Welcome back to Codebook. As always, please reply with tips, leaks or more terrifying green hands adrift in a sea of computer data (see below).
Photo: Thomas M. Scheer/EyeEm via Getty Images
Anyone following Facebook’s recent woes with Cambridge Analytica might be surprised to hear that there's a civil liberties argument for swiping data from websites, even while violating their terms of service. In fact, there's a whole world of situations where that thinking could apply: bona fide academic research.
What's new: On Friday, a judge in a D.C. federal court ruled that an American Civil Liberties Union-backed case trying to guarantee researchers the ability to break sites' rules without being arrested could move forward, denying a federal motion to dismiss.
“What we’re talking about here is research in the public interest, finding out if there is discrimination,” Esha Bhandari, an ACLU attorney representing the academics, told Axios.
The details: A handful of researchers and First Look Media (which operates The Intercept and other sites) would like to use bots and create dummy accounts to test the behavior of employment and real estate websites.
Why it matters: Knowing whether or not websites are biased against women and minorities is a public good. But sites aren’t always eager to help researchers reach those kinds of conclusions about them. Without courts clarifying the law (or legislators changing it), that threat could hang over researchers and their work.
Go deeper: Read the full story on Axios.com.
At least 1,000 websites built on the Magento platform were breached by attackers simply guessing default or common passwords. Flashpoint, the intelligence company that announced the breaches in a report released Monday, believes there are likely more breached sites it didn’t find.
Why it matters: Magento is the second most popular e-commerce platform in the top million websites. That suggests a target-rich environment. And the attackers in this campaign appear to have made thorough use of their access.
The Grindr logo on a phone. Photo: Leon Neal/Getty images
Axios' Ina Fried reports that, following public outcry, Grindr has stopped sharing users' HIV status with its third-party vendors. From Ina:
The bottom line: Grindr may have been sharing more information than needed, but it insists the most sensitive information was encrypted and not shared with advertisers.
The vendors in question — Localytics and Apptimize — help Grindr manage its app performance and, in the case of Apptimize, test features on only a certain percentage of users.
No Cambridge Analytica: Grindr's security chief said people hear the term third parties and think that the company has been sharing information the way that Facebook user data ended up in the hands of Cambridge Analytica.
Users still unhappy: Plenty of people were unsatisfied with Grindr's explanation, pointing out that most other sites aren't trusted with someone's HIV status.
Making changes: Case said the company decided to change its policies around particularly sensitive information, including HIV status, after the user outcry.
Reuters reports that Prime Minister Najib Razak's government in Malaysia approved a law banning the malicious spread of false news reporting on Monday, instituting penalties of up to six years in prison and $125,000.
Why it matters: Fake news — the term used in the law — is an international concern after its starring role in the 2016 U.S. elections. This is an early post-2016 attempt to regulate a potential scourge.
Yes, but: Malaysia's free speech record is heavily criticized, and some observers view the new law as a tool for punishing dissent. United Nations special rapporteur on freedom of opinion and expression David Kaye said that the bill was being passed too quickly, without proper deliberation on consequences.
"[I] urge the Government to reconsider the bill and open it up to regular and genuine public scrutiny before taking any further steps," Kaye tweeted, hours before it passed.
Deeper dive: One of the fears of President Trump's more politicized use of the term fake news is that strongmen could view it as a green light for repression.
See you Thursday!