Category Archives: web

cookies don’t track people. people track people.

Posted on February 19, 2012 by ben

The news shows are in a tizzy: Google violated your privacy again [CBS, CNN] by circumventing Safari’s built-in tracking protection mechanism. It’s great to see a renewed public focus on privacy, but, in this case, I think this is the … Continue reading

Posted in privacy, web | 4 Comments

a simpler, webbier approach to Web Intents (or Activities)

Posted on February 9, 2012 by ben

A few months ago, Mike Hanson and I started meeting with James, Paul, Greg, and others on the Google Chrome team. We had a common goal: how might web developers build applications that talk to each other in a way … Continue reading

Posted in mozilla, web | 11 Comments

encryption is (mostly) not magic

Posted on December 21, 2011 by ben

A few months ago, Sony’s Playstation Network got hacked. Millions of accounts were breached, leaking physical addresses and passwords. Sony admitted that their data was “not encrypted.” Around the same time, researchers discovered that Dropbox stores user files “unencrypted.” Dozens … Continue reading

Posted in crypto, mozilla, privacy, security, web | 14 Comments

BrowserID and me

Posted on September 21, 2011 by ben

A few weeks ago, I became Tech Lead on Identity and User Data at Mozilla. This is an awesome and challenging responsibility, and I’ve been busy. When I took on this new responsibility, BrowserID was already well under way, so … Continue reading

Posted in identity, personal, web | Leave a comment

and the laws of physics changed

Posted on July 3, 2011 by ben

Google just introduced Google Plus, their take on social networking. Unsurprisingly, Arvind has one of the first great reviews of its most important feature, Circles. Google Circles effectively let you map all the complexities of real-world privacy into your online … Continue reading

Posted in identity, privacy, web | 6 Comments

Online Voting is Terrifying and Inevitable

Posted on May 25, 2011 by ben

Voting online for public office is a terrifying proposition to most security experts. The paths to subversion or failure are many: the server could get overwhelmed by attackers, preventing voting altogether the server could get hacked and the votes changed … Continue reading

Posted in security, voting, web | 4 Comments

grab the pitchforks!… again

Posted on April 19, 2011 by ben

I’m fascinated with how quickly people have reached for the pitchforks recently when the slightest whiff of a privacy/security violation occurs. Last week, a few interesting security tidbits came to light regarding Dropbox, the increasingly popular cloud-based file storage and … Continue reading

Posted in crypto, data, privacy, web | 10 Comments

intelligently designing trust

Posted on March 30, 2011 by ben

For the past week, every security expert’s been talking about Comodo-Gate. I find it fascinating: Comodo-Gate goes to the core of how we handle trust and how web architecture evolves. And in the end, this crisis provides a rare opportunity. … Continue reading

Posted in crypto, policy, security, web | 3 Comments

degrees of trust: software vs. data hosts

Posted on March 16, 2011 by ben

Overjoyed by all the SSL goodness around me (Twitter offers SSL-only as an option, so does Facebook, Google offers 2-factor auth), I started dutifully upgrading my web browsing experience on Firefox, specifically installing the EFF Add-On that turns on HTTPS … Continue reading

Posted in privacy, web | 5 Comments

the difference between privacy and security

Posted on January 26, 2011 by ben

Facebook today rolled out new security features, both of which are awesome: SSL everywhere, and social re-authentication. True, SSL everywhere should probably be a default, even though I continue to believe that the cost is significantly underestimated by many privacy … Continue reading

Posted in privacy, security, web | 5 Comments