Nieuwsoverzicht en Facebook’s toekomst

By 5 mei 2019 januari 29th, 2020 Podcast
Deel dit bericht!

Podcast 29




WebAuthn Becomes a Standard
No More Passwords? WebAuthn Becomes an Official Web Standard (4 maart)


“Now is the time for web services and businesses to adopt WebAuthn to move beyond vulnerable passwords and help web users improve the security of their online experiences,” said Jeff Jaffe, W3C CEO. “W3C’s Recommendation establishes web-wide interoperability guidance, setting consistent expectations for web users and the sites they visit. W3C is working to implement this best practice on its own site.”

Web Authentication: What It Is and What It Means for Passwords(1 december 2017)


The new standard known as Web Authentication, or WebAuthn for short, is a credential management API that will be built directly into popular web browsers. It allows users to register and authenticate with web applications using an authenticator such as a phone, hardware security keys, or TPM (Trusted Platform Module) devices.

This means with devices like a phone or a TPM, where a user can provide us with biometric verification, we can use WebAuthn to replace traditional passwords. Aside from user verification, we can also confirm ‘user presence.’ So if users have a U2F token like a Yubikey, we can handle that second factor of authentication through WebAuthn API as well.

Podcast 17: FIDO2 en Ubikey 5 (24 september 2018)
Ik heb hier al een podcast aan gewijd.

Facebook and Passwords
Facebook Caught Asking Some Users Passwords for Their Email Accounts (3 april)


Facebook has been found asking some newly-registered users to provide the social network with the passwords to their email accounts, which according to security experts is a terrible idea that could threaten privacy and security of its users.

Facebook Did Not Securely Store Passwords. Here’s What You Need to Know (21 maart)


Facebook said on Thursday that millions of user account passwords had been stored insecurely, potentially allowing employees to gain access to people’s accounts without their knowledge.

Storing passwords in plain text is a poor security practice. It leaves passwords wide open to cyberattacks or potential employee abuse. A better security practice would have been to keep the passwords in a scrambled format that is indecipherable.

Privacy Is Too Big to Understand
Privacy Is Too Big to Understand (16 april)


You are losing control over your life. When technology governs so many aspects of our lives — and when that technology is powered by the exploitation of our data — privacy isn’t just about knowing your secrets, it’s about autonomy.

At its heart, privacy is about how that data is used to take away our control. Today, our control is chipped away in ways large and small. It may be as innocuous as using your listed preferences, browsing behavior, third-party information about your annual income and a rough understanding of the hours that you’re most susceptible to make a purchase to nudge you toward buying a pair of shoes. Or it may be as potentially life-altering as the inability to get a loan or see a job listing.


Facebook: ‘The Future Is Private’

F8 – The Future is Private

Op 30 april opende Mark Zuckerberg de F8 conferentie met een indrukwekkende presentatie: “The Future is Private”. Facebook moet voelen als de veilige woonkamer, waar wat er gezegd wordt privé blijft. Waar groepen hun ideeën kunnen delen. Ook noemde hij activiteiten die niet op de woonkamer slaan: veilig kunnen betalen en veilig je locatie kunnen delen.

Dit Facebook zegt zijn platform opnieuw te gaan bouwen, op basis van ‘private messaging’, waarbij Mark opmerkt ‘zoals we dat gedaan hebben met WhatsApp’. Hierbij zijn volgens Mark zes principes belangrijk:


  1. Private interactions – helderheid en beschikking over met wie je communiceert;
  2. Encryption – end-to-end encryption – dat hebben we toch al sinds 2016?
  3. Reduced permanence – Facebook zal jouw data niet langer opslaan dan jij wilt;
  4. Safety – ‘We keep you safe’ – wat betekent dat?
  5. Interoperability – voor al je vrienden, op verschillende netwerken en platformen;
  6. Secure data storage – Afsluiten met een organisatorische invulling van principe 1: geen gevoelige data opslaan in probleemlanden.

Dit zegt Facebook, het bedrijf dat zijn geld verdient met het verzamelen en verkopen van informatie over zijn gebruikers. WhatsApp kun je niet eens gebruiken als je je adresboek niet deelt. Hoe dat past in de privacy toekomst heeft Mark het niet over gehad.

A Privacy-Focused Vision for Social Networking

Na de opname vond ik deze blog-post van Mark Zuckerberg. De F8 presentatie was dus niet de eerste keer dat hij deze gedachten uitte.




Security consultant