Sans Big Tech Part 3: Security in the personal cloud

In Part 2 of this series, I explained why I went about setting up my personal cloud server as the first step to freeing myself from dependence on Big Tech. The first comment on this was by Suhan Saha (this comment has apparently disappeared from Facebook now): The biggest disadvantage of private cloud is IT-Security… Continue reading Sans Big Tech Part 3: Security in the personal cloud

Aadhaar and signing a blank sheet of paper redux

The Aadhaar abuse that I described a year ago as a hypothetical possibility a year ago has indeed happened in reality. In July 2017, I described the scenario in a blog post as follows: That is when I realized that the error message that I saw on the employee’s screen was not coming from the… Continue reading Aadhaar and signing a blank sheet of paper redux

Why Aadhaar transaction authentication is like signing a blank paper

Using Aadhaar (India’s biometric authentication system) to verify a person’s identity is relatively secure, but using it to authenticate a transaction is extremely problematic. Every other form of authentication is bound to a specific transaction: I sign a document, I put my thumb impression to a document, I digitally sign a document (or message as… Continue reading Why Aadhaar transaction authentication is like signing a blank paper

The blockchain as an ERP for a whole industry

In the eight years since Satoshi Nakomoto created Bitcoin, there has been a lot of interest in applying the underlying technology, the blockchain, to other problems in finance. The blockchain or the Distributed Ledger Technology (DLT) as it is often called brings benefits like Byzantine fault tolerance, disintermediation of trusted third parties and resilience to… Continue reading The blockchain as an ERP for a whole industry

Responding to Volkswagen: open data and open source

Earlier this week, I wrote a piece in the Mint arguing that when big firms such as Volkswagen use software to cheat their customers, the regulatory response should focus on open data and open source so that consumers can verify whatever the big firms are telling them. After writing this piece, I have been thinking… Continue reading Responding to Volkswagen: open data and open source

Digital wills and printable password vaults

Digital Wills Digital wills are mechanisms that determine who has access to our digital data after death. One of the critical challenges for transmitting online and offline digital data is the transmission of passwords. Offline digital data is the data in our laptops and various storage devices. Transmitting this data is relatively easy because the… Continue reading Digital wills and printable password vaults

SMS does not provide true two factor authentication

I am a strong supporter of two factor authentication (2FA), and I welcomed the idea of a one time password sent by SMS when it was introduced in India a few years ago. But gradually I have become disillusioned because SMS is not true 2FA. Authentication is a problem that humanity has faced for centuries;… Continue reading SMS does not provide true two factor authentication

Online submission in an offline examination

This might seem impossible, but the magic of cryptography makes many things possible. For many years now, my examinations have followed the open book and open laptop model. However, to prevent collaboration, the Internet is disabled by switching off the WiFi network inside the examination hall. This means that it is not possible for the… Continue reading Online submission in an offline examination