Browser Privacy has gained a lot of attention and all major developers are jumping on the bandwagon (refer here here). gHacks has a nice blog entry and refers to a paper by Katherine McKinley.

The author says ”Unfortunately, the privacy modes offered by browsers are still evolving (several are only available as betas), and none remove all the tracking data users might expect them to block. A tool was created to set and report on different data stores. This paper presents the findings from running this tool using several major browsers with two plug-ins across three common operating systems. We find current browsers are unable to extend tracking protection to third party plug-ins such as Google Gears and Adobe Flash. Some of these require no user prompting under common configurations and even expose tracking data saved with one browser sites visited by a different browser.”

The Internet was never designed to protect privacy. Every IP is traceable. Tor is a good but painfully slow, and an organisation with resources can track back and find a person IP. Personally, I think private browsing in browsers is only for those who are trying to hide their behaviour from a family member rather than from any external entity.

An implication of this “private browsing” mode is that it makes parental supervision of a child’s browsing behaviour difficult. An option would be for browsers to implement parental controls so they can be switched off if required.

Tags: Privacy

Over the past couple of days there has been a lot of news about a group of researchers breaking SSL (to point a few visit here here here ). I mostly agree with Bruce and Ben, MD5 has been broken for many years (WEP comes to mind). The attack itself is interesting, but I think the solution involves decisions to be made at a management level.

Tags: SSL