Category: Privacy & Security
-
Increasing Civic Engagement Requires Understanding Why People Have Chosen Not to Participate
Last month, I was a poll watcher for the mayoral primary in Washington, DC. My duties were to monitor several polling places to confirm that each Precinct Captain was ensuring that the City’s election laws were being followed on site; in particular, that everyone who believed that they were qualified to vote was able to…
-
Threshold signatures and Bitcoin wallet security: A menu of options
Before Bitcoin can mature as a currency, the security of wallets must be improved. Previously, I motivated the need for sharing Bitcoin wallets using threshold signatures as a means to greatly increase their resilience to theft. For corporate users, threshold signatures enable cryptographically secure access control. For individuals, threshold signatures can be used to build…
-
Google Spain and the “Right to Be Forgotten”
The European Court of Justice (CJEU) has decided the Google Spain case, which involves the “right to be forgotten” on the Internet. The case was brought by Mario Costeja González, a lawyer who, back in 1998, had unpaid debts that resulted in the attachment and public auction of his real estate. Notices of the auctions,…
-
Will Greenwald's New Book Reveal How to Conduct Warrantless Bulk Surveillance on Americans from Abroad?
Tomorrow, Glenn Greenwald’s highly anticipated book ‘No Place to Hide’ goes on sale. Apart from personal accounts on working with whisteblower Edward Snowden in Hong Kong and elsewhere, Mr. Greenwald announced that he will reveal new surveillance operations by Western intelligence agencies. In the last weeks, Sharon Goldberg and I have been finishing a paper…
-
The importance of anonymous cryptocurrencies
Recently I was part of a collaboration on Mixcoin, a set of proposals for improving Bitcoin’s anonymity. A natural question to ask is: why do this research? Before I address that, an even more basic question is whether or not Bitcoin is already anonymous. You may have seen back-and-forth arguments on this question. So which…
-
Mesh Networks Won't Fix Internet Security
There’s no doubt that the quality of tech reporting in major newspapers has improved in recent years. It’s rare these days to see a story in, say, the New York Times whose fundamental technical premise is wrong. Still, it does happen occasionally—as it did yesterday. Yesterday’s Times ran a story gushing about mesh networks as…
-
Eternal vigilance is a solvable technology problem: A proposal for streamlined privacy alerts
Consider three recent news articles about online privacy: Google+ added a new feature that shows view counts on everything you post, including your photos. It’s enabled by default, but if you don’t want to be part of the popularity contest, there’s a setting to turn it off. There is a new privacy tool called XPrivacy…
-
Bitcoin hacks and thefts: The underlying reason
Emin Gün Sirer has a fascinating post about how the use of NoSQL caused technical failures that led to the demise of Bitcoin exchanges Flexcoin and Poloniex. But these are only the latest in a long line of hacks of exchanges, other services, and individuals; a wide variety of bugs have been implicated. This suggests…
-
Heartbleed and passwords: don't panic
The Heartbleed bug has captured public attention this week like few security vulnerabilities before it. This is a good thing, as indeed this is a catastrophic flaw. Many people have focused on its impact on passwords with headlines like “Security Flaw Exposes Millions Of Passwords” and “Change these passwords right now.” Heartbleed certainly could have been used…
-
Heartsick about Heartbleed
Ed Felten provides good advice on this blog about what to do in the wake of Heartbleed, and I’ve read some good technical discussions of the technical problem (see this for a particularly understandable explanation). Update Apr 11: To understand what Heartbleed is all about, see XKCD. Best. Explanation. Ever. In this brief posting, I…