recentpopularlog in


« earlier   
RT : Compared to the panic around is non-existant my daily life in London. Noone selling solutions or serv…
GDPR  Brexit  from twitter_favs
2 days ago by mrchrisadams
German Regulators Just Outlawed Facebook's Whole Ad Business | WIRED
The country’s antitrust regulator told Facebook it couldn't demand so much data from users simply to have an account. Experts say it’s a big deal.
facebook  privacy  germany  gdpr 
4 days ago by onefewercar
New laws; new great reasons to get more thoughtful about . RT on opt-in pre-checked…
transparency  GDPR  from twitter
4 days ago by jhill5
Netflix Has Saved Every Choice You’ve Ever Made in ‘Black Mirror: Bandersnatch' - Motherboard
“They claim they're doing the processing as it's 'necessary' for performing the contract between me and Netflix,” Veale told me. “Is storing that data against my account really 'necessary'?
netflix  GDPR  rights  dataprotection  analytics  contract  datacollection  example 
5 days ago by corrickwales
Mumsnet reports itself to regulator over data breach | UK news | The Guardian
A botched upgrade to the software the forum runs on meant that for three days, if two users tried to log in at the same time, there was the possibility that their accounts would be switched. Each user was able to post as the other, see their account details, and read private messages.
databreach  GDPR  mumsnet  ICO 
5 days ago by corrickwales
Attack of the week: searchable encryption and the ever-expanding leakage function
In all seriousness: database encryption has been a controversial subject in our field. I wish I could say that there’s been an actual debate, but it’s more that different researchers have fallen into different camps, and nobody has really had the data to make their position in a compelling way. There have actually been some very personal arguments made about it. The schools of thought are as follows:

The first holds that any kind of database encryption is better than storing records in plaintext and we should stop demanding things be perfect, when the alternative is a world of constant data breaches and sadness.

To me this is a supportable position, given that the current attack model for plaintext databases is something like “copy the database files, or just run a local SELECT * query”, and the threat model for an encrypted database is “gain persistence on the server and run sophisticated statistical attacks.” Most attackers are pretty lazy, so even a weak system is probably better than nothing.

The countervailing school of thought has two points: sometimes the good is much worse than the perfect, particularly if it gives application developers an outsized degree of confidence of the security that their encryption system is going to provide them.

If even the best encryption protocol is only throwing a tiny roadblock in the attacker’s way, why risk this at all? Just let the database community come up with some kind of ROT13 encryption that everyone knows to be crap and stop throwing good research time into a problem that has no good solution.

I don’t really know who is right in this debate. I’m just glad to see we’re getting closer to having it.

(via Jerry Connolly)
cryptography  attacks  encryption  database  crypto  security  storage  ppi  gdpr  search  databases  via:ecksor 
5 days ago by jm
RT : it’s really ironic that is putting scoring agencies under control and tight restrictions while…
gdpr  from twitter_favs
6 days ago by Surliminal

Copy this bookmark:

to read