November 13, 2015 By David Strom 2 min read

A new book by two New York University professors offers a fresh perspective on how individuals and corporations can hide their more private information in plain sight. The book, “Obfuscation: A User’s Guide for Privacy and Protest,” surveys the more interesting historical examples of the notion and provides some interesting context for practical use.

About the Book and Its Message

The authors, Finn Brunton and Helen Nissenbaum, first take us on a tour of the more notable obfuscation techniques, including World War II bombers releasing bits of chaff to evade early radar scans and more modern inventions such as CacheCloak and TrackMeNot. The latter program is a browser extension developed by one of the authors to help protect Web searchers from surveillance and data profiling by search engines. It does so by generating a series of false leads in the browser’s search history, thereby hiding the real terms typed by the user. This makes matters difficult for a profiling service.

These obfuscation notions aren’t new; honeypots and other decoy technologies have long been used to try to keep cybercriminals at bay. And there are products, such as one from Arxan, that can be used to defend applications against compromises by adding obfuscation code to your programs, making them more difficult to analyze and reverse engineer. Several vendors offer this technique, which can be used to successfully defend chip designs against reverse engineering.

The book provides a very complete view of these and numerous other strategies, such as swapping loyalty cards among consumers to avoid tracking purchase behaviors, using tools to confuse browser cookies, hiding important messages in speech recordings, using various phone SIM cards to confound trackers and other methods of avoiding ad-tracking technologies.

The book presents them in a way that will make it easier for people who are paranoid or just want to cover their digital tracks to protect themselves. While security by obscurity isn’t usually a recommended practice, there are steps you can take to make obfuscation a better fit. Even if you don’t think you have anything to hide, this book also informs readers how to be more careful about how you conduct your digital life.

Life After Reading ‘Obfuscation’

Perhaps after reading this book, you might find the inspiration to design a better opt-out policy when you are asking your customers for their information so you can provide more granular control over what they send you and how you use it. You might also have a better understanding of what kind of adversaries your company is up against, or how to more precisely target your obfuscation activities and determine what kinds of specific benefits would work to your advantage.

Finally, the right strategy will help you understand the difference between personal obfuscation, where the impersonation by a potential attacker is more difficult because you have included faked answers to a set of knowledge-based questions, and outright fraud, such as specifying an incorrect Social Security number to your bank to avoid taxation. This distinction is important for individuals who want to successfully deploy, implement and maintain obfuscation techniques as part of their personal security solutions. Certainly, enterprise IT managers and CISOs should be more aware of these techniques, too.

More from Data Protection

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today