Privacy

Blogs

The Crypto Wars Resume

For decades, the US government has fought against widespread, strong encryption. For about as long, privacy advocates and technologists have fought for widespread, strong encryption, to protect not just privacy but also as a tool to secure our computers and our data. The government has proposed a variety of access mechanisms and mandates to permit them to decrypt (lawfully) obtained content; technologists have asserted that "back doors" are inherently insecure. more

DoH Creates More Problems Than It Solves

Unlike most new IETF standards, DNS over HTTPS has been a magnet for controversy since the DoH working group was chartered on 2017. The proposed standard was intended to improve the performance of address resolutions while also improving their privacy and integrity, but it's unclear that it accomplishes these goals. On the performance front, testing indicates DoH is faster than one of the alternatives, DNS over TLS (DoT). more

Business Email Compromised (BEC) Scams Explode Under the GDPR Implementation

Business email compromised (BEC) attacks targeting American companies are exploding, with an increase of over 476% in incidents between Q4 2017 and Q4 2018. Up as well is email fraud with companies experiencing an increase of over 226%. These highly targeted attacks use social engineering to identify specific company employees, usually in the finance department and then convince these employees to wire large sums of money to third-party banking accounts owned by the attackers. more

DoT and DoH Guidance: Provisioning Resolvers

As part of a larger effort to make the internet more private, the IETF defined two protocols to encrypt DNS queries between clients (stub resolvers) and resolvers: DNS over TLS in RFC 7858 (DoT) and DNS over HTTPS in RFC 8484 (DoH). As with all new internet protocols, DoT and DoH will continue to evolve as deployment experience is gained, and they're applied to more use cases. more

What's in Your DNS Query?

Privacy problems are an area of wide concern for individual users of the Internet -- but what about network operators? Geoff Huston wrote an article earlier this year concerning privacy in DNS and the various attempts to make DNS private on the part of the IETF -- the result can be summarized with this long, but entertaining, quote. more

Facebook, Privacy, and Cryptography

There has long been pressure from governments to provide back doors in encryption systems. Of course, if the endpoints are insecure it doesn't matter much if the transmission is encrypted; indeed, a few years ago, I and some colleagues even suggested lawful hacking as an alternative. Crucially, we said that this should be done by taking advantage of existing security holes rather than be creating new ones. more

Not So Private Thoughts at IETF 105

At IETF 105, held in Montreal at the end of July, the Technical Plenary part of the meeting had two speakers on the topic of privacy in today's Internet, Associate Professor Arvind Narayanan of Princeton University and Professor Stephen Bellovin of Colombia University. They were both quite disturbing talks in their distinct ways, and I'd like to share my impressions of these two presentations and then consider what privacy means for me in today's Internet. more

Move Fast and Regulate Things

The international community is converging on one notion at least: that Facebook cannot be prosecutor, judge and jury of its own achievements and transgressions. The calls to regulate social media companies first came from various legislative bodies, then from civil society and national policymakers, then from the CEO of Facebook itself, "to preserve what is best about [the Internet]." If some scepticism followed that was natural enough – was the company sincere in calling for more regulation? more

The Borg in Us All: Is Resistance Futile?

One of the main roles played by science fiction is to portray fundamental issues and questions that face humanity long before they actually become relevant to our daily lives. We cannot always be sure of where our reality ends, and fiction begins. Star Trek storylines including Borgs are a good example. In the storyline, Borgs are part organic, part artificial and created eons ago, yet they seem to presage the challenges in our contemporary personal reality and challenges in the Internet's cyberspace. more

DNS Privacy at IETF 104

From time to time the IETF seriously grapples with its role with respect to technology relating to users' privacy. Should the IETF publish standard specifications of technologies that facilitate third-party eavesdropping on communications or should it refrain from working on such technologies? Should the IETF take further steps and publish standard specifications of technologies that directly impede various forms of third party eavesdropping on communications? more

India's eCommerce Policy: NOT a 'Bollywood Drama' but an Adaptation of Script of Acts from Elsewhere

The draft e-commerce policy paper of the Ministry of Commerce and Industry of India raises valid observations concerning some of the imbalances, such as, on the excessive advantages gained by the "first movers" in the private sector, which implies advantages gained by the first -mover States on the Internet, on some of the prevailing gaps in the space and also on concerns about the abusive practices by a few e-commerce platforms and vendors. Most of these concerns are best addressed globally... more

India’s Draft National E-Commerce Policy: A Bollywood Drama in Four Acts

India's recently published Draft National e-Commerce Policy, prepared by the Indian Commerce Ministry think-tank, can be read like the script of a four-act Bollywood drama... They were the dream couple: Princess India and Prince IT. She was full of cultural richness and diversity, with beauty, mystique and natural resources. She also a dark side. She harbored the world's largest number of impoverished people, with little infrastructure, and facing sparse economic prospects. more

Facebook and Privacy

Mark Zuckerberg shocked a lot of people by promising a new focus on privacy for Facebook. There are many skeptics; Zuckerberg himself noted that the company doesn't "currently have a strong reputation for building privacy protective services." And there are issues that his blog post doesn't address; Zeynep Tufekci discusses many of them While I share many of her concerns, I think there are some other issues - and risks. more

Can Trademarks and Brands Help Save the Internet From Itself?

Trademarks and brands are often among a company's most valued assets. Customers associate trademarks and brands with producer integrity. They engender consumer trust. Without TMs and Brands, companies struggle for attention and find it more difficult to link the company's integrity and trustworthiness in the marketing of its goods and services. Representing company promise and customer expectations, they are uniquely positioned to symbolize common values and aspirations. more

CircleID's Top 10 Posts of 2018

It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2018 participants for sharing their thoughts and making a difference in the industry. more

News Briefs

China's App Allows "Superuser" Access to Entire Data of Over 100 Million Android-Based Phones

The U.S. House Judiciary Committee Is Investigating Google's Plans to Implement DNS Over HTTPS

51 CEOs Call on US Congress for Urgent Nationwide Data Privacy Law Overriding State-Level Laws

Google Showing Signs of Increased Concerns Over Rising Data Privacy Scrutiny

New Zealand’s Domain Name Commission Wins Appeal in Lawsuit Against US DomainTools

EU Court of Justice Ruling Could Result in Cutting Off Data Flows to US

Majority of Popular Mobile-Only VPNs Are Run by Chinese Nationals or Located in China

Microsoft Sees Serious Appetite for Revised Privacy Laws in US, Says It's Time to Match EU's GDPR

NGOs, Academics Warn Against EU’s Deep Packet Inspection Problem, at Least 186 ISPs Breaking Rules

US Federal Trade Commission Says It Lacks Resources to Go After Privacy Violations Effectively

No GDPR Action Against Any Big Tech Firms Since Law Imposed Last Year, Doubts Escalate Over Enforcer

Canada Says Facebook Has Refused to Address Serious Privacy Deficiencies Concerning Its Local Laws

Government Officials, Academia, and Advocacy Groups Say Time for US to Get Its Own GDPR

Indian Government Proposes Vast New Powers to Suppress Internet Content

US Senate to Hold Hearing on Consumer Data Privacy Issues

Biggest Fine Yet: French Watchdog Slaps Google With a $57M Fine Under the New GDPR Law

Apple CEO Tim Cook Calls for New Privacy Law, Suggests Data Broker Clearinghouse

A Data Dumb Exposes 773 Million Unique Email Addresses, 22 Million Passwords

In a Rare Meeting, Huawei Founder Addresses Concerns Over Tech Giant Spying for Chinese Government

FCC Declines Emergency Briefing Request Concerning Location Data Collection

Most Viewed

Help! My Domain Name Has Been Hijacked!

Do Not Enter - It's XXX

Whois Privacy vs. Anonymity

Adult-Related TLDs Considered Dangerous

Examining Two Well-Known Attacks on VoIP

Most Commented

Conflict of Opinion

DPI is Not a Four-Letter Word!

Hunting Unicorns: Myths and Realities of the Net Neutrality Debate

Whither DNS?

The Anti-Phishing Consumer Protection Act of 2008

Industry Updates

Participants – Random Selection