Category: Privacy & Security
-
The Princeton Bitcoin textbook is now freely available
The first complete draft of the Princeton Bitcoin textbook is now freely available. We’re very happy with how the book turned out: it’s comprehensive, at over 300 pages, but has a conversational style that keeps it readable. If you’re looking to truly understand how Bitcoin works at a technical level and have a basic familiarity…
-
Updating the Defend Trade Secrets Act?
Despite statements to the contrary by sponsors and supporters in April 2014, August 2015, and October 2015, backers of the Defend Trade Secrets Act (DTSA) now aver that “cyber espionage is not the primary focus” of the legislation. At last month’s Senate Judiciary Committee hearing, the DTSA was instead supported by two different primary reasons:…
-
Who Will Secure the Internet of Things?
Over the past several months, CITP-affiliated Ph.D. student Sarthak Grover and fellow Roya Ensafi been investigating various security and privacy vulnerabilities of Internet of Things (IoT) devices in the home network, to get a better sense of the current state of smart devices that many consumers have begun to install in their homes. To explore this question,…
-
The Web Privacy Problem is a Transparency Problem: Introducing the OpenWPM measurement tool
In a previous blog post I explored the success of our study, The Web Never Forgets, in having a positive impact on web privacy. To ensure a lasting impact, we’ve been doing monthly, automated 1-million-site measurement of tracking and privacy. Soon we’ll be releasing these datasets and our findings. But in this post I’d like…
-
Do privacy studies help? A Retrospective look at Canvas Fingerprinting
It seems like every month we hear of some new online privacy violation in the news, on topics such as fingerprinting or web tracking. Many of these news stories highlight academic research. What we don’t see is whether these studies and the subsequent news stories have any impact on privacy. Our 2014 canvas fingerprinting measurement…
-
When coding style survives compilation: De-anonymizing programmers from executable binaries
In a recent paper, we showed that coding style is present in source code and can be used to de-anonymize programmers. But what if only compiled binaries are available, rather than source code? Today we are releasing a new paper showing that coding style can survive compilation. Consequently, we can utilize these stylistic fingerprints via…
-
New Professors' Letter Opposing The Defend Trade Secrets Act of 2015
As Freedom to Tinker readers may recall, I’ve been very concerned about the problems associated with the proposed Defend Trade Secrets Act. Ostensibly designed to combat cyberespionage against United States corporations, it is instead not a solution to that problem, and fraught with downsides. Today, over 40 colleagues in the academic world joined Eric Goldman, Chris Seaman, Sharon…
-
Provisions: how Bitcoin exchanges can prove their solvency
Millions of Bitcoin users store their bitcoins with online exchanges (e.g. Coinbase, Kraken) which store bitcoins on their customers’ behalf. They present an interface that looks somewhat like an online bank, allowing users to log in and request payments to other users or withdrawals. For many users this approach makes a lot more sense than the traditional approach of storing private keys on your laptop or phone…
-
How is NSA breaking so much crypto?
There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to crack current public encryption.” The Snowden documents also hint at…
-
Classified material in the public domain: what's a university to do?
Yesterday I posted some thoughts about Purdue University’s decision to destroy a video recording of my keynote address at its Dawn or Doom colloquium. The organizers had gone dark, and a promised public link was not forthcoming. After a couple of weeks of hoping to resolve the matter quietly, I did some digging and decided…