Schneier on Security

THorton • September 12, 2023 12:05 PM

PaulBart, what would it even mean for Experian and Equifax to be “secure” in terms of data privacy? In my view, they’d have to get permission for the data they’re collecting and sharing, which is probably equivalent to saying they’d cease to exist. Why would anyone consent to that unless forced? (I’ve asked before and am still curious as to how this works in Europe.)

Cars, of course, should also get explicit permission for any data being collected or stored. Contrary to credit agencies, history shows that cars can be viable businesses without all that stuff. And phones, of course, though it’s not obvious how their operating systems and “free” apps would be funded if they couldn’t sell out their users.

There’s some irony that this is coming from Mozilla. There are entire browser forks just to stop data from being sent to them (start a fresh Firefox installation, and you’ll see network traffic before you have any opportunity to consent or refuse—unless you know to pass --ProfileManager and choose “work offline”). And, still, one has to be careful to avoid data being stored. Browsers have always stored history without user consent, and it’s long made people nervous without providing them any real benefit. At least, I’ve never heard of anyone making good use of that history, though I’ve heard many references to people being paranoid about it—the media’s full of stuff like “if I die, clear my browser history before my family sees it”. Cookies are similar, but do provide benefits in some cases. They could be improved by requiring consent before going onto disk, but it’s tricky to do given the number of bullshit cookies sites try to set.

THorton • September 12, 2023 1:10 PM

“Papa’ll”, I know about live discs such as TAILS, and sometimes run them in virtual machines. “Ordinary” people don’t, though, and are stuck with a general feeling of unease and helplessness. Maybe they’re not “that” concerned, but they’re concerned enough to make it into a popular meme. And concerned enough that Mozilla can get funding to audit cars, if not their own products.

Unfortunately, those live systems tend to be inconvenient. If I want to save something I’ve downloaded, I’ve got to screw around with virtual USB disks and such. I don’t get to have nice features like bookmarks (well, Firefox actually writes those to disk before the “save” button is pressed, and CTRL+D is too easy to accidentally press; so there are still concerns about consent, but they’d be easily fixed).

What I normally do is run browsers, mostly Tor Browser, under strict BubbleWrap (“bwrap”) profiles with a lot of tmpfs mounts. It’s a real pain in the ass to set up, and a bit fragile, but generally works well. I do get to expose a “web download” directory that’s on a real filesystem, while my private files are hidden and the “browser profile directory” and most of its databases are on a throw-away filesystem (hint: if the SQLite bookmark database is missing, Firefox will auto-import a “bookmarks.html” file from the profile directory; Chrome can read them from a JSON policy file; the SQLite libraries in each will follow a symlink to a “real” filesystem for those databases you actually want to store).

To come back to my earlier point, privacy should always be the default, not something that only the most technical people can achieve through hacking. There should never be hidden tracking like command histories, most-recently-used file lists, GPS logs, credit bureau submissions, “OnStar” (search online for which fuse to pull), etc.; of course, such things would be fine with explicit and truly voluntary consent and the ability to easily revoke such consent.