October is “cyber security awareness month“. Among other notable announcements, Google just rolled out “advanced protection” — free for any Google account. So, in the spirit of offering pragmatic advice to real users, I wrote a short document that’s meant not for the usual Tinker audience but rather for the sort of person running a […]
The Second Workshop on Technology and Consumer Protection
October 20, 2017 by
Arvind Narayanan and I are excited to announce that the Workshop on Technology and Consumer Protection (ConPro ’18) will return in May 2018, once again co-located with the IEEE Symposium on Security and Privacy. The first ConPro brought together researchers from a wide range of disciplines, united by a shared goal of promoting consumer welfare […]
Avoid an Equifax-like breach? Help us understand how system administrators patch machines
October 4, 2017 by
The recent Equifax breach that leaked around 140 million Americans’ personal information was boiled down to a system patch that was never applied, even after the company was alerted to the vulnerability in March 2017. Our work studying how users manage software updates on desktops and mobile tells a story that keeping machines patched is […]
I never signed up for this! Privacy implications of email tracking
September 28, 2017 by
In this post I discuss a new paper that will appear at PETS 2018, authored by myself, Jeffrey Han, and Arvind Narayanan. What happens when you open an email and allow it to display embedded images and pixels? You may expect the sender to learn that you’ve read the email, and which device you used […]
Blockchains and voting
September 12, 2017 by
I’ve been asked about a number of ideas lately involving voting systems and blockchains. This blog piece talks about all the security properties that a voting system needs to have, where blockchains help, and where they don’t. Let’s start off a decade ago, when Daniel Sandler and I first wrote a paper saying blockchains would be […]
