Chris Opfer writes: Six years after Shane Enslin left his repairman job at a Coca-Cola distribution plant in Pennsylvania, the company told him that his Social Security number and other personal information might have fallen into the wrong hands. A few months later, a declined credit card upended his family vacation. Then came a third…
Category: Commentaries and Analyses
Website operators are in the dark about privacy violations by third-party scripts
by Steven Englehardt, Gunes Acar, and Arvind Narayanan Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…
New Event of Note: International Privacy+Security Forum: Feb. 26 and Feb. 27
One of the absolute joys of blogging about privacy and breaches for the last 11+ years is that I’ve had the opportunity to meet so many fantastic scholars and practitioners. But I’ve only had that opportunity because a few people have done the hard work to organize events and to graciously offer to comp me so…
UK Government Consults on EU Cybersecurity Plans
Mark Young and Joseph Jones report: As we summarized last fall, the EU Commission published a new Cybersecurity Communication in September that, among other things, sets out proposals for an EU cybersecurity certification framework as part of an EU “Cybersecurity Act” (see our post here and a more detailed summary here). Just before the holidays, on December 20, 2017, the UK Government…
How to Assess a Vendor’s Data Security
Cooper Quintin and Soraya Okuda of EFF collaborated with Jonah Sheridan of Information Ecology to come up with a helpful guide: Perhaps you’re an office manager tasked with setting up a new email system for your nonprofit, or maybe you’re a legal secretary for a small firm and you’ve been asked to choose an app…
Shoot/Sue the Messenger, Indian style: An Indian journalist exposed a huge breach in a government database. Now she’s facing a police complaint.
Vidhi Doshi reports: An Indian government agency has filed a police complaint against a journalist who exposed a possible security breach in the country’s vast biometric database that contains the personal details of more than 1 billion citizens, raising fresh concerns about shrinking press freedom in India. The complaint against journalist Rachna Khaira came after she wrote…