A new book by two New York University professors offers a fresh perspective on how individuals and corporations can hide their more private information in plain sight. The book, “Obfuscation: A User’s Guide for Privacy and Protest,” surveys the more interesting historical examples of the notion and provides some interesting context for practical use.

About the Book and Its Message

The authors, Finn Brunton and Helen Nissenbaum, first take us on a tour of the more notable obfuscation techniques, including World War II bombers releasing bits of chaff to evade early radar scans and more modern inventions such as CacheCloak and TrackMeNot. The latter program is a browser extension developed by one of the authors to help protect Web searchers from surveillance and data profiling by search engines. It does so by generating a series of false leads in the browser’s search history, thereby hiding the real terms typed by the user. This makes matters difficult for a profiling service.

These obfuscation notions aren’t new; honeypots and other decoy technologies have long been used to try to keep cybercriminals at bay. And there are products, such as one from Arxan, that can be used to defend applications against compromises by adding obfuscation code to your programs, making them more difficult to analyze and reverse engineer. Several vendors offer this technique, which can be used to successfully defend chip designs against reverse engineering.

The book provides a very complete view of these and numerous other strategies, such as swapping loyalty cards among consumers to avoid tracking purchase behaviors, using tools to confuse browser cookies, hiding important messages in speech recordings, using various phone SIM cards to confound trackers and other methods of avoiding ad-tracking technologies.

The book presents them in a way that will make it easier for people who are paranoid or just want to cover their digital tracks to protect themselves. While security by obscurity isn’t usually a recommended practice, there are steps you can take to make obfuscation a better fit. Even if you don’t think you have anything to hide, this book also informs readers how to be more careful about how you conduct your digital life.

Life After Reading ‘Obfuscation’

Perhaps after reading this book, you might find the inspiration to design a better opt-out policy when you are asking your customers for their information so you can provide more granular control over what they send you and how you use it. You might also have a better understanding of what kind of adversaries your company is up against, or how to more precisely target your obfuscation activities and determine what kinds of specific benefits would work to your advantage.

Finally, the right strategy will help you understand the difference between personal obfuscation, where the impersonation by a potential attacker is more difficult because you have included faked answers to a set of knowledge-based questions, and outright fraud, such as specifying an incorrect Social Security number to your bank to avoid taxation. This distinction is important for individuals who want to successfully deploy, implement and maintain obfuscation techniques as part of their personal security solutions. Certainly, enterprise IT managers and CISOs should be more aware of these techniques, too.

More from Data Protection

Cost of a data breach 2023: Pharmaceutical industry impacts

3 min read - Data breaches are both commonplace and costly in the medical industry.  Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. The health industry’s place at the top spot of most costly data breaches is probably not a surprise. With its sensitive and valuable data assets, it is one of…

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

Advanced analytics can help detect insider threats rapidly

2 min read - While external cyber threats capture headlines, the rise of insider threats from within an organization is a growing concern. In 2023, the average cost of a data breach caused by an insider reached $4.90 million, 9.6% higher than the global average data breach cost of $4.45 million. To effectively combat this danger, integrating advanced analytics into data security software has become a critical and proactive defense strategy. Understanding insider threats Insider threats come from users who abuse authorized access to…

One simple way to cut ransomware recovery costs in half

4 min read - Whichever way you look at the data, it is considerably cheaper to use backups to recover from a ransomware attack than to pay the ransom. The median recovery cost for those that use backups is half the cost incurred by those that paid the ransom, according to a recent study. Similarly, the mean recovery cost is almost $1 million lower for those that used backups. Despite this fact, the use of backups is actually falling. This was one of the…