- Authors:
- Finn Brunton,
- Helen Nissenbaum
With Obfuscation, Finn Brunton and Helen Nissenbaum mean to start a revolution. They are calling us not to the barricades but to our computers, offering us ways to fight today's pervasive digital surveillance -- the collection of our data by governments, corporations, advertisers, and hackers. To the toolkit of privacy protecting techniques and projects, they propose adding obfuscation: the deliberate use of ambiguous, confusing, or misleading information to interfere with surveillance and data collection projects. Brunton and Nissenbaum provide tools and a rationale for evasion, noncompliance, refusal, even sabotage -- especially for average users, those of us not in a position to opt out or exert control over data about ourselves. Obfuscation will teach users to push back, software developers to keep their user data safe, and policy makers to gather data without misusing it. Brunton and Nissenbaum present a guide to the forms and formats that obfuscation has taken and explain how to craft its implementation to suit the goal and the adversary. They describe a series of historical and contemporary examples, including radar chaff deployed by World War II pilots, Twitter bots that hobbled the social media strategy of popular protest movements, and software that can camouflage users' search queries and stymie online advertising. They go on to consider obfuscation in more general terms, discussing why obfuscation is necessary, whether it is justified, how it works, and how it can be integrated with other privacy practices and technologies.
Cited By
Zhang L, Stangl A, Sharma T, Tseng Y, Xu I, Gurari D, Wang Y and Findlater L Designing Accessible Obfuscation Support for Blind Individuals’ Visual Privacy Management Proceedings of the CHI Conference on Human Factors in Computing Systems, (1-19)- Kolovson S, So S and Munson S (2024). Using Speculative Design to Understand Preferred Futures for the Design and Use of Tracking Data in U.S. College Sport Teams, Proceedings of the ACM on Human-Computer Interaction, 8:CSCW1, (1-35), Online publication date: 17-Apr-2024.
- Logas J, Garg P, Arriaga R and Das S (2024). The Subversive AI Acceptance Scale (SAIA-8): A Scale to Measure User Acceptance of AI-Generated, Privacy-Enhancing Image Modifications, Proceedings of the ACM on Human-Computer Interaction, 8:CSCW1, (1-43), Online publication date: 17-Apr-2024.
- Al Jurdi W, Abdo J, Demerjian J and Makhoul A (2024). Group Validation in Recommender Systems: Framework for Multi-layer Performance Evaluation, ACM Transactions on Recommender Systems, 2:1, (1-25), Online publication date: 31-Mar-2024.
- Liao G, Chen X and Huang J (2023). Privacy Protection Under Incomplete Social and Data Correlation Information, IEEE/ACM Transactions on Networking, 31:6, (2515-2528), Online publication date: 1-Dec-2023.
- Losh E Are You the Main Character? Proceedings of the 34th ACM Conference on Hypertext and Social Media, (1-5)
- Kim H and Lim Y Investigating How Users Design Everyday Intelligent Systems in Use Proceedings of the 2023 ACM Designing Interactive Systems Conference, (702-711)
- Bergman A, Hendricks L, Rauh M, Wu B, Agnew W, Kunesch M, Duan I, Gabriel I and Isaac W Representation in AI Evaluations Proceedings of the 2023 ACM Conference on Fairness, Accountability, and Transparency, (519-533)
- Elagroudy P, Khamis M, Mathis F, Irmscher D, Sood E, Bulling A and Schmidt A Impact of Privacy Protection Methods of Lifelogs on Remembered Memories Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems, (1-10)
- Smart M, Sood D and Vaccaro K (2022). Understanding Risks of Privacy Theater with Differential Privacy, Proceedings of the ACM on Human-Computer Interaction, 6:CSCW2, (1-24), Online publication date: 7-Nov-2022.
- Alharbi R, Brewer R and Schoenebeck S (2022). Understanding Emerging Obfuscation Technologies in Visual Description Services for Blind and Low Vision People, Proceedings of the ACM on Human-Computer Interaction, 6:CSCW2, (1-33), Online publication date: 7-Nov-2022.
- Pierce J, Weizenegger C, Nandi P, Agarwal I, Gram G, Hurrle J, Liao H, Lo B, Park A, Phan A, Shumskiy M and Sturlaugson G Addressing Adjacent Actor Privacy: Designing for Bystanders, Co-Users, and Surveilled Subjects of Smart Home Cameras Proceedings of the 2022 ACM Designing Interactive Systems Conference, (26-40)
- Khamis M, Farzand H, Mumm M and Marky K DeepFakes for Privacy: Investigating the Effectiveness of State-of-the-Art Privacy-Enhancing Face Obfuscation Methods Proceedings of the 2022 International Conference on Advanced Visual Interfaces, (1-5)
- Elsden C, Chatting D, Duggan M, Dwyer A and Thornton P Zoom Obscura: Counterfunctional Design for Video-Conferencing Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems, (1-17)
- Roemmich K and Andalibi N (2021). Data Subjects' Conceptualizations of and Attitudes Toward Automatic Emotion Recognition-Enabled Wellbeing Interventions on Social Media, Proceedings of the ACM on Human-Computer Interaction, 5:CSCW2, (1-34), Online publication date: 13-Oct-2021.
- Goguey F Catch Me If You Can Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems, (1-7)
- Vincent N and Hecht B (2021). Can "Conscious Data Contribution" Help Users to Exert "Data Leverage" Against Technology Companies?, Proceedings of the ACM on Human-Computer Interaction, 5:CSCW1, (1-23), Online publication date: 13-Apr-2021.
- Chasalow K and Levy K Representativeness in Statistics, Politics, and Machine Learning Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency, (77-89)
- Skeba P and Baumer E (2020). Informational Friction as a Lens for Studying Algorithmic Aspects of Privacy, Proceedings of the ACM on Human-Computer Interaction, 4:CSCW2, (1-22), Online publication date: 14-Oct-2020.
- Liao G, Chen X and Huang J (2020). Social-Aware Privacy-Preserving Mechanism for Correlated Data, IEEE/ACM Transactions on Networking, 28:4, (1671-1683), Online publication date: 1-Aug-2020.
- Muller D and Lévy P A Design Approach towards Affording the Trend of Privacy Proceedings of the 2019 on Designing Interactive Systems Conference, (435-446)
- Pierce J Smart Home Security Cameras and Shifting Lines of Creepiness Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, (1-14)
- Schnädelbach H, Jäger N and Urquhart L (2019). Adaptive Architecture and Personal Data, ACM Transactions on Computer-Human Interaction, 26:2, (1-31), Online publication date: 30-Apr-2019.
- Gautam A, Shrestha C, Tatar D and Harrison S (2018). Social Photo-Elicitation, Proceedings of the ACM on Human-Computer Interaction, 2:CSCW, (1-20), Online publication date: 1-Nov-2018.
- Degeling M and Nierhoff J Tracking and Tricking a Profiler Proceedings of the 2018 Workshop on Privacy in the Electronic Society, (1-13)
- Liao G, Chen X and Huang J Social-Aware Privacy-Preserving Correlated Data Collection Proceedings of the Eighteenth ACM International Symposium on Mobile Ad Hoc Networking and Computing, (11-20)
- Barn B and Barn R Towards a unified conceptual model for surveillance theories Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Society, (71-80)
- Pierce J and DiSalvo C Addressing Network Anxieties with Alternative Design Metaphors Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, (1-13)
- Ahmed S, Haque M, Chen J and Dell N (2017). Digital Privacy Challenges with Shared Mobile Phone Use in Bangladesh, Proceedings of the ACM on Human-Computer Interaction, 1:CSCW, (1-20), Online publication date: 6-Dec-2017.
- Hussain F, Mostafa M and Usmonova D Digital Walking Dead Proceedings of the Ninth International Conference on Information and Communication Technologies and Development, (1-5)
- Pangrazio L and Selwyn N 'My Data, My Bad ...' Proceedings of the 8th International Conference on Social Media & Society, (1-5)
- Pierce J and DiSalvo C Dark Clouds, Io&#!+, and [Crystal Ball Emoji] Proceedings of the 2017 Conference on Designing Interactive Systems, (1383-1393)
- Choi J, Larson M, Li X, Li K, Friedland G and Hanjalic A The Geo-Privacy Bonus of Popular Photo Enhancements Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval, (84-92)
- Ahmed S, Haque M, Guha S, Rifat M and Dell N Privacy, Security, and Surveillance in the Global South Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, (906-918)
- Capurro R (2017). Digitization as an ethical challenge, AI & Society, 32:2, (277-283), Online publication date: 1-May-2017.
- Giacobazzi R, Mastroeni I and Dalla Preda M (2017). Maximal incompleteness as obfuscation potency, Formal Aspects of Computing, 29:1, (3-31), Online publication date: 1-Jan-2017.
- Van Kleek M, Murray-Rust D, Guy A, O'Hara K and Shadbolt N Computationally Mediated Pro-Social Deception Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, (552-563)
Index Terms
- Obfuscation: A User's Guide for Privacy and Protest
Recommendations
Obfuscation: The Hidden Malware
A cyberwar exists between malware writers and antimalware researchers. At this war's heart rages a weapons race that originated in the 80s with the first computer virus. Obfuscation is one of the latest strategies to camouflage the telltale signs of ...
Malware Obfuscation Techniques: A Brief Survey
BWCCA '10: Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and ApplicationsAs the obfuscation is widely used by malware writers to evade antivirus scanners, so it becomes important to analyze how this technique is applied to malwares. This paper explores the malware obfuscation techniques while reviewing the encrypted, ...
Malware Obfuscation through Evolutionary Packers
GECCO Companion '15: Proceedings of the Companion Publication of the 2015 Annual Conference on Genetic and Evolutionary ComputationA malicious botnet is a collection of compromised hosts coordinated by an external entity. The malicious software, or malware, that infect the systems are its basic units and they are responsible for its global behavior. Anti Virus software and ...
Edgar R. Weippl
On its first page, the book makes a strong point about wanting to start a revolution: "not a big revolution-at least, not at first." Throughout the book, the authors explore how obfuscation has been, is, and can be used to improve the privacy of individuals. In the first part, the authors give a wide range of examples of how obfuscation has been used and what different aspects of system interaction can be considered to be obfuscation. Radar systems detecting enemy aircraft have been fooled by chaff. This type of attack is easy because the target system is well understood. Other examples relate to Twitter, using specific popular hashtags with otherwise unrelated content to make it impossible to follow a specific topic. In this case, I see no clear distinction between what the authors still consider obfuscation and a high-level/application-level form of denial-of-service attack. This section of the book is very useful and entertaining to almost everyone because it contains a wide range of well-chosen examples and clearly illustrates the power of ambiguity. In the second part, the authors address three main questions: Why is obfuscation necessary__?__ What are the ethical questions when using obfuscation__?__ Will obfuscation work__?__ In chapter 3, the necessity for obfuscation is well argued, again based on examples. The examples are similar to the TV series Person of Interest . An interesting side step, in Section 3.4, is to the works of James C. Scott; this adds two new books to my to-read pile. Chapter 4 takes up the discussion on whether using obfuscation is actually ethical. Obfuscation involves lying, and wasting resources by creating additional and unnecessary distracting data; people using obfuscation may be accused of being free riders. They use services without "paying" by giving their real data; these services are only offered because others still pay by giving their data. There are clearly no definite answers to this topic, but the authors do an excellent job in providing a balanced view even though they clearly advocate using obfuscation. Finally, in the last chapter, the authors show that obfuscation can be used to "buy time," "provide cover," and add plausible deniability. As we know from the famous article "On the (Im)possibility of Obfuscating Programs" [1], there are limitations to what obfuscation can do; however, the authors show how it can be a useful tool in specific situations. The book is an entertaining read. It does not contain technical details or any concrete recommendations on how to use specific tools in a correct way. It is not a technical guide. It is a good read that gets novices thinking about this topic and that gives experts an excellent collection of examples for their own work. More reviews about this item: Amazon , BCS , Goodreads Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.