Translucent Databases 2Nd Edition: Confusion, Misdirection, Randomness, Sharing, Authentication And Steganography To Defend Privacy

Author: Peter Wayner
5.0
This Month Hacker News 1

Comments

by specialist   2021-05-23
At the field and record level? Sufficient to guarantee privacy?

Never store PII as cleartext, akin to proper password storage.

Translucent Databases https://www.amazon.com/gp/product/1441421343

Encrypting databases, file systems, and backups remain necessary, but insufficient.

by specialist   2020-10-31
Data at rest must be encrypted.

Field level encryption. Just like password files. Salt and hash any potentially identifying information.

Translucent Databases shows how. https://www.amazon.com/gp/product/1441421343

Source: Created some of the first medical records digital exchanges (NYCLIX, BHIX, etc) in the mid 2000s. Worked very hard to figure out how to protect patient privacy. This breach and subsequent blackmailing was one of our nightmare scenarios. FWIW, nothing (nothing) has improved since.

by specialist   2020-05-27
Exactly.

Just like a password wallet. Store the hash of passwords, not the actual passwords. Then disallow password resets.

Then you effectively "forget" your account if you lose your password.

The book Translucent Databases (2nd ed) [2009] explains clever strategies for applying this technique to protect sensitive data. It's brilliant.

https://www.wayner.org/node/39

https://www.amazon.com/gp/product/1441421343

Meta: I remain disappointed by the obscurity of this book and translucent techniques. A long time friend recently asked me about GDPR compliance and so forth, in prep for reworking stuff to allow proper audits. Very tech savvy. The translucent notions just could not compute. So their efforts went down the conventional rabbit hole of actually deleting data. Which I don't consider practical or auditable. How can you be sure an org deleted every record, log, backup, etc? You can't.