Free software is at risk in the EU -- take action now

Members of the European Parliament want to turn upload platforms like GitLab into "censorship machines" that require user-uploaded materials to be monitored and automatically filtered, a process which would prevent modified and reused code from being uploaded. This provision is covered under Article 13 of the Copyright Directive.

If Article 13, embedded within the proposal, becomes official policy, it will be impossible for developers to build off of one another's code -- which is not only a blow to the collaborative development of free software, but a push against the basic freedoms of free software. Software isn't free unless it can be modified and shared. Article 13 will affect all users of free software -- as development of free software suffers, the quality and availability of updates, new features, and new programs will also suffer.

What you can do

You can help turn the tide against Article 13. Contact your member of European Parliament (MEP) before June 20th.

Not sure what to say? You can try this sample email.

Dear MEP,

I am an EU citizen and I oppose Article 13 of the proposed Copyright Directive. Article 13 is harmful to the free, global development of software, including that which provides necessary infrastructure on an international scale. Please vote against the Copyright Directive.

Sincerely,
NAME

Need help finding your MEPs?

A complete list of MEPs is available online.

What to do next

After you contact your MEP, there is still more to do!

To learn more, you can check out the links below:

You can also support the work of the Free Software Foundation by become an Associate Member or making a donation today.

Get the latest in libre from the FSF Bulletin

The biannual Free Software Foundation (FSF) Bulletin is now available online. We hope you find it enlightening and entertaining!

Your activism drives the free software movement. Together, we have been proactively building a future where computer users are in control, while also reacting to immediate threats to our digital freedoms. Our associate membership program provides crucial, ongoing support that ensures the FSF's financial stability, making our work possible. Will you take the next step and join us as an associate member or make a one-time donation today?

Free software activists count on the FSF to play a role no other organization can: we refuse to compromise our values, we directly support free software development via the GNU Project, and we defend copyleft in the form of the GNU General Public License (GPL). We, in turn, count on you to provide the energy and resources that drive us.

So far this year, your financial support:

  • amplified the voice of free software in public conversations about net neutrality, Facebook privacy abuses, and high profile security compromises;

  • fought Digital Restrictions Management (DRM) by storming the US Digital Millennium Copyright Act exemptions process to not only support every exemption but be the sole organization arguing for abolition of the whole charade;

  • made major improvements to the infrastructure powering hundreds of GNU and other free software projects;

  • funded important technical work to help free JavaScript on the Web;

  • enabled certification of two more products according to the standards of our Respects Your Freedom program, put dozens more in the pipeline, and advanced a plan to scale the program to its full potential; and

  • helped policymakers and companies embrace the GPL -- the state of California and the US Department of Defense have both made strong moves in this area, and we expect more to follow suit.

Our Associate Member program launched in 2002, as a way to provide long-term stability for the FSF's work, and to recognize and thank those who choose to give consistently. Today there are over 4600 Associate Members residing in 82 countries, with dues comprising nearly half of the FSF's funding. This funding allows us to stay independent, serving the free software community, not corporations or governments. Thank you for your continued support.

Take action on the International Day Against DRM this September 18th

Join the Defective by Design crew and celebrate International Day Against DRM (IDAD) this September 18th!

Defective by Design (DbD) is a participatory and grassroots campaign run by the Free Software Foundation (FSF). DbD raises awareness about devices and media encumbered by Digital Restrictions Management (DRM), showing what they really are: Defective by Design. DRM is the practice of placing technological restrictions on digital media, and we're working together to eliminate it as a threat to freedom for computer users, as well as a threat to privacy for readers, viewers, and those making art, media, and more.

Imagine a world without DRM

DRM is an epidemic spreading across the Web, infiltrating our homes, classrooms, workplaces, and just about everywhere else we go. Tools, technologies, books, games, movies, and music are coming to us locked down with DRM -- whether they are streaming or claim to be locally hosted.

For 12 years, we've celebrated IDAD -- making, organizing, protesting, and taking action to support the demolition of DRM -- and 2018 is no different! This year we will continue the fight against DRM and celebrate the work of activists, artists, and technologists who create DRM-free media and technology. You can read more about past IDADs online.

For IDAD 2018, we want to demonstrate how great life without DRM can be -- and how pervasive DRM is. Join the Defective by Design coalition this Tuesday, September 18th as we go a day without using DRM.

Join us and challenge yourself and those around you to a Day Without DRM.

How to participate

IDAD 2018 is your opportunity to tell others why you resist DRM, and convince them to join you.

Whether you're an expert at being DRM-free or you've never considered what a day without DRM could look like, we want you to participate this IDAD. By joining with others on the same day, we send a powerful message: DRM's days are numbered.

Before September 18th, we'll be publishing a guide to help you plan your Day Without DRM. It will help you identify some less (and more) well-known places you may encounter DRM, better choices you can make throughout the day, and options for games, music, and other media to enjoy.

There are lots of other ways to participate -- as individuals or groups, online or in-person. Details, ideas, and information will be coming in the next few weeks.

We'll be using the hashtag #IDAD.

Keep up with IDAD! All future updates will go to our DRM Elimination Crew mailing list. Sign up for the mailing list on DefectiveByDesign.org to receive important IDAD news.

Are you an organization or project interested in supporting IDAD?

We're looking for vendors of DRM-free media, organizations that support the building of a DRM-free world, and those who believe in the mission of DbD to participate by offering sales, writing blog posts, organizing events, and sharing with your members about IDAD. Please contact us at info@defectivebydesign.org for more information.

Together we can build a future without DRM.

Want to support Defective by Design? You can make a donation or join the Free Software Foundation as an associate member.

Photo of protester by Karen Rustad Tölva CC-BY 2.0

Friday Free Software Directory IRC meetup time: June 15th starting at 12:00 p.m. EDT/16:00 UTC

Help improve the Free Software Directory by adding new entries and updating existing ones. Every Friday we meet on IRC in the #fsf channel on irc.freenode.org.

Tens of thousands of people visit directory.fsf.org each month to discover free software. Each entry in the Directory contains a wealth of useful information, from basic category and descriptions, to providing detailed info about version control, IRC channels, documentation, and licensing info that has been carefully checked by FSF staff and trained volunteers.

When a user comes to the Directory, they know that everything in it is free software, has only free dependencies, and runs on a free OS. With over 16,000 entries, it is a massive repository of information about free software.

While the Directory has been and continues to be a great resource to the world for many years now, it has the potential to be a resource of even greater value. But it needs your help! And since it's a MediaWiki instance, it's easy for anyone to edit and contribute to the Directory.

On this week in 1940, General Charles de Gaulle told the French on BBC to defy Nazi occupiers. It is regarded as one of the most important speeches in French history. Resistance isn't easy, though, and this is especially so if the resistance cannot communicate securely. With this in mind, the Directory meetup this week turns to security software.

If you are eager to help, and you can't wait or are simply unable to make it onto IRC on Friday, our participation guide will provide you with all the information you need to get started on helping the Directory today! There are also weekly Directory Meeting pages that everyone is welcome to contribute to before, during, and after each meeting. To see the meeting start time in your time zone, run this in GNU bash: date --date='TZ="America/New_York" 12:00 this Fri'

Introducing David Hedlund, intern with the FSF tech team

When I was 23 years young, I read the book Free as in Freedom, a biography of Dr. Richard Stallman (RMS), who is also the founder of the Free Software Foundation, the GNU Project, and the GNU General Public License, which all had a great impact on me. I migrated 100% to GNU/Linux after I read the book, and contacted RMS eagerly. Stallman gave a positive response to my emails. A few years later, I decided that I wanted to contribute to the GNU Project, so I wrote GNU Sovix, a Web site revision system, which I've since retired as a project.

I started to work on the Free Software Directory in February 2015. I joined the FSF as an intern starting May 14, 2018, and will work through August 14, 2018 to fix bugs and work on a data import program that will import data from addons.mozilla.org and Debian main. I will be blogging about every two weeks, and I will go into more detail about my work in those posts.

Introducing Sonali, Outreachy summer intern with Free Software Foundation

I have been accepted as an intern with the Free Software Foundation for the next three months. My internship is scheduled from May 28th to August 14th 2018.

Outreachy is a great initiative to promote women and other underrepresented members to participate and contribute in free software.

I am a first year college student. This is my first experience with a free software organization. I am glad that I got introduced to the FSF so early in my career. I have worked on the Free Software Directory for about 2 months now, which includes 11 contributions and over 700 major and minor edits.

The reason I am interested in free software is more social than personal. I am a resident of India, and I see people around me that are exceptionally talented and have the caliber to progress exponentially. However, they do not have enough money or resources to do that. I believe that free software, if developed and given appropriate recognition, has the potential to help such people, not just in India, but all around the world, to learn and develop, thereby contributing to the growth of technology. So I believe that if I can contribute even a little bit to the popularity of free software, then I would be helping millions of people indirectly. Also, free software will help me to enhance my skills and to learn, as I can study its source code and easily use or modify it the way I want to. I think that experimenting is a great way to gain knowledge.

My experience at FSF has been fantastic. The internship here is not like working with the community, but working as a part of the community. The FSF staff is very kind and helpful. I am working under the guidance of Andrew Engelbrecht and Ian Kelling. They are very supportive and polite, and they reply to my questions actively. It's because of them that I am constantly motivated to work. I couldn't have found better mentors and a finer organization for my first internship.

So far, I have learned how to use IRC and how to edit MediaWiki. I am also learning to communicate in a free software community, and to make independent decisions. I've discovered so many interesting programs that are free software. I now understand the meaning of free software in a greater depth, and there is an abundance of information here that I've been able to share with my peers at college.

My first project for the summer will be to make the Free Software Directory responsive for mobile devices, and to try other ways to improve the site's reach and popularity among other people. This will involve adding extensions (or skins), and formatting the entries so that they are mobile-optimized. This will be a great opportunity for me to gain a lot of experience and develop skills. I am very excited. Thanks to my mentors and the Outreachy organizers for making this possible!

The FSF tech team needs a Fall 2018 intern! Apply by July 22nd, 2018

As a fall intern, you will work closely with the FSF tech team in your area of interest, such as network administration, GNU Project support, or Web development. We're looking for a responsible candidate who is interested in learning about system administration, programming, security auditing, software stack research, and other technical domains. Past interns contributed to GNU Wget2, contributed to GIMP, created "HUBAngl" for easy video streaming, worked on porting LibreJS to WebExtensions, improved the Free Software Directory, penetration tested our network, and researched Ceph distributed object storage and the freedom status of single board computers. Interns may choose from our current list of projects, or suggest one of their own. We prefer local interns who can work in our downtown Boston office, but we have hosted some remote interns in the past as well.

You can read more about our requirements for interns here, and see past intern projects here.

How to apply

Send a letter of interest and resume with two references by email to hiring@fsf.org. Make sure that your materials are in free software friendly formats (PDF and plain text work well), and include "Internship" in your subject line. If you can, please include links to sites you've made (personal blogs are okay!), designs or code you've made, and relevant writing. Please include these as URLs, though email attachments in free formats are acceptable too.

Please direct any questions about the program to hiring@fsf.org.

Technical Note: Mail Issues on June 8

Technical Note: Mail Issues on June 8

On Friday morning, one of our servers had a fatal hardware crash. This affected parts of our mail infrastructure and mailing lists. Meanwhile, all services are back to normal. We would like inform you about what happened and which problems it caused. In a nutshell: Please make sure your emails arrived and check your SMTP settings.

Unfortunately, due to the downtime, a small number of mails sent during this time to some of our mailing lists may have been lost while most have just been delayed. Please make sure that your mails sent on 8 and 9 June arrived their destination by checking the archives, and resend them if necessary. If you still experience problems, please get in touch with us.

Background: The said server lost one of its hardware components for which we weren't able to get a replacement at short notice. This forced us to migrate the setup and data to a new host. We have been able to bring the most critical service back to life within the course of the day, others were reestablished during the weekend.

At the same time, we modernised large parts of the mail infrastructure, for instance anti-spam measurements. This also involves a change in our SMTP setting for people using this service: From now on we will no longer accept mails delivered to port 25. Please make sure to use port 587 if you would like to send emails, and make sure the settings in your email clients match our recommendations.

Please excuse the inconveniences this caused. We will work hard to prevent such a long downtime of a critical service in the future. If you would like to support our technical team, please don't hesitate to reach out to our System Hackers.

Support FSFE, join the Fellowship
Make a one time donation

Richard Stallman to speak in Amsterdam (We Make the City, Amsterdam, Netherlands)

Richard Stallman will be speaking twice at "Next Generation Cities - Strategies for Inclusive Digital Transformation," part of the festival We Make the City (2018-06-21).

He will take part in a panel:

  • What: panel - "Smart City, Spy City? Avenues for making a city 'smart' while respecting privacy and anonymity"
  • Abstract:
    For a free society, we must reduce the level of surveillance to below what the Soviet Union suffered. - a discussion between RMS, Marleen Stikker, and Francesca Bria on the need for free, fair and inclusive digital t echnology and infrastructures"
  • When: 10:15–10:45
  • Where: Q Factory, Atlantisplein 1, Amsterdam, Netherlands

and will give a speech:

  • What: speech - "How We Can Have Less Surveillance Than The USSR?"
  • Abstract:
    Digital technology has enabled governments to impose surveillance that Stalin could only dream of, making it next to impossible to talk with a reporter undetected. This puts democracy in danger. Stallman will present the absolute limit on general surveillance in a democracy, and suggest ways to design systems not to collect dossiers on all citizens.
  • When: 13:00–14:00
  • Where: Q Factory, Atlantisplein 1, Amsterdam, Netherlands

Please fill out our contact form, so that we can contact you about future events in and around Amsterdam.

How to defend your encrypted emails against prying eyes

In May, a draft technical paper published at efail.de recommended that people stop using GPG plugins to encrypt their email. At the same time, the Electronic Frontier Foundation (EFF) raised the alarm about seemingly new vulnerabilities in GPG (GNU Privacy Guard), echoing the paper's cautionary recommendations. Others further reduced this recommendation to a simple shorthand: stop encrypting your email, because it isn't safe. (EFF has since modified its recommendations, depending on the mail client and GPG plugin you use, and with caveats that match some of the suggestions we'll make here.)

Much of this information isn't new. The issue isn't a flaw in GPG, and there is no need to panic or discontinue using GPG, including for signing emails or for encrypting and decrypting files outside of your email client. Here are the facts:

The EFAIL paper describes several methods of attack: "EFAIL abuses active content of HTML emails, for example externally loaded images or styles, to exfiltrate plaintext through requested URLs." The attacker accesses the encrypted emails, "by eavesdropping on network traffic, compromising email accounts, email servers, backup systems or client computers. The emails could even have been collected years ago." The attacker changes the encrypted email, sends it to the recipient, and if the recipient's mail client decrypts that message and automatically loads any external content, or users click on HTML links, the plaintext of the email is visible to the attacker.

Werner Koch, principal author of GPG, describes the situation here. Calling the warnings to discontinue using GPG "overblown," Koch points out that the real issue is that HTML in emails can be exploited. This is not a bug in GPG.

Let's work together to make email safer!

This information has been available for a long time, but bears repeating: if your mail client renders HTML or automatically loads images and other remote media, you are more vulnerable. Not only do the EFAIL exploits take advantage of HTML in email, HTML in your mail client can allow others to track you. Exploitation of this flaw could be as simple as seeing whether you have read a particular email, or as damaging as defrauding you, perhaps by pretending to be your bank or another merchant you do business with, leading you to provide personal information or payment to an attacker.

You are better protected if your mail client does not render HTML or auto-load images and other remote media. Additionally, do not click links in HTML emails directly -- copy and paste them so that you can see what they are first, and if they are obfuscated or shortened links, don't visit them unless you are very confident in the source. It is important to encourage your peers to follow these practices, too, because EFAIL attacks can affect you in spite of the precautions you've taken, if somebody who is CCed on the email hasn't taken the proper precautions.

Also, be sure your mail client, or any encryption plugin you use, is resistant to this exploit. For example, Enigmail, a GPG plugin that works with Thunderbird, was updated shortly after the EFAIL report became public, and an explanation of changes made can be found here -- note that Enigmail recommends disabling HTML rendering, too. Seek out information on how your mail client or encryption plugin is addressing this situation, and email us at campaigns@fsf.org to share what you find. We may link that information here.

For now, rather than giving up on encryption, take the time to check in with people you want to exchange emails with. Start by sending the person you want to email a cleartext message saying:

I'd like to send you a message using GPG, but first I want to make sure that you've updated your version of Enigmail, due to the potential for exploitation of flawed encryption clients described here: https://www.efail.de/. Can you confirm that? Also, disabling HTML and remote loading of media in your email helps avoid email exploitation: https://www.fsf.org/blogs/community/how-to-defend-your-encrypted-emails-against-prying-eyes. If everybody takes these steps to make their own email safer, we'll all benefit from safer communications. Thanks for helping ensure that our emails stay private.

This kind of attack only works when the attacker is targeting you individually or if you are writing to someone who is targeted and is using an unpatched mail client. If you have reason to believe you, as an individual, could be targeted, you may need to take additional measures besides those described here. But for most people, it still makes sense to use GPG encryption to dramatically reduce the likelihood that any attacker can read your email, and to help boost the overall amount of encrypted email traffic on the Internet -- a tactic that helps protect whistleblowers, journalists, and others whose email traffic is likely to be targeted for exploitation.

Do you want to start encrypting your email, but aren't sure where to begin, or help friends get started for the first time? We've created Email Self Defense to guide you as you get started with GPG encryption. The guide is kept up to date with responses to concerns like those raised in the EFAIL report, to ensure that you know exactly how best to keep your email communications safe.

Want to support free software? You can make a donation or join the Free Software Foundation as an associate member.