Privacy

Privacy / Recently Commented

The Crypto Wars Resume

For decades, the US government has fought against widespread, strong encryption. For about as long, privacy advocates and technologists have fought for widespread, strong encryption, to protect not just privacy but also as a tool to secure our computers and our data. The government has proposed a variety of access mechanisms and mandates to permit them to decrypt (lawfully) obtained content; technologists have asserted that "back doors" are inherently insecure. more

The U.S. House Judiciary Committee Is Investigating Google’s Plans to Implement DNS Over HTTPS

The U.S. House Judiciary Committee is investigating Google's plans to implement DNS over HTTPS (DoH) in Chrome according to a report by the Wall Street Journal over the weekend. more

DoH Creates More Problems Than It Solves

Unlike most new IETF standards, DNS over HTTPS has been a magnet for controversy since the DoH working group was chartered on 2017. The proposed standard was intended to improve the performance of address resolutions while also improving their privacy and integrity, but it's unclear that it accomplishes these goals. On the performance front, testing indicates DoH is faster than one of the alternatives, DNS over TLS (DoT). more

51 CEOs Call on US Congress for Urgent Nationwide Data Privacy Law Overriding State-Level Laws

A letter, signed by 51 CEOs, was sent to U.S. House and Senate and leaders of other committees today urging policymakers to pass a comprehensive national data privacy law. more

DoT and DoH Guidance: Provisioning Resolvers

As part of a larger effort to make the internet more private, the IETF defined two protocols to encrypt DNS queries between clients (stub resolvers) and resolvers: DNS over TLS in RFC 7858 (DoT) and DNS over HTTPS in RFC 8484 (DoH). As with all new internet protocols, DoT and DoH will continue to evolve as deployment experience is gained, and they're applied to more use cases. more

What’s in Your DNS Query?

Privacy problems are an area of wide concern for individual users of the Internet -- but what about network operators? Geoff Huston wrote an article earlier this year concerning privacy in DNS and the various attempts to make DNS private on the part of the IETF -- the result can be summarized with this long, but entertaining, quote. more

Facebook, Privacy, and Cryptography

There has long been pressure from governments to provide back doors in encryption systems. Of course, if the endpoints are insecure it doesn't matter much if the transmission is encrypted; indeed, a few years ago, I and some colleagues even suggested lawful hacking as an alternative. Crucially, we said that this should be done by taking advantage of existing security holes rather than be creating new ones. more

New Zealand’s Domain Name Commission Wins Appeal in Lawsuit Against US DomainTools

New Zealand's Domain Name Commission (DNC) wins in court against the US company DomainTools for "illegally scrapping personal information" of .nz domain name owners. more

EU Court of Justice Ruling Could Result in Cutting Off Data Flows to US

EU holds an eight-hour-long hearing taking an extensive look at whether US surveillance practices break European data protection laws. more

Majority of Popular Mobile-Only VPNs Are Run by Chinese Nationals or Located in China

While the current VPN market appears to be filled with numerous products by various companies, recent research that took a closer look into the market revealed very unexpected results. more

Move Fast and Regulate Things

The international community is converging on one notion at least: that Facebook cannot be prosecutor, judge and jury of its own achievements and transgressions. The calls to regulate social media companies first came from various legislative bodies, then from civil society and national policymakers, then from the CEO of Facebook itself, "to preserve what is best about [the Internet]." If some scepticism followed that was natural enough – was the company sincere in calling for more regulation? more

Microsoft Sees Serious Appetite for Revised Privacy Laws in US, Says It’s Time to Match EU’s GDPR

With the first anniversary of the European Union's General Data Protection Regulation (GDPR) approaching in just a few days, Microsoft's Corporate Vice President and Deputy General Counsel, Julie Brill says GDPR has been an important catalyst for progress in privacy protection around the world. more

NGOs, Academics Warn Against EU’s Deep Packet Inspection Problem, at Least 186 ISPs Breaking Rules

European Digital Rights organization (EDRi) along with 45 NGOs, academics and companies from 15 countries sent an open letter to European policymakers and regulators on Wednesday warned against the widespread use of Deep Packet Inspection (DPI) technology by Internet service providers in the EU. more

US Federal Trade Commission Says It Lacks Resources to Go After Privacy Violations Effectively

At hearing on Wednesday, the U.S. Federal Trade Commission (FTC) urged Congress to pass data privacy legislation and enhance its authority to police large tech companies. more

No GDPR Action Against Any Big Tech Firms Since Law Imposed Last Year, Doubts Escalate Over Enforcer

Last year Europe imposed GDPR, arguably the world's toughest standard for data privacy and now, a year later, there has yet to be any enforcement action against a big tech firm. more