After a glut of censorship stories at the tail end of last year, there has been encouragingly few so far this year. But unfortunately in the last week, we have seen a glut of stories hitting the media from right around the world.
Back at the end of 2015, we reported on the introduction of a new 451 error code which is now used to highlight sites that are being blocked as a result of state censorship. This came at the end of a month which saw Brazil blocking WhatsApp, Bangladesh blocking Twitter and Skype, and Kazakhstan’s planning to monitor its citizens online activity, to name but three.
Sadly, such stories are starting to emerge again. Firstly, let’s turn to China, which as regular readers will be aware is a common culprit when we report on this issue. The Communist regime there has recently announced new publishing laws for online content.
The new law was accompanied by a visit from President Xi JInping to the headquarters of several state-run media outlets. The message this visit was sending to the media was pretty clear. Be loyal to the party and your President.
The new law itself will come into effect on March 10th and requires all online publishers to receive state approval before publishing content online. This will include receiving permission from no fewer than 32 propaganda departments in each of China’s of China’s provinces, municipalities and special administrative regions. They will also need to provide financial records, details of their place of work, and background details of their management, amongst a whole host of other bits of information.
Needless to say, critics have condemned the laws as being yet another tool for the Communist regime to control what is on the internet in China, a country which spends billions of pounds every year on their Great Firewall censorship project. Despite their efforts, many internet-savvy Chinese citizens have turned to a VPN to access sites such as Twitter and Gmail which remain blocked.
Another country with a terrible record on online freedom is Russia, so it is no less of a surprise to see yet more clampdowns taking place there. This time the focus is on web activists, with an increasing number finding themselves being prosecuted for a myriad of different offences for simply posting articles and comments online which are critical of the Putin regime.
The BBC have highlighted the case of Andrei Bubeyev, a 39 year-old electrical engineer from Tver, north of Moscow who posted an article entitled Crimea is Ukraine. He is now facing charges of using the internet to incite extremism and to undermine Russia's territorial integrity. He was previously sentenced to 10 months in jail for reproducing other materials critical of Russia’s annexation of the Ukrainian peninsula.
Human Rights Group Agora have reported that 18 people are known to have been jailed for online activities in 2015, and posting anything relating to Ukraine or Crimea is known to carry a heightened risk. "Real prison sentences for likes and reposts are intended to intimidate and force citizens to refrain from discussing the real problems in society," the report said.
Such intimidatory prosecutions are increasingly forcing Russian users to turn to services such as VPNs as they guarantee user anonymity and allow them to not only access censored internet sites and content, but also post anonymously online as well.
On to Iran, where the theocratic Government are spending $36 million to develop a system being referred to as ‘smart-filtering’ which is intended to strengthen its online censorship capabilities.
According to the Saudi Gazette the new technology will allow for the selective blocking of content within a website meaning they won’t have to block whole websites because of a single article judged offensive. While Iran has talked of developing their own system for more than a decade, experts suggest it is likely that they will turn to China to supply the technology which will then be refined in Iran to suit the Government’s needs.
Internet use in Iran is now widespread and hardliners are concerned that many people are evading their current online restrictions and accessing whatever content they like through technologies like VPNs.
Lastly, on to Africa, and Somalia, where the Government has this week shut down more than 30 websites which have been critical of them. Letters were sent from the Government to internet providers ordering them to prevent access to websites critical of the Somali government "due to working against the interest of the government."
They were instructed to block the sites in question within 48 hours and bizarre claims that they had committed criminal offences and that this was their punishment were also made.
Unlike many other parts of Africa, internet use in Somalia is still the exception rather than the norm, with less than 2% of the population thought to have access. Given this, to see the Government go to such extreme measures to censor criticism does not bode well for the future, and serves to reinforce how important it is for users in countries like Somalia to be able to make use of services like VPNs to evade Government censorship and enjoy the full and free access to the internet that we are all entitled to.
The battle for the right to privacy with your encrypted personal communications is once again being played out in the US media, and the US courts this week. In a massively high profile case, Apple has been ordered by a US Court to enable the FBI to unlock the iPhone of one of the two attackers who killed 14 people in a terrorist attack in San Bernardino, California in December of last year.
The phone in question belonged to Syed Rizwan Farook, who along with his wife massacred 14 of his co-workers at their Christmas Party. The FBI has been in possession of the phone since the attack, but they have been unable to access it.
There have been ongoing discussion between the FBI and the Obama administration and Apple since the attack in an effort to enable law enforcement agencies to access the device. The iPhone in question is equipped with the latest Apple security software which means that if Federal Agents attempt to enter the password incorrectly ten consecutive times all the data on the device will be erased.
The FBI want Apple to amend the software on the device to enable them to make multiple attempts at the passcode without the risk of losing data. It is thought that the device in question is an older model with a four-digit pin code, meaning there are around 10,000 possible combinations for them to try.
Now Federal Judge Sheri Pym has ordered Apple to remove the auto-delete functions on the phone and also stop any other security measures that might delay or impede officers in their investigation. She stopped short of ordering Apple to crack the phone and hand data over to the FBI, but what she has essentially ordered them to do is create a backdoor into their encryption.
This means the case goes to the very heart of ongoing debate about encryption in the USA, which we have reported here at Fried.com before. The FBI and other law enforcement agencies are pushing hard for legislation to require tech companies that offer encrypted communications, such as Apple, and indeed many VPN providers, to create a back door into their security settings to enable them to read communications in cases of national security such as this.
Overlooking the fact, that the NSA and the FBI have a long track record of looking at communications of US citizens in far more cases than just those relating to National Security, the tech companies have long refused to comply with these demands, because it would effectively mean them introducing a weakness into their security settings which would compromise the privacy of their users and the security of their services.
Indeed, it was precisely because of the mounting pressure and the revelations by Edward Snowdon of widespread US Government snooping into their citizens’ communications, that Apple introduced their new security measures back in 2014. They said at the time that even they did not have the means to break into their encryption, and that remains the case.
In a withering critique of the judgement in an open letter published on their website, Apple CEO Tim Cook blasted the “chilling” breach of privacy the order entails. He said “The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”
Apple have vowed to fight the order and have maintained that the software the Coirt is ordering them to provide does not exist. This may offer them a viable window to get round the order as it did allow them to provide a cost estimate and rebuttal if it “believes that compliance with the Order would be unreasonably burdensome”.
Such an argument is unlikely to carry much weight with the US Security agencies and indeed politicians from all sides who have been swift in condemning Apple’s refusal to comply with the order, and mysteriously quiet on the privacy implications the order has for ordinary Americans.
Others have praised the company for their stance, with Alex Abdo, staff lawyer for the American Civil Liberty Union’s privacy and technology section, saying “Apple deserves praise for standing up for its right to offer secure devices to all of its customers.”
It is likely that this case will see the encryption debate in the USA coming to a head, and while Apple have the resources to dig in and fight to the bitter end, the simple fact that this case revolves around a terrorist attack on US soil may well see emotions get in the way of a reasoned debate on the issue.
Either way, US citizens must once again be wary of their privacy when using any device online. If Apple do not ultimately prevail in this case, it is likely to see the Government using the ruling to force other companies to allow them access to encrypted data. It has been advised before that Americans take steps now to ensure their online privacy and one simple first step would be to sign up for a VPN. Connecting to the internet through a VPN gives users complete online anonymity and leaves no data trail that the US authorities can track.
It is a simple step to take that can provide great peace of mind at a time when freedom is coming under a sustained attack in the land of the free.
The popular online payments system PayPal has become the latest online corporate giant to strike a blow to VPNs, after it was revealed that they have begun to try and stop VPNs from using their service.
It has been revealed on the TorrentFreak website that UnoTelly , a VPN and SmartDNS provider has had its account with the company cancelled and the reason they have been given for the decision is copyright infringement.
PayPal has a long track record of stopping the likes of BitTorrent sites from using their service, but it is thought that this is the first time they have taken aim at a VPN provider.
According to the message sent to UnoTelly, PayPal has deemed the services they provide against company policy because they can be used to help users to bypass copyright restrictions.
They wrote that “Under the PayPal Acceptable Use Policy, PayPal may not be used to send or receive payments for items that infringe or violate any copyright, trademark, right of publicity or privacy, or any other proprietary right under the laws of any jurisdiction.”
They went on to say “This includes transactions for any device or technological measure that descrambles a scrambled work, decrypts an encrypted work or otherwise avoids, bypasses, removes, deactivates or impairs a technological measure without the authority of the copyright owner.”
And with that UnoTelly has found its PayPal account “permanently limited” meaning they are banned from using PayPal as a means of paying for their services. PayPal has also demanded that all references to PayPal are removed from their website.
According to UnoTelly, the PayPal decision has come completely out of the blue and there was absolutely no prior warning given. It is also thought there is no means by which the company can appeal the decision with PayPal, or indeed anyone else.
Speaking to TorrentFreak, Nicholas Lin of UnoTelly rather understated the views of many in the VPN sector when he said “We are disappointed at PayPal’s unilateral action and the way it acted without prior warning.”
Others, such as tech writer Dan Gillmor have been much more forthright with their concerns. Gillmor tweeted that the decision was "a reminder that highly centralized payment systems can put a big dent in free speech."
The issue with the PayPal ruling against UnoTelly is that it sets a hugely worrying precedent against VPNs and other related tools. The fact is that whilst VPNs can arguably be used in the manner PayPal refer to in their letter, many do not use them for that purpose at all.
For many users, a VPN offer a valuable tool to ensure they can remain private and secure online – any VPN users in the US will certain have this benefit right now. They are also an essential freedom of speech and freedom of information tool in countries like China where internet users are frequently blocking from accessing content deemed unacceptable by the authoritarian regimes that run those states.
Of course, PayPal is a private company and quite at liberty to refuse to provide its service to whomsoever it pleases, but the rules which it cites in its letter to UnoTelly are remarkably vague and open to interpretation. And this has inevitably led to questions about whether there has been any pressure applied on the company, either by Movie Studios and other rights holders, whose aggressive campaigns against VPNs has seen Netflix attempt to block them using their service, or by certain Governments and Intelligence Agencies who seem keen to know everything about what everyone is doing online.
It is unclear at this stage why UnoTelly has been picked on, and why PayPal have made this move now, but given the wording of their letter, it seems likely that other VPN and SmartDNS providers can expect a similar email in the not too distant future.
Of course there are plenty of other ways to pay for your VPN, and we would certainly advice readers who do currently use PayPal to switch to another convenient method should your provider suffer a similar fate. But the appeal of PayPal is its convenience and international availability, and if they are shunning the VPN market, it remains to be seen if another online payments service can fill the void they have left.
It seems that there are new developments around the Netflix global expansion every few days at the moment, but the latest issue, which has been rather underreported elsewhere seems it question the merits of the spate of New Year’s announcements.
Regular readers will remember that we reported last month on Netflix’s proclamation that they were going global, and launching their service in more than 130 new countries. They proudly stated that users would be able to access a version of Netflix in every country in the world with the exception of China, North Korea, Syria, and the disputed Ukrainian region of Crimea.
Cynics commented at the time about how happy some regimes might be at Netflix being made available in their country, as well as on the broad differences in program availability that would remain between different countries.
And it is in Indonesia where the expansion seems to have run into its first major problem. Because leading Indonesian ISP PT Telekomunikasi Indonesia’s (Telkom) has decided to block the new service. In doing so they have claimed that the move is because Netflix in Indonesia is allowing users to watch “content that is violent and contains other adult related content.”
It is no great surprise that such steps are being taken in what is a staunchly Islamic country with the largest Muslim population in the world. And whilst it should be stressed that the decision has not been forced upon Telekom by the Indonesian Government, comments made by Communications and Information Minister Rudiantara to the Jakarta Post seems to suggest that they are merely preempting Government steps to curtail access.
The Minister insisted that the decision to block Netflix was a “corporate privilege” and noted that at the present time other ISPs in Indonesia had not taken the same steps.
However, he went on to explain how Netflix would be required to open a representative office in Jakarta and that the newly arrived Netflix service would have to go through Government censorship soon.
He said “"It will be difficult for Netflix. You can see for yourself on how much content there is [in Netflix] that must be censored.” He went on to outline the ongoing discussions between the Culture and Education Ministry and the Umar Ismail Film Center on how to censor such video streaming content.
It is difficult to read these words without reaching the conclusion that it is only a matter of time before Netflix is either completely blocked, or heavily censored by the Indonesian authorities.
And it would be naïve to think that Indonesia will be the only country Netflix has expanded into which is considering taking such steps. Many Governments and society are hugely sensitive about the type of content their populations are allowed to watch, and as we have written previously, internet censorship around the world is growing rather than declining.
So how can users in Indonesia, who want to be able to set up a Netflix account and watch content get around the block by Telekom, and any future Government censorship? The answer is by using a VPN such as ExpressVPN which allows users to anonymously circumvent such efforts to limit their online activity by rerouting their online traffic via an external server.
But wait, Netflix’s other big announcement this year has been their crackdown on users accessing their service via a VPN.
It all suggest either a lack of joined-up thinking, or a failure to grasp the realities of internet freedom around the world over at Netflix Towers, and if their VPN crackdown were to be successful, all they would be achieving in Indonesia is driving away users who are happy to pay for a subscription to the US Netflix service (or others around the world) to rival streaming services. A real ‘Catch-22’ situation!
Fortunately, as we have already reported, the crackdown appears to be little more than a PR exercise to keep rights holders happy. The only way Netflix can block VPNs is by blacklisting the IP Addresses of known VPN servers. But it is very easy for VPNs to change these, and hard for Netflix to identify new ones.
So for now, Indonesian Netflix users can rest assured that regardless of what steps their Government takes to censor Netflix, they can still use a VPN to access the service at their leisure. The same is true of users in other states around the world where similar censorship steps ar
Apple is once again coming under the cosh of the Silicon Valley patent trolls – this time in the form of a company called VirnetX, who claim to own the patents to various VPN technologies used by Apple in its hardware.
Never heard of VirnetX? That’s not really a big surprise. They are a very small company with just 14 staff and rent a small suite of offices in Nevada. They hold four patents (1, 2, 3, 4) which originated from another company called Science Applications International Corporation, or SAIC. For a long time, they have claimed to be planning to bring different products to market, including most recently a “secure domain name registry” (as you will have read if you clicked on the link to their website above).
However, to date their only income has come from licensing the patents they hold. They have been to court on numerous occasion and had some big victories, including taking more than US$200 million from Microsoft.
The showdown is taking place in a courtroom in Tyler, East Texas, where many of these patent trolling companies have launched their legal actions. This case harks back to another between VirnetX and Apple in 2012, when VirnetX were awarded a whopping US$368 million and a potentially even more lucrative 1% running royalty of all Apple revenues of iPhones and iPads. However, Apple successfully appealed both of these awards, even though the appeal court did conclude that Apple’s VPN-on-demand service did indeed infringe patents held by VirnetX.
This trial is a retrial of the former case and therefore focused on the same patents as before, with VirnetX claiming that Apple devices released since the last legal dispute between the two companies have continued to infringe the same patents, to justify the increased damages claim, which amount to US$532 million this time round.
The case centers on VPN technology which is used by websites to engage with their customers, or businesses to enable employees to work from home and still access the company intranet. VirnetX claims that Apple’s FaceTime and iMessage services, which employs this type of technology to guarantee customer security and privacy infringes on their patents. They also believe that other aspects of Apple’s FaceTime technology infringe other patents they hold.
“Apple hasn’t played fair. They have taken Virnetx’s intellectual property without permission,” VirnetX lawyer Brad Caldwell of Caldwell Cassady told the jury.
In response, Apple lawyer Greg Arovas of Kirkland & Ellis said “Apple believes in fairness and protecting intellectual property… VirnetX keeps moving the boundary, asking for more and more and more.”
Following the previous judgement, Apple have been stopped from bringing some of their defense arguments back to court this time round, and it seems likely that the outcome will be in favor of VirnetX this time round. The big question is how much Apple will have to stump up. The Apple lawyers have already pointed to the US$200 million settlement with Microsoft and stressed that “when calculated on a per-unit basis, that figure worked out to be less than a tenth of what VirnetX is seeking against Apple”.
The case is expected to run into next week and there is little doubt that if the court finds that Apple must pay another huge settlement (certainly anything approaching the figures VirnetX are looking for), then it will again be off to the appeal courts.
Laws in the US are changing to try to quell the spate of patent troll companies making money from big businesses by buying up patents and then litigating. It is possible that this trial could be one of the last of its kind, but if it is, VirnetX are trying to go out with a bang.
One thing the trial does emphasize is the value that companies place in the use of VPN technology and the effectiveness with which it can protect the privacy and security of users. It is this reason why Apple employs the technology on its iMessage and FaceTime services, and why these are so popular with their customers, and such an issue for those state institutions which want to put a stop to all encrypted communications.
Apple will no doubt end up paying VirnetX something in this case, but will obviously be keen to minimize the cost, and will be desperate to avoid any ruling that includes royalties again. It will be interesting to see how the case plays out in the days and weeks ahead.
We are two weeks on from the dramatic start to the year in the world of Netflix. Having announced a global expansion of their service to encompass every country on the planet with the exception of China, North Korea, Syria, and the Crimea, they then stunned a large proportion of their users by claiming that they were about to start clamping down on VPN users accessing overseas Netflix Accounts.
News from Australia has indicated exactly where this announcement originated from. The Australian Subscription Television and Radio Association (ASTRA), which represents the rights of 25 content studios in Australia including the likes of Foxtel, Disney, and the BBC, told the Sydney Morning Herald newspaper that Netflix was obliged to try and stop VPN users.
Andrew Maiden, who is the Chief Executive of ASTRA said “Netflix is entitled to crack down on viewers who circumvent geographical blocks. Film studios license streaming services to sell their programs in particular geographic markets. If streaming services turn a blind eye to abuse, they're effectively giving away someone else's property. That wouldn't be right in any other industry and it's not right here…
He went on to say “Whether you agree or disagree with geo-blocking is not the point. Right now it's how film studios choose to sell their assets. One-day technology might end up forcing that approach to change, but until it does studios have the right to enforce their contracts and streaming companies have an obligation to police their rights deals."
These are strong words, but they fail to reflect the reality of the challenge Netflix face in trying to block VPN users. As we reported here at Fried.com last week, the Chief Product Officer of Netflix, Noel Hunt, said at the CES show earlier this month that “Since the goal of the proxy guys is to hide the source it’s not obvious how to make that work well. It’s likely to always be a cat-and-mouse game.”
Andrew Maiden in the Sydney Morning Herald was also quoted as saying “"If providers of VPNs want to play 'cat and mouse' then Netflix should be keep playing cat to protect rights holders' rights” so the metaphor seems to be a popular one.
And it is no coincidence that it is in Australia where Netflix seems to be attempted to pounce first. This week an Australian VPN called uFlix has reported some users trying to access Netflix services outside Australia are receiving the following error message:
““You seem to be using an unblocker or proxy. Please turn off any of these services and try again.”
What uFlix is reporting seems to confirm what we noted a week ago, that Netflix has not developed any new-fangled form of technology to stop VPN users. Rather, they seem to simply be stepping up their efforts to identify and blacklist the IP Address used by VPNs.
This is what Noel Hunt had indicated at CES was the only method they knew of for stopping VPNs. The problem faced by Netflix is that this approach is hugely laborious and time consuming for their teams, and ultimately futile.
Once they block a known VPN IP Address, users of that server will no longer be able to access the Netflix service. But most VPN’s have several servers in each country, so users can simply switch server and carry on.
It is also pretty straightforward for a VPN to change the IP Addresses they are using, so any blockage users face should only be temporary. As another VPN, TorGuard has noted on their blog, "Netflix will be pushing this plan forward soon, and when that happens, TorGuard will immediately deploy new server IP addresses so users can still bypass blocks."
And it really is as easy as that.
Of course Netflix more than likely know this is the case, but they need to be seen by the rights holders of the shows and films they stream, to be doing their upmost to protect their intellectual property. They want to buy up more and more rights to increase their offerings around the world, but they have to keep the rights holders sweet to be able to do this.
So for the time being, a cat and mouse game seems like the best analogy for what is going to happen in the coming months. But VPN users don’t need to worry too much. Their might see the odd interruption in their service, but much like Tom and Jerry, the mouse is always likely to emerge victorious.
This means that they have massively increased the number of countries where a Netflix service is offered, with 130 new countries added to their list. Now only China, North Korea, Syria, and Crimea do not offer a Netflix service. This is of course great news for fans of great TV and film, and is likely to blow many of their rival services out of the water and establish Netflix as the go-to entertainment streaming service.
Up until this point, if you were located in many countries, the only way you could access Netflix content was through the use of a VPN such as ExpressVPN to mask you IP Address and make it seem to Netflix that you were located in the USA, or one of the other countries where their service was available.
This option was particularly popular to access their US service, which offers a great deal more content that those in other countries. Even users in countries where Netflix did offer a local service were still flocking to VPN’s for precisely this purpose.
It was expected that despite the massive expansion of Netflix globally, this trend would continue. Because local users will still be restricted to the content which Netflix is licensed to stream in their country. This will vary dramatically from place to place, and Netflix have admitted themselves that they have a lot of work to do to get licenses for the amount of content they would like to stream globally.
Speaking at the CES trade show where the expansion was announced, Netflix Chief Product Officer Neil Hunt said “Our ambition is to do global licensing and global originals, so that over maybe the next five, 10, 20 years, it’ll become more and more similar until it’s not different.”
So for the time being, the US Netflix will still be the most complete service, and the one most people want to access. And a VPN remained the best way to do this.
Just last week, Netflix admitted publically that whilst they are aware of the issue of people using VPN’s to bypass their geo-blocking, there isn’t a lot they could do about it.
In the same session, Neil Hunt summarized the difficulties they face in stopping VPN users very succinctly. He said “We do apply industry standard technologies to limit the use of proxies [VPNs]. Since the goal of the proxy guys is to hide the source it’s not obvious how to make that work well. It’s likely to always be a cat-and-mouse game. [We] continue to rely on blacklists of VPN exit points maintained by companies that make it their job. Once [VPN providers] are on the blacklist, it’s trivial for them to move to a new IP address and evade.”
It should be noted at this point that using a VPN is completely legal and the onus is on the streaming site to restrict their services if they so wish to do.
Which it now seems that Netflix do, because hot on the heels of those comments, came the big announcement from Netflix last week that they intend to clamp down on VPN users.
In a statement, Netflix Vice-President David Fullager said “Some members use proxies or ‘unblockers’ [VPNs] to access titles available outside their territory. To address this, we employ the same or similar measures other firms do. This technology continues to evolve and we are evolving with it.
“That means in coming weeks, those using proxies and unblockers will only be able to access the service in the country where they currently are. We are confident this change won’t impact members not using proxies.”
This announcement has no doubt been made because of pressure from the media companies whose shows Netflix license, and the fact that it has been made so soon after their expansion plans were made public is likely to be no coincidence.
What Fullager did not make is precisely how they plan to block VPN users. As his own Chief Product Officer said just days beforehand, “It’s likely to always be a cat-and-mouse game.”
The only real way to block VPN’s is to blacklist the IP Addresses they use, but the task of them changing these IP Addresses is simple, and the majority of VPNs will do just this if they get wind that Netflix is blocking them.
The fact is of course that blocking VPN’s will be cutting off people who do pay Netflix subscriptions and probably driving many of them back to illegally downloading content, so whether such a move is even in Netflix’s real best interests is debatable.
So it seems that for now, the Netflix announcement is likely to be little more than them saying what their suppliers want to hear, although here at Fried.com we shall of course be keeping a close eye on the situation.
Yes, that's right. Netflix has finally done it!
The world's most popular on-demand media streaming service is now available in over 190 countries spanning across the entire globe.
Netflix made the announcement -- and the service went live -- during a keynote by Co-founder and Chief Executive Reed Hastings at CES 2016.
Here is what the man himself said before officially 'flicking the switch' and making Netflix available to 190 countries the world-over:
"Today you are witnessing the birth of a new global Internet TV network [...] With this launch, consumers around the world -- from Singapore to St. Petersburg, from San Francisco to Sao Paulo -- will be able to enjoy TV shows and movies simultaneously -- no more waiting. With the help of the Internet, we are putting power in consumers' hands to watch whenever, wherever and on whatever device."
- Reed Hastings
Netflix also took this moment to add even more languages to its already 17-languages strong offering, now supporting Korean, Arabic and Chinese.
The only countries that still are not being offered access to the on-demand media streaming service today are China, North Korea, Crimea and Syria. This is due to strict government restrictions on American companies. So if you are in one of these countries, definitely consider using a VPN like ExpressVPN to get access to Netflix instantly from your location.
This is an incredible move by the world's most popular and widely-used on-demand service. We expect the amount of users to absolutely sky-rocket as a result of this decision.
If you are in a country that -- until this moment -- had not yet had access to the service, head on over to Netflix right now to sign up!
Christmas is usually a time for people to put their feet up, enjoy a glass of their favorite tipple, and relax, with nothing further from their minds than work. Unfortunately, that is not always the case with cyber-criminals. For them, Christmas is time when guards are down, IT security professionals might not be in the office, and people are logging on in their millions to enjoy using their new devices, online games, or even to get ahead of the rush for the best bargains in the New Year’s sales.
Sad to say, this year has proved to be no different, with a number of breaches coming to light already, before people are even getting back behind their desks to check for any damage.
Of those we are currently aware, one notable admission has come from the video streaming service Livestream. On Christmas Eve, they announced to their customers that they believed they had been hacked, and that the criminal who had attacked them had succeeded in accessing their customer database.
In an email to their customers they wrote that an "unauthorized person may have accessed our customer account database."
They went on to explain that "While we are still investigating the full scope of the incident, it is possible that some of your account information may have been accessed.” It is yet to be confirmed precisely what data hackers may have managed to access, but it is thought to include names, email addresses, dates of birth, phone numbers, and passwords. Passwords were in an encrypted form, but it is not clear how secure the method of encryption being used by Livestream was.
The company did explicitly state that "we have no indication that the encrypted passwords have been decoded…” but then of course they wouldn’t have, as this task can just as easily be achieved once the data has been lifted.
They also claimed that they did not store customer credit card details or any other payment information.
Livesteam are yet to elaborate on the email they sent out to customers, but they are thought to have more than 10,000 active customers, many of which are other businesses and websites.
Another breach was reported at online videogame marketplace Steam on Christmas Day. Users of the service reported that the site was hemorrhaging information about other users, including their payment details and billing addresses, to complete strangers.
Users browsing the store have unwittingly ended up finding themselves logged into other people’s accounts. This has meant that they were able to see such information as a user’s address, purchase history, PayPal account details, and even partial credit card numbers.
Steam users were flooding their boards with complaints about the problem, and there were also plenty taking to social media to vent their frustrations and concerns at the problems. More than a few screengrabs were put up as well.
It is understood that the problem was caused by a configuration update was went into place on Christmas Day. Obviously this didn’t go to plan and the Steam shop wound up with a whole host of profile page caching issues. As many commentators have noted this is a bizarre time of year to put such coding changes into place, as Steam will have known full well their service would be busy and their active staff was likely to be a skeleton one at best.
There was also plenty of criticism of the time it took Steam to respond to the problem, and their failure to communicate the problem to users.
No doubt these two cases will prove to be the tip of the Iceberg, and we should all be primed for further such revelations to come out next week. Once again these revelations just go to show how vulnerable our data can be online, and how important it is that we all take steps to protect our information.
Here at Fried.com our recommendation would be that you put just a few dollars of your Christmas money aside to invest in a decent VPN service. A VPN service works by running all your internet traffic through an external server which hides your IP address and renders you completely anonymous to the sites you are visiting, and also to anyone who might be wanting to snoop on your online activity, be they cybercriminals or even intelligence agencies.
We offer a service which ranks the best VPN services for your geographic area, so wherever you are in the world, Fried.com can help you choose the best VPN service to keep you secure over this Christmas and on into the New Year.
A senior EU official has called on the Union to enhance controls on the export of communications technologies to parts of the world where it might be used by communications surveillance.
The opinion, entitled ‘Dissemination and Use of intrusive surveillance technologies’ makes clear that the possibility of European technologies being used for practices which breach the European Human Rights Act and its various Privacy guidelines, is something that member states should act to prevent.
He writes that there is a "tension between the positive use of ICT tools and the negative impact that the misuse of technology can have on human rights, and especially on the protection of personal data and privacy".
He calls on the EU as a whole and individual member states to address the issue in their future policies. But tellingly he also goes further by stating that IT companies and manufacturers also have a responsibility to address the potential abuses that could be undertaken using their products.
This is noteworthy, because it raises the very real possibility of prosecutions being bought against manufacturers who knowingly sold products to regimes which they knew might apply that technology to undertake excessive surveillance, espionage, or censorship against their own people.
Buttarelli states in his opinion that the existing controls on the export of such technology are not sufficient in the modern world where, as regular readers will be aware, Government surveillance of the online activity of their own citizens, as well as intrusive hacking of rival nations, has become a worryingly frequent occurrence. He has called for a strengthening of such controls are both EU and national level.
He also refers to the EU’s ‘dual-use’ regulation which in intended to control the export of harmful technologies to countries where it might be used in ways that contravene EU law. However, he concludes that “the EU dual-use regime fails to fully address the issue of export of all ICT technologies to a country where all appropriate safeguards regarding the use of this technology are not provided.”
Conveniently, the EU is currently revising and updating these ‘dual-use’ regulations and Butarelli believes this is an ideal time for changes to be made to encompass Information Technology as well as more obviously harmful equipment and technology. He writes that the revision is “an opportunity to limit the export of potentially harmful devices, services and information to third countries presenting a risk for human rights."
However, the suggestions he puts forward on what format the new regulations should take only serve to prove how complicated it could be to get them right. He writes that “standards should be developed in order to assess how the ICT or the information at stake might be used and the potential impact on fundamental rights in the EU. “
Needless to say this is much easier said than done. Every country that does undertake such surveillance activity will do so in a different way and with different objectives to their activities. Whilst some are not shy in broadcasting their surveillance, others (including potentially some EU members and even the USA after the Edward Snowden revelations) no doubt do so in a much more covert manner. Therefore, making such an assessment could prove extremely challenging.
His call for “an assessment of the context within which technologies are used is essential to evaluate their impact on human rights” is of course correct, but again relies on the ability of the EU or its member states to be able to garner accurate information, when it might not be provided by the recipient.
Nevertheless, the fact that such concerns are being raised by a senior EU official only goes to show that U does at least seem to be taking the issue of online privacy and rights seriously. Whether they can develop regulations to reliable enforce what they aspire to achieve is more debatable, but only time will tell.
For individuals who are concerned about the issue of state surveillance, even if the EU can implement effective new legislation, it is unlikely to make the issue go away. Far better to take the issue into your own hands and sign up for a VPN service. This will guarantee you online anonymity and ensure that even if a surveillance team can see your activity online, it will prove impossible for them to trace it back to you directly.