transparency – Noise

Keeping the Internet fast and secure: introducing Merkle Tree Certificates

Luke Valenta — Tue, 28 Oct 2025 13:00:00 +0000

Cloudflare is launching an experiment with Chrome to evaluate fast, scalable, and quantum-ready Merkle Tree Certificates, all without degrading performance or changing WebPKI trust relationships.

A next-generation Certificate Transparency log built on Cloudflare Workers

Luke Valenta — Fri, 11 Apr 2025 13:00:00 +0000

Learn about recent developments in Certificate Transparency (CT), and how we built a next-generation CT log on top of Cloudflare's Developer Platform.

Cloudflare’s 2024 Transparency Reports – now live with new data and a new format

Abby Vollmer — Fri, 28 Feb 2025 14:00:00 +0000

Cloudflare’s 2024 Transparency Reports are now live — with new topics, new data points, and a new format, consistent with the EU’s Digital Services Act

Spying through Push Notifications

Bruce Schneier — Thu, 07 Dec 2023 12:02:07 +0000

When you get a push notification on your Apple or Google phone, those notifications go through Apple and Google servers. Which means that those companies can spy on them—either for their own reasons or in response to government demands.

Sen. Wyden is trying to get to the bottom of this:

In a statement, Apple said that Wyden’s letter gave them the opening they needed to share more details with the public about how governments monitored push notifications.

“In this case, the federal government prohibited us from sharing any information,” the company said in a statement. “Now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”...

Goodbye, section 2.8 and hello to Cloudflare’s new terms of service

Eugene Kim — Tue, 16 May 2023 13:00:55 +0000

We’re excited to announce new updates that will modernize our terms of service and hopefully cut down on customer confusion and frustration.

Large Language Models and Elections

Bruce Schneier — Thu, 04 May 2023 10:45:30 +0000

Earlier this week, the Republican National Committee released a video that it claims was “built entirely with AI imagery.” The content of the ad isn’t especially novel—a dystopian vision of America under a second term with President Joe Biden—but the deliberate emphasis on the technology used to create it stands out: It’s a “Daisy” moment for the 2020s.

We should expect more of this kind of thing. The applications of AI to political advertising have not escaped campaigners, who are already “pressure testing” possible uses for the technology. In the 2024 presidential election campaign, you can bank on the appearance of AI-generated personalized fundraising emails, text messages from chatbots urging you to vote, and maybe even some deepfaked campaign ...

Facebook Has No Idea What Data It Has

Bruce Schneier — Thu, 08 Sep 2022 15:14:57 +0000

This is from a court deposition:

Facebook’s stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within. The hearing amounted to two high-ranking engineers at one of the most powerful and resource-flush engineering outfits in history describing their product as an unknowable machine...

Vendors are Fixing Security Flaws Faster

Bruce Schneier — Wed, 16 Feb 2022 13:00:59 +0000

Google’s Project Zero is reporting that software vendors are patching their code faster.

tl;dr

In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago.
In addition to the average now being well below the 90-day deadline, we have also seen a dropoff in vendors missing the deadline (or the additional 14-day grace period). In 2021, only one bug exceeded its fix deadline, though 14% of bugs required the grace period.
Differences in the amount of time it takes a vendor/product to ship a fix to users reflects their product design, development practices, update cadence, and general processes towards security reports. We hope that this comparison can showcase best practices, and encourage vendors to experiment with new policies. ...