The EFF launched a new site you can use to see if your Chrome install is one that Google is testing FLoC on.

Google is running a Chrome “origin trial” to test out an experimental new tracking feature called Federated Learning of Cohorts (aka “FLoC”). According to Google, the trial currently affects 0.5% of users in selected regions, including Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the United States.

They also do a nice job describing exactly what FLoC is and what it might mean regarding your privacy online.

While I’m not exactly surprised at this headline and the findings shared by William Budington and the EFF, I AM, however, deeply disturbed that this is the world we now live in. So, what findings did the EFF share? Here’s a snippet…

Our testing, using Ring for Android version 3.21.1, revealed PII delivery to branch.io, mixpanel.com, appsflyer.com and facebook.com. Facebook, via its Graph API, is alerted when the app is opened and upon device actions such as app deactivation after screen lock due to inactivity. Information delivered to Facebook (even if you don’t have a Facebook account) includes time zone, device model, language preferences, screen resolution, and a unique identifier (anon_id), which persists even when you reset the OS-level advertiser ID.

Branch, which describes itself as a “deep linking” platform, receives a number of unique identifiers (device_fingerprint_id, hardware_id, identity_id) as well as your device’s local IP address, model, screen resolution, and DPI.

Some backstory on the acquisitions of Ring (and Nest)…

Google acquired Nest way back in January 2014 for $3.2 billion, in cash. Amazon acquired Ring in February 2018 for more than $1 billion. Coincidentally, Google reabsorbed Nest that very same month by folding Nest into its hardware division. The point is that those are a lot of BILLIONS. You don’t spend that many billions without a plan to make more billions. Sadly, selling access to sensitive data to third parties is a part of making those billions — at least for Ring.

Over 500 organizations and 18,000 individuals have signed a letter urging the Internet Society to stop the private equity takeover of the Public Interest Registry (PIR), the organization that manages the .ORG top-level domain. It’s rare that EFF, Greenpeace, Consumer Reports, Oxfam, the YMCA of the USA, and Human Rights Watch all speak out about a single issue, but the sale of .ORG affects every corner of the NGO sector.

Sounds like ICAAN can stop the sale and has already taken some action by requesting additional information for review.

Certbot was first released in 2015, and since then it has helped more than two million website administrators enable HTTPS by automatically deploying Let’s Encrypt certificates. Let’s Encrypt is a free certificate authority that EFF helped launch in 2015, now run for the public’s benefit through the Internet Security Research Group (ISRG).

A lot of progress has been made since we first talked about Let’s Encrypt on The Changelog.

Cory Doctorow goes deep into Usenet’s history and uncovers a sage decision by the “backbone cabal” which may help us improve the web’s (currently centralized) state:

Restoring adversarial interoperability will allow future companies, co-operatives and tinkerers to go beyond the comfort zones of the winners of the previous rounds of the game – so that it ceases to be a winner-take-all affair, and instead becomes the kind of dynamic place where a backbone cabal can have total control one year, and be sidelined the next.

Cory Doctorow, writing for EFF about the history and present of adblocking:

The rise and rise of ad-blockers (and ad-blocker-blocker-blockers) is without parallel: 26% of Internet users are now blocking ads, and the figure is rising. It’s been called the biggest boycott in human history. It’s also something we’ve seen before, in the earliest days of the Web, when pop-up ads ruled the world (wide web), and users went to war against them.

Fascinating. I’d never heard of adversarial interoperability before.

Ernesto Falcon, writing for the EFF:

[wireless carriers] are only trying to focus our attention on 5G to try to distract us from their willful failure to invest in a proven ultrafast option for many Americans: fiber to the home, or FTTH.

He goes on to break down why 5G won’t solve many of our (USA) problems and why it’s better to ignore the hype and ask why we’re falling behind other areas of the world.

In the documents that define how the Web works, a browser is called a user agent. It’s supposed to be the thing that acts on your behalf in cyberspace. If the massive data collection appetite of Google’s advertising- and tracking-based business model are incentivizing Chrome to act in Google’s best interest instead of yours, that’s a big problem—one that consumers and regulators should not ignore.

It’s no surprise that privacy-focused browser alternatives are gaining ground in the quest to be your user agent. This coming week, we’re sitting down with Brave’s CTO for what should turn out to be a fascinating episode of The Changelog. Stay tuned for that.

Today is not a good day in security land. There are some serious vulnerabilities in PGP and GPG.

Don’t panic! But you should stop using PGP for encrypted email and switch to a different secure communications method for now.

Thankfully, the EFF has a solid rundown on all that we need to know. ✊

We’re so often focused on charts about revenue growth, cryptocurrency market caps, and startup valuations. Meanwhile, Let’s Encrypt is taking web encryption to the moon. 🚀