Serge Egelman
LightNews LightNews
banner
v0max.bsky.social
Serge Egelman
@v0max.bsky.social
1.8K followers 900 following 930 posts

Scientist. Dir. of Usable Security & Privacy at the International Computer Science Institute (icsi.berkeley.edu). Founder, AppCensus (appcensus.io). All opinions are those of his employer(s), and not his own.

https://www.guanotronic.com/~serge/ .. more

Videos
Computer science 55%
Sociology 15%
Posts Replies Media Videos

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 13h
Someone really needs to create Monopsony, the board game in which everyone plays a competing government contractor!

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 3d
Up until this moment, I had completely forgotten that this is a real product that exists.

Thanks.

Reposted by Serge Egelman

chrisdillow.bsky.social
Chris Dillow @chrisdillow.bsky.social · 3d
This BBC drivel was parodied 44 years ago by Alexander Cockburn: harpers.org/archive/1982... It is - literally - beyond parody.

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 4d
Someone absolutely needs to calculate the correlation between this graph and threats to invade other countries.
schooley.bsky.social Schooley @schooley.bsky.social · 4d
I went there to look for this and got sidetracked.
Epstein Google trends looks like a seismograph

Reposted by Serge Egelman

schooley.bsky.social
Schooley @schooley.bsky.social · 4d
I went there to look for this and got sidetracked.
Epstein Google trends looks like a seismograph

Reposted by Lisa W. Fazio, Amir Attaran, Serge Egelman , and 4 more

kashana.blacksky.app
Kashana @kashana.blacksky.app · 5d
30 years ago they were like we have to ban song lyrics for the children but it’s full steam ahead for the here’s how to do drugs until you die machine
drewmagary.bsky.social Drew Magary @drewmagary.bsky.social · 6d
“ChatGPT started coaching Sam on how to take drugs, recover from them and plan further binges. It gave him specific doses of illegal substances, and in one chat, it wrote, ‘Hell yes—let’s go full trippy mode’”
www.sfgate.com/tech/article...
A Calif. teen trusted ChatGPT for drug advice. He died from an overdose.
"Who on earth gives that advice?"
www.sfgate.com

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 6d
There’s a huge misconception about what IRBs in the US actually do: it’s not a complete ethics review! And it only applies in very narrow circumstances.

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 6d
When life gives you salmon roe, make pappardelle!
Bowl of pappardelle with a cream fraiche sauce with lox, salmon roe, and parsley.

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 6d
So 2026 isn't shaping up to be *all* that bad: ten years ago I assumed I would never get to see Rush live, but now I just got tickets to see them—well, 2/3 of them—in October!

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
Federal elections aren’t changeable without amending the constitution.

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
Sure, again, it’s great that they did this!

It’s just not a complete solution and people need to be cognizant of that.

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
I’ve been avoiding posting drafts online until it was actually published (honestly have no idea when, we submitted the final draft in October).

Send me an email, I’m happy to share it privately.

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
Don’t get me wrong, it’s great that CPPA is doing this! But a more complete solution needs to involve allowing consumers to prevent nonconsensual data collection/sharing from ever starting.

The burden in all of this also shouldn’t be on consumers.

10/10

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
My point here is that many of the data brokers trafficking in consumer data are not registered in California, many are fly-by-night operations, and frankly, aren’t paragons of integrity.

Asking—only the ones known about—to delete data post hoc is closing the barn door after the horse has left.

9/

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
I explained to the IRB that it would therefore be highly misleading to tell people they can delete their data by using these services. This was persuasive. (They relented and allowed us to name the actual data brokers and include specific links to their individual deletion request instructions).

8/

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
Many of these services list all of the data brokers to which they’ll send deletion requests. I observed that there wasn’t a single service that I could find that included all of the data brokers that we actually acquired data from.

7/

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
As a compromise, IRB suggested we instead offer to pay for subscriptions to bulk deletion services. Many of these exist; they claim to send deletion requests to multiple data brokers on a subscriber’s behalf.

I entertained this idea and spent a few days evaluating half a dozen such services.

6/

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
However, I felt it was important to tell people that because we wanted to include links for them to request those data brokers delete their data, if they so chose. (This is a right that’s existed under CCPA since enactment.)

I also wanted to ask people if they planned to exercise that right.

5/

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
Getting IRB approval for the survey took 6 months, not because the IRB was concerned with any harm to humans, but because they were worried if we told people the names of the data brokers selling their data, the data brokers might [baselessly] sue the university.

4/

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
We were able to reidentify 97% of the individuals in the dataset (showing it’s not anonymous).

None of that required IRB approval (i.e., humans weren’t the subject of the experiment).

Emailing the reidentified humans to ask about their recollections of consenting to these sales, however, did.

3/

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
Colleagues and I recently completed a study (to be published in the next few months in the Yale Journal of Law and Technology) in which we evaluated data brokers’ claims: we acquired several million rows from data brokers selling data they claimed to be anonymous and collected with consent.

2/

Reposted by Jessica Vitak, Daniel Zappala

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
Those in California can now go here to request that data brokers delete their data: privacy.ca.gov/drop/

This is a good thing, however, it’s far from a complete solution. 🧵

1/
Delete request and opt-out platform (DROP)
Protect your personal information. Data brokers collect, share, and sell your personal information. You can stop that from happening.
privacy.ca.gov

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
And realistically, it’s going to go about as well as either the Sandwich Guy or Comey indictments.
iwriteok.bsky.social Robert Evans (the Only Robert Evans) @iwriteok.bsky.social · 8d
If Maduro is in custody my expectation is the admin will try to hold Dumb Nuremberg. They'll make it a judicial referendum on fentanyl and try to blame Maduro for the deaths from the opiate crisis.

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 8d
So, umm, I know this is a common refrain, but, at what point does congress step in and stop this?

Reposted by Serge Egelman

iwriteok.bsky.social
Robert Evans (the Only Robert Evans) @iwriteok.bsky.social · 8d
If Maduro is in custody my expectation is the admin will try to hold Dumb Nuremberg. They'll make it a judicial referendum on fentanyl and try to blame Maduro for the deaths from the opiate crisis.

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 10d
After my older daughter (3yo at the time) had me paint her room purple, I’d regularly enter and sing “purple room, purple room.” As a result, it’s become one of her favorite songs a few years later.

However, when she wants me to put the record on, I have to discreetly skip over Darling Nikki.
anildash.com Anil Dash @anildash.com · 10d
If you’re discovering (or rediscovering!) Purple Rain thanks to the Stranger Things finale, you’ll want to hear the incredible true story of how the song came to be, through 10-second glimpses over the entire epic track: anildash.com/2014/07/25/i...
I Know Times Are Changing - Anil Dash
A blog about making culture. Since 1999.
anildash.com

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 10d
I was called a stooge for big tech…for being an expert witness *against* Apple (i.e., on behalf of consumers) in this case:

courthousenews.com/judge-approv...

Reposted by Serge Egelman

tomkemp00.bsky.social
Tom Kemp @tomkemp00.bsky.social · 10d
Happy New Year and Happy #DROP Day California! @calprivacy.bsky.social privacy.ca.gov

Reposted by Serge Egelman

anildash.com
Anil Dash @anildash.com · 10d
If you’re discovering (or rediscovering!) Purple Rain thanks to the Stranger Things finale, you’ll want to hear the incredible true story of how the song came to be, through 10-second glimpses over the entire epic track: anildash.com/2014/07/25/i...
I Know Times Are Changing - Anil Dash
A blog about making culture. Since 1999.
anildash.com

v0max.bsky.social
Serge Egelman @v0max.bsky.social · 10d
Happy New Year!

I made tapas!
An entire iberico de bellota, patatas con aioli, chorizo, bacalau croquettes, cheeses, and asparagus with eggs.