Voice-First Technology Is About To Kill Advertising As We Know It | Forbes

Voice-First Technology Is About To Kill Advertising As We Know ItBrian Roemmele (expert); In Forbes; 2016-12.

rebuttal: there can be no ads in “voice first?”  Silly wrabbit. It will be like AM radio.  Want to turn on a light?  First listen to this ad.

Hardware Fingerprinting Using HTML5 | Nakibly, Shelef, Yudilevich

Gabi Nakibly, Gilad Shelef, Shiran Yudilevich; Hardware Fingerprinting Using HTML5; In Some Venue; 2015-03-11; 5 pages; arciv:1503.01408.


Device fingerprinting over the web has received much attention both by the research community and the commercial market a like. Almost all the fingerprinting features proposed to date depend on software run on the device. All of these features can be changed by the user, thereby thwarting the device’s fingerprint. In this position paper we argue that the recent emergence of the HTML5 standard gives rise to a new class of fingerprinting features that are based on the hardware of the device. Such features are much harder to mask or change thus provide a higher degree of confidence in the fingerprint. We propose several possible fingerprint methods that allow a HTML5 web application to identify a device’s hardware. We also present an initial experiment to fingerprint a device’s GPU.

Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints | Laperdrix, Rudametkin, Baudry

Pierre Laperdrix, Walter Rudametkin, Benoit Baudry; Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints; Technical Report hal-01285470v2, INRIA; 2016-03-14;; Also, in Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P 2016), 2016-05, San Jose, United States; landing.


Worldwide, the number of people and the time spent browsing the web keeps increasing. Accordingly, the technologies to enrich the user experience are evolving at an amazing pace. Many of these evolutions provide for a more interactive web (e.g., boom of JavaScript libraries, weekly innovations in HTML5), a more available web (e.g., explosion of mobile devices), a more secure web (e.g., Flash is disappearing, NPAPI plugins are being deprecated), and a more private web (e.g., increased legislation against cookies, huge success of extensions such as Ghostery and AdBlock).

Nevertheless, modern browser technologies, which provide the beauty and power of the web, also provide a darker side, a rich ecosystem of exploitable data that can be used to build unique browser fingerprints.

Our work explores the validity of browser fingerprinting in today’s environment. Over the past year, we have collected 118,934 fingerprints composed of 17 attributes gathered thanks to the most recent web technologies. We show that innovations in HTML5 provide access to highly discriminating attributes, notably with the use of the Canvas API which relies on multiple layers of the user’s system. In addition, we show that browser fingerprinting is as effective on mobile devices as it is on desktops and laptops, albeit for radically different reasons due to their more constrained hardware and software environments. We also evaluate how browser fingerprinting could stop being a threat to user privacy if some technological evolutions continue (e.g., disappearance of plugins) or are embraced by browser vendors (e.g., standard HTTP headers).

(Cross-)Browser Fingerprinting via OS and Hardware Level Features | Cao, Song, Wijmans

New Fingerprinting Techniques Identify Users Across Different Browsers on the Same PC; ; In BleepingComputer; 2017-01-12.

Original Sources

Yinzhi Cao, Song Li, Erik Wijmans; (Cross-)Browser Fingerprinting via OS and Hardware Level Features; In Proceedings of the Network & Distributed System Security Symposium (NSDI); 2017-02; 15 pages.


Yinzhi Cao, Assistant Professor, Computer Science and Engineering Department, Lehigh University.

Separately noted.

Consistency in Non-Transactional Distributed Storage Systems | Viotti, Vukolić

Paolo Viotti (URECOM), Marko Vukolić (IBM); Consistency in Non-Transactional Distributed Storage Systems; arciv:1512.00168; 2016-04-12; 46 pages.


Over the years, different meanings have been associated to the word consistency in the distributed systems community. While in the ’80s “consistency” typically meant strong consistency, later defined also as linearizability, in recent years, with the advent of highly available and scalable systems, the notion of “consistency” has been at the same time both weakened and blurred.

In this paper we aim to fill the void in literature, by providing a structured and compre- hensive overview of different consistency notions that appeared in distributed systems, and in particular storage systems research, in the last four decades. We overview more than 50 different consistency notions, ranging from linearizability to eventual and weak consistency, defining precisely many of these, in particular where the previous definitions were ambiguous. We further provide a partial order among different consistency predicates, ordering them by their semantic “strength”, which we believe will reveal useful in future research. Finally, we map the consistency semantics to different practical systems and research prototypes.

The scope of this paper is restricted to non-transactional semantics, i.e., those that apply to single storage object operations. As such, our paper complements the existing surveys done in the context of transactional, database consistency semantics.

Making Privacy Concrete (Three Words Not Usually Found Together) | NSTIC

Making Privacy Concrete (Three Words Not Usually Found Together); nstic a.k.a. Sean Brooks, Mike Garcia, Naomi Lefkovitz, Suzanne Lightman, Ellen Nadeau; In Some Blog of Gov Delivery; 2017-01-04.

NIST-IR 8062, An Introduction to Privacy Engineering and Risk Management, Sean Brooks, Mike Garcia, Naomi Lefkovitz, Suzanne Lightman, Ellen Nadeau; NIST Internal Report; National Institute of Standards and Technology (NIST), Department of Commerce, United States, 2017-01; 49 pages; NIST.IR.8062

Table of Contents

Executive Summary

  1. Introduction
    1. Purpose and Scope
    2. Audience
    3. Organization of this Document
  2. An Engineering Approach to Privacy
    1. The Relationship Between Information Security and Privacy
    2. Privacy Problems and Systems
    3. Defining Privacy Engineering
      1. 1 The Applicability of Systems Engineering
      2. 2 The Utility of Risk Management
  3. Components for Privacy Engineering in Federal Systems
    1. Introducing Privacy Engineering Objectives
      1. Privacy Engineering Objectives and the FIPPs
        1. 1.1 Predictability
        2. 1.2 Manageability
        3. 1.3 Disassociability
    2. Introducing a Privacy Risk Model
      1. 1 Privacy Risk Factors
      2. 2 Privacy Risk Characteristics
        1. 2.1 Data Actions
        2. 2.2 PII
        3. 2.3 Context
  4. Roadmap for Federal Guidance for Privacy Engineering and Risk Management


Appendix A: NIST Development Process
Appendix B: Glossary
Appendix C: Acronyms
Appendix D: References
Appendix E: Examples of Non-Data Breach Privacy Concerns
Appendix F: The Fair Information Practice Principles (FIPPs)

OpenRTB v2.5 | IAB

OpenRTB 2.3.1 (PDF)
Provides an update to the specification addressing two typos:

  • Section 3.2.13 – In the user object, the buyer ID attribute has been corrected to “buyeruid.”
  • Section 4.4 – The ${AUCTION_BID_ID} macro has been corrected to be substituted with the “BidResponse.bidid” attribute.
OpenRTB 2.3 (PDF)
The OpenRTB 2.3 specification provides support for native ads. This is one of the most significant updates to OpenRTB as it allows for native ads to be targeted, optimized, and transacted on programmatically, reducing workload on publishers and advertisers alike. Release highlights include:

  • Native ad placements must be included directly into the impression object in order to be passed through the bidstream.
  • Allows for the inclusion of metadata (title, urls, data, img files) in the native request. The buy side now has the ability to describe the unit that’s being bid on and the supply side is able to define which fields are available and required in order to assemble the native ad.
  • Updates to the style of the document including improved diagrams and revamped table format to support the continued commitment to OpenRTB.
OpenRTB 2.2 (PDF)
OpenRTB 2.2 provided for improved PMP and non-intentional traffic support. With bot traffic becoming an increasing concern to both the buy and sell sides, OpenRTB 2.2 allows for all parties to be able to provide real-time feedback on ads to determine and block non-human traffic. Release highlights include:

  • Support to the allow for the differentiation of secure and nonsecure inventory.
  • Exhaustive Deal ID support for Private Marketplaces
  • Improved backing for new types of mobile and video inventory
  • Ability for buyers to alert sellers in real time about suspected bot traffic
  • COPPA regulation support
OpenRTB 2.1(PDF)OpenRTB 2.1 provided for improved VAST video, tablet and location targeting support. Release highlights include:

  • IAB Tier-2 category support
  • Recognition of tablet inventory
  • VAST video across RTB;  the video object must represent an impression as either banner, video or both
  • Location source support; differentiation of GPS derived and zip code value targeting
OpenRTB 2.0(PDF)OpenRTB 2.0 provided unified support for display, mobile, and video capabilities. This was a significant step forward for programmatic as allows for the harmonization of mobile and desktop advertising. Release highlights include:

  • VAST ad unit support
  • Improved geographical data definition
  • Increased cross-channel support for mobile and desktop through a common API language.
  • Improved 3rd party data segment support for audience targeting
  • Enhanced attribution support; inclusion of device IDs in mobile & mobile app parameters

Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s Cyber Dependencies | Danzig (CNAS)

Richard J. Danzig; Surviving on a Diet of Poisoned Fruit Reducing the National Security Risks of America’s Cyber Dependencies; Center for a New American Security; 2014-07; 64 pages; landing.

tl;dr → a metaphor for an ambivalent relationship with the technical platforms upon which all things depend.  Writ large into the relationship with the supply chain that we do not control and is inimical to our interests..

Executive Summary

<quote><snip/> In sum, cyber systems nourish us, but at the same time they weaken and poison us.</quote>

Separately noted.