Popular Apps Share Intimate Details About You With Dozens of Companies​
January 14, 2020 | Thomas Germain, Consumer Reports

Many of the companies involved make money compiling details about individual consumers to build comprehensive profiles in order to target personalized ads. “However, there are increasingly other uses beyond targeted advertising,” says Serge Egelman, a digital security and privacy researcher at the University of California, Berkeley, who studies how apps gather consumer data.

Apple Takes a (Cautious) Stand Against Opening a Killer’s iPhones
January 14, 2020 | Jack Nicas and Katie Benner, New York Times

“The iPhone 5 is so old, you are guaranteed that Grayshift and Cellebrite can break into those every bit as easily as Apple could,” said Nicholas Weaver, a lecturer at the University of California, Berkeley, who has taught iPhone security.

Privacy International leads revolt over Android ‘bloatware’
January 13, 2020 | Jamie Davies,

In July, International Computer Science Institute (ICSI) researchers said numerous apps could easily circumnavigate Android’s privacy protections.

Serge Egelman, a research director at the University of California–Berkeley’s International Computer Science Institute, points out that the campaign wouldn’t have to buy location data collected through another third-party app if a supporter just downloads the official app. “It eliminates the middle man,” said Egelman. “If you just do it all yourself, that’s obviously a lot cheaper.”

“Consumers aren’t given the information they need to make informed decisions, and the entities supplying that information are not incentivized to give them accurate or useful information,” Serge Egelman, research director of the Usable Security & Privacy Group at the International Computer Science Institute, told Recode.

CrowdStrike, Ukraine, and the DNC server: Timeline and facts​
December 03, 2019 | Cynthia Brumfield, CSO

Nicholas Weaver, a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California, tells CSO that “Russia's hacking of the DNC and Podesta is cloaked in only ‘implausible deniability.’ Those who want to convince themselves otherwise are simply willfully ignoring the mountains of evidence. The only reason to do that is to admit the truth is to go up against the President's personal delusions.”

Encryption and Combating Child Exploitation Imagery​
October 23, 2019 | Nicholas Weaver, Lawfare Blog (ICSI)

The current systems for detecting these child exploitation images rely on bulk surveillance by private companies, and even the most cursory encryption—with “exceptional access” or no—will eliminate this surveillance. If the government is serious about policy changes designed to keep this detection capability in the face of encryption, however, the best policy is not to weaken communication security but instead to mandate endpoint scanning of images as they appear on phones and computers.

China is rolling out a 5G network faster than anyone else
September 26, 2019 | Gwynn Guilford, MSN Money

“Having [supply chain] codependency was useful because it allowed us to at least somewhat enforce sanctions against Iran and North Korea and stuff like that,” [Nicholas Weaver, a computer security expert at the International Computer Science Institute] says. “But a full-on balkanization means that in the future we won’t be able to do that.”

Nicholas Weaver, a researcher at UC Berkeley's International Computer Science Institute, summed up much of this criticism by tweeting: “The thing that bugs me most about Apple these days is that they are all-in on the Chinese market and, as such, refuse to say something like ‘A government intent on ethnic cleansing of a minority population conducted a mass hacking attack on our users.’"

Nicholas Weaver of the International Computer Science Institute at the University of California-Berkeley has some doubts. "Not only is [Grant's approach] not optimal for factoring (the number sieve algorithm is substantially better)," he told me, "but the discrete log problem, on which the other major public key algorithms [including elliptic curve] are based, is not solved by factoring at all."