Posted on September 27, 2012 by Simon Phipps
A chance encounter at the OFE Summit in Brussels, coupled with a provocative statement by an Oracle VP, lead me to believe it’s time for Oracle to come out of hiding and start working with the MySQL community – including MariaDB, Percona and other competitors After all, that’s how open source works. Read more at ComputerWorldUK.
Filed under: ComputerWorldUK | Tagged: Community, MySQL, Oracle, Security | Comments Off on MySQL FUD Claim Needs Action, Not Words
Posted on January 27, 2012 by Simon Phipps
I was so shocked by the way Symantec has left its customers to twist in the wind for five years I had to write down some serious questions about their pcAnywhere advisory this week. Read them on ComputerWorldUK.
Filed under: ComputerWorldUK | Tagged: Security | Comments Off on ☝ Insecurity By Obscurity
Posted on December 21, 2010 by Simon Phipps
A discussion 1 2 3 4 broke out on Identi.ca recently where it became clear that the distinction between anonymity and privacy is not clear for some people. It led to the opportunity to discuss the nature of both concepts (albeit in 140-character bursts) with some smart people devoted to both, people I respect greatly. I’ve been left with some bite-sized explanations that I hope others will appreciate as well.
- Privacy is the lifecycle of secrets once you have chosen to share them. Anonymity is where an act is publicly known but the actor is not.
- Privacy is the duty to respect the data that has been disclosed to you. Anonymity is the right not to disclose the data in the first place.
- Privacy is the duty of each and every entity with which we engage. Anonymity is a privilege each of us should be entitled to on the rare occasions we need it. (By privilege I mean that we are able to secure anonymity only by the grace of those who choose to supply the means for it to be possible. It is not a given – notably in China – it must be granted.)
- In daily life, we routinely expect our privacy to be respected by those with whom we engage. We rarely expect or need anonymity but on the occasions we do it must be absolute.
- To create privacy, we need policies backed up by law that each recipient of our personal data must adhere to. To deliver anonymity, there needs to be a place where our connection with the net is anonymised, and the provision of that capability needs the active grace of its provider.
- Anonymity requires privacy, but privacy does not require anonymity. (By this I mean that your connection to the internet is known to your ISP, and much else is known to many others, so to secure anonymity in a specific case requires the discretion of those individuals who could identify you if they chose to – and that discretion is called privacy.)
I’ll add further points as they arise. Discussion welcome!
Update: Just a few moments after posting I saw this great Bruce Schneier posting about the dynamics of privacy:
“So privacy for the government increases their power and increases the power imbalance between government and the people … Privacy for the people increases their power. It also increases liberty, because it reduces the power imbalance between government and the people.”
Update: I really like this initiative to create icons for privacy policies by the way.
Filed under: Privacy | Tagged: Anonymity, Privacy, Security, Tor | 4 Comments »