Benlog

Thoughts on Technology & People

  • no user is an island

    US government agencies appear to be engaged in large-scale Internet surveillance, using secret court orders to force major Internet companies to provide assistance. The extent of this assistance is a topic of debate. What’s clear, though, is that the process itself is opaque: it’s impossible to know how broad or inappropriate the surveillance may be.…

  • a hopeful note about PRISM

    You know what? I’m feeling optimistic suddenly. Mere hours ago, all of us tech/policy geeks lost our marbles over PRISM. And in the last hour, we’ve got two of the most strongly worded surveillance rebuttals I’ve ever seen from major Internet Companies. Here’s Google’s CEO Larry Page: we provide user data to governments only in…

  • what happens when we forget who should own the data: PRISM

    Heard about PRISM? Supposedly, the NSA has direct access to servers at major Internet companies. This has happened before, e.g. when Sprint provided law enforcement a simple data portal they could use at any time. They used it 8 million times in a year. That said, the scale of this new claim is a bit…

  • getting web sites to adopt a new identity system

    My team at Mozilla works on Persona, an easy and secure web login solution. Persona delivers to web sites and apps just the right information for a meaningful login: an email address of the user’s choice. Persona is one of Mozilla’s first forays “up the stack” into web services. Typically, at Mozilla, we improve the…

  • Identity Systems: white labeling is a no-go

    There’s a new blog post with some criticism of Mozilla Persona, the easy and secure web login solution that my team works on. The great thing about working in the open at Mozilla is that we get this kind of criticism openly, and we respond to it openly, too. The author’s central complaint is that…

  • so what if torture works?

    I’ve seen most of Zero Dark Thirty, the movie that claims to tell the story of the search for and killing of Bin Laden. It’s a pretty gruesome film, with clear implications that torture led to information that led us to Bin Laden. There are fierce debates about whether that fact – that torture led…

  • Firefox is the unlocked browser

    Anil Dash is a man after my own heart in his latest post, The Case for User Agent Extremism. Please go read this awesome post: One of my favorite aspects of the infrastructure of the web is that the way we refer to web browsers in a technical context: User Agents. Divorced from its geeky…

  • the Web is the Platform, and the User is the User

    Mid-2007, I wrote two blog posts — get over it, the web is the platform and the web is the platform [part 2] that turned out to be quite right on one front, and so incredibly wrong on another. Let’s start with where I was right: Apps will be written using HTML and JavaScript. […]…

  • Aaron

    I heard about Aaron Swartz in 2000, when he won the ArsDigita prize. I met him for the first time in early summer 2002, when my little open-source webdev company, OpenForce, joined the Creative Commons team to build the CC web site. That’s also when I met Matt Haughey, whose words helped trigger a bunch…

  • The Onus is on Scientists – Shame on the AAAS

    The American Association for the Advancement of Science (AAAS) has just come out against California’s Proposition 37, which would mandate the labeling of genetically-modified foods. In my opinion, the AAAS has failed its duty as promoters of Good Science. The question is not whether genetically-modified foods are safe. I see the benefits, and I see…

  • connect on your terms

    I want to talk about what we, the Identity Team at Mozilla, are working on. Mozilla makes Firefox, the 2nd most popular browser in the world, and the only major browser built by a non-profit. Mozilla’s mission is to build a better Web that answers to no one but you, the user. It’s hard to…

  • in praise of hands-on expertise

    (I don’t usually share personal stories in public fora, but in this case, and with my wife’s permission, I’m making an exception.) “Shoulder Dystocia,” said the Obstetrician, as we neared the end of my wife’s otherwise-routine delivery of our son last week. This meant nothing to me. My wife, on the other hand, freaked out.…

  • encryption is not gravy

    When designing a secure service that stores user data, you might be temped to say “let’s make sure the data is encrypted.” That statement implies that you’re proposing adding goodness, without taking anything away. Something like “I’d like some of that delicious gravy on my roast turkey, please.” Clearly, turkey with gravy is strictly better…

  • cookies don’t track people. people track people.

    The news shows are in a tizzy: Google violated your privacy again [CBS, CNN] by circumventing Safari’s built-in tracking protection mechanism. It’s great to see a renewed public focus on privacy, but, in this case, I think this is the wrong problem to focus on and the wrong message to send. what happened exactly (Want…

  • it’s the randomness, stupid

    The New York Times is reporting that a flaw has been found in RSA. The original paper is here, and it looks like a second team was about to release similar information, so they’ve posted an explanatory blog post, which I recommend. A number of people are understandably concerned. Since I couldn’t find a simple…

  • a simpler, webbier approach to Web Intents (or Activities)

    A few months ago, Mike Hanson and I started meeting with James, Paul, Greg, and others on the Google Chrome team. We had a common goal: how might web developers build applications that talk to each other in a way that the user, not the site, decides which application to use? For example, how might…

  • encryption is (mostly) not magic

    A few months ago, Sony’s Playstation Network got hacked. Millions of accounts were breached, leaking physical addresses and passwords. Sony admitted that their data was “not encrypted.” Around the same time, researchers discovered that Dropbox stores user files “unencrypted.” Dozens (hundreds?) closed their accounts in protest. They’re my confidential files, they cried, why couldn’t you…

  • an ode to lessig’s optimism, taking on gigantic challenges… and a quibble

    Last night, I went to see Lessig pitch his latest book, Republic, Lost. His latest spiel is fantastic, fine-tuned, gripping, thrilling, inspiring. I’ve been an avid fan of Lessigian story-telling for 13 years now. The way he sets up his argument, the way he goes far beyond the obvious, far beyond the quick fix, and…

  • BrowserID and me

    A few weeks ago, I became Tech Lead on Identity and User Data at Mozilla. This is an awesome and challenging responsibility, and I’ve been busy. When I took on this new responsibility, BrowserID was already well under way, so we were able to launch it in my second week on the project (early July).…

  • my 9.11

    Maybe it’s silly to add yet another story to the list of “where I was on 9/11.” I suffered no direct loss, while some people I know did. Many other world events were far, far more awful. But as I did experience 9/11 in person, I feel the need to write down some thoughts, some…

  • with freedom comes responsibility: open publishing

    As of a few months ago, I’m no longer on a publish-or-perish academic track. Mozilla gives me the freedom to publish, but no pressure. Coincidentally, the publishing world is at a bit of a crossroads. Some organizations, like USENIX, are increasingly open: all papers are published for the world to see, many talks are videotaped…

  • and the laws of physics changed

    Google just introduced Google Plus, their take on social networking. Unsurprisingly, Arvind has one of the first great reviews of its most important feature, Circles. Google Circles effectively let you map all the complexities of real-world privacy into your online identity, and that’s simply awesome. You can think of Circles as the actual circles of…

  • with great power…

    When Arvind writes something, I tend to wait until I have a quiet moment to read it, because it usually packs a particularly high signal to noise ratio. His latest post In Silicon Valley, Great Power but No Responsibility, is awesome: We’re at a unique time in history in terms of technologists having so much…

  • Wombat Voting: Open Audit Elections in Israel

    My friend Alon Rosen is leading an effort with colleagues Amon Ta-Shma, Ben Riva, and Yoni Ben-Nun in Israel to implement and deploy in-person open-audit voting. The project is called Wombat Voting. It combines a number of existing cryptographic techniques in a very nice package. Oh, and they’ve implemented it and used it to run…

  • 2 months in at Mozilla

    It’s been 2 months since I started at Mozilla. I’m working with fantastically talented and friendly people. I’m enjoying myself tremendously and I’m starting to get a sense of what makes Mozilla different from my previous experiences. Put simply, it’s teamwork. In his speech to Harvard Med School graduates last week (stick with me here,…

  • Online Voting is Terrifying and Inevitable

    Voting online for public office is a terrifying proposition to most security experts. The paths to subversion or failure are many: the server could get overwhelmed by attackers, preventing voting altogether the server could get hacked and the votes changed surreptitiously the users’ machines could get compromised by a virus, which would then flip votes…

  • (your) information wants to be free

    A couple of weeks ago, Epsilon, an email marketing firm, was breached. If you are a customer of Tivo, Best Buy, Target, The College Board, Walgreens, etc., that means your name and email address were accessed by some attacker. You probably received a warning to watch out for phishing attacks (assuming it wasn’t caught in…

  • grab the pitchforks!… again

    I’m fascinated with how quickly people have reached for the pitchforks recently when the slightest whiff of a privacy/security violation occurs. Last week, a few interesting security tidbits came to light regarding Dropbox, the increasingly popular cloud-based file storage and synchronization service. There’s some interesting discussion of de-duplication techniques which might lead to Oracle attacks,…

  • intelligently designing trust

    For the past week, every security expert’s been talking about Comodo-Gate. I find it fascinating: Comodo-Gate goes to the core of how we handle trust and how web architecture evolves. And in the end, this crisis provides a rare opportunity. warning signs Last year, Chris Soghoian and Sid Stamm published a paper, Certified Lies [PDF],…

  • i changed my mind on nuclear power

    Until this recent catastrophe in Japan (it’s awful, please consider helping out), I was very pro nuclear-power. I’ve never been afraid of technology, and I was raised in France, where 80% of electricity comes from nuclear power and there has been no serious safety problem with it. Plus, nuclear power can be green. And with…