28 June 2008

Is your e-mail bring transparently modified?

Revealing Errors brought attention to "medireview" and "clbuttic", two instances where automated systems were known to silently make substitutions for certain words in e-mails or other documents. (These attempts were figured out because the software was quite ineptly designed, often making substitutions for offensive strings like "ass" even when they were not surrounded by word boundaries, thereby creating many nonsensical words.)

This sort of technique is often used to prevent XSS attacks or to substitute offensive words with innocuous ones. But there may be much subtler applications of this technique with more nefarious motives. One could imagine that this could be used for censorship, and to shape or interfere with certain kinds of discourse.

The fact that these sorts of techniques are now known to be widespread (even if they are not generally malicious) might encourage more people to digitally sign their email with programs like GPG.

No comments:

Post a Comment