browsers – Techdirt (original) (raw)
Will Browsers Be Required By Law To Stop You From Visiting Infringing Sites?
from the i-can't-open-that-page,-dave dept
Mozilla’s Open Policy & Advocacy blog has news about a worrying proposal from the French government:
In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list.
The post explains why this is an extremely dangerous approach:
A world in which browsers can be forced to incorporate a list of banned websites at the software-level that simply do not open, either in a region or globally, is a worrying prospect that raises serious concerns around freedom of expression. If it successfully passes into law, the precedent this would set would make it much harder for browsers to reject such requests from other governments.
If a capability to block any site on a government blacklist were required by law to be built in to all browsers, then repressive governments would be given an enormously powerful tool. There would be no way around that censorship, short of hacking the browser code. That might be an option for open source coders, but it certainly won’t be for the vast majority of ordinary users. As the Mozilla post points out:
Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools.
It is even worse than that. If such a capability to block any site were built in to browsers, it’s not just authoritarian governments that would be rubbing their hands with glee: the copyright industry would doubtless push for allegedly infringing sites to be included on the block list too. We know this, because it has already done it in the past, as discussed in Walled Culture the book (free digital versions).
Not many people now remember, but in 2004, BT (British Telecom) caused something of a storm when it created CleanFeed:
British Telecom has taken the unprecedented step of blocking all illegal child pornography websites in a crackdown on abuse online. The decision by Britain’s largest high-speed internet provider will lead to the first mass censorship of the web attempted in a Western democracy.
Here’s how it worked:
Subscribers to British Telecom’s internet services such as BTYahoo and BTInternet who attempt to access illegal sites will receive an error message as if the page was unavailable. BT will register the number of attempts but will not be able to record details of those accessing the sites.
The key justification for what the Guardian called “the first mass censorship of the web attempted in a Western democracy” was that it only blocked illegal child sexual abuse material Web sites. It was therefore an extreme situation requiring an exceptional solution. But seven years later, the copyright industry were able to convince a High Court judge to ignore that justification, and to take advantage of CleanFeed to block a site, Newzbin 2, that had nothing to do with child sexual abuse material, and therefore did not require exceptional solutions:
Justice Arnold ruled that BT must use its blocking technology CleanFeed – which is currently used to prevent access to websites featuring child sexual abuse – to block Newzbin 2.
Exactly the logic used by copyright companies to subvert CleanFeed could be used to co-opt the censorship capabilities of browsers with built-in Web blocking lists. As with CleanFeed, the copyright industry would doubtless argue that since the technology already exists, why not to apply it to tackling copyright infringement too?
That very real threat is another reason to fight this pernicious, misguided French proposal. Because if it is implemented, it will be very hard to stop it becoming yet another technology that the copyright world demands should be bent to its own selfish purposes.
Follow me @glynmoody on Mastodon. Originally published to Walled Culture.
Filed Under: blocklist, browsers, cleanfeed, copyright, france, sren, websites
Hoping To Combat ISP Snooping, Mozilla Enables Encrypted DNS
from the encrypt-ALL-the-things! dept
Thu, Feb 27th 2020 06:18am - Karl Bode
Historically, like much of the internet, DNS hasn’t been all that secure. That’s why Mozilla last year announced it would begin testing something called “DNS over HTTPS,” a significant security upgrade to DNS that encrypts and obscures your domain requests, making it more difficult (though not impossible) to see which websites a user is visiting. Obviously, this puts a bit of a wrinkle in government, telecom, or other organizational efforts to use DNS records to block and filter content, or track and sell user activity.
As a result, a lot of these folks have been throwing temper tantrums in recent weeks.
The telecom sector, which makes plenty of cash selling your daily browsing habits, have spent much of the last year trying to demonize the Google and Mozilla efforts any way they can, from insisting the move constitutes an antitrust violation on Google’s part (it doesn’t), to saying it’s a threat to national security (it’s not), to suggesting it even poses a risk to 5G deployments (nah, that’s an entirely different mess). Mozilla’s response to telecoms’ face fanning? To first urge Congress to investigate telecom’s long history of privacy abuses, then proceeding this week to enable the feature by default in the Mozilla browser.
In a blog post, Mozilla explains its thinking as such:
“At the creation of the internet, these kinds of threats to people?s privacy and security were known, but not being exploited yet. Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives. We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit.”
While there’s a lot of overheated rhetoric about the risk of DNS over HTTPS from the likes of big telecom and government surveillance aficionados, there are some legitimate concerns about the standard from more above-board cybersecurity professionals. They’ll be quick to note there’s several other points at which ISPs can still engage in data surveillance and sales. They’ll also argue that DNS over HTTPS really complicates life for enterprise IT managers, and in some instances encrypted DNS could derail existing cybersecurity solutions or parental control solutions.
I find DNS over HTTP unwise from a Corp security perspective for a few reasons (particularly NIDS and legacy malware detection), but this is a good explanation and I?d pay close attention to the sections on how to force-disable it as an organization if you rely on that detection. https://t.co/i2yjATPbP9 pic.twitter.com/I7bgyCMCtW
— Lesley Carhart @RSAC (@hacks4pancakes) February 25, 2020
Mozilla says it’s listening to these complaints, so it’s starting slowly with a gradual roll out across the US only. The organization says Firefox will disable encrypted DNS if it conflicts with parental controls. The feature will also be disabled by default in enterprise configurations. Firefox’s encrypted DNS will use Cloudflare by default, though users can switch to other encrypted DNS providers manually in their browser settings. Those curious about the particulars can dig through Mozilla’s FAQ here.
Filed Under: browsers, dns, dns over https, encryption, firefox, privacy, snooping
Companies: mozilla
As Google Ponders Making Ad Blockers Less Useful, Mozilla Ramps Up Tracker Blocking
from the competing-for-your-privacy dept
Thu, Jun 6th 2019 06:42am - Karl Bode
Google found itself under fire last week after critics said the company was considering weakening ad blockers on the company’s Chrome browser. The changes were part of the company’s broader Manifest V3 roadmap for the browser, which Google claims is being considered to improve browser performance and extension security. But consumer groups and adblock extension developers weren’t buying Google’s claims, and say that the changes will make adblockers less effective by prohibiting them from pre-blocking ads, instead shifting blocking determination to Chrome itself.
As it currently stands, many Chrome adblock extensions use Chrome’s webRequest API, letting users block ads before they even reach the browser. But Google?s proposal would require extensions use the declarativeNetRequest API, which leaves it to the browser to decide what gets blocked based on a list of up to 30,000 rules. While extensions like AdBlock already use the latter, developers say the overall result will be tools that simply aren’t quite as effective, and would erode consumer power to determine for him- or herself how stringent blocking actually is.
uBlock Origin developer Raymond Hill was rather pointed in his criticism of Google, arguing that the company embraced tougher adblockers to grow its market share, but is now weakening their functionality because it conflicts with Google’s raison d’?tre, namely selling more behavioral ads:
?In order for Google Chrome to reach its current user base, it had to support content blockers?these are the top most popular extensions for any browser,? he said. ?Google strategy has been to find the optimal point between the two goals of growing the user base of Google Chrome and preventing content blockers from harming its business.
Hill argues that the blocking ability of the webRequest API caused Google to yield some control of content blocking to third-party developers. Now that Chrome?s market share is greater, the company?s in a better position to ?shift the optimal point between the two goals which benefits Google’s primary business,? Hill said.
The EFF, whose adblock extension Privacy Badger will likely be impacted by these changes (should they arrive this fall), was equally pointed in its criticism of the move, arguing that weakening such tools in an era of rampant privacy and security scandals was tone-deaf on the part of Google:
?Google’s claim that these new limitations are needed to improve performance is at odds with the state of the internet,? the organization said. ?Sites today are bloated with trackers that consume data and slow down the user experience. Tracker blockers have improved the performance and user experience of many sites and the user experience. Why not let independent developers innovate where the Chrome team isn’t??
The EFF was quick to note that the changes could also impact parental controls and security and privacy tools. While Google continues to deny any ill-intent with the changes, that’s going to be left to consumers to decide. And should Google continue down the road to making adblock extensions less effective, Mozilla seems intent to fill the void. The company this week announced it would be expanding tracker blocking by default in Firefox, as the era of seemingly-bottomless privacy scandals increasingly forces companies to actually compete (to a point) on privacy.
Filed Under: ad blockers, browsers, chrome, extensions, firefox
Companies: google, mozilla
Boston Globe Blocks Readers Using Privacy Modes In Browsers
from the noncognito dept
While the Boston Globe has had a paywall on its site for some time — the metered sort that lets you read a certain number of articles for free before insisting you sign up for an account with a subcription — that paywall also featured an open tunnel allowing anyone running their browsers in private or incognito mode to drive right through it. This workaround was well known and used since at least 2014, although hunting around on google search results seems to make it clear that this was all found out because people generally like to use privacy and incognito modes in their browsers for the very reasons the browsers developed them: security and privacy.
Two things that perhaps the folks at the Boston Globe don’t consider terribly important as they have elected to simply block all readership from browsers running in privacy modes unless the reader signs up for a subscription.
The Boston Globe website is closing off a hole in its paywall by preventing visitors who aren’t logged in from reading articles in a browser’s private mode.
“You’re using a browser set to private or incognito mode” is the message given to BostonGlobe.com visitors who click on articles in private mode. “To continue reading articles in this mode, please log in to your Globe account.” People who aren’t already Globe subscribers are urged to subscribe.
It’s a strange request for a couple of reasons. First, many privacy modes don’t even keep sites from tracking what you’re doing. They do, however, tend to limit the ability to track you across multiple different sites as you browse. Second, there is still a laughably easy workaround for anyone that wants to keep seeing free articles from the Boston Globe without a subscription: simply delete all cookies from the Boston Globe off of your computer and, voila, you get more free articles. Regardless of both, punishing readers for their privacy concerns probably isn’t the best way to build subscription bases.
The Globe policy is a case of “disrespecting user preferences,” Electronic Frontier Foundation Senior Staff Technologist Alexei Miagkov told Ars. Miagkov was not aware of any other sites blocking users in private browsing mode.
Logging into the website in private mode puts your privacy at risk, he said. “By logging in you make it easy for them to keep tracking you, to keep building their (advertising) user profiles,” he said. “They may also sync their tracking data with their advertising partners whereas if you hadn’t logged in, those advertising partners might see a new visitor for every new incognito session.”
It’s worth noting that this isn’t a technical limitation, but a choice that the Globe is making almost certainly for those advertising reasons. There are many newspaper sites that have managed to allow for free articles in privacy modes, such as The Chicago Tribune and USA Today. Whatever you think of paywalls generally, I can’t imagine how this disregard for readers’ privacy choices builds a path to long term paywall success.
Filed Under: browsers, incongnito, news, newspapers, paywalls, private mode
Companies: boston globe
The Codification Of Web DRM As A Censorship Tool
from the exceptions-that-create-a-rule dept
The ongoing fight at the W3C over Encrypted Media Extensions — the HTML5 DRM scheme that several companies want ensconced in web standards — took two worrying turns recently. Firstly, Google slipped an important change into the latest Chrome update that removed the ability to disable its implementation of EME, further neutering the weak argument of supporters that the DRM is optional. But the other development is even more interesting — and concerning:
Dozens of W3C members — and hundreds of security professionals — have asked the W3C to amend its policies so that its members can’t use EME to silence security researchers and whistleblowers who want to warn web users that they are in danger from security vulnerabilities in browsers.
So far, the W3C has stonewalled on this. This weekend, the W3C executive announced that it would not make such an agreement part of the EME work, and endorsed the idea that the W3C should participate in creating new legal rights for companies to decide which true facts about browser defects can be disclosed and under what circumstances.
One of the major objections to EME has been the fact that, due to the anti-circumvention copyright laws of several countries, it would quickly become a tool for companies to censor or punish security researchers who find vulnerabilities in their software. The director of the standards body called for a new consensus solution to this problem but, unsurprisingly, “the team was unable to find such a resolution.” So the new approach will be a forced compromise of sorts in which, instead of attempting to carve out clear and broad protections for security research, they will work to establish narrower protections only for those who follow a set of best practices for reporting vulnerabilities. In the words of one supporter of the plan, it “won’t make the world perfect, but we believe it is an achievable and worthwhile goal.”
But this is not a real compromise. Rather, it’s a tacit endorsement of the use of DRM for censoring security researchers. Because the argument is not about to what degree such use is acceptable, but whether such use is appropriate at all. It’s not, but this legitimizes the idea that it is.
Remember: it’s only illegal to circumvent DRM due to copyright law, which is not supposed to have anything to do with the act of exploring and researching software and publishing findings about how it functions. On paper, that’s a side effect (though obviously a happy and intentional side effect for many DRM proponents). The argument at the W3C did not start because of an official plan to give software vendors a way to censor security research, but because that would be the ultimate effect of EME in many places thanks to copyright law. Codifying a set of practices for permissible security disclosures might be “better” than having no exception at all in that narrow practical sense, but it’s also worse for effectively declaring that to be an acceptable application of DRM technology in the first place. It could even make things worse overall, arming companies with a classic “they should have used the _proper channels_” argument.
In other words, this is a pure example of the often-misunderstood idea of an exception that proves a rule — in this case, the rule that DRM is a way to control security researchers.
Of course, security research isn’t the only thing at stake. Cory Doctorow was active on the mailing list in response to the announcement, pointing out the significant concerns raised by people who need special accessibility tools for various impairments, and the lack of substantial response:
The document with accessibility use-cases is quite specific, while all the dismissals of it have been very vague, and made appeals to authority (“technical experts who are passionate advocates for accessibility who have carefully assessed the technology over years have declared that there isn’t a problem”) rather than addressing those issues.
How, for example, would the 1 in 4000 people with photosensitive epilepsy be able to do lookaheads in videos to ensure that upcoming sequences passed the Harding Test without being able to decrypt the stream and post-process it through their own safety software? How would someone who was colorblind use Dankam to make realtime adjustments to the gamut of videos to accommodate them to the idiosyncrasies of their vision and neurology?
I would welcome substantive discussion on these issues — rather than perfunctory dismissals. The fact that W3C members who specialize in providing adaptive technology to people with visual impairments on three continents have asked the Director to ensure that EME doesn’t interfere with their work warrants a substantive reply.
For the moment, it doesn’t look like any clear resolution to this debate is on the horizon inside the W3C. But these latest moves raise the concern that the pro-DRM faction will quietly move forward with making EME the norm (Doctorow also questioned the schedule for this stuff, and whether these “best practices” for security research will lag behind the publication of the standard). Of course, the best solution would be to reform copyright and get rid of the anti-circumvention laws that make this an issue in the first place.
Filed Under: browsers, drm, eme, exceptions, html 5, research, security
Companies: google, w3c
China Considers Cutting Itself Off From The Global Internet, As Three Home-Grown Browsers Are Found Leaking Personal Data
from the probably-just-a-coincidence dept
Techdirt readers know that the Chinese authorities have been steadily tightening their grip on most aspects of online life in the country, but there’s one area that hasn’t been mentioned much: the Web browser. Recently, a new report from the University of Toronto’s Citizen Lab identified security and privacy issues in QQ Browser, a mobile browser produced by the China-based Internet giant Tencent. Here’s a summary:
> The Android version of the browser transmits personally identifiable data, including a user’s search terms, the URLs of visited websites, nearby WiFi access points, and the user’s IMSI [International Mobile Subscriber Identification] and IMEI [International Mobile Equipment Identifier] identifiers, without encryption or with easily decrypted encryption. Similarly, the Windows version sends personally identifiable data, including the URL of all pages visited in the browser, a user’s hard drive serial number, MAC address, Windows hostname, and Windows user security identifier, also without encryption or with easily decrypted decryption.
Now, this could just be the result of some supremely sloppy coding combined with lax privacy practice — in theory, at least. But that generous interpretation becomes rather harder to sustain when you bear in mind that this is not the first time Citizen Lab has found this behavior. To be precise, this is the third time. Last month, it discovered that Baidu Browser, a free Web browser for the Windows and Android platforms produced by Baidu, one of China?s biggest tech companies, has strikingly similar problems to QQ Browser:
> The report identifies security concerns in both the Windows and Android versions of the browser that may expose personal user data, including a user?s geolocation, hardware identifiers, nearby wireless networks, web browsing data and search terms. Such user data is transmitted, in both the Windows and Android versions, unencrypted or with easily decryptable encryption, which means that any in-path actor could acquire this data by collecting the traffic and performing any necessary decryption. In addition, neither version of the application secures its software update process with a digital signature, which means that a malicious in-path actor could cause the browser to download and execute arbitrary code.
And before that, back in May last year, the same researchers found unauthorized transmission of personal data by another widely-used browser:
> UC Browser is among the most popular mobile apps in the Chinese Internet space. UC Browser claims to have more than 500 million registered users, and is reported to be the most popular mobile browser in China and India. Overall, the application is the fourth most popular mobile browser globally, and is behind only pre-installed Chrome, Android, and Safari browsers.
Putting these three browsers together, you have a serious chunk of not just the Chinese online population, but across the whole of Asia. As the Citizen Lab researchers point out:
> That the three China-based browser applications we have examined all evince strikingly similar data gathering and insecure data handling problems raises an obvious question of whether there is some underlying cause for the similarities.
The post runs through all the options, including the most likely explanation: that the companies were ordered by the Chinese authorities to build in these highly-useful vulnerabilities. Not surprisingly:
> The questions we asked the companies about government directives or influence have not been directly answered.
But if anyone still doubts that the Chinese government wants to control every aspect of the Internet, they may like to consider the following recent report in The New York Times:
> A draft law posted by one of China?s technology regulators said that websites in the country would have to register domain names with local service providers and with the authorities.
It’s not entirely clear what that means, but there is one possibility that would be very problematic for Chinese Internet users — and for every Western company operating in the country:
> If the rule applies to all websites, it will have major implications and will effectively cut China out of the global Internet. By creating a domestic registry for websites, the rule would create a system of censorship in which only websites that have specifically registered with the Chinese government would be reachable from within the country.
China’s technology regulator has rejected that interpretation, and said that there is a “misunderstanding.” But if past experience teaches us anything, it is that there really are no limits to what the present Chinese leadership is willing to do in order to bring the online world under control. And that doubtless even includes cutting China off from the rest of the Internet, if need be.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: browsers, china, data leak, privacy, qq
Companies: citizen lab, tencent
Rightscorp's New PR Plan: The More Ridiculous It Gets (Such As By Claiming To Hijack Browsers), The More Press It Will Get
from the good-luck-with-that dept
Over the last few months, there’s been tremendous press attention paid to a little nothing of a company called Rightscorp, which has basically tried to become the friendlier face of copyright trolling: signing up copyright holders, sending threat letters to ISPs, hoping those ISPs forward the threats to subscribers, and demanding much smaller fees than traditional copyright trolls (usually around $20). The idea is by being (just slightly) friendlier, and keeping the fees much lower, they might be able to “make it up in volume.” The company has been subject to big profiles in Ars Technica, which calls it “RIAA-lite,” and Daily Dot, which referred to it as a “boutique anti-piracy firm.” Frankly, the only thing that Rightscorp has shown itself to be good at is getting press coverage — often through outrageous claims, such as saying it found a loophole in the DMCA that lets it send subpoenas to identify ISP subscribers without filing a lawsuit. Lots of copyright trolls think they’ve found that loophole, only to discover a court already rejected it.
Rightscorp’s real strategy seems to be to just keep bombarding ISPs with notices until they wear down and agree to pass them along, and then collecting bits and pieces from folks who agree to pay up. But to do that, it needs to get more copyright holders to sign agreements with the company (and the company sends out tons of press releases when they do), and so it keeps making crazy claims — like its latest plans to supposedly hijack the browsers of people who don’t pay up. TorrentFreak got the transcript of a recent investor conference call by the company, showing that it’s still barely taking in any revenue ($440,414 in the first six months of the year, against expenses of $1.8 million), and still wants to get big ISPs to be “compliant” (with Rightscorp’s own twisted interpretation of the law), but that, eventually, the plan is to get ISPs to hijack browsers:
?So we start in the beginning of the ISP relationship by demanding the forwarding of notices and the terminations,? Steele told investors.
?But where we want to end up with our scalable copyright system is where it?s not about termination, it?s about compelling the user to make the payment so that they can get back to browsing the web.?
Steele says the trick lies in the ability of ISPs to bring a complete halt to their subscribers? Internet browsing activities.
?So every ISP has this ability to put up a redirect page. So that?s the goal,? he explained.
?[What] we really want to do is move away from termination and move to what?s called a hard redirect, like, when you go into a hotel and you have to put your room number in order to get past the browser and get on to browsing the web.?
Furthermore, the report claims that people are paying a lot more than just 20,becausethecompanyislumpingtogetherlotsofclaims,andaskingfor20, because the company is lumping together lots of claims, and asking for 20,becausethecompanyislumpingtogetherlotsofclaims,andaskingfor20 for each of them. Of course, being an investor conference call, the company’s COO/CTO Robert Steele tries to spin all of this positively, but it’s basically all marketing. The company has no real legal basis for what it’s doing, and the program will only work if it tricks basically everyone into believing that it has the right to do what it does. So that’s why it’s constantly pushing out press releases and making claims to drum up press. If it gets big enough, it seems to be hoping to wish the world to act the way it wants it to (the way in which it gets lots of money instead of a tiny pittance).
But, as the TorrentFreak report notes, when an investor asks what percentage of people are actually paying when they get a notice… well, that’s “a trade secret.” In this context, that means almost no one is paying.
As for the plans to put in this “hard redirect” and hijack your browsing, good luck with that insane idea. The ISPs fought pretty damn hard when the RIAA and MPAA (two much more powerful organizations) demanded such powers with the six strikes “voluntary” agreement. And that happened pre-SOPA. After SOPA, we heard rumblings that the big ISPs were considering “renegotiating” that agreement, though they eventually went ahead with it. The likelihood that any ISP is going to agree to hijack their subscribers’ browsing experience because some piddly company wants to start cashing more checks is… pretty low. But keep on talking big, Rightscorp.
Filed Under: anti-piracy, browsers, copyright trolling, pr, takedowns
Companies: rightscorp
Is Amazon's New Silk 'Cloud' Browser A Huge Copyright Infringement Lawsuit Waiting To Happen?
from the caching dept
There’s been plenty of fanfare over Amazon’s new Android-based e-reader, the Kindle Fire, with one interesting feature being the new Silk browser, which is differentiated by the fact that it’s built on top of Amazon’s cloud web services storage, allowing it to effectively cache and optimize content on its own servers. But this raises a big question. As Stephan Kinsella points out, technically, this may be copyright infringment. First up, here’s Amazon’s video explanation of the browser:
Based on the info in that video, Kinsella explains the legal concerns:
One smart thing Silk does to speed up web browsing as seen by the user of the Kindle Fire by ?pre-loading? content into Amazon?s ?cache? in its own ?Amazon computer cloud? (i.e. Amazon?s servers)?and to optimize them for the Kindle Fire (e.g., a 3MB image is scaled down maybe to 50k because that would look the same on the Kindle Fire as a 3MB image, but could be transmitted more quickly). But to do this Amazon?s servers have to store copies of files obtained from other websites, including images (as explicitly stated at 3:07 to 3:26) and other files which, of course, are covered by copyright. At 3:54, it?s explained that if Amazon?s computing cloud sees you looking at the New York Times home page, and it predicts, based on other user statistics, that you are somewhat likely to next click on some NY Times subpage link, then the Amazon servers will go ahead and download that next link, and cache it, in case you do click on it next, so that it can serve it up more quickly. Now this makes sense technically, but what it really means is Amazon?s servers are making copies of other people?s copyright-protected content: images, files, NYTimes web pages, and serving them up to Kindle Fire users as if the Amazon computer cloud servers are the host of those images. It is a bit like if Amazon ran a site called NYTimes2.com, and had its servers constantly copying content from NYtimes.com and duplicating it on NYTimes2.com, and serving up the content on NYTimes2.com (which was copied from NYTimes.com) to browsers.
Of course, as he notes (and as the people in the video note), this makes tremendous technological sense. It makes for a much better experience. But copyright can and often is used to stop innovations that make tremendous technological sense, because they can upset legacy business models. Of course, one could argue that what Amazon is doing here is no different than what Google does with it’s cache — but that might not stop a potential legal fight, unfortunately.
Filed Under: browsers, copyright, ereaders, kindle, kindle fire, silk browser
Companies: amazon
Paxfire Sues The Lawyers And Individual Who Filed A Class Action Lawsuit Over Its Search Redirects
from the can-it-back-it-up? dept
Well, well. Following a research paper that claimed that a company named Paxfire was teaming up with some ISPs to hijack search terms and take people directly to certain websites, a class action lawsuit was quickly filed. Paxfire wasted little time in responding angrily that the basis of the lawsuit was completely wrong, and saying that it would seek sanctions against the lawyers for filing it in the first place. Now the company has taken things even further and filed a countersuit against the law firm, Milberg LLP, as well as the individual, Betsy Feist, who as a client of Milberg, was the official person who kicked off the attempted class action lawsuit. Paxfire is charging, as you might imagine, both defamation and tortious interference — and is demanding a whopping $50 million. It should be interesting to see what happens next. The thing with these kinds of lawsuits is that they do expose to the world certain things, so if Paxfire can’t back up its claims, then it’s going to be in a world of hurt.
Filed Under: betsy feist, browsers, defamation, hijacking, search
Companies: milberg, paxfire
Paxfire Responds: Says It Doesn't Hijack Searches, Will Seek Sanctions Against Lawyers
from the then-what-does-it-do? dept
Last week, we wrote about a lawsuit filed against Paxfire for supposedly teaming up with ISPs hijacking browser searches for profit. The idea was that search terms never made it to the search engine in question, but rather automatically directed users to pages paid for by marketers. That is, if you searched for “Apple” via your browser search, rather than having that search Bing (if Bing is your search engine) for “Apple,” it would automatically take you to an Apple page — and the search would never even touch Bing. The story was based on a New Scientist story about some researchers highlighting these practices and a class action lawsuit filed over the practices. New Scientist has updated the story to note that:
all the ISPs involved have now called a halt to the practice. They continue to intercept some queries ? those from Bing and Yahoo ? but are passing the searches on to the relevant search engine rather than redirecting them.
However, Paxfire’s CEO sent us an email in which he not only refutes the entire story, but claims that he’s planning to seek Rule 11 sanctions against the lawyers who filed the class action lawsuit:
This lawsuit is without merit, and harmful to our business and that of our partners. Let me respond to the two major accusations in the lawsuit.
“First, the lawsuit alleges that Paxfire collects, analyzes and sells user information. This is completely false and has absolutely no basis in fact.
“Paxfire does not and has never distributed or sold any information on users, either individually or collectively. Paxfire does not analyze end user searches, does not hold any history or database of user browsing or search, and does not profile users in any way. Moreover, Paxfire has no plans to change this policy. To repeat: We never, ever collect, monitor, store or sell personal data on users, collectively or as individuals, and we never have.
“Second, Paxfire does not hijack searches or ‘impersonate search engines.’
“This would be fundamentally contrary to our service mission, which is to improve the user experience by helping users arrive at their intended website after having mistyped a web address. We are all about helping customers navigate the web, and not about searches. We partner closely with our ISP customers to ensure the service is operated not only in full accordance with the law and end user agreements, but also in a way that provides a good user experience. For example, when we have to guess the intended destination from a bad address, our results page includes an explanation of how they landed there and provides an option to opt-out of the service.
“Finally, we want to make clear that while it is without merit, this lawsuit and its allegations are extremely harmful to our reputation and those of our partners. Under Rule 11 of the Federal Rules of Civil Procedure, a party has an obligation to ensure a foundation for his or her allegations. Clearly, this was not done adequately by the plaintiff in this case. Accordingly, Paxfire intends to seek the full sanctions available to it under the law, to vindicate the organization and to make it whole from the damages caused by this lawsuit.
It appears that they’re saying they didn’t hijack searches so much as hijack typo searches, and they claim they do it nicely. I guess we’ll find out the details as any lawsuit goes on, but I find it highly unlikely that even if Paxfire prevails that it will be able get Rule 11 sanctions. It’s pretty rare for such sanctions to be used, and the conduct has to be pretty egregious.