What happens when you open an email and allow it to display embedded images and pixels? You may expect the sender to learn that you've read the email, and which device you used to read it. But in a new paper we find that privacy risks of email tracking extend far beyond senders knowing when emails are viewed. Opening an email can trigger requests to tens of third parties, and many of these requests contain your email address. more
The Equifax hack is understood to have compromised the personal data of over 140 million individuals. Although recent hacks of other businesses have affected more individuals, the personal data held by Equifax is significantly more sensitive than the data compromised in other hacks and includes Social Security numbers, birth dates, current and previous addresses and driver licence details... (Co-authored by Peter Davis and Brendan Nixon.) more
The Internet Corporation for Assigned Names and Numbers (ICANN) has postponed plans to change the cryptographic key -- a critical step in updating protection measures for the Domain Name System (DNS). more
As you've undoubtedly heard, the Equifax credit reporting agency was hit by a major attack, exposing the personal data of 143 million Americans and many more people in other countries. There's been a lot of discussion of liability; as of a few days ago, at least 25 lawsuits had been filed, with the state of Massachusetts preparing its own suit. It's certainly too soon to draw any firm conclusions... but there are a number of interesting things we can glean from Equifax's latest statement. more
The offices of the .cat gTLD registry Fundació puntCAT were raided by the Spanish police this morning. The company reported the incident via a series of tweets as the raid was being carried out. more
Suppose for a moment that you are the victim of a wicked ISP that engages in disallowed "throttling" under a "neutral" regime for Internet access. You like to access streaming media from a particular "over the top" service provider. By coincidence, the performance of your favoured application drops at the same time your ISP launches a rival content service of its own. You then complain to the regulator, who investigates... It seems like an open-and-shut case of "throttling" resulting in a disallowed "neutrality violation". Or is it? more
A recent article in the New York Times Dealbook column reported on phone number hijacking, in which a bad guy fraudulently takes over someone's mobile phone number and used it to reset credentials and drain the victim's account. It happens a lot, even to the chief technologist of the FTC. This reminds us that security is hard, and understanding two-factor authentication is harder than it seems. more
Over the past couple of weeks, following the events in Charlottesville, Virginia, there has been significant discussion in social and traditional media about various technology companies removing websites from their servers, or otherwise making them unavailable. As the operators of Canada's Internet domain, we at CIRA are getting numerous inquiries about our stance and policies on this issue. I'd like to use this opportunity to make a couple of clarifications about how CIRA works and what CIRA actually does. more
Building IoT ventures from scratch by prototyping hardware devices and their backend systems as well as working for a large company that tries to sell IoT devices itself, we learned a lot about the pitfalls and problems concerning security in the IoT. Nearly every connected device out there proved to be vulnerable to attacks. Researchers showed that it's possible to remotely take control over autonomous vehicles, implanted medical devices were manipulated, voting machines compromised and of course all sorts of other "smart" devices... more
I believe Mobile Information and Communications Technologies (ICTs) are and very well remain powerful and best-suited technologies that will help provide connectivity and digital access in a much faster and cheaper way for developing countries of the globe. Thus, they are to be leveraged within their most strategic and profitable functional or usage contexts. Mobile access technologies along with relevant innovations have formed a powerful springboard for the Internet to be significantly accelerated in terms of access, usage and penetration. more
After its first edition in Valencia, Brands and Domains will travel this time to the Netherlands where the second conference will take place from the 2nd to 3rd of October 2017. This time, Dot Stories, the main organizer, chose the Hotel Amrath Kurhaus for the event. Nowadays, more than 600 applicants hold already the right to start their own dot brand, but there are not so many who have been brave enough to use it. more
With over 600 "dot Brands" applied for in 2012, and hundreds now launched, 2017 seems poised to be the Year of dotBrand! "dotBrands" are top level domains (TLDs) that use the brand name to the right of the dot, as in www.mabanque.bnpparibas or www.home.cern. Many large companies across nearly every industry applied, including Google, Amazon, Citibank, VISA, McDonalds, Sony, HBO, Alibaba, and Hermes. more
Back in the early 2000s, several notable Internet researchers were predicting the death of the Internet. Based on the narrative, the Internet infrastructure had not been designed for the scale that was being projected at the time, supposedly leading to fatal security and scalability issues. Yet somehow the Internet industry has always found a way to dodge the bullet at the very last minute. more
Almost every country code Top-Level Domain (ccTLD) has had some kind of rough and clumsy start at its sunrise. Internet was young, everything was new, and whoever took the national TLD first, got power over it. The situation eventually sorted out, and now most ccTLDs are drama free, well-operated for the benefit of people and the Internet communities in those countries. Unfortunately, not in Slovakia. more
Searching decisions under the Uniform Domain Name Dispute Resolution Policy (UDRP) is important - for evaluating the merits of a potential case and also, of course, for citing precedent when drafting documents (such as a complaint and a response) in an actual case. But, searching UDRP decisions is not always an easy task. It's important to know both where to search and how to search. Unfortunately, there is no longer an official, central repository of all UDRP decisions that is freely available online. more