Data Safety and Information Security

Browser fingerprinting gathers hundreds of data points about your users' devices and browser configurations. But how does it stop fraud, and is it enough?

Browser fingerprinting is a website user identification method. Learn more about what it is, how it works & techniques like audio fingerprinting

Do you own a website and keep getting disturbed by bots? Read the article below to learn how to detect and block bot traffic. Bot traffic, if not contained, can mess up your analytics and even add to your server cost.

Any website can use a simple API to replace CAPTCHAs with our invisible alternative, whether they’re on the Cloudflare network or not.

Credentials are a part of our daily lives; driver's licenses are used to assert that we are capable of operating a motor vehicle, university degrees can be used to assert our level of education, and government-issued passports enable us to travel between countries. The family of W3C Recommendations for Verifiable Credentials, described in this overview document, provides a mechanism to express these sorts of credentials on the Web in a way that is cryptographically secure, privacy respecting, and machine-verifiable.

Demonstration of the WebAuthn specification.

Hello passkeys, goodbye passwords! passkeys.dev is a collection of resources and insights to help you deploy passkeys, including practical user experiences, device ecosystem support, frequently asked questions, and more.

Microsoft, Mozilla, and Google are all implementing the new standard.

This document describes a mechanism for creating, encoding, and verifying digital signatures or message authentication codes over components of an HTTP message. This mechanism supports use cases where the full HTTP message may not be known to the signer and where the message may be transformed (e.g., by intermediaries) before reaching the verifier. This document also describes a means for requesting that a signature be applied to a subsequent HTTP message in an ongoing HTTP exchange.

Disclaimer: Thoughts expressed here are my own, and not of my employers.

You can try the new system out right now.

This tech tests your browser to see if you’re a bot.

The internet infrastructure company has an alternative tool to check whether you’re human—and it doesn’t force you to pick out buses in tiny boxes.

Private Access Tokens are powerful tools that prove when HTTP requests are coming from legitimate devices without disclosing someone's identity. They are simple to set up and test — and so, on Thursday, we're inviting you to try out Private Access Tokens on your own server.

Update 2014-01-17 I'm updating this post to include a slightly revised version of the Pyramid.  The only real change I made was that I adde...

Utilize JA3 with JA3S as a method to fingerprint the TLS negotiation between client and server

What are browser fingerprints? How accurate are they at tracking us? Do they work on smartphones at all?

A Winnipeg man says a little-known program allowed his credit card company to share his credit card number with a merchant before he even had the card himself.

Try Appdome's Unified Mobile App Defense platform, continuous mobile app security, anti-fraud, anti-malware, anti-bot, geo compliance, more in Android & iOS apps in CI/CD.

This blog post introduces an analysis of Digital Identities and their various architectural models. The paper focuses on the impact of identities on the Web and users, particularly on privacy, security, and human rights, the role that Web standardization may play in managing that impact and how collaboration among various stakeholders can mitigate these threats.

An app for scaring away malware

Your work laptop should be for work only, experts warn

Decoupling the authorization module can bring about a host of benefits. But what are the complexities of this approach? And how can they be addressed? In this guide, you can familiarize yourself with the important technical aspects of decoupling authorization.

A guide to the most common access control terms. Learn how to integrate MAC and DAC and RBAC, and how the rise of FGA can help your application access control.

The volume of critical coverage of China's proposed digital ID system in Western media stands in stark contrast to the near-total absence of coverage, critical or otherwise, of digital ID systems being developed by Western governments.

Neatnik Notes

Internet users leave many traces on websites and online services. Measures such as firewalls, VPN connections and browser privacy modes are in place to ensure a certain level of data protection. However, a newly discovered security loophole allows bypassing all of these protective measures.

Our latest research has found that clickable links on websites can often be redirected to malicious destinations. We call these "hijackable hyperlinks" and have found them by the millions across the whole of the web, including on trusted websites.

Protect your photos and videos with Ente - a secure, cross-platform, open source, encrypted photo storage app. Automatic backups, end-to-end encryption, collaborative albums, family plans, free trial, library-sync, 1-click import, human support, locked photos, live photos, descriptions, private sharing, search and more.