This article on TechCrunch reports on a new FireFox plugin called Firesheep that automates the process of taking over another user’s Facebook session.

This is really just an automation of something we demonstrated in the Anonymizer Labs section of our website a while back.

The EFF has an excellent article on eight reasons why government regulation of cryptography is a bad idea.

The short answer is: the bad guys can easily get it and use it anyway, and it will make security for the rest of us much worse (not including the big brother surveillance  and constitutional issues).

Today we are releasing the results of a survey on how people understand the risks of going on-line, and what does and does not work to protect against various threats.

One of the most interesting results was that a significant majority of respondents thought that firewalls provided identity protection on line. While important, they are addressing a very different threat.

More information on our results can be found here.

This WSJ article reports on a new privacy issue with Facebook. It turns out that their application infrastructure allow those applications access to your personal information independent of your privacy settings. They are then able to (and have in many cases been shown to) share that information with third parties. The specific information shared is your Facebook user ID, and in some cases your friend’s user IDs.

Many of the most popular applications have been shown to be sharing this information, including FarmVille, Texas HoldEm Poker and FrontierVille among others.

Technology Firms Back Privacy Bill – WSJ.com

It looks like many technology companies recognize that the writing is on the wall and that some kind of consumer privacy legislation will come down the pipe at some point.

They are endorsing this one (with some suggested changes) because it adopts a self-regulatory program, rather than requiring specific actions.

It is a tricky balance. On the one hand self-regulation is notoriously ineffective and self serving. On the other hand, detailed regulation is almost always out dated before it is passed and does at least as much damage as good.