It is not uncommon for government agents to force technology companies to create or install malicious software in products in order to help them with surveillance. The American Civil Liberties Union (ACLU) has released a guide for developers that is intended to help preserve security and customers' privacy. more
Well amazingly, it's that time again. Next week, individuals from around the world with a keen interest in Internet policy will head to Panama City, Panama for the second ICANN meeting of the year. As always, Brandsight will be attending to follow all of the important policy work being carried out by the community. Before I head off to the meeting (which based on my research will actually be my 32nd ICANN meeting!), I'd like to share a preview of the major topics slated for discussion. more
The suggestion was recently put to the GNSO Council: anyone who becomes a member of a proposed new Expedited Policy Development Process (EPDP) must be able to demonstrate that they have basic knowledge of privacy and data protection. This makes a lot of sense: Would you trust a lawyer who had never been to law school? Or a doctor who had never studied medicine? Of course not. Recently I asked members of our ICANN Community: have you had any GDPR training, classes, or certification? more
I've been ruminating on this for a while, this follow-up that was a decade in the offing. My article Trench Warfare in the Age of The Laser-Guided Missile from January 2007 did pretty good in terms of views since I wrote it. Less so in terms of how well the ideas aged or didn't, but that's the nature of the beast. Everything gets worse, and simultaneously, better, and so here we are: Using embarrassingly ancient approaches to next-generation threats. Plus ça change. more
Have you ever sold a domain name that was just sitting in your registrar account? Maybe it was for that idea you had, but never found the time to develop. Perhaps it was for a business or website you once ran and then let go by the wayside. Then one day, out of the blue, that dormant domain turned into a winning lottery ticket. You got a random call or email from an interested party and the next thing you know that domain (which you've forgotten why you even renew it each year) is sold for $3,000 or $30,000 or more. more
While it is a known fact that mobile phones are giving away the approximate location of users' whereabouts for better call quality and emergency calls, security reporter Brian Krebs says major mobile providers in the U.S. are overstepping the boundaries. more
On Friday I was on a surprisingly interesting session at Rightscon 2018 in Toronto about GDPR and WHOIS. The panel consisted of Eleeza Agoopian from ICANN staff; Avri Doria who was recently appointed to the ICANN board; Elliot Noss who runs large registrar Tucows; Stephanie Perrin who has done a lot of privacy work for the Canadian government and as an ICANN volunteer, and me; Milt Mueller, who is now at Georgia Tech, moderated. more
Data privacy will be among the items topping the agenda at an upcoming Caribbean Internet Governance Forum to be held by the Caribbean Telecommunications Union (CTU) in Suriname this month. The meeting is part of an effort by several Caribbean countries to establish and strengthen policies to ensure that Internet users' personal information is collected, shared and used in appropriate ways. more
"The digital information ecosystem farms people for their attention, ideas and data in exchange for so called 'free' services," says Giovanni Buttarelli, the European data protection supervisor. more
Well, here we are on Friday the 13th and I couldn't think of a better way to spend the day than providing an update on GDPR, WHOIS and ICANN. There's lots to cover, so let's dive right in. As we have been talking about for a number of months now, the EU's new General Data Privacy Regulation (GDPR) will become enforceable on May 25th. The ICANN community has been struggling with how GDPR will impact the WHOIS system. more
Many administrators misconfigure cloud storage, such Amazon Simple Storage Service (S3) buckets, resulting in the contents being publicly-accessible. more
"ICANN could invoke emergency powers in its contracts to prevent Whois becoming 'fragmented' after EU privacy laws kick in next month," reports Kevin Murphy in Domain Incite. more
The smartphone has effectively transformed us into cyborgs, we have in our hands a highly efficient computing device equipped with a photo and video camera, microphone, GPS, accelerometer, gyroscope, magnetometer, light and proximity sensors, as well as other features that allow creation of increasingly useful, impressive and addictive applications. more
The recent news that Mozilla and Cloudflare are deploying their own DNS recursive resolver has once again raised hopes that users will enjoy improved privacy, since they can send DNS traffic encrypted to Cloudflare, rather than to their ISP. In this post, we explain why this approach only moves your private data from the ISP to (yet another) third party. You might trust that third party more than your ISP, but you still have to trust them. In this post, we present an alternative design -- Oblivious DNS -- that prevents you from having to make that choice at all. more
Close to 20% of popular VPN services are reported to be leaking customer's IP address via a WebRTC bug known since January 2015, and which "some VPN providers have never heard of." more