I’ve learned that there is a “website intelligence” network that
tracks form submissions across their customer network. So, if a
visitors fills out a form on Site A with their name and email, Site
B knows their name and email too as soon as they land on the site.
Crucially, vulnerability information has a higher market value if
it is withheld from the maker of the vulnerable product. If the
maker finds out, they might close the hole and render the
information worthless. So the market in vulnerabilities rewards
researchers for making sure that the problems they discover are not
fixed–exactly the opposite of the traditional view in the field.
Policymakers should be taking a serious look at this market and
thinking about its implications. Do we want to foster an atmosphere
where researchers turn away from disclosure, and vulnerability
information is withheld from those who can fix problems? Do we want
to increase incentives for finding vulnerabilities that won’t be
fixed? Do we think we can keep this market from connecting bad guys
with the information they want to exploit?
— Ed Felten
My whole life is on Google. My money, my history, my photos, my
memories, my books, my identity, my relationships. Even a simple
movement or administrative access requires my Google account.
And, starting tonight, trying to connect bring me a message: "Your
account has been disabled."
— Lionel Dricot
to post comments)