Eleanor Saitta's (previously) 2016 essay "Coercion-Resistant Design" (which is new to me) is an excellent introduction to the technical countermeasures that systems designers can employ to defeat non-technical, legal attacks: for example, the threat of prison if you don't back-door your product. Read the rest
Google has augmented its preferences for personal data retention; in addition to choosing to have all your data stored until you delete it, or having no data stored (thus depriving you of the benefits of personalization), the company has a new intermediate option: a rolling deletion program, which lets you specify that any data older than either 3 or 12 months should be autodeleted. That way, if you suffer a breach (or if authorities demand your data from Google), only your recent activity will be exposed. Read the rest
1Password has taken Maciej Cegłowski's demand for a "travel mode" for our technology to heart, introducing a new feature that locks you out of your own accounts when you're in situations where you might lose control of your devices or be compelled to log into your accounts without your consent. Read the rest
As the US government ramps up its insistence that visitors (and US citizens) unlock their devices and provide their social media accounts, the solution have run the gamut from extreme technological caution, abandoning mobile devices while traveling, or asking the government to rethink its policy. But Maciej Cegłowski has another solution: a "travel mode" for our social media accounts. Read the rest
Ever since Thomas Schelling -- an advisor on Dr Strangelove! -- published his work on negotiating theory and nuclear deterrence, we've developed a rich vocabulary for describing negotiating tactics and their underlying theories. Read the rest
Even before he took the job of Chief Security Officer of Yahoo, Alex Stamos had a reputation for being a badass: a thoughtful security ethicist who served as an expert witness in defense of Aaron Swartz, Stamos cemented his reputation by publicly humiliating the director of the NSA over mass surveillance. Read the rest
In 2013, Lavabit -- famous for being the privacy-oriented email service chosen by Edward Snowden to make contact with journalists while he was contracting for the NSA -- shut down under mysterious, abrupt circumstances, leaving 410,000 users wondering what had just happened to their email addresses. Read the rest
Facebook spokespeople and cryptographers say that Facebook's decision to implement Open Whisper Systems' end-to-end cryptographic messaging protocol in such a way as to allow Facebook to decrypt them later without the user's knowledge reflects a "limitation" -- a compromise that allows users to continue conversations as they move from device to device -- and not a "defect." Read the rest
I did an interview with the Changelog podcast (MP3) about my upcoming talk at the O'Reilly Open Source conference in London, explaining how it is that the free and open web became so closed and unfree, but free and open software stayed so very free, and came to dominate the software landscape. Read the rest
Earlier this month, I gave the afternoon keynote at the Internet Archive's Decentralized Web Summit, speaking about how the people who are building a new kind of decentralized web can guard against their own future moments of weakness and prevent themselves from rationalizing away the kinds of compromises that led to the centralization of today's web. Read the rest
For a year or so, I've been working with the EFF to get the World Wide Web Consortium to take steps to protect security researchers and new market-entrants who run up against the DRM standard they're incorporating into HTML5, the next version of the key web standard. Read the rest
At yesterday's Internet Archive Decentralized Web Summit, the afternoon was given over to questions of security and policy. Read the rest
Cothority is a new software project that uses "multi-party cryptographic signatures" to make it infinitely harder for governments to order companies to ship secret, targeted backdoors to their products as innocuous-looking software updates. Read the rest
