Ars Technica

Nov 17, 2016 ∞

FCC abides by GOP request, deletes everything from meeting agenda

Wheeler's attempt to impose new set-top box rules that help consumers avoid paying cable box rental fees may also be doomed. Consumer advocacy group Public Knowledge sent a letter to Trump today urging him to side with consumers instead of "cable and Hollywood lobbyists" on the issue.

Jesus.

Nov 17, 2015 ∞

The how and why of sneaky ultrasonic ad tracking

Dan Goodin reports over at Ars Technica on the development of technology which can use inaudible frequencies to tie together multiple unconnected devices. He explains:

The ultrasonic pitches are embedded into TV commercials or are played when a user encounters an ad displayed in a computer browser. While the sound can't be heard by the human ear, nearby tablets and smartphones can detect it. When they do, browser cookies can now pair a single user to multiple devices and keep track of what TV commercials the person sees, how long the person watches the ads, and whether the person acts on the ads by doing a Web search or buying a product.

Goodin cites a letter from the Center for Democracy and Technology to the Federal Trade Commission [PDF] describing the technical aspects of the practice and the privacy implications. I won’t repeat what Goodin or CDT have already explained with clarity. Instead, I wanted to talk about the inability of users like us to opt out of cross-device tracking.

Why don’t the companies developing and using these tracking technologies just tell us what they’re doing and give us the option to opt out? Obviously, requiring us to opt in would be the most honorable and least user-hostile approach. But I’ll concede that as being firmly in the “never gonna happen” column.

I am open to the possibility that I set up a straw man in the next section of this article, so feel free to point it out to me if that’s what you think. Just be constructive.

Concerns about using a straw man aside, the only logic I can see undergirding the failure to offer an opt-out mechanism is a concern that a large number of users would in fact opt out. That would obviously reduce or, in a worst-case scenario for tracking companies, eliminate the population of tracked individuals.

The only problem with that is that it’s bullshit.

We opt in to terms of service and privacy policy all over the web every day without reading a word of them. Projects like ToS;DR and TOSback aim to make us better informed about what we’re agreeing to and how those agreements change over time. They are fascinating and important projects but primarily the domain of geeks like me (and, since you’re reading this, possibly you, as well).

The truth is the overwhelming majority of people click “Yes” or “Agree” or “Continue” or whatever other button or link gets them to the web content or software they want to use. Here’s a quote from an AdWeek article published in May 2015, citing a survey done by photography website ScoopShot:

More than 30 percent of the 1,270 survey respondents said they never read the ToS when signing up to a social network. 49.53 percent only read the ToS ‘sometimes,’ and only 17.56 percent of people ‘always’ read the ToS.

Yes, that’s only one study, and yes, it was conducted on SurveyMonkey, but it’s a decent sample size. And can you honestly tell me that you or anyone else you know read the terms and policies of the sites and software you use? Probably not.

Is there any other reason, then, that creepy advertising tracking technology doesn’t offer an opt-out, just like the ones we never actually make use of throughout the rest of the web? Yes, I think there is.

Most websites have terms of service and privacy policies, although they are usually relegated to miniscule links at the very bottom of the website’s footer section. The European Union requires cookie notifications. But when is the last time you decided not to use a website like Facebook or the BBC website because you read their policies and didn’t consent to them? I’ll answer for the overwhelming majority of us: never, ever.

It’s their ubiquity coupled with the dominant user response of wildly clicking “Yes” until you get what you came for that makes website policies such a compelling topic of discussion. The companies building the technology that uses inaudible sound to tell advertisers that your phone, computer, television and tablet all belong to the same person can minimize conversation about their products by refusing to present you with an opt-out mechanism.

It’s that desire to remain invisible and as uncontroversial as possible for as long as possible that motivates them to be so sneaky. One commenter on Goodin’s Ars article puts it very well:

that advertisers keep basing their technological "progress" off of malware research and techniques is very telling.

It sure is. The reality is that I am one of those weirdos who doesn’t care if I’m tracked, but I do care when I’m not asked to consent to it. I propose that some privacy-minded geeks more intelligent than I develop some sort of ultrasonic ad-cancelling noise generation software for us to use in our homes and offices to thwart secret ultrasonic cross-device ad tracking. You have to take that one and run with it, I’m just an ideas man.

Apr 2, 2015 ∞

Another blow to deceptively marketed "unlimited" data plans

Another blow to deceptively marketed “unlimited” data plans

Jon Brodkin at Ars Technica:

The FCC's new rules ban throttling except in cases of "reasonable network management." AT&T could argue that the throttling is necessary to keep its network running smoothly, but FCC Chairman Tom Wheeler has objected to throttling of plans that are supposed to be unlimited and forced Verizon Wireless to back down from a throttling plan last year.

I have no problem with good-faith network management, but if a plan is subject to throttling, it can’t be marketed and sold as “unlimited.” The FTC is sending the right signal here in choosing to pursue this case, and Judge Edward Chen of the US District Court in Northern California has demonstrated that he understands the issue.

The network that can provide real unlimited data at usable speeds with no fine print has an opportunity to significantly increase its user base, but I haven’t found one yet. Let me know if you have.

Sep 26, 2014 ∞

FBI Director dislikes encryption on Apple and Google devices

Encryption of data on mobile devices is a big selling point in our post-Snowden world. But FBI Director James Comes isn’t happy about it:

What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law.

David Kravets of Ars Technica reports Comey has “reached out” to the companies about the issue. Absent new or amended legislation, though, there is little he can do about it, precisely because there is such a sales incentive to marketing encryption these days.

Apr 6, 2014 ∞

NPEs planning patent litigation may be safer as private companies

Note: I’m not your lawyer, you’re not my client, and nothing in this article is, or should be construed as, legal advice.

Companies that don’t sell anything and exist only to enforce patent rights, sometimes purchased from the original patent holder solely for the value of enforcement, are known as non-practicing entities (NPEs) or, pejoratively by defendant companies and their attorneys, “patent trolls.”¹

The NPE will sue claiming infringement of one or more patents, and may not actually have any intent to litigate. Many companies and inventors of all sizes regard NPEs scornfully, but are often forced to play ball because settlement is almost always cheaper than litigation. For smaller startups, the cost of litigation may even pose an existential threat.

Allow me to play devil’s advocate for a bit. I consider most NPEs parasites, siphoning money out of the market in return for nothing at all. But here are some thoughts on what some of them may be doing wrong from their own perspective. After all, what good is an attorney who can’t think like his enemy?

Let me explain some basic corporate law, as much for my recollection as for your edification. A corporation is subject to the law of the state in which it incorporates, and corporate law differs from state to state. The cases I cite below only illustrate the foundational principles of corporate statutory and common law.

A company’s board directors and officers owe several fiduciary duties to shareholders and the company itself. One of those is the duty of care, which says that responsibility for “the financial interests of others imposes on a director an affirmative duty to protect those interests.”²

However, courts realize businesspersons are in a better position than judges and attorneys to make sound decisions for their companies. For that reason, courts often defer to the judgment of a company’s leadership absent some gross negligence.³

The business judgment rule, as it is called, is at its core :

a presumption that in making a business decision the directors of a corporation acted on an informed basis, in good faith and in the honest belief that the action taken was in the best interests of the company.⁴

Thus, the fiduciary duty of care owed to shareholders by directors and officers requires them to make a “good faith effort to be informed and exercise judgment.”⁵

So, now back to the NPEs. When a company faces suit by an NPE, its leaders are obligated to compare the costs of litigation and settlement and choose the path most protective of the company’s and shareholders’ interests, which is usually the less costly path. And that, of course, is almost always settlement.

Joe Mullin, writing for Ars Technica, explains the financial position of an NPE recently vanquished by web-based tech retailer Newegg:

MacroSolve had about $800,000 on hand and looked to be burning through about $50,000 a month, not including payments to its lawyers.

That $50,000 happens to match the low-end of the amount MacroSolve demanded of companies against which it brought patent infringement lawsuits. In other words, it matched its settlement demands to its burn rate.⁶

It was actually surviving only, or primarily, by threatening to go to trial on patent claims of dubious validity. MacroSolve is a public company, so much of their financial and operational information is openly available. Newegg realized after reviewing that information that MacroSolve’s burn rate matched the settlement demands, and built a strategy around it: call the MacroSolve bluff, revealed by their public financials, by refusing to settle, causing their burn rate to deplete cash-on-hand and substantially reduce or totally eliminate the company’s ability to press on with any outstanding litigation.

NPEs registered as private companies and considering the MacroSolve strategy may be safer staying private. Public companies may want to consider taking the company private before using litigation or threat of litigation, on the assumption that some percentage of defendants will settle, to fund the company’s survival.

In conclusion, patent litigation by non-practicing entities is even more a game of poker than most litigation, to the extent the defendant isn’t really infringing or the patent’s validity is assailable, and public companies show too much of their hand too much of the time to play safely under most corporate law regimes.⁷

Read the canonical story of the birth of the phrase “patent troll,” in spring of 1999, here. ↩
Smith v. Van Gorkom, 488 A.2d 858, 872 (Del. 1985) (Opinion) ↩
Aronson v. Lewis, Del.Supr., 473 A.2d 805, 812-13 (1984) (Opinion) ↩
Id. at 812 (Opinion) ↩
In re Caremark Int’l Inc. Derivative Litigation, 698 A.2d 959, 968 (Del. Ch. 1996) ↩
Successful venture capitalist Fred Wilson defines burn rate as “the speed at which your cash balance is going down.” Read his article on the topic here. ↩
Of course, putting the devil’s advocate thing aside for a moment, which I do in a footnote in keeping with the spirit of the article, it’s probably best to innovate in some meaningful way and get a new or improved product to market instead of looking for the most defensible way to monetize patents which may not be valid and probably aren’t being infringed anyway. ↩

Mar 15, 2013 ∞

Porn troll Prenda Law angers judge with shady behavior

Earlier this week I mentioned that the EFF was going to represent a couple of anti-trolling websites in a case brought by porno copyright troll Prenda Law.

The Ars Technica article by Megan Geuss is well-written and really conveys the absurdity of the situation in which Prenda has put itself. I urge you to click the link in this post’s title to go give her piece a full read.

Also, if you’re interested in keeping up with the latest in potential troll-stomping, consider keeping an eye on the Ars series "Who’s behind Prenda Law?". They always do great work at Ars and this series is no exception.

Mar 12, 2013 ∞

EFF will represent targets of copyright troll Prenda Law

Copyright trolls sue lots of people to extract settlements from those who can’t afford to litigate in the face of potentially massive statutory damages. Their claims are often facially lacking in merit and instead leverage intimidation and poorly-constructed federal copyright damages provisions to bankrupt people for profit.

I’m impressed by Wordpress’ parent company, Automattic, who refused to respond to the troll’s fishing expedition. And it’s good to see EFF lend a hand here in the form of representation, but eventually Congress needs to step in and fix the statutory damages provisions that incentivize copyright trolls to this vile abuse of our legal system in the first place.

For some great background and reporting on trolls and those who fight them, read this Ars Technica piece by Timothy B. Lee.

Jan 7, 2013 ∞

Antivirus pioneer John McAfee spying on Belize

Nate Anderson, at Ars Technica:

You will not be shocked to learn, dear reader, that McAfee’s massive spy operation didn’t just reveal some petty corruption or embarrassing secrets but rather the existence of a Hezbollah trafficking network that funneled 11 Lebanese men a month into America. And, of course, these were probably terrorists; one man had plans to make deadly ricin from plants being grown in a Nicaraguan training camp.

I would have linked directly to McAfee’s post in my headline, but as of this post’s publication the page throws an error that reads “Error 320 - Reverse BrowserSpy Java redirect - Session Username_: Session interrupt: invalid table.” Is he really logging our keys? Is he?

Crazy, crazy stuff.

Jan 4, 2013 ∞

At least one Ars Technica reader agrees: Rdio > Spotify

Ars Technica reader jamieskella, contributing to Chris Foresman’s reader recommendation round-up for all those newly-gifted iPads out there:

How and why is Spotify still being recommended when Rdio (free) boasts 18 million songs and is available in so many regions globally? The supremely intuitive app experience leaves Spotify in the dust, the social features add to the already first-rate discovery options, while the method of cataloguing your favourite music is far superior.

Yup, it still pains me that so many people got hooked on Spotify via Facebook and never learned of Rdio’s obvious superiority.

Nov 22, 2012 ∞

USPTO director defends software patents

Director of the United States Patent and Trademark Office David Kappos, quoted by Timothy B. Lee at Ars Technica:

In a system like ours in which innovation is happening faster than people can keep up, it cannot be said that the patent system is broken.

Of course, he’s wrong, but what else would he argue?

"The work my directorate does is under-funded and based upon a flawed patchwork of case and statutory law that frustrates our Constitutional mandate!"

Unlikely.

Nov 8, 2012 ∞

Judge blocks California’s new ban on anonymity for sex offender

This one is worth watching. With regard to blogs and forums, particularly, there’s a strong analogy with letter-writing and other modes of communication with the “outside” that are typically allowed.

The plaintiffs, two registered California sex offenders, argue that prohibiting their anonymous speech online “even if it pertains to news, politics, and professional activity, and could not possibly be used to commit a crime” violates the First Amendment.

This looks similar to a case I wrote about in October, where a Nebraska federal court tossed a similar law in that state.

I don’t want sex offenders to have access to children online. But these measures do go too far. Maybe registered sex offenders should be required to access the internet via special software that, while it allows anonymity, prevents access to services and sites that reach children.

At the end of the day, the truth is that these laws apply to people who have otherwise served their time, who are “free” in the legal sense, and who no longer labor under the curtailed liberties of institutional imprisonment. That imprisonment is meant to punish them, but also to keep the public safe, to prevent them from moving through public crowds anonymously.

If we have released them from prison, allowing that physical anonymity once again, by what logic do we eliminate their digital anonymity?

I don’t have an answer, but I suspect the issue will reach the Supreme Court sooner rather than later.

Oct 23, 2012 ∞

Amazon outage takes out Reddit, Foursquare, Heroku

Lee Hutchinson, writing at Ars Technica:

These kinds of outages are a jarring reminder of the true nature of “the cloud”—it’s still just servers in data centers.

Amazon’s market power in ebooks leads to some questionable behavior, as well as some anti-competitive business practices.

Now it is becoming increasingly clear that reliance on Amazon by some of the internet’s most popular services could be a liability. Their cloud hosting services, which, to be fair, are well known for affordability and reliability, look like an attractive single point of failure for the things we use on the internet every day.

Oct 22, 2012 ∞

Sloppy SSL implementation begets Android app vulnerabilities

Dan Goodin at Ars Technica explains how researchers found that 8% of apps in a 13,500-app sample were susceptible to man-in-the-middle attacks. Hopefully developers will revisit their SSL implementations or, better yet, Google will update future versions of the Android SDK to disallow some of the poor coding decisions that cause these vulnerabilities.

Oct 5, 2012 ∞

HP CEO Meg Whitman calls it like it is: bad

Meg Whitman, as quoted by Sean Gallagher at Ars Technica:

We aren’t as effective internally as we should be because of poor systems. We are not as competitive as we need to be in how we go to market because of our IT systems. We haven’t been using a compelling customer management or CRM system for years.

She has received some harsh criticism from industry watchers like John Gruber and MG Siegler for pushing back HP’s expected mobile phone launch to 2014 at the earliest.

That criticism is justified, especially given HP’s epic Palm/webOS fail.

But this is the most encouraging thing I’ve seen from HP in years: honest self-aware, long-term leadership commitment.

I say well done, Ms. Whitman. Now, call the caterer and lock some engineers in a room for the next year.

Aug 24, 2012 ∞

Cloud startup aims to make “dumb” cell phones smart

Sean Gallagher reports at Ars Technica on biNu, a company developing an asynchronous, server-side smartphone emulator in Java. The system’s low-bandwidth, high-security nature makes it a perfect fit for countries where the next iPhone is out of reach.

Read Gallagher’s article for the details. This is far more exciting to me than the next iPhone. Networked mobile computing technology is still in its infancy when it comes to worldwide availability and adoption. Clever technology like biNu’s may help change that.