with great power…

When Arvind writes something, I tend to wait until I have a quiet moment to read it, because it usually packs a particularly high signal to noise ratio. His latest post In Silicon Valley, Great Power but No Responsibility, is awesome: We’re at a unique time in history in terms of technologists having so much direct power. There’s just something about the picture of an engineer in Silicon Valley pushing a feature live at the end of a week, and then heading out for some beer, while people halfway around the world wake up and start using the feature and … Continue reading with great power…

(your) information wants to be free

A couple of weeks ago, Epsilon, an email marketing firm, was breached. If you are a customer of Tivo, Best Buy, Target, The College Board, Walgreens, etc., that means your name and email address were accessed by some attacker. You probably received a warning to watch out for phishing attacks (assuming it wasn’t caught in your spam filter). Yesterday, the Sony Playstation Network of 75 million gamers was compromised. Names, addresses, and possibly credit cards were accessed by attackers. This may well be the largest data breach in history. And a few days ago, it was discovered that iPhones keep … Continue reading (your) information wants to be free

grab the pitchforks!… again

I’m fascinated with how quickly people have reached for the pitchforks recently when the slightest whiff of a privacy/security violation occurs. Last week, a few interesting security tidbits came to light regarding Dropbox, the increasingly popular cloud-based file storage and synchronization service. There’s some interesting discussion of de-duplication techniques which might lead to Oracle attacks, etc., but the most important issue is that, suddenly, everyone’s realizing that Dropbox could, if needed, access your files. Miguel de Icaza wonders if Dropbox is pitching snake oil. Yes, Dropbox staff can, if needed, access your files. I don’t mean to harp on my … Continue reading grab the pitchforks!… again

degrees of trust: software vs. data hosts

Overjoyed by all the SSL goodness around me (Twitter offers SSL-only as an option, so does Facebook, Google offers 2-factor auth), I started dutifully upgrading my web browsing experience on Firefox, specifically installing the EFF Add-On that turns on HTTPS everywhere it can, in particular when using Google (it uses encrypted.google.com by default). I googled myself to test it out, and I found this interesting blog post by CSS Squirrel from a few months ago, in regards to the issue I have with Opera Mini. CSS Squirrel says: Ben Adida offered the following question as a counter: “Does privacy matter? … Continue reading degrees of trust: software vs. data hosts

the difference between privacy and security

Facebook today rolled out new security features, both of which are awesome: SSL everywhere, and social re-authentication. True, SSL everywhere should probably be a default, even though I continue to believe that the cost is significantly underestimated by many privacy advocates. Regardless, this announcement is great news. The only nitpick I have, and I point it out because I think it’s significant in Facebook’s case, is that the announcement confuses privacy and security. The first paragraph mentions Data Privacy Day, then the general concept of controlling your data, then transitions to the new security features. But those are quite different. … Continue reading the difference between privacy and security

Facebook, the Control Revolution, and the Failure of Applied Modern Cryptography

In the late 1990s and early 2000s, it was widely assumed by most tech writers and thinkers, myself included, that the Internet was a “Control Revolution” (to use the words of Andrew Shapiro, author of a book with that very title in 1999). The Internet was going to put people in control, to enable buyers to work directly with sellers, to cut out the middle man. Why? Because the Internet makes communication and commerce vastly more efficient, obviating the need for a middle man to connect us. Fast forward to 2011, and the world is vastly more centralized than it … Continue reading Facebook, the Control Revolution, and the Failure of Applied Modern Cryptography

privacy icons

Aza Raskin has posted alpha 1 of the proposed Mozilla Privacy Icons. I was at the Mozilla-sponsored get-together where this was first discussed, and I’m really happy to see this moving forward. A few quick thoughts: the least useful of the icons is the “used only for intended use.” I don’t think that icon can be boolean, because what, exactly is the intended use? This is one area where an icon alone probably won’t be enough, and a web site should list the intended uses. machine-readability: yes, fantastic, I’m glad this is part of the story, it’s an incredibly important … Continue reading privacy icons

Crisis in the Java Community… could they have used a secret-ballot election?

There is a bit of a crisis in the Java community: the Apache Foundation just resigned its seat on the Java Executive Committee, as did two individual members, Doug Lea and Tim Peierls. From what I understand, the central issue appears to be that Oracle, the new Java “owner” since they acquired Sun Microsystems, is paying lip service to the Java Community while taking the language and, more importantly, its licensing, into the direction they prefer, which doesn’t appear to be very open-source friendly. That said, I’m not a Java Community expert, so I won’t comment much more on this … Continue reading Crisis in the Java Community… could they have used a secret-ballot election?

The Health IT report is very good; some opinionated suggestions

“Oy,” I thought, when I received a copy of “REPORT TO THE PRESIDENT REALIZING THE FULL POTENTIAL OF HEALTH INFORMATION TECHNOLOGY TO IMPROVE HEALTHCARE FOR AMERICANS: THE PATH FORWARD” [PDF]. I worried this would be a lot of vague, easy-to-agree-with advice with little actionable material. I was wrong. Hats off to the team that wrote this! Problem Analysis is right on Some nuggets of the problem analysis, all from the executive summary (a quick and useful read): First, most current health IT systems are proprietary applications that are not easily adopted into the workflow of a clinician’s day, and whose … Continue reading The Health IT report is very good; some opinionated suggestions

airport privacy

Today, I opted out of the TSA’s “advanced imaging” system at San Francisco International airport. To the TSA’s credit, they behaved very professionally. As soon as I said I was opting out, a manager came over and asked me why, wrote down my reason, and very politely directed me to a patdown. The TSA agent who performed the patdown was very clear, explained what he was going to do before he did it (“I’m now going to use the back of my hand to check your groin area”), and looked about as annoyed as I was about having to do … Continue reading airport privacy