Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

September 08 2019

mr-absentia

Linux Lite - Wikipedia

«Linux Lite is a Linux distribution, based on Debian and Ubuntu and created by a team led by Jerry Bezencon. The distribution offers a lightweight desktop experience with a customized Xfce desktop environment. It includes a set of Lite application to make the life easier for a novice Linux user.

Linux Lite is a 'gateway operating system'. It was created to make the transition from Windows to a Linux based operating system as smooth as possible. Linux Lite follows the Unix philosophy in regards to software selection and programming as it applies to the modern era - Write programs that do one thing and do it well.»

Reposted byPewPow PewPow

August 03 2018

mr-absentia
Reposted byRekrut-Kablp4dd9

June 30 2018

mr-absentia

June 20 2018

mr-absentia

The GDPR and Browser Fingerprinting: How It Changes the Game for the Sneakiest Web Trackers

from EFF’s Deeplinks Blog:

Browser fingerprinting is on a collision course with privacy regulations. For almost a decade, EFF has been raising awareness about this tracking technique with projects like Panopticlick. Compared to more well-known tracking “cookies,” browser fingerprinting is trickier for users and browser extensions to combat: websites can do it without detection, and it’s very difficult to modify browsers so that they are less vulnerable to it. As cookies have become more visible and easier to block, companies have been increasingly tempted to turn to sneakier fingerprinting techniques.

But companies also have to obey the law. And for residents of the European Union, the General Data Protection Regulation (GDPR), which entered into force on May 25th, is intended to cover exactly this kind of covert data collection. The EU has also begun the process of updating its ePrivacy Directive, best known for its mandate that websites must warn you about any cookies they are using. If you’ve ever seen a message asking you to approve a site’s cookie use, that’s likely based on this earlier Europe-wide law.

This leads to a key question: Will the GDPR require companies to make fingerprinting as visible to users as the original ePrivacy Directive required them to make cookies?

The answer, in short, is yes. Where the purpose of fingerprinting is tracking people, it will constitute “personal data processing” and will be covered by the GDPR.

What is browser fingerprinting and how does it work?

When a site you visit uses browser fingerprinting, it can learn enough information about your browser to uniquely distinguish you from all the other visitors to that site. Browser fingerprinting can be used to track users just as cookies do, but using much more subtle and hard-to-control techniques. In a paper EFF released in 2010, we found that majority of users’ browsers were uniquely identifiable given existing fingerprinting techniques. Those techniques have only gotten more complex and obscure in the intervening years.

By using browser fingerprinting to piece together information about your browser and your actions online, trackers can covertly identify users over time, track them across websites, and build an advertising profile of them. The information that browser fingerprinting reveals typically includes a mixture of HTTP headers (which are delivered as a normal part of every web request) and properties that can be learned about the browser using JavaScript code: your time zone, system fonts, screen resolution, which plugins you have installed, and what platform your browser is running on. Sites can even use techniques such as canvas or WebGL fingerprinting to gain insight into your hardware configuration.

When stitched together, these individual properties tell a unique story about your browser and the details of your browsing interactions. For instance, yours is likely the only browser on central European time with cookies enabled that has exactly your set of system fonts, screen resolution, plugins, and graphics card.

By gathering that information together and storing it on its own servers, a site can track your browsing habits without the use of persistent identifiers stored on your computer, like cookies. Fingerprinting can also be used to recreate a tracking cookie for a user after the user has deleted it. Users that are aware of cookies can remove them within their browser settings, but fingerprinting subverts the built-in browser mechanisms that allow users to avoid being tracked.

And this doesn’t just apply to the sites you visit directly. The pervasive inclusion of remote resources, like fonts, analytics scripts, or social media widgets on websites means that the third parties behind them can track your browsing habits across the web, rather than just on their own websites.

Aside from the limited case of fraud detection (which needs transparency and opt-in consent for any further processing), browser fingerprinting offers no functionality to users. When the popular social media widget provider AddThis started using canvas fingerprinting in 2014, the negative reaction from their users was so overwhelming that they were forced to stop the practice.

Some fingerprinting tricks are potentially detectable by end-users or their software: for instance, a site changing some text into multiple fonts extremely quickly is probably scanning to see which fonts a user has installed. Privacy Badger, a browser extension that we develop at EFF, detects canvas fingerprinting to determine when a site looks like a tracker. And a W3C guidance document draft for web specification authors advises them to develop their specs with fingerprinting detectability in mind. Unfortunately, however, new and more covert techniques to fingerprint users are being discovered all the time.

Fingerprinting After the GDPR

You’ll struggle to find fingerprinting explicitly mentioned in the GDPR—but that’s because the EU has learned from earlier data protection laws and the current ePrivacy Directive to remain technologically neutral.

Apart from non-binding recitals (like Recital 30, discussing cookies), the GDPR avoids calling out specific technologies or giving exhaustive lists and examples. Instead, it provides general rules that the drafters felt should be neutral, flexible, and keep up with technological development beyond fingerprinting and cookies. Below we explain how those general rules apply to tracking Internet users, no matter what technique is used.

Browser Characteristics as Personal Data

The cornerstone of the GDPR is its broad definition of personal data.[1] Personal data is any information that might be linked to an identifiable individual. This definition not only covers all sorts of online identifiers (such as your computer’s MAC address, your networks’ IP address, or an advertising user ID in a cookie) but also less specific features — including the combination of browser characteristics that fingerprinting relies upon. The key condition is that a given element of information relates to an individual who can be directly or indirectly identified.

It is also worth noting that under the GDPR “identification” does not require establishing a user’s identity. It is enough that an entity processing data can indirectly identify a user, based on pseudonymous data, in order to perform certain actions based on such identification (for instance, to present different ads to different users, based on their profiles). This is what EU authorities refer to as singling-out[2], linkability[3], or inference.[4]

The whole point of fingerprinting is the ability of the tracking company (data controller) to be able to indirectly identify unique users among the sea of Internet users in order to track them, create their behavioural profiles and, finally, present them with targeted advertising. If the fingerprinting company has identification as its purpose, the Article 29 Working Party (an advisory board comprised of European data protection authorities) decided over ten years ago, regulators should assume that “the controller … will have the means ‘likely reasonably to be used’ to identify the people because “the processing of that information only makes sense if it allows identification of specific individuals.” As the Article 29 Working Party noted, “In fact, to argue that individuals are not identifiable, where the purpose of the processing is precisely to identify them, would be a sheer contradiction in terms.”[5]

Thus, when several information elements are combined (especially unique identifiers such as your set of system fonts) across websites (e.g. for the purposes of behavioral advertising), fingerprinting constitutes the processing of personal data and must comply with GDPR.[6]

Can Fingerprinting Be Legal Under The GDPR?

According to the GDPR, every entity processing personal data (including tracking user behavior online, matching ads with user profiles, or presenting targeted ads on their website) must be able to prove that they have a legitimate reason (by the definitions of the law) to do so.[7] The GDPR gives six possible legal grounds that enable processing data, with two of them being most relevant in the tracking/advertising context: user consent and the “legitimate interest” of whoever is doing the tracking.

How should this work in practice? User consent means an informed, unambiguous action (such as change of settings from “no” to “yes”).[8] In order to be able to rely on this legal ground, companies that use fingerprinting would have to, in the first place, reveal the fingerprinting before it is executed and, then, wait for a user to give their freely-given informed consent. Since the very purpose of fingerprinting is to escape user’s control, it is hardly surprising that trackers refuse to apply this standard.

It is more common for companies that use fingerprinting to claim their own, or whoever is paying them to fingerprint users, “legitimate interest” in doing so.

The concept of legitimate interest in the GDPR has been constructed as a compromise between privacy advocates and business interests.[9] It is much more vague and ambiguous than other legal grounds for processing data. In the coming months, you will see many companies who operate in Europe attempt to build their tracking and data collection of their users on the basis of their “legitimate interest.”

But that path won’t be easy for covert web fingerprinters. To be able to rely on this specific legal ground, every company that considers fingerprinting has to, first, go through a balancing test[10] (that is, verify for itself whether its interest in obscure tracking is not overridden by “the fundamental rights and freedoms of the data subject, including privacy” and whether it is in line with “reasonable expectations of data subjects”[11]) and openly lay out its legitimate interest argument for end-users. Second, and more importantly, the site has to share detailed information with the person that is subjected to fingerprinting, including the scope, purposes, and legal basis of such data processing.[12] Finally, if fingerprinting is done for marketing purposes, all it takes for end-users to stop it (provided they do not agree with the legitimate interest argument that has been made by the fingerprinter) is to say “no.”[13] The GDPR requires no further justification.

Running Afoul of the ePrivacy Rules

Fingerprinting also runs afoul of the ePrivacy Directive, which sets additional conditions on the use of device and browser identifiers. The ePrivacy Directive is a companion law, applying data protection rules more specifically in the area of communications. The Article 29 Working Party emphasised that fingerprinting—even if it does not involve processing personal data—is covered by Article 5(3) of the ePrivacy Directive (the section commonly referred to as the cookie clause) and thus requires user consent:

Parties who wish to process device fingerprints[14] which are generated through the gaining of access to, or the storing of, information on the user’s terminal device must first obtain the valid consent of the user (unless an exemption applies).[15]

While this opinion focused on device fingerprints, the logic still applies to browser fingerprints. Interpretations can vary according to national implementation and this has resulted in an inconsistent and ineffective application of the ePrivacy Directive, but key elements, such as the definition of consent, are controlled by the GDPR which will update its interpretation and operation. The EU aims to pass an updated ePrivacy Regulation in 2019, and current drafts target fingerprinting explicitly.

Looking at how web fingerprinting techniques have been used so far, it is very difficult to imagine companies moving from deliberate obscurity to full transparency and open communication with users. Fingerprinting companies will have to do what their predecessors in the cookie world did before now: face greater detection and exposure by coming clean about their practices, or slink even further behind the curtain, and hope to dodge European law.

Conclusion

When EFF first built Panopticlick in 2010, fingerprinting was largely a theoretical threat, in a world that was just beginning to wake up to the more obvious use of tracking cookies. Since then, we’ve seen more and more sites adopt the surreptitious methods we highlighted then, to disguise their behaviour from anti-tracking tools, or to avoid the increasing visibility and legal obligations of using tracking cookies within Europe.

With the GDPR in place, operating below the radar of European authorities and escaping rules that apply to commercial fingerprinting will be very difficult and—potentially—very expensive. To avoid severe penalties fingerprinting companies should, at least, be more upfront about their practices.

But that’s just in theory. In practice, we don’t expect the GDPR to make fingerprinting disappear any time soon, just as the ePrivacy Directive did not end the use of tracking cookies. The GDPR applies to any company as long as they process the personal data of individuals living within the European Economic Area for commercial purposes, or for any purpose when the behavior is within the EEA. However, many non-EU sites who track individuals in Europe using fingerprinting may decide to ignore European law in the belief that they can escape the consequences. European companies will inevitably claim a “legitimate interest” in tracking, and may be prepared to defend this argument. Consumers may be worn down by requests for consent, or ignore artfully crafted confessions by the tracking companies.

The rationale behind fingerprinting, as it is used today, is to evade transparency and accountability and make tracking impossible to control. If this rationale holds, fingerprinters won’t be able to convince the EU’s courts and regulators that, indeed, it is their legitimate interest to do so. In fact, there’s nothing legitimate about this method of tracking: that’s what privacy laws like the GDPR recognize, and that’s what regulators will act upon. Before we see results of their actions, browser companies, standards organizations, privacy advocates, and technologists will still need to work together to minimize how much third-parties can identify about individual users just from their browsers.

[1] Article 29 Data Protection Working Party, Opinion 4/2007 on the concept of personal data; GDPR Rec. 26 and 30; Art 4 (1)

[2] Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymisation Techniques, pp 11-12. Singling-out: “the possibility to isolate some or all records which identify an individual in the dataset.”

[3] Article 29 Working Party, Opinion 05/2014 on Anonymisation Techniques, pp 11-12. Linkability: “the ability to link, at least, two records concerning the same data subject or a group of data subjects (either in the same database or in two different databases). If an attacker can establish (e.g. by means of correlation analysis) that two records are assigned to a same group of individuals but cannot single out individuals in this group, the technique provides resistance against ‘singling out’ but not against linkability.”

[4] Article 29 Data Protection Working Party, Opinion 05/2014 on Anonymisation Techniques, pp 11-12. Interference: “the possibility to deduce, with significant probability, the value of an attribute from the values of a set of other attributes.”

[5] Article 29 Data Protection Working Party, Opinion 4/2007 on the concept of personal data; see also Article 29 Data Protection Working Party, Opinion 9/2014 on the application of Directive 2002/58/EC to device fingerprinting.

[6] It is possible to collect information on a browser’s fingerprint without allowing for indirect identification of a user, and therefore without implicating “personal data” under the GDPR, For example, because no further operations, such as tracking user behaviour across the web or collecting the data allowing one to link non-unique browser characteristics to other data about the user, take place. This would be unusual outside of rare cases like a fingerprinting research project. In any event, the ePrivacy Directive also applies to non-personal data. See Article 29 Data Protection Working Party, Opinion 9/2014 on the application of Directive 2002/58/EC to device fingerprinting; ePrivacy Directive Art 5(3).

[7] GDPR Rec 40 and Art. 5(1)(a)

[8] GDPR Rec and 42 Art. 4(11); Article 29 Data Protection Working Party, Guidelines on consent under Regulation 2016/679

[9] Article 29 Data Protection Working Party, Opinion 6/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC; GDPR Rec 47 and Art 6(1)(f)

[10] See Recital 47 EU GDPR, "The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller."

[11] Article 29 Data Protection Working Party, Opinion 6/2014 on the notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC; GDPR Rec 47 and Art 6(1)(f)

[12] GDPR Art 13

[13] GDPR Art 21(2)

[14] See Article 29 Data Protection Working Party, Opinion 9/2014 on the application of Directive 2002/58/EC to device fingerprinting "The technology of device fingerprinting is not limited to the configuration parameters of a traditional web browser on a desktop PC. Device fingerprinting is not tied to a particular protocol either, but can be used to fingerprint a broad range of internet connected devices..." (p.4)

[15] Article 29 Data Protection Working Party, Opinion 9/2014 on the application of Directive 2002/58/EC to device fingerprinting

June 13 2018

mr-absentia

June 12 2018

mr-absentia

June 11 2018

mr-absentia

コンピュータ中心の世界はまもなく終わる--米VCが描く未来 - CNET Japan

2007年8月21日

--著書「21世紀の国富論」では21世紀を支える新たな技術として PUC [Pervasive and Ubiquitous Communications] という概念を提唱していますね。

パーペイシブというのは、「使っているのを感じさせない」という意味です。人間にとって必要なコミュニケーション機能を、本当に使いやすく、しかもどこでも利用できるようにするものがPUCという考え方です。

いま広く使われているコンピュータというのは文字通り(compute=計算の意味)、計算機能中心主義のアーキテクチャですから、プログラミングなど計算用途に使うには最適な道具です。しかし、インターネットが出てきてから、パソコンを計算目的で使っている人はほとんどいませんよね。Eメールなどのコミュニケーションや、それに関連して検索サービスなどを使うことがほとんどでしょう。

もともと計算機能を最適化するために作られている道具を、違う目的であるコミュニケーションのために使うとどうしても使いにくい。そうなると、人間が機械に合わせないといけなくなってくるんです。

この傾向はパソコンでなくエンタープライズ向けのシステムにも当てはまります。人間の思考パターンをコンピュータのロジックに合わせて、「余計なことは考えない」というほうが効率は上がります。ただ、こういう仕組みをクライアントからサーバまで一元的にあてはめていくと、人間にとっては非常に住みにくい世界になります。

そうではなく、もっと人の相互コミュニケーションを最適化するようなものであるべきだと考えたんです。PUCはコミュニケーションを前提に設計され、ハードウェアとソフトウェアが一体化し、直感的で使いやすいものになります。

PUCを実現するには、次世代の通信デジタル信号処理プロセッサや組み込み型のソフトウェア、ネットワークセキュリティ、PtoP型ネットワーク、ソフトウェアスイッチング、デジタルディスプレイコントローラなどが必要になります。いずれも研究開発が進んでおり、実用化が見えてきています”

--PUCの時代には、日本が世界の中心になると話しておられますね。

PUCはハードウェアとソフトウェアが融合する必要があります。ソフトウェアの性能を最大化するにはハードウェアの設計が重要になる。逆もまた真です。ハードウェアに関して現在世界で最も精密なテクノロジーを持つ国は日本です。ですから、PUCのソフトウェアを開発する企業は日本に来ざるを得ない。

ベンチャーが技術開発をする上ではテクノロジーリスクとマーケットリスクという2つのリスクがあります。テクノロジーリスクは、想定した技術が実用化するリスク、マーケットリスクはその製品が市場に受け入れられるリスクです。このうち、テクノロジーリスクは特に大きいものです。

こういったテクノロジーリスクを持つ企業を傘下に抱えると帳簿上は大きな赤字がでるので、経営が失敗しているように見えてしまう。短期的な利益を求めるファンドにとって、こういった企業への投資は避けたい。そのためいま米国では、こういった企業に投資できる人がいなくなっているんです。

PUC関連の起業家は世界中にいます。だから、研究開発はどこでやってもいいが、PUC企業の法人籍は日本に置くようにさせたいと思っています。そしてリスクキャピタルに資金を供出する場合には税制控除をする仕組みが日本にできればいい”

March 28 2018

mr-absentia
Reposted fromgruetze gruetze viariceball riceball

January 16 2018

mr-absentia
8265 62f2
Reposted fromtfu tfu viakreska-groteska kreska-groteska

January 06 2018

mr-absentia

December 24 2017

mr-absentia
0914 8bca 500
Reposted fromtgs tgs viabananaapple bananaapple

December 18 2017

mr-absentia
4253 04c6 500

RIP my Acer netbook, inherited from my dad a few years ago. This PC gave me pleasure by running various Linux live USBs.

Reposted bymushu mushu

December 06 2017

mr-absentia

Now trying LinuxBean, a lightweight Linux distribution developed in Japan. I hopefully want to say goodbye to Windows with this great, fast-to-load OS!

November 24 2017

mr-absentia
WINE_v2.0.5_running_Sumatra_PDF_%26_MPC-HC_on_GNOME_%26_Fedora.png/640px-WINE_v2.0.5_running_Sumatra_PDF_%26_MPC-HC_on_GNOME_%26_Fedora

en.wikipedia.org: WINE v2.0.5 running Sumatra PDF and Media Player Classic on Fedora

November 22 2017

mr-absentia
mr-absentia
すばらしい! MSよりも格段に速い。言うことなし。Windowsで使用していたAppのほとんどがLinuxbean上のWineで稼働し、もはやMSには戻れない。プレゼンテーションアプリのimpressiveが有ったのにも感動しています。 USB32GBをHDDとし直接beanのシステムを導入し、いくつかのパソコンで共通のポータブル起動システムHDとしています。今や各パソコンのHDはデータの保存専用となってしまいました。USB32GBのうち、システムとアプリが12GB、dropboxが7GB(私は無料で7GBまで増量できました)を占めています。現在10GBが空きとなっていて、いつも使うデータの保存領域としてつかっています。 ChainLPをうまく動かすことができていないことが残念ですが、非常に満足です
linuxBean Project Top Page - OSDN
mr-absentia
mr-absentia

Light-weight Linux distribution - Wikipedia

“A light-weight Linux distribution is a Linux distribution that has lower memory and/or processor-speed requirements than a more ‘feature-rich’ Linux distribution. The lower demands on hardware ideally result in a more responsive machine, and/or allow devices with fewer system resources (e.g. older or embedded hardware) to be used productively. The lower memory and/or processor-speed requirements are achieved by avoiding software bloat, i.e. by leaving out features that are perceived to have little or no practical use or advantage, or for which there is no or low demand.”

June 30 2017

mr-absentia

Vintage NEC PC ad.

Reposted byRekrut-K Rekrut-K

June 24 2017

mr-absentia
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl