Privacy

Privacy / Recently Commented

ACLU Released Guide for Developers on How to Respond to Government Demands That Compromise Security

It is not uncommon for government agents to force technology companies to create or install malicious software in products in order to help them with surveillance. The American Civil Liberties Union (ACLU) has released a guide for developers that is intended to help preserve security and customers' privacy. more

Heading Into Panama for ICANN62

Well amazingly, it's that time again. Next week, individuals from around the world with a keen interest in Internet policy will head to Panama City, Panama for the second ICANN meeting of the year. As always, Brandsight will be attending to follow all of the important policy work being carried out by the community. Before I head off to the meeting (which based on my research will actually be my 32nd ICANN meeting!), I'd like to share a preview of the major topics slated for discussion. more

Have You Had Your GDPR Training Today?

The suggestion was recently put to the GNSO Council: anyone who becomes a member of a proposed new Expedited Policy Development Process (EPDP) must be able to demonstrate that they have basic knowledge of privacy and data protection. This makes a lot of sense: Would you trust a lawyer who had never been to law school? Or a doctor who had never studied medicine? Of course not. Recently I asked members of our ICANN Community: have you had any GDPR training, classes, or certification? more

A Trebuchet Defence in the Age of the Augmented Reality Cyberwarrior

I've been ruminating on this for a while, this follow-up that was a decade in the offing. My article Trench Warfare in the Age of The Laser-Guided Missile from January 2007 did pretty good in terms of views since I wrote it. Less so in terms of how well the ideas aged or didn't, but that's the nature of the beast. Everything gets worse, and simultaneously, better, and so here we are: Using embarrassingly ancient approaches to next-generation threats. Plus ça change. more

GDPR Your Domains For Sale? How to Keep Your Domain Name Lottery Ticket Alive

Have you ever sold a domain name that was just sitting in your registrar account? Maybe it was for that idea you had, but never found the time to develop. Perhaps it was for a business or website you once ran and then let go by the wayside. Then one day, out of the blue, that dormant domain turned into a winning lottery ticket. You got a random call or email from an interested party and the next thing you know that domain (which you've forgotten why you even renew it each year) is sold for $3,000 or $30,000 or more. more

Major US Telcos Selling Customer Location Information to Third Party Companies, Reports Krebs

While it is a known fact that mobile phones are giving away the approximate location of users' whereabouts for better call quality and emergency calls, security reporter Brian Krebs says major mobile providers in the U.S. are overstepping the boundaries. more

GDPR, ICANN, and Registrar WHOIS

On Friday I was on a surprisingly interesting session at Rightscon 2018 in Toronto about GDPR and WHOIS. The panel consisted of Eleeza Agoopian from ICANN staff; Avri Doria who was recently appointed to the ICANN board; Elliot Noss who runs large registrar Tucows; Stephanie Perrin who has done a lot of privacy work for the Canadian government and as an ICANN volunteer, and me; Milt Mueller, who is now at Georgia Tech, moderated. more

Policymakers to Discuss Data Privacy at Caribbean Internet Governance Forum

Data privacy will be among the items topping the agenda at an upcoming Caribbean Internet Governance Forum to be held by the Caribbean Telecommunications Union (CTU) in Suriname this month. The meeting is part of an effort by several Caribbean countries to establish and strengthen policies to ensure that Internet users' personal information is collected, shared and used in appropriate ways. more

Internet Platforms Collecting User Data are Digital Sweat Factories, Says EU’s Data Protection Chief

"The digital information ecosystem farms people for their attention, ideas and data in exchange for so called 'free' services," says Giovanni Buttarelli, the European data protection supervisor. more

GDPR and WHOIS - We’ve Heard from the Article 29 Working Party, Now What?

Well, here we are on Friday the 13th and I couldn't think of a better way to spend the day than providing an update on GDPR, WHOIS and ICANN. There's lots to cover, so let's dive right in. As we have been talking about for a number of months now, the EU's new General Data Privacy Regulation (GDPR) will become enforceable on May 25th. The ICANN community has been struggling with how GDPR will impact the WHOIS system. more

Researchers Discover Over 1.5 Billion Files Exposed Through Misconfigured Data Services

Many administrators misconfigure cloud storage, such Amazon Simple Storage Service (S3) buckets, resulting in the contents being publicly-accessible. more

ICANN CEO “Cautiously Optimistic” EU to Provide Clear Guidance for Domain Industry GDPR Compliance

"ICANN could invoke emergency powers in its contracts to prevent Whois becoming 'fragmented' after EU privacy laws kick in next month," reports Kevin Murphy in Domain Incite. more

We Need to Disconnect from Facebook Right Now

The smartphone has effectively transformed us into cyborgs, we have in our hands a highly efficient computing device equipped with a photo and video camera, microphone, GPS, accelerometer, gyroscope, magnetometer, light and proximity sensors, as well as other features that allow creation of increasingly useful, impressive and addictive applications. more

Oblivious DNS: Plugging the Internet’s Biggest Privacy Hole

The recent news that Mozilla and Cloudflare are deploying their own DNS recursive resolver has once again raised hopes that users will enjoy improved privacy, since they can send DNS traffic encrypted to Cloudflare, rather than to their ISP. In this post, we explain why this approach only moves your private data from the ISP to (yet another) third party. You might trust that third party more than your ISP, but you still have to trust them. In this post, we present an alternative design -- Oblivious DNS -- that prevents you from having to make that choice at all. more

Close to 20% VPN Providers Reported Leaking Customer IP Addresses via WebRTC Bug

Close to 20% of popular VPN services are reported to be leaking customer's IP address via a WebRTC bug known since January 2015, and which "some VPN providers have never heard of." more