Eric Rescorla

Eric is CTO of the Firefox team at Mozilla.

Analysis of Google’s Privacy Budget Proposal

Fingerprinting is a major threat to user privacy on the Web. Fingerprinting uses existing properties of your browser like screen...

Privacy & Security

Privacy analysis of FLoC

In a previous post, I wrote about a new set of technologies “Privacy Preserving Advertising”, which are intended to allow...

The future of ads and privacy

The modern web is funded by advertisements. Advertisements pay for all those “free” services you love, as well as many...

Internet Policy

Notes on Implementing Vaccine Passports

Now that we’re starting to get widespread COVID vaccination “vaccine passports” have started to become more relevant. The idea behind...

Notes on Addressing Supply Chain Vulnerabilities

Addressing Supply Chain Vulnerabilities One of the unsung achievements of modern software development is the degree to which it has...

What WebRTC means for you

If I told you that two weeks ago IETF and W3C finally published the standards for WebRTC, your response would...

Why getting voting right is hard, Part V: DREs (spoiler: they’re bad)

This is the fifth post in my series on voting systems (catch up on parts I, II, III and IV),...

Why getting voting right is hard, Part IV: Absentee Voting and Vote By Mail

This is the fourth post in my series on voting systems. Part I covered requirements and then Part II and...

Why getting voting right is hard, Part III: Optical Scan

This is the third post in my series on voting systems. For background see part I. As described in part...

Why getting voting right is hard, Part II: Hand-Counted Paper Ballots

In Part I we looked at desirable properties for voting system. In this post, I want to look at the...

Why getting voting right is hard, Part I: Introduction and Requirements

Every two years around this time, the US has an election and the rest of the world marvels and asks...

A look at password security, Part V: Disk Encryption

The previous posts ( I, II, III, IV) focused primarily on remote login, either to multiuser systems or Web sites...

