Category Archives: Privacy

Apple and Bug Bounties

I know that there are bigger problems to discuss about Apple’s approach to business and partnerships at the mo, but their handling of security researchers seems particularly cynical and hypocritical. See, for example, this post about four reported iPhone 0days … Continue reading

Posted in AAPL, Privacy, security | Leave a comment

There’s more to it

We saw in Apple’s latest media event a lot of focus on privacy. They run machine learning inferences locally so they can avoid uploading photos to the cloud (though Photo Stream means they’ll get there sooner or later anyway). My … Continue reading

Posted in AAPL, Privacy | Leave a comment

Is privacy a security feature?

I’ve spoken a lot about privacy recently: mainly because it’s an important problem. Important enough to hit the headlines; important enough for trade associations and independent developers alike to make a priority. Whether it’s talks at conferences, or guiding people … Continue reading

Posted in Privacy, software-engineering | Leave a comment

More about the privacy pledge

Plenty of you have seen—and indeed signed— the App Makers’ Privacy Pledge on GitHub. If you haven’t, but after reading it are interested, see the instructions in the project README. It’s great to see so many app makers taking an … Continue reading

Posted in Business, Data Leakage, Privacy, Responsibility | Comments Off on More about the privacy pledge

On privacy, hashing, and your customers

I’ve talked before about not being a dick when it comes to dealing with private data and personally-identifying information. It seems events have conspired to make it worth diving into some more detail. Only collect data you need to collect … Continue reading

Posted in Business, Crypto, Data Leakage, Privacy, Responsibility | Comments Off on On privacy, hashing, and your customers

Don’t be a dick

In a recent post on device identifiers, I wrote a guideline that I’ve previously invoked when it comes to sharing user data. Here is, in both more succinct and complete form than in the above-linked post, the Don’t Be A … Continue reading

Posted in Data Leakage, IANAL, Policy, Privacy | Comments Off on Don’t be a dick

A site for discussing app security

There’s a new IT security site over at Stack Exchange. Questions and answers on designing and implementing IT security policy, and on app security are all welcome. I’m currently a moderator at the site, but that’s just an interim thing … Continue reading

Posted in code-level, Policy, Privacy, Talk, threatmodel | Leave a comment

On Fuzzy Aliens

I have just launched a new company, Fuzzy Aliens[*], offering application security consultancy services for smartphone app developers. This is not the FAQ list, this is the “questions I want to answer so that they don’t become frequently asked” list. … Continue reading

Posted in Business, code-level, iPad, iPhone, Privacy, software-engineering, threatmodel | Leave a comment

Look what the feds left behind…

So what conference was on in this auditorium before NSConference? Well, why don’t we just read the documents they left behind? Ooops. While there’s nothing at higher clearance than Unrestricted inside, all of the content is marked internal eyes only … Continue reading

Posted in Data Leakage, government, NSConf, Policy, Privacy | Comments Off on Look what the feds left behind…

It’s just a big iPod

I think you would assume I had my privacy settings ramped up a little too high if I hadn’t heard about the iPad, Apple’s new touchscreen mobile device. Having had a few days to consider it and allow the hype … Continue reading

Posted in Encryption, iPad, iPhone, Malware, Privacy | 1 Comment