Yahoo: turn off your ad-blockers or lose your email service

Well, well. The rise of ad-blocking is beginning to bite.

On Friday, dozens of people took to web forums and social media to complain that they were blocked from their Yahoo email accounts unless they switched off their ad blockers.

The issue seems to have first appeared early on Thursday when “portnoyd,” a user on the AdBlock Plus online support forum, was served a pop-up with an ultimatum: Turn off your ad blocker, or forget about getting to your email.

Yahoo confirmed the reports, which were discovered by Digiday. Yahoo, based in Sunnyvale, Calif., did not say how many users were affected.

“At Yahoo, we are continually developing and testing new product experiences,” Anne Yeh, a Yahoo spokeswoman, said in a statement. “This is a test we’re running for a small number of Yahoo Mail users in the U.S.”

Don’t you just love that guff about “developing and testing new product experiences”!

In the end, the targeted-ad-based business model is not sustainable. Wonder what will replace it.

Let’s turn the TalkTalk hacking scandal into a crisis

Yesterday’s Observer column:

The political theorist David Runciman draws a useful distinction between scandals and crises. Scandals happen all the time in society; they create a good deal of noise and heat, but in the end nothing much happens. Things go back to normal. Crises, on the other hand, do eventually lead to structural change, and in that sense play an important role in democracies.

So a good question to ask whenever something bad happens is whether it heralds a scandal or a crisis. When the phone-hacking story eventually broke, for example, many people (me included) thought that it represented a crisis. Now, several years – and a judicial enquiry – later, nothing much seems to have changed. Sure, there was a lot of sound and fury, but it signified little. The tabloids are still doing their disgraceful thing, and Rebekah Brooks is back in the saddle. So it was just a scandal, after all.

When the TalkTalk hacking story broke and I heard the company’s chief executive say in a live radio interview that she couldn’t say whether the customer data that had allegedly been stolen had been stored in encrypted form, the Runciman question sprang immediately to mind. That the boss of a communications firm should be so ignorant about something so central to her business certainly sounded like a scandal…

Read on

LATER Interesting blog post by Bruce Schneier. He opens with an account of how the CIA’s Director and the software developer Grant Blakeman had their email accounts hacked. Then,

Neither of them should have been put through this. None of us should have to worry about this.

The problem is a system that makes this possible, and companies that don’t care because they don’t suffer the losses. It’s a classic market failure, and government intervention is how we have to fix the problem.

It’s only when the costs of insecurity exceed the costs of doing it right that companies will invest properly in our security. Companies need to be responsible for the personal information they store about us. They need to secure it better, and they need to suffer penalties if they improperly release it. This means regulatory security standards.

The government should not mandate how a company secures our data; that will move the responsibility to the government and stifle innovation. Instead, government should establish minimum standards for results, and let the market figure out how to do it most effectively. It should allow individuals whose information has been exposed sue for damages. This is a model that has worked in all other aspects of public safety, and it needs to be applied here as well.

He’s right. Only when the costs of insecurity exceed the costs of doing it right will companies invest properly in it. And governments can fix that, quickly, by changing the law. For once, this is something that’s not difficult to do, even in a democracy.

The end of private reading is nigh

This morning’s Observer column about the Investigatory Powers bill:

The draft bill proposes that henceforth everyone’s clickstream – the URLs of every website one visits – is to be collected and stored for 12 months and may be inspected by agents of the state under certain arrangements. But collecting the stream will be done without any warrant. To civil libertarians who are upset by this new power, the government’s response boils down to this: “Don’t worry, because we’re just collecting the part of the URL that specifies the web server and that’s just ‘communications data’ (aka metadata); we’re not reading the content of the pages you visit, except under due authorisation.”

This is the purest cant, for two reasons…

Read on

So even Apple can’t break into my iPhone?

Hmmm… I wonder. This from SiliconBeat:

Apple says it would be burdensome — and mostly impossible — for it to unlock people’s iPhones upon the request of law enforcement.

In a legal filing this week, the iPhone maker answered a question posed by U.S. Magistrate Judge James Orenstein, who had been urged by federal prosecutors to force Apple to unlock an iPhone. Orenstein said last week that he would defer ruling until Apple let him know whether it’s feasible to bypass an iPhone’s passcode.

Here’s the meat of Apple’s response, which comes amid law enforcement officials’ growing frustration over tech companies’ increased privacy and security efforts:

“In most cases now and in the future, the government’s requested order would be substantially burdensome, as it would be impossible to perform. For devices running iOS 8 or higher, Apple would not have the technical ability to do what the government requests—take possession of a password protected device from the government and extract unencrypted user data from that device for the government. Among the security features in iOS 8 is a feature that prevents anyone without the device’s passcode from accessing the device’s encrypted data. This includes Apple.”

Appeasement over encryption is a *really* bad idea

This morning’s Observer column:

Ever since the internet emerged into public view in the 1980s, a key question has been whether digital technology would pose an existential challenge to corporate and governmental power. In this context, I am what you might call a recovering utopian – “utopian” in that I once did believe that the technology would put it beyond the reach of state and corporate agencies; and “recovering” in the sense that my confidence in that early assessment has taken a hammering over the years. In that period, technology has sometimes trumped politics and/or commercial power, but at other times it’s been the other way round.

The early battles were over intellectual property. Since computers are essentially copying machines, making perfect copies of digital goods became child’s play. As a celebrated trope put it: “Copying is to digital technology as breathing is to animal life.” So began the copyright wars, triggered by widespread piracy and illicit sharing of copyrighted files, which emasculated the music industry and led to the emergence of new corporate masters of the media universe – Apple, Spotify, YouTube and the rest – and the taming of the file-sharing monster. Result: Technology 1, Establishment 1.

The second battleground was the monitoring of network communications. The internet enabled anyone to become a global publisher and to exchange information via email with anyone who had a network connection. And this posed acute difficulties for established powers that were accustomed to being able to control the flow of information to their citizens. Since nothing on the net in the early days was encrypted, everyone communicated using the virtual equivalent of holiday postcards – readable by everyone who handled them en route to their destination. The only difficulty that states experienced in monitoring this unprotected torrent was its sheer volume, but Moore’s Law and technological development fixed that. It became feasible to collect “the whole goddam haystack” (to quote a former NSA director) if you threw enough resources at it. So they did – as Edward Snowden revealed. Result: Technology 0 Establishment 1.

But the biggest battle has always been about encryption…

Read on

Humans are the weakest link

This morning’s Observer column:

PGP (now in its fifth incarnation) does indeed enable one to protect one’s communications from spying eyes. It meets Snowden’s requirement for “strong crypto”. But it hasn’t realised its revolutionary potential because it turns out that powerful software is a necessary but not sufficient condition for effective security. And the reason is that, to be effective, PGP has to be implemented by humans and they turn out to be the weak link in the chain.

This was brought forcibly home to me last week at a symposium on encryption, anonymity and human rights jointly organised by Amnesty International and academics from Cambridge University…

Read on

The biggest question posed by the Anderson Report

This morning’s Observer column:

When, in the summer of 2013, Edward Snowden began his revelations of the shocking scale of the electronic surveillance currently practised by the NSA and its overseas franchises in Britain, Canada, Australia and New Zealand, the big and obvious question was: is this just another scandal; or is it a real crisis?

Until this week, I’d have said that it was just another scandal…

Read on

The industrial fallout from NSA surveillance

NSA surveillance is going to cost the U.S. tech sector a lot more than originally thought.

The Information Technology and Innovation Foundation (ITIF), a Washington, D.C. -based think tank that advocates for policies that nurture technology innovation, has released a new report in which it raises its previous estimate of how much surveillance by the U.S. intelligence community could cost U.S. tech companies.

In 2013, the non-partisan group estimated that the NSA-related revelations stemming from Edward Snowden’s 2013 leak would scare away foreign customers in the cloud computer sector to the tune of as much as $35 billion in business. The new report says that figure is too low, and that the economic reverberations will “likely far exceed” that initial $35 billion estimate, although the report wasn’t more specific on a final figure.


Ed Snowden has definitely had an impact but…

This morning’s Observer column:

For anyone still in doubt about the impact of Edward Snowden’s revelations, it might be instructive to review what has been going on in the US Congress over the last few months, with legislators grappling with bills aimed at curbing the surveillance capabilities of the NSA and other federal agencies. In the end, in a classic congressional farce, there was a brief intermission in the NSA’s data-gathering capabilities, after which the Senate passed a bill to end the agency’s bulk collection of the phone records of millions of Americans.

At one level it’s a significant moment: one in which – as a Guardian leader writer put it – “an outlaw rewrites the law”. And in a few other countries, notably Germany, Snowden’s revelations do seem to be having a demonstrable impact – as witnessed, for example, by the Bundestag’s inquiry into NSA surveillance within the Federal Republic.

These are non-trivial outcomes, but we shouldn’t get carried away…

Read on