Obfuscation - A User’s Guide to Privacy and Protest

Finn Brunton & Helen Nissenbaum

Published by

The MIT Press

ISBN

9780262029735

RRP

£13.95

Reviewed by

George Williams MBCS CITP

Score

9 out of 10

Obfuscation is the deliberate addition of ambiguous, confusing, or misleading information to interfere with surveillance and data collection.

The underlying driver for considering the deployment of obfuscation techniques is due to asymmetrical relationships, characterized by an imbalance in power in a relationship, especially one in which a weaker force seeks to redress the balance in the relationship with the adversary.

Now you know this, you can start reading...

This short but powerful little book of 100 pages is presented in two sections. It begins with a ‘two-chapter’ section on the vocabulary of obfuscation, and cites many interesting cases of the application of obfuscation techniques such as using chaff to defeat military radar, or filling a channel with noise using twitter bots, through to using excessive documentation to make analysis inefficient.

The second chapter provides many thought provoking and varied examples, including, for example, using software add-ons to click all the advertisements on a web page or swapping loyalty cards to interfere with the analysis of shopping patterns.

The second section helps us to understand obfuscation, consider why it is necessary, if indeed it is justified, and whether it will work. In considering whether obfuscation will work, you need to define your project, and if you want to use obfuscation techniques, you will need to decide which of the six goals below are appropriate:

  • to buy some time
  • to provide cover
  • for deniability
  • to prevent individual exposure
  • to interfere with profiling
  • to express protest

Other questions to consider in your project definition are: is it to be carried out by an individual or does it require collective action; does it matter if your adversary knows or not; is it designed to be directed at a specific adversary (selective) or at a anyone who might be gathering and making use of data about you (general); and finally will it be over a short-term or long-term time-span?

The sheer volume of research that has been required to produce this editorial is well evidenced in the chapter notes towards the end of the book, supplemented by a further bibliography. As you would expect the text is extremely well indexed.

In summary, an enjoyable read, probably best read in two sessions - one section per session.

Further information: The MIT Press

January 2016