* Posts by Woodnag

248 posts • joined 24 May 2010


Micropayments company Coil distributes new privacy policy with email that puts users' addresses in the ‘To:’ field


Message to CEO Stefan Thomas

Saying "we take privacy extremely seriously" is clearly a lie.

You didn't.

Biden projected to be the next US President, Microsoft joins rest of world in telling Trump: It looks like... you're fired


Re: Yay! Party time!

Lregal issues, sure. But civil - debt related - ones, not criminal. He's still a member of the Protected Classes(TM).

It's happened: AWS signs Memorandum of Understanding for fluffy white services with UK.gov


The cloud server locations will be in the EU to meet GDPR, right?

And provably so, too?

Hackers rummaged about in Finnish psychotherapy clinic – now patients extorted with public data dump threats


Confuse I be

How come the therapy notes were accessible online anyway?

LibreOffice rains on OpenOffice's 20th anniversary parade, tells rival project to 'do the right thing' and die


13-years old piece of software?

I use Office 2003 because I prefer the old menu system, and it t does everything I need (apart from incompatible Outlook).

I use Protel 99SE (you possibly guess the date) because it does everything I need.

Yes, both paid for.


Outlook? Nope

MS keeps updating the Exchange client killing backwards compatibility, so older Outlooks are SOL for the obvious use. Can't even use Ofice 2007's Outlook for current Exchange.

Huawei's UK code reviewers say Chinese mega-corp is still totally crap at basic software security. Bad crypto, buffer overflows, logic errors...


Re: Lets hope

Every country tries to exploit vulnerabilities in every other countries' networks. It's not good guys vs bad guys, it's sigint and everyone does it.

Who watches the watchers? Samsung does so it can fling ads at owners of its smart TVs


Samsung puff pitch


"Samsung Ads has the industry’s largest Automatic Content Recognition (ACR) data set: nearly 60% of the U.S. ACR footprint. This unique, proprietary data creates unparalleled insights into consumer behavior in Advanced TV. This report, based on the 2019 Samsung Smart TV Viewer Behavior Study, shares important learnings and key implications for advertisers."

England's COVID-tracking app finally goes live after 6 months of work – including backpedal on how to handle data


Re: data use policy

I'm impressed that there must have been a commitment to not use any libraries that aren't open source, so everything can be audited.


data use policy

There will be a massive problem with the data use policy, no matter what it finalises to. That is, if there's either an inadvertent breach or a deliberate violation of the policy, the only people who will get a jail term will be the whistleblowers.

How do you solve 'disruption' at the UK border after Brexit? Let's call Peter Thiel! AI biz Palantir – you're hired



The contract details will be interesting from GDPR perspective. If any processing is done outside EU, it's probably illegal from the get go, plus deliberate UK gov policy because 5 eyes.

Bet there aren't any mandatory monetary penalties in case of data flow 'accidents'.

Ireland unfriends Facebook: Oh Zucky Boy, the pipes, the pipes are closing…from glen to US, and through the EU-side



Nope. Nothing to do with NSLs, because they are an individualised legal warrant. Abused, sure...

From https://noyb.eu/en/next-steps-users-faqs :

...companies that fall under a US “mass surveillance” law can no longer use the SCCs . This is because the SCCs cannot override US law.

Transfers to US companies that fall under a US “mass surveillance” law like FISA 702 (also called 50 USC §1881a) are usually illegal. The companies that cannot rely on them are the so-called “electronic communication service providers”. This is a broad term under US law and covers most IT and cloud providers.

Examples of these providers include AT&T, Amazon (AWS), Apple, Cloudflare, Dropbox, Facebook, Google, Microsoft, Verizon Media (known as Oath & Yahoo) or Verizon. The links of each of the companies will take you to their transparency reports that tell you how often they were subject to US government data access requests.


SCCs for some transfers

For your bank transactions, SCCs work fine, because banks aren't subject to FISA 702 data hoovering. FB is subject to FISA 702 data hoovering, so SCC is meaningless (doesn't protect), so can't be used.


Ireland DPC

It's also interesting that the R. of I.'s DPC has been working closely with FB to avoid enforcing GDPR on FB. Even after this second judgement. Lots of detail on https://noyb.eu/en

Here's the letter from NOYB to Irish DPC after the DPC's recent prevarication:



Re: About time too

This fails GPDR. You can get your country's DPC to force them to move.


FB are pretending FISA 702 don't apply to them. It's called lying

EU data cannot be stored in US servers due to GDPR if the US gov can access it without any due process under 50 USC §1881a (FISA 702). Which is true for FB. So SCCs can't be used in this case either, because, again, the US gov can access it freely regardless.


Adobe Illustrator's open source rival Inkscape delivers v1.0.1 - with experimental Scribus PDF export


Yup, buy it once

Still using, weekly at worst, my copy of Protel 99SE that I paid £995 plus VAT for over 21 years. EditPadPro, a year later, used daily. WinZip, another year later, used daily. Office 2003, used daily....

Google Chrome calculates your autoplay settings so you don't have to - others disagree


Actually, just need to prevent detection of autoplay disable

If website can't detect autoplay disable, it can't do a workaround.


Tech ambitions said to lie at heart of Britain’s bonkers crash-and-burn Brexit plan



UK allowed Softbank (Japanese holding company) to buy ARM, so I'll take any statements about protection and generation of Great British Technology as propaganda pretending that Something is Being Done...

The Honor MagicBook Pro looks nice, runs like a dream, and isn't too expensive either. What more could you want?


The Honor MagicBook Pro is the 'spensive US version. The Honour MagicBook Pro will be the one with UK keyboard.

Highways England primes market for £2bn tech spend as part of massive investment in crumbling roads network


Re: Highways England == WTF?

Better off nipping down to the Hop Blossom in Farnham for the Fullers.

What legacy is IBM really shooting for? Cheating its own salespeople out of millions? Here we go again, allegedly


Never having worked in Sales?

You've not worked much with good sales people either, I suspect. For every commercial (maximum profit oriented) outfit, it's the key to success. Good sales people win business for mediocre products by relationship. Good marketing/business people work with sales to ensure that the market leading products aren't under-priced.

Ex-Uber chief security officer charged, accused of covering up theft of personal info from databases by hackers


So his crime was actually lying to Fed

If he'd said nothing, he'd be ok. Like Martha Stewart.

UK govt reboots A Level exam results after computer-driven fiasco: Now teacher-predicted grades will be used after all


I have come across three business cards from Principle Engineers in my career..

Whoops, our bad, we may have 'accidentally' let Google Home devices record your every word, sound – oops


Re: Or more likely ...

It's worse than that. It analysed the scream, worked out who's dead and who's alive, and ordered the shovel of the appropriate size. Or a powered hole digger if it knows that the survivor is incapable of the diggin' work.

UK data watchdog having a hard time making GDPR fines stick: Marriott scores another extension, BA prepares to pay 11% of £183m penalty threat


Details please...

...at least the general basis of the case

Dell trims workforce, says it's taking 'proactive steps to prepare for uncertainties' mid-pandemic


Proactive step?

No, a proactive step would have been to institute mild pay cuts, in the 5% to 10% range (rising cut with rising salary/level) 5 months ago to avoid laying off 6% of the workforce now, and severely damaging workforce morale.

Layoffs are reactive by their very nature.

Brit unis hit in Blackbaud hack inform students that their data was nicked, which has gone as well as you might expect


Of course, the storage was actually illegal

EU data cannot be stored in US servers. It's called GDPR.


UK surveillance laws tightened up as most spying demands to be subject to warrants


Re: "all was well in state surveillance land"

The surveillance IS about the paedos. As soon as Ghislaine is detected to be about to talk about Prince Andrew, she'll commit suicide in her cell too!


Re: Step in the right direction

Ah, but can you use GDPR to pre-emptively refuse permission for telcos and delivery services to pass on your info without a judicial paper?

An axe age, a sword age, Privacy Shield is riven, but what might that mean for European businesses?


Re: Emis GP medical records?

Amazon (AWS) falls under 702 FISA, which means US government has access to the data, so AWS storage is not allowed for EU citizen's data under GDPR.


Since UK has been playing fast and loose with UK patient records to make money, this will be interesting.



Ashley Gorski (ACLU)


Some reporting is suggesting that the SCCs will remain viable mechanisms for any EU-US transfer. Based on the court's analysis of US law, that's simply not the case. DPCs will be required to halt data flows.


Privacy Shield binned after EU court rules transatlantic data protection arrangements 'inadequate'


Re: More legal misdirection -- good try, but COMPLETELY BESIDE THE POINT!

Unfortunately surveillance isn't just about catching bad guys (oh, think of the children!), partly because the most successful criminals are protected by the status quo because they are an untouchable part of the fabric. It's about keeping tabs on those challenging the status quo (think whistleblowers), and those protesting the status quo.


Re: Haters gonna hate, spies gonna spy...

This isn't about preventing spying. It's about who gets your private data, legally, as a matter of course.


Re: More legal misdirection -- good try, but COMPLETELY BESIDE THE POINT!

This doesn't stop spies spying.

This stops businesses passing private data to others (including governments).

If data is used in a court case, it may matter how the evidence was obtained, partly in the legal admissability sense, partly because the method used to obtain may have to be disclosed... spying orgs don't like that.


Re: Standard contractual clauses

Brexit doesn't mean exiting GDPR.

But your MP is right... the 5-eyes share data on each others' citizens to work around "thou shall not spy on thy own" type laws.


Re: Standard contractual clauses

There's a separate case that the Irish DPC is avoiding ruling by being incredibly slow.



Re: Standard contractual clauses

Yes. Useful summary here: http://eulawanalysis.blogspot.com/2020/07/you-were-only-supposed-to-blow-bloody.html

"Schrems reformulated his complaint to the Irish Data Protection Commissioner (DPC) about data transfers arguing that the United States does not provide adequate protection as United States law requires Facebook Inc. to make the personal data transferred to it available to certain United States authorities, such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) and the data is used in a manner incompatible with the right to private life, and that therefore future transfers by Facebook should be suspended."


Re: Standard contractual clauses

See https://noyb.eu/en/CJEU-Media-Page

Vera Jourová didn't tell the truth. SCCs are not valid where US gov by US law gets to see the traffic. So not Facebook etc. For bank transactions, fine.

See https://www.twitter.com/maxschrems

"It seems that @VeraJourova is simply ignoring the #CJEU a second time here. The Judgement is clear that you can't just use the SCCs again and there is no "toolbox" to be used when a US company falls under #FISA and alike... "

Google: OK, OK, we pinky promise not to suck Fitbit health data into the borg. Now will you approve the sale?


"Fitbit health and wellness data will not be used for Google ads"

Thanks. That's just one tiny opportunity in the sea of ways to monetise the data.

TomTom bill bomb: Why am I being charged for infotainment? I sold my car last year, rages Reg reader


Re: As I read that

He started the TT contract from the car. I'd expect that I'd be able to stop it from the car too.

Hey NYPD, when you're done tear-gassing and running over protesters, can you tell us about your spy gear?


Re: Republicans, Trump is finished

You are sure he leave the White House? If he contests the election result, he'll stay. And he will contest if he loses.

Google isn't even trying to not be creepy: 'Continuous Match Mode' in Assistant will listen to everything until it's disabled



So if I go to somebody's house and Continuous Match Mode is enabled, who has to get my consent? Bearing in mind the voice surveillance isn't necessary for my visit, so by GDPR law I have to be proactively offered an opt-in or -out...

Ah lovely, here's something you can do with those Raspberry Pis, NUC PCs in the bottom of the drawer: Run Ubuntu Appliances on them


Daily updates?

If I build something web-facing, it would be locked down from web-sourced changes. There are going to be pwned stories about this.

Couple wrongly arrested over Gatwick Airport drone debacle score £200k payout from cops


Not an admission of a problem though

"We recognise that things could have been done differently and, as a result, Sussex Police have agreed to pay you compensation and legal costs."

should, not could, and a mention of procedural changes to avoid recurrence?

Whatsapp blamed own users for failure to keep phone number repo off Google searches



See https://noyb.eu/en/open-letter to understand that FB just ignores GDPR, with help from Ireland.

California bigwigs rule Uber, Lyft dial-a-ride drivers are employees, not contractors


Re: I know many people who work so-called "gig economy" jobs here in California.


Legal complaint lodged with UK data watchdog over claims coronavirus Test and Trace programme flouts GDPR


legislation to prevent abuse of the data or access for any other purpose

Legislation prevents nothing. It's a vehicle to punish transgression, at most.

Privacy activists prep legal challenge against UK plan to keep coronavirus contact-tracing data for two decades



It's increasingly clear that the the test-and-trace system will be mandated pretty soon.

So you really didn't touch the settings at all, huh? Well, this print-out from my secret backup says otherwise


Re: Be liberal in what you accept

What is spindled anyway?



Biting the hand that feeds IT © 1998–2020