Weekend Reads 020720

If you follow security on the Internet, you may have seen articles warning you to “beware of public Wi-Fi networks” in cafes, airports, hotels, and other public places. But now, due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was. —Jacob Hoffman-Andrews

You’ve probably heard that public Wi-Fi is dangerous. Advice about avoiding it is almost as widespread as public Wi-Fi itself. Some of this advice is outdated, and public Wi-Fi is safer than it used to be. But there are still risks. —Chris Hoffman

The specifications for DoT (RFC 7858) and DoH (RFC 8484) note the possibility that traffic analysis techniques may be exploited to undermine the privacy provided by these protocols. While such techniques have been successfully demonstrated in multiple scenarios, it is not clear that these classic approaches will work in attacks against encrypted DNS. —Rebekah Houser

Internet pioneer Paul Vixie has a red flag warning for CISOs: a movement toward baking in more privacy for Internet users soon could begin to burn some enterprise security efforts. —Kelly Jackson Higgins

So, you own or are thinking of buying a Ring camera. This post outlines a list of privacy and civil liberties concerns we have with Amazon’s Ring system so that you can be a more informed consumer, or—if you already own a Ring camera—be a more considerate neighbor. —Matthew Guargiglia

Many modern vehicles let owners use the Internet or a mobile device to control the car’s locks, track location and performance data, and start the engine. But who exactly owns that control is not always clear when these smart cars are sold or leased anew. —Krebs on Security

At the USENIX Enigma security conference in San Francisco this week, developers, security researchers, and privacy advocates presented differing views of how browsers should protect their users against data abuses. —Lily Hay Newman

A recent NPR program on the selling of nonprofit .org domain, coming off the heels of MLK Day, underscores the importance of embracing civil discourse and platforms of communication. —Julianne Malveaux

A motley group of powerful companies have their knives out for Section 230, which shields platforms from lawsuits over content posted by users. —David McCabe

Last week in Los Angeles, the team got together once again to continue our Phase 2 work creating policy that will (among other issues) govern the disclosure of non-public registration data to third parties. —Matt Serlin