Weekly Report: RevoWorks Browserに複数の脆弱性

4 days 4 hours ago
ジェイズ・コミュニケーション株式会社が提供するRevoWorks Browserには、複数の脆弱性があります。結果として、当該製品へアクセス可能な第三者が任意のコードを実行するなどの可能性があります。


4 days 5 hours ago
「さんてんぬ」さんのツイートによると、GENDA SEGA Entertainment(以下GENDAセガ)でスマートフォン向けオンラインクレーンゲーム「GOTON!」をプレーをしていたところ、ターゲットのぬいぐるみではなく、クレーンのアーム部分が丸ごと開口部に落ちるという面白トラブルがあったという。さんてんぬさんが投稿した動画では、景品を獲得した際に出る「GOTON!」の演出が出てしまっている(「さんてんぬ」さんのツイート、セガのお店公式その1、その2、その3)。 その後のツイートによると、さんてんぬさんはアームの入手はできなかったものの、目的の景品は獲得できたそう……と、ここで終わらず、GENDAセガの公式アカウントによると、本社内にてアームをさんてんぬさんに発送すべきか会議が行われる事態になったようだ。景品法の関係で800円以上の価格となるとみられるアーム本体の進呈は困難であるとの指摘も出ていたことから、同業者などもGENDAセガの出す結論に注視する事態に。そして最後は役員会議案件に昇格したそうだ。 その結果、さんてんぬさんに「オンラインクレーンゲームの認知向上に大きく貢献して頂いた」として、御礼品を贈呈することが決定したとのこと(セガのお店公式その4)。なお御礼品の詳細は不明となっており、公式では「制作に長期のお時間を頂きます」としていることから、GENDAセガ側で特注の何かを作るとみられている。

すべて読む | ITセクション | 変なモノ | インターネット | ゲーム |

セガ米国法人、プライズゲーム機に不正な設定があったとして提訴される 2021年07月20日
オンラインクレーンゲーム「トレバ」、景品が取れないようスタッフが裏操作していた 2020年11月24日
UFOキャッチャーが“絶対に取れない”と客が通報、店員が警官の前で200回やっても取れず 2020年10月13日
オフィスにゲーム筐体を設置できるレンタルサービス「アケシェア」 2019年11月21日
クレーンゲームを景品が取れないよう設定していたゲーセン関係者らが逮捕される 2017年12月25日
「ラブライブ!」の非正規グッズをクレーンゲームの景品として提供していたゲームセンター運営が逮捕される 2016年11月30日



4 days 7 hours ago
headless 曰く、Twitter は 10 日、ボットアカウントに自動化された投稿であることを示すラベルを付けるテストの開始を発表した(Twitter Support のツイート、 Twitter のヘルプ記事、 Mashable の記事、 Twitter Safety のツイート)。 ラベルはアカウント情報に表示される「Automated by [@ユーザー名]」というものと、投稿に表示される「Automated」というものがあるようだ。現在のところボットアカウントを運用するユーザーの一部に招待制でラベル付けを可能にしているとのことで、実際にラベルの付いたアカウントを見つけることはできなかった。そのため、日本語版でどのような表示になるのかは不明だ。 Twitter によれば、ラベル付けによりアカウントが情報提供を目的としたものであることをわかりやすくし、他のユーザーがそれに応じた利用を可能にすることが目的とのことだ。

すべて読む | ITセクション | 人工知能 | Twitter | IT | ロボット |

明るい肌色優先で話題になった Twitter のアルゴリズム、若さやスリムさも優先されることが明らかに 2021年08月14日
Twitter、写真のトリミング機能の人種や性別の偏りを見つけ出すコンテストを開催 2021年08月03日
Google、肌の色を区分する新たな尺度を開発中 2021年06月21日
Twitter、アプリ上で縦長画像のサムネイル表示に対応へ 2021年05月08日
Twitter、画像をクロップせずにタイムライン表示する機能をAndroidとiOSでテスト中 2021年03月13日


EFF and Allies Urge Council of Europe to Add Strong Human Rights Safeguards Before Final Adoption of Flawed Cross Border Surveillance Treaty

4 days 9 hours ago

EFF, European Digital Rights (EDRi), the Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic (CIPPIC), and other civil society organizations have worked closely on recommendations to strengthen human rights protections in a flawed international cross border police surveillance treaty drafted by the Council of Europe (CoE). At a virtual hearing today before the CoE Parliamentary Assembly (PACE) Committee on Legal Affairs and Human Rights, EFF Policy Director for Global Privacy Katitza Rodriguez presented a summary of the concerns we and our partners have about the treaty’s weak privacy and human rights safeguards.

There is much at stake, as the draft Second Additional Protocol to the Budapest Convention on Cybercrime will reshape cross-border law enforcement data-gathering on a global scale. The Protocol’s objectives are to facilitate cross-border investigations between countries with varying legal systems and standards for accessing people’s personal information. In her testimony, the text of which is published in full below, Rodriguez highlighted key shortcomings in the Protocol, and recommendations for fixing them.

EFF Testimony and Statement to Committee on Legal Affairs and Human Rights, Parliamentary Assembly, Council of Europe

At the highest level, the current Protocol should establish clear and enforceable baseline safeguards in cross-border evidence gathering, but fails to do so. Though new police powers are mandatory, corresponding privacy protections are frequently optional, and the Protocol repeatedly defers to harmonised safeguards in an active attempt to entice states with weaker human rights records to sign on. The result is a net dilution of privacy and human rights on a global scale. But the right to privacy is a universal right. International law enforcement powers should come with detailed legal safeguards for privacy and data protection. When it comes to data protection, Convention 108+ should be the global reference. By its recommendations to the Council of Ministers, PACE has an opportunity to establish a commonly acceptable legal framework for international law enforcement that places privacy and human rights at its core.

Protecting Online Anonymity

Substantively, we have concerns regarding Article 7 of the Protocol, which permits direct access by law enforcement in one country to subscriber identity information held by a company in another country. In our opinion, Article 7 fails to provide, or excludes, critical safeguards contained in many national laws. For example, Article 7 does not include any explicit restrictions on targeting activities which implicate fundamental rights, such as freedom of expression or association, and prevents Parties from requiring foreign police to demonstrate that the subscriber data they seek will advance a criminal investigation.[1]

We are particularly concerned that Article 7’s explanatory text fails to acknowledge that subscriber data can be highly intrusive. Your IP address can tell authorities what websites you visit and what accounts you used. Police can also request the name and address associated with your IP address in order to link your identity to your online activity, and that can be used to learn deeply intimate aspects of your daily habits. Article 7’s identification power undermines online anonymity in a context that embraces legal systems with widely divergent approaches to criminal justice, including some governments that are autocratic in nature. The resulting threat to journalists, human rights defenders, politicians, political dissidents, whistleblowers and others is indefensible.

This is why we've urged PACE to remove Article 7 entirely from the text of the Protocol. States would still be able to access subscriber data in cross-border contexts, but would instead rely on Article 8, which includes more safeguards for human rights. If Article 7 is retained, we’ve urged for additional minimum safeguards, such as:

  • Ensuring that the explanatory text properly acknowledges that access to subscriber data can be highly intrusive.
  • Providing Parties with the option, at least, of requiring prior judicial authorization for requests made under Article 7.
  • Requiring Parties to establish a clear evidentiary basis for Article 7 requests.
  • Ensuring that Article 7 requests provide enough factual background to assesscompliance with human rights standards and protected privileges.
  • Requiring notification or consultation with a responding state for all Article 7 demands.
  • Requiring refusal of Article 7 requests when necessary to address lack of doublcriminality or protection of legal privileges.
  • Providing the ability to reserve Article 7 in a more nuanced and timely manner.
  • Ensuring that Article 7 demands include details regarding legal remedies and obligations for service provider refusal.
Raising the Bar for Data Protection

When it comes to Article 14’s data protection safeguards, we have asked that the Protocol be amended so that signatories may refuse to apply its most intrusive powers (Articles 6, 7 and 12) when dealing with any other signatory that has not also ratified Convention 108+. We also hope the Parliamentary Assembly will support the Committee of Convention 108’s mission, and remember (or take note) that the Committee of Ministers supports making Convention 108 the global reference for data protection, including in the implementation of this Protocol.

Article 14 itself falls short of modern data protection requirements and, in some contexts, will actively undermine emerging international standards. Two examples:

  • Fails to require independent oversight of law enforcement investigative activities. For example, many oversight functions can be exercised by government officials housed within the same agencies directing the investigations;
  • Article 14 limits the situations in which biometric data can be considered ‘sensitive and in need of additional protection despite a growing international consensus that biometric data is categorically sensitive.

But even with the weak standards contained in Article 14, signatories are explicitly permitted to bypass these safeguards through various mechanisms, none of which provide any assurance that meaningful privacy protections will be in place. For example, any two or more signatories can enter into an international data protection agreement that will supersede the safeguards outlined in Article 14. The agreement does not need to provide a comparable or adequate level of protection to the default rules.

Signatories can even adopt less protective standards in secret agreements or arrangements and continue to rely on the Protocol’s law enforcement powers. We have therefore recommended that the Protocol be amended to ensure a minimum threshold of privacy protection in Article 14, one which may be supplemented with more rigorous protections but cannot be replaced by weaker standards. This would also be done in a vein to avoid the fragmentation of privacy regimes.

Make Joint Investigative Team Limitations Explicit

Under Article 12, signatories can form joint investigative teams that can bypass core existing frameworks such as the MLAT regime when using highly intrusive cross-border investigative techniques or when transferring personal information between team members.

We have asked that the Protocol be amended so that some of its core intended limitations are made explicit. This is particularly important given that many teams may ultimately be operating with a higher level of informality and driven by police officers without input or supervision from other government bodies typically involved in overseeing cross-border investigations. Specifically, we have asked that the Protocol (or, alternatively, the explanatory text) clearly and unequivocally state that participants in a joint investigative team must not take investigative measures within the territory of another participant in the team and that no participant may violate the laws of another participant of that team.

We also ask that the Protocol be amended so that Parties are obligated to involve their central authorities (and, preferably, the entity responsible for data protection oversight) in the formation and general operation of an investigative team, and that agreements governing investigative teams be made public except to the degree that doing so would threaten investigative secrecy or is necessary to achieve other important public interest objectives.

Read more on this topic:




Karen Gullo

Protestors Nationwide Rally to Tell Apple: "Don't Break Your Promise!"

4 days 10 hours ago

Yesterday in San Francisco, Chicago, Boston, New York, and other cities across the U.S activists rallied in front of Apple stores demanding that the company fully cancel its plan to introduce surveillance software into its devices. In addition to protests at stores organized by EFF and Fight for the Future, EFF also took the message directly to Apple’s headquarters by flying a banner above the campus during its annual iPhone launch event today. 

The last time EFF held a protest at an Apple store, in 2016, it was to support the company’s strong stance in protecting encryption. That year, Apple challenged the FBI’s request to install a backdoor into its operating system. This year, in early August, Apple stunned its many supporters by announcing a set of upcoming features, intended to help protect children, that would create an infrastructure that could easily be redirected to greater surveillance and censorship. These features would pose enormous danger to iPhone users’ privacy and security, offering authoritarian governments a new mass surveillance system to spy on citizens. 

After public pushback in August, Apple announced earlier this month that its scanning program would be delayed. Protestors this week rallied to urge Apple to abandon its program and commit to protecting user privacy and security. Speakers included EFF Activist Joe Mullin and Executive Director Cindy Cohn.

Mullin told the crowd at the San Francisco protest how essential it was that Apple continue its commitment to protecting users: “From San Francisco to Dubai, Apple told the whole world that iPhone is all about privacy,” said Mullin. “But faced with government pressure, they caved. Now 60,000 users have signed a petition telling Apple they refuse to be betrayed.”

Holding signs that read “Don’t Scan My Phone” and “No Spy Phone,” protestors chanted “No 1984, no, Apple—no backdoor!" and “2-4-6-8, stand with users, not the state; 3-5-7-9, privacy is not a crime!”

“We can't be silent while Tim Cook and other Apple leaders congratulate themselves on their new products after they've signed on to a mass surveillance project,” said Mullin.  “No scanners on our phones!”

Apple has said that it will take additional time over the coming months to collect input about its child protection features. Later this month, EFF ​​hopes to begin that conversation with a public event that will bring together representatives from diverse constituencies who rely on encrypted platforms. Discussion will focus on the ramifications of these decisions, what we would like to see changed about the products, and protective principles for initiatives that aim to police private digital spaces. We hope Apple and other tech companies will join us as well. You can find out more soon about this upcoming event by visiting our events page.

Read further on this topic: 

Jason Kelley

Joint letter: An open, interconnected and interoperable internet

4 days 13 hours ago

Joint letter, signed by a coalition of civil society and industry stakeholders, raises concerns about the human rights risks of internet fragmentation and setting out principles for an open, interconnected and interoperable internet.



5 days ago

すべて読む | ITセクション | バグ | 医療 | IT |

モデルナワクチンの異物の正体は製造機器から混入したステンレススチール 2021年09月03日
ワクチン接種での死亡に因果関係はなく、むしろ死亡頻度は低下する 2021年09月02日
モデルナ製ワクチン、異物混入で一部ロットの使用見合わせ。約160万回分 2021年08月26日
新型コロナワクチン、3回目接種に向けて確保が進む 2021年08月18日