c0mmando

A South Korean media outlet has alleged that local telco KT deliberately infected some customers with malware due to their excessive use of peer-to-peer (P2P) downloading tools.

The number of infected users of “web hard drives” – the South Korean term for the online storage services that allow uploading and sharing of content – has reportedly reached 600,000.

Malware designed to hide files was allegedly inserted into the Grid Program – the code that allows KT users to exchange data in a peer-to-peer method. The file exchange services subsequently stopped working, leading users to complain on bulletin boards.

The throttling shenanigans were reportedly ongoing for nearly five months, beginning in May 2020, and were carried out from inside one of KT's own datacenters.

The incident has reportedly drawn enough attention to warrant an investigation from the police, which have apparently searched KT's headquarters and datacenter, and seized evidence, in pursuit of evidence the telco violated South Korea’s Communications Secrets Protection Act (CSPA) and the Information and Communications Network Act (ICNA).

The CSPA aims to protect the privacy and confidentiality of communications while the ICNA addresses the use and security of information and communications networks.

The investigation has reportedly uncovered an entire team at KT dedicated to detecting and interfering with the file transfers, with some workers assigned to malware development, others distribution and operation, and wiretapping. Thirteen KT employees and partner employees have allegedly been identified and referred for potential prosecution.

The Register has reached out to KT to confirm the incident and will report back should a substantial reply materialize.

But according to local media, KT's position is that since the web hard drive P2P service itself is a malicious program, it has no choice but to control it.

P2P sites can burden networks, as can legitimate streaming - a phenomenon that saw South Korean telcos fight a bitter legal dispute with Netflix over who should foot the bill for network operation and construction costs.

A South Korean telco acting to curb inconvenient traffic is therefore not out of step with local mores. Distributing malware and deleting customer files are, however, not accepted practices as they raise ethical concerns about privacy and consent.

Of course, given files shared on P2P are notoriously targeted by malware distributors, perhaps KT the telco assumed its web hard drive users wouldn't notice a little extra virus here and there.

Not even most of those people lucky enough to have grown up along with the gaming industry (and associated software and hardware breakthroughs) often wonder, what happens to video game classics when they get – “put out to pasture?”

More importantly, how does that happen, why, who decides – and can anything be done to keep these “orphaned” (i.e., no longer actively developed, supported, and eventually, sold) pieces of software still around?

The Pirate Party, which is miraculously enough represented in the European Parliament (EP) from several member countries, is asking exactly that question.

Lately, the EP “Pirates” has been prominently involving itself in broader issues of internet privacy and security.

But with the latest initiative to get the EU Commission (of all things…) to provide “an opinion about the legality under EU consumer protection law” regarding Ubisoft deciding to “kill” the “The Crew 1” game as of this April – this political grouping seems to be revisiting its roots.

The gaming community is rallying against the increasing trend of publishers rendering video games unplayable by shutting down their servers, a practice exemplified by the recent closure of Ubisoft’s decade-old racing game.

In the end, it comes down to proprietary vs. open-source software. There would never be the need for the Pirate Parties, or the “Stop Killing Games” to bring up these issues if the code was open.

After all, the free and open source status is what allows for the longevity of the most important single piece of software that is the backbone of the entire global internet – the Linux kernel.

But back to “strictly gaming” – and German MEP Patrick Breyer writes, “the shutdown of ‘The Crew 1′ by Ubisoft is an alarming example of how gamers’ interests are being ignored. It is unacceptable and probably also illegal for companies to first sell popular games at a profit and then kill them at short notice.”

The video gaming industry has for some years now been bigger, in terms of revenue, than the film industry. Other than what this means to those collecting that revenue – there is also the cultural impact of an entertainment and art form that reaches so many people around the globe.

Technically, it’s comparing apples and oranges – but essentially, it isn’t. So how would you feel if “Citizen Kane” – or “Blade Runner” – suddenly disappeared off the face of the Earth?

Speaking of the latter – it took decades for the movie to gain its rightful status as a classic.

But what if it never had that time?

This is another issue that “killing off” games brings up.

And so, Breyer writes – “Pirates demand a legal framework that prevents orphaned software from simply disappearing. The community should have the opportunity to take orphaned software over and develop it further. This policy also promotes sustainability, for example by allowing control routines for hardware to be maintained and updated, which increases the service life of the devices.”

The Ultimate Fighting Championship (UFC) is unable to get a tight grip on live streaming piracy. The company sends out thousands of takedown notices to protect its live broadcasts but nearly a quarter of these remain unaddressed after an hour. UFC calls on online service providers to step up their game, which includes 'instantaneous' takedowns and putting a stop to repeat infringers.

The UFC has promoted mixed martial arts fights for three decades. Today, however, the company is also fighting a battle of its own against online piracy.

Unauthorized views of UFC events have taken off in recent years. The organization is trying to put a stop to these pirated livestreams, but that’s proving to be a drawn-out battle.

Last week, General Counsel Riché McKnight shared UFC’s concerns with lawmakers during a House Judiciary Subcommittee hearing. While site-blocking discussions dominated the hearing, UFC’s comments are worth highlighting separately.

“Watch UFC Free”

McKnight’s testimony describes the piracy problem as widespread and costly. Pirated livestreams can get millions of views and these free alternatives result in lower subscriptions revenues.

The problem isn’t limited to people who record or stream UFC events on their phones. It regularly involves organized crime groups that tap into source signals and rebroadcasts them to profit from the advertising views they generate.

These people also brazenly advertise on social media platforms to attract viewers to their pirate websites, with slogans on social media sites such as “Watch UFC Free,” McKnight notes.

“[T]hey will then post those livestreams and recorded videos to those sites, and those videos will often collect hundreds of thousands or millions of views before they are taken down.”

“Expeditious”

According to UFC, several legislative hurdles prevent the company from being more efficient on the takedown front. They include the relatively ‘slow’ response time to DMCA takedown notices.

Under U.S. copyright law, online services are required to “expeditiously” respond to takedown notices if they want to keep their safe harbor protections. However, the law doesn’t define what the term expeditious entails.

“[Online services] often will claim to us that they are removing content expeditiously even when they allow a livestream to stay up for the entirety of a UFC event or remove recorded content days later,” Knight explains.

It can sometimes take hours or days before online services take action. This is a problem, since the value of UFC recordings and live streams diminishes quickly after the event is over.

The UFC calculated that for each event, it sends an average of 1,173 takedown requests for pirated livestreams and an additional 2,246 takedown requests for recorded content. 26% of the pirated livestreams remained online an hour after the takedown was sent. For recorded UFC content, 74% was still up after an hour.

Instant Takedowns

UFC suggests updating the legislative language to clarify the term “expeditious” as that leaves a lot of room for interpretation.

“This issue can be easily remedied by adding a statutory definition to clarify what ‘expeditiously’ means for the purposes of determining whether OSPs are eligible for a safe harbor from liability based on the infringing conduct of their users.

“Specifically, we believe the law should be clear that, for live events specifically, ‘expeditiously’ means ‘instantaneously’ or ‘near instantaneously’,” McKnight adds.

Replacing it with ‘near instantaneously’ still doesn’t set a specific time limit, of course. But it does suggest that taking more than a day to process a livestreaming takedown notice is too long.

[..]

A copy of the full written testimony from UFC General Counsel Riché McKnight is available here (pdf)

• Anonymous Planet - a community contributed online guide to anonymity written for activists, journalists, scientists, lawyers, whistle-blowers, and good people being oppressed, censored, harassed anywhere
• Privacy Guides - a non-profit, socially motivated website that provides information for protecting your data security and privacy
• Extreme Privacy 4th Edition - Michael Bazzell has helped hundreds of celebrities, billionaires, and everyday citizens disappear completely from public view.
• Anonymous Land - a community dedicated to providing anonymity enhancing guides and services
• Prism Break - opt out of global data surveillance programs like prism, xkeyscore and tempora.
• The New Oil [Tor] - the beginner’s guide to data privacy & cybersecurity
• Techlore - a small team educating people about digital rights, privacy, security, digital control, and other important topics to push the world towards a safer internet
• Qubes OS for Anarchists [Tor] - Qubes OS is a security-oriented operating system (OS), which means it is an operating system designed from the ground up to be more difficult to hack. Given that anarchists are regularly targeted for hacking in repressive investigations, Qubes OS is an excellent choice
• GrapheneOS for Anarchists - [Tor] - anarchists should not have phones. if you must use a phone, make it as difficult as possible for an adversary to geotrack it, intercept its messages, or hack it. this means using grapheneos
• Tails for Anarchists [Tor] - tails is an operating system that makes anonymous computer use accessible to everyone. tails is designed to leave no trace of your activity on your computer unless you explicitly configure it to save specific data
• Tails Opsec for Anarchists [Tor] - additional precautions you can take that are relevant to an anarchist threat model - operational security for tails
• Make Your Electronics Tamper-Evident [Tor] - if the police ever have physical access to an electronic device like a laptop, even for five minutes, they can install hardware keyloggers, create images of the storage media, or otherwise trivially compromise it at the hardware, firmware, or software level. one way to minimize this risk is to make it tamper-evident
• Encrypted Messaging for Anarchists [Tor] - This article provides an overview and installation instructions for Tails, Qubes OS, and GrapheneOS encrypted messengers
• Kill the Cop in Your Pocket [Tor] - your phone's location is tracked at all times, and this data is harvested by private companies, allowing police to bypass laws requiring them to obtain a warrant
• Remove Identifying Metadata From Files [Tor] - metadata is 'data about data' or 'information about information'. in the context of files, this can mean information that is automatically embedded in the file, and this information can be used to deanonymize you
• Defending against Stylometric attacks [Tor] - stylometric fingerprinting analyzes unique writing style (i.e., it uses stylometry) to identify the author of a work. it’s one of the most common techniques for de-anonymization, used by adversaries ranging from trolls to law enforcement
• EFF Surveillance Self-Defense: The Basics - surveillance self-defense is a digital security guide that teaches you how to assess your personal risk from online spying. it can help protect you from surveillance by those who might want to find out your secrets, from petty criminals to nation states
• EFF Surveillance Self-Defense: Tool Guides - step-by-step tutorials to help you install and use handy privacy and security tools
• Into the Crypt - the art of anti-forensics
• Advanced Privacy and Anonymity Using VMs, VPN’s, Tor - a series of guides that explains how to obtain vastly greater freedom, privacy and anonymity through compartmentalization and isolation through nested chains of VPNs and Tor
• How to create anonymous Telegram and Signal accounts without a phone - a guide for using Whonix & Anbox to create anonymous mobile accounts without a phone
• Security Tips & Devices for Digital Nomads - various tools and gadgets for OpSec, written with a preference for practical usability
• Telegram Security Best Practices - quick tips that will help you sleep better at night when using Telegram

read more at: https://git.hackliberty.org/hackliberty.org/Hack-Liberty-Resources/

These are all the torrents currently managed and released by Anna’s Archive. For more information, see “Our projects” on the Datasets page. For Library Genesis and Sci-Hub torrents, the Libgen.li torrents page maintains an overview.

These torrents are not meant for downloading individual books. They are meant for long-term preservation.

Torrents with “aac” in the filename use the Anna’s Archive Containers format. Torrents that are crossed out have been superseded by newer torrents, for example because newer metadata has become available. Some torrents that have messages in their filename are “adopted torrents”, which is a perk of our top tier “Amazing Archivist” membership.

You can help out enormously by seeding torrents that are low on seeders. If everyone who reads this chips in, we can preserve these collections forever. This is the current breakdown:

IMPORTANT: If you seed large amounts of our collection (50TB or more), please contact us at [email protected] so we can let you know when we deprecate any large torrents.

The head of the Russian department responsible for identifying threats to the "stability, security and integrity" of the internet, has revealed the extent of the Kremlin's VPN crackdown. Former FSO officer Sergei Khutortsev, a central figure in Russia's 'sovereign internet' project, confirmed that 167 VPN services are now blocked along with over 200 email services. Russia is also reported as stepping up measures against protocols such as OpenVPN, IKEv2 and WireGuard.

Late March 2023, Russia augmented its long-burning VPN crackdown with a series of PSAs claiming that using a VPN for security is actually much worse than not using a VPN at all.

One of the ads warned that VPNs somehow obtain users’ passport details, plus their names, addresses, and dates of birth. Another suggested that since VPNs in Russia know everything about their users, spouses might learn about secret affairs, a high price for accessing a social network blocked in Russia, the PSA added.

Just a few months later, those fairly light-hearted ads can be seen in a whole new light.

Russia’s ongoing VPN crackdown appears to be going in one direction; the end of any VPN service that refuses to play ball, consequences for those who dare to discuss them, and potentially anyone who knowingly uses them. The latter may take some time to emerge but in the meantime, Russia is attempting to remove as many as possible from the market.

According to Interfax, during a presentation to the ‘Spectrum-2023’ forum in Sochi last week, the head of the ‘Center for Monitoring and Control of the Public Communications Network’ (TsMU SSOP) revealed the extent of the Kremlin’s VPN crackdown.

Sergei Khutortsev, a former FSO officer and now a central figure in Russia’s ‘sovereign internet’ project, confirmed that 167 VPN services are now actively blocked after failing to comply with government requirements. Also subject to blocking are more than 200 email services.

cross-posted from: https://links.hackliberty.org/post/181356

In a precedent-setting verdict, a programmer identified by his surname, Ma, from northern China has been slapped with a fine exceeding 1m yuan by the authorities for using a Virtual Private Network (VPN), marking a stark example of the stern measures taken to uphold China’s great firewall. This sets a new record for the harshest financial penalty ever imposed on an individual for bypassing the nation’s stringent internet censorship regime.

Chengde’s Public Security Bureau in Hebei province held Ma accountable on 18th August for using “unauthorized channels” to connect to worldwide networks while being employed by a Turkish firm.

The authorities confiscated Ma’s earnings of 1.058m yuan ($144,871.96), which he’d accrued from September 2019 to November 2022, labeling it as “illegal income.” Along with this, he was fined an additional 200 yuan ($30).

Shining a spotlight on the erosion of free speech and blatant censorship in China, Ma’s case exemplifies the lengths to which the state will go to muzzle the open exchange of ideas and information. Ma expressed on Weibo that he was initially approached by the police approximately a year ago, under the belief that he was responsible for a Twitter account under investigation. The account, according to Ma, was not his.

VPNs, a lifeline for ordinary citizens striving for information access in the face of the great firewall, are existing in a legal soup. Officially, the government has green-lighted VPN usage for commercial purposes. However, the narrowing leeway for VPN usage signals a sinister trend, as in recent times, firm steps have been taken to restrict access, and even penalize its usage in specific instances.

Washington-based Digital Impact Alliance (DIAL) has called for more money to be set aside for digital public infrastructure (DPI) including one of its elements, digital ID – and this means not only the funds earmarked for the technology portion of it.

Currently, DPI projects can count on $400 million by the end of the decade – that is the figure “stakeholders” have already committed to “the cause.”

Essentially, DIAL is advocating for money to be steadily spent on promotion of its mission via seemingly “trustworthy” messengers such as civil societies, academics, etc. Apparently, this would also allow their participation in governance, as well as the design and deployment of various DPIs.

Among those sitting on DIAL’s board are the director of USAI, an organization known for its involvement in setting up the digital ID in Ukraine, as well as the president and CEO of the UN Foundation, and a Gates Foundation senior adviser.

The internet was less free and open for users around the world last year, the human rights advocacy organization Freedom House said Wednesday — a trajectory that has the potential to worsen if artificial intelligence tools are used in undemocratic ways.

The organization’s 13th annual Freedom on the Net report is a worldwide survey ranking digital rights in 70 countries, based on metrics such as the prevalence of censorship, disinformation campaigns, surveillance, punishments for online speech, and more. This iteration of the report covered June 2022 through May of this year.

Last year set multiple troubling records, including for the number of countries — 55 total — where people faced legal trouble because of their online speech. Governments in a record 41 countries restricted access to websites “hosting political, social, and religious speech.”

Under the pretense of fortifying digital security in the United States, newly proposed legislation seeks to transform the United States Postal Service (USPS) into a hub for digital IDs. Senators Ron Wyden, a Democrat, and Bill Cassidy, Republican, have put forth the bill known as the Post Office Services for Trustworthy Identity Act. The proposed legislation opens new discourse on digital privacy and the potential for abnormal surveillance measures, sparking debate over the delicate balance between biosecurity and preserving citizens’ fundamental rights.

We obtained a copy of the bill for you here [PDF].

The proposed legislation comes in response to the piecemeal approach taken towards biometric identification in America. Historically, disjointed programs have been created by different states and separate agency undertakings, giving rise to the necessity for a more coherent national strategy. The Post Office Services for Trustworthy Identity Act could mark a landmark shift, focusing on service provision rather than overarching digital ID strategy.

The ongoing and often extreme and overreaching battle against piracy within the audiovisual industry continues to escalate, with recent discussions focusing on devices capable of infringing intellectual property (IP) rights. As stated by Sheila Cassells, Executive VP at the Audiovisual Anti-Piracy Alliance (AAPA), companies in the entertainment sector should be wary of “any technological development” that could potentially grant access to pirated content.

From historical technology like the VCR to modern advances like AI, all technology holds inherent potentials for piracy.

At the center of these discussions are specific devices including set-top boxes, Firesticks, and Android apps, often condemned for enabling piracy. The AAPA’s somewhat radical standpoint is a call to outlaw the production, marketing, and distribution of any such device.