Excellent news
Why the only thing that could spoil this would be if websites or software were ever produced and controlled by people outside of the country.
But I'm sure the government is working on ways to prevent that
Installing computer programs without consent became a civil offence punishable by fines in Canada this week. Under the new regulations that form part of Canada's anti-spam legislation, it is now illegal for a website to automatically install software on a visitor's computer or for an app on your phone to be updated without …
@ DAM
I'm not sure I agree with that 100% considering he's about the "firmest" Prime Minister we in Canada have had in the last few decades. Has the gall to stand up what he believes is right, and hasn't wrapped up the billions of dollars in taxpayers money in scandal after scandal in the way the Canadian Liberals have. If you want to discuss proxy states and NA alliances we can save it for another forum.
@larokus "hasn't wrapped up the billions of dollars in taxpayers money in scandal after scandal in the way the Canadian Liberals have. "
You either don't live here or don't watch the news or work for the CPC. The Harper's whole reign has been scandal after scandal with 10s of billions of dollars missing.
"Invaded by the Americans three times and still here"
Like that's hard to do. The yanks can win a war to save their fucking souls. I mean, hell, that lot can't even club a bunch of poor sand people on the head and steal their oil without getting their asses handed to them.
Nah, the US is best used as an adjunct to a real nation. They can sit on the sidelines and fire missiles into some dictator's tank collection, or bomb (mostly) industrial facilities while real soldiers do the hard work on the ground of removing the douche canoes from office. However good the USian soldiers are - and US soldiers are damned fine soliders! - their military and political leader are utterly worthless, and it cripples their ability to achieve objectives.
The best army in the world is worth nothing if you waste them on fool's errand after fool's errand.
A Yank might at first take offense to these statements. Sadly, this is exactly to what we have been reduced by our political ruling class, given power by a citizenry which has largely willfully submitted itself to the omnipotence of the legislator, to be ruled by its inferiors.
We have lost our balls, or rather traded them away for a bunch of warm and fuzzy notions, replacing, as Thomas Sowell said, what worked with what sounded good.
It's not just the miscreants doing this. Have you tried to donwload anything from CNET or some of the other larger providers. It's a visual jungle trying to determine which "Download Now" button to click in order to to get the software that you want instead of some POS software installer/publicity laden/registry fixing nightmare.
http://www.cwilson.com/resource/newsletters/article/1143-preparing-for-canada-s-anti-spam-law-part-two-the-installation-of-computer-programs.html
"To obtain express consent, certain information must be set out clearly and simply by the person seeking consent and installing the computer program. This information includes the purpose for which the consent is being sought, information identifying the person seeking consent6, their mailing address and either a telephone number, an email address or a webpage7, and a statement that the person whose consent is sought can withdraw their consent8. Although the consent may be given orally or in writing, it must be sought separately for each act described under CASL9 – that is, consent to receive a commercial electronic message is not also consent to the installation of a computer program.
"However, for the installation of computer programs, there are two additional consent requirements that don't apply to commercial electronic messages. The first of these is that the person seeking consent must also clearly and simply describe, in general terms, the function and purpose of the computer program that is to be installed if the consent is given.10 The second of these relates to specific functions of the computer program, and is discussed below."
This post has been deleted by its author
Google just violated this law this morning.
I maintain multiple GOOG accounts.
In Chrome the account contains all my ADMIN links to access various sites I build / manage.
In FF the account is plain vanilla. I can view the site in FF and log in as ordinary user but when I use the credentials on the chrome account I log in as ADMIN.
This morning TheGOOG downloaded something new to Chrome. Chrome now displays and account name up near the min/max/close buttons. This new button showed an account name. This account name was the account associated with FF.
I attempted to change Chrome back to the prior defaults. TheGOOG played the GOD card and deleted all of my account history, accumulated links, and all of my various access credentials. I have not yet had the time to go back and assess the damage but the loss represents 5 years of work at a minimum.
TheGOOG destroyed files on my machine within the precincts of my home with no notice to me. This was due to TheGoog implementing changes that work well for it but for the end user not so much.
Basis rule of dev is to avoid destructive changes from which there is no possibility of recovery. TheGOOG violated that basic principle. Which is strange as in all other TheGOOG products (such as maps) they roll forward or act to preserve user data. In this case they just blew it all away so they could interlink user accounts meant to be kept separate. The download was not requested or accepted by me. TheGOOG pushed the download to the browser with no explanation of what it was doing, why it was doing it, or the potential impact on the user.
TheGOOG is more evil than even MSFT was in its heyday.
I do have a backup. Just spent a few hours picking through the C:\Users\<USER>\AppData\Local\Google\Chrome\User Data\Default files to see what is there.
I can push a button and replace all of Chrome and wind it back to any date in the last 30 days. Not sure how TheGOOG is going to play on that action as it is not clear what portion of the application is local and what is held in the cloud.
I fully expect my attempt to reassert control over my hardware and my digital history will place me in conflict with the cloudy objectives of TheGOOG..
"the loss represents 5 years of work at a minimum."
It's at times like this that people realise the difference between RAID (two identical copies of the same duff data) and backups (one or more copies of 'known good' data saved on a previous occasion)
Then there's all those fake windows dialogs on many webpages claiming the system detected that there is a virus/registry error and you need to click a button to fix it.
As a linux user I laugh at such naive attempts, but less knowledgable users are vable to such underhand behaviour.
>By your reasoning murder, rape and child molestation would be legal, because some people commit those acts despite their being laws against them.
No it's like making a new law specifically banning sending a kidnap ransom demand by email and requiring a box to be ticked on every email stating that this isn't a ransom demand.
OK... now _enforce_ this. Especially enforce it on websites, etc., which are NOT in Canadian jurisdiction, which would be almost all of them.
The problem with this kind of legislation is that the guys who are using drive-by installs to dump malware on people's machines are _already_ criminals, and simply will not care about adding yet another charge to the sheet, given that they are very unlikely to be caught.
I suspect that making it illegal will allow for more persuasive conversations with other software vendors who's legitimate activities have in the past accommodated what-was-until-now a legal practice. Now that it is illegal, I should imagine that this will become increasingly harder to do.
Yeah.. everyone EXCEPT the slime-ball criminals is affected by their misguided efforts. The goodie-goodie-nambie-pamby-left-leaning-social-engineering-think-of-the-children idiots don't understand is that criminals by definition do not obey the law. They also have a problem with scope... as in the Internet is global and good-luck applying your nation's laws to someone in a country on the other side of the planet, perhaps in the opposite hemisphere.
Okay, so you'd do without laws on murder, rape and child molestation.
But in this case the need for the law goes beyond for that for those clear cut crimes.
In this case many people think these white collar crimes are legal and are committing them based on that belief, despite the fact that these crimes have always been unethical and immoral.
I can see why other commenters think this legislation may be futile, but it is pleasing that they're at least acknowledging the need for regulation. Also nice to see that they use an example of dodgy behaviour clearly based on the Sony rootkit affair.
Some of it seems a bit iffy, though. eg, if I read it right, ISPs won't need to seek permission to install software to "protect the security of all or part of (their) network from a current and identifiable threat".
The problem is that it's worse than just futile. The last time they tried this sort of thing (i.e., their anti-spam legislation that required companies to obtain explicit consent to communicate with customers), all Canadian companies had to waste a vast amount of effort and money sending out emails seeking permission to continue communicating with their customers. People were overwhelmed with the volume of messages (hmmm, sounds a lot like the problem they were trying to solve in the first place), and probably missed responding to some that they should have. Of course real spam volumes were unaffected because almost all of it comes from spammers outside the country who don't care about Canadian legislation. It was pointless political posturing that ended up being worse than the problem it purported to solve, as usual. I suspect this latest legislation will be the same.
It's true that it didn't do anything about the penis pills and other magic woo sellers, but my spam fillers get 99% of that stuff.
What it did kill off was "legitimate" companies that thought it was OK to use an email address you supplied for one purpose to spam the crap out of you (except they call it an email blast so it was totally not spam).
So now I get a please let us spam you email, and I do nothing.
"What it did kill off was "legitimate" companies that thought it was OK to use an email address you supplied for one purpose to spam the crap out of you (except they call it an email blast so it was totally not spam)."
Guess your spam filters missed that 1%, huh? None of that makes much sense. Update your filters and stop whining. Alternatively, stop using email.
"Uh huh... so an ISP can try to force you to install software. What if you are running Linux? Will they justify kicking you off their network because they can't install their security tools?"
You are dreaming up stuff to worry about. You're the only one suggesting people not be allowed to run Linux.
The law says ISPs can assume consent to install security software that is solely to protect the security of the network. Getting the software to work is the ISPs problem. And if their software breaks your computer then they've broken the law.
"a program that is installed by a telecommunications service provider solely to protect the security of its network from a current and identifiable threat to the availability, reliability, efficiency or optimal use of its network;
a program that is installed to update or upgrade the network by the telecommunications service provider who owns or operates the network on the computer systems that constitute all or part of the network; and"
I've had my computer screwed up twice in the last few years, screwed to the extent that a rebuild was required. Both times it was due to an automatic Apple iTunes update fuxoring the iPod drivers. Both times it required three days buggering about on stupid support forums, where everyone has an answer but no one knows the solution, before making teh decision fuggit where is that re-install disk.
I believe on Android the "automatically update apps" option is on by default. Is this something that Google have to worry about or individual app creators? If the latter I can't see how they can stop it other than not releasing any updates or adding in a new permission for each release to make the update a manual process.
Can they not simply add a patch to the OS to ensure any detected attempted update gets halted and the owner prompted ? Maybe a tick box in the settings (default off) to say do what you like, don't bother me.
While they're at it they could ensure all permissions were switchable on & off per app anyway. Then those apps that insist on having a what seems to be an unnecessary permission, or it stops working, can be identified and removed.
Unless something changed with 5.0, it isn't on by default according to my experience with 4.1-4.4.x. It's real easy to flip it to automagical updates without a thought involved since it's constantly trying to get you to do so. There's a couple of apps that I don't want updated which is why I've noticed. That and I keep killing tablet screens.
I think the auto update feature of Android can also be stopped from the app settings and I do think that sometimes it doesn't takes our consent which leads to data losses. But nowadays some special types of apps are also developed, in which you can get direct access to your phones settings, ie now the permissions will always have to be from your part. To know more please contact http://goo.gl/dIRZwL for a free consultation.
So far as I can tell, straightforward bug fixes are OK and don't need explicit consent, provided you have explicit consent from the original installation. What is being targeted is new software or changes to software which affects the collection of personal data, or which can affect the normal operation of the computer, phone, or tablet (e.g. browser home page hijackers), or which allows someone to get remote access to your computer (e.g. back doors).
I think what they are after under the "updates" clause is where a company publishes an innocuous game, and then later uses the update feature to push out malware. There are companies in the mobile app field who buy up money losing games and then use them to push out data collection and tracking features to existing users. If you left this loop hole, then they could say that they had the "consent" of the user during the original installation. If you are just pushing out a security fix or bug fix which doesn't do something like intentionally add a remote access backdoor then you can use the consent from the original installation.
The CBC reported that this legislation is actually just part of the existing anti-spam laws which are now coming into effect.
The whole thing reads like yet another Lawyers Full Employment Act to me.
You can make an identifiable act legal or illegal, shooting someone for example. You can't make an intention illegal, because that's trying to crawl inside somebody's brain. And what this law is aiming at is intentions, so it's bound to backfire in stupendous ways.
Tom 13, I can’t speak to Canadian law, but in the States, 21 USC §846 makes a conspiracy to commit any federal controlled substance offense in 21 USC chapter 13, subchapter I, part D subject to exactly the same penalties as actually committing that offense. Unlike other conspiracy crimes, the US Supreme Court ruled in United States v. Shabani that a 21 USC §846 conspiracy does not require an overt act to be taken in furtherance of the offense; thus, the mere agreement of intent between two or more people to commit such an offense, without any action taken on that intent, would meet the definition of a 21 USC §846 conspiracy.
The Canadian attitude can also be seen in their response to the Charlie Hebdo attacks. France? They arrested 54 people on hate speech charges in one week. UK? They used the attacks as a springboard to try and ban encryption. Canada? They want to kill off their blasphemy laws.
I love this feckin' country sometimes.
it's great to see authorities trying to combat illegal activities. I'm sure all those, particularly the nastier ones, will come to stop their evil-doing right now. And for those who don't, well, the brave enforcement agencies will take the Chinese and Russian evil-doers head-on!
Yahoo does business in Canada -- they have people here who sell advertising.
You know how so many companies get stuck obeying US law because they do business in the USA, accept our laws or don't do business here.
That's how it works other countries too.
This won't affect companies with little or no presence in Canada.
>That "Install the Yahoo! Toolbar" checkbox will be unticked by default for Adobe's updates
some time after the preferences you've set for Flash--relative to its use of audio and video devices, to data storage, and to update preferences--'stick' for any length of time at all... Tick.. Tick...
Will this ban printer manufacturers auto-updating their drivers/printers to disable 3rd party cartridges? If so, that would be a good use for this law, as the printer companies are (nominally at least) "reputable" firms who might be expected to comply.
In the original license agreement section 34, paragraph 3, line 7, it states that you knowingly install this software with "bugs", which you agree we will fix for you (when we get around to it, of course). By "fix" we mean insert code that copies all of your contact information and database and drops off a copy by phoning home, the location of which we reserve the future right to change by "fixing a previously unknown bug".
So it actually does affect companies that Google and Yahoo that have offices here to sell advertising. It affects what they can do to Canadian residents.
(And of course it affects companies that EA, AMD, Corel, Microsoft, IBM that do major development work here.)
For foreign-based companies with no Canadian presence: If the company committed serious damage to computers by what it was doing, any officer of that company visiting Canada could be arrested. However I don't think extradition would work because extradition *usually* (not always) is only for acts defined as crimes in both countries.
Criminals, sure criminals will still commit crimes -- but if "some people will still break the law" was a reason to not have laws, we wouldn't have any laws at all.
Laws are what gives "bottom-line oriented" greedy people their consciences. You know the sort, they consider anything they can get away as totally acceptable.
The "high functioning" psychopaths and sociopaths whose disregard for ethics and morality brings them to the leadership of many companies, they care about laws and jail because laws and jail can reduce their personal enjoyment of life.
And of course fines reduce profits which reduces their personal enjoyment of life too.
1. It looks like security and bug fixes are exempt, provided they don't add "features".
2. It looks like permission boxes must be de-selected by default.
http://www.cwilson.com/resource/newsletters/article/1143-preparing-for-canada-s-anti-spam-law-part-two-the-installation-of-computer-programs.html
"... Express Consent Requirements
While there are three main exceptions under which consent may be implied or is simply not required, the default position under CASL is that consent must be obtained before taking any action which would otherwise be prohibited. Because any person alleging to have obtained consent bears the evidentiary burden of proving such consent5, it is important for any company that installs computer programs to implement clear policies that provide for the proper documentation of customer consent for any computer programs that are installed. ..."
and later it says
"Exemptions
There are three exemptions to the above rules, where consent is deemed to have been obtained or is simply not required. These exemptions apply to upgrades, cookies and telecommunication service providers. ..."
And those exemptions are then defined.
"... The regulations under CASL also provide that a person is considered to expressly consent if their conduct is such that it is reasonable to believe they consent and the program is one of the following:
a program that is installed by a telecommunications service provider solely to protect the security of its network from a current and identifiable threat to the availability, reliability, efficiency or optimal use of its network;
a program that is installed to update or upgrade the network by the telecommunications service provider who owns or operates the network on the computer systems that constitute all or part of the network; and
a program that is necessary to correct a failure in the operation of the computer system or a program installed on it and is installed solely for that purpose.22"
Doesn't the term *upgrade (sort of) imply adding features... specifically with software? To me it's something beyond a patch collection. One expects it to do the same functions faster or more efficiently, perhaps more security hardened, but expanding functionality is part of an *upgrade, which is a new purchase... which generally includes a new licensing agreement negotiated for each new purchase.
Not that people don't go from Brandx.5 to Brandx.6 because they just want to feel/say they have the newest, and that they never do anything new with it, but.
**********
It sounds like each piece of software now needs to first make available for us a program which will provide us with documentation of the consent we give to install it, and separate documentation for every installation of any and all new/additional programs/features in the future. That oughta provide a coupla two-tree coders a gig for a while...
*********
And... what about the profitability of those telecommunications service providers, the lack of which certainly presents an identifiable threat to the availability (at all) of its network. Did Canada sign onto the TTIP?
a program that is installed by a telecommunications service provider solely to protect the security of its network from a current and identifiable threat to the availability, reliability, efficiency or optimal use of its network;
The non-specific nature of this text with respect to the computers affected leads to the conclusion that it could be used to justify intrusion (whosoever it can be achieved) into a customer's computer in order to protect the TSP's network.
a program that is installed to update or upgrade the network by the telecommunications service provider who owns or operates the network on the computer systems that constitute all or part of the network; and
This seems to justify remote upgrades of TSP-supplied computers (eg ISP modems/routers) whether the customer wants it or not.
a program that is necessary to correct a failure in the operation of the computer system or a program installed on it and is installed solely for that purpose
This seems to allow OS suppliers (eg Microsoft, Apple) to automatically fix bugs on anyone's computer without needing to inform the owner.
--------------------------
All in all, these sections seem consistent with the view that suppliers and operators of the network infrastructure can now legally poke into private computers without consent as long as they can claim that it is 'for the good of the network'. I'm sure security bods might applaud this, but it is a worrying step nevertheless.
Installing WGA was not compulsory - particularly if you did manual download of updates, as is only sensible. Just untick that item and tell Update never to show it to you again.
If you have gone and download it by accident, or laziness in checking what MS is sending you, then just Google how to remove it. (Other Search Engines are available)
I thought this was a tech site!
Does it apply to gubbmint spyware?
allows automatic bug-fix updates? crap. Ever had to wait for an unwanted automatic update to install over a slow network connection before you can use your computer?
I want to be consulted about everything which installs or modifies software on my computer, every time.
This new "Law" will really make no difference. We already jump through many hoops to avoid this stuff now. Check this box...and uncheck this one and do you agree not to install our wonderful Toolbar, etc., etc. My favorite type of Spam enabler is "Open Candy" . Another lovely one is Conduit. They are almost impossible to avoid getting in some cases while installing so called "Free" software and very difficult to get rid of once installed. It can't be called "Buyer beware", more of "User beware". I avoid free trials like a horrible disease now because of my bad experiences and the time required to clean up my computers. I can't even imagine the costs involved to have a professional clean out your computer. I thank God I have some idea how to do so or I could never afford to be connected to the Internet. Needless to say I used to be quite a Risk Taker but you do eventually learn. I was stubborn and so I probably took a bit longer than some but the time factor inconvenience eventually taught me.
Whoever wrote this, and the idiots that then voted on this should all be sent to North Korea where things like this will have almost no affect, and when they do, GENERAL KIM can quickly fix the problem.
For the rest of us, get the hell out of the way and let us live our lives without your crap interfering!!
WAY TO GO CANADA! You have stepped into the dark ages!