domain protection, opt-in, scams
Companies: network solutions, web.com

Peru Proposes Default Internet Censorship Requiring Opt-in To View Pornography

from the wonder-where-they-got-that-idea-from dept

Techdirt has run a number of posts about David Cameron's dangerous plans to apply default online censorship and make porn opt-in in the UK, supposedly to "protect the children". Now it looks like Peru is following suit (original in Spanish):

The Bill No. 2511/2012-CR (pdf) introduced by Congressman Omar Chehade and the Nationalist caucus raises serious questions about individual freedoms in Peru. The project aims to establish a national system of mandatory filters for all Internet providers to prevent access to pages with pornographic content. This filter would be applied by default to all users of the Internet and the only way around it would be by expressly asking the operator [to turn it off]. To do this, a group of representatives from public bodies would be responsible for determining what content would be subject to censorship. Thus, the proposal seeks to protect minors from access to pornographic sites.

It's not clear whether the Congressman was directly inspired by Cameron, but it seems quite likely, given the close similarity of the two schemes. And we've seen how bad ideas for Internet laws have a tendency to spread rapidly among politicians, notably in the case of France's "three-strikes" approach, which was taken up by the UK, South Korea, New Zealand and the US (albeit in a modified form). If more of these "for the children" censorship bills requiring opt-in to porn start turning up in the near future, we'll know whose fault it is....

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Filed Under: censorship, free speech, opt-in, peru, porn

Did The RIAA Really Just Come Out In Support Of 'Opt-In' Copyright? [Updated]

from the that-would-be-big dept

Here's some potentially big news. The RIAA, who has always appeared to be in favor of ever expanded copyright, may actually be changing its mind. Two separate reports out of the National Academies' meeting on "the impact of copyright policy on innovation" note that RIAA president Cary Sherman apparently stated that he now believes an opt-in registration "formalities" approach to copyright might make sense. Derek Slater, on Twitter, summarized Sherman's statement as:

"my opinion is that pre-Berne system, requiring some sort of registration, makes more sense today."

Of course, the MPAA and the BSA apparently disagreed, with the BSA saying copyright should definitely be opt-out rather than opt-in. That said, it is nice to see the MPAA come out in favor of flexible fair use policies, though I'm sure that's as an alternative to actually improving copyright law.

I've asked the RIAA for comment (updated below) on whether or not this represents a change of position for them, and whether the group would now support an opt-in copyright system that only gives copyright to works that are formally registered (as we had for many, many years). If true, this would really be a huge deal. While an opt-in system has many problems, if set up properly, it's a lot better than the current opt-out system, which obliterated the public domain. An opt-in system at least makes it much easier to feed the public domain.

Update: The RIAA responded to my request as to whether or not this was a policy change, in response, I was told:

His basic point (and I'm quoting from his remarks) was that "we need better ways to distinguish when copyright is a beneficial property right, and when copyright is a meaningless and unwanted right." He was later asked what he meant by this, and he responded that it may be time for creators to affirmatively assert copyright, rather than have it automatically granted to them whether they want it or not. He also explained that this was a personal view, not an RIAA position.

The note also pointed out, correctly that there really "is no way to opt-out" of copyright today. So, while it's not the official RIAA position, I'm still really surprised that Sherman would feel this way, but kudos to him for making a statement that would seem at odds with the RIAA's standard position on copyright.

Filed Under: cary sherman, copyright, formalities, opt-in, riaa
Companies: riaa

Congressmen Not Happy About Charter's Plan To Sell Out Users To Advertisers

from the might-want-to-think-twice dept

While Charter Communications is out defending its efforts to inject ads into your surfing activities by collecting data on where you surf, it appears that some powerful Congressional Representatives are suggesting that Charter might want to think twice about implementing this. Reps. Ed Markey and Joe Barton (who both have a fair amount of power in Congress) have sent Charter a letter warning the company that doing this without letting people affirmatively opt-in may violate the Communications Act, which limits what cable companies can do with customer records. What's really surprising is that, after so much anger over similar efforts in the UK (including similar questions about legality) that Charter forged right ahead with a nearly identical plan in the US, positioning it as an "enhancement." Update And on top of this, reports are now coming out that opt-ing out of this system isn't so easy after all.

Filed Under: advertising, clickstream tracking, congress, ed markey, joe barton, opt-in, opt-out
Companies: charter communications

Marketers Freak Out About Mandates To Make Clickstream Tracking Opt-In Only

from the but-what-about-our-data? dept

With all of the fuss finally being raised concerning clickstream tracking by companies like Phorm and NebuAd, there's an effort underway to force ISPs to make any such tracking strictly opt-in. That is, users would have to proactively agree to allow their data to be used in this manner. In response, various marketers are complaining about how much data they would lose, claiming it would be an "armageddon" for the industry. Don't believe them. This is the same thing marketers warned about when the US instituted a "Do Not Call" system, and it's hardly decimated the marketing industry. Instead, it's improved marketing by making firms focus less on intrusive telemarketing and more on useful marketing. The same would happen if ISPs were required to make this an opt-in instead of opt-out setup. It would force the ISPs and companies like Phorm to make sure that the services really benefited customers in meaningful and noticeable ways so that customers would be happy to make use of the services. By whining about an opt-in solution, all these firms are really admitting is that they do not add value to the surfing experience of users.

Filed Under: clickstream tracking, marketers, opt-in, opt-out
Companies: nebuad, phorm