Internet News

Twitter has bannedTommy Robinson and Ukip candidate Carl Benjamin's campaign accounts

Both had already had their personal accounts banned from the platform - but now their campaign accounts are also suspended.

Benjamin, a vlogger who calls himself Sargon of Akkad, was banned from Twitter in 2017 whilst Robinson was permanently banned in March 2018.

In a tweet from the party's official account, Ukip said:

Official UKIP MEP Campaign account @CarlUkip, of which Carl Benjamin has no access to has been suspended from Twitter. This is election interference, and UKIP will get to the bottom of this.

And Ukip defended Benjamin as a YouTube entertainer fighting political correctness - before telling the Mirror: He will remain on the UKIP ticket.

Offsite Comment: Twitter's outrageous meddling in British democracy

4th May 2019. See article from spiked-online.com by Brendan O'Neill

Twitter's outrageous meddling in British democracy

In banning Tommy Robinson and Carl Benjamin, Twitter is behaving like a corporate dictator.

AVN.com is reporting that the online forum Reddit has been blocked by the country's largest ISPs

Reddit is ranked as the 21st most heavily trafficked site in the world. It has 330 million users spread across 217 countries.

Reddit, of course, is one of the few remaining major social media platforms that does not ban porn, and according to the India Times report, that is likely the reason why the Indian ISPs would block the discussion forum site.

New Zealand police have charged a young man for sharing a meme based on Brenton Tarrant's live streamed murderous attack on a Christchurch mosque.

The New Zealand authorities had previously banned the video with the official film censor declaring it as 'objectionable'. And apparently this makes even the use of still images as totally illegal.

ABC News is reporting that at least six people have been charged with illegally sharing the video contents with other people, but presumably this is referring to the whole video being passed on.

And again according to ABC the meme sharing young man has been held in jail since being arrested for his joke. He will reappear in court on July 31 when electronically monitored bail will be considered.

Meanwhile New Zealand's Prime Minister, Jacinda Ardern, will be meeting with executives from big tech, along with world leaders, in order to prohibit the spread or sharing of violent extremism or terrorism from being shown online at all. This official policy calling for censorship has been tagged The Christchurch Call but details haven't been made public, yet.

Ironically this all seems to playing into the hands of the Christchurch shooter, Brenton Tarrant. In his manifesto he specifically wanted governments and regulators to escalate censorship to the point of creating civil unrest.

Update: Jailed

19th June 2019. See article from straitstimes.com

A New Zealand man was jailed for 21 months yesterday for distributing the gruesome live-stream video of the Christchurch mosque attacks that killed 51 Muslim worshippers.

Christchurch District Court heard that the man distributed the raw footage to about 30 people and had another version modified to include crosshairs and a kill count, The New Zealand Herald reported.

This was in effect a hate crime against the Muslim community, Judge Stephen O'Driscoll said, adding that it was particularly cruel to share the video in the days after the attacks, when families were still waiting to hear news of their loved ones.

Starting with a little background into the authorship of the document under review. AVSecure CMO Steve Winyard told XBIZ:

The accreditation plan appears to have very strict rules and was crafted with significant input from various governmental bodies, including the DCMS (Department for Culture, Media & Sport), NCC Group plc (an expert security and audit firm), GCHQ (U.K. Intelligence and Security Agency), ICO (Information Commissioner's Office) and of course the BBFC.

But computer security expert Alec Muffett writes:

This is the document which is being proffered to protect the facts & details of _YOUR_ online #Porn viewing. Let's read it together!

What could possibly go wrong?

....

This document's approach to data protection is fundamentally flawed.

The (considerably) safer approach - one easier to certificate/validate/police - would be to say everything is forbidden except for upon for ; you would then allow vendors to appeal for exceptions under review.

It makes a few passes at pretending that this is what it's doing, but with subjective holes (green) that you can drive a truck through:

...

What we have here is a rehash of quite a lot of reasonable physical/operational security, business continuity & personnel security management thinking -- with digital stuff almost entirely punted.

It's better than #PAS1296 , but it's still not fit for purpose.

Read the full thread

NewsGuard is a US organisation trying to muscle in governments' concerns about 'fake news'' It doesn't fact check individual news stories but gives ratings to news organisations on what it considers to be indicators of 'trustworthiness'.

At the moment it is most widely known for providing browser add-ons that displays a green shield when readers are browsing an 'approved' news website and a red shield when the website is disapproved.

Now the company is pushing something a little more Orwellian. It is in talks with UK internet providers such that the ISP would inject some sort of warning screen should an internet user [inadvertently] stray onto a 'wrong think' website.

The idea seems to be that users can select whether they want these intrusive warnings or not, via a similar mechanism used for the parental control of website blocking.

NewsGuard lost an awful of credibility in the UK when its first set of ratings singled out the Daily Mail as a 'wrong think' news source. It caused a bit of a stink and the decisions was reversed, but it rather shows where the company is coming from.

Surely they are patronising the British people if they think that people want to be nagged about reading the Daily Mail. People are well aware of the bases and points of views of news sources they read. They will not want to be nagged by those that think they know best what people should be reading.

I think it is only governments and politicians that are supposedly concerned about 'fake news anyway'. They see it as some sort blame opportunity. It can't possibly be their politicians' own policies that are so disastrously unpopular with the people, surely it must be mischievous 'fake news' peddlers that are causing the grief.

Twitter writes in a blog post:

Strengthening our approach to deliberate attempts to mislead voters

Voting is a fundamental human right and the public conversation occurring on Twitter is never more important than during elections. Any attempts to undermine the process of registering to vote or engaging in the electoral process is contrary to our company's core values.

Today, we are further expanding our enforcement capabilities in this area by creating a dedicated reporting feature within the product to allow users to more easily report this content to us. This is in addition to our existing proactive approach to tackling malicious automation and other forms of platform manipulation on the service. We will start with 2019 Lok Sabha in India and the EU elections and then roll out to other elections globally throughout the rest of the year.

What types of content are in violation?

You may not use Twitter's services for the purpose of manipulating or interfering in elections. This includes but is not limited to:

• Misleading information about how to vote or register to vote (for example, that you can vote by Tweet, text message, email, or phone call);

• Misleading information about requirements for voting, including identification requirements; and

• Misleading statements or information about the official, announced date or time of an election.

Video-sharing app TikTok has introduced an age gate feature for new users, which it claims will only allow those aged 13 years and above to create an account. TikTok also declared that it has removed more than six million videos that were in violation of its community guidelines.

TikTok is said to be based in more than 20 countries, including India, and covers major Indian languages, including Hindi, Tamil, Telugu and Gujarati.

The app was banned by the Madras High Court earlier this month, chiefly on the ground that it posed a danger to children. The court said the app contained degrading culture, and that it encouraged pornography and pedophilia.

In February, TikTok was fined $5.7 million by the US Federal Trade Commission for violating the Children's Online Privacy Protection Act (COPPA) by collecting personal information of children below 13 years without parental consent.

As of April 15, the app remains available for download on Google's Play Store. TikTok's push for user safety

Update: TikTok unbanned

25th April 2019. See article from theverge.com

The short video sharing app TikTok has managed to persuade an Indian court that it is capable of censoring nudity in videos that will degrade Indian viewers.

A DNS server translates the text name of a website into the numerical IP address. At the moment ISPs provide the DNS servers and they use this facility to block websites. If you want to access bannedwebsite.com the ISP simply refuses to tell your browser the IP address of the website you are seeking. The ISPs use this capability to implement blocks on terrorist/child abuse, copyright infringing websites, porn websites with out age verification, network level parental control blocking and many more things envisaged in the Government's Online Harms white paper.

At the moment DNS requests are transmitted in the clear so even if you chose another DNS server the ISP can see what you are up to, intercept the message and apply its own censorship rules anyway.

This is all about to change, as the internet authorities have introduced a change meaning that DNS requests can now be encrypted using the web standard encryption as used by https. The new protocol option is known is DNS Over HTTPS or DOH.

The address being requested cannot be monitored under several internet protocols, DNS over TLS and DNSCrypt but DNS Over HTTPS goes one step further in that ISPs cannot even detect that it is DNS request at al. It appears exactly the same as a standard HTTPS request for the website content. This prevents the authorities from refusing to allow DNS Over HTTPS at all by blocking all such requests. If they tried they would have to block all https websites.

There's nothing to stop users from sticking with their ISPs DNS and submitting to all the familiar censorship policies. However if your browser allows, you can ask the browser to ask to use a non censorial DNS server over HTTPS. There are already plenty of servers out there to choose from, but it is down to the browser to define the choice available to you. Firefox already allows you to select their own encrypted DNS server. Google is not far behind with its Chrome Browser.

At the moment Firefox already allows those with techie bent to opt for the Firefox DOH, but Firefox recently made waves by suggesting that it would soon default to using its own server and make it a techie change to opt out and revert to ISP DNS. Perhaps this sounds a little unlikely.

The Government have got well wound up by the fear of losing censorship control over UK internet users so no doubt will becalling in people from Firefox and Chrome to try to get them to enforce state censorship. However it may not be quite so easy. The new protocol allows for anyone to offer non censorial (or even censorial) DOH servers. If Firefox can be persuaded to toe the government line then other browsers can step in instead.

The UK Government broadband ISPs and the National Cyber Security Centre (NCSC) are now set to meet on the 8th May 2019 in order to discuss Google's forthcoming implementation of encrypted DOH. It should be an interesting meeting but I bet they'll never publish the minutes.

I rather suspect that the Government has shot itself in the foot over this with its requirements for porn users to identify themselves before being able to access porn. Suddenly they have will have spurred millions of users to take an interest in censorship circumvention to avoid endangering themselves, and probably a couple of million more who will be wanting to avoid the blocks because they are too young. DNS, DOH, VPNs, Tor and the likes will soon become everyday jargon.

On the 15th of March, the German Bundesrat (Federal Council) voted to amend the Criminal Code in relation to internet based services such as The onion router (Tor).

The proposed law has been lambasted as being too vague, with privacy experts rightfully fearful that the law would be overapplied. The proposal, originating from the North Rhine-Westphalian Minister of Justice Peter Biesenbach, would amend and expand criminal law and make running a Tor node or website illegal and punishable by up to three years in prison. According to Zeit.de, if passed, the expansion of the Criminal Code would be used to punish anyone who offers an internet-based service whose access and accessibility is limited by special technical precautions, and whose purpose or activity is directed to commit or promote certain illegal acts.

What's worse is that the proposed changes are so vaguely worded that many other services that offer encryption could be seen as falling under this new law. While the proposal does seem to have been written to target Tor hidden services which are dark net markets, the vague way that the proposal has been written makes it a very real possibility that other encrypted services such as messaging might be targeted under these new laws, as well.

Now that the motion to amend has been accepted by Bundesrat, it will be forwarded to the Federal Government for drafting, consideration, and comment. Then, within a month and a half, this new initiative will be forwarded to the German Senate, aka the Bundestag, where it will be finally voted on. Private Internet Access and many others denounce this proposal and continue to support Tor and an open internet

Private Internet Access currently supports the Tor Project and runs a number of Tor exit nodes as a part of our commitment to online privacy. PIA believes this proposed amendment to the German Criminal Code is not just bad for Tor, which was named specifically, but also for online privacy as a whole -- and we're not the only ones.

German criminal lawyer David Schietinger told Der Spiegel that he was concerned the law was too overreaching and could also mean an e-mail provider or the operator of a classic online platform with password protection.

The bill contains mainly rubber paragraphs with the clear goal to criminalize operators and users of anonymization services. Intentionally, the facts are kept very blurred. The intention is to create legal uncertainty and unavoidable risks of possible criminal liability for anyone who supports the right to anonymous communication on the Internet.

The BBFC has published a detailed standard for age verifiers to get tested against to obtain a green AV kite mark aiming to convince users that their identity data and porn browsing history is safe.

I have read through the document and conclude that it is indeed a rigorous standard that I guess will be pretty tough for companies to obtain. I would say it would be almost impossible for a small or even medium size website to achieve the standard and more or less means that using an age verification service is mandatory.

The standard has lots of good stuff about physical security of data and vetting of staff access to the data.

Age verifier AVSecure commented:

We received the final documents and terms for the BBFC certification scheme for age verification providers last Friday. This has had significant input from various Government bodies including DCMS (Dept for Culture, Media & Sport), NCC Group plc (expert security and audit firm), GCHQ (UK Intelligence & Security Agency) ICO (Information Commissioner's Office) and of course the BBFC (the regulator).

The scheme appears to have very strict rules.

It is a multi-disciplined scheme which includes penetration testing, full and detailed audits, operational procedures over and above GDPR and the DPA 2018 (Data Protection Act). There are onerous reporting obligations with inspection rights attached. It is also a very costly scheme when compared to other quality standard schemes, again perhaps designed to deter the faint of heart or shallow of pocket.

Consumers will likely be advised against using any systems or methods where the prominent green AV accreditation kitemark symbol is not displayed.

But will the age verifier be logging your ID data and browsing history?

And the answer is very hard to pin down from the document. At first read it suggests that minimal data will be retained, but a more sceptical read, connecting a few paragraphs together suggests that the verifier will be required to keep extensive records about the users porn activity.

Maybe this is a reflection of a recent change of heart. Comments from AVSecure suggested that the BBFC/Government originally mandated a log of user activity but recently decided that keeping a log or not is down to the age verifier.

As an example of the rather evasive requirements:

8.5.9 Physical Location

Personal data relating to the physical location of a user shall not be collected as part of the age-verification process unless required for fraud prevention and detection. Personal data relating to the physical location of a user shall only be retained for as long as required for fraud prevention and detection.

Here it sounds like keeping tabs on location is optional, but another paragraph suggest otherwise:

8.4.14 Fraud Prevention and Detection

Real-time intelligent monitoring and fraud prevention and detection systems shall be used for age-verification checks completed by the age-verification provider.

Now it seems that the fraud prevention is mandatory, and so a location record is mandatory after all.

Also the use off the phrase only be retained for as long as required for fraud prevention and detection. seems a little misleading too, as in reality fraud prevention will be required for as long as the customer keeps on using it. This may as well be forever.

There are other statements that sound good at first read, but don't really offer anything substantial:

8.5.6 Data Minimisation

Only the minimum amount of personal data required to verify a user's age shall be collected.

But if the minimum is to provide name and address + eg a drivers licence number or a credit card number then the minimum is actually pretty much all of it. In fact there are only the porn pass methods that offer any scope for 'truely minimal' data collection. Perhaps the minimal data also applies to the verified mobile phone method as although the phone company probably knows your identity, then maybe they won't need to pass it on to the age verifier.

What does the porn site get to know

The rare unequivocal and reassuring statement is

8.5.8 Sharing Results

Age-verification providers shall only share the result of an age-verification check (pass or fail) with the requesting website.

So it seems that identity details won't be passed to the websites themselves.

However the converse is not so clear:

8.5.6 Data Minimisation

Information about the requesting website that the user has visited shall not be collected against the user's activity.

Why add the phrase, against the user's activity. This is worded such that information about the requesting website could indeed be collected for another reason, fraud detection maybe.

Maybe the scope for an age verifier to maintain a complete log of porn viewing is limited more by the practical requirement for a website to record a successful age verification in a cookie such that the age verifier only gets to see one interaction with each website.

No doubt we shall soon find out whether the government wants a detailed log of porn viewed, as it will be easy to spot if a website queries the age verifier for every film you watch.

Fraud Detection

And what about all this reference to fraud detection. Presumably the BBFC/Government is a little worried that passwords and accounts will be shared by enterprising kids. But on the other hand it may make life tricky for those using shared devices, or perhaps those who suddenly move from London to New York in an instant, when in fact this is totally normal for someone using a VPN on a PC.

Wrap up

The BBFC/Government have moved on a long way from the early days when the lawmakers created the law without any real protection for porn users and the BBFC first proposed that this could be rectified by asking porn companies to voluntarilyfollow 'best practice' in keeping people's data safe.

A definite improvement now, but I think I will stick to my VPN.

A TV channel, a porn producer, an age verifier and maybe even the government got together this week to put out a live test of age verification. The test was implemented on a specially created website featuring a single porn video.

The test required a well advertised website to provide enough traffic of viewers positively wanting to see the content. Channel 4 obliged with its series Mums Make Porn. The series followed a group of mums making a porn video that they felt would be more sex positive and less harmful to kids than the more typical porn offerings currently on offer.

The mums did a good job and produced a decent video with a more loving and respectful interplay than is the norm. The video however is still proper hardcore porn and there is no way it could be broadcast on Channel 4. So the film was made available, free of charge, on its own dedicated website complete with an age verification requirement.

The website was announced as a live test for AgeChecked software to see how age verification would pan out in practice. It featured the following options for age verification

1. entering full credit card details + email
2. entering driving licence number + name and address + email
3. mobile phone number + email (the phone must have been verified as 18+ by the service provider and must must be ready to receive an SMS message containing login details)

Nothing has been published in detail about the aims of the test but presumably they were interested in the basic questions such as:

• What proportion of potential viewers will be put off by the age verification?
• What proportion of viewers would be stupid enough to enter their personal data?
• Which options of identification would be preferred by viewers?

The official test 'results'

Alastair Graham, CEO of AgeChecked provided a few early answers inevitably claiming that:

The results of this first mainstream test of our software were hugely encouraging.

He went on to claim that customers are willing to participate in the process, but noted that verified phone number method emerged as by far the most popular method of verification. He said that this finding would be a key part of this process moving forward.

Reading between the lines perhaps he was saying that there wasn't much appetite for handing over detailed personal identification data as required by the other two methods.

I suspect that we will never get to hear more from AgeChecked especially about any reluctance of people to identify themselves as porn viewers.

The unofficial test results

Maybe they were also interested in other questions too:

• Will people try and work around the age verification requirements?
• if people find weaknesses in the age verification defences, will they pass on their discoveries to others?

Interestingly the age verification requirement was easily sidestepped by those with a modicum of knowledge about downloading videos from websites such as YouTube and PornHub. The age verification mechanism effectively only hid the start button from view. The actual video remained available for download, whether people age verified or not. All it took was a little examination of the page code to locate the video. There are several tools that allow this: video downloader addons, file downloaders or just using the browser's built in debugger to look at the page code.

Presumably the code for the page was knocked up quickly so this flaw could have been a simple oversight that is not likely to occur in properly constructed commercial websites. Or perhaps the vulnerability was deliberately included as part of the test to see if people would pick up on it.

However it did identify that there is a community of people willing to stress test age verification restrictions and see if work rounds can be found and shared.

I noted on Twitter that several people had posted about the ease of downloading the video and had suggested a number of tools or methods that enabled this.

There was also an interesting article posted on achieving age verification using an expired credit card. Maybe that is not so catastrophic as it still identifies a cardholder as over 18, even if cannot be used to make a payment. But of course it may open new possibilities for misuse of old data. Note that random numbers are unlikely to work because of security algorithms. Presumably age verification companies could strengthen the security by testing that a small transaction works, but this intuitively this would have significant cost implications. I guess that to achieve any level of take up, age verification needs to be cheap for both websites and viewers.

Community Spirit

It was very heartening to see how many people were helpfully contributing their thoughts about testing the age verification software.

Over the course of a couple of hours reading, I learnt an awful lot about how websites hide and protect video content, and what tools are available to see through the protection. I suspect that many others will soon be doing the same... and I also suspect that young minds will be far more adept than I at picking up such knowledge.

A final thought

I feel a bit sorry for small websites who sell content. It adds a whole new level complexity as a currently open preview area now needs to be locked away behind an age verification screen. Many potential customers will be put off by having to jump through hoops just to see the preview material. To then ask them to enter all their credit card details again to subscribe, may be a hurdle too far.

Update: The Guardian reports that age verification were easily circumvented

22nd April 2019. See article from theguardian.com

The Guardian reported that the credit card check used by AgeChecked could be easily fooled by generating a totally false credit card number. Note that a random number will not work as there is a well known sum check algorithm which invalidates a lot of random numbers. But anyone who knows or looks up the algorithm would be able to generate acceptable credit card numbers that would at least defeat AgeChecked.

Or they would have been had AgeChecked not now totally removed the credit card check option from its choice of options.

Still the damage was done when the widely distributed Guardian article has established doubts about the age verification process.

Of course the workaround is not exactly trivial and will stop younger kids from 'stumbling on porn' which seems to be the main fall back position of this entire sorry scheme.

It's not only China and the UK that want to identify internet users, Austria also wants to demand that forum contributors submit their ID before being able to post.

Austria's government has introduced a bill that would require larger social media websites and forums to obtain the identity of its users prior to them being able to post comments. Users will have to provide their name and address to websites but nicknames are still allowed and the identity data will not be made public.

Punishments for non complying websites will be up to 500,000 euros and double that for repeat offences.

It would only affect sites with more than 100,000 registered users, bring in revenues above 500,000 euros per year or receive press subsidies larger than 50,000 euros.

There would also be exemptions for retail sites as well as those that don't earn money from either ads or the content itself.

If passed and cleared by the EU, the law would take effect in 2020. The immediate issues noted are that some of the websites most offending the sensitivities of the government are often smaller than the trigger condition. The law may also step on the toes of the EU in rules governing which EU states has regulatory control over websites.

Update: Identity data will be available to other users

17th May 2019. See article from edri.org

The law on care and responsibility on the net forces media platforms with forums to store detailed data about their users in order to deliver them in case of a possible offence not only to police authorities, but also to other users who want to legally prosecute another forum user. Looking at the law in detail, it is obvious that they contain so many problematic passages that their intended purpose is completely undermined.

According to the Minister of Media, Gernot Blümel, harmless software will deal with the personal data processing. One of the risks of such a system would be the potential for abuse from public authorities or individuals requesting a platform provider the person's name and address with the excuse to wanting to investigate or sue them, and then use the information for entirely other purposes.

In the aftermath of the horrific mosque attack in New Zealand, internet companies were interrogated over their efforts to censor the livestream video of Brenton Tarrant's propaganda.

Some of their responses have included ideas that point in a disturbing direction: toward increasingly centralized and opaque censorship of the global internet.

Facebook, for example, describes plans for an expanded role for the Global Internet Forum to Counter Terrorism, or GIFCT. The GIFCT is an industry-led self-regulatory effort launched in 2017 by Facebook, Microsoft, Twitter, and YouTube. One of its flagship projects is a shared database of hashes of files identified by the participating companies to be extreme and egregious terrorist content. The hash database allows participating companies (which include giants like YouTube and one-man operations like JustPasteIt) to automatically identify when a user is trying to upload content already in the database.

In Facebook's post-Christchurch updates, the company discloses that it added 800 new hashes to the database, all related to the Christchurch video. It also mentions that the GIFCT is experimenting with sharing URLs systematically rather than just content hashes --that is, creating a centralized list of URLs that would facilitate widespread blocking of videos, accounts, and potentially entire websites or forums.

See the full article from wired.com

VPNCompare is reporting that internet users in Britain are responding to the upcoming porn censorship regime by investigating the option to get a VPN so as to workaround most age verification requirements without handing over dangerous identity details.

VPNCompare says that the number of UK visitors to its website has increased by 55% since the start date of the censorship scheme was announced. The website also sated that Google searches for VPNs had trippled. Website editor, Christopher Seward told the Independent:

We saw a 55 per cent increase in UK visitors alone compared to the same period the previous day. As the start date for the new regime draws closer, we can expect this number to rise even further and the number of VPN users in the UK is likely to go through the roof.

The UK Government has completely failed to consider the fact that VPNs can be easily used to get around blocks such as these.

Whilst the immediate assumption is that porn viewers will reach for a VPN to avoid handing over dangerous identity information, there may be another reason to take out a VPN, a lack of choice of appropriate options for age validation.

3 companies run the 6 biggest adult websites. Mindgeek owns Pornhub, RedTube and Youporn. Then there is Xhamster and finally Xvideos and xnxx are connected.

Now Mindgeek has announced that it will partner with Portes Card for age verification, which has options for identity verification, giving a age verified mobile phone number, or else buying a voucher in a shop and showing age ID to the shop keeper (which is hopefully not copied or recorded).

Meanwhile Xhamster has announced that it is partnering with 1Account which accepts a verified mobile phone, credit card, debit card, or UK drivers licence. It does not seem to have an option for anonymous verification beyond a phone being age verified without having to show ID.

Perhaps most interestingly is that both of these age verifiers are smart phone based apps. Perhaps the only option for people without a phone is to get a VPN. I also spotted that most age verification providers that I have looked at seem to be only interested in UK cards, drivers licences or passports. I'd have thought there may be legal issues in not accepting EU equivalents. But foreigners may also be in the situation of not being able to age verify and so need a VPN.

And of course the very fact that is no age verification option common to the major porn website then it may just turn out to be an awful lot simpler just to get a VPN.

The Interrogator :

Is it safe?

The BBFC (on its Age Verification website)...err...no!...:

An assessment and accreditation under the AVC is not a guarantee that the age-verification provider and its solution (including its third party companies) comply with the relevant legislation and standards, or that all data is safe from malicious or criminal interference.

Accordingly the BBFC shall not be responsible for any losses, damages, liabilities or claims of whatever nature, direct or indirect, suffered by any age-verification provider, pornography services or consumers/ users of age-verification provider's services or pornography services or any other person as a result of their reliance on the fact that an age-verification provider has been assessed under the scheme and has obtained an Age-verification Certificate or otherwise in connection with the scheme.

Facebook has banned far-right groups including the British National Party (BNP) and the English Defence League (EDL) from having any presence on the social network. The banned groups, which also includes Knights Templar International, Britain First and the National Front as well as key members of their leadership, have been removed from both Facebook or Instagram.

Facebook said it uses an extensive process to determine which people or groups it designates as dangerous, using signals such as whether they have used hate speech, and called for or directly carried out acts of violence against others based on factors such as race, ethnicity or national origin.

Offsite comment: How to fight the new fascism

19th April 2019. See article from spiked-online.com by Andrew Doyle

This week we have seen David Lammy doubling down on his ludicrous comparison of the European Research Group with the Nazi party, and Chris Key in the Independent calling for UKIP and the newly formed Brexit Party to be banned from television debates. It is clear that neither Key nor Lammy have a secure understanding of what far right actually means and, quite apart from the distasteful nature of such political opportunism, their strategy only serves to generate the kind of resentment upon which the far right depends.

Offsite comment: Facebook is calling for Centralized Censorship. That Should Scare You

19th April 2019. See article from wired.com by Emma Llansó

If we're going to have coherent discussions about the future of our information environment, we--the public, policymakers, the media, website operators--need to understand the technical realities and policy dynamics that shaped the response to the Christchurch massacre. But some of these responses have also included ideas that point in a disturbing direction: toward increasingly centralized and opaque censorship of the global interne

The European Parliament has approved a draft version of new EU internet censorship law targeting terrorist content.

In particular the MEPs approved the imposition of a one-hour deadline to remove content marked for censorship by various national organisations. However the MEPs did not approve a key section of the law requiring internet companies to pre-process and censor terrorsit content prior to upload.

A European Commission official told the BBC changes made to the text by parliament made the law ineffective. The Commission will now try to restore the pre-censorship requirement with the new parliament when it is elected.

The law would affect social media platforms including Facebook, Twitter and YouTube, which could face fines of up to 4% of their annual global turnover. What does the law say?

In amendments, the European Parliament said websites would not be forced to monitor the information they transmit or store, nor have to actively seek facts indicating illegal activity. It said the competent authority should give the website information on the procedures and deadlines 12 hours before the agreed one-hour deadline the first time an order is issued.

In February, German MEP Julia Reda of the European Pirate Party said the legislation risked the surrender of our fundamental freedoms [and] undermines our liberal democracy. Ms Reda welcomed the changes brought by the European Parliament but said the one-hour deadline was unworkable for platforms run by individual or small providers.

Last week, an investigation by Bloomberg revealed that thousands of Amazon employees around the world are listening in on Amazon Echo users.

As we have been explaining across media, we believe that by using default settings and vague privacy policies which allow Amazon employees to listen in on the recordings of users' interactions with their devices, Amazon risks deliberately deceiving its customers.

Amazon has so far been dismissive, arguing that people had the options to opt out from the sharing of their recordings -- although it is unclear how their customers could have done so if they were not aware this was going on in the first place.

Even those who had read the privacy policy would have had a hard time interpreting "We use your requests to Alexa to train our speech recognition and natural language understanding systems" to mean that thousands of employees are each listening up to a thousand recordings per day. And sharing file recordings with one another they find to be "amusing".

As a result, today we wrote to Jeff Bezos to let him know we think Amazon needs to step up and do a lot better to protect the privacy of their customers.

If you use an Amazon Echo device and are concerned about this, read our instructions on how to opt out here .

Dear Mr. Bezos,

We are writing to call for your urgent action regarding last week's report [1] in Bloomberg, which revealed that Amazon has been employing thousands of workers to listen in on the recordings of Amazon Echo users.

Privacy International (PI) is a registered charity based in London that works at the intersection of modern technologies and rights. Privacy International challenges overreaching state and corporate surveillance, so that people everywhere can have greater security and freedom through greater personal privacy.

The Bloomberg investigation asserts that Amazon employs thousands of staff around the world to listen to voice recordings captured by the Amazon Alexa. Among other examples, the report states that your employees use internal chat rooms to share files when they "come across an amusing recording", and that they share "distressing" recordings -- including one of a sexual assault.

Currently, your privacy policy states: "We use your requests to Alexa to train our speech recognition and natural language understanding systems." We are concerned that your customers could not reasonably assume from such a statement that recordings of their interactions with the Amazon Echo could, by default, be listened to by your employees.

An ambiguous privacy policy and default settings that allow your employees to access recordings of all interactions is not our idea of consent. Instead, we believe the default settings should be there to protect your users' privacy.

Millions of customers enjoy your product and they deserve better from you. As such, we ask whether you will:

• Notify all users whose recordings have been accessed, and describe to them which recordings;

• Notify all users whenever their recordings are accessed in the future, and describe to them which recordings;

• Modify the settings of the Amazon Echo so that "Help Develop New Features" and "Use Messages to Improve Transcriptions" are turned off by default;

• Clarify your privacy policy so that it is clear to users that employees are listening to the recordings when the "Help Develop New Features" and "Use Messages to Improve Transcriptions" settings are on.

In your response to the Bloomberg investigation, you state you take the privacy of your customer seriously. It is now time for you to step up and walk the walk. We look forward to engaging with you further on this.

Sincerely yours,
Eva Blum-Dumontet

Reddit is a social media website that boasts 234 million members and approximately 8 billion page views per month.

Reddit's system is naturally built to highlight online influencers; all posts are automatically submitted to a voting process: The most up-voted messages receive the most visibility.

The site has a very passionate following and advertising on Reddit can be very successful. Companies are able to promote top posts to a very targeted audience, directly on its front page.

On Tuesday, Reddit posted an update about their Not Suitable for Work Advertising Policy. From now on, the platform doesn't allow any adult-oriented ads and targeting. Promoted posts pushing adult products or services are no longer permissible and NSFW subreddits will no longer be eligible for ads or targeting.

The new policy targets specifically targets pornographic and sexually explicit content as well as adult sexual recreational content, product and services.

The UK will become the first country in the world to bring in age-verification for online pornography when the measures come into force on 15 July 2019.

It means that commercial providers of online pornography will be required by law to carry out robust age-verification checks on users, to ensure that they are 18 or over.

Websites that fail to implement age-verification technology face having payment services withdrawn or being blocked for UK users.

The British Board of Film Classification (BBFC) will be responsible for ensuring compliance with the new laws. They have confirmed that they will begin enforcement on 15 July, following an implementation period to allow websites time to comply with the new standards.

Minister for Digital Margot James said that she wanted the UK to be the most censored place in the world to b eonline:

Adult content is currently far too easy for children to access online. The introduction of mandatory age-verification is a world-first, and we've taken the time to balance privacy concerns with the need to protect children from inappropriate content. We want the UK to be the safest place in the world to be online, and these new laws will help us achieve this.

Government has listened carefully to privacy concerns and is clear that age-verification arrangements should only be concerned with verifying age, not identity. In addition to the requirement for all age-verification providers to comply with General Data Protection Regulation (GDPR) standards, the BBFC have created a voluntary certification scheme, the Age-verification Certificate (AVC), which will assess the data security standards of AV providers. The AVC has been developed in cooperation with industry, with input from government.

Certified age-verification solutions which offer these robust data protection conditions will be certified following an independent assessment and will carry the BBFC's new green 'AV' symbol. Details will also be published on the BBFC's age-verification website, ageverificationregulator.com so consumers can make an informed choice between age-verification providers.

BBFC Chief Executive David Austin said:

The introduction of age-verification to restrict access to commercial pornographic websites to adults is a ground breaking child protection measure. Age-verification will help prevent children from accessing pornographic content online and means the UK is leading the way in internet safety.

On entry into force, consumers will be able to identify that an age-verification provider has met rigorous security and data checks if they carry the BBFC's new green 'AV' symbol.

The change in law is part of the Government's commitment to making the UK the safest place in the world to be online, especially for children. It follows last week's publication of the Online Harms White Paper which set out clear responsibilities for tech companies to keep UK citizens safe online, how these responsibilities should be met and what would happen if they are not.

Believe us, we can cure all society's ills

A government department responsible for data protection laws has shared the private contact details of hundreds of journalists.

The Department for Censorship, Media and Sport emailed more than 300 recipients in a way that allowed their addresses to be seen by other people.

The email - seen by the BBC - contained a press release about age verifications for adult websites .

Digital Minister Margot James said the incident was embarrassing. She added:

It was an error and we're evaluating at the moment whether that was a breach of data protection law.

In the email sent on Wednesday, the department claimed new rules would offer robust data protection conditions, adding: Government has listened carefully to privacy concerns.

Twitter co-founder Jack Dorsey has said again there is much work to do to improve Twitter and cut down on the amount of abuse and misinformation on the platform. He said the firm might demote likes and follows, adding that in hindsight he would not have designed the platform to highlight these.

Speaking at the TED technology conference he said that Twitter currently incentivised people to post outrage. Instead he said it should invite people to unite around topics and communities. Rather than focus on following individual accounts, users could be encouraged to follow hashtags, trends and communities.

Doing so would require a systematic change that represented a huge shift for Twitter.

One of the choices we made was to make the number of people that follow you big and bold. If I started Twitter now I would not emphasise follows and I would not create likes. We have to look at how we display follows and likes, he added.