Informazioni personali

Cerca nel blog

Translate

Visualizzazione post con etichetta privacy shield. Mostra tutti i post
Visualizzazione post con etichetta privacy shield. Mostra tutti i post

mercoledì 7 febbraio 2024

Ciao ciao AirVPN, grazie Piracy Shield

Friday rant del mercoledì:
#fridayrant #quellidelfascicolop #quellascemenzadellasera

io comprendo la esigenza di bloccare la pirateria dei contenuti legittimamente offerti dalle piattaforme che li hanno acquistati, ma talvolta la cura proposta è semplicemente aberrante.

Ogni riferimento al nostro Piracy Shield, creata dalla mai doma #AGICOM (ica) è dovuto: l’ennesimo esempio di come implementare male una pessima idea.

Non devo neanche scriverci, tutto è già stato scritto qui da #AirVPN annunciando che lascia il mercato italiano.

Il cosiddetto “Scudo Italiano Anti-Pirateria” è un quadro normativo con regolamento attuativo dell’AGCOM (Autorità Italiana per le Telecomunicazioni) che obbliga gli operatori che offrono servizi in Italia a bloccare l’accesso ai servizi finali attraverso il blocco IP e/o l’avvelenamento DNS. L’elenco degli indirizzi IP e dei nomi a dominio da bloccare viene stilato da organismi privati ​​autorizzati dall’AGCOM (attualmente, ad esempio, Sky e DAZN). Questi enti privati ​​inseriscono le blocking list in una piattaforma specifica. I blocchi devono essere imposti entro 30 minuti dalla loro prima comparsa da parte degli operatori che offrono qualsiasi servizio ai residenti in Italia.

Non esiste alcun controllo giurisdizionale e nessun controllo da parte dell’AGCOM. Il blocco deve essere eseguito inaudita altera parte e senza possibilità di reale rifiuto, anche in caso di errore manifesto. L’eventuale opposizione della parte lesa potrà essere proposta solo in una fase successiva, dopo l’imposizione del blocco.

Posted Last Monday at 6:45 PM

Hello!

We regret to inform you that we will be discontinuing the service to residents of Italy as of February the 19th, 2024.
From the above date, any user registering on the platform must declare that he/she is not a resident of Italy. The purchase page will have IP address-based geolocation and will not be served to IP addresses located in Italy. We will not interrupt the service to current subscribers until the natural expiry date and the refund policy will be granted as usual.
 

REASONS FOR DISCONTINUATION

The so-called “Italian Piracy Shield” is a legal framework with implementing regulation by AGCOM (Italian Telecommunications Authority) that forces operators offering services in Italy to block access to end services through IP blocking and/or DNS poisoning.  The list of IP addresses and domain names to be blocked is drawn up by private bodies authorised by AGCOM (currently, for example, Sky and DAZN). These private bodies enter the blocking lists in a specific platform. The blocks must be enforced within 30 minutes of their first appearance by operators offering any service to residents of Italy.

There is no judicial review and no review by AGCOM. The block must be enforced inaudita altera parte and without the possibility of real time refusal, even in the case of manifest error. Any objection by the aggrieved party can only be made at a later stage, after the block has been imposed. For further details:
https://www-wired-it.translate.goog/article/piracy-shield-agcom-piattaforma-streaming-pirata-calcio-segnalazioni/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp

The above requirements are too burdensome for AirVPN, both economically and technically. They are also incompatible with AirVPN’s mission and would negatively impact service performance. They pave the way for widespread blockages in all areas of human activity and possible interference with fundamental rights (whether accidental or deliberate). Whereas in the past each individual blockade was carefully evaluated either by the judiciary or by the authorities, now any review is completely lost. The power of those private entities authorized to compile the block lists becomes enormous as the blocks are not verified by any third party and the authorized entities are not subject to any specific fine or statutory damage for errors or over-blocking.

By withdrawing service availability from Italy, AirVPN will be able to stay outside the scope of the framework and maintain integrity and efficient operations.

We certainly sympathise with our fellow Italian citizens, and we will be happy to offer advice and alternatives. We would also like to remind them of our more than ten years of support for the Tor network, which is freely accessible even from Italy, and which is becoming increasingly reliable and fast thanks to a myriad of small contributions like ours.

Kind regards and datalove
AirVPN Staff

AirPN

Insomma neanche nato e piracy shield de no artri già miete successi.

Del resto cosa può andare male a fronte ti tanta genialità, abbiamo pure una safelist per evitare problemi.

  • certo uno potrebbe far notare che un IP può essere utilizzato da più di un servizio, e alcuni potrebbero essere assolutamente legittimi e quindi “bloccati” senza ragione
  • uno potrebbe osservare che senza un monitoraggio attento il rischio di avere in blocklist ip importanti per un “errore” o per attività malevola non è nullo (immaginatevi di bloccare 8.8.8.8 o qualche nodo BGP importante)
  • Uno potrebbe discutere sulla liceità di blocchi che non consentano una contestuale ed immediata opposizione

Ma perchè fermarsi di fronte a certe sciocchezze. La cosa certa che i successi arrivano e qui abbiamo la dimostrazione autoreferenziale indiscutibile ed indiscussa:

Che cosa significhi che hanno bloccato 65 DNS lo chiedo agli esperti 🙂

Per ulteriori indicazioni:

https://www.wired.it/article/piracy-shield-piattaforma-agcom-pezzotto-streaming-illegale/

https://www.wired.it/article/piracy-shield-agcom-piattaforma-streaming-pirata-calcio-segnalazioni/#due

mercoledì 29 luglio 2020

Shrems II, Data transfer, and the USA: wheels are rolling.

Probably everyone now has, at least, heard about the EJC sentence called Shrems III that basically rules out the possibility to use Privacy Shield infamous agreement to allow data transfer between EU and USA based on the fact that the USA does not provide enough guarantees EU data will be protected.

If you don’t know (but you should) here my previous article:

https://thepuchiherald.com/2020/07/17/ops-privacy-shield-bye-bye/

After the sentence one of the question was: what now?

Will a Grace period be offered to survive this? (lot of companies were transferring data using privacy shield to USA)

And most of all does SCC will be enough?

The answer my friend, is blowing in the wind...

er no actually there have been some FAQ form the EDPB that should call to action fel local authorities.

According to the new FAQs of the European Data Protection Board on #SchremsII decision, if you want to transfer personal data to the US under the SCCs or other means, you will have to notify the data protection supervisory authority. This approach will oblige companies to perform a massive amount of work since the notification will have to be definitely accompanied by an assessment as to the adequacy of the data transfer mechanism. Are companies and SA ready to handle this large amount of work?

https://edpb.europa.eu/news/news/2020/european-data-protection-board-publishes-faq-document-cjeu-judgment-c-31118-schrems_en

While some Authorities do have not yet reacted (and this is not a surprise for Italians, I am afraid) some others (wonder who) have made a statement that clarifies the doubts that can eventually rise up and not solved by the EDPB’s FAQ.

The Conference of German Supervisory Authorities (DSK) issued its statement yesterday about the consequences of the #Schrems II judgment that, as we can imagine, is completely aligned with the EDPB position. There are some points that are critical on the matter:

Data transfers based on the Privacy Shield are no longer allowed and all companies must immediately suspend them

This is a critical point since I am quite sure there are companies that do not even know their data were delivered to the USA under Privacy Shield. I would like to remind you that if an audit from the authority knock at your door something like: “I don’t know”, “I don’t remember” will not save you. GDPR requires that you, company, prove you have done your duty in a concrete, effective way, so not paper compliance here allowed. Just to make life easier I would love to remind you also that this is not just the German way, and sooner or later the other authorities will align with such requirements.

Transfers based on the SCC require an assessment of the adequacy of the context and the supplier

And here we have the headache since it is not “optional” the assessment is mandatory. This comes as an obvious consequence to the fact in the EDPB FAQ it is written to be allowed SCC’s transfer should be communicated to the authority. Now this means, for some of you so naive that was thinking, I can send a mail to the authority telling, “hey chap I use SCC do not worry” does not work like this. For some reason they want you to prove you did your duty.

The use of SCC for the transfer of data to the United States, in the absence of additional guarantee measures, it is not sufficient to legitimize the activity

And of course, if you send your data to a country that does not guarantee the privacy of EU citizens and residents, well, your duty is kind of complex. And let be clear and brutally honest (while usually I am obscure but kind rotfl) this will require the active cooperation of the vendors that offer you services because you need solid proofs and not just paperBS.

There is no “grace period”

And this means you need to do this right fucking now.

And just for the sake of my Italian fellow countrymen, this means that even if our authority is under a sleeping spell and did not react yet, you have to act nevertheless because again an audit will knock and you will have show you’ve done the right thing. But the “garante” did not tell us nothing will not be an excuse to avoid non-compliance (with the relative consequences).

Time for DPO to start working and earn their money 😂🤣 (Is a joke I know many DPOs already do something)