Polls

Is there an unsecured wireless network near you?
 
German Pirate Party member claims EU plans for a GDPR-compliant Whois v2 will lead to 'doxxing and death lists'
Friday, 15 October 2021 23:32

HTTP/2 200 date: Sat, 16 Oct 2021 01:00:10 GMT content-type: text/html; charset=UTF-8 link: ; rel=preload; as=script;,/bea9b94002d2e721422add584a7f2257d5de42ae/javascript/_.js>; rel=preload; as=script;,/default/71fc4d06d407018d265f5c297dc02a9d116a937c/scaffolding.css>; rel=preload; as=style;,/default/71fc4d06d407018d265f5c297dc02a9d116a937c/design.css>; rel=preload; as=style;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin; cache-control: max-age=0 expires: Sat, 16 Oct 2021 01:00:10 GMT vary: Accept-Encoding x-reg-bofh: pfy02us x-clacks-overhead: GNU Terry Pratchett, Lester Haines x-content-type-options: nosniff cf-cache-status: DYNAMIC expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 69ed5944d8c75aa8-MEL alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Privacy activists oppose new EU NIS Directive draft • The Register

ICANN also dislikes it but web infrastructure firms don't really mind


The European Union has drawn the ire of privacy activists for proposals to put real names and contact details back into Whois lookups, as part of its Network and Information Systems (NIS) Directive.

The EU Commission's draft update to the NIS Directive has been slowly grinding through the bloc's bureaucracy, and this week German Pirate Party MEP Patrick Breyer declared it "a big step towards abolishing anonymous publications and leaks on the internet."

Why? Because the draft directive's explanatory memorandum [PDF] says domain registries will have to "establish policies and procedures for the collection and maintenance of accurate, verified and complete registration data, as well as for the prevention and correction of inaccurate registration data."

What won't be happening, however, is the free publication of names and contact details. Currently the draft text of article 23 states: "Member States shall ensure that the TLD registries and the entities providing domain name registration services for the TLD publish, without undue delay after the registration of a domain name, domain registration data which are not personal data."

That italicised line seems to have passed by an awful lot of very shouty people.

Data, data, everywhere, nor any drop to scrape

Doxxing domain registrants is what used to happen until 2018, when the EU's General Data Protection Regulation came into force. Gathering and publishing personal data online without registrants' explicit consent to publication of it was in breach of GDPR and therefore the regs caused the death of the creaky old protocol underpinning Whois.

Once a useful system back in the early days of the World Wide Web, Whois showed who owned a given web domain name, listing name, street address, postcode, and sometimes phone numbers too. In more recent years unscrupulous registrars stopped checking the accuracy of the information – and registrants became less keen on handing it over as marketers scraped the data. Systems protecting Whois from abuse were sometimes pretty poor.

Now, however, the EU, having spent considerable time and effort defending its position, wants to mandate a GDPR-compliant form of Whois – something the Pirate Party's Breyer described as licence to create "death lists" as well as carrying out "data theft and loss, stalking and identity theft, doxxing," and more. He appears not to have read draft article 23 of the updated NIS Directive.

Chad Anderson, a senior security researcher for threat intel firm DomainTools, told The Register: "For those that say this will be a hit to whistleblowers and activists: that's hogwash as they should all be using Tor and pre-built sites anyways to protect their anonymity... Leak sites will still exist and alternative registrars still exist. All of the problems for maintaining a private internet where activists can work have already been solved."

He added that the infosec industry has "found other ways of fingerprinting actors based on tactics, techniques, and procedures (TTPs)," saying:

Bizarrely, given the history, ICANN itself appears to disagree with the EU's move to restore a partial status quo. In a feedback note published on the EU Commission website during March 2021, ICANN's At-Large Advisory Committee said the draft NIS Directive's plans for TLD registries were unworkable.

"Some or all of the registration data may never be stored by (or even presented to) the registrar. It will be held by a privacy or proxy provider. A proxy provider will not pass on either the name of the real registrant or their contact information. A privacy provider protects only the contact data," wrote the org's Alan Greenberg.

Did you read it? Well, did you?

It appears that the current article 23 isn't causing much harm to those who actually did read it. The Internet Infrastructure Coalition, whose members include 123-Reg, GoDaddy and cPanel, as well as Amazon and Google, said it was most worried about who would be making "justified requests" for Whois data rather than the concept of collecting the data.

Once rubberstamped into EU law, the directive isn't a directly effective legal text either; EU member states need to transpose it into their own laws to give it its legally enforceable effects.

So much for excitable people shouting about a new Whois leading to "death lists". As currently worded, all it means is a return to the pre-2018 Whois without publication of names and contact details – and that won't lead to some kind of WWW concentration camp. ®


Other stories you might like

A 36-year-old man from Portage, Michigan, was arrested on Thursday for allegedly renting thousands of textbooks from Amazon and selling them rather than returning them.

Andrew Birge, US Attorney for the Western District of Michigan, said Geoffrey Mark Hays Talsma has been indicted on charges of mail and wire fraud, transporting stolen property across state lines, aggravated identity theft, and lying to the FBI.

Also indicted were three alleged co-conspirators: Gregory Mark Gleesing, 43, and Lovedeep Singh Dhanoa, 25, both from Portage, Michigan, and Paul Steven Larson, 32, from Kalamazoo, Michigan

Continue readingComputer scientists at University of Edinburgh contemplate courses without 'Alice' and 'Bob' Academics advised to consider excluding certain terminology for the sake of inclusivity

A working group in the School of Informatics at the University of Edinburgh in Scotland has proposed a series of steps to "decolonize" the Informatics curriculum, which includes trying "to avoid using predominantly Western names such as Alice/Bob (as is common in the computer security literature)."

The names Alice and Bob were used to represent two users of a public key cryptography system, described in a 1978 paper by Ronald Rivest, Adi Shamir, and Leonard Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems." And since then, a variety of other mostly Western names like Eve – playing an eavesdropper intercepting communications – have been employed to illustrate computer security scenarios in related academic papers.

The School of Informatics' working group reflects the University of Edinburgh's commitment to diversity, equity, and inclusion and to meet specific obligations spelled out in Scottish regulations like the Equality Act 2010 and the Public Sector Equalities Duty.

Continue readingToyota needs more than its Cheer Squad to deal with chip shortages, as five more home factories forced into idleness Car makes facing increasingly tough times until supply catches up

Toyota said it would cut car production by up to 150,000 vehicles due to ongoing semiconductor shortages and restrictions associated with the Covid-19 pandemic.

The car maker is idling five factories in home country Japan on some days in November, which affects the production of popular brands that include Corolla and Camry.

Toyota started cutting production in August due to chip shortages and said, "we expect the shortage of semiconductors to continue in the long-term."

Continue reading

A Missouri politician has been relentlessly mocked on Twitter after demanding the prosecution of a journalist who found and responsibly reported a vulnerability in a state website.

Mike Parson, governor of Missouri, described reporters for local newspaper the St Louis Post Dispatch (SLPD) as "hackers" after they discovered a web app for the state's Department of Elementary and Secondary Education was leaking teachers' private information.

Around 100,000 social security numbers were able to be exposed when the web app was loaded in a user's browser. The public-facing app was intended to be used by local schools to check teachers' professional registration status. So users could tell between different teachers of the same name, it would accept the last four digits of a teacher's social security number as a valid search string.

Continue readingEveryone who wants a smartphone for Chrimbo will get one, but in the real world things are somewhat different Global handset market slips in Q3 on sliding chipset availability, says Canalys

Crippling component shortages caused smartphone shipments to dip in calendar Q3, though it was the also-rans, vendors outside of the top five biggest brands with the lowest economies of scale, that suffered most.

Preliminary results from Canalys show the market declined 6 per cent year-on-year. The analyst was not yet ready to make public the absolute shipment figures but a year ago sales into the channel were 348 million, so they look 20.9 million units lighter.

"The chipset famine has truly arrived," said Ben Stanton, principal analyst. "On the supply side, chipset manufacturers are increasing prices to disincentivize over-ordering, in an attempt to close the gap between supply and demand. But despite this, shortages will last until well into 2022."

Continue readingWindows terminates here. Please remember to finish setting it up on arrival Washington Metro admin has taken an early lunch

Bork!Bork!Bork! It's a whole new world for bork today as a Washington Metro platform indicator suggests an alternative to the usual train for weary commuters. How about getting a bit more out of Windows?

This is a suggestion that everyone wants to see while waiting for a Yellow Line train at Washington Metro's Huntington Station (located, helpfully, on Huntington Avenue in the Huntington Area).

Continue readingBoeing 737 Max chief technical pilot charged with deceiving US aviation regulators over MCAS He hasn't got $2.5bn to hand to the DoJ, unlike his bosses

A Boeing 737 Max test pilot has been charged with obstructing US aviation safety regulators, according to the US Department of Justice, and faces up to 20 years in prison if convicted.

Former 737 Max chief technical pilot Mark Forkner, 49, of Texas, has been charged with "deceiving the Federal Aviation Administration's Aircraft Evaluation Group" (AEG) and committing fraud by misleading Boeing's airline customers into believing the 737 Max was a safe aircraft.

"Forkner allegedly abused his position of trust by intentionally withholding critical information about MCAS during the FAA evaluation and certification of the 737 MAX and from Boeing's US-based airline customers," said Assistant Attorney General Kenneth A Polite Jr of the Justice Department's Criminal Division in a statement.

Continue readingKeep expectations low and you won't be disappointed: OVH manages 6 per cent increase on its IPO debut French cloud provider puts outage and fire behind it to focus on beating the big players

French cloud and colocation service provider OVH has edged a 6 per cent increase in its nominal market valuation following its initial public offering on the Euronext Paris stock exchange.

The Gallic tech challenger, viewed by some as the great cloud hope for Europe, has faced its fair share of challenges this year, having seen fire engulf its Strasbourg operations on 10 March.

But the European IPO proved hot in other ways, with shares up to around €19.70, well on track with the launch price range of €18.50-€20.

Continue readingSpace boffins: Exoplanet survived hydrogen-death of its host star Hope extended to gas giants across the universe... well, it is Friday

Those of us fatalistically counting down the minutes until the Earth is engulfed by the dying embers of the Sun in approximately 5 billion years might be offered a glimmer of hope by the news that planets – or at least gas giants – can survive the collapse of their host star.

Joshua Blackman, a postdoctoral researcher at Australia's University of Tasmania, and his colleagues have found evidence of a Jupiter-like planet orbiting a white dwarf star somewhere outside the Solar System off in the Milky Way.

It is the first time scientific evidence of a planet surviving a star's collapse has been presented, although theoretical models predicted it is possible, according to a study published in Nature.

Continue readingSpanner in the works: The goal is not 100% compatibility, Google says of PostgreSQL interface Meanwhile, Yugabyte says PostgreSQL compatibility for its distributed database dates back to 2019

Google has clarified details of the interface between its popular distributed SQL database-management-cum-storage-service Spanner and the open-source RDBMS PostgreSQL.

According to a blog published this week, Spanner's PostgreSQL interface uses "the familiarity and portability of PostgreSQL" to make developers' lives easier.

"Teams can be assured that the schemas and queries they build against the Spanner PostgreSQL interface can be easily ported to another PostgreSQL environment, giving them flexibility and peace of mind," said Justin Makeig, product manager for Cloud Spanner.

Continue readingWho are shortages good for? The channel! World's biggest distributor forecasts tech price hikes from January Things not likely to improve until 2023

Canalys Forum 2021 Technology price rises are about as welcome Windows 11's needy hardware specs but one part of the industry is quietly happy about the inflationary conditions caused by industry-wide component shortages – the channel.

A raft of finished goods are costing more to produce in 2020 and this is being passed onto the end users, including PCs and networking gear.

At the Canalys Forum, an annual event for tech suppliers, Steve Brazier, CEO at the market researcher-cum-consultancy, was effervescent about the state of play.

Continue reading

HTTP/2 200 date: Sat, 16 Oct 2021 01:00:10 GMT content-type: text/html; charset=UTF-8 link: ; rel=preload; as=script;,/bea9b94002d2e721422add584a7f2257d5de42ae/javascript/_.js>; rel=preload; as=script;,/default/71fc4d06d407018d265f5c297dc02a9d116a937c/scaffolding.css>; rel=preload; as=style;,/default/71fc4d06d407018d265f5c297dc02a9d116a937c/design.css>; rel=preload; as=style;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-700.latin.woff2>; rel=preload; as=font; crossorigin;,/5e49edbd1875f214e0decae1e24b200066780fa8/style/fonts/arimo/arimo-400.latin.woff2>; rel=preload; as=font; crossorigin; cache-control: max-age=0 expires: Sat, 16 Oct 2021 01:00:10 GMT vary: Accept-Encoding x-reg-bofh: pfy02us x-clacks-overhead: GNU Terry Pratchett, Lester Haines x-content-type-options: nosniff cf-cache-status: DYNAMIC expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server: cloudflare cf-ray: 69ed5944d8c75aa8-MEL alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Privacy activists oppose new EU NIS Directive draft • The Register

ICANN also dislikes it but web infrastructure firms don't really mind


The European Union has drawn the ire of privacy activists for proposals to put real names and contact details back into Whois lookups, as part of its Network and Information Systems (NIS) Directive.

The EU Commission's draft update to the NIS Directive has been slowly grinding through the bloc's bureaucracy, and this week German Pirate Party MEP Patrick Breyer declared it "a big step towards abolishing anonymous publications and leaks on the internet."

Why? Because the draft directive's explanatory memorandum [PDF] says domain registries will have to "establish policies and procedures for the collection and maintenance of accurate, verified and complete registration data, as well as for the prevention and correction of inaccurate registration data."

What won't be happening, however, is the free publication of names and contact details. Currently the draft text of article 23 states: "Member States shall ensure that the TLD registries and the entities providing domain name registration services for the TLD publish, without undue delay after the registration of a domain name, domain registration data which are not personal data."

That italicised line seems to have passed by an awful lot of very shouty people.

Data, data, everywhere, nor any drop to scrape

Doxxing domain registrants is what used to happen until 2018, when the EU's General Data Protection Regulation came into force. Gathering and publishing personal data online without registrants' explicit consent to publication of it was in breach of GDPR and therefore the regs caused the death of the creaky old protocol underpinning Whois.

Once a useful system back in the early days of the World Wide Web, Whois showed who owned a given web domain name, listing name, street address, postcode, and sometimes phone numbers too. In more recent years unscrupulous registrars stopped checking the accuracy of the information – and registrants became less keen on handing it over as marketers scraped the data. Systems protecting Whois from abuse were sometimes pretty poor.

Now, however, the EU, having spent considerable time and effort defending its position, wants to mandate a GDPR-compliant form of Whois – something the Pirate Party's Breyer described as licence to create "death lists" as well as carrying out "data theft and loss, stalking and identity theft, doxxing," and more. He appears not to have read draft article 23 of the updated NIS Directive.

Chad Anderson, a senior security researcher for threat intel firm DomainTools, told The Register: "For those that say this will be a hit to whistleblowers and activists: that's hogwash as they should all be using Tor and pre-built sites anyways to protect their anonymity... Leak sites will still exist and alternative registrars still exist. All of the problems for maintaining a private internet where activists can work have already been solved."

He added that the infosec industry has "found other ways of fingerprinting actors based on tactics, techniques, and procedures (TTPs)," saying:

Bizarrely, given the history, ICANN itself appears to disagree with the EU's move to restore a partial status quo. In a feedback note published on the EU Commission website during March 2021, ICANN's At-Large Advisory Committee said the draft NIS Directive's plans for TLD registries were unworkable.

"Some or all of the registration data may never be stored by (or even presented to) the registrar. It will be held by a privacy or proxy provider. A proxy provider will not pass on either the name of the real registrant or their contact information. A privacy provider protects only the contact data," wrote the org's Alan Greenberg.

Did you read it? Well, did you?

It appears that the current article 23 isn't causing much harm to those who actually did read it. The Internet Infrastructure Coalition, whose members include 123-Reg, GoDaddy and cPanel, as well as Amazon and Google, said it was most worried about who would be making "justified requests" for Whois data rather than the concept of collecting the data.

Once rubberstamped into EU law, the directive isn't a directly effective legal text either; EU member states need to transpose it into their own laws to give it its legally enforceable effects.

So much for excitable people shouting about a new Whois leading to "death lists". As currently worded, all it means is a return to the pre-2018 Whois without publication of names and contact details – and that won't lead to some kind of WWW concentration camp. ®


Other stories you might like

A 36-year-old man from Portage, Michigan, was arrested on Thursday for allegedly renting thousands of textbooks from Amazon and selling them rather than returning them.

Andrew Birge, US Attorney for the Western District of Michigan, said Geoffrey Mark Hays Talsma has been indicted on charges of mail and wire fraud, transporting stolen property across state lines, aggravated identity theft, and lying to the FBI.

Also indicted were three alleged co-conspirators: Gregory Mark Gleesing, 43, and Lovedeep Singh Dhanoa, 25, both from Portage, Michigan, and Paul Steven Larson, 32, from Kalamazoo, Michigan

Continue readingComputer scientists at University of Edinburgh contemplate courses without 'Alice' and 'Bob' Academics advised to consider excluding certain terminology for the sake of inclusivity

A working group in the School of Informatics at the University of Edinburgh in Scotland has proposed a series of steps to "decolonize" the Informatics curriculum, which includes trying "to avoid using predominantly Western names such as Alice/Bob (as is common in the computer security literature)."

The names Alice and Bob were used to represent two users of a public key cryptography system, described in a 1978 paper by Ronald Rivest, Adi Shamir, and Leonard Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems." And since then, a variety of other mostly Western names like Eve – playing an eavesdropper intercepting communications – have been employed to illustrate computer security scenarios in related academic papers.

The School of Informatics' working group reflects the University of Edinburgh's commitment to diversity, equity, and inclusion and to meet specific obligations spelled out in Scottish regulations like the Equality Act 2010 and the Public Sector Equalities Duty.

Continue readingToyota needs more than its Cheer Squad to deal with chip shortages, as five more home factories forced into idleness Car makes facing increasingly tough times until supply catches up

Toyota said it would cut car production by up to 150,000 vehicles due to ongoing semiconductor shortages and restrictions associated with the Covid-19 pandemic.

The car maker is idling five factories in home country Japan on some days in November, which affects the production of popular brands that include Corolla and Camry.

Toyota started cutting production in August due to chip shortages and said, "we expect the shortage of semiconductors to continue in the long-term."

Continue reading

A Missouri politician has been relentlessly mocked on Twitter after demanding the prosecution of a journalist who found and responsibly reported a vulnerability in a state website.

Mike Parson, governor of Missouri, described reporters for local newspaper the St Louis Post Dispatch (SLPD) as "hackers" after they discovered a web app for the state's Department of Elementary and Secondary Education was leaking teachers' private information.

Around 100,000 social security numbers were able to be exposed when the web app was loaded in a user's browser. The public-facing app was intended to be used by local schools to check teachers' professional registration status. So users could tell between different teachers of the same name, it would accept the last four digits of a teacher's social security number as a valid search string.

Continue readingEveryone who wants a smartphone for Chrimbo will get one, but in the real world things are somewhat different Global handset market slips in Q3 on sliding chipset availability, says Canalys

Crippling component shortages caused smartphone shipments to dip in calendar Q3, though it was the also-rans, vendors outside of the top five biggest brands with the lowest economies of scale, that suffered most.

Preliminary results from Canalys show the market declined 6 per cent year-on-year. The analyst was not yet ready to make public the absolute shipment figures but a year ago sales into the channel were 348 million, so they look 20.9 million units lighter.

"The chipset famine has truly arrived," said Ben Stanton, principal analyst. "On the supply side, chipset manufacturers are increasing prices to disincentivize over-ordering, in an attempt to close the gap between supply and demand. But despite this, shortages will last until well into 2022."

Continue readingWindows terminates here. Please remember to finish setting it up on arrival Washington Metro admin has taken an early lunch

Bork!Bork!Bork! It's a whole new world for bork today as a Washington Metro platform indicator suggests an alternative to the usual train for weary commuters. How about getting a bit more out of Windows?

This is a suggestion that everyone wants to see while waiting for a Yellow Line train at Washington Metro's Huntington Station (located, helpfully, on Huntington Avenue in the Huntington Area).

Continue readingBoeing 737 Max chief technical pilot charged with deceiving US aviation regulators over MCAS He hasn't got $2.5bn to hand to the DoJ, unlike his bosses

A Boeing 737 Max test pilot has been charged with obstructing US aviation safety regulators, according to the US Department of Justice, and faces up to 20 years in prison if convicted.

Former 737 Max chief technical pilot Mark Forkner, 49, of Texas, has been charged with "deceiving the Federal Aviation Administration's Aircraft Evaluation Group" (AEG) and committing fraud by misleading Boeing's airline customers into believing the 737 Max was a safe aircraft.

"Forkner allegedly abused his position of trust by intentionally withholding critical information about MCAS during the FAA evaluation and certification of the 737 MAX and from Boeing's US-based airline customers," said Assistant Attorney General Kenneth A Polite Jr of the Justice Department's Criminal Division in a statement.

Continue readingKeep expectations low and you won't be disappointed: OVH manages 6 per cent increase on its IPO debut French cloud provider puts outage and fire behind it to focus on beating the big players

French cloud and colocation service provider OVH has edged a 6 per cent increase in its nominal market valuation following its initial public offering on the Euronext Paris stock exchange.

The Gallic tech challenger, viewed by some as the great cloud hope for Europe, has faced its fair share of challenges this year, having seen fire engulf its Strasbourg operations on 10 March.

But the European IPO proved hot in other ways, with shares up to around €19.70, well on track with the launch price range of €18.50-€20.

Continue readingSpace boffins: Exoplanet survived hydrogen-death of its host star Hope extended to gas giants across the universe... well, it is Friday

Those of us fatalistically counting down the minutes until the Earth is engulfed by the dying embers of the Sun in approximately 5 billion years might be offered a glimmer of hope by the news that planets – or at least gas giants – can survive the collapse of their host star.

Joshua Blackman, a postdoctoral researcher at Australia's University of Tasmania, and his colleagues have found evidence of a Jupiter-like planet orbiting a white dwarf star somewhere outside the Solar System off in the Milky Way.

It is the first time scientific evidence of a planet surviving a star's collapse has been presented, although theoretical models predicted it is possible, according to a study published in Nature.

Continue readingSpanner in the works: The goal is not 100% compatibility, Google says of PostgreSQL interface Meanwhile, Yugabyte says PostgreSQL compatibility for its distributed database dates back to 2019

Google has clarified details of the interface between its popular distributed SQL database-management-cum-storage-service Spanner and the open-source RDBMS PostgreSQL.

According to a blog published this week, Spanner's PostgreSQL interface uses "the familiarity and portability of PostgreSQL" to make developers' lives easier.

"Teams can be assured that the schemas and queries they build against the Spanner PostgreSQL interface can be easily ported to another PostgreSQL environment, giving them flexibility and peace of mind," said Justin Makeig, product manager for Cloud Spanner.

Continue readingWho are shortages good for? The channel! World's biggest distributor forecasts tech price hikes from January Things not likely to improve until 2023

Canalys Forum 2021 Technology price rises are about as welcome Windows 11's needy hardware specs but one part of the industry is quietly happy about the inflationary conditions caused by industry-wide component shortages – the channel.

A raft of finished goods are costing more to produce in 2020 and this is being passed onto the end users, including PCs and networking gear.

At the Canalys Forum, an annual event for tech suppliers, Steve Brazier, CEO at the market researcher-cum-consultancy, was effervescent about the state of play.

Continue reading

Source: https://bit.ly/2YTTfIK