« Shorter Microsoft: Our Search Privacy Policy is Still Cop-Friendly | Main | Cisco Releases Wireless ARP Storm Patch »

July 24, 2007

Security and Privacy Links for 24 July, 2007

Sweeping up some links from here and there:

» Danny Sullivan has a good timeline of the recent search engine privacy news with some insights from key players. He hits a point I didn't stop to think about for long yesterday: "There's a tinge of PR stunt in this, but if looking for a PR edge will get the search engines moving, I suppose that's a necessary evil."

And later on he follows that up with "[P]rivacy is too important for PR games."

It is.

Public relations work is the radar chaff of policy discussion. It's not there to clarify any objective fact unless that clarification is immediately useful to the publicist's client. In the case of privacy policy, where all the major commercial players have little incentive to address the issue unless goaded, it means there's not even a real discussion. Just a bunch of companies hoping nobody will bring the subject up, and planning to say nothing unless they see some advantage they can press at little cost to themselves.

» The Firefox team is looking a little more humble after learning it shouldn't have stopped at merely pointing fingers at Internet Explorer when it fixed a recent bug.

From last week's gotcha: "Mozilla recommends using Firefox to browse the web to prevent attackers from taking advantage of this vulnerability in Internet Explorer."

This week: "We thought this was just a problem with IE. It turns out, it is a problem with Firefox as well."

Jesper Johansson has a lot of detail about where the Firefox team went wrong.

» A potential iPhone security flaw has surfaced. Gizmodo has a video demo. Researchers point out Windows Mobile phones could have the same problem.

Whenever a new iPhone (or Mac) security story pops up, I go pay a visit to Daring Fireball. The site's author, John Gruber, will spend thousands upon thousands of words arguing just about any point. You can read that as remarkable attention to detail, and you can also read it as serious effort to avoid being wrong too often, since he's pretty fond of his Jackass of the Week award.

That's not to say he's always right. He isn't. At the same time, he's reliably zealous in his defense of all things Apple, so if he doesn't do much to contest an Apple security scare, that tells me something. His initial entry on this latest iPhone security story is muted, but I'm sure we'll hear more. Or not. Which will speak volumes.

» And another regarding yesterday's post about search engine privacy:

Sunday's Oregonian (my local paper) carried an article about two seventh-graders who are facing felony sex abuse charges and a lifetime on the sex offender registry for a bottom-slapping spree. The reporting indicates the matter is one of extreme police & prosecutor overreaction, and the story now has national attention.

Since we're not here to chronicle bottom-slapping sprees, I'll just loop this back to what made me think of yesterday's entry:

If our police and prosecutors are already operating in an environment where these actions seem reasonable to them – or even something they should test against public reaction – Microsoft's instant use of "child predators" as a rationale for keeping its search logs useful to law enforcement ought to make us nervous. That's clearly a crowbar with some potency both as an enabler of law enforcement overreach and as cover for service providers of any kind who will not protect their users given a suitably inflammatory reason.

Posted by mhall at 1:09 PM | Add Comment