A new book by two New York University professors offers a fresh perspective on how individuals and corporations can hide their more private information in plain sight. The book, “Obfuscation: A User’s Guide for Privacy and Protest,” surveys the more interesting historical examples of the notion and provides some interesting context for practical use.

About the Book and Its Message

The authors, Finn Brunton and Helen Nissenbaum, first take us on a tour of the more notable obfuscation techniques, including World War II bombers releasing bits of chaff to evade early radar scans and more modern inventions such as CacheCloak and TrackMeNot. The latter program is a browser extension developed by one of the authors to help protect Web searchers from surveillance and data profiling by search engines. It does so by generating a series of false leads in the browser’s search history, thereby hiding the real terms typed by the user. This makes matters difficult for a profiling service.

These obfuscation notions aren’t new; honeypots and other decoy technologies have long been used to try to keep cybercriminals at bay. And there are products, such as one from Arxan, that can be used to defend applications against compromises by adding obfuscation code to your programs, making them more difficult to analyze and reverse engineer. Several vendors offer this technique, which can be used to successfully defend chip designs against reverse engineering.

The book provides a very complete view of these and numerous other strategies, such as swapping loyalty cards among consumers to avoid tracking purchase behaviors, using tools to confuse browser cookies, hiding important messages in speech recordings, using various phone SIM cards to confound trackers and other methods of avoiding ad-tracking technologies.

The book presents them in a way that will make it easier for people who are paranoid or just want to cover their digital tracks to protect themselves. While security by obscurity isn’t usually a recommended practice, there are steps you can take to make obfuscation a better fit. Even if you don’t think you have anything to hide, this book also informs readers how to be more careful about how you conduct your digital life.

Life After Reading ‘Obfuscation’

Perhaps after reading this book, you might find the inspiration to design a better opt-out policy when you are asking your customers for their information so you can provide more granular control over what they send you and how you use it. You might also have a better understanding of what kind of adversaries your company is up against, or how to more precisely target your obfuscation activities and determine what kinds of specific benefits would work to your advantage.

Finally, the right strategy will help you understand the difference between personal obfuscation, where the impersonation by a potential attacker is more difficult because you have included faked answers to a set of knowledge-based questions, and outright fraud, such as specifying an incorrect Social Security number to your bank to avoid taxation. This distinction is important for individuals who want to successfully deploy, implement and maintain obfuscation techniques as part of their personal security solutions. Certainly, enterprise IT managers and CISOs should be more aware of these techniques, too.

More from Data Protection

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…

Millions Lost in Minutes — Mitigating Public-Facing Attacks

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don't deploy zero trust security models also incur an average of $1 million more in…

How the Mac OS X Trojan Flashback Changed Cybersecurity

Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…

How Do Data Breaches Impact Economic Instability?

Geopolitical conflict, inflation, job market pressure, rising debt — we've been hearing about economic headwinds for a while now. Could data breaches have anything to do with this? According to a recent IBM report, the average cost of a data breach has reached an all-time high. Like any other business liability, these costs must be absorbed somehow. Given the rising risk and costs, cyberattacks have undoubtedly evolved into market stressors. The magnitude of the problem might surprise you.  Despite the…