Articles by Adam Marcus

Adam Marcus was Chief Operating Officer for TechFreedom and a Research Fellow & Senior Technologist at The Progress & Freedom Foundation. Prior to PFF, he worked as a technical writer for Citrix Systems, Inc., the Centers for Disease Control and Prevention, and the Department of Transportation. He has also interned at the California Public Utilities Commission and the Cato Institute and provided technical consulting to a number of non-profits. Marcus received his law degree from Santa Clara University, his MA in Communications, Culture & Technology from Georgetown University, and his BA in English from the University of Florida. In his spare time he re-flashes the firmware on every device he can, re-wires his home media center, and re-programs his universal remote control.


jailbroken phone graphicThe Digital Millenium Copyright Act makes it a crime to circumvent digital rights management technologies but allows the Librarian of Congress to exempt certain classes of works from this prohibition.

The Copyright Office just released a new rulemaking on this issue in which it allows people to “unlock” their cell phones so they can be used on other networks and “jailbreak” closed mobile phone operating systems like the iOS operating system on Apple’s iPhones so that they will run unapproved third-party software.

This is arguably good news for consumers: Those willing to void their warranties so they can teach their phone some new tricks no longer have to fear having their phone confiscated, being sued, or being imprisoned. (The civil and criminal penalties are described in 17 USC 1203 and 17 USC 1204.) Although the new exemption does not protect those who distribute unlocking and/or jailbreaking software (which would be classified under 17 USC 1201(b), and thus outside the exemption of 17 USC 1201(a)), the cases discussed below could mean that jailbreaking phones simply falls outside of the scope of all of the DMCA’s anti-circumvention provisions.

Apple opposed this idea when it was initially proposed by the Electronic Frontier Foundation, arguing that legalizing jailbreaking constituted a forced restructuring of its business model that would result in “significant functional problems” for consumers that could include “security holes and malware, as well as possible physical damage.” But who beyond a small number of geeks brave enough to give up their warranties and risk bricking their devices, is really going to attempt jailbreaking? One survey found that only 10% of iPhone users have jailbroken their phones, and the majority are in China, where the iPhone was not available legally until recently. Is it really likely that giving the tinkering minority the legal right to void their product warranties would cause any harm to the non-tinkering majority that will likely choose to instead remain within a manufacturer’s “walled garden“? I don’t think so. If, as a result of this ruling, large numbers of consumers jailbreak their phones and install pirated software, the Copyright Office can easily reconsider the exemption in its next Triennial Rulemaking.

Continue reading →

The fun folks at Cracked.com tried to imagine what the world would be like without the Internet. Think porn, piracy, and pranks . But beyond that, the remaining examples point out how ill-suited the offline world is for the types of interpersonal communications that take place online. Maybe that’s why, without the Internet, these Photoshop pundits predict we’ll all be reading newspapers and getting perfect scores on grammar tests.

My colleague (and boss) Adam Thierer had a great post last week about how “fart apps” are a great example of the generative nature of the mobile phone application marketplace. But Fart apps are just one type of “soundboard” application. A typical soundboard app has a bunch of buttons, and each time you press a button a sound is played. Most soundboards play catchphrases from popular movies and TV shows. According to AndroidZoom.com, there are 319 applications in the Android Market with “soundboard” in the title or description. Most (280) of them are free.

Almost all the free soundboards I tried include advertising from Google. The three main developers of soundboard apps for Android are Androidz , aspidoff, and Raz Corp. Androidz has ads from DoubleClick and aspidoff and Raz Corp (who’s apps seem exactly the same) both have ads from AdMob (which Google recently acquired). I’m all in favor of ad-supported content, but I suspect that the sound clips used in these soundboards are not licensed.
Continue reading →

By Eric Beach and Adam Marcus

In the previous entry in the Privacy Solutions Series, we described how privacy-sensitive users can use proxy servers to anonymize their web browsing experience, noting that one anonymizer stood out above all others: Tor, a sophisticated anonymizer system developed by the Tor Project, a 501(c)(3) U.S. non-profit venture supported by industry, privacy advocates and foundations, whose mission is to “allow you to protect your Internet traffic from analysis.” The Torbutton plug-in for Firefox makes it particularly easy to use Tor and has been downloaded over three million times. The TorBrowser Bundle is a pre-configured “portable” package of Tor and Firefox that can run off a USB flash drive and does not require anything to be installed on the computer on which it is used. Like most tools in the Privacy Solutions series, Tor has its downsides and isn’t for everyone. But it does offer a powerful tool to privacy-sensitive users in achieving a degree of privacy that no regulation could provide.

Continue reading →

By Eric Beach & Adam Marcus

Among Internet users, there are a variety of concerns about privacy, security and the ability to access content. Some of these concerns are quite serious, while others may be more debatable. Regardless, the goal of this ongoing series is to detail the tools available to users to implement their own subjective preferences. Anonymizers (such as Tor) allow privacy-sensitive users to protect themselves from the following potential privacy intrusions:

  1. Advertisers Profiling Users. Many online advertising networks build profiles of likely interests associated with a unique cookie ID and/or IP address. Whether this assembling of a “digital dossier” causes any harm to the user is debatable, but users concerned about such profiles can use an anonymizer to make it difficult to build such profiles, particularly by changing their IP address regularly.
  2. Compilation and Disclosure of Search Histories. Some privacy advocates such as EFF and CDT have expressed legitimate concern at the trend of governments subpoenaing records of the Internet activity of citizens. By causing thousands of users’ activity to be pooled together under a single IP address, anonymizers make it difficult for search engines and other websites–and, therefore, governments–to distinguish the web activities of individual users.
  3. Government Censorship. Some governments prevent their citizens from accessing certain websites by blocking requests to specific IP addresses. But an anonymizer located outside the censoring country can serve as an intermediary, enabling the end-user to circumvent censorship and access the restricted content.
  4. Reverse IP Hacking. Some Internet users may fear that the disclosure of their IP address to a website could increase their risk of being hacked. They can use an anonymizer as an intermediary between themselves and the website, thus preventing disclosure of their IP address to the website.
  5. Traffic Filtering. Some ISPs and access points allocate their Internet bandwidth depending on which websites users are accessing. For example, bandwidth for information from educational websites may be prioritized over Voice-over-IP bandwidth. Under certain circumstances, an anonymizer can obscure the final destination of the end-user’s request, thereby preventing network operators or other intermediaries from shaping traffic in this manner. (Note, though, that to prevent deep packet inspection, an anonymizer must also encrypt data).

Continue reading →

The European Commission is now designing software. And that software is Microsoft Windows…

Comments of Adam Marcus & Berin Szoka to the European Commission on the Matter of Microsoft’s Browser Ballot Proposal, COMP/C-3/39.530 — Microsoft (Tying)*

Submitted Nov. 9, 2009 [PDF of filing]

We applaud the Commission for not repeating its earlier approach to concerns about tie-ins to Microsoft Windows by ordering Microsoft to cripple the functionality of its operating system— such as occurred with the Windows Media Player.  While a “browser ballot” is certainly a less restrictive approach, we remain unconvinced that mandating such a ballot is necessary in this case, and concerned about the precedent that government intervention may set here for the future of the highly dynamic and innovative software sector.  If, however, a ballot is to be required, we encourage the Commission to accept Microsoft’s ballot as proposed.

A Browser Ballot Mandate Is Not Necessary

The European Community’s Discussion Paper on exclusionary abuses recognizes that bundled discounts infringe Article 82 only when the discount is so large that “efficient competitors offering only some but not all of the components, cannot compete against the discounted bundle.”[1] In this case, a number of alternative browser producers have successfully competed against Internet Explorer in the past—despite it being bundled with Microsoft’s Windows operating system. Continue reading →

PFF summer fellow Eric Beach and I have been working on what we hope is a comprehensive taxonomy of all the threats to online security and privacy. In our continuing Privacy Solutions Series, we have discussed and will continue to discuss specific threats in more detail and offer tools and methods you can use to protect yourself.

The taxonomy is located here.

The taxonomy of 21 different threats is organized as a table that indicates the “threat vector” and goal(s) of attackers using each threat. Following the table is a glossary defining each threat and providing links to more information.Threats can come from websites, intermediaries such as an ISP, or from users themselves (e.g. using an easy-to-guess password). The goals range from simply monitoring which (or what type of) websites you access to executing malicious code on your computer.

Please share any comments, criticisms, or suggestions as to other threats or self-help privacy/security management tools that should be added by posting a comment below.

My PFF colleagues Berin Szoka and Adam Thierer have written many times about the quid pro quo by which advertising supports free online content and services: somebody must pay for all the supposedly “free” content on the Internet. There is no free lunch!

Here are two two recent examples I came across of the quid pro quo being made very apparent to users.

Hulu error message

Hulu. Traditionally, broadcast media has been a “two-sided” market: Broadcasters give away content to attract audiences, and broadcasters “sell” that audience to advertisers. The same is true for Internet video. But watching Hulu over the weekend, I noticed something interesting: Adblock Plus blocked the occasional Hulu ad but every time it did so, I was treated to 30 seconds of a black screen (instead of the normal 15 second ad) showing a message from Hulu reminding me that “Hulu’s advertising partners allow [them] to provide a free viewing experience” and suggesting that I “Confirm all ad-blocking software has been fully disabled.”

Although I use AdBlock on many newspaper websites (because I just can’t focus on the articles with flashing ads next to the text), I would much rather watch a 15-second ad than wait 30 seconds for my show to resume. I think most users would feel the same way. We get annoyed by TV ads because they take up so much of our time. If Wikipedia is to be believed, there’s now an average of 9 minutes of advertisements per half-hour of television. That’s double the amount of advertising that was shown in the 1960s.

But online services such as Hulu show an average of just 37 seconds of advertising per episode. Amazingly, some shows garner ad rates 2-3 times higher than on prime-time television. Why might ad rates for online shows be higher? Because:

Continue reading →

By Eric Beach, Adam Marcus & Berin Szoka

In the first entry of the Privacy Solution Series, Berin Szoka and Adam Thierer noted that the goal of the series is “to detail the many ‘technologies of evasion’ (i.e., empowerment or user ‘self-help’ tools) that allow web surfers to better protect their privacy online.” Before outlining a few more such tools, we wanted to step back and provide a brief overview of the need for, goals of, and future scope of this series.

Smokey the Bear with signWe started this series because, to paraphrase Smokey the Bear, “Only you can protect your privacy online!” While the law can play a vital role in giving full effect to the Fourth Amendment’s restraint on government surveillance, privacy is not something that cannot simply be created or enforced by regulation because, as Cato scholar Jim Harper explains, privacy is “the subjective condition that people experience when they have power to control information about themselves.” Thus, when the appropriate technological tools and methods exist and users “exercise that power consistent with their interests and values, government regulation in the name of privacy is based only on politicians’ and bureaucrats’ guesses about what ‘privacy’ should look like.” As Berin has put it:

Debates about online privacy often seem to assume relatively homogeneous privacy preferences among Internet users. But the reality is that users vary widely, with many people demonstrating that they just don’t care who sees what they do, post or say online. Attitudes vary from application to application, of course, but that’s precisely the point: While many reflexively talk about the ‘importance of privacy’ as if a monolith of users held a single opinion, no clear consensus exists for all users, all applications and all situations.

Moreover, privacy and security are both dynamic: The ongoing evolution of the Internet, shifting expectations about online interaction, and the constant revelations of new security vulnerabilities all make it impossible to simply freeze the Internet in place. Instead, users must be actively engaged in the ongoing process of protecting their privacy and security online according to their own preferences.

Our goal is to educate users about the tools that make this task easier. Together, user education and empowerment form a powerful alternative to regulation. That alternative is “less restrictive” because regulatory mandates come with unintended consequences and can never reflect the preferences of all users.

Continue reading →

Firefox logoAs noted in the first installment of our “Privacy Solution Series,” we are outlining various user-empowerment or user “self-help” tools that allow Internet users to better protect their privacy online-and especially to defeat tracking for online behavioral advertising purposes. These tools and methods form an important part of a layered approach that we believe offers an effective alternative to government-mandated regulation of online privacy.

In the last installment, we covered the privacy features embedded in Microsoft’s Internet Explorer (IE) 8. This installment explores the privacy features in the Mozilla Foundation’s Firefox 3, both the current 3.0.7 version and the second beta for the next release, 3.5 (NOTE – The name for the next version of Firefox was just changed from 3.1 to 3.5 to reflect the large number of changes, but the beta is still named 3.1 Beta 2). We’ll make it clear which features are new to 3.1/3.5 and those which are shared with 3.0.7. Future installments will cover Google’s Chrome 1.0, Apple’s Safari 4, and some of the more useful privacy plug-ins for browsers . The availability and popularity of privacy plug-ins for Firefox such as AdBlock (which we discussed here), NoScript and Tor significantly augments the privacy management capabilities of Firefox beyond the capability currently baked into the browser.  In evaluating the Web browsers, we examine:

(1) cookie management;
(2) private browsing; and
(3) other privacy features

Continue reading →