Monthly Archives: December 2013

Steps browser vendors could take to increase privacy

  1. Check password strength by checking the contents of “password” fields before being submitted:
    1. Length. Warn users trying to submit a short password that it’s short enough to be brute-forced.
    2. Entropy. Possibly encourage users to use a combination of upper and lowercase letters, numbers, and symbols.
    3. Dictionary. This is something that browsers are in a unique position to check for by including a “common passwords” dictionary with the browser. Check against a dictionary of the top, say, 10,000 – 100,000 most commonly-used passwords (see, and warn the user that crackers will be checking these first, since the top 10,000 passwords are used by 99.8% of users’ accounts.
  2. Include a client-side password hashing mechanism, which could hash a combination of the password, username, and sitename with something like bcrypt. This would require some controls to limit the length and allowable characters to make the resulting password hashes compatible with various sites. If this were an industry-standard hashing function used by various browsers, they could all use the same rules, making password hashes portable across browsers and platforms.
  3. Anonymize the user agent in private browsing mode by not reporting fonts, plugins, or perhaps even the operating system in use, and only a fairly generic version for the browser.
  4. Enable “opportunistic” encryption in private browsing mode. This would be different from HTTPS Everywhere (though you might want to enable that, too). In this case, if the page was requested over regular http, test for the presence of https, and if port 443 is open and there’s a certificate installed, use it to communicate with the server (without asking or informing the user). If there are certificate problems, don’t report to the user that you’re using an https connection, but do use the “untrusted” encrypted connection since it’s likely more secure (certainly from passive listening) than regular http. Similarly, if any “mixed” content cannot be loaded securely (even after testing for an https connection, for instance from a different server which does not have https enabled), load it anyway. The goal here isn’t to ensure the connection is 100% encrypted, trusted, or protected from MITM (man-in-the-middle) attack, it’s just to opportunistically make use of as much encryption as possible where it is available. Just make sure not to mislead the user about how secure the connection is.
  5. Encourage the use of VPN services (including TOR) while in private browsing mode. Preferably have a list of “vetted” VPNs and an easy way to get set up using them.

Steps that need to be taken to reign in the NSA, et al

  1. Remove the legal authority that allows bulk collection, excessive secrecy, and other abuses. The FREEDOM act and other pieces of legislation proposed so far are tentative, toe-in-the-water, first steps in this direction, nibbling around the edges of the problems. They need to go much further.
  2. Enact harsh, explicit penalties for noncompliance. These are serious issues with major implications domestically and internationally, including causing diplomatic difficulties and negatively impacting markets for American products, not to mention serious violations of privacy and liberty.
  3. Prosecute for past violations of existing laws, as well as for perjury before Congress. (And absolutely do NOT again grant retroactive immunity…) Systematically and repeatedly violating both the will of Congress and the limits imposed by the FISA Court cannot be allowed to pass leniently; nor can repeatedly lying under oath to Congress. Major criminal investigations need to be launched and the perpetrators brought to justice. A GREAT DEAL OF INFORMATION WILL BE BROUGHT TO LIGHT BY DISCOVERY IN THE PROCESS–AS IT SHOULD BE.
  4. Courts should stop deferring to the executive branch in matters of what needs to be kept secret. While they should carefully consider the Government’s arguments about the need for secrecy, I think they have, in general, been far to sympathetic to the Government’s point of view, to the detriment of the public’s right to know important information. In many cases the answer is simple: refuse to make the proceedings confidential, and give the government the choice: if you want to present your evidence, it must be in public. If you want to keep it private, you can’t introduce it as evidence to support your case. Done.
  5. Since bulk collection will no longer be allowed, and that constitutes much of the NSA’s activity, the NSA can no longer justify a large proportion of its budget. NSA’s budget must be cut by at least 50%. (I’d propose a 90% cutback, and lower, 15-25%, cutbacks for the FBI, CIA, DEA, TSA, military, and other agencies.) This would also remove the NSA’s financial ability to perpetrate abuses on such a large scale, forcing them to focus their activities appropriately. It would also punish financially both the agency and their contractors for their corruption and past (and current) abuses.
  6. Enact general privacy laws:
    1. The “third-party doctrine” must be completely eliminated. Virtually everything we do in modern life requires the use of a third party to accomplish. It is ridiculous to think that having handed our information to ONE party (who could be seen as “a member of the public”) amounts to handing that information to “every member of the public as a whole” (or to the government). There are restrictions in place on a few very specific areas of third-party data usage (physical mail, telephones, health care, client-attorney privilege, etc.), but to assume that the lack of such specific coverage for other types of communication or information storage implies they should provide no privacy at all is ridiculous. Even posting to a Facebook wall is not “public”, because many, if not most, people set their postings to be seen by “friends only”. Thus it is not true that even those Facebook postings are in any way “public” – let alone private messages sent to a particular user.
    2. It needs to be made illegal for companies to share anyone’s information with any other party except in specific circumstances:
      1. If the customer has given their express written consent. This consent should need to include a listing of all information fields that will potentially be shared (ie, first name, last name, address, birthdate, social security number, online status, friends list, etc.) as well as the exact party or parties it will potentially be shared with (meaning, the actual company names). If new information fields are supposed to be shared with that service provider, each user must provide consent again before it can be shared, since they only consented to the previous list of fields to share. The same would be true if a new service provider would be used.
      2. If the company is legally compelled to via a court order specifying by name (or username) the customer in question and the information that they are seeking. By law, the company may only provide the specified information (ie, only the particular fields requested) and only provide information regarding the named customer.
      3. If the company suspects or has observed a crime, they can inform the authorities with only the information sufficient to allow the authorities to determine a crime may have been committed, and an associated username so that appropriate warrants may be generated targeting that user’s account in order to gain access to the further information, such as the actual evidence linked to that user or the user’s personally-identifying information. Only if the authorities return with a valid court-ordered warrant may they gain access to the user’s account.
    3. Any company making use of a person’s data must be required to take all reasonable steps to safeguard that data, such as using encrypted communications and data storage and access controls both internally and between the company and the user. Standards similar to PCI should be required of ANY service handling customer information, even if non-financial.
%d bloggers like this: