Tag: Privacy
-
The Role of Worst Practices in Insecurity
These days, security advisors talk a lot about Best Practices: establishes procedures that are generally held to yield good results. Deploy Best Practices in your organization, the advisors say, and your security will improve. That’s true, as far as it goes, but often we can make more progress by working to eliminate Worst Practices. A…
-
Soghoian: 8 Million Reasons for Real Surveillance Oversight
If you’re interested at all in surveillance policy, go and read Chris Soghoian’s long and impassioned post today. Chris drops several bombshells into the debate, including an audio recording of a closed-door talk by Sprint/NexTel’s Electronic Surveillance Manager, bragging about how easy the company has made it for law enforcement to get customers’ location data…
-
There’s anonymity on the Internet. Get over it.
In a recent interview prominent antivirus developer Eugene Kaspersky decried the role of anonymity in cybercrime. This is not a new claim – it is touched on in the Commission on Cybersecurity for the 44th Presidency Report and Cybersecurity Act of 2009, among others – but it misses the mark. Any Internet design would allow…
-
PrivAds: Behavioral Advertising without Tracking
There’s an interesting new paper out of Stanford and NYU, about a system called “PrivAds” that tries to provide behavioral advertising on web sites, without having a central server gather detailed information about user behavior. If the paper’s approach turns out to work, it could have an important impact on the debate about online advertising…
-
Privacy as a Social Problem, Not a Technology Problem
Bob Blakley had an interesting post Monday, arguing that technologists tend to frame the privacy issue poorly. (I would add that many non-technologists use the same framing.) Here’s a sample: That’s how privacy works; it’s not about secrecy, and it’s not about control: it’s about sociability. Privacy is a social good which we give to…
-
Breaking Vanish: A Story of Security Research in Action
Today, seven colleagues and I released a new paper, “Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs”. The paper’s authors are Scott Wolchok (Michigan), Owen Hofmann (Texas), Nadia Heninger (Princeton), me, Alex Halderman (Michigan), Christopher Rossbach (Texas), Brent Waters (Texas), and Emmett Witchel (Texas). Our paper is the next chapter in an interesting story…
-
Netflix's Impending (But Still Avoidable) Multi-Million Dollar Privacy Blunder
In my last post, I had promised to say more about my article on the limits of anonymization and the power of reidentification. Although I haven’t said anything for a few weeks, others have, and I especially appreciate posts by Susannah Fox, Seth Schoen, and Nate Anderson. Not only have these people summarized my article…
-
Anonymization FAIL! Privacy Law FAIL!
I have uploaded my latest draft article entitled, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization to SSRN (look carefully for the download button, just above the title; it’s a little buried). According to my abstract: Computer scientists have recently undermined our faith in the privacy-protecting power of anonymization, the name for…
-
If You're Going to Track Me, Please Use Cookies
Web cookies have a bad name. People often complain — with good reason — about sites using cookies to track them. Today I want to say a few words in favor of tracking cookies. [Technical background: An HTTP “cookie” is a small string of text. When your web browser gets a file from a site,…
-
My Testimony on Behavioral Advertising: Post-Mortem
On Thursday I testified at a House hearing about online behavioral advertising. (I also submitted written testimony.) The hearing started at 10:00am, gaveled to order by Congressman Rush, chair of the Subcommittee on Commerce, Trade, and Consumer Protection. He was flanked by Congressman Boucher, chair of the Subcommittee on Communications, Technology, and the Internet ,…