On its first page, the book makes a strong point about wanting to start a revolution: “not a big revolution--at least, not at first.” Throughout the book, the authors explore how obfuscation has been, is, and can be used to improve the privacy of individuals.

In the first part, the authors give a wide range of examples of how obfuscation has been used and what different aspects of system interaction can be considered to be obfuscation. Radar systems detecting enemy aircraft have been fooled by chaff. This type of attack is easy because the target system is well understood. Other examples relate to Twitter, using specific popular hashtags with otherwise unrelated content to make it impossible to follow a specific topic. In this case, I see no clear distinction between what the authors still consider obfuscation and a high-level/application-level form of denial-of-service attack. This section of the book is very useful and entertaining to almost everyone because it contains a wide range of well-chosen examples and clearly illustrates the power of ambiguity.

In the second part, the authors address three main questions: Why is obfuscation necessary? What are the ethical questions when using obfuscation? Will obfuscation work?

In chapter 3, the necessity for obfuscation is well argued, again based on examples. The examples are similar to the TV series Person of Interest. An interesting side step, in Section 3.4, is to the works of James C. Scott; this adds two new books to my to-read pile.

Chapter 4 takes up the discussion on whether using obfuscation is actually ethical. Obfuscation involves lying, and wasting resources by creating additional and unnecessary distracting data; people using obfuscation may be accused of being free riders. They use services without “paying” by giving their real data; these services are only offered because others still pay by giving their data. There are clearly no definite answers to this topic, but the authors do an excellent job in providing a balanced view even though they clearly advocate using obfuscation.

Finally, in the last chapter, the authors show that obfuscation can be used to “buy time,” “provide cover,” and add plausible deniability. As we know from the famous article “On the (Im)possibility of Obfuscating Programs” [1], there are limitations to what obfuscation can do; however, the authors show how it can be a useful tool in specific situations.

The book is an entertaining read. It does not contain technical details or any concrete recommendations on how to use specific tools in a correct way. It is not a technical guide. It is a good read that gets novices thinking about this topic and that gives experts an excellent collection of examples for their own work.

More reviews about this item: Amazon, BCS, Goodreads