John Wang

John Wang

  • Editor-in-Chief of International Journal of Applied Management Science,
  • Editor-in-Chief of International Journal of Operations Research and Information Systems
  • Editor-in-Chief of International Journal of Information Systems and Supply Chain Management.
  • Editor of Data Warehousing and Mining: Concepts, Methodologies, Tools, and Applications (six-volume)
  • Editor of the Encyclopedia of Data Warehousing and Mining, 1st (two-volume) and 2nd (four-volume).
  • Information Systems and Modern Society: Social Change and Global Development; IGI Global; 1st edition; 2013-02-28; 364 pages; $175 (1 in stock).

Fingerprinting And Beyond: The Mobile Ad Targeting Trade-Off | Ad Exchanger

Judith Aquino; Fingerprinting And Beyond: The Mobile Ad Targeting Trade-Off; In Ad Exchanger; 2013-03-29.

Citations & Mentions

  • Judith Aquino; Apple Sets Cut-off for UDID Apps; In Ad Exchanger; 2013-03-22.
  • Adelphic Mobile
    • Ray Colwell, CRO
    • Waltham, MA
    • Founders: “ex Quattro”
    • Funding: $10M, Series A “recently”
    • AudienceCube (product)
      • “real-time mobile signature”
    • Claim
      • Accuracy: 80%-100%
    • Promotion: AdExchanger Q&A 2012-03
  • Drawbridge
    • Kamakshi Sivaramakrishnan, founder
    • Founders: “ex AdMob”
    • San Mateo, CA
    • Funding: $14M “recently”
    • Products
      • “Drawbridge for Mobile Marketing”
      • “Drawbridge for Cross‑Screen Marketing”
    • Claims:
      • Accuracy: 60%-90%
      • Uses “clickstream behavior”; no clicks, no data
      • Accents the opt-out; if opted out on one device, assumes all
    • Promotion: AdExchanger Q&A 2012-11
  • BlueCava
  • TapAd
  • Ringleader Digital (defunct)

If there’s no such thing as anonymous data, does privacy just mean security? | Derrick Harris, GigaOM

Via: Derrick Harris; If there’s no such thing as anonymous data, does privacy just mean security?; In GigaOM; 2013-03-28.

Cited

Walled Gardens: Facebook Zero, Google Free Zone

Via: David Talbot; Facebook and Google Create Walled Gardens for Web Newcomers Overseas; In Making Money in Mobile; In MIT Technology Review; 2013-03.Teaser: In some countries, “the Internet” is confined to certain sites as part of a strategy to help wireless carriers offer starter packages.

Mentions

  • The article is mostly about Facebook with a little Google thrown in.
    • Facebook launched their garden 2010
    • Google launched theirs 2012-10.
  • Facebook Zero
    • Launch 2010
    • Distribution:
    • Features & Availability
      • Messenger for Android (the chat)
      • Messenger for iOS
      • Facebook for Every Phone
      • m.facebook.com
    • Biz Model
      • Base charge for the service: $3/month or $1/week or $0.20/day.
      • Match against Telecom’s raw voice+text+data $8/month for 12-months.
      • No (extra) data charges for the Facebook feature
      • Facebook participates in consumer’s data plan usage (e.g. when they click out from the news feed to read the article)
    • Vendors
      • Ericsson
    • Quotes
      • via Derrick Mains, press relations, Facebook
      • via Victor Ferraro Esparza, strategic product manager, Ericsson
      • via Carl Howe, a principal analyst, Yankee Group
  • Google Free Zone
    • Launched 2012
    • Distribution
      • carrier-focused
      • Philippines & South Africa
    • Features
      • Google Plus
      • GMail
    • Biz Model
      • Base charge for the service.
      • No (extra) data charges until they click a link or open a photo or other attachment.
    • Quotes
      • via unnamed press relations, Facebook

The Case for User Agent Extremism | Anil Dash

Anil Dash; The Case for User Agent Extremism; In His Blog; 2013-03-19.

Mentions

  • Call to Action: create a list of capabilities in web browsers and user agents that we consider inviolate. (who is “we” here?)
  • Deconstruct the term as “agent of the user”, “agency of the user” “agency for the user”
  • There are biztech trends evolfing towards undermining said agency
  • Distinguishes
    • plugins (“which began to wane in importance a decade ago”); e.g. Flash
    • extensions & addons (e.g. Gecko)
    • bookmarklets & scriptlets
  • User control over user agents is “rapidly ending” (i.e. is dead).
    • Security
    • Performance
    • Cloud => Core functionality is done server-side
      • Cross-Agent & Cross-Device Sync of bookmarks, tabs, etc.
      • Single Sign-On
    • Mobile => no popular mobile browser supports plugins
    • Webkit => single code base with 90% market share; expect stagnation
    • Distribution => software delivered via curated & controlled “stores”
      (c.f. AdBlock Plus removed from Google Store)
  • Rise of ubiquitous content controls
    • Derive with “contract” and “copyright”
    • Cases: DVD, HDCP, HTML EME
  • The “canary” tests
    • View Source command in the browser
      • Only legacy officework desktop browsers support it
      • No mobile browser supports it
    • Print Page button
      • Same
  • The doublespeaking Language
    • Case 1
      • Obvious => “our browser shuts off the print button”
      • Misdirecting => “we offer a pay gate feature with deep integration into the browser for subscribers”
    • Case 2
      • Obvious => “We neuter competing social networks by disabling their sharing buttons”
      • Misdirecting => “We’ve launched a preferred partner program to enable deep browser integration from a set of verified social networks that offer the features our users want”
    • Case 3
      • Obvious => “We block content from displaying if you haven’t signed in with our cloud service and had your extensions approved by us”
      • Misdirecting => “Customers who sign in with their account get access to exclusive content from our partner sites.”
  • Quotes
    • <quote>There should be no constraint about what user agents can do on our behalf to present, transform, remix, combine, format, reformat and display the content we view on the web. If we want to make a browser or browser add-on that strips away ads from a page, that’s our right. If I want to have a browser show everything in black and white? Let me as the user have that agency. Print everything upside down and in blinking text? Absolutely. Transform every mention of “the cloud” into the phrase “my butt“? You bet your… well, you know.</quote>
    • <quote>Here’s where the Pollyannas in the tech industry, or those too young to have seen how the patterns repeat, say with faith and certainty, “That won’t happen! My favorite browser is open source!</quote>
    • <quote>So, I’m a user agent extremist. We should work constructively together within the tech community (perhaps led by the EFF) to create a list of capabilities in web browsers and user agents that we consider inviolate.</quote>

On Point

  • Mozilla abandons Thunderbird, an open source browser
  • Opera adopts WebKit
  • Google abandons RSS Reader
  • Facebook & Google+ ID & Social Signon

Counterpoint

  • “The browser”, like the magazine, is the publisher’s agent to deliver value to the advertiser by wrapping that value in & with experiential design to attact the consumer. It was ever thus in the publishing trade.
  • Publisher’s nuclear option is Quid Pro Quo

Dark Patterns

Dark Patterns

Who

  • Harry Brignul; User Experience Design & Consultancy in Brighton & London, UK; Clearleft; 90percentofeverything.com
  • Marc Miquel; User Engagement PhD researcher & Game Designer in Barcelona, Catalonia; marcmiquel.com

Patterns

  • Bait & Switch
  • Disguised Ads
  • Faraway Bill
  • Forced Continuity
  • Forced Disclosure
  • Friend Spam
  • Hidden Costs
  • Misdirection
  • Price comparison Prevention
  • Privacy Zuckering
  • Roach Motel
  • Road Block
  • Sneak into Basket
  • Trick Questions

Internet Census 2012: Port scanning /0 using insecure embedded devices | Carna Botnet

Carna Botnet (author?); Internet Census 2012; self-published; 2013-03.
Teaser: Port scanning /0 using insecure embedded devices

Abstract

Abstract While playing around with the Nmap Scripting Engine (NSE) we discovered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials. We used these devices to build a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage. All data gathered during our research is released into the public domain for further study.

Result


References

#WETHEDATA (We The Data)

#WETHEDATA

Seems to be a blog and artproject promotion site.  Lots of HTML5 animation in the name of “Big Data”

Who

Call to Action

  • “TED Fellow” types are cool
  • “Davos” vsibility
  • Conferences and boosterism speeches; activism and “day of action” activities
  • Catalyze change  (whatever that means)

more … structured

Core Challenges for Democratizing Data

  • Digital Trust
  • Data Literacy
  • Platform Openness and Digital Infrastructure

Social Sharing Privacy on Bruce Schneier’s Blog

Via: Bruce Schneier; Changes to the Blog; In His Blog; 2013-03-22.

Mentions

  • Quotes
    • <quote>The problem is that these buttons use images, scripts, and/or iframes hosted on the social media site’s own servers. This is partly for webmasters’ convenience; it makes adoption as easy as copy-and-pasting a few lines of code. But it also gives Facebook, Twitter, Google, and so on a way to track you — even if you don’t click on the button. Remember that: if you see sharing buttons on a webpage, that page is almost certainly being tracked by social media sites or a service like AddThis. Or both.</quote>
    • <quote>Fighting against the massive amount of surveillance data collected about us as we surf the Internet is hard, and possibly even fruitless. But I think it’s important to try.</quote>
  • SocialSharePrivacy
    • Commissioned by Heise Online
    • adapted by Mathias Panzenböck
  • shareNice
    • hosted (by them) or served (by your site)
  • Service Changes
    • DuckDuckGo does not log IP addresses claimed in their privacy policy.
      • Parse “store” versus “log” versus “operational purposes”
    • RSS Feeds served directly
      • Avoid Google Feedburner (which is EOL anyway) as G. logs

Stranger Visions of Heather Dewey-Hagborg

Via: Heather Dewey-Hagborg project Stranger Visions

Information

Terms

  • PCR => Polymerase Chain Reaction
  • SNPs => Single Nucleotide Polymorphisms
  • Genome-wide Association Studies

Referenced, Credited & Related

  • Ellen Jorgenson, Oliver Medvedik and Eric Rutledge; RPI;  tutors.
  • Genspace, a DIY Biology lab in downtown Brooklyn
  • Basel Matlab Model; “a research group in Basel Switzerland”; a matlab model
  • FERET; a face recognition dataset
  • Biopython
  • DNA Spoofing; an artistic concept; with Aurelia Moser, Allison Burtch and Adam Harvey
  • Kathy High; an ex professor; mentioned for color
  • Zcorp printer

Promotions

via about

Browser Security & Web Security in ACM Queue circa 2012-11

  • Jeremiah Grossman, Ben Livshits, Rebecca Bace, George Neville-Neil; Browser Security Case Study: Appearances Can Be Deceiving; In ACM Queue; 2012-11-20.
    Mentions

    • Participants
      • Jeremiah Grossman
        is founder and CTO at WhiteHat Security, founder WASC (Web Application Security Consortium)
      • Ben Livshits
        is a researcher at Microsoft Research and an affiliate professor at the University of Washington.
      • Rebecca Gurley Bace
        is president/CEO of Infidel, a network security consulting practice, and chief strategist for the Center for Forensics, Information Technology, and Security at the University of South Alabama.
      • George Neville-Neil
        is a software engineer, previously with Yahoo! Paranoids
    • Concepts
      • HTML5
      • The SSL CA Model (Certificate Authority); i.e. PKI
      • Convergence, the notary method of CA assessment
      • The DoD model (of security, undefined)
      • CSRF
      • RFC-1918
      • FTC
      • DNT (Do Not Track)
      • robots.txt
      • Allow
      • Facebook button
      • Cross-Site Referral Hijacking
      • Local Storage
      • CSP (Content Security Policy)
      • SQL Injection via parameterized SQL statements
    • Quips, Citations
      • Moxie Marlinspike
      • Robert Hampton & Jeremiah Grossman on CSRF into RFC 1918 space circa 2006.
      • Dan Greer, a risk management domain expert
    • Quotes (two)
      • [Stanza]Only when users begin to see the value of their data and demand more protection for it will privacy measures get their due. If the market shifts in this direction and vendors see that adding better protection to their browsers could actually increase market share, then and only then will those measures become standard operating practice.

        GN-N We talked a little earlier about how it’s the browser users, rather than the browsers themselves, that are the real products here. Anyone care to expand on that?

        RB Well, that is the case, and it’s fundamental to this whole space. I would argue that every last conundrum in the area of browser security is rooted in the fact that we’re not dealing with a classic commercial model. That is, at present users don’t pay browser makers for software or, for that matter, the maintenance and upkeep of that software.

        JG The browser makers are monetizing your data, directly or indirectly, and therefore cannot see a way to protect that data without losing money. That makes for a really difficult situation.

        BL I’m not sure you can actually say it’s the browser makers who are “monetizing your data.” If anything, it’s the sites that are monetizing your data.

        JG Actually, there’s a clear interplay there. Just look at Google Chrome; it’s pretty obviously monetizing your data. The Mozilla guys derive 98 percent of their revenue directly from Google. Then you’ve got Microsoft, which you could argue is also desperate now to get into the advertising business. So that raises the question: How can you work to institute healthier business incentives when those efforts are so obviously at odds with the foundation the whole business sits upon?

        BL I don’t know. One of the problems with privacy is that it’s difficult to put a value on it. It’s difficult even to convince the users that their own privacy is actually worth all that much.

        JG Maybe users just aren’t all that aware of what they’re giving up with every single mouse click.

      • JG I can share how I try to protect myself and how I’ve instructed my mom to do it. Take two browsers—any modern browsers that have been updated will do. The important thing is to have two of them so you can compartmentalize risk. The first of these will be the primary browser, the one you use for all your promiscuous browsing—read the news, visit your favorite Web sites, click on the links in your Twitter feed, and whatever else you feel tempted to do. But don’t ever use the primary browser to do anything with online accounts you consider sensitive or important.

        If you’re using Chrome or Firefox, you should also turn on ad blocking and tracker blocking as extensions in the browser. That’s not just for sanity purposes, but also to prevent a whole lot of malware, which often ends up getting propagated over advertising networks. Bonus points if you run in incognito or private mode. That might save you a little bit of privacy as well. Another thing you should do is to block plugins from playing by default. You can run them whenever you want to with a right click, but don’t let them automatically run. Generally, when you get infected with a virus or a piece of malware, it’s because of some invisible plugin that runs automatically.

        Your secondary browser is the one you want to fire up only when it’s time to do online banking or online shopping or anything involving a credit card number, an account number, or anything else you want to protect. Once you’ve fired up that browser, get in and do what you need to do quickly, and then close that thing down.

        If you can manage to keep those two worlds separate, when you’re out surfing the Web with your primary browser, it won’t even be possible to hack your bank with a cross-site request forgery request because it will be like you’ve never logged in at that bank. So clickjacking, cross-site request forgery, and cross-site scripting pose almost no threat, since there effectively is no cross site.

  • Jeremiah Grossman (Whitehat Security); The Web Won’t Be Safe or Secure until We Break It; In ACM Queue; 2012-11-06.
    Mentions

    • Scope
      • HTML
      • CSS
      • JavaScript
    • Classifications
      • XSS => Cross Site Scripting
      • CSRF => Cross-Site Request Forgery
      • Clickjacking
      • Browser intranet hacking
      • “Drive-by” Downloads
      • History sniffing via CSS
      • Invisible iframes
    • Purposes
      • login detection
    • Techniques
      • iframe onload
      • img onload
      • img onerror
    • Market forces
      • Browsers need market share
      • Hard to mandate repairs that “break things”
      • “a more secure platform” is not a value add, not given the porting headache
      • Opt-in features
    • Opt-in Schemes
      • Content Security Policy
      • X-Frame-Options
      • Origin
      • Strict Transport Security
      • SSL (Secure Sockets Layer)
      • Secure cookie flag
      • HttpOnly cookie flags
    • Proposal
      • Full in-browser sandboxing
      • Make the desktop apps like the “mobile apps”

Hewlett-Packard sources Slate 7 from BYD Electronic International Co & Fuzhou Rockchip Electronics

Via: Eva Dou; China Gains Tablet Foothold; In The Wall Street Journal (WSJ); 2013-03-14.

Mentions

  • Chinese vs Taiwanese manufacturers
  • Slate 7, Hewlett-Packard
  • China
    • BYD Electronic International Co.
  • Taiwan
    • Hon Hai Precision Industry, subsidiary Foxconn International Holdings Ltd.
    • Quanta Computer Inc.
    • Compal Electronics Inc.
    • Pegatron Corp.
    • Acer Inc.
    • MediaTek
  • BYD Electronic International Co
    • Shenzhen
    • Products
      • Electric cars
      • Batteries
    • 10% owned by Berkshire Hathaway (Warren Buffet) since 2008
  • Quotes & Quips
    • Arthur Hsieh, UBS
    • Alberto Moel, Sanford C. Bernstein
  • Hewlett-Packard
    • Slate 7 tablet
    • Processor from Fuzhou Rockchip Electronics
      not

      • Qualcomm
      • Nvidia
  • Acer Inc.
    • Jim Wong, President
    • Iconia B1 tablet
      • Processor from MediaTek

Private traits and attributes are predictable from digital records of human behavior | You Are What You Like, My Personality @ Facebook

Michal Kosinski, David Stillwell, Thore Graepel; Private traits and attributes are predictable from digital records of human behavior; In Proceedings of the National Academy of Sciences of the United States of America; Vol. 1210, No. 10; 2013-03-05; supplemental info.

Abstract

We show that easily accessible digital records of behavior, Facebook Likes, can be used to automatically and accurately predict a range of highly sensitive personal attributes including: sexual orientation, ethnicity, religious and political views, personality traits, intelligence, happiness, use of addictive substances, parental separation, age, and gender. The analysis presented is based on a dataset of over 58,000 volunteers who provided their Facebook Likes, detailed demographic profiles, and the results of several psychometric tests. The proposed model uses dimensionality reduction for preprocessing the Likes data, which are then entered into logistic/linear regression to predict individual psychodemographic profiles from Likes. The model correctly discriminates between homosexual and heterosexual men in 88% of cases, African Americans and Caucasian Americans in 95% of cases, and between Democrat and Republican in 85% of cases. For the personality trait “Openness,” prediction accuracy is close to the test–retest accuracy of a standard personality test. We give examples of associations between attributes and Likes and discuss implications for online personalization and privacy.

Promotions

Perception becomes reality: Is the Volt an electric car?

One learns so very much about marketing complex technical products in the three month sales cycle of a Volt … What got answered in the research/sales process and what didn’t and what got met with silence. There’s a few Bob Lutz quotes rattling around the trade and enthusiast press which are super-duper instructive here, but they’ll only make sense once one has taken delivery.

I’ve had the following conversation like about five or six times so far in the journey:

Me
I got a Volt.
Them
Really, it’s electric, right?
[as in: but, um you always ever owned V-8 vehicks right?]
Me
Uh, yeah, it’s mostly electric.
[as in: keep it short, it's a social situation]
Them
What’s the range?
Me
About 35 miles.
Them
That’s pretty risky isn’t it? I mean, what do you do when you’re out of juice?
Me
There’s a gas engine, you just drive it. I did that last week.
Them
Really? I’ve never heard of this.
it varies a bit after that.
Them
Oh, so it’s not like a Leaf then?
Me
Yup. The gas engine takes over. In fact, I don’t bother to charge at work. Too pesky with all the pure battery folk in a panic to get home.
Them
Is that what they call a hybrid?
Me
blah blah blah series-parallel hybrid blah blah blah lead with the battery, follow with the engine to make up average power but not till ~70 mph blah blah blah
[the laugh here is that last bit is right out of the GM media campaign 2010, it's good patter]
Them
Interesting, what’s the 0-60?
it’s pretty much straight home after that.

There’s this rule of thumb in marketing somehow that one must recite simple messages over and over and over. Everyone knows this but then you learn it again and again in the trade. And then once again because you get so steeped in the process that you can’t begin to see the concerns of the prospects who aren’t really listening to you anyway.

Short Messages:

  • The Volt is just a car, drive it like one.
  • It’s not a toy. Use it as you would a family car.
  • You buy this car and you buy freedom. Enjoy that.

I got endorsed by the focus group: “Dad, this car is way cool. I want it.” age 14.5

[I now have a problem when that focus group element hits 15.5. Kids these days love their computers and this machine is way full 'o computers. Maybe the ELR will get built and I can trade up.]

The “range anxiety” concept is accurate, precise and honest. But it’s a fancy enough term that it reminds me that it’s a problem I didn’t have before, so entering into a situation that buys that problem, owns it and solves that problem is a wash. And bathing is … um, um, cough, a good idea. But it must offer some other benefit. Faster, cheaper, bigger, rougher are a thing, and in that, you can’t beat coolness.

The charging cord is not really a demonstrable symbol of freedom.  The leash aspect has to be argued away somehow.  As in “if you don’t want it, don’t use it.”  They have some of this simplicity in the brand campaigns, but it’s totally overdriven by blaring angry self-righteous EV culture.

The success recipe here has to be:

  • hide the sanctimony
  • hide the save-the-planet stuff
  • hide the entitlement
  • hide the tech policy stuff
  • hide the job subsidy stuff
  • hide the accounting cost basis stuff
  • hide the acronyms unless they’re in the frat, know the secret handshake and are a serious serious policy wonk.

To wit: AC AEV AEV-100 AEV-300 ANL BEV BSC CAFCP CAISO CARB CDFA CEC CHAdeMO CMAQ CPUC CVRP DC DGS DMV DOE DRIVE EERE EPIC EREV ETP EV EVSE FCEV GEELA GOBIZ HCD HEV HOV HVIP ICE I-HIB L1 L2 L3 LCFS LG LMC LMP MAP-21 NAIS NEMA NEV NGO NREL NRG OPR PACE PEV PEVC PHEV PV SAE SAE-J1772 SAE-J2929 SGC SOC TCO V2G VA VMVSS WGB WOT ZEV. I read all this stuff just to figure out if I could own this vehicle, they’re all real places, orgs, standards, programs or concepts. Most of ‘em are irrelevant. A few matter. The ones that matter aren’t colocated & separated from the irrelevant ones. Everyone is a policy wonk and an expert in their own affairs so all this stuff gets interwoven in arbitrary ways. Such is the magic of social proof.

I still have worries & questions. But most aren’t directly related to owning & operating the voltec technology in a “daily driver” vehicle, not really.  The car “just works”  It’s the stuff around it that’s pesky: the smartphone apps don’t work, for-pay nav is expensive & confusing, for-pay radio is expensive, confusing and wow is it expensive on any cost basis you choose to measure, and getting into the fine world of residential L2 charging is a longer process than one might imagine, etc.

WordAds | About These Ads | WordPress.com

About These Ads

Partners

Quid Pro Quo

Promotions

Background

Authentication at Scale | Eric Grosse, Mayank Upadhyay (Google)

Publications

Eric Grosse and Mayank Upadhyay (Google); Authentication at Scale; In View from the C-Suite within IEEE Security & Privacy Magazine, a publication of IEEE Computer & Reliability Societies; 2013-01/2013-02; 8 pages.
Teaser: Google is investing in authentication using two-step verification via one-time passwords and public-key- based technology to achieve stronger user and device identification

Weird … the device login protocol has no name.  The only vendor is Yubico … so it’s more or less The Yubico Method at this point.

Who

  • Eric Grosse, vice president of security engineering
  • Mayanak Upadhyay, director of security engineering

Bios

Eric Grosse is vice president of security engineering at Google. His research interests include all areas of practical computer and network security and privacy. Grosse received a PhD in computer science from Stanford. He’s a member of ACM, IEEE, and SIAM.
Contact him at ehg@google.com.

Mayank Upadhyay is principal engineer at Google. His research interests include many aspects of Web security, wireless network security, and usability. Upadhyay has an MS in computer science from Stanford. Contact him at mayank@google.com.

Promotions

Mentions

  • “Spokesmodel” and “Sensitive” accounts
    • Other types of accounts; e.g. throwaway accounts
  • Defines the threat model (bad guys, keyloggers, etc; xkcd).
  • Defines the failure modes (e.g. password reuse, etc.)
  • Previous scheme: bearer token (i.e. password)
  • Device-Centric Authorization
    • AndroidOS has a password manager
    • Integrated with the OS and into the browser
  • Two-Step Verification
    • Cute name: 2sv
    • start with a numeber, always in lower case
  • Smartcard-like USB Token
  • Channel Binding
  • Server-Side Technology
  • Something about how there will arise a legion of (cheap, Chinese-made) smart cards (RSA token keyfobs) that will be the magic pixie dust that will make all this work.

Quotes

  • <quote>A final interesting observation about 2sv is that it’s abused by account  hijackers. After stealing the account password and breaking in to the account, hijackers add 2sv (with their own phone number) just to slow down account recovery by the true owner! </quote>
  • <quote>Using a single client certificate is a privacy mistake because it enables tracking; on the other hand, using multiple client certificates and asking users to select one manually is a burdensome user experience. Given these disadvantages, the consequent widespread use of cookies, and the amount of application software that would need to be updated, the idea of switching to client certificates seems infeasible.</quote>

Terms

  • 2sv
  • API => you know
  • ASP => Application-Specific Password
  • AuthSub => delegation from Google; see OAuth 2.0
  • BBAuth => delegation from Yahoo!; see OAuth 2.0
  • Bluetooth
  • ChannelID => in Chrome 24
  • FIDO Alliance
  • GAE => Google App Engine
  • Google Authenticator App
  • Google Cloud Print Architecture
  • HOTP => HMAC-based OTP; RFC 4226
  • HST => HTTP Strict Transport Security
  • HTML
  • IMAP
  • Login => “Facebook Login” delegation from Facebook; see OAuth 2.0
  • NFC => Near-Field Communications
  • OATH => different than OAuth; has HOTP, TOTP
  • OAuth => 1.0 and 2.0
  • OAuth2
  • OTP => One-Time Password
  • P256 => Elliptic Curve P256
  • PKI => Public Key Infrastructure
  • RSA => the algorithm
  • RFCOMM => unpaired Bluetooth
  • SMS => secure message system; security from the phone system, Short Message Service
  • SSH => Secure Shell
  • SSL => Secure Sockets Layer
  • TCP => you know
  • TOTP => Time-based OTP; RFC 6238
  • TPM => Trusted Computing Module
  • UI => you know
  • USB => that one
  • X.509
  • Yubico, YubiKey, YubiRADIUS

References

Actualities

https://si0.twimg.com/profile_banners/21195097/1359536275/web Yubico

Tag Management for Advertising & Analytics, part 1

Vendors & Products

Surveys & Opinement

Archaeological order