I think it was more targeting the client ISP side, than the VPN provider side. So something like having your ISP monitor your connection (voluntarily or forced to with a warrant/law) and report if your connection activity matches that of someone accessing a certain site that your local government might not like for example. In that scenario they would be able to isolate it to at least individual customer accounts of an ISP, which usually know who you are or where to find you in order to provide service. I may be misunderstanding it though.

Edit: On second reading, it looks like they might just be able to buy that info directly from monitoring companies and get much of what they need to do correlation at various points along a VPN-protected connection’s route. The Mullvad post has links to Vice articles describing the data that is being purchased by governments.

One example:

By observing that when someone visits site X, it loads resources A, B, C, etc in a specific order with specific sizes, then with enough distinguishable resources loaded like that someone would be able to determine that you’re loading that site, even if it’s loaded inside a VPN connection. Think about when you load Lemmy.world, it loads the main page, then specific images and style sheets that may be recognizable sizes and are generally loaded in a particular order as they’re encountered in the main page, scripts, and things included in scripts. With enough data, instead of writing static rules to say x of size n was loaded, y of size m was loaded, etc, it can instead be used with an AI model trained on what connections to specific sites typically look like. They could even generate their own data for sites in both normal traffic and the VPN encrypted forms and correlate them together to better train their model for what it might look like when a site is accessed over a VPN. Overall, AI allows them to simplify and automate the identification process when given enough samples.

Mullvad is working on enabling their VPN apps to: 1. pad the data to a single size so that the different resources are less identifiable and 2. send random data in the background so that there is more noise that has to be filtered out when matching patterns. I’m not sure about 3 to be honest.

Genuine question: What’s stopping them from using these same powers on FOSS software providers that may be located in the UK?

That’s how the UK is framing it, “oh, it doesn’t give us the power to block anything, Apple is just over reacting”.

They already have the power to block things from the Investigatory Powers Act 2016: https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016

From the OP’s article:

The Investigatory Powers Act 2016 (IPA) actually implemented many of the proposed powers, including granting the government the power to issue orders to tech companies to break encryption by building backdoors into their products. Apple strongly objected to this at the time.

So with this, they would now have the advance notice needed to actually block updates where before Apple could just release an update and by then it was too late for the UK to do anything about.

You mean a lawsuit like the one about the “Great 78 Project” by the music companies or maybe the one about the “National Emergency Library” by the book publishers?

I think you’re right that we need to start working on alternatives, hopefully something decentralized. The Wayback Machine would be an irreplaceable loss though if the data isn’t preserved somehow.

It’s because of that https effort. Everything should be assumed to be https and only http or misconfigured/bad https gets a warning. No need to show a lock when it can be assumed and it was getting misinterpreted. Now they can use that spot to show something indicating controls and someone might actually click on it and see they can set site specific permissions and settings there.

Not quite, in 2018 they did add tracking protection to their list of goals for their Private browsing mode and have implemented features to reduce tracking/fingerprinting/etc while in it. The main focuses though were still the same at the start though: protecting against local data being saved.

https://wiki.mozilla.org/Private_Browsing

We target Private Browsing to 3 privacy goals; in a Private Browsing session, Firefox:

• Doesn’t save the browsing history or display it in the Firefox UI
• Prevents the session’s data from writing to persistent storage
• Protects the session’s data from online tracking

And it’s been that way since the beginning basically and is a lot more upfront about what it does and doesn’t protect against than other browsers like Safari.

The new language just makes it even clearer it applies to Google’s online services and I don’t see that as a bad change though.

Guest sessions already exist in the profile menu and is a separate feature. Guest doesn’t save history/cookies/etc locally but also doesn’t use your existing history, extensions, bookmarks, settings, etc. It’s intended more for an actual guest user to sign into temporarily.

b and c) Go after the ISPs who don’t disconnect the pirating users and sue them instead. Go after the deep pockets.

Or the ISPs in this case. They want the information about the pirates to use them as witnesses to show that the ISP didn’t terminate copyright infringing users, even when notified dozens of times and to show that the ISPs benefitted from these practices by retaining them as paying customers.

If poor security practices only affected those responsible, I might agree with you on that front. As shown from the 23andMe “breach” and also how botnets are formed, individuals’ poor security practices can affect many more people than just themselves. I feel we have a responsibility to protect people from doing stupid things, even if that might not be the most free thing to do.

Software on Windows is still a bit of a mess compared to most other platforms though. The fact that it is normalized to download and install things from the various developer websites, without much verification and without permissions/restrictions on what the apps can do is not a plus in my mind. winget has been helpful in managing the installation and updating of things though.

Everyone having their own launcher is also not great, especially since they are not all created equal with respect to features, stability, and resource consumption. Games have had this problem for some time with EA, Ubisoft, Epic, etc having their own launchers. As like what happened to games, I don’t think it will necessarily end up with more freedom to buy the apps from the store you want, but rather you’ll be forced to download a store/launcher based on the whims of the app publisher. Some may publish to multiple stores but I don’t expect all to.

If the mandate to open the platform up to more stores came with some kind of requirement that apps be available across multiple stores so that the stores actually had to be competitive on their own features, not app exclusivity, I would be more inclined to support having more stores.

It appears they aren’t taking legal action against the pirates but instead wanting to use them as witnesses against the ISP who has more money to go after and from the sound of it didn’t have decent repeat infringer policies in place. They also are after more than just the IP address, such as name, email address, and logs. That would presumably be enough to identify someone more clearly.

In this case, it’s less about the actionability of going after the pirate and more about using them as a witness to go after the ISP with deeper pockets by showing they failed to kick pirating users off of their service. They don’t care that they downloaded it, they care that the users knew they wouldn’t get in trouble for piracy with that ISP and that the ISP benefited from that by keeping pirating users subscriptions active. Testimony from pirating users about why they chose that ISP and how even they knew the ISP wouldn’t do anything to resolve copyright violation issues could be pretty helpful in court.

From the article:

In this week’s filing, the film studios claim that six Redditors’ IP address logs are “clearly relevant and proportional to the needs of the case" because the Reddit users all made comments that either establish “that Frontier has not reasonably implemented a policy for terminating repeat infringers sufficient for a safe harbor affirmative” or that “the ability to freely pirate without consequence was a draw to becoming a subscriber of Frontier."

Last year, a Reddit user wrote that they received 44 emails from Frontier threatening to cut off their service due to torrent downloads, but “if they didn’t do it after 44 emails … they won’t."

In 2022, another Reddit user said that they had used Frontier DSL for years and “despite the shitty internet, they didn’t give a shit what I downloaded.”

I’d be more worried about every company trying to force their users into using their own store to access their apps.

It’s more that if you ask the app not to track you, there’s nothing stopping the server you’re connecting to with that app from continuing to track you. The server doesn’t even know you opened incognito mode versus just a different browser profile and it would be more of a risk for fingerprinting/sites blocking you if it did have the ability to know if you were in incognito.

It’s not the browser that’s really the problem in this case, it’s the tracking and building of user profiles across browser profiles and devices on the server side.

I love how the GitHub issue asking for ProtonMail’s domains to be removed is entirely about how Gmail, Outlook, iCloud, and Yahoo provide anonymous emails too and shouldn’t they be on the list if ProtonMail is… and they are. Someone is just checking lists for ProtonMail’s domains and not actually modifying their copypaste issue or doing any kind of research into the list/repo they’re posting to.

I’m a little surprised we haven’t heard about one of these smart TV brands using something like Amazon Sidewalk yet to communicate the analyzed data:

https://www.amazon.com/Amazon-Sidewalk/

A popular brand could totally set up their own network like this and with apartments there would probably be sufficient density to ensure that there’s always at least one connected device nearby to act as a bridge.

I don’t think there’s a lack of empathy, especially when you consider that we may be concerned for the more numerous viewers who could potentially see your comments if we help you bypass the filters that you seem to be running into more than just occasionally.