ILI Student Blog

Author: finnb

  • Fantastic, intricate values-in-design study of cookie development

    Since cookies have been kind of a theme recently, it seems appropriate to post this long essay on the history of cookie development (which includes a link to a contrarian argument about cookies and privacy that’s quite thought provoking). It’s quite technical and completely worth it — a step-by-step tour of the RFCs, browser development, and gradual mission creep that made cookies into the weird complicated mess they are today. It’s a great values-in-design study (without coming from an explicit ViD background) that traces a legacy of “rapid deployment of poorly specified features, or leaving essential security considerations as ‘out of scope’” and how it expresses itself in code, corporate practice, and outcomes for us, the users.

  • Firesheep

    Short and sweet: a Firefox extension that exposes the fact that login cookies are transacted unencrypted for a lot of the biggest social networking sites — meaning that you can sit on an open wi-fi network and harvest all the authentication data you like (known as a sidejacking attack): Firesheep.

  • Smart grid technology and privacy

    Smart grid technology offers major improvements and efficiencies for our power system, creating a dynamically responsive grid that can do things like manage peak load energy consumption, optimize transmission routes, smoothly integrate other generation options like solar and wind, and can help users monitor and control their own consumption (including creating more accurate pricing for energy). To do this, though, it needs continuous and real-time data about energy use — and as it turns out individual appliances have a “load signature,” a visible pattern of consumption — which is to say, a way of looking right inside individual homes from the feed of their power use. IEEE has some interesting analysis of the privacy problems and how they could be remediated.

    (Hat tip to Solon!)

  • A proof-of-concept nearly irrevocable cookie

    The always-fascinating Samy Kamkar has produced a super-tenacious cookie designed to “identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.” Indeed:

    “evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.”

    Check out that list: ETags, IE userData storage, “storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out” — fiendish! (With a cache time of twenty years, no less.) I’ll take bets as to how long it’ll be before this proof-of-concept is in use by unscrupulous parties.

    UPDATE: The New York Times has an informative, if basic, article on HTML 5 and privacy; it specifically addresses Kamkar’s cookie. Check it out!