Yesterday Apple announced a big step towards deploying real AI in their Siri ecosystem. In most ways this is good and inevitable: Siri is one of the world’s most widely-used voice agents, and it would be good if it didn’t suck. The idea that Apple would boost its capabilities with frontier models wasn’t so much … Continue reading The future…
#privacy
28 posts
9 Jun
19 May
Your fridge could be a threat to national security
Stack OverflowOn the floor of HumanX, Ryan is joined by Adam Meyers, Senior VP of Counter Adversary Operations at Crowdstrike, for a deep dive on their latest Global Threat Report that tracks over 281 adversaries across nation states, e-crime, and hacktivist organizations. …
14 Apr
Discover how Airbnb prioritizes user privacy while building a more connected community, empowering guests to engage socially, connect confidently, and maintain control of their personal data. By: Joy Jing ✨ Building a more connected community At Airbnb, our hosts and guests form the heart of our community. As shared by CEO Brian Chesky , we’re evolving into a more social…
2 Mar
This post has been on my back burner for well over a year. This has bothered me, since with every month that goes by, I become more convinced that anonymous authentication the most important topic we could be talking about as cryptographers. This isn’t just because I love neat cryptography: it’s that I don’t trust … Continue reading Anonymous credentials:…
19 Aug 2025
Firefox is now the first and the only browser to deploy fast and comprehensive certificate revocation checking that does not reveal your browsing activity to anyone (not even to Mozilla). Tens of millions of TLS server certificates are issued each day to secure communications between browsers and websites. These certificates are the cornerstones of ubiquitous […] The post CRLite: Fast,…
11 Jan 2024
It’s been a while since I wrote an “attack of the week” post, and the fault for this is entirely mine. I’ve been much too busy writing boring posts about Schnorr signatures! But this week’s news brings an exciting story with both technical and political dimensions: new reports claim that Chinese security agencies have developed … Continue reading Attack of…
11 Oct 2022
Designing and engineering a messaging system that is used by 6.8 million students and half a million teachers in K-12 schools is no easy feat. While the typical threats against online systems from unauthorized and unauthenticated access to sensitive information remain, the school environment compounds privacy challenges as additional entities such as guardians, co-teachers, and […] The post Privacy and…
8 Feb 2022
Before we roll out State Partitioning for all Firefox users, we intend to make a few privacy and ergonomic improvements to the Storage Access API. In this blog post, we’ll detail a few of the new changes we made. The post Improving the Storage Access API in Firefox appeared first on Mozilla Hacks - the Web developer blog.
6 Oct 2021
In a world where data and AI are reshaping society, people currently have no tangible way to put their data to work for the causes they believe in. To address this, we built the Rally platform, a first-of-its-kind tool that enables you to contribute your data to specific studies and exercise consent at a granular level. Mozilla Rally puts you…
14 Jan 2021
Black Mirror: Bandersnatch (2018) is an interactive film in which viewers are periodically asked to make decisions for the main character Stefan Butler, the decisions then result in different scenes, and paths through the film, resulting in a branching path to a variety of endings. Think “choose-your-own-adventure”, but in interactive video. Since television viewers are conditioned to be passive spectators,…
3 Apr 2020
Distinguished engineer Martin Thomson explains how this problem occurred, the implications for people who might be affected, and how problems of this nature might be avoided in future. To get there, we need to dig a little into how web caching works. The post Twitter Direct Message Caching and Firefox appeared first on Mozilla Hacks - the Web developer blog.
13 Oct 2019
This morning brings new and exciting news from the land of Apple. It appears that, at least on iOS 13, Apple is sharing some portion of your web browsing history with the Chinese conglomerate Tencent. This is being done as part of Apple’s “Fraudulent Website Warning”, which uses the Google-developed Safe Browsing technology as the … Continue reading How safe…
5 Jun 2019
At Monday’s WWDC conference, Apple announced a cool new feature called “Find My”. Unlike Apple’s “Find my iPhone“, which uses cellular communication and the lost device’s own GPS to identify the location of a missing phone, “Find My” also lets you find devices that don’t have cellular support or internal GPS — things like laptops, … Continue reading How does…
15 May 2019
In designing Mozilla WebThings, we have consciously insulated users from servers that could harvest their data, including our own Mozilla servers, by offering an interoperable, decentralized IoT solution. Learn about the user research that informs our project, and how we've engineered privacy by design into every aspect of Mozilla WebThings. The post Empowering User Privacy and Decentralizing IoT with Mozilla…
23 Sept 2018
This blog is mainly reserved for cryptography, and I try to avoid filling it with random “someone is wrong on the Internet” posts. After all, that’s what Twitter is for! But from time to time something bothers me enough that I have to make an exception. Today I wanted to write specifically about Google Chrome, … Continue reading Why I’m…
24 Jul 2018
Clever Goals is a new product that tracks students’ educational software usage. It creates progress data, a new type of data for Clever. This sensitive data needs to be protected from unauthorized access, and users should feel in control over how it’s used. How does the Clever security team make sure that new products like […] The post Securing New…
1 May 2018
Alarm goes off, time to wake up. Snooze alarm, and then repeat: check email, check Facebook, check Twitter, check Snapchat, rinse; repeat again; no new posts? Check again. No second spared to compose a thought; dreams fade away. Day continues just the same way — rise, rinse, repeat, repeat. Can’t spare time to sit and relax, can’t let your mind…
10 Dec 2017
Privacy is a fundamental human right. It is the right to control to whom and to what information is shared with others. Privacy protects the criteria used to determine how information is deemed private. Simply put, it’s ones right to keep or share information they themselves deem as private; something is private when one deems it thus. Since the advent…
10 Jan 2017
The password is both a ubiquitous and brittle security mechanism. With the emergence of new security trends like post-quantum cryptography and IoT-botnet attacks, it’s easy to overlook attacks that exploit guessable, reused, or coerced passwords. But the wherewithal among users to use strong passwords and keep them safe is rare. Despite decades of practice, managing […] The post Securing Saved-password…
13 Aug 2016
TL;DR: No, it isn’t. If that’s all you wanted to know, you can stop reading. Has anybody noticed that Apple just gave a talk about how they secured a master key that would allow en-masse brute-forcing of device PINs — Pwn All The Things (@pwnallthethings) August 9, 2016 Still crazy how Apple went to BlackHat, … Continue reading Is Apple’s…
15 Jun 2016
Yesterday at the WWDC keynote, Apple announced a series of new security and privacy features, including one feature that’s drawn a bit of attention — and confusion. Specifically, Apple announced that they will be using a technique called “Differential Privacy” (henceforth: DP) to improve the privacy of their data collection practices. The reaction to this … Continue reading What is…
12 May 2016
Clever Badges makes it easy for K-2 students to log into applications. As with any new feature, we wanted to understand and address any potential security risks before we launched Clever Badges to our users. If we built Clever Badges without thinking deeply about security, it would have been easy to introduce a vulnerability and […] The post Clever Badges…
31 Mar 2015
Lets face it, Do Not Track (DNT) is dying a slow death. Content providers are either ignoring the setting, or giving lip service to DNT while taking no action behind the scenes. Worse yet, if users are able to find the browser preference, they don’t understand its purpose or value. Enabling the feature is confusing, and quite inconsistent between browser…
18 Mar 2015
Student Data privacy and security are our foremost responsibilities here at Clever. We invest heavily to ensure that we are improving privacy for schools, students, and teachers, and we make sure that everyone at Clever is constantly working towards this goal. About five months ago, we were made aware of aspects of our privacy policy […] The post Open Sourcing…
10 Feb 2015
If you haven’t read Julia Angwin’s excellent profile of GnuPG’s lead developer Werner Koch, now would be a great time to check it out. Koch, who single-handedly wrote GnuPG in 1997, has been doggedly maintaining the codebase ever since — and not getting paid very well for it. Despite good intentions on all sides, Koch … Continue reading How do…
29 Oct 2014
A few years ago I came across an amusing Slashdot story: ‘Australian Gov’t offers $560k Cryptographic Protocol for Free‘. The story concerned a protocol developed by Australia’s Centrelink, the equivalent of our Health and Human Services department, that was wonderfully named the Protocol for Lightweight Authentication of ID, or (I kid you not), ‘PLAID‘. Now to … Continue reading Attack…
13 Aug 2014
Last Thursday, Yahoo announced their plans to support end-to-end encryption using a fork of Google’s end-to-end email extension. This is a Big Deal. With providers like Google and Yahoo onboard, email encryption is bound to get a big kick in the ass. This is something email badly needs. So great work by Google and Yahoo! … Continue reading What’s the…
6 Sept 2013
Let me tell you the story of my tiny brush with the biggest crypto story of the year. A few weeks ago I received a call from a reporter at ProPublica, asking me background questions about encryption. Right off the bat I knew this was going to be an odd conversation, since this gentleman seemed … Continue reading On the…