As a security researcher, Moxie Marlinspike
has played a big role in explaining what can go wrong in using Certificate Authorities
to authenticate SSL traffic, an issue that's been top of mind this year thanks to compromised and faked certificates
. On that front, he's lately come up with a system designed to circumvent CAs entirely
, which means bypassing compromised (or invidious) authorities, rather than trying to patch the CA system.
Another line of research, but not the only one, is mobile security and privacy; his Whisper Monitor Android firewall
, released earlier this year, gives Android users notifications (and fine-grained permissions) when apps — including location-tracking or malware apps — want to make outbound connections. Possibly related: Moxie can also speak first-hand about what new border-search policies mean for travelers, having had his laptop and phones seized
on returning to the U.S. from a trip. (And by the way, he's also an accomplished sailor and film-maker.) Moxie's agreed to answer your questions. Ask as many questions as you'd like, but please, be kind of rewind^wask don't ask unrelated questions in the same post