Monthly Archives: March 2007

Time to Rethink the Cross-Domain Javascript situation

Posted on March 23, 2007 by ben

Joe Walker worries about Operator Overloading in Javascript. Though I’m not sure I see an immediate attack, I think Joe is worried about the right thing: since cross-domain execution is dependent on whether the file is well-formed according to the … Continue reading

Posted in security, web | 2 Comments

The Coercion Issues of Vote By Mail

Posted on March 20, 2007 by ben

There isn’t much hard data on the coercion issues of vote by mail, though with states adopting new absentee voting policies, that may change, and we may start to see some interesting things. In the meantime, there’s a very interesting … Continue reading

Posted in policy, voting | 4 Comments

Google & Privacy

Posted on March 15, 2007 by ben

(Thanks to Joe for the pointer.) Google just announced a notable improvement in their privacy practices, which reinforces the opinion I expressed in a post a few days ago. Could it be that Google is starting to feel consumer demand … Continue reading

Posted in policy, privacy | 2 Comments

Responding to Ronald

Posted on March 13, 2007 by ben

In response to my recent post regarding open-audit voting, Ronald Crane expresses a number of doubts regarding cryptographic auditing of elections, concluding “I don’t see that crypto voting solves much.” I am responding in detail here because Ronald is deeply … Continue reading

Posted in crypto, voting | 22 Comments

Microsoft’s Competitive Advantage: Privacy

Posted on March 9, 2007 by ben

Today, I attended a lunch at the Berkman Center with Microsoft’s Ira Rubinstein. Ira talked about privacy and how it is built into the Microsoft development model. He mentioned Microsoft’s new layered approach to privacy policies, where a simple front … Continue reading

Posted in policy, privacy | 8 Comments

I Stand with Avi (regarding American Idol)

Posted on March 9, 2007 by ben

First, I need to express solidarity with Avi, who went out on a limb and professed his love of American Idol. I, too, am a closet American Idol fan, and I completely agree: if only the voting were verifiable! I … Continue reading

Posted in crypto, voting | 4 Comments

On Fully Informed Decisions and the Role of Academics

Posted on March 8, 2007 by ben

Professors Avi Rubin and Ed Felten are renowned computer security experts. Their work has made the press numerous times, and they’ve testified to various Congressional Committees on many issues, including voting. But when it comes to voting, their statements tend … Continue reading

Posted in crypto, voting | 18 Comments

JSON Safety: It’s about the unwitting servers

Posted on March 6, 2007 by ben

I’ve always thought that the JSON hack was a truly weird happenstance. For those who don’t quite know it, it goes something like this. A web page you download can run limited code inside your browser. For example, it can … Continue reading

Posted in web | 1 Comment

Privacy and Social Networks

Posted on March 2, 2007 by ben

I worry a lot about privacy. The first half of this short video about the privacy policy of Facebook.com is great (the second half is a bit too much of a six-degrees-of-separation game to associate Facebook.com with the CIA). What’s … Continue reading

Posted in policy, privacy, web | 2 Comments

On Voting, Banking, and Bad Analogies

Posted on March 2, 2007 by ben

Estonia is running online elections, where anyone with a national ID card and Internet Explorer can vote online. As usual, the article forgets to mention the single biggest issue with remote voting, whether online or by mail: voter coercion. The … Continue reading

Posted in policy, voting | 8 Comments