EdFelten
Latest
Twitter teams up with Mozilla to help you opt-out of tracking
What better place to announce Twitter's embrace of do not track policies than during a privacy panel at New York Internet Week? Federal Trade Commission CTO Ed Felten let the news slip today -- a fact later confirmed by Twitter and Mozilla. The service has been added to Firefox's Do Not Track feature, letting users opt-out of data-tracking cookies in the browser. More information on the feature can be found in the Mozilla source link below.
FTC says it's talking to Adobe about the problem with 'Flash cookies'
We've already heard that the Federal Trade Commission is pushing for a "do not track" button of sorts to stop cookies from watching your every move, but it looks like it isn't stopping at the usual, non-edible definition of a "cookie." Speaking at a press conference on Friday, FTC Chairman Jon Leibowitz also dropped the rather interesting tidbit that it's been talking with Adobe about what it describes as "the Flash problem." As Paid Content reports, newly-appointed FTC Chief Technologist Ed Felten later clarified that the problem in question is actually so-called "Flash cookies," or what Adobe describes as "local shared objects." As Felten explained, those can also be used for tracking purposes, but they usually aren't affected by the privacy controls in web browsers -- Chrome is one notable exception. For it's part, Adobe says that Flash's local shared objects were never designed for tracking purposes, and that it has repeatedly condemned such practices -- the company also added that it would support "any industry initiative to foster clear, meaningful and persistent choice regarding online tracking." [Image courtesy dopefly dot com]
FTC appoints Ed Felten as agency's first Chief Technologist
It may come as a bit of a surprise to some considering that seemingly every company and government agency has one these days, but the Federal Trade Commission has never had a Chief Technologist. It's now finally filled that gap, however, and has appointed Edward W. Felten to the post. As you may be aware, Felten's a professor of computer science and public affairs at Princeton and the founding director of the university's Center for Information Technology, but he's probably best known for his efforts to expose problems with electronic voting machines, and for his vocal advocacy against DRM -- he also uses his Mii for his profile image on the Freedom to Tinker blog, so you know you're not exactly dealing with your usual government bureaucrat. Felten has actually already been serving as a part-time adviser to the FTC, and it seems like he'll now basically be continuing that role in a full-time capacity, with the FTC only saying that he will "advise the agency on evolving technology and policy issues."
Sequoia takes aim at Princeton profs over e-voting analysis plans
Princeton professors Ed Felten and Andrew Appel are certainly no strangers to drawing controversy, and it now looks like they've stirred the pot yet again, this time drawing the ire of Sequoia Voting Systems as a result of their plans to conduct some further e-voting analysis. At the heart of this latest brouhaha is plans that New Jersey election officials reportedly had to send some Sequoia Advantage e-voting machines to the profs for analysis, which Sequoia is unsurprisingly not so keen about. In fact, they've gone so far as to send Felten an email saying that such a plan violates Sequoia's licensing agreement for use of the systems, and that they've "retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis." No word on the professors' future plans just yet but, given their past history, we suspect they won't be backing down quite that easily.
Princeton prof picks up e-voting machines on the cheap
It's no secret that e-voting machines here in the US and around the world have more security holes than a slice of Lorraine Swiss, but it took a Princeton professor and $82 to discover just how bad the situation really is. Now, one would think that election officials would destroy their old terminals instead of selling them to the general public for practically nothing (the ~$5,000 devices are going for less than $20 apiece), yet that's exactly what Buncombe County, North Carolina did with 144 of its retired Sequoia AVC Advantages. First manufactured in the late 80's, the Advantages use old-school push buttons and lamps instead of the touchscreens found on more modern models -- and yet according to Princeton's Andrew Appel, they're actually more secure than those Diebold machines that fellow faculty member Ed Felten totally pwned several months back. Still, Appel and his students found numerous problems with these Sequoias that are still being used in parts of Colorado, New Jersey, Pennsylvania, and all across Louisiana: not only were they able to pick the machines' locks in under seven seconds, they discovered that the non-soldered ROM chips were easily replaceable, allowing a hacker-in-the-know to potentially swap them out with outcome-altering data. A Sequoia spokesperson claims that any tampering with the machines would set off an alarm at their headquarters, but Appel argues that this security precaution could easily be overridden with the right code. So this is just great: now we know that a determined individual could easily pick up still-in-use machines (for a song), reverse engineer them to figure out the security roadblocks, and then sneak into a church basement or gymnasium where many of these terminals gather dust for 364 days a year. This is a big problem, folks, and let's hope it doesn't take an election Enron for some serious changes and regulations to be enacted by the feds.
Princeton professor sez cracking HDCP is "eminently doable"
It seems that HDCP, the high def content protection scheme that's all the rage among Hollywood types, may not be as secure as the suits had hoped: Princeton University computer science professor Ed Felten takes a look at the standard's supposedly well-known security flaws and dumbs down the basic tech on his blog so all us non-math majors can understand. Basically, HDCP relies on a handshake between connected hardware wherein the two devices send each other a set of rules to be applied to the forty-or-so numbers that constitute both devices' "secret vector" -- if each device reports the same numerical result (as the pre-determined mathematical rules dictate they should), sweet high definition content can begin to flow freely. According to Felt, all it takes to figure out a given device's secret vector or create a workable "phantom" vector is to perform a number of handshakes equal to the number of elements in the secret vector, followed by a little bit of algebra to tease out the results from a matrix of equations (follow the "Read" link for a better explanation). Although HDCP-restricted HDMI and DVI connections aren't prevalent enough yet for anyone to have actually undertaken this project (either that, or fear of legal reprisals has kept any successful cracks from being published), the simple fact that it's doable could mean nightmares for Tinseltown sooner rather than later.[Via Boing Boing]
