Posts

The GDPR and Sensitive Data Inference

Feb 21, 2018

The GDPR outright bans the processing of several types of sensitive personal data except under special circumstances. What happens if a company reveals data that can be used to _infer_ these sensitive pieces of data? Is that also prohibited? Read more

Political ADINT

Nov 05, 2017

A Washington Post opinion piece about the Russian political ads made me think about how false-flag social media advertising can complement politically-motivated ADINT operations to provide an easy path to surveillance. Read more

Domain-Censor Collusion in Decoy Routing

Feb 10, 2017

I was just catching up on some academic reading by looking over CCS 2016 and found this paper, Game of Decoys: Optimal Decoy Routing Through Game Theory. It sparked an idea, that others have probably had, about what seems like an unaddressed possibility in the hypothetical world where Decoy Routing systems actually get implemented: does the censor have leverage to get domains to move to non-decoy routing Autonomous Systems (ASs)? Read more

Casablanca: The Web of Trusted Updates

Mar 01, 2016

My encrypted messaging app, Signal, has made an update to its Android app and pushed it out. How do I know my phone is receiving the same update as everyone else, or that everyone else is even receiving an update? I could be getting a targeted malicious update that compromises my secure messaging, with Signal having been hacked or forced to sign the update by a governing authority! But it'll be okay, because I have Casablanca. Read more