The Supreme Court has ruled in the van Buren case, and there’s a good summary on the EFF’s blog: “The decision is a victory for all Internet users, as it affirmed that online services cannot use the CFAA’s criminal provisions to enforce limitations on how or why you use their service…” As I said at…Read More Van Buren
So there’s some good news and some bad news in this story: Too Bad, Zuck: Just 4% of U.S. iPhone Users Let Apps Track Them After iOS Update. The good news is that, given a choice, 96% of Americans don’t accept targeted ads. I’m sure that the advertisers will accept that, move on, and not…Read More Tracking Company Says 96% of iPhone Users Block Tracking
Amazon has released a set of documents, “Updates to Device Security Requirements for Alexa Built-in Products.” I want to look at these as a specific way to express a threat model, which is threat modeling along the supply chain, talk about the proliferation of this different kind of model, and what it means for engineering.…Read More Amazon’s “Alexa Built-in” Threat Model
The more I learn about threat modeling, the more I think the toughest part is how we answer the question: “What can go wrong?” Perhaps that’s “finding threats.” Maybe it’s “discovering” or “eliciting” them. Maybe it’s analogizing from threats we know about. I’m not yet even sure what to call it. But what it does…Read More Managed Attribution Threat Modeling
Bruce Schneier and I wrote an article on Facebook’s privacy changes: “A New Privacy Constitution for Facebook.”Read More Facebook’s Privacy Constitution
[Update: clarified a sentence about whose privacy is touched, and where.] I had missed the story “Big Brother on wheels: Why your car company may know more about you than your spouse.” There are surprising details, including that you might be able to shut it off, and the phrase “If a customer declines, we do…Read More Automotive Privacy
The decision in Carpenter v. United States is an unusually positive one for privacy. The Supreme Court ruled that the government generally can’t access historical cell-site location records without a warrant. (SCOTUS Blog links to court documents. The court put limits on the “third party” doctrine, and it will be fascinating to see how those…Read More Carpenter!