This morning, The New Yorker launched Strongbox, an online place where people can send documents and messages to the magazine, and we, in turn, can offer them a reasonable amount of anonymity. It was put together by Aaron Swartz, who died in January, and Kevin Poulsen.
This has lots of interesting promise, though it’ll be *more* interesting when a non-US group of journalists use the system (the code will be open sourced). Frankly, given the history of American courts, I don’t think that leaking to a US publication is a terribly good idea at the moment if you want to remain anonymous.
Good news, everyone. The terrorists will win and New York City Mayor Michael Bloomberg wants to help. Of course, his speech is all about not letting the terrorists win. But he’s giving them exactly what they want.
Bloomberg is an incredibly worrying political figure. He’s gone from earlier this year stating the privacy is important, but cannot be maintained in the face of expanding police surveillance, to this:
“The people who are worried about privacy have a legitimate worry,” Mr. Bloomberg said during a press conference in Midtown. “But we live in a complex word where you’re going to have to have a level of security greater than you did back in the olden days, if you will. And our laws and our interpretation of the Constitution, I think, have to change.”
This is the second time in very recent memory that he, on the one hand, supports a notion of privacy while, on the other, asserts that privacy has to be increasingly limited to enjoy ‘security’. This is an absolutely false dichotomy, and is often linked to blasé efforts to ‘secure’ a population in ineffective, inefficient, or incorrect ways. Strong security protections can and should be accompanied by equally strong privacy protections; we need to escape the dichotomy and recognize that privacy and security tend to be mutually supportive of one another, at least when security solutions are appropriately designed and implemented.
As if having the caloric details of your sex life posted publicly wasnât enough, new research has exposed additional security vulnerabilities in the popular Fitbit fitness tracking devices.
The ability to hack these devices, at the outset, seems silly: who would bother?
But as more and more organizations provide these to employees, to individuals they insure, and so forth, the desire to ‘game the system’ will increase. The problem is less along the lines of ‘you can capture this data’ - though that is a privacy concern - and more along the lines of ‘how can I beat the system reliably to advantage myself’.
So, I use two factor authentication for a variety of services. It’s great for security.
It’s also a royal pain in the ass to be (re)inputting secondary authentication information all the time. That basic ‘pain point’ is sufficient to dissuade most people from setting it up. I support Twitter adopting this, and for some people it’ll be awesome. For most people it’ll just be a pain in the ass.