12 posts
Netflix talks about the security and performance implications of rolling out TLS 1.3. Seeing a 8.2% improvement in play delay at the 95% percentile—not too shabby!
After a recent flurry of worry online around a CSS keylogger, Jake points out the real issue (emphasis mine):
Some folks called for browsers to 'fix' it. Some folks dug a bit deeper and saw that it only affected sites built in React-like frameworks, and pointed the finger at React. But the real problem is thinking that third party content is 'safe'.
A fantastic job by Eric showing the various limitations of HTTPS and why, while it may be important, it is just one small aspect of keeping your site secure.
Paul shares how he was able to get his CSP working with nonce values and service workers.
By now I think it's become pretty clear that we haven't done a great job of educating people about the security and privacy implications of the technology they use. Much of the information around these topics tends to lean more towards fear-mongering than towards providing actionable advice and hope.
The Privacy Paradox, a five-part series of podcasts done by Note to Self, does an excellent job of explaining what the risks are and what can be done about it. The episodes are short and actionable: each spends some time on a privacy risk followed by a specific "challenge" you can do to take back a little control. Well worth a listen.
Fantastic breakdown about the different "zones of death" in the browser. It really hammers home the importance, and difficulty, of designing for security.
I really like the idea behind SimplySecure—focusing on making security more intuitive and usable. There's a long history of usability and security being at odds and they're doing some good work to try and fix that.
This discussion with them about how designers can improve the state of security and privacy online is well worth a read.