Post thumbnail
The Supreme Court has ruled in the van Buren case, and there’s a good summary on the EFF’s blog: “The decision is a victory for all Internet users, as it affirmed that online services cannot use the CFAA’s criminal provisions to enforce limitations on how or why you use their service…” As I said at…
Read More Van Buren
Post thumbnail
So there’s some good news and some bad news in this story: Too Bad, Zuck: Just 4% of U.S. iPhone Users Let Apps Track Them After iOS Update. The good news is that, given a choice, 96% of Americans don’t accept targeted ads. I’m sure that the advertisers will accept that, move on, and not…
Read More Tracking Company Says 96% of iPhone Users Block Tracking
Post thumbnail
Amazon has released a set of documents, “Updates to Device Security Requirements for Alexa Built-in Products.” I want to look at these as a specific way to express a threat model, which is threat modeling along the supply chain, talk about the proliferation of this different kind of model, and what it means for engineering.…
Read More Amazon’s “Alexa Built-in” Threat ModelThe Open Technology Institute has an Open Letter to Law Enforcement in the U.S., UK, and Australia: Weak Encryption Puts Billions of Internet Users at Risk. (press release, letter.) I am pleased to be one of the signers. In closely related news, nominations for the 2020 Caspar Bowden Award for Outstanding Research in Privacy Enhancing…
Read More Encryption & Privacy Policy and Technology
Post thumbnail
The more I learn about threat modeling, the more I think the toughest part is how we answer the question: “What can go wrong?” Perhaps that’s “finding threats.” Maybe it’s “discovering” or “eliciting” them. Maybe it’s analogizing from threats we know about. I’m not yet even sure what to call it. But what it does…
Read More Managed Attribution Threat ModelingBruce Schneier and I wrote an article on Facebook’s privacy changes: “A New Privacy Constitution for Facebook.”
Read More Facebook’s Privacy Constitution
Post thumbnail
[Update: clarified a sentence about whose privacy is touched, and where.] I had missed the story “Big Brother on wheels: Why your car company may know more about you than your spouse.” There are surprising details, including that you might be able to shut it off, and the phrase “If a customer declines, we do…
Read More Automotive Privacy
Post thumbnail
The decision in Carpenter v. United States is an unusually positive one for privacy. The Supreme Court ruled that the government generally can’t access historical cell-site location records without a warrant. (SCOTUS Blog links to court documents. The court put limits on the “third party” doctrine, and it will be fascinating to see how those…
Read More Carpenter!