Brian Dickens writes: > The concept is a HTML5 "jQuery" widget you can put on web forms (any > number of them) which gives the author a redaction pen, to mark out > sensitive portions. The sensitive portions are never sent to the > server, but the rest of it can be. Then a certificate is generated > allowing selective revelation to which parties you wish.
Hi Brian, I'm not sure that you ought to allow people to see the number of redacted characters. I know this looks like a nice user experience, but in other contexts, people have been able to use this information to more readily guess the content of what was redacted. For example, suppose that what's redacted is the name of a person (a witness, victim, or suspect in a crime, for instance). Then a third party can test a hypothesis about the person's identity by seeing if the length of their name matches the length of the redaction. That could be especially damaging if the person's name is unusually short or unusually long. You might also want to encourage people to think about other language-based information leaks when redacting. For example, they may want to redact additional words to avoid revealing whether redacted words start with vowels, and to avoid revealing grammatical categories. -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing the moderator at zakwh...@stanford.edu.