Security

What we think is reasonable, commonplace, or even possible in terms of protecting or violating online privacy shifts constantly. Recent developments in tools and techniques for tracking online behavior and identifying individuals from supposedly anonymized data sets should cause us to reevaluate what is possible. Katherine McKinley of iSEC Partners published a detailed analysis of how popular browsers and browser extensions handle cookies and other methods of local data storage used for tracking users in her December, 2008 paper Cleaning Up after Cookies (PDF)....

John Gruber’s Daring Fireball pointed me to Jakob Nielsen’s Alertbox column Stop Password Masking, which resulted in a thoughtful and interesting thread of conversations and a few experimental solutions. Password masking refers to the practice of displaying an alternate character, usually a star or a bullet in place of the actual characters typed into a password field. The idea is that this prevents another party from viewing the password while it is entered....

Duping users into revealing their private data goes back decades, but it wasn’t until the late-1990s that “phishing” became the word to describe the practice. Today, phishing costs banks, service providers, and consumers billions of dollars per year, and companies are working frantically to limit the damage. A survey by Gartner estimated that more than three and a half billion dollars were lost to phishing in the United States in 2007 alone....