The change, to curtail access to the Canvas API, is incremental and likely to be limited in how it is visible to regular users. However it signals some progress in a collaboration with the Tor project to incorporate code and ideas that benefit the privacy features of Firefox and Tor Browser. The Register’s write up includes a pretty good explainer on fingerprinting and why finding ways to mitigate it is important.
Read More …
Tag: Privacy
Deputy AG shows law enforcers still don’t get encryption
According to The Register, the US Deputy Attorney General is now saying that technology companies don’t need to install back doors in their encryption–provided they can reveal plain text of all secure communications on demand. Entirely misses the point.
Read More …
FBI still arguing for “responsible encryption”
Why is this still a thing? There is no such thing as encryption only law enforcers can bypass. The math and computer science on this is pretty well settled, not to mention the terrifying unintended consequences that would be unleashed should the FBI should get its wish. Thankfully, EFF is still on top of this, as Kurt Opsahl does the usual solid analysis taking this to task and taking it apart.
Read More …
Thorough primer on threat modeling
Sean Gallagher at Ars does an admirable job of breaking down a security topic, threat modeling, that doesn’t get much attention outside of research and professional circles. This piece is a long read but well worth it, both to understand the tecnique and for all the references and practical advice.
Read More …
Re-considering antitrust and competition in tech
Nitasha Tiku at Wired has a fascinating look at a potential shift in competition law with regards to technology, fueled by trends in privacy and big data. Lina Khan, a former colleague of mine, is quoted extensively, offering some very sharp opinions and questions. Well worth a read.
Defensive computing and why we need it
Mike Loukkides defines defensive computing through a few examples and more importantly argues in broad strokes why we need it. Definitely bolsters my argument that neither technology nor policy on their own are sufficient to defend our online interests, such as privacy. We need smart technology that deals with the actual realities of how networks work and smart policy that shores up our expectations with strong accountability.
House Republican unveils internet privacy bill
The Hill has the details of Blackburn’s bill which are exactly what the right said they wanted when they repealed the FCC’s pending privacy rules. Worth noting is that this would apply to ISPs and content companies alike along with moving oversight and enforcement to the FTC. No idea if this will shore up the FTC’s authority but the concern I have is its track record in this space, which is not great, and the fact that it traditionally has had far fewer staff technologists to help with efforts like these than the FCC.
New stewardship for Thunderbird
I stopped using Thunderbird some time ago in favor of the email client that is part of my Linux distribution. I recognize the importance of Thunderbird given how webmail has generally erode the ability for regular folks have to have secure and confidential email correspondence. I am glad to see the project find new footing and a means to sustain.
2017-05-07 The Command Line Podcast
This is an episode of The Command Line Podcast.
I talk about the privacy rules repeal at the FCC and the fight starting to shape up again over network neutrality.
- Important, clear background on the FCC privacy rules repeal
- Detailed coverage of the House vote to repeal FCC privacy rules
- The limits of using a VPN to protect your privacy
- Think twice about signal jamming ISPs tracking
- Guide and recommendations for privacy protection by VPN
- Senate dem questions Pai on FCC net neutrality roll back
- GOP aims at FCC net neutrality repeal
You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Fingerprinting TCP/IP headers may reveal browsing activity despite encryption
I submit that this trend of revealing private online activity through second and third order effects, like fingerprinting network packet headers as described in this research, is why we still need to push for better privacy norms and regulations. There is never likely to be a perfect privacy solution, we’ll always need some reasonable expectations and legal protections as well.