An information theoretic model of privacy and security metrics
"An information theoretic model of privacy and security metrics - or - how I learned to stop worrying about password meters and love the dice." From LibrePlanet 2021.
Original story by LibrePlanet 2021 and the Free Software Foundation. Published 2021-03-21, Originally published 2021-03-21.
This work is available under the Creative Commons Attribution-ShareAlike license.
Since 2010, EFF has maintained a project dubbed Panopticlick, which aims to help users understand a technique called browser fingerprinting. Web trackers are able to stitch together little bits of information the users browser leaves behind into a cohesive whole, a fingerprint which follows them across their usage of the Web. Panopticlick is able to quantify the amount of information your browser leaks through the use of an information theoretical approach to privacy which determines how much information each individual metric (say, a user's list of fonts) reveals, and the relationship of these individual metrics to how much a browser reveals in general. Many of the misconceptions users have when using the site reflect an unclear picture about how their browser fingerprint is arrived at, and often leads users down a path that *decreases* their overall privacy in an attempt to increase it.
"Bill Budington is a long-time activist and cryptography enthusiast, and a Senior Staff Technologist on EFF's Tech Projects team. Their research has been featured in the The New York Times, The Los Angeles Times, and The Guardian, and has been cited by the US Congress. Bill is the lead developer of Panopticlick, and he led HTTPS Everywhere from 2015-2018, and has contributed to projects like Let's Encrypt and SecureDrop."