Users are asked to generate, memorize, and keep secret a growing number of passwords as they join new password-protected sites over time. Since at least 1997 [6], this trend has been recognized as both a nuisance and a security risk.
Post
Replies:
15
Boosts:
2
HOLY FUCK
https://citp.princeton.edu/people/ed-felten
Felten was the star expert witness for the United States in the big antitrust action U.S. v. Microsoft, in which Microsoft was found to have illegally maintained its operating system monopoly by bundling its browser;
WHAT???????? WHAT?????????
Then in 1995 two graduate students, Drew Dean and Dan Wallach, came to him with their observation that the then-novel “World Wide Web browser” and the associated Java programming language had many exploitable insecurities. The resulting 1996 paper, “Java Security: From HotJava to Netscape and Beyond” by Dean, Felten, and Wallach launched the remainder of Felten’s career in information security and technology policy,
ok does anyone want to collab on a paper about pypi
Felten served as Deputy U.S. Chief Technology Officer in the Obama White House;
we're not all perfect
oh this one is good https://citp.princeton.edu/people/alejandro-cuevas
microsoft research and does work on the darkweb
IETF prize https://citp.princeton.edu/people/maria-apostolaki she specifically works on internet routing lmao
i think ruha benjamin & i are mutuals on bluesky
https://citp.princeton.edu/people/mel-andrews
Current projects evaluate prospective uses of machine learning in peer review, grant review, and metascientific applications
literally just trying to destroy science
develop novel privacy-enhancing technologies
awesome
Public Verification for Private Hash Matching
literally just doing NSA shit
Identifying Harmful Media in End-to-End
Encrypted Communication: Efficient Private
Membership Computation
literally
https://arxiv.org/pdf/2205.03326
With CoMPS, we can split traffic mid-session across network paths and heterogeneous network protocols.
literally not useful at all
Tor cells are padded to a fixed size for this
purpose [10]. Despite the data overhead,
literally not an overhead
CoMPS is not only immediately deployable with any unaltered server that supports connection migration,
lol
Many other defenses also involve obfuscating packet timing,
this will be good
either by injecting “dummy” packets
nope
or intentionally delaying packet delivery [14, 24].
can't believe he didn't even cite chaum on mixnets
https://research.torproject.org/techreports/datagram-comparison-2011-11-07.pdf
bruh
It has been proposed that to improve performance, the node-to-node communication
should be by unreliable datagrams (UDP), rather than the current reliable in-order streams
(TCP).
tor took until 2011 to stop using fucking vint cerf's replay attack protocol???? cmon
https://www.freehaven.net/anonbib/papers/pets2013/paper_65.pdf
Although Tor’s primary goal is to support real-time interactive applications such as web browsing
oh, so tor's primary goal is to make sure packet latency can be tracked
∗An extended version of this paper is available [1]
literally goes to a site with a broken HTTPS certificate https://www.cacr.math.uwaterloo.ca/techreports/2013/cacr2013-16.pdf
now i'm checking out uwaterloo https://uwaterloo.ca/cybersecurity-privacy-institute/research
Modern cryptography concerns itself with the following four objectives:
- Confidentiality: The information cannot be understood by anyone for whom it was unintended
- Integrity: The information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected
- Non-repudiation: The creator/sender of the information cannot deny at a later stage their intentions in the creation or transmission of the information
- Authentication: The sender and receiver can confirm each other's identity and the origin/destination of the information
literally all the fascist use cases and not anonymity. you have "privacy" in your institute's name my dawg
lmao omg
Pseudorandom Bit Generation
they specifically have "subtly broken sources of randomness" as a research field
https://uwaterloo.ca/scholar/ggong
the name attached simply goes to their home page
https://uwspace.uwaterloo.ca/items/89bf1e6d-6fe4-44b7-9aa6-fd311a75cef4
Towards more Effective Censorship Resistance Systems
this guy is funny
We design and deploy a privacy-preserving data gathering tool, and use it to collect statistics
