A new book by two New York University professors offers a fresh perspective on how individuals and corporations can hide their more private information in plain sight. The book, “Obfuscation: A User’s Guide for Privacy and Protest,” surveys the more interesting historical examples of the notion and provides some interesting context for practical use.

About the Book and Its Message

The authors, Finn Brunton and Helen Nissenbaum, first take us on a tour of the more notable obfuscation techniques, including World War II bombers releasing bits of chaff to evade early radar scans and more modern inventions such as CacheCloak and TrackMeNot. The latter program is a browser extension developed by one of the authors to help protect Web searchers from surveillance and data profiling by search engines. It does so by generating a series of false leads in the browser’s search history, thereby hiding the real terms typed by the user. This makes matters difficult for a profiling service.

These obfuscation notions aren’t new; honeypots and other decoy technologies have long been used to try to keep cybercriminals at bay. And there are products, such as one from Arxan, that can be used to defend applications against compromises by adding obfuscation code to your programs, making them more difficult to analyze and reverse engineer. Several vendors offer this technique, which can be used to successfully defend chip designs against reverse engineering.

The book provides a very complete view of these and numerous other strategies, such as swapping loyalty cards among consumers to avoid tracking purchase behaviors, using tools to confuse browser cookies, hiding important messages in speech recordings, using various phone SIM cards to confound trackers and other methods of avoiding ad-tracking technologies.

The book presents them in a way that will make it easier for people who are paranoid or just want to cover their digital tracks to protect themselves. While security by obscurity isn’t usually a recommended practice, there are steps you can take to make obfuscation a better fit. Even if you don’t think you have anything to hide, this book also informs readers how to be more careful about how you conduct your digital life.

Life After Reading ‘Obfuscation’

Perhaps after reading this book, you might find the inspiration to design a better opt-out policy when you are asking your customers for their information so you can provide more granular control over what they send you and how you use it. You might also have a better understanding of what kind of adversaries your company is up against, or how to more precisely target your obfuscation activities and determine what kinds of specific benefits would work to your advantage.

Finally, the right strategy will help you understand the difference between personal obfuscation, where the impersonation by a potential attacker is more difficult because you have included faked answers to a set of knowledge-based questions, and outright fraud, such as specifying an incorrect Social Security number to your bank to avoid taxation. This distinction is important for individuals who want to successfully deploy, implement and maintain obfuscation techniques as part of their personal security solutions. Certainly, enterprise IT managers and CISOs should be more aware of these techniques, too.

More from Data Protection

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…