I've been writing a lot of Rust recently, and as anyone who has learned Rust can tell you, a huge part of the process of learning Rust is learning to work within its restrictive memory model, which forbids many operations that would be perfectly legal in either a systems programming language like C/C++ or a more dynamic language like Python or...
[Edited to change the title and subtitle -- 2024-12-28]. Two children under a trenchcoat. Image from ChatGPT. My long-time collaborator Richard Barnes[1] used to say that "in security, trust is a four letter word", and yet the dominant experience of using any software-based system—which is, you know, pretty much anything electronic—is trusting...
Image by Kate Hudson with help from Photoshop AI I recently learned that Southwest has a policy of giving passengers who don't fit in a single seat a free second seat. This isn't an issue for me personally, but I was curious how it worked and that lead me to Southwest's page on how to book a second seat: Southwest's passenger entry field Here are...
My "A" races for 2024 were Sean O'Brien 100K at the end of January and Tushars 100K at the end of July. 6 months is a long training block and so I decided to break it up with something in between. I've been leaning towards mountainous races with a lot of vert lately (SOB notwithstanding) and after doing a bunch of searching on UltraSignup I...
Generated by Midjourney. Prompt "Man waiting for EV to charge, bored expression, EV charging station, photorealistic --ar 4:3" I spent some time reading this HN thread in response to Wired's article on how many EV charging stations we need and I'm dumber than when I started (isn't that usually the way it is on the orange site?). On one side, we...
As mentioned in previous posts, the IETF has decided not to add support for post-quantum (PQ) encryption algorithms to TLS 1.2. In fact, the TLS WG is taking a rather stronger position, namely that it's going to stop enhancing TLS 1.2 more or less entirely, including support for PQ algorithms: While the industry is waiting for NIST to finish...
Illustration by Kate Hudson with MidJourney and Photoshop AI. Recently, I wrote about how the Internet community is working towards post-quantum algorithms in case someone develops a cryptographically relevant quantum computer (CRQC). That's still what everyone is hoping for, but nobody really know when or even if a CRQC is developed, and even in...
It's a cruel irony that just as encryption is finally becoming ubiquitous, quantum computers threaten to tear it all down. Firefox HTTPS usage The technical details aren't that important (see here for some background), but the TL;DR version is that many of our cryptographic algorithms are designed to be difficult to break using "classical"...
On Saturday 1/27 I ran the Sean O'Brien (SOB) 100K in Southern California. I ran this same race back in 2021 and got my 100K PR, so I knew the course and felt like it was an opportunity to do better. My training had been going well and I was dropping PRs on my local courses, so I was looking forward to a strong race and taking off bunch of time,...
This is part II in my series about Certificate Transparency (CT) and transparency systems. In part I, we looked at how to build a simple transparency system that guaranteed that each certificate was published and that each participant in the system has the same view of the list of certificates. This prevents covert misissuance of certificates and...
Identifying the communicating endpoints is a key requirement for nearly every security protocol. You can have the best crypto in the world, but if you aren't able to authenticate your peer, then you are vulnerable to impersonation attacks. If the peers have communicated before, it is sometimes possible to authenticate directly, but this doesn't...
After a kind of disappointing—but still the right call—decision to DNF at Teanaway 100, I found myself with a big pile of fitness, nothing planned for the rest of the year, but not really ready to just call it a season and start thinking about 2024. There weren't any races left I wanted to do, so instead I decided to try one of the adventure run...
window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } The privacy of Web search is tragically bad. For those of you who haven't thought about it, the way that search works is that your query (i.e., whatever you typed in the URL bar) is sent to the search engine, which responds with a search results page (SERP)...
My two races this season were to be Broken Arrow Skyrace and then a hundred to be named later. I'd originally planned to do Whistler Alpine Meadows 100 but then it was cancelled in February and I spent a long time procrastinating but finally settled on Teanaway Country 100. Teanaway is about the opposite of UTMB: a tiny low-key race (59 entrants...
In my post on Chrome's Web Environment Integrity (WEI) proposal I briefly mentioned Apple's Private Access Tokens (PAT) mechanism, which, as Tim Perry observes, is already deployed. The stated use case for Private Access Tokens is to reduce the need for CAPTCHAs (the little puzzles you get asked to solve to prove that you are a human). This is a...
Chrome's Web Environment Integrity (WEI) proposal for remote Web browsing attestation is being justly criticized from a broad variety of perspectives (Mozilla Standards Position, Brave, EFF). I certainly agree that WEI is bad news, and I'll get to that part eventually, but first I'd like to situate it in the broader context, both of the Web and...
The Internet is a mess, and one of the biggest parts of that mess is Network Address Translation (NAT), a technique which allows multiple devices to share the same network address. This is part IV in a series on how NATs work and how to work with them. You may want to go back to and review part I (how NATs work), part II (basic concepts of NAT...
This year has turned out to be light on racing in part because I was kind of wiped out after last year and in part because I had signed up for the Broken Arrow Skyrace in Tahoe in June. Broken Arrow isn't actually one race but a race festival that takes place over three days. All of the races are relatively short compared to what I usually do...
The Internet is a mess, and one of the biggest parts of that mess is Network Address Translation (NAT), a technique which allows multiple devices to share the same network address. This is part III in a series on how NATs work and how to work with them. In part I I covered NATs and how they work, and part II covered the basic concepts of NAT...
window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } Bluetooth-based tracking tags like AirTags and Tiles are fantastically useful for finding lost stuff like your keys, your bike, or your cat. Unfortunately, they are a dual use technology which is also easy to use for surreptitiously tracking other people. This isn't...
The Internet is a mess, and one of the biggest parts of that mess is Network Address Translation (NAT), a technique which allows multiple devices to share the same network address. This is part II in a series on how NATs work and how to work with them. In Part I I covered NATs and how they work. If you haven't read that post, you'll want to go...
The Internet is a mess, and one of the biggest parts of that mess is Network Address Translation (NAT), a technique which allows multiple devices to share the same network address. In this series of posts, we'll be looking at NATs and NAT traversal. This post is on NATs and the next one will be on NAT traversal techniques.[1] Background: IP...
As I mentioned in some previous posts, the EU Digital Markets Act (DMA) requires interoperability for number independent interpersonal communications services (NICS), which is to say stuff like messaging (what we used to call "Instant Messaging") as well as real-time media (voice and video calling). Specifically Article 7 says that: 2. The...
Via Joseph Lorenzo Hall, Patrick Breyer, and EDRI, I see that the EU's Internet Filtering requirements (sometimes called "chat control") are continuing to move forward. The legal language is a bit hard to wade through, but it appears to require Internet Service Provider (ISPs) to block specific content on Web sites, identified by URL. Article 16...
Most people who use the Internet just have some vague idea that it carries data from point A to point B (famously, through a series of tubes). Even people who regularly work on Internet systems tend to work with it through many layers of abstraction, without a clear understanding of the infrastructure components that make it work. This post is...
You'll notice that in my post on end-to-end voting I never mentioned the word "blockchain". However, there's been quite a bit of interest in the "crypto"[1] community around somehow using the blockchain to "fix" voting. For instance, here's Binance CEO Changpeng Zhao arguing back in 2020 that it will lead to more secure elections with faster...
.img-wrap { display: inline-block; } .img-wrap img { width: 80%; } window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } Note: this post contains a bunch of LaTeX math notation rendered in MathJax, but it doesn't show up right in the newsletter version. You may want to instead read the version on the site. Earlier...
In a recent article the NYT reports that in the US when nuclear weapons are retired they aren't destroyed but just stored: Typically, nuclear arms retired from the U.S. arsenal are not melted down, pulverized, crushed, buried or otherwise destroyed. Instead, they are painstakingly disassembled, and their parts, including their deadly plutonium...
Disclaimer: Like the rest of the material on EG, these are my opinions and not those of my employer. Over at the day job I've been spending quite a bit of time dealing with the proposed eIDAS Article 45.2, which would require browsers to accept *Qualified Website Authentication Certificates (QWACS) issued by certificate authorities approved by...
The first generation of Internet communications was dominated by largely decentralized—and barely managed—communications systems like USENET and IRC, built on documented, interoperable protocols. By contrast, the current generation is highly centralized, built on a small number of disconnected siloes like Twitter, Facebook, TikTok, etc. In light...
As I mentioned previously in my posts on private browsing and public WiFi, if you really want to keep your activity on the Internet private, you need some way to protect your IP address (i.e., the address that machines on the Internet use to talk to your computer) and the IP addresses of the servers you are going to. There are a variety of...
Warning: this post didn't come out quite as tight as I was hoping. I think there are a bunch of interesting ideas and connections to be drawn, but they don't hang together as well as I wanted. That said, I'm not quite sure how to improve things, and so I'm just going to post it as-is. The Internet has plenty of bits, after all. Max Chafkin's...
One of the most common security and privacy questions I get is whether it's safe to use public WiFi networks (and whether you should use a VPN). The answer is "it depends", for the reasons I lay out below. If you want to skip the rest of this, I'll tell you that I mostly just use airport and hotel WiFi but am more hesitant about it if I have to...
As pretty much everyone is now aware, there are two main kinds of COVID test: At-home based antigen tests (often called "lateral flow") Lab-based molecular tests (often called "PCR" [though not all molecular tests are PCR—2022-09-14]) Lateral flow and PCR are both descriptions of the technology used in the test, but unless you already know what...
Probably the two most prestigious events in trail ultrarunning are the Western States Endurance Run (Western States), held in June in California, and the Ultra-Trail du Mount-Blanc (UTMB), held in August in Chamonix, France. Both are 100-mile events (UTMB is actually 171 km/107 mi) and draw the top ultradistance runners. Americans tend to know...
window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } In my post on Safe Browsing I mentioned that one possible solution to the problem of querying the Safe Browsing database is Private Information Retrieval (PIR) and then waved my hands vigorously about it being crypto magic. In this post, I'm going to attempt to...
The Web is full of bad stuff and it's the browser's job to protect you from it as best it can. For certain classes of attack, such as attempts to subvert your computer, that is a conceptually straightforward matter of hardening the browser, as described in the Web security guarantee: users can safely visit arbitrary web sites and execute scripts...
As I discussed in an earlier post, it looks like the EU [corrected an embarassing typo that had this as UK -- EKR] Digital Markets Act (DMA) is going to require interoperability between messaging systems. That previous post focused on how to establishing end-to-end encryption between messaging systems. In this post I want to talk about the...
On July 17th, I raced the Pacifica Foothills 30K. This wasn't really on my training calendar, but a colleague decided to run it and I offered to drive her, figuring I could fit in a catered 18 mile training run. And then at the last minute my friend Lisa decided to run the 21K, so it was a bit of a group thing. [Photos from Runalyze] Because this...
window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } Note: this post contains a bunch of LaTeX math notation rendered in MathJax, but it doesn't show up right in the newsletter version. Check out the Web version where they render correctly. The New York Times reports that both James Comey and Andrew McCabe were...
[Map and profile via Runalyze] Last year, my training partner Chris Wood and I ran the Tenaya Loop route around Yosemite. This route was pioneered by former ultrarunning and current FKT star Leor Pantilat. It turned out to be harder than we expected, and we ended up bailing out partway through. This year I was scheduled to do Old Cascadia 50 on...
Recently I was interviewed by for an article about how to privately search for reproductive health services. During the discussion I found myself explaining the different privacy features available to Web users and wishing that I had something written to point to. Hence this post. Types of Tracking # First, it's important to be clear about what...
This is part VI of my series on the Web security model (parts I, II, outtake, III, IV, V). I'd been planning to talk about microarchitectural attacks next, but it's pretty hard to understand without some background on overall browser architecture, so I'll be covering that first. Background: Operating System Processes # We actually have to start...
.img-wrap { display: inline-block; } .img-wrap img { width: 100%; } Recently Jack Dorsey announced a new project called Web5 which is billed as "an extra decentralized web platform". I've now had time to take a look at the pitch deck and some of the specifications. This post provides some initial impressions. Overall Idea # Although Web5...
.img-wrap { display: inline-block; } .img-wrap img { width: 40%; } OK, so I managed to get through my post on identity while only using the word "blockchain" twice. However, the story of self-sovereign identity/decentralized identity is inextricably intertwined with blockchains: much of the interest in decentralized identity comes out of the...
You often hear a lot about "identity" on the Internet, but in my experience, the situation tends to be pretty muddled. This post is my attempt to try to unpack a number of different concepts surrounding identity as well as some of the relevant technologies. The most basic function that people think of when they think of identity is what might...
As I mentioned in my post on EU's proposed CSAM regulation, any content filtering system has to worry about nonconforming clients which are trying to evade filtering. One obvious approach is to lie about message contents or the output of filtering algorithms. Another method of nonconformance that is often proposed is multiple encryption, in which...
window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } Last week the European Commission published a new "Proposal for a Regulation laying down rules to prevent and combat child sexual abuse". This regulation would require Internet communications platforms to take various actions intended to prevent or at least reduce...
This is part IV of my series on the Web security model (parts I, II, outtake, III, IV). In this post, I cover data leaks via side channels. Recall the discussion from part III about the basic guarantee of the Web security model, which is that it is safe to visit even malicious sites. As discussed in that post, the browser enforces a set of rules...
window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } There's been a lot of interest lately in what's often termed the Decentralized Web (dWeb), though now it's quite common to hear the term Web3 used as well. Mapping out the precise distinctions between these terms—assuming that's possible—is outside the scope of this...
This is part IV of my series on the Web security model (parts I, II, outtake, III). In this post, I cover cross-origin resource sharing (CORS), a mechanism for reading data from a different site. As discussed in part III, the Web security model allows sites to import content from another site but generally isolates that content from the importing...
Last weekend I raced the Lake Sonoma 50 mile up in Northern California. In ultra circles, Sonoma is well known for being very runnable, which—in the ultra context—means that there aren't a lot of long or steep hills and it mostly consists of dirt fire roads and smooth non-technical single-track (i.e., one person wide) trails, so you can plausibly...
The news the the EU will require that messaging companies provide interoperability has gotten a lot of attention, both positive (matrix.org) and negative (Alex Stamos, Alec Muffett, Steve Bellovin), as detailed in this Wired article (see also this ISOC white paper). At a high level, I'm more positive on the idea of interoperability for messaging...
You might have noticed that it's common for sites to have a domain name like www.example.com and a URL like https://www.example.com. You might wonder what the www is doing here. You're most likely loading this from a Web browser, so surely the browser knows you're on the Web. Why does it need the www prefix? The answer, like many things on the...
Note: This is one of those posts that is going to be best read on the Web, especially if you read your email using Gmail or the like, as it will tend to mangle some of the HTML features. This is Part III of my series on the Web security model (see parts I and II for background on how the Web works). In this part, I cover the primary unit of Web...
This post was originally part of Post II of my series on the Web Security Model but kind of broke up the flow of that post, so it got pulled out. But a blog means never having to kill your darlings, so here it is. In Post II I wrote about how Web applications use cookies for statekeeping on a single site, but it turns out to be trivial to extend...
.img-wrap { display: inline-block; } .img-wrap img { width: 80%; } Note: This is one of those posts that is going to be best read on the Web, especially if you read your email using GMail or the like, as it will tend to mangle some of the HTML features. This is Part II of my series on the Web security model. In Part I, I talked about the...
Note: This is one of those posts that is going to be best read on the Web, especially if you read your email using GMail or the like, as it will tend to mangle some of the HTML features. Like many pieces of technology, the Web is one of those things that people are perfectly happy to use but have absolutely no idea how it works.[1] It's natural...
On Friday's Ezra Klein show, Ezra interviews philosopher C. Thi Nguyen on the topic of games. Nguyen provides an interesting definition of a game (btw, thanks to the Times for providing transcripts so I didn't have to type all this in): What’s interesting about games for him [Bernard Suits —EKR] is that you have this thing— the finish line—but it...
I did not watch the Super Bowl but it seems Coinbase bought a super bowl ad that consisted of a QR code floating around your screen. Honestly, I find it kind of soothing—not that I own any cryptocurrency—but the Internet got upset: Scanning an unidentified QR code that bounces across your screen during the Super Bowl is like going around at the...
.img-wrap { display: inline-block; } .img-wrap img { width: 80%; } window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } Note: this post contains a bunch of LaTeX math notation rendered in MathJax, but it doesn't show up right in the newsletter verison. You should mostly be able to follow along anyway except for...
The BBC reports that the UK has revived it's online safety bill, which was shelved back in 2019. There has been a lot of concern about the policies embodied in this bill from organizations ranging from ISOC to Big Brother Watch but I want to focus on what's essentially a technical point, which is that it represents a threat to user privacy that...
DNS security, I just can't quit you (see parts I, II, III, IV, V, VI). In Part VI I talked about blockchain-based name systems, but I forgot to mention one aspect: defense against surreptitious changes. For instance, suppose the attacker doesn't want to take over example.com but just wants to intercept TLS connections to it; for obvious reasons,...
This is Part VI of my series on DNS Security (parts I, II, III), IV, V). I thought I was done after talking about recursive to authoritative, but I then realized I wanted to cover blockchain-based name systems; these aren't strictly part of the DNS, but they're intended to fulfill a similar function, so it's worth covering them a bit. DNS is a...
window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } }; Note: this post contains a bunch of LaTeX math notation rendered in MathJax, but it doesn't show up right in the newsletter version.* Anyone can go to the CDC Web site and find out the status of the US COVID vaccination effort. Unfortunately, due to privacy...
This is Part V of my series on DNS Security (parts I, II, III), IV). In part IV I covered DNS transport security between the client (the stub resolver) and the recursive resolver but ran out of room to talk about the recursive to authoritative link, which is the subject of this post. Recall yet again the DNS resolution process, shown below: For...
It's a common pattern: a new category of race starts up and initially it's not very popular, so you can just sign up. But the race can't accommodate an infinite number of participants, and if the sport starts to get popular, you can start to hit capacity limits. If they're not too bad you can just make things first come first served, but some...
This is Part IV of my series on DNS Security (parts I, II, III). In this part I cover transport security for DNS. For years most of the DNS security effort went into DNSSEC, which provides authenticity for DNS data by signing the DNS records themselves. This left two big gaps. First, DNSSEC has seen fairly low levels of deployment, leaving the...
The combination of "consumer genetics" (CG) in the form of widespread cheap genetic testing and crowdsourced genealogical DNA databases like GEDmatch has opened up whole new possibilities in the use of genetic data. One of these is that you can often identify—or at least partially identify—the source of an unknown DNA sample based on known...
This is Part III of my series on DNS Security. (see Part I for an overview of DNS and its security issues and Part II for background on DNSSEC). In this part, we cover DNS Authentication of Named Entities (DANE), which uses the DNS to authenticate TLS keys. As I mentioned previously, a lot of the reason that DNSSEC hasn't seen much deployment is...
This is Part II of my series on DNS Security. (see part I for an overview of DNS and its security issues). In this part, we cover Domain Name System Security Extensions, popularly known as DNSSEC. As documented in part I, baseline DNS is tragically insecure and the DNS community has been working on fixing it for pretty as long as I've been...
Over the past few years, the topic of the security of several Web browsers, including Firefox, Chrome, and Safari, have been rolling out DNS over HTTPS (DoH), which as brought the question of DNS security to the forefront, but also resulted in (or just revealed?) a lot of confusion about DNS security. This post is the first in a series on that...
window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } mermaid.initialize({ startOnLoad: true, sequence: { mirrorActors: false }}); Most of the widely deployed vaccine passport systems (New York, California, EU, New Zealand) are signed attestations to a...
window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } mermaid.initialize({ startOnLoad: true, sequence: { mirrorActors: false }}); As I noted previously, we're seeing each jurisdiction design their own vaccine passport system (New York, California, EU, New...
TL;DR. Great views but slow going. Had to bail out at mile 38. On Monday, November 22, For the last run of the season, my training partner Chris Wood and I decided to do the Arizona Highline Trail #31. We were already planning to do Zane Grey 100K which covers this trail and then some more, so this seemed like a good opportunity to check it out...
window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } }; Here at EG we spend a lot of time on privacy and obviously one of the big concerns is avoiding people tracking you, whether in person or on the Internet. From that perspective, I've always found license plates kind of anomalous. If it was illegal to leave your...
A reader alerted me to New Zealand's vaccine pass system (spec here). Like the other vaccine passport systems I've seen (New York, California, EU), it's a digitally signed credential, but (of course) it's also slightly different and so incompatible. In this case, it's a CBOR Web Token (CWT). The NZ system is straight CBOR and encodes data in...
window.MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']] } } }; This is part V of my series on Privacy Preserving Measurement (see parts I, II, and III, IV). Today we'll be addressing techniques that use randomization to provide privacy. The aggregate measurement techniques I have described so far provide exact answers (which...
I’ve been doing some more thinking about my pacing at Sean O’Brien 100K. As I said, my general sense is that I’m comparatively slower on the downhill than the uphill.[1] This is based on two main pieces of evidence: Having people pass me on the way down but catching them on the way up. Comparing Ultrapacer’s predictions to my actual splits, I...
Bleeping Computer reports that there has been some compromise of the EU COVID-19 vaccination certificate system. As I wrote, the EU system depends on digital signatures, with each jurisdiction having its of set of private keys. What Happened? # It's currently a bit unclear what has happened here, but the situation appears to be: There are...
Last weekend I ran the Sean O'Brien (SOB) 100K in Southern California. This was a somewhat last minute backup race after Pine to Palm 100 miles was cancelled. There weren't too many 50M/100Ks in October[1] and my coach Emily Torrence won SOB back in 2017, so I was able to take advantage of her expert knowledge. Overall this went well. I came in...
This is part IV of my series on Privacy Preserving Measurement (see parts I, II, and III). Today we'll be addressing techniques for collecting so-called frequent strings (i.e., "heavy hitters"). Prio and similar technologies mostly operate at the level of sets of numeric values. As we've seen, this can be surprisingly useful, but doesn't work...
This is part III of my series on Privacy Preserving Measurement. Part I was about conventional measurement techniques Part II showed how to improve those techniques by anonymizing data on input. This post covers a set of cryptographic techniques that use multiple servers working together to provide aggregate measurements (i.e., a single value...
In part I of this series, we discussed the conventional obvious way of taking measurements, which is to say collecting a bunch of data and analyzing it locally. This is a fine practice when the data itself isn't sensitive (e.g., outdoor temperature readings from your own sensors), but is less good when you're collecting data about people that...
Depending on your point of view, we're in a golden age of big data or a golden age of surveillance. Unfortunately, with the technology we typically use, these are more or less the same thing: if you collect data from a lot of people you're going to learn a lot about them. While there are applications where you actually want to use people's...
Last week everyone with an Apple device got told they needed to install an emergency update to defend themselves against a "zero-click exploit" that was apparently being used in the wild. ATTENTION: If you aren't on the latest software, stop reading this and update right now. The update has fixes for two issues: CVE-2021-30860 -- an integer...
TL;DR. A great adventure run loop through Yosemite with amazing views. My training partner Chris Wood and I were scheduled to run Tahoe 100K and Pine to Palm 100 miles respectively last weekend, but both races were canceled (thanks, forest fires!). Rather than revector to last minute races, we decided to do an "adventure run" (runner jargon for a...
If you tell someone you run ultramarathons, it's pretty common for the next question to be "what's an ultramarathon"? This is a question with both a simple and a complicated answer. The simple answer is that an ultra is a race that's longer than a marathon, so technically I guess if you run a marathon and then run to your car, you've done an...
mermaid.initialize({ startOnLoad: true, sequence: { mirrorActors: false}}); A relatively common problem in computing is to determine what software is running on some device. As I mentioned in a previous post, this turns out to be a much harder problem than you would intuitively think it is, as we'll see below....
As I discussed earlier there has been a lot of talk about collisions in the NeuralHash perceptual hash used for CSAM detection. While I don't think these collisions are necessarily that serious and Apple has proposed some countermeasures for dealing with them, it's worth asking whether this is the best design. To recap: a cryptographic hash such...
I'm a big science fiction reader, and sometimes people ask me for recommendations, so here goes. Other good lists include NPR and Noah Smith. These have some overlap, but there's also a bunch of new stuff here. Peter Watts: Blindsight, Freeze Frame Revolution, # Whenever I find my will to live becoming too strong, I read Peter Watts -- James...
In today's Apple CSAM scanning news, it appears that Apple platforms already have a NeuralHash APIs built in and Asuhariet Ygvar (apparently a pseudonym) has reverse engineered the algorithm and built a tool to convert it to the Open Neural Network Exchange (ONNX) format. Based on that work, Cory Cornelius has constructed a pair of images with...
Apple has released more information about their client-side CSAM scanning function (See my original writeup). Though none of this fundamentally changes the situation -- and it's not clear why they didn't just share these details before -- it's worth going through them and the points they've been making. Scanning Threshold/False Positive Rate #...
Last week Apple announced a new function in iOS that will scan photos in order to detect images containing Child Sexual Abuse Material (CSAM). This post attempts to provide an overview of the functionality Apple has built and answer some questions about what it can and cannot do. Overview # The basic idea behind the system is to detect images on...
The security of the Internet depends critically on cryptography. Whenever you log into Facebook or Gmail or buy something on Amazon, you're counting on cryptography to protect you and your data. Unfortunately for cryptography, there's currently a lot of work on developing quantum computers, which have the potential to break a lot of the...
TL;DR. Open your restaurant menu QR codes in private browsing mode. Today's NYT has an article about the popularity of QR code menus at restaurants instead of paper menus and how they enable tracking: But the spread of the codes has also let businesses integrate more tools for tracking, targeting and analytics, raising red flags for privacy...
Dennis Jackson pointed me at the documents for the EU's Digital Green Certificate (DGC) vaccine passport system. At a high level, this is pretty similar to the Excelsior Pass and Vaccine Credentials Initiative systems I wrote about earlier (NYC, VCI), except with some slightly different data formats (COSE instead of JOSE/JWS[1], a new JSON...
Last weekend I ran Bigfoot 73 miler up in Washington around Mt. St Helens. I didn't go into this season planning to race Bigfoot but then San Diego 100 was canceled thanks to COVID-19, so I had to find something else and Bigfoot looked interesting As advertised, this was hard, but overall it went quite well. The course was extremely technical...
If you've been following the already bizarre NYC mayoral election, you've no doubt heard that the NY Board Of Elections (BOE) has had to withdraw their partial tallies because they accidentally counted some test ballots. The root of this problem seems to just be simple human error, but the situation is vastly complicated by NY's use of what's...
Matt Ridley has an article over at CAPX about how science journals -- in this case Nature are modifying their coverage to avoid antagonizing China. Most of the story is about some reporting by Amy Maxmen on the "lab leak hypothesis" but Ridley also writes: One of the subtexts of the debate over the origin of the pandemic concerns the role of the...
Last week, California rolled out their new digital COVID Vaccine Record (aka vaccine passport). This credential is based on the Vaccine Credentials Initiative SMART Health Cards Framework. They provide a fairly complete specification as well as sample code, so it's pretty easy to figure out what's in here. At a high level, the credential is a...
I'll be the first to admit it, running is boring, especially when it's ultramarathons. What's more interesting, however, especially if you're a runner, and maybe if you're not, is watching really good people run. Thanks in part to GoPros and YouTube, there's now an enormous amount of relatively high quality running film, ranging from just...
One of the attractive aspects of running as a sport is that it seems fair: the fastest person wins, not the person with the fastest shoes, the fastest car, or the best tennis racket. Now, this was never entirely true as shoe weight absolutely makes a difference and so runners have picked lightweight shoes to race in for years, but there were lots...
June 1st's NYT has an article about the state of NYT's Excelsior Pass vaccine passport[1] which reveals that people have some weird ideas about the system and how it needs to be used. First, we have: It took Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project, a nonprofit watchdog group, just 11 minutes to...
At this point there are a fair number of options in how to set up a blog. You can do Blogger, Substack, Wordpress etc. If you want to self-host there are a lot of options too. A lot of tech people use what's called a "static site generator", which means that instead of having some piece of software like Wordpress that runs on the site and you...
Via Gareth T. Davies I see that IBM has posted a whitepaper on their "IBM Digital Health Pass" system on ePrint. It's a white paper not a complete specification so some of the details are kind of sketchy, but at a high level it's similar to the kind of design I talked about and that used by the Vaccine Credentials Initiative (VCI): a digitally...
So, we wanted to subscribe to HBO Max to watch some stuff. Simple enough, go to the HBO Max Web site, make an account, give them your money, etc. Except that I have an LG TV and it turns out that HBO Max doesn't have an app for WebOS, apparently because they have some exclusive deal with Samsung. No problem, then, you can watch HBO Max through...
Here in the United States we've rapidly gone from a situation where there was overwhelming demand for the COVID vaccine to one where supply far outstrips demand and the major concern is how to get people to take it. However, until late April and early May, there was a huge amount of contention for vaccination appointments. I think it's clear that...
*Expanded version of twitter thread Most serious runners find themselves running in the dark at one time or another. The most common reason is because you need to squeeze in a workout before or after work -- especially in the winter -- but there are plenty of ultradistance events (100 miles, 24 hrs, etc.) that are likely to have you out...
Earlier, I wrote about concerns about the privacy properties of personal trackers like the Apple AirTag. These are legitimate concerns, but it's important to recognize that they appear against the background of the current technological landscape, a landscape that is changing rapidly. Until relatively recently, if you wanted to track someone's...
The privacy implications of Apple's new AirTag tracking system are getting some negative attention right now. Briefly, AirTags are little battery powered BlueTooth (among other wireless protocols) transponders which you attach to/put in items you own (e.g., your keys). You pair them with your phone and can then use your phone to find the tags and...
Via Ben Adida I learned about the Vaccine Credentials Initiative (VCI). I'm pleased to see that they provide a fairly complete set of specification for their credential. last week. At a high level, it's a digitally signed credential using conventional cryptograpy, (JSON Web Signatures, signed with ECDSA and P-256), and encoded into a QR code....
Cross-posted to the Mozilla blog Now that we're starting to get widespread COVID vaccination "vaccine passports" have started to become more relevant. The idea behind a vaccine passport is that you would have some kind of credential that you could use to prove that you had been vaccinated against COVID; various entities (airlines, clubs,...
Anyone who has cycled in a group or spent a few minutes watching the Tour de France knows that drafting behind another rider dramatically decreases the amount of effort you need to exert in order to maintain a given speed, with the effect increasing the faster you go. This is true to some extent with running, though because running pace is...
This post originally appeared on the Mozilla Blog One of the unsung achievements of modern software development is the degree to which it has become componentized: not that long ago, when you wanted to write a piece of software you had to write pretty much the whole thing using whatever tools were provided by the language you were writing in,...
This post originally appeared on the Mozilla Blog If I told you that two weeks ago IETF and W3C finally published the standards for WebRTC, your response would probably be to ask what all those acronyms were. Read on to find out! Widely available high quality videoconferencing is one of the real successes of the Internet. The idea of...
This post originally appeared on the Mozilla Blog This is the fifth post in my series on voting systems (catch up on parts I, II, III and IV), focusing on computerized voting machines. The technical term for these is Direct Recording Electronic (DRE) voting systems, but in practice what this means is that you vote on some kind of computer,...
This post originally appeared on the Mozilla Blog This is the fourth post in my series on voting systems. Part I covered requirements and then Part II and Part III covered in-person voting using paper ballots. However, paper ballots don't need to be voted in person; it's also possible to have people mail in their ballots, in which case they can...
This post originally appeared on the Mozilla Blog This is the third post in my series on voting systems. For background see part I. As described in part II hand-counted paper ballots.have a number of attractive security and privacy properties but scale badly to large elections. Fortunately, we can count paper ballots efficiently using optical...
This post originally appeared on the Mozilla Blog In Part I we looked at desirable properties for voting system. In this post, I want to look at the details of a specific system, hand-counted paper ballots. Hand-counted paper ballots are probably the simplest voting system in common use (though mostly outside the US). In practice, the process...
This post originally appeared on the Mozilla Blog Every two years around this time, the US has an election and the rest of the world marvels and asks itself one question: Why are American elections so hard? I'm not talking about US politics here but about the voting systems (machines, paper, etc.) that people use to vote, which are bafflingly...
This post originally appeared on the Mozilla Blog The previous posts ( I, II, III, IV) focused primarily on remote login, either to multiuser systems or Web sites (though the same principles also apply to other networked services like e-mail). However, another common case where users encounter passwords is for login to devices such as laptops,...
This post originally appeared on the Mozilla Blog As discussed in part III, public key authentication is great in principle but in practice has been hard to integrate into the Web environment. However, we're now seeing deployment of a new technology called WebAuthn (short for Web Authentication) that hopefully changes that.[1] Previous approaches...
This post originally appeared on the Mozilla Blog In part II, we looked at the problem of Web authentication and covered the twin problems of phishing and password database compromise. In this system, I'll be covering some of the technologies that have been developed to address these issues. This is mostly a story of failure, though with a sort...
This post originally appeared on the Mozilla Blog In part I, we took a look at the design of password authentication systems for old-school multiuser systems. While timesharing is mostly gone, most of us continue to use multiuser systems; we just call them Web sites. In this post, I'll be covering some the problems of Web authentication using...
This post originally appeared on the Mozilla Blog Today I'd like to talk about passwords. Yes, I know, passwords are the worst, but why? This is the first of a series of posts about passwords, with this one focusing on the origins of our current password systems starting with log in for multi-user systems. The conventional story for what's wrong...
This post originally appeared on the Mozilla Blog Previously I wrote about the use of mobile apps for COVID contact tracing. This idea gotten a lot of attention in the tech press -- probably because there are some quite interesting privacy issues -- but there is another approach to monitoring people's locations using their devices that has...
This post originally appeared on the Mozilla Blog A number of the proposals for how to manage the COVID-19 pandemic rely on being able to determine who has come into contact with infected people and therefore are at risk of infection themselves. Singapore, Taiwan and Israel have already deployed phone-based tracking technology and several recent...