back to article Profs prep promising privacy-protecting proxy program... Yes, it is possible to build client-server code that safeguards personal info

Computer science boffins from Harvard and MIT have developed a software framework for building web services that respect privacy, provided app developers don't mind a minor performance hit. In a paper scheduled to be presented on Thursday at the USENIX Networked Systems Design and Implementation conference, co-authors Frank …

  1. LDS Silver badge

    Looks like a Rube Goldberg implementation of the "Do Not Track" flag to me...

    ... users will never be able to trust companies eager to slurp their data - unless a law say they can't, and breaking it will trigger big fines and maybe prison time for executives.

    1. LDS Silver badge

      And not that it wasn't attempted before: P3P

      Do you really believe that privacy can have a tech-only solution? And would work without enforcement, on a voluntary base by developers?

      1. Michael Wojcik Silver badge

        Re: And not that it wasn't attempted before: P3P

        This is not even vaguely related to P3P.

        And the point is not that an IFC provides some guarantee to users. An IFC is a mechanism that provides a guarantee, under certain reasonable assumptions, to software developers that their application will obey an information-flow policy. That relieves the application developers of the need to manually review all information flows, and can serve as evidence of both good-faith attempt at compliance and probability of actual compliance.

        The remote-attestation addition to the IFC in Riverbed does provide a guarantee to users, again under reasonable assumptions. It significantly increases the work factor for a malicious server to violate the IFC policy. Some of this is explained in the article, and there is considerable detail in the paper.

        P3P attempted none of that. It's not remotely comparable.

  2. Anonymous Coward
    Anonymous Coward

    great sales department

    Yet another case of US academia bolstering great sales and marketing departments. The idea has been discussed a lot, however the lawyers and legal scholars who should know unnervingly keep insisting that this still is not GDPR compliant, as the data is processed outside of the direct realm of the user (who probably didn't consent, there wouldn't be problems otherwise, anyways).

    US academia is great at making great claims (sometimes backed by some evidence), of course..

  3. Claptrap314 Silver badge
    Black Helicopters

    Send my data to

    Isn't that a shadowy intern-governmental agency set up after the lid was blown off Area 51? They are conducting military operations in civilian areas, and operate their own manufacturing and research facilities, where they sell their exotic technology to the highest bidder with NO oversight.

    Why on earth would anyone want to allow their data to be sent to them?

    1. Michael Wojcik Silver badge

      Re: Send my data to

      Poe's Law is strong with this one.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022