tag:blogger.com,1999:blog-80798632024-03-15T21:12:45.475-07:00the wild web[ thoughts on web privacy and security ]Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.comBlogger300125tag:blogger.com,1999:blog-8079863.post-85794805829422496872022-09-06T19:13:00.000-07:002022-09-06T19:13:26.500-07:00pde<p>This past weekend, we lost one of the worlds most noble
technologists, <a href="https://github.com/pde/letsencrypt">Peter Eckersley</a>. Peter and I regularly collaborated when I was
working on HTTPS and privacy at Mozilla, and he worked enthusiastically and
tirelessly to hold everyone to a higher standard than even himself. He was instrumental in many of the EFF's
projects like PrivacyBadger, Panopticlick, and HTTPS Everywhere, while he
nudged the Mozilla contributors to keep working on privacy and HTTPS; but possibly his
biggest contributions were his work on CertBot and LetsEncrypt.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEis1I7Z31YPehu9r8P6ftSGy364ffpmrJTXHqAEVuFkH4r34BuHa-0dikvraEZAPh_U9mc0GoTz-HQWfyDUKE52gN0RsKtToNEPqNbSgAjlS0m3vuDb2miV8QUMLQUqnFcu6_7lzlaE0Vn1-QNWhRcCNS9SBA_y89L524s3BjCDhyRSQe_EpLo" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1024" data-original-width="768" height="240" src="https://blogger.googleusercontent.com/img/a/AVvXsEis1I7Z31YPehu9r8P6ftSGy364ffpmrJTXHqAEVuFkH4r34BuHa-0dikvraEZAPh_U9mc0GoTz-HQWfyDUKE52gN0RsKtToNEPqNbSgAjlS0m3vuDb2miV8QUMLQUqnFcu6_7lzlaE0Vn1-QNWhRcCNS9SBA_y89L524s3BjCDhyRSQe_EpLo" width="180" /></a></div><br />He didn't do this alone.
He was a leader, a technical idealist who captured people who often disagreed
with him and channeled their energy to make the web safer.<p></p>
<p class="MsoPlainText">When you use a web browser, <a href="https://news.umich.edu/how-lets-encrypt-doubled-the-internets-percentage-of-secure-websites-in-four-years/">the
odds are good</a> that Peter's influence has helped secure the bits you're
transferring from a server or to protect you from surveillance.<span style="mso-spacerun: yes;"> </span>If you believe information should be free, your data is yours, and everyone should have secure messaging, please consider how you can help
empower the everyday person to resist surveillance online.<span style="mso-spacerun: yes;"> </span>He fought the good fight but met an adversary
that took him away from his work far too early.<span style="mso-spacerun: yes;">
</span>He was 43.<span style="mso-spacerun: yes;"> </span>I will miss you, <a href="https://pde.is/">pde</a>.</p>Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com0tag:blogger.com,1999:blog-8079863.post-77357049584834635452021-12-03T08:35:00.001-08:002021-12-04T08:54:11.948-08:00Reckless Software Construction<p style="text-align: justify;"><span style="color: #222222;">Dear software developers: please please please stop making disposable software.</span></p><p style="text-align: justify;"><span style="color: #222222;">Demand for rapid development of software has radically changed how we develop, deploy, and maintain software over the past decade or so. Storage is cheap. Bandwidth is plentiful. Agile and rapid iteration allow fast-to-market delivery. All of this leads to fast, inefficient, messy, and reckless <a href="https://en.wikipedia.org/wiki/Rube_Goldberg_machine">Rube Goldberg</a> software construction.</span></p><p style="text-align: justify;"><span style="color: #222222;">I want to be clear: I am not trash-talking all software engineering via component composition (where devs take pre-built things and slap them together to make a new thing). This is useful for many service-based products or web applications where the software runs on the software company's own hardware. This strategy is over-used and is not the tool for every job. I like some quality DevOps and do love a good web app, but the problem is when software is thrown together without care and diligence.</span></p><p style="text-align: justify;"><span style="color: #222222;">The equation is simple: moving fast and cutting corners leads to increased risk.</span></p><div style="text-align: justify;"><span style="color: #222222;"><blockquote><i>Agile dev + fast-to-market + prefab software = unnecessary risk</i></blockquote></span></div><p style="text-align: justify;"><span style="color: #222222;">Stop it. Be an engineer, not MacGyver.</span></p><h3 style="text-align: justify;"><span style="color: #222222;">"Our CISO will take care of this."</span></h3><p style="text-align: justify;"><span style="color: #222222;">No. Your CISO doesn't want to remediate your security problems after-the-fact. Your CISO is there to help guide your development efforts down a safe path, NOT to compensate for your desire to "ship fast, fix later". You should be working with your security team to avoid unnecessary risk and not call them in as a clean-up crew when you screw it up. </span></p><p style="text-align: justify;"><span style="color: #222222;">Fast to market is great, but success will be short-lived if you are also fast-to-hacked.</span></p><p style="text-align: justify;"><span style="color: #222222;">Security teams are increasingly tasked with securing what some call a Software Supply Chain: the third party, often unknowing, contributors to a software product. This chain of components (or frankly, pre-packaged #includes, libraries, or services) creates risk that needs to be at least monitored. All of the third-party things your devs use to deploy your product will potentially fall victim to the next <a href="https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack">SolarWinds</a>, <a href="https://www.bleepingcomputer.com/news/security/popular-npm-library-hijacked-to-install-password-stealers-miners/">hacked NPM package</a>, or <a href="https://www.globenewswire.com/news-release/2021/07/06/2257884/0/en/Kaseya-Responds-Swiftly-to-Sophisticated-Cyberattack-Mitigating-Global-Disruption-to-Customers.html">Kaseya</a>.</span></p><h3 style="text-align: justify;"><span style="color: #222222;">Take Inventory</span></h3><p style="text-align: justify;"><span style="color: #222222;">The provenance of software has become so out of control that even t<a href="https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/">he White House is urging an inventory of all the stuff</a> (a Software Bill of Materials, or SBOM) you use to make your things. Cybersecurity risk is high not only because attackers know hacking your stuff is profitable, but also because your stuff is too complicated. There, I said it: the software you created is unnecessarily complicated. This call for SBOM is a cry for help; you need to <i><b>at the very least</b></i> know what your stuff is made of.</span></p><h3 style="text-align: justify;"><span style="color: #222222;">Take Responsibility</span></h3><p style="text-align: justify;"><span style="color: #222222;">This need for SBOM is a symptom of developers’ rush to pass the responsibility for fair and safe software onto others. So you make a thing out of other peoples' things... it is YOUR responsibility to vet the components. Your customers are relying on you to do this! Requiring an SBOM help someone else vet your product, but it's not foolproof and is <i>not for end-users</i>. Software developers must take responsibility for securing their work and not blindly build trash out of other peoples’ trash. SBOM is not a panacea, it is a stopgap until we regain control over the junk we build.</span></p><h3 style="text-align: justify;"><span style="color: #222222;">Take Ownership</span></h3><p style="text-align: justify;"><span style="color: #222222;">Ultimately when your software is compromised, your customers will blame you. Will you pass the blame to your third-party suppliers? You should be building something you're proud of and something you UNDERSTAND. The right tool for the job is not always the fanciest/newest tool. You do NOT need to use docker containers to build a solitaire app on iOS. </span></p><h3 style="text-align: justify;"><span style="color: #222222;">Take Action</span></h3><p style="text-align: justify;"><span style="color: #222222;">The answer is not "more software." </span><span style="color: #222222;"> The answer is not "hire a consultant." The answer is not SBOM. The answer is not DevSecOps (though that can help).</span></p><p style="text-align: justify;"><span style="color: #222222;">The first thing you should do is seriously think about your engineering practices... like <i>really</i> think about it. If you develop client-side software (apps), evaluate the components and tools you use to build your app. Maybe throwing it together quickly got it out the door, but how much effort are you spending maintaining it? Are you building the right thing? Phone Apps are bloated. Why is my email app 270MB? Why does this email app update EVERY DAMN WEEK? These are questions I'm asking your developers, and you should too. Doing your job well requires more than just tossing the product over the wall and going out for a beer.</span></p><p style="text-align: justify;"><span style="color: #222222;">Consider factoring out third-party components when you only use a small part of the component. Do you really need jquery <i>and</i> d3.js <i>and</i> Angular? Do you need all those NPM packages? An elegant, well-crafted architecture results in a more stable and secure product. Take pride in your design and not just your speed. Focus. Keep it simple as you can; any amount of early investment to understand and reduce complexity of your software's provenance will minimize the chance that someone else's mistake ruins your product.</span></p>Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com9tag:blogger.com,1999:blog-8079863.post-70031110944627185942019-06-03T06:13:00.001-07:002019-06-03T06:13:11.904-07:00Data Transparency: RevisitedWith this academic year behind me, I had some time to think and reflect on what has brought me where I am. In 2012, I had an opportunity to participate in what served to energize me and mold what ended up being my short but intense career in web tech. <br />
<br />
In April 2012, the <a href="https://www.wsj.com/video/coders-gather-for-wsj-transparency-weekend/075C98EF-054A-4A00-AE75-F15C98BDBA47.html?mod=e2tw">Wall Street Journal</a> hosted a <a href="https://twitter.com/hashtag/wsjdata">Data Transparency Weekend</a> to bring together technologists, activists, journalists, and inventors from across the globe to work on the lack of transparency about how people are watched, profiled, and targeted online. This NYC event <a href="https://www.flickr.com/photos/wsjdata/">connected me with allies and mentors</a> who all were doing amazing work in online privacy. From the wicked smart reporting (<a href="https://www.flickr.com/photos/wsjdata/7137043267/in/dateposted/">and organizing</a>) of <a href="https://twitter.com/JuliaAngwin">Julia Anguin</a> and <a href="https://www.nytimes.com/2019/05/22/technology/personaltech/maximize-online-privacy.html">Jennifer Valentino-DeVries</a>, to folks like <a href="https://twitter.com/dakami">Dan Kaminsky</a>, <a href="https://www.csail.mit.edu/person/daniel-weitzner">Danny Weitzner</a>, <a href="https://www.cs.princeton.edu/~felten/">Ed Felten</a>, <a href="https://www.heinz.cmu.edu/~acquisti/">Alessandro Acquisti</a>, <a href="https://twitter.com/hoofnagle">Chris Hoofnagle</a>, <a href="https://www.partnershiponai.org/team/peter-eckersley/">Peter Eckersley</a>, and of course <a href="https://ashkansoltani.org/">Ashkan Soltani</a> whose work has repeatedly inspired my own. I cannot hope to name all the amazing folks who were there, and thinking back it was incredible we all ended up in the same spot at the same time. To all of you who spent this time with me: thank you.<br />
<br />
Since 2012, the level of conversation about online data and tracking has skyrocketed, but not much has changed about how I'm tracked and targeted online; if anything, it has <b>intensified</b>.<br />
<br />
Our everyday lives are being invaded by what I consider multi-modal harassment: we are all barraged with unwanted solicitations, <a href="https://www.washingtonpost.com/lifestyle/style/how-phone-spam-turned-our-favorite-devices-against-us/2019/03/18/05239406-45d5-11e9-90f0-0ccfeec87a61_story.html">phone calls</a>, <a href="https://www.wxyz.com/money/consumer/dont-waste-your-money/spam-texts-how-they-get-your-number-and-what-you-can-do-to-stop-them">text messages</a>, emails, and <a href="https://www.eff.org/issues/do-not-track">display advertisements</a>. We're being force-fed product info for things that "annoying brother" thinks you want. Some of us pay for TV and our programming still gets interrupted with ads. The web is full of "free" sites, where you pay by allowing them to force-feed you ideas of other things you are supposed to want. We end up spending money externally (on things we don't actively seek) instead of those things we seek and intentionally use. To me, it feels like I'm always walking up the street to my favorite pub, but against the wind of a severe storm with driving rain of advertisements at my face.<br />
<br />
We also face a data collection problem: organizations like Amazon, Facebook, Google, and others are accumulating massive profiles of data on individuals. They are often "innovative" (reckless) with the data once it is collected. Secondary use is commonplace for "<a href="https://www.nytimes.com/2014/06/30/technology/facebook-tinkers-with-users-emotions-in-news-feed-experiment-stirring-outcry.html">experimentation</a>", and can lead to unanticipated <a href="https://www.experian.com/blogs/ask-experian/google-data-breach-what-you-need-to-know/">violations of consumers' privacy</a>. Tools keep emerging that enable more collection and processing of data. Facial recognition (FR) and machine learning (ML) are new shiny things that everyone wants, and while they do interesting things, the reaching impact and in fact the degree of "correctness" of using these tools is not widely understood. ML and FR can be used to make dumb decisions (like <a href="https://www.fastcompany.com/90356763/weibo-user-claims-to-make-face-id-system-for-porn-actresses">connecting porn stars to social media profiles</a> or <a href="https://www.cbc.ca/news/technology/facial-recognition-technology-concerns-1.4826931">widespread tracking used for assigning a "social credit score" in China</a>).<br />
<br />
How do we know who to trust with information about us when it's not obvious when they're collecting that data? How can we even make choices about who *to* trust? This is outright information theft when someone observes and measures me for their own un-shared profit. It's worse when there are no incentives to protect gathered data since it exposes the data subjects like me to unanticipated risk.<br />
<br />
<h4>
When Cyber becomes Physical</h4>
Our online presence is monitored and tracked in cyberspace using means that would not be tolerated in the physical world. I'm not only concerned with the risk we're exposed to due to this collection, but as connected devices become so pervasive, tracking in physical space becomes much more feasible. This crossing-over of collection from cyber- to physical- realms also brings with it all the risks of the online data free-for-all.<br />
<br />
Most of this "innovation" in tracking and data warehousing is driven by marketing. I used to ruthlessly argue that the right solution was a collaborative effort between marketing firms and consumers. After having seen the <a href="https://www.fastcompany.com/90308068/how-the-tragic-death-of-do-not-track-ruined-the-web-for-everyone">rise and fall of Do Not Track</a>, I no longer believe collaboration can happen. I now realize that the incentives are all wrong: ad tech cares only about the bottom line and there is little cost in getting ad spreads in front of consumers. This is wildly different from the physical world where space, audience, and construction costs pressure ad firms to be much more careful about who and how they target.<br />
<br />
<h4>
Where do we go from here? </h4>
We need to solve two giant problems: advertisement inundation and reckless data collection. <br />
<br />
For years I've heard of promises that we'll see better ads (and fewer of them!) if we allow firms to track us. Neither of these has happened; I get crap calls and see crap ads online, and my eyes and ears are tired of it. Consumers need more signal and less noise. Disconnect, callblock, and adblockfast (all promising brain children of <a href="https://twitter.com/oldestlivingboy">Brian Kennish</a>) help attenuate noise. While disappointing that we need stuff like this, noise attenuation should be a feature of *all* mainstream software, and not an add-on. Consumers also need to get over the fear of directly paying for web sites and services like we happily do with phone apps. For those of us who want free stuff and will tolerate ads (like with broadcast TV), a fairer marketing scheme is critical, but that requires some big changes like the ones <a href="https://venturebeat.com/2019/04/24/brave-rolls-out-its-own-ads-that-pay-users-a-70-cut/">Brave is trying out</a>.<br />
<br />
In the long run, we need to think more about the consumers of our technology and train responsible engineers and architects. These are the people who *must* consider societal impacts of their work beyond what is fastest, or generates the quickest dollar, which includes being transparent and respectful with how we treat people's data. If we are to involve consumers in the trade of their data, the first necessary step remains the same as it was in 2012: <a href="https://blog.sidstamm.com/2012/12/what-is-privacy.html">Data Transparency</a>. Lets start with that.<br />
<br />Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com1tag:blogger.com,1999:blog-8079863.post-30674479446602016342016-02-24T07:25:00.000-08:002016-02-24T07:27:09.507-08:00Keep the Back Door Locked<div style="margin-bottom: 0; margin-top: 0;">
Sure, I want to stop bad guys, but requiring Apple to make their phones vulnerable is not the right approach. The current public discourse on the Apple vs. FBI "open the phone" is really a conflated mix of two issues: (1) the FBI wants help to crack open a known criminal's phone and (2) whether or
not Apple should be required to create law enforcement back-doors into their
products. Lets separate the two issues.</div>
<div style="margin-bottom: 0; margin-top: 0;">
<br /></div>
<h3 style="margin-bottom: 0; margin-top: 0;">
(1) Should the FBI be given
access to Farook's iPhone contents? </h3>
<div style="margin-bottom: 0; margin-top: 0;">
I think most people agree the FBI should have the data.
<a href="http://www.npr.org/sections/thetwo-way/2016/02/23/467785093/in-debate-over-apple-fbi-dispute-gates-and-zuckerberg-don-t-agree">Bill Gates made a statement</a> on these issues on Tuesday morning, and made his
position pretty clear: "Apple has access to
the information, they're just refusing to provide the access, and the
courts will tell them whether to provide the access or not." If Apple
does indeed have access to the information, the right way forward is
for the FBI to seek the court's order requiring
Apple to release the information. This isn't new. In fact, the FBI have <a href="https://assets.documentcloud.org/documents/2714005/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf">a court order</a> in hand.</div>
<div style="margin-bottom: 0; margin-top: 0;">
<br /></div>
<div style="margin-bottom: 0; margin-top: 0;">
Does Apple <i>really</i> have access to
the data on Farook's iPhone? Is it <i>able</i> to comply with the court
order? <a href="https://www.apple.com/customer-letter/">Tim Cook's messaging</a> indicates they do not, and Apple is
pushing back saying that they will not comply
with the part of the court order that goes beyond this simple data turnover: the part that says "give the FBI a tool to help us hack the phone quickly." This is where the
discourse gets concerning; this tool could be considered a backdoor.
It's not as egregious as "give us a master key", but it is certainly
bypassing the iPhone's owner's security mechanism in a way not intended
by the manufacturer.</div>
<div style="margin-bottom: 0; margin-top: 0;">
<br /></div>
<h3 style="margin-bottom: 0; margin-top: 0; text-align: justify;">
(2)
Should Apple create a tool for the FBI that enables easy hacking of Farook's phone? </h3>
<div align="left" style="margin-bottom: 0; margin-top: 0; text-align: justify;">
If you read carefully into <a href="https://assets.documentcloud.org/documents/2714005/SB-Shooter-Order-Compelling-Apple-Asst-iPhone.pdf">the court order</a>,
the court asks apple to provide a tool
that will <i>only</i> work on the <i>specific</i> subject device -- <i>not</i> all iPhones. The specific ask reads:</div>
<blockquote class="tr_bq" style="margin-bottom: 0; margin-top: 0; text-align: justify;">
"<span style="font-family: "courier new" , "courier" , monospace; font-size: x-small;">Apple shall assist in enabling the search of a cellular telephone, [make, model, serial number, IMEI] on the Verizon Network, (the "SUBJECT DEVICE") pursuant to a warrant of this court by providing reasonable technical assistance to assist law enforcement agents in obtaining access to the data on the SUBJECT DEVICE.</span>"</blockquote>
<div align="left" style="margin-bottom: 0; margin-top: 0; text-align: justify;">
This reads like a natural extension of "hand over the contents of this phone." It sounds quite reasonable, much like ordering a building superintendent to
unlock a specific criminal's apartment for a search. This doesn't immediately seem different from the first issue (give us
access to Farook's data).</div>
<div style="margin-bottom: 0; margin-top: 0;">
<br /></div>
<div style="margin-bottom: 0; margin-top: 0;">
But it is. <br />
<br />
If you keep reading, the court orders Apple to provide the FBI with a <b><i>tool</i></b> to override some of the security features in the phone. Ordinarily, Apple would not have a fast way to "unlock the apartment."
They have provided people with secure phones that keep data private
from everyone, including from Apple. But in this case
the court is ordering Apple to do the FBI's job: engineer something new
to reverse their phone's security. This is like asking the door
lock manufacturer to make you a lock-picking machine for the apartment's lock.
Doesn't the FBI usually just pick the lock or kick
in the door? The courts don't compel the lock maker to make a
lock-picking machine to do it.</div>
<div style="margin-bottom: 0; margin-top: 0;">
<br /></div>
<div style="margin-bottom: 0; margin-top: 0;">
There's urgency here to get everyone to pitch in to stop terrorism, and I understand this concern. Irrational bad guys are really scary. But this
order is not routine! It is an ask to do something very abnormal to aid law enforcement. Assume it's a good idea: we all want to help the FBI unlock the phone, and so Apple makes the tool. Now
what? Can such a tool be constructed so it cannot be used on other
iPhones? In my opinion, and <a href="https://www.apple.com/customer-letter/">in Apple's</a>, <i>it cannot</i>. The existence of this tool
threatens the security of <i>all</i> iPhone users when it is not
limited to this individual device. If the tool fell into the wrong
hands, it may be used by criminals or even the terrorists the FBI is
trying to stop. </div>
<h3 style="margin-bottom: 0; margin-top: 0;">
<br />Where does this lead?</h3>
<div style="margin-bottom: 0; margin-top: 0;">
This neutralizes any benefits from encryption, and not just on iPhones. For a moment, lets assume
this tool can be safely created to work against only one device. The requests wouldn't stop at Apple's
compliance with a single phone. The court order could lead to companies being required to defeat their own customers' security any time
law enforcement requests it. This is a very dangerous precedent. <a href="https://lawfareblog.com/not-slippery-slope-jump-cliff">Nick Weaver's analysis</a> is frightening: imagine if device manufacturers had to do "the dirty work" of hacking
into their own products at any time. Currently, law enforcement must do
the often substantial work to break a device, but if they can just get a
court order and require someone else to put
in the effort that removes any incentive to investigate carefully before
pursuing a subject's data. </div>
<div style="margin-bottom: 0; margin-top: 0;">
<br /></div>
<div style="margin-bottom: 0; margin-top: 0;">
While the order itself does
not create a technological backdoor, it creates one through legal
precedent. Apple is right to appeal and ask the courts to think a bit harder about this order. Encryption is the only thing that provides any sort of confidentiality on the wild web, and we should not throw it away to decrypt one phone. I'm not sure where it is, but somewhere we need to draw the line somewhere between
"never help the FBI catch terrorists" and "make it trivial to defeat your customers' security" -- a balance where law enforcement officers' hands are not tied and encryption still works for the good guys.<br />
<br /></div>
Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com0tag:blogger.com,1999:blog-8079863.post-82506696591030164482016-01-31T12:54:00.001-08:002016-01-31T12:54:37.751-08:00shake it upMuch has happened on the web in the last two and a half years, and of course I've been too wrapped up in it to say anything here.<br />
<br />
It's time to change that.<br />
<br />
A little over a year ago I <a href="http://www.rose-hulman.edu/news/academics/2015/sid-stamm-returns-to-his-roots,-gives-students-tools-to-meet-cybersecurity-challenges.aspx">returned to my roots</a>. I've always had my sights set on teaching, and it's fantastic to be back in a place so dedicated to education. We need to alter the Web's course and the best place for me to contribute to this goal is by preparing our future software designers and entrepreneurs to lead the charge.<br />
<br />
I'll admit that I got a bit tired of trying to change the Web. It's exhausting working on <a href="https://en.wikipedia.org/wiki/Do_Not_Track">an initiative</a> that has the whole force of online marketing against you. Skeptics and those who rely on the opacity of data trading alike are a powerful force.<br />
<br />
But I haven't stopped caring. Admittedly I backed off, but some (with more stamina than I) haven't. On January 20, Andreas Gal posted his thoughts with a very optimistic headline: <a href="http://andreasgal.com/2016/01/20/brendan-is-back-to-save-the-web/">"Brendan is back to save the web".</a> He does a great job of making a point that I've been trying to articulate for years: the economic incentives online are stuck and we need a new player to emerge with new incentives and a fresh look at how to make the Web an economy again instead of a giant data mine. Andreas makes a clear case that all the current web browsers cost money to produce, but nobody pays for them directly; instead they are indirectly kept aloft by whatever makes the Web go round. <br />
<br />
Right now that's almost exclusively advertisements.<br />
<br />
Somehow the web has found itself in an advertising monoculture where advertising is frequently aggravating and at <i>best </i>an unnecessary bloat in an ecosystem that should not be bogged down by distractions from <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=847124">generative content</a>. The web should be a place vibrant with commerce and innovation: clear of distractions and rich with creativity. People should not be <i>sold on </i>what they want, they should instead be able to <i>make</i> what they want. <br />
<br />
But the question remains: how do we get the web from where it is to where it should be? <br />
<br />
We need economic incentives that encourage Web sites without this bloat. We need content that is a generative "makers" platform. The Web should be an ecosystem where businesses get rewarded for their content and <i>not </i>the willingness to plaster solicitations all over their digital presence. This is what Brendan wants to do.<br />
<br />
<a href="https://brave.com/">Brave</a> is his attempt to steer the web in the right direction. <a href="https://brave.com/blogpost_1.html">His vision</a> is to make a web browser that is a true user agent again, and <a href="https://en.wikipedia.org/wiki/Principal%E2%80%93agent_problem">not a self-serving or web-serving agent</a>. People should be molding the web instead of the web molding its people.<br />
<br />
I agree with <a href="https://brave.com/blogpost_1.html">Brendan</a> that the web should not be an ad-blocking fight, it should be a place for novel and generative things, but we can't just turn our backs on ads. I'm intrigued by Brave's new approach and excited to see where Brendan and his team take us.Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com1tag:blogger.com,1999:blog-8079863.post-36431317863583220292013-11-21T09:22:00.000-08:002013-11-21T09:22:30.168-08:00facebook privacy in a graphicOne reason I deleted my Facebook account was what I perceived to be their <a href="http://blog.sidstamm.com/2010/08/facebook-again.html">shampoo-instruction-style erosion of privacy</a>. They seemed to be changing things, reacting to public outrage, rolling back a little bit, then repeating. Slowly, they appeared to be drawing in users and <a href="http://blog.sidstamm.com/2010/05/facebook-privacy-erosion.html">strong-arming them into letting go of some control</a> over their personal data by providing an ultimatum: "keep on top of our policy changes or leave". I understand they need to make money, but surely there's a more fair way than filing down peoples' control to extract more personal info.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><span style="margin-left: auto; margin-right: auto;"><a href="http://mattmckeon.com/facebook-privacy/"><img border="0" height="264" src="http://4.bp.blogspot.com/-tRMVoHlsF_Y/Uo4_WjkSTyI/AAAAAAAAAw4/m-nTrMFi5K0/s320/fbinfographic.png" width="320" /></a></span></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><span style="font-size: xx-small;"><a href="http://mattmckeon.com/facebook-privacy/">Credit: Matt McKeon <span style="text-align: start;">http://mattmckeon.com/facebook-privacy/</span></a></span></td></tr>
</tbody></table>
<br class="Apple-interchange-newline" />
Browsing around today, I stumbled across <a href="http://mattmckeon.com/facebook-privacy/">Matt McKeon's infographic</a> showing the evolution of Facebook's privacy policies and <a href="https://www.eff.org/deeplinks/2010/04/facebook-timeline">Kurt Opsahl's related timeline of changes</a>. The data only goes through 2010 (perhaps their M.O. has changed since then), but it's a striking graphic and worth a look. It would be fascinating if construction of such an infographic timeline were automated and it could be deployed for other sites out there.Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com1tag:blogger.com,1999:blog-8079863.post-37580241655546158152013-03-18T17:23:00.000-07:002013-03-18T17:24:42.076-07:00what ever happened to the second party?<br />
I got into a terminology discussion with <a href="http://brendaneich.com/">Brendan</a> this week, and it turns out there's general confusion over these labels we give to businesses on the web: first party and third party. This topic has been <a href="http://www.w3.org/2011/tracking-protection/track/issues/10">debated ad nauseum in the TPWG</a>, but I want to share my thoughts on what it means in the context of cookies and the general browser/webpage point of view.<br />
<br />
The Marx brothers have a take on this in <a href="http://www.nightattheopera.net/contract.html">Night at the Opera</a> when they get into discussion of parties and contracts, and I think they're on to something, but on the web these party labels probably come from business-focused contractual engagements. So which party am I? I'm not a party (though that sounds like fun).<br />
<br />
In the case of cookies, the party labels are all about contractual arrangements to produce a good or service for you. You, the surfer, are not part of the contract, but you benefit from a system of first, second and third party businesses. <br />
<br />
Here, the <i><b>first party</b></i> is the business you seek to engage. The <i><b>second party</b></i> in question is a contractor doing business explicitly for the first party. For example, when you visit the grocery store, someone might help bag your groceries. Maybe they're a temp worker and are actually employed by a different company, but their sole job is to do what the grocery store asks, and they do their work in the store. In these cases there's a direct business agreement between first (business) and second (contractor) parties to produce one service or good. For all intents and purposes, the bagger seems like part of the store.<br />
<br />
Second-party cookies don't make much sense in the online cookie context since to the web browser, there's no technical distinction between the first-party or second-party web software. The assumption here is that second parties operate within the "umbrella" of the first party, so the cookies are part of the first party offering. <br />
<br />
Any<b><i> third party </i></b>players are peripheral to the transaction and may add value but their primary purpose is something other than the sought-after good or service. These third parties are more like the flier guy who walks around the parking lot while you shop and puts discount fliers for his car dealership on everyone's windshields. (Wow, zero down, $169 a month?) He's not stocking shelves or bagging your groceries at the grocery store, but is still a peripheral part of the whole grocery shopping experience. Customers expectations for the third party here are likely different than those for the temp worker. (What's maybe not obvious, is if you go to his dealership, the flyer may inform him what kind of groceries you bought, and tracking cookies can be even more invisible than these fliers -- but that's a blog post for a different day.)<br />
<br />
So how's this work online? The first party on this blog is me: blog.sidstamm.com. There's a second party here too, the folks who made my blog framework software. They maintain the software (I'm too lazy), and I use it to publish my blog, but it all comes through on this same domain name. When you read this, the two of us are working together with the goal of bringing you my thoughts. There also happen to be a "G+ Share" button and search bar on the site, but they're third party; controlled by some other entity, served over a different domain, and only showing up here to augment your experience beyond the blog you seek. <br />
<br />
So don't panic: the second parties are still there! We just don't use the term much because they're so tightly integrated with first parties, that they usually appear the same.Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.comtag:blogger.com,1999:blog-8079863.post-82222577053101578482013-03-06T12:13:00.000-08:002013-03-06T12:13:02.346-08:00Who uses the password manager?<br />
<pre wrap="">Who uses the password manager, and why? My colleague Monica Chew tries to answer these questions and more by measuring password manager use. </pre>
<pre wrap="">
</pre>
<pre wrap=""><a href="http://monica-at-mozilla.blogspot.com/2013/02/cant-live-with-them-cant-live-without.html">Check out her blog post</a>.</pre>
Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.comtag:blogger.com,1999:blog-8079863.post-6314296724085457802012-12-27T10:41:00.002-08:002012-12-27T10:41:44.732-08:00what is privacy?Often times when I find myself in a conversation about Privacy, there's a lack of clarity around what exactly we're discussing. It's widely accepted that people who are experts on privacy all speak the same language and have the same goals.<br />
<br />
I'm not so sure this is true.<br />
<br />
This came up in a discussion with <a href="http://jishnumenon.com/">Jishnu</a> yesterday, and we needed a common starting place. So I'd like to take a little time to lay out what I'm thinking when I talk about Privacy, especially since I'm mainly focused on empowering individuals with control over data sharing and not so much on keeping secrets.<br />
<blockquote class="tr_bq">
<b>Privacy</b> is the ability for an individual to have transparency, choice, and control over information about themselves.</blockquote>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-rfVcPoCc0p4/UNyG9gfJfcI/AAAAAAAAAsI/83bQ9Z4bhJM/s1600/privacy-pyramid.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://3.bp.blogspot.com/-rfVcPoCc0p4/UNyG9gfJfcI/AAAAAAAAAsI/83bQ9Z4bhJM/s1600/privacy-pyramid.png" /></a></div>
At the risk of sounding too cliché, I'm gonna use a pyramid to explain my thinking. There are three parts to establishing privacy:<br />
<br />
First, an organization's (or individual's) collection, sharing and use of data must be <u><i>transparent</i>.</u> This is crucial because choice and control cannot be realized without honesty and fairness.<br />
<br />
Second, individuals must be provided <u><i>choice</i></u>. This means data subjects (those people whose data is being collected, used or shared) must be able to understand what's going to happen with their data and have the ability to provide dissent or consent.<br />
<br />
Third, when it's clear what's happening and individuals have an understanding about what they want, they must be given <i><u>control</u> </i>over collection, sharing or use of the data in question.<br />
<br />
This means <u><i>control</i></u> depends on <u><i>choice</i></u> which depends on <u><i>transparency</i>.</u> You cannot make decisions unless you're given the facts. You cannot make your desires reality unless you've decided what you want.<br />
<br />
For the engineers out there (like me), this dependencies can be modeled as such:<br />
<blockquote class="tr_bq">
<span style="font-family: "Courier New",Courier,monospace;">[Transparency] = Awareness of Data Practices </span><br />
<span style="font-family: "Courier New",Courier,monospace;">[Choice] = [Transparency] + Individual's Wants</span><br />
<span style="font-family: "Courier New",Courier,monospace;">[Control] = [Choice] + Organizational Cooperation</span></blockquote>
Control is the goal, but it requires Transparency and Choice to work -- as well as some additional inputs. Privacy is the whole thing: all three pieces acting together with support from both data controllers and data subjects to empower individuals with a say in how their data is used.<br />
<br />
The <a href="http://blog.sidstamm.com/2010/07/mind-gap.html">privacy perception gap</a> is a symptom of ineffective transparency and choice; it is the result of peoples' inability to really understand what's going on so they have no chance to establish positions about what is okay. When transparency and choice are built into a system, the gap shrinks and people have most of what they need to regain control over their privacy.<br />
<br />
What is privacy to you?Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com11tag:blogger.com,1999:blog-8079863.post-89049210695215748772012-10-11T09:14:00.001-07:002012-10-11T09:14:40.011-07:00ownership and transparency in social mediaLes <a href="http://blog.lmorchard.com/2012/10/01/privacy-and-social-media">Writes</a>:<br />
<blockquote class="tr_bq">
"You don’t own the spaces you inhabit on Facebook. You’re enjoying a
party at someone’s house, and you barely know the guy. In fact, your
content is the currency that pays for the booze (ie. the privilege of
using their servers). That’s why it’s <a href="http://en.wikipedia.org/wiki/Gratis_versus_libre#.22Free_beer.22_vs_.22free_speech.22_distinction">free-as-in-beer</a>:
You’ve given them what you post, instead of money. That’s valuable
stuff, if they can ever quite figure out how to sell it." [<a href="http://blog.lmorchard.com/2012/10/01/privacy-and-social-media">link</a>]</blockquote>
It's
not completely fair to expect that FB users realize the data about them
that they so generously contribute to FB no longer belongs to them. My
hypothesis is that many people feel that no matter who has facts about
you and prints them, they're still *yours*. After all, companies have
trademarks, can't things about me be mine and reserved for me?<br /><br />On
a smaller scale, the monetization of facts about me is not surprising; I
give an interview to a magazine, they print it, it gets syndicated, no
surprise. On a large scale (lots of data collection, frequently) I
think people lose track of with whom they are communicating and get
immersed in the task at hand. <i> Is it my FB friends, or is it FB, who
is helpfully telling my friends things? This system is flexible, crazy,
complex, shiny and distracting! Can I use it to video chat with my
friends? That's neat. Oh, geez, I forgot FB is in the middle of all
this communication...</i><br /><br />People who sign up for FB are not
signing up to contribute their life to this stranger throwing a party.
They sign up assuming it is a tool they can use to communicate with
their friends; it is a machine they've "bought" (for free, heh) to help
them communicate. Nobody reads the terms of service. Nobody reads the
privacy policy. They accept them since other people have and only read
what their friends write. Many are in denial or do not realize that
what they contribute to the site is just that: a contribution.<br /><br />I
think there is shared responsibility here; consumers should be a little
bit wary--but this isn't their area of expertise. As such, the site
operator also has a duty to be more forthcoming with what's going on.
My communications tool is supposed to be a communications tool. If you
market it as a "free communications tool that sells my data," I am
better informed than if it's just marketed as a "communications tool."Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com1tag:blogger.com,1999:blog-8079863.post-44568044775443290762012-05-22T15:37:00.001-07:002012-05-23T09:35:57.549-07:00Adding Privacy to Apps PermissionsI've been thinking about app permission models, especially as we're working on B2G and need a way for users to safely and thoughtfully manage the apps on their device. Most permission models strive to do precisely one thing: allow apps to ask for consent to use features.<br />
<br />
The problem I have with "allow/deny" consent to use features is that there's not a clear usage intention in having the access; a mirror app that asks for access to your camera probably doesn't need to store data it gets from the sensor, but it could go so far as to store video (and perhaps send it to "sneakyprivacyinvadors.com" to spy on you).<br />
<br />
If apps can explain their usage intentions, consumers of the apps have more context and can make better decisions about the permissions they grant. While the software probably can't make sure the usage intentions are actually followed, this commitment to customers puts the app developers on the hook for doing the right thing.<br />
<br />
Head on over to the discussion in <a href="http://groups.google.com/group/mozilla.dev.webapps/topics">mozilla.dev.webapps</a> where I've posted my thoughts, and let us know what you think.<br />
<br />
<i style="color: #990000;">Edit (23-May-2012 / 9:33 PDT)</i><span style="color: #990000;">:</span> Google Groups (the public archive) did not pick up my original post to the group. If you're not subscribed via NNTP or the dev-webapps mailing list, you can see <a href="http://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/aa0ff6e8ba9742ad#">my original post in the quoted text of the first reply by Paul. </a>Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com2tag:blogger.com,1999:blog-8079863.post-45243501545311904422012-03-12T16:53:00.000-07:002012-03-12T16:54:34.415-07:00making DNT easier for web sites<a href="http://twitter.com/#%21/jiboumans">Jos Boumans</a> has done some analysis about the effect of turning on Do Not Track in your browser, and his findings show that sites in general are slow to show that they support the feature.<br />
<blockquote class="tr_bq">
<i>"As it stands, only 4 out of 482 measured top 500 sites are actively responding to the DNT header being sent."</i> (<a href="http://jiboumans.wordpress.com/2012/02/02/the-state-of-do-not-track/">Link</a>)</blockquote>
As a user, it's hard to tell if sites are honoring my Do Not Track request, and as a site developer, it might be a daunting task to hack up my back-end code. The <a href="http://www.w3.org/2011/tracking-protection/">W3C Tracking Protection working group at the W3C</a> are working on helping out transparency and implementations, but in the meantime Jos has released his mod_cookietrack apache module to make it easier for site owners to track their users' clicks in a respectful way -- right now.<br />
The Apache module, mod_cookietrack, does all sorts of stuff like mod_usertrack, but one thing it does better is honor DNT; if a server using this module sees "DNT: 1" in an HTTP request, it replaces the tracking cookie with one that says "DNT" -- something that's not unique to a visitor.<br />
<br />
Apparently it was a lot of work to get DNT supported properly in mod_cookietrack, a native browser module that performs well and is safe on multiple threads, so thanks Jos for your hard work so that more organizations can <a href="http://jiboumans.wordpress.com/2012/03/09/be-do-not-track-compliant-in-30-microseconds-or-less/">support DNT on their web sites</a>. <br />
<br />
More:<br />
<ul>
<li><a href="http://jiboumans.wordpress.com/2012/02/02/the-state-of-do-not-track/">The State of Do Not Track</a> </li>
<li><a href="http://jiboumans.wordpress.com/2012/03/09/be-do-not-track-compliant-in-30-microseconds-or-less/">Be Do Not Track compliant in 30 microseconds or less</a></li>
</ul>Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com0tag:blogger.com,1999:blog-8079863.post-18863599974321610632012-02-26T22:30:00.000-08:002012-02-26T22:48:02.186-08:00Malware and Phishing Protection in FirefoxFor a while, Firefox has included malware and phishing protection to
keep our users safe on the web. Recently, Gian-Carlo Pascutto
made some <a href="http://www.morbo.org/2012/02/new-safebrowsing-backend.html">significant improvements to our Firefox</a> support for the feature, resulting in much more efficient operation and use of the Safe Browsing API for this protection.<br />
<br />
<b>Privacy in the Safe Browsing API</b><br />
<br />
I
want to take a little time to explain how this feature works and why I
like it from a privacy perspective: Firefox can check whether or not a
web site is on the Safe Browsing blacklist without actually telling the
API what the web site is called.<br />
<br />
At a high level, using
this API to find URLs on the "bad" list is like asking your friend to
identify whether or not he likes things you show him through a dirty
window. Say you hold up an apple to the dirty window and the your
friend on the other side sees a fuzzy image of what you're holding. It
looks round and red and pretty small, but he's not sure what it is.
Your friend looks at his list of things he doesn't like and says he
likes everything like that except for plums and red tennis balls. While
he still does not know exactly what you're holding, you can know for
sure he likes the apple.<br />
<br />
More technically, this uses a
hash function to turn web URLs into numbers. Each number corresponds to
exactly one URL. For each site you visit, Firefox hashes the URL and
sends the first part of the resulting number to the Safe Browsing API.
The API responds with any values on the list of bad URLs that start with
the value it received. When Firefox gets the list of "bad" site hash
values that match the first part, it looks to see if the entire hash is
in the list. Based on whether or not it's in the provided list of bad
stuff, Firefox can determined whether the URL is on the Safe Browsing
blacklist or not.<br />
<br />
Consider this hypothetical example of two sites and their (fake) hash values:<br />
<br />
<table border="">
<tbody>
<tr><th>Site</th><th>Hash Value</th></tr>
<tr><td>http://mozilla.com</td><td>1339</td></tr>
<tr><td>http://phishingsite.com</td><td>1350</td></tr>
</tbody></table>
<br />
When you visit http://mozilla.com, Firefox
calculates the hash of the URL, which is 1339. It then asks the Safe
Browsing API what bad sites it knows about that start with "13". It
returns a list of numbers including "1350". Firefox takes that list,
notices that 1339 (http://mozilla.com) is not in the list, so the site
must be okay. <br />
<br />
If you repeat the same procedure with
http://phishingsite.com, the same prefix "13" is sent to the API, and
the same list of bad sites (including 1350) is returned. In this case,
however, the site's hash is "1350" so Firefox knows it's on the list of
bad sites and gives you a warning.<br />
<br />
For you techies and
geeks out there: yeah, I'm glossing over a few protocol details, but the
gist is that you don't need to tell Google exactly where you browse in
return for the bad-stuff blocking. <br />
<br />
<b>Keeping the Safe Browsing Service Running Smoothly </b><br />
<br />
Google
hosts the Safe Browsing service on the same infrastructure as many of
their other services, and they need to ensure that our users aren't
blocked from accessing the malware and phishing blacklists as well as
make sure they invest in the right resources to keep the service
operating well. One of the mechanisms they <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=368255#c34">need for performing this quality-of-service assurance is a cookie,</a> so the first request Firefox makes to the Safe Browsing API results in the setting of a Google cookie.<br />
<br />
I
know that not everyone likes that cookie, but Google needs it to make
sure their service is working well so I've been working with them to
ensure that they can use it for quality of service metrics but not track
you around the web. The most straightforward way to do this is to
split the Firefox cookie jar into two: one for the web and one for the
Safe Browsing feature. It's not there yet, but with a little
engineering work, in a future version of Firefox that cookie will only
be used for Safe Browsing, and not sent with every request to Google as
you browse the web.<br />
<br />
The cookie can be turned off entirely if you <a href="http://support.mozilla.org/en-US/kb/Disabling%20third%20party%20cookies">disable third party cookies in Firefox</a>. When you turn off third party cookies, even if the cookie has been previously set your browser will not send the Google cookie -- unless you visit a Google website. You can also <a href="http://support.mozilla.org/en-US/kb/Firefox%20makes%20unrequested%20connections?s=malware+protection&r=1&e=sph&as=s#w_anti-phishing-list-updating">turn off malware and phishing protection</a>, but I really don't recommend it.<br />
<br />
<b>Making "Safer Browsing" </b><br />
<br />
While
Firefox has been using Safe Browsing for a while, Google has started
experimenting with a couple new features in Safe Browsing for additional
malware and phishing filtering. Both of these new features are pretty
new and it's not yet clear how effective they are or what percent of my
browsing history will be traded for this improvement. Both new features
involve sending whole URLs to Google and departing from Firefox's
current privacy-preserving state requires evidence of a significant gain
in protection. When Google measures and shares how much gain is
encountered by their pilot deployment in Chrome, we can take a deeper
look and consider whether these new features are worth it.<br />
<br />
For
now, Firefox users are getting a lot of protection for very little in
return and there does seem to be good reason for Google to use cookies
with Safe Browsing. We are always looking out for things we can do to
give Firefox users both the best of privacy and security.Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com0tag:blogger.com,1999:blog-8079863.post-65393160407967378862011-12-19T16:46:00.000-08:002011-12-30T10:01:36.987-08:00seat belts and airbags<div class="separator" style="clear: both; text-align: center;">
</div>
As much as I like giving users choice and control, bombarding people with too many options makes using software painful. This is why it is important to consider both defaults and flexibility of all the privacy-impacting features we roll out -- the airbags and seat belts of the software industry. Not everyone who cares about privacy know how to configure Firefox (or any software) to precisely suit their needs. Those who are both care about their privacy and know how to configure software to precisely what they want are not the same; those with both qualities are often <a href="https://www.privacyassociation.org/">Privacy Professionals</a>, or they work in a related field.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-jWOeIgEIDnM/Tu_LyduUIOI/AAAAAAAAAko/m7-gr-wPjxU/s1600/privacy-know-venn.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-jWOeIgEIDnM/Tu_LyduUIOI/AAAAAAAAAko/m7-gr-wPjxU/s1600/privacy-know-venn.png" /></a></div>
<br />A couple of weeks ago, I was inspired by some stuff <a href="http://www.birmingham.ac.uk/staff/profiles/philosophy/guelke-john.aspx">Dr. John Guelke</a> said to segment my thinking on privacy into two efforts: the privacy feature seat belts and airbags. He approaches privacy as something driven by<i> social norms</i>, whereas until recently, I mostly thought about it as a subjective choice about what <i>I</i> want with my identity and data. In fact, both of these perspectives are important, and they must work together to create the most positive effect for the Web. There are distinctly different reasons to provide certain safe defaults than there are to provide features users ultimate control: the airbags can help protect everyone†, and the seat belts†† will protect those who know to use them.<br />
<br />
<b>Choice and Control (Seat Belts).</b><br />
<br />
It's crucial that people have all they need to maintain complete control over their experiences online, or the web becomes controlled solely by the businesses on it and not the people who live in it. Increasingly, people are performing more of their everyday activities online and deserve to be as much a part of their activities as they would in the real world and this is why I care so much about giving people who want it control over each bit of how they see and interact with the web. This is the reason Do Not Track was built into Firefox, and this is why software allows people change how the browser handles cookies. These features empower users to control their experiences online.<br />
<br />
Users enable and deploy these features on their own. Firefox <a href="http://blog.sidstamm.com/2011/11/firefox-wont-activate-dnt-by-default.html">doesn't turn on Do Not Track by default</a>, because it's a seat belt. People choose if they want it or not.<br />
<br />
<b>Social Norms (Airbags).</b><br />
<br />
There are expectations about what people understand that are consistently held by a society or group. These social norms dictate expected behavior and, though not something that limit behavior, can be seen as social defaults. These norms change and fluctuate with the society, but you could say they are precisely what any member of the society expect to happen.<br />
<br />
The Web is a society of sorts, and people carry over their social norms from physical interactions with people to those interactions with web sites and corporate entities online. Here is where the social norms very importantly dictate the defaults of how a web browser should work (and frankly, how web sites should work too). People expect a site to remember small bits of information about their interactions, such as what is in their shopping cart, and this is why cookies are enabled by default, like an airbag. People <i>do not</i> expect to disclose their precise location to web sites, and that is why Geolocation is not activated by default.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-RX-ImsMGNs0/Tu_XtWzElGI/AAAAAAAAAk4/8ywXEJRWUOY/s1600/privacy-know-venn-2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="177" src="http://4.bp.blogspot.com/-RX-ImsMGNs0/Tu_XtWzElGI/AAAAAAAAAk4/8ywXEJRWUOY/s400/privacy-know-venn-2.png" width="400" /></a></div>
<br />
<br />
<b>Directing Efforts.</b><br />
<br />
<b> </b><br />
There are two driving forces here that dictate the best paths forward for inventing and building privacy features into the web: social norms, and individual choice. It's easier to listen to the cry or predict a need for individual choice; we can create any feature as if it were a seat belt -- features that users may or may not want to enable. The harder direction is understanding and following <i>social norms</i>, or what people expect without request or action. These are hard because they differ not only with time, but also across different groups of people. Technologists like me can more easily understand our subculture's values and build those into our software. We have to be careful, though, since society as a whole may not have the same values as our smaller group of software developers. We as an industry need to focus on what benefits <i>all</i> as a sensible default, and that may be completely opposite of what we computer geeks think.<br />
<br />
We need a better understanding of social norms and how they relate to people's data online. That understanding can help map norms to the defaults we build into all the web-oriented software we make. Everything else then should then be an optional feature, like a seat belt.<br />
<br />
Though you may not use all of Firefox's privacy features, I do recommend wearing your seat belt. Really. It could save your life. :)<br />
<br />
<br />
--- Footnotes:--- <br />
<br />
† = <span style="font-size: x-small;">Okay, so the analogy breaks down since airbags aren't good for you unless your seat belt is engaged, but the gist is that you don't have to think about the airbags.</span><br />
<br />
†† = <span style="font-size: x-small;">And sure, "everyone" knows about seat belts, but pretend for this argument that they don't and the feature is more like those glass-breaking hammers that you can buy to free you from a submerged car; you can buy and use them, but they don't usually come with your car.</span>Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com3tag:blogger.com,1999:blog-8079863.post-53374866836032996742011-11-09T10:19:00.000-08:002011-11-09T11:27:02.634-08:00Firefox won't activate DNT by defaultFirefox isn't gonna turn on DNT by default because then DNT won't work.
<br />
<blockquote>
"As Do Not Track picks up steam and standardization is well underway in the W3C, people have begun asking, "If Do Not Track is so good for the web, why don't you turn it on by default?"
</blockquote>
<blockquote>
"Frankly, it becomes meaningless if we enable it by default for all our users. Do Not Track is intended to express an <i>individual's choice,</i> or preference, to not be tracked. It's important that the signal represents a choice made <i>by the person behind the keyboard</i> and not the software maker, because ultimately it's not Firefox being tracked, it's the user. "<br />
<br />
<a href="http://blog.mozilla.com/privacy/2011/11/09/dnt-cannot-be-default/">(Link)</a></blockquote>
Sure, we could run a few engagement campaigns to inform people about the option, but we won't make that decision for our users.<br />
<br />
<div style="color: red;">
<b>Edit</b> (9-Nov-2011 @ 11:24): </div>
<br />There are three different signals to consider in broadcasting the user's preferences for tracking:<br /><br />
1. User says they accept tracking<br />2. User says they reject tracking<br />3. User hasn't chosen anything<br /><br />We're defaulting to state 3: we don't know what the user wants, so we're not sending any signals to servers. The signal being sent should be the user's choice, not ours, so we don't broadcast anything until they've chosen what to send.<br />Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com8tag:blogger.com,1999:blog-8079863.post-6472944564560764642011-09-28T15:09:00.000-07:002011-09-28T17:06:41.494-07:00Measuring ProgressIn the reasonably short time that I've been involved with Mozilla, we've made amazing changes to the web and our Firefox browser. We've seen the adoption of HTML5, open video, and a slew of other features. This means the web is yet even more complex and by extension, so is Firefox.<br />
<br />
Sometimes Firefox doesn't perform as well as it should, and it's hard for us to understand why.<br />
<br />
Enter the Telemetry project. Our performance team, led by <a href="https://blog.mozilla.com/tglek/">Taras Glek</a>, <a href="https://blog.mozilla.com/tglek/2011/09/20/firefox-7-telemetry-faster-startup/">developed a feature that lets us measure performance-related stuff</a> as you use Firefox. Starting with the version of Firefox released today, you have the opportunity to opt-in to send us some of these statistics. They're not tied to you, and we will take a look at the data in aggregate to see if there are widespread problems in the various bits of Firefox's plumbing.<br />
<br />
I posted a note about this over on <a href="http://blog.mozilla.com/privacy/2011/09/27/building-privacy-into-telemetry/">The Mozilla Privacy Blog</a>. As we deployed this feature, we worked hard to make sure that our users will have choice and control of the data they send us. This involves a few bits of critical thinking: first, we have to make sure you're not surprised about this. Second, we make sure that we're only collecting what we need to make Firefox better. Third, our practices must be transparent (and not just open source, like we try to be clear about what we collect). Fourth, we make sure that you know you're sending us this data and can make it stop if you want.<br />
<br />
<a href="https://wiki.mozilla.org/Privacy/Reviews/Telemetry#Architecture">We wrote down how telemetry works</a> for you to read (if you want) and <a href="https://wiki.mozilla.org/Privacy/Reviews/Telemetry#User_Data_Risk_Minimization">how the feature lines up with our promises</a> put forth in the <a href="http://blog.mozilla.com/privacy/2011/01/12/mozillas-privacy-data-operating-principles/">Privacy Operating Principles</a> that we've been working with for a while now. As we add new probes to telemetry to see where to improve Firefox, we'll be <a href="https://wiki.mozilla.org/Privacy/Reviews/Telemetry/Measurements">cataloging those as well,</a> including risk analysis for stuff that's remotely private. We'll never collect stuff like your address or credit card numbers through this system (that'd be weird), but we may want to know which of the add-ons you're using that are slowing down Firefox.<br />
<br />
This risk analysis and privacy review are the things we plan to do with new Firefox features that involve your data; whether or not we collect anything, it's important that we live up to the operating principles we've put out, and Telemetry is an early example of how we plan to keep you in control.Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com0tag:blogger.com,1999:blog-8079863.post-75279265014417831482011-09-22T06:28:00.000-07:002011-09-22T06:28:57.508-07:00Careful... pixel-data access is pointy<a href="http://robert.ocallahan.org/2011/09/risks-of-exposing-web-page-pixel-data.html">Robert O'Callahan writes:</a>
<blockquote>
Some Web applications require the pixel data of Web pages to be exposed to Web applications [...] There are some pretty big security implications here. The biggest problem is cross-origin information leakage.
</blockquote>
He's right on. This has a bunch of subtle risks to haphazardly implementing pixel-data access. The one near and dear to my heart is the risk of defeating what we shipped a while back to <a href="http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/">stop the CSS- and JavaScript-based history sniffing.</a> Draw links, read colors, defeat fix. Not good. We can't just lie to the content script attempting to access the rendered data -- once it's drawn, it's really hard to figure out what's a link and what isn't.
So what do we do? Take a look at <a href="http://robert.ocallahan.org/2011/09/risks-of-exposing-web-page-pixel-data.html">this and the other issues with implementing pixel-data access over on his blog.</a> If you've got ideas, we're all ears.
Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com1tag:blogger.com,1999:blog-8079863.post-4799385297379136832011-09-08T10:46:00.000-07:002011-09-08T10:46:44.054-07:00mozilla privacy blogHey, good news! Mozilla has a privacy blog where we will be blogging about all sorts of privacy stuff.<br />
<br />
I'll continue to write about it here, but check it out for more reading. The latest post by Alex Fowler announces a field guide to DNT that discusses what to do when you receive the header, and what some other sites are already doing. He also talks about how many people have turned on DNT. <br />
<br />
Check it out: <a href="http://blog.mozilla.com/privacy/">Mozilla Privacy Blog</a>Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com0tag:blogger.com,1999:blog-8079863.post-64300862273710400582011-07-14T14:28:00.000-07:002011-07-15T10:26:20.567-07:00on unifying site behavior and consentLets face it, the users of your ShinyNewWebSite(beta) will never know exactly how it works. Perhaps that's by design (look, it's magic!), perhaps that's simply because they're not computer programmers, but this is the reality.<br />
<br />
So there's this problem: how do I get users to provide <i>informed consent</i> to use my shiny new data collection web site? I want to do some really cool stuff, but I want the users of the site to know what's happening and feel in control.<br />
<br />
This is hard. I think there's a ton of value in data mining and personalization, and it's not reasonable to expect users to comprehend the entire process of how their data is collected and used. We do however need to empower users to manage trust for the organizations who collect and use their data, and one way to do this is to get them closer to understanding what happens.<br />
<br />
Here's one way I've been thinking about this: on one end of a spectrum are the users; they have values and want to assert protection over some of their data. On the other end of the spectrum are the web sites; they produce value from the users' data and want to be honest and compliant with users' desires. Right now there's often a <i>huge</i> gap between what users want and what sites actually do with their data. We need to shrink this gap. <br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-mUVaskrUkLQ/Th889c4f17I/AAAAAAAAAhg/Qcetc7LoHYo/s1600/gap-closing-1.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="71" width="320" src="http://2.bp.blogspot.com/-mUVaskrUkLQ/Th889c4f17I/AAAAAAAAAhg/Qcetc7LoHYo/s320/gap-closing-1.png" /></a></div><br />
I've talked about this gap from a user's perspective before (<a href="http://blog.sidstamm.com/2010/07/mind-gap.html">the privacy perception gap</a>) and ultimately this gap leads to shock and discomfort. In Firefox 4, we deployed DNT as one feature to help shrink the gap from the user's informed-consent side.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-Lk2oo1ldIzo/Th889QyqTHI/AAAAAAAAAho/1NKY7IWxvGE/s1600/gap-closing-2.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="71" width="320" src="http://1.bp.blogspot.com/-Lk2oo1ldIzo/Th889QyqTHI/AAAAAAAAAho/1NKY7IWxvGE/s320/gap-closing-2.png" /></a></div><br />
Anything we can do to help make obvious users' preferences and privacy choices shrinks the gap from the user side, but we should work from the site's side as well, and hope the efforts meet somewhere in the middle. What else can we do to help bring site behavior into to the user's mental model of what's going on?<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-mBQ67WGGM-8/Th889taSmuI/AAAAAAAAAhw/vmB2mZSwSyo/s1600/gap-closing-3.png" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="71" width="320" src="http://2.bp.blogspot.com/-mBQ67WGGM-8/Th889taSmuI/AAAAAAAAAhw/vmB2mZSwSyo/s320/gap-closing-3.png" /></a></div><br />
We need something new to improve upon privacy policies. We need something more objective than self-explanation. We need something empirical that can be measured, digested and shown to users. We need technology that makes it easier for people to peer into the opaque bits of the web and see what data is collected and how it's used. While it's not realistic to expect a silver bullet that makes all users instantly understand how sites work, we should still try hard; let's throw all the ideas that we have out on the table and approach this gap with as many tools as we have to try and shrink it.Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com1tag:blogger.com,1999:blog-8079863.post-66000000324995235042011-06-20T14:47:00.000-07:002011-06-22T16:47:37.451-07:00Markus Jakobsson: why we must ask "why" in designing secure systemsOn Wednesday (June 22 @ 12pm PDT), Markus Jakobsson will talk about some of the security research he's been working on. Join us to hear some stories and learn how and why to build in security from the ground up! Details below. This will be streamed to the world on <a href="http://air.mozilla.org/">air mozilla</a>, and hosted at the Mozilla HQ in Mountain View.<br />
<br />
<span style="color:red;">22-June-2010 EDIT:</span> The video is <a href="http://videos.mozilla.org/serv/air_mozilla/06222011_brownbag.ogg">available here</a>.<br />
<br />
<table><tr><td><b>Where:</b></td><td>Mozilla HQ (10-forward) and <a href="http://air.mozilla.org/marketing">Air Mozilla (marketing site)</a></td></tr>
<tr><td><b>Speaker:</b></td><td><a href="http://www.markus-jakobsson.com/">Dr. Markus Jakobsson</a></td></tr>
<tr><td><b>Subject:</b></td><td> "Why we must ask 'why' in designing secure systems"</td></tr>
<tr><td colspan=2><br />
<b>Summary:</b> Computer security has a tradition of responding to the symptoms of problems without taking the time to ask what the sources of the problems are. Markus will argue that this approach has made the user authentication experience frustrating and vulnerable; enabled phishing; and created a tremendous market for malware. Markus will give examples of some well-known approaches that were designed without a thorough understanding of the underlying problems and limitations, and how they could be redesigned and improved. In particular, he will cover web and app spoofing; mobile passwords; and bullet-proof detection of malware.</td></tr>
</table><br />
Join Us!Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com2tag:blogger.com,1999:blog-8079863.post-62383100090155600142011-05-26T14:08:00.000-07:002011-05-26T17:12:10.487-07:00managing your relationship with sites<i>This post is co-written by Margaret Lebovic and Sid Stamm. This article is <a href="http://blog.margaretleibovic.com/post/5877776043/managing-your-relationship-with-sites">cross-posted on Margaret's blog</a></i><br />
<br />
As the web becomes more and more complex (and AWESOME), it's important that you can manage your relationship with the variety of sites out there. Sure, Firefox 4 has a Page Info dialog that lets you control what a web page is allowed to do, including whether you want to let it store data on your computer, access your location information, open pop-up windows, and on and on. However, this dialog only lets you manage your relationship with the one page you're currently visiting, not the entire set of sites you visit on the web.<br />
<br />
We think it's important to be able to manage your whole relationship with web sites in an intuitive way, and that's why we're exited to show you what we've started working on: a site-based permissions interface.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://blogfiles.sidstamm.com/aboutpermissionsdialog.jpg" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="154" width="400" src="http://4.bp.blogspot.com/-uUgV8mcICFc/Td6_c7JUmXI/AAAAAAAAAfE/BxcB86UPy3s/s400/Screen%2Bshot%2B2011-05-26%2Bat%2B1.59.38p.png" /></a></div><br />
This feature is still experimental, but you can give it a shot. In the future, we'll be putting some polish on the UI, adding more controls like <a href="http://forcetls.sidstamm.com/">"always access securely" (HSTS)</a>, and hopefully giving you a better view of what a site knows about you. We also want to integrate this permissions manager with the site identity block in the location bar for quick and easy access.<br />
<br />
Try it out! <a href="http://nightly.mozilla.org/">Grab a Firefox nightly build</a> and try out the feature by typing <a href="about:permissions">about:permissions</a> into the location bar.<br />
<br />
<i>(Credit: thanks to <a href="http://jboriss.wordpress.com/">Jennifer Boriss</a>, <a href="http://twitter.com/#!/mehdiisdumb">Medhi Mulani</a> and <a href="http://blog.margaretleibovic.com/">Margaret</a> for all the hard work on this project.)</i>Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com23tag:blogger.com,1999:blog-8079863.post-52404480407530986402011-05-20T09:56:00.000-07:002011-05-20T10:06:36.720-07:00Do Not Track -- Now on Firefox Mobile!Since we <a href="http://blog.sidstamm.com/2011/01/opting-out-of-behavioral-ads.html">first announced our implementation of the Do Not Track HTTP<br />
header</a>, we've seen an amazing amount of <a href="http://blog.mozilla.com/blog/2011/03/30/advertisers-and-publishers-adopt-and-implement-do-not-track/">support from trade groups</a>, and even <a href="http://www.computerworld.com/s/article/9214669/IE9_follows_Firefox_4_s_lead_on_Do_Not_Track_">other</a> <a href="http://arstechnica.com/apple/news/2011/04/safari-to-gain-do-not-track-support-in-lion.ars">browser</a> makers.<br />
To build on our view that you should have control of how you're tracked<br />
on not only desktop computers but also your mobile devices, we're<br />
excited to announce that the latest <a href="http://www.mozilla.com/en-US/m/">beta of Firefox for Android</a> also includes this feature.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-jDNgxjqGS5U/TdAO6ue8CxI/AAAAAAAAAes/sQvFWeHMBQk/s1600/DNT_Mobile_Final.png" imageanchor="1" style="clear:right; float:right; margin-left:1em; margin-bottom:1em"><img border="0" height="320" width="192" src="http://1.bp.blogspot.com/-jDNgxjqGS5U/TdAO6ue8CxI/AAAAAAAAAes/sQvFWeHMBQk/s320/DNT_Mobile_Final.png" /></a></div>You can enable Do Not Track in the latest <a href="http://www.mozilla.com/en-US/m/">beta of Firefox for Android</a> through an<br />
easy-to-find switch in the preferences--see image to the right, and websites will see exactly the same signal that Do Not Track-enabled desktop browsers send. Every time Firefox loads a web page, image, or advertisement it includes a "DNT: 1" signal that tells the entire web you don't want to be tracked.<br />
<br />
The web on your phone should be the same web as on your desktop, so to<br />
provide this consistency we've put the exact same Do Not Track feature<br />
in both the desktop and mobile versions of Firefox.<br />
<br />
Try it out today! <a href="http://www.mozilla.com/m/">Grab the latest beta of Firefox for Android</a> and turn on the feature. If you visit my blog from Firefox (mobile or desktop) with Do Not Track turned on, the widget below will glow green just for you.<br />
<br />
<p style="text-align:center;"><a href="http://dnt.mozilla.org/"><img src="http://dnt.mozilla.org/dnt_status.php" style="border:2px solid;padding:0;" /></a></p>Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com6tag:blogger.com,1999:blog-8079863.post-79669005654355066692011-05-15T11:36:00.000-07:002011-05-15T11:36:49.348-07:00Clearing Flash cookies using FirefoxBack in March, we shipped Firefox 4 with a feature that sends a signal to plugins like Flash and Silverlight when you clear your cookies. <a href="http://blogs.adobe.com/asset/2011/05/advancing-flash-player-privacy-and-security.html">Adobe has announced that starting with Flash Player version 10.3, they'll be listening to the signal</a>! This is exciting, because clearing your flash cookies is as easy as clearing regular cookies in this latest version of flash.<br />
<br />
Here's when Firefox 4 tells Flash Player version 10.3 to delete LSOs (Flash cookies):<br />
<ul><li>When you clear all your cookies in Firefox using "clear recent history" [<a href="http://support.mozilla.com/en-US/kb/Clear%20Recent%20History?s=clear+cookies&as=s">how-to link</a>]</li>
<li>When you choose "forget about this site" in your library (history) window [<a href="http://support.mozilla.com/en-US/kb/Clear%20Recent%20History?s=forget+this+site&as=s#w_how-do-i-remove-a-single-website-from-my-history">how-to link</a>]</li>
<li>When you quit Firefox, if you have Firefox configured to clear your cookies automatically upon exit [<a href="http://support.mozilla.com/en-US/kb/Clear%20Recent%20History?s=forget+this+site&as=s#w_how-do-i-make-firefox-clear-my-history-automatically">how-to link</a>]</li>
</ul><br />
<a href="http://blog.chromium.org/2011/04/providing-transparency-and-controls-for.html">Chrome</a> and <a href="http://blogs.msdn.com/b/ie/archive/2011/05/03/deleting-flash-cookies-made-easier.aspx">Internet Explorer</a> are also supporting this behavior, so this is fantastic news for everyone's privacy on the web!<br />
<br />
More reading for techies:<br />
<ul><li><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=508167">The relevant Firefox bug</a></li>
<li><a href="https://wiki.mozilla.org/NPAPI:ClearSiteData">The NPAPI specification</a></li>
<li><a href="http://blogs.pcmag.com/securitywatch/2010/02/next_flash_version_will_suppor.php">Previous story about supporting Private Browsing mode</a></li>
</ul>Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com13tag:blogger.com,1999:blog-8079863.post-60357174963382842142011-03-24T16:08:00.000-07:002011-03-24T16:08:47.796-07:00Force-TLS compatible with Firefox 4!I've updated the <a href="https://addons.mozilla.org/en-US/firefox/addon/force-tls/">Force-TLS</a> Firefox Add-On to work with the newest version of Firefox! Force-TLS version 3.0.0 should work in all Firefox 3.0 and newer.<br />
<br />
So what does this mean? Well, HTTP Strict-Transport-Security (HSTS) is implemented in Firefox 4, and that's a pretty similar technology to Force-TLS. In fact, it is nearly identical except there's no UI in Firefox 4. If you install Force-TLS, you'll get a UI and also get the built-in HSTS support that's implemented much more completely and efficiently than any add-on. A while ago, <a href="http://blog.sidstamm.com/2010/10/managing-hsts-data.html">I blogged about an experimental add-on called STS-UI</a> that adds a UI to HSTS; Force-TLS shows essentially the same user interface but I've been wanting to keep both the back-end for Firefox 3.x and the front-end for all versions of Firefox in the same add-on.<br />
<br />
So what's new in version 3.0.0? <br />
<ul><li><i>Smarter:</i> The invisible bits of Force-TLS are restructured to use the custom HTTPS-upgrading and header-noticing bits for earlier Firefox versions but use the HSTS back-end built into Firefox 4 when it's available.</li>
<li><i>Better:</i> A few bugs in the user interface were fixed. </li>
<li><i>Organized:</i> I've moved the code into an open source repository. </li>
</ul><br />
I've got a list of enhancements queued up for the next version of Force-TLS, but not a whole lot of time to work on it. If you'd like to help make Force-TLS more awesome, send an email to <a href="mailto:forcetls@sidstamm.com">forcetls@sidstamm.com</a><br />
<br />
Previously:<br />
<ul><li><a href="http://blog.sidstamm.com/2010/10/managing-hsts-data.html">Managing HSTS data</a><li><a href="http://blog.sidstamm.com/2010/08/http-strict-transport-security-has.html">HTTP Strict Transport Security has Landed!</a><br />
<li><a href="http://blog.sidstamm.com/2009/11/update-on-https-security.html">Update on HTTPS Security</a><br />
<li><a href="http://blog.mozilla.com/security/2009/07/27/locking-up-the-valuables-opt-in-security-with-forcetls/">Locking up the Valuables with Force-TLS</a><br />
</ul>Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com3tag:blogger.com,1999:blog-8079863.post-89650856292655436492011-03-09T09:14:00.000-08:002011-03-09T09:15:13.145-08:00Do-Not-Track Standardization has BegunThanks to a lot of hard work by <a href="http://www.stanford.edu/~jmayer/">Jonathan Mayer</a> and <a href="http://www.cs.utexas.edu/~arvindn/">Arvind Narayanan</a> (the <a href="http://donottrack.us/">donottrack.us</a> guys at Stanford), <a href="http://cyberlaw.stanford.edu/node/6633">we've submitted a draft specification to the IETF</a> for review. We've proposed <a href="http://tools.ietf.org/html/draft-mayer-do-not-track-00">a specification</a> that not only outlines what the DNT HTTP header should look like, but also how servers can honor a user's choice for privacy. <br />
<br />
This draft is just the beginning: there will be much debate, but we want you to be part of it.<br />
<br />
More:<br />
<ul><li><a href="http://cyberlaw.stanford.edu/node/6633">Link To Related Stanford Announcement</a><br />
<li><a href="http://tools.ietf.org/html/draft-mayer-do-not-track-00">Link To DNT specification draft</a><br />
<li><a href="http://tools.ietf.org/html/draft-cooper-web-tracking-opt-outs-00">Link To Alissa Cooper's DNT feature round-up</a><br />
</ul>Sid Stammhttp://www.blogger.com/profile/08788622306405563565noreply@blogger.com0