data breach versus decentralized surprise backup

10th Workshop on Technology and Consumer Protection (ConPro '26) The Tenth Workshop on Technology and Consumer Protection (ConPro '26) will explore computer science topics with an impact on consumers.

📣 Registration is open for #ConPro26, the 10th Workshop on Technology and Consumer Protection, on May 21 in SF! We're excited about this year's program, which includes [thread, 1/15]:
conpro26.ieee-security.org

The single funniest thing that could happen next is for JD to get excommunicated ahead of his book release.

Fair enough!

I think you're splitting hairs here.

These are all choices made by company investors (i.e., those that own the companies).

Meh, it's the same general thing: companies shift focus all the time, often because it's cheaper to bootstrap by using an existing company for some resource that it has, rather than starting a new venture from scratch.

Royal Dutch Petroleum merged with The "Shell" Company because the latter owned several big boats!

I suppose it’s worth noting that Toyota made sewing machines, Nintendo was a playing card company, and Shell literally sold shells.

Also, Yamaha is a motorcycle company that also makes musical instruments.

The Boss at Chase Center

Got into a little hometown jam…

I was woken up an hour ago due to honking and briefly thought it might have. Alas.

For real? I felt that way after season 2 and hadn’t watched it since. Then someone here posted something a few weeks ago saying it’s basically the prequel to The Expanse, and that prompted me to rewatch all of it…and now I’m current this week.

Through that frame, I’m definitely here for it.

This meeting could have been an email.

Ishtar is hilarious and completely underrated.

The TikTok girlies (gender neutral) are hatching a plan to all buy copies of communion by hooks on Vance's release date. I will be participating.

Enforce is hiring: AI Expert How data about European defence personnel and political leaders flows to foreign states and non-state actors

Job opportunity

We are hiring an AI expert to join ICCL Enforce

www.iccl.ie/digital-data...

A 2023 tweet by Marco Rubio when a US Senator in 2023, “No U.S. President should be able to withdraw from NATO without Senate approval. Thankful my colleagues in Congress passed this bipartisan measure.”

And there’s always a post eh.
When a US Senator in 2023, Marco Rubio tweeted
“No U.S. President should be able to withdraw from NATO without Senate approval.
Thankful my colleagues in Congress passed this bipartisan measure.”

Oops, all pedophiles!

I went up to him afterwards and explained there’s an entire field doing just that and cited a few papers from the prior decade.

He thought for a second and responded, “well, none of these were written by economists.”

2/2

I fondly remember my first international conference as a grad student.

Some econ professor gave a talk and concluded that people should really start studying human factors in security and went on about why this was such a good idea of his…

1/2

Whenever I see someone use both, I see that as an immediate indicator of quackery.

Absolutely nuts that the stipulated settlement is that they have to pinky promise not to do it again. No fine. No disgorgement. No lessons are learned.

FTC Takes Action Against Match and OkCupid for Deceiving Users by Sharing Personal Data with Third Party The Federal Trade Commission is taking action against OkCupid and its affiliate Match Group Americas over allegations OkCupid deceived users of its dating app by sharing their personal information,

talk about burying the lede in this FTC press release! OKCupid shared dating profile photos with a facial recognition company (Clarifai) that the OKCupid founders had invested in

www.ftc.gov/news-events...

Isn’t it in many places? It was when I was an undergrad in CS.

This is one of the distinctions between getting a CS degree and “just learning to code.”

The example hash in their privacy policy? It’s the MD5 of “example@gmail.com.”

The fact that they acknowledge the hashes are used to identify specific individuals means definitionally this can’t be considered anonymous data!

Here’s an example from a company that is well-positioned to know the accurate definitions of words.

They explain that they hash emails and share them with adtech to “match it against other anonymized, people-based identifiers – doing this helps us serve you personalized, relevant advertisements.”

Will definitely post it here and put a copy on my website. We submitted (what we thought was) the final draft in October, and are still waiting for them to Bluebook it. They keep saying it’ll be any week now (though have been saying that since December).

COSIC Seminar "Anonymity, Consent, and Other Noble Lies: An Empirical Study of..." (Joel Reardon) YouTube video by COSIC - Computer Security and Industrial Cryptography

(The paper is supposed to be published in Yale JoLT shortly. My co-author, Joel Reardon, gave a version of the talk on YouTube: www.youtube.com/watch?v=GZ_1...)

No, hashing still doesn't make your data anonymous The Federal Trade Commission routinely evaluates the privacy representations a company makes against their data handling practices.[1] When discrepancies arise betwe

I presented a paper at PLSC in 2024 showing how companies continue to tell courts and the public that hashed email addresses are an “anonymous identifier.”

A few staff came to the talk, so they saw fit to update this last year: www.ftc.gov/policy/advoc...

Does Hashing Make Data “Anonymous”? One of the most misunderstood topics in privacy is what it means to provide “anonymous” access to data.

While at the FTC, @edfelten.bsky.social wrote this in 2012: www.ftc.gov/policy/advoc...

Hashing isn’t a magic incantation that anonymizes your data.