The release of a new major version (8.0O of curl (Client for URLs) has been released just in time for the software’s 25th birthday. The data transfer command line tool has barely changed. The new release has far more to do with publicising the birthday of the software and its libcurl program library. This was explained by curl’s initiator and maintainer Daniel Stenberg when announcing the release. In moving to a version 8Stenberg also wanted to avoid ending up with a curl version seven with point releases running to three figures (7.xxx).
Little has changed within curl itself with this release: 8.0 is just the first release of curl that no longer runs on systems without working 64-bit data types, as can be gathered from the release notes. Otherwise, the new version contains 130 bug fixes, including six vulnerabilities of which Stenberg classifies five as “low” and one as “medium“. Furthermore, there are rewards ranging from $480 to $2,400 for those who successfully squash curl’s bugs.
To celebrate the release, some of the project’s figures have also been released. There have been 215 releases, whilst 41 contributors (of whom 23 were new) collaborated on version 8.0. A total of 2,841 persons have contributed to curl’s code; mostly only once, as Stenberg comments in his Youtube video.
Curl itself is a very popular command line tool for sending and receiving data with URL syntax, whilst libcurl is a transfer program library which handles most internet protocols and is used in many third party applications.
This change will ensure that the data by the sites collected will stay within the EU and, as the Czech administration will be using its own instance of Matomo, it will retain full control of the records.
The change was triggered by an open letter sent by the Czech the digital freedom watchdog luridicum Remedium after it noticed the Czech state vaccination system website was using Google Analytics during the COVID-19 crisis. The Czech Data Protection Authority and public sector strategic partner NAKIT then pursued the matter and replaced Google Analytics with Matomo on Czechia’s Ministry of Health website. This move later led to further action and the country will continue following this trend on public sector websites.
Previously named Piwik, Matomo has been in development since 2007 and is presently deployed on 1.4 million websites, including those of NASA, the European Commission, the United Nations and Amnesty International.
The blog of The Document Foundation, the organisation behind the free and open source LibreOffice productivity suite, reports that the user guide for Base, the suite’s database development and administration tool for relational database management systems has now been translated into Czech.
The Czech team translated the LibreOffice Base Guide 7.3 – and it’s now available on the documentation page. Our team consists of three translators: Petr Kuběj, Radomír Strnad and Zdeněk Crhonek, along with localized screenshot maker Roman Toman, and Miloš Šrámek, who prepared machine translations.
EU data protection authorities have negotiated a contract for the use of Nextcloud and LibreOffice Online in EU institutions. They are now testing the solutions, German IT news heise reports.
Data protection-friendly alternatives
It was announced last Wednesday that the European Data Protection Supervisor Wojciech Wiewiórowski and his team have begun testing both solutions this month. In coming months they want to examine “how these can tools support EU day-to-day work“. This pilot phase is part of a larger IT reflection process that the EDPS already started last year aimed at encouraging EUIs to consider alternatives to large-scale service providers to ensure better compliance with Regulation (EU) 2018/1725.
By procuring the Open Source Software from one single entity in the EU, the use of sub-processors is avoided. In doing so, the EDPS avoids data transfers to non-EU countries such as the USA and allows for more effective control over the processing of personal data.
According to Mr Wiewiórowski, “Open Source Software offers data protection-friendly alternatives to commonly used large-scale cloud service providers that often imply the transfer of individuals’ personal data to non-EU countries. Solutions like this may therefore minimise reliance on monopoly providers and detrimental vendor lock-in. By negotiating a contract with an EU-based provider of cloud services, the EDPS is delivering on its commitments, as set out in its 2020-2024 Strategy, to support EUIs in leading by example to safeguard digital rights and process data responsibly“.
Microsoft Office in the sights
Mr Wiewiórowski has already examined the contracts which EU institutions have with Microsoft and reached the conclusion in 2020 that the data processing purposes when using Windows or Microsoft Office had been defined far too openly. Processing contractors were not adequately audited and data could be transferred too easily by EU institutions to countries outside the Union. At the time, he demanded that Microsoft should only retain user information within the EU. The roles of all those involved with all their rights and obligations must be clearly regulated. Furthermore, Users should look around for alternatives that “enable higher data protection standards“.
The EDPS started further investigations into the use of Microsoft and Amazon cloud services by EU institutions. These entailed the use Microsoft Office 365 by the EU Commission. According to Wiewiórowski many contracts were concluded prior to the “Schrems II Judgment” and had to be examined in the light of the European Court of Justice case law.
Following the announcement anti-trust action by the United States Department of Justice along with the Attorneys General of California, Colorado, Connecticut, New Jersey, New York, Rhode Island, Tennessee, and Virginia against Google, Meta (owners of Facebook and Instagram), Microsoft and Twitter have all made statements seeking to defend their actions.
In their legal opinions, the big US tech giants, including Microsoft, Meta and Twitter, are warning the Supreme Court against amending Section 230 of the Communications Decency Act (CDA). This would enable actions against content recommendation algorithms, French IT news site Le Monde Informatique reports.
One week after Google’s filing of a defence statement with the US Supreme Court warning that amending Section 230 of the Communications Decency Act (CDA) “would upend the internet“, several companies including Twitter, Meta and Microsoft, have filed their own legal opinions. They support Google’s argument that a restriction of the law could have disastrous consequences for the content editors. By virtue of the 1996 CDA, the companies are shielded from liability for content posted by their users, including comments, criticism and advertising.
US Supreme Court. Image courtesy of Wikimedia Commons and UpstateNYer
However, the Supreme Court has been asked to examine whether Section 230 was still pertinent and appropriate, given that it was promulgated before the internet became part of everyday life. The law was subject to a minute before the suit filed by the family of Nohemi Gonzalez, a 23 year-pld US citizen killed in Paris during the 13th November 2015 terrorist attacks claimed by ISIS. The Gonzalez family asserts that the algorithms should be regarded as editorial content not covered by the immunity from liability granted by Section 230 and thus Google’s YouTube subsidiary has violated the US Anti-Terrorism Act (ATA) when its algorithms have recommended ISIS-linked content to users. The Supreme Court is set to hear oral arguments in the case on 21st February next.
Criticisms of the protections of Section 230 for websites
Both Democratic and Republican members of Congress have criticised the protections provided for by the law. The Republicans believe that those in respect of liability make websites take partial decisions regarding content removal, whilst the Democrats would like the same sites to take more responsibility as regards moderation. In a statement President Biden has stated that his administration would support the position that Section 230 protections should not apply to recommendation algorithms. In its petition of 19th January, Microsoft asserts that if the Supreme Court makes amendments to Section 230, it would “strip these digital publishing decisions suit—and it would do so in illogical ways that are inconsistent with how algorithms actually work.“.
The company added that any decision aimed at restricting the law “thereby expose interactive computer services to liability for publishing content to users whenever a plaintiff could craft a theory that sharing the content is somehow harmful“. In its own petition Meta stated that the plaintiffs’ argument is “deeply flawed from a legal point of view”; by interpreting Section 230 as a means of protecting sites from liability for content posted by its users whilst removing protection from content “ignores the way in which the internet works“. The company continued by describing the plaintiffs’ position as “regrettable from a practical point of view” and by stating that a ruling in their favour would ultimately prompt “online services to remove important, provocative and controversial content on matters of general interest“.
Protection from liability essential for website operation according to Twitter
Twitter has said that the current interpretation of Section 230 “ensures that sites such as Twitter and YouTube can work in spite of the unfathomable amount of information they make available and the potential liability that might result from this“. Since Twitter’s acquisition by Elon Musk, the site has been criticised for having reinstated the accounts of people it previously banned, such as disgraced former president Donald Trump or alpha male par excellence and all-round amateur human being Andrew Tate who is currently under investigation in Romania for alleged human trafficking.
However, the review of several other high-profile cases will have to take place before the law is changed. Last week the Supreme Court was set to discuss its jurisdiction in two cases that challenge Texas and Florida laws prohibiting online platforms from removing certain political content. In addition, a Twitter vs. Taamneh case, which has many similarities with the Gonzalez vs. Google case, is due to oral pleadings on 2nd February. In this case Twitter, Facebook and YouTube are accused of having aided and abetted another attack claimed by Islamic State.
After a record fine of €390 mn. at the start of January, the Irish Data Protection Commission is imposing a further fine of €5.5 mn. on Meta, this time for WhatsApp’s policy with regard to personal data under the GDPR, Le Monde Informatique reports.
Has been welcoming (in tax terms) to American IT companies, but is proving to be as very sensitive area for implementation of the GDPR. Meta has just experienced this once again with a fine of €5,5 mn. imposed by Ireland’s Data Protection Commissioner. This is the social network’s second fine in less than a month; on 4 January the same commission announced a record fine of €390 mn. on the personal data processing policy of Facebook and Instagram (posts passim).
In this instance it’s WhatsApp’s policy that is being censured following a complaint filed on 25 May 2018 – the date the GDPR entered into effect – by a German user. After this date the messaging service updated its general conditions of use and informed its users they had to click on “accept and continue” to indicate their consent. If they did not reply, they no longer had access to the service.As in the decision of 4th January, WhatsApp regards its data processing policy must be considered like a “contract” according to the GDPR (Article 6.1) concluded between the company and the user.
EDPB lays it on thick
The Irish Data Protection Commission investigated and drew up a draft decision which was submitted to the European regulators parties involved in this case. It proposed not imposing additional financial penalties. WhatsApp had already been fined €225 mn. in September 2021 for similar actions. However, the DPC pleaded for recognition of the contractual and thus legal nature of WhatsApp’s personal data policy – a position which caused an outcry from other data protection regulators.
The DPC approached the EDPB for a decision. It dismissed the legal basis of the contract and added an additional infringement of the transparency obligation. As a consequence, the Irish DPC is adding €5.5 mn. to the fine imposed on Meta, WhatsApp’s parent company.
It has been a bad start to the year for Meta which has just been notified of a fine of €390 mn. by the Irish Data Protection Commission (DPC). The regulator is penalising the actions of Meta’s 2 subsidiaries, Facebook to the tune of €210 mn. and Instagram €180 mn. This decision concludes a case which started on 25 May 2018 (the date the GDPR entered into effect after 2 complaints had been filed – one by well-known Austrian privacy campaigner Max Schrems and the other by a Belgian citizen.
In this case Meta Ireland changed its general terms and conditions before the date of entry into effect of the GDPR, in particular “the legal basis on which it relied to legitimise its processing of users’ personal data (including behavioural advertising)”. To adopt this new policy, existing and recent Facebook and Instagram users were asked to click on the “I Accept” button on pain of no longer being able to access the platforms’ services. The questions then arose as to whether users had been forced to give their consent and if the “contract” concluded between Meta and its users conformed to Article 6 of the GDPR.
A fine increased by the EDPB
The debate was long and heated, including at European regulator level. As a matter of fact, the Irish DPC’s analysis did not meet with agreement from other European data protection authorities. For example, it considered the aspect of “forced consent” could not be upheld. Many authorities likewise thought the original Irish financial penalties too lenient. The European Data Protection Board (EDPB) was contacted to settle the matter and gave its decision on 5th December. It judged that “Meta Ireland was not entitled to invoke the legal basis of the “contract” as a legal based for its personal data processing for behavioural advertising purposes”.
It also demanded the fines proposed by the Irish regulator be raised. This is the second fine imposed on Meta in recent months by the CPD. Last November the American company was fined €275 mn. for so-called data scraping. In both cases, Meta still has the possibility of challenging the regulator’s decisions before the European judicial authorities.
Facebook and Instagram have now been given three months to bring their terms and conditions into line with the GDPR.
Your ‘umble scribe has not bothered with social media since the obscenely wealthy and undertaxed man baby masquerading under the name Elon Musk took the helm of Twitter and promptly set about trashing it with his control freak approach to company management, sacking lots of the tech staff that keep the platform running and demanding those that survive show their dedication to the company by working excessive hours.
This was a big wrench for your correspondent, as time not spent working was generally filled with social media discussion and debate, and so entailed a wholesale change in his daily activities (Note to self: must get round to getting on Mastodon some time soon. Ed.).
Following his acquisition of the platform, Musk installed himself as Twitter’s CEO and now seems to have reached the conclusion his rather doubtful skills are up to the job.
In recent days Musk held a Twitter poll to ask Twitter users whether he should remain as the platform’s boss. The results were not flattering if Musk has – as I suspect – a narcissistic streak.
One candidate springs to my mind immediately: an egomaniac with current experience of running a social media platform (albeit one misnamed Truth Social. Ed.). Step forward one Donald John Trump, disgraced 45th president of the United States, who spends a large share of his time playing golf (as he did whilst supposed to be occupying the Oval Office. Ed.).
I do hope these two prime examples of the Dunning-Kruger effect play nicely with one another. 😀
On a trip to town in recent days, your ‘umble scribe was intrigued by the digital soup spotted in a shop display window,
My initial thought was “What is digital soup?“
Is it made of fingers? Or are ones and zeroes involved? Is the digital a defiant gesture to all soup makers marketed before?
As it turns out, ones and zeroes are indeed involved and the digital part of the apparatus refers to the device’s digital control panel, as depicted below.
The German Federal Ministry for Economic Affairs and Climate Action’s Sovereign Tech Fund (STF) is promoting seven open source projects in a pilot round. The Fund shall therefore be increasing safety and data security on the internet, as well as digital sovereignty, according to German IT news site heise.
A vulnerability in the Log4j open source Java library at the end of last year resulted in millions of potentially endangered systems. A discussion ensued about open source projects, which often represent crucial elements of the digital infrastructure.
In the pilot round the Fund is supporting the OpenMLS library, which is used for end-to-end encryption, curl, the popular command line data transfer tool and an open implementation of the BGP internet routing protocol, which communicates between network segments and autonomous systems. The Ruby package manager RubyGems and Bundler, which facilitates the integration of Ruby packages in applications will also be supported, as will the WireGuard VPN software. In addition to this, the Fund is supporting GopenPGP, a modern OpenPGP implementation in Go, and OpenPGP.js, which can be executed in the browser. Furthermore, a projects is being promoted with OpenSSH, which is the standard for secure remote connections and is one of an administrator’s most important tools.
Software must adapt
The STF characterises the projects as software belonging to digital base technologies and used extensively in business, the public sector and civil society. In a feasibility study (DE, PDF) the STF justifies the need to promote open basic technologies by the fact that although the importance and use of open source software is high, the projects nevertheless do not ‘adapt‘ accordingly and maintenance is often dependent upon committed individuals, thus increasing the risk of safety-critical vulnerabilities.
In their coalition agreement, the SPD, the Greens and the FDP emphasise the importance of open source software for strengthening digital sovereignty.However, no funds were originally earmarked for the Sovereign Tech Fund in the federal government’s draft budget for 2022. In the end, coalition partners increased the funds provided so that the fund can now get started.
The STF is promoting the above-mentioned projects until the end of the year with a total of €1 mn. Fiona Krakenbürger, the STF’s joint chief executive said: “This pilot round makes a small contribution to the sustainability of these important projects, which we hope to be able to expand in the years to come.” Projects worth funding will in future be determined in future by a committee of experts and an open application process. The STF intends to publish details of the application process in 2023.
Joinup, the EU’s open source news site, 
EU data protection authorities have negotiated a contract for the use of 
Following the announcement anti-trust action by the United States Department of Justice along with the Attorneys General of California, Colorado, Connecticut, New Jersey, New York, Rhode Island, Tennessee, and Virginia against Google, Meta (owners of Facebook and Instagram), Microsoft and Twitter have all made statements seeking to defend their actions.
After a record fine of €390 mn. at the start of January, the Irish Data Protection Commission is imposing a further fine of €5.5 mn. on Meta, this time for WhatsApp’s policy with regard to personal data under the GDPR, 
The German Federal Ministry for Economic Affairs and Climate Action’s 