Tuesday, April 1, 2025

Looking too available is a security risk! The new NIST standard.

NIST IR 8429-DRAFT: Presence Obfuscation in Federated Scheduling Systems

I've always been a little worried about people who post e.g. a Calendly link that shows their full availability and lets you set an appointment. Do you really want to reveal how not-busy you are? Well, apparently the NIST is now warning that it's also a big security risk, and advises a few protocols to obfuscate your true availability. I got my hands on an early draft of the proposal.


🛡️ NIST IR 8429-DRAFT

Presence Obfuscation in Federated Scheduling Systems

Guidelines for Temporal Metadata Minimization in Collaborative Availability Platforms

Issued by: National Institute of Standards and Technology
Prepared by: Information Security & Human Factors Division (IS-HFD)
Document Type: Interagency Report (Draft for Public Comment)
Release Date: April 1, 2025

1. Scope and Purpose

Modern calendaring tools often expose excessive availability to collaborators, contractors, and external partners. These systems—by default—permit observers to view large blocks of unscheduled time, often across multiple days, weeks, or recurring patterns.

While intended to facilitate meeting scheduling, such broad exposure of free/busy data introduces serious risks:

  • Temporal profiling
  • Passive inferences about workload or engagement
  • Social graph deduction via availability overlap
  • Identification of predictable solitude windows

These exposures disproportionately impact individuals with high meeting asymmetry—those who receive more requests than they initiate—and those whose roles rely on maintaining controlled perceptions of demand.

2. Problem Definition

The visibility of extensive availability windows has emerged as a key metadata leakage vector in both organizational and interpersonal contexts. Specifically:

  • Open calendars reveal a subject’s unstructured time density, which may be misinterpreted as low workload or underutilization.
  • Observers may make inferences about social graph positioning based on recurring exclusion from scheduled events.
  • In adversarial contexts, such patterns can even aid in physical vulnerability modeling, including mapping of long-duration solitude intervals.
Note: While this report avoids normative language regarding “perceived busyness,” we recognize it as a functional privacy parameter in professional ecosystems.

3. Mitigation Strategy: Presence Obfuscation Layer (POL-1)

POL-1 is a modular framework for introducing structured ambiguity into exposed calendrical availability, ensuring that observed scheduling surfaces retain semantic plausibility without revealing raw temporal capacity.

It is not a deception system, but rather a context-aware redaction buffer for collaborative environments.

4. System Components

4.1 Observer-Coherent Subset Exposure (OCEP)

Availability is partitioned by observer class (e.g., internal peer, external client, HR metadata node) to ensure deterministic, plausible views that are not cross-correlatable. No single observer can reconstruct the true surface.

4.2 Continuity Entropy Injection (CEI)

Injects plausible placeholder constraints and pseudo-events to avoid the appearance of long unbroken availability, particularly during mid-day periods known to trigger unsolicited booking attempts.

4.3 Foreground Availability Perturbation System (FAPS)

Applies low-amplitude randomization at event boundaries to disrupt timing-based inference attacks. Designed to deflect automated meeting tools and high-frequency schedulers without impeding intentional collaboration.

Note: FAPS may be disabled in constrained or high-determinism scheduling environments (e.g., surgical coordination, launch windows).

4.4 Behavioral Availability Normalization Kernel (BANK)

Aligns exposed availability with industry-standard load models, e.g., “Product Manager (Mid-Level, West Coast)” or “Postdoctoral Researcher (Remote EU).” Useful for avoiding apparent availability outliers that may bias request behavior.

4.5 Fail-Safe Redaction Coherence Module (FRCM)

Final pass verifier that ensures no exposed schedule appears suspiciously empty, implausibly overbooked, or temporally inconsistent with the subject’s graph classification.

5. Application Scenarios

Scenario Exposure Risk Mitigation Stack
Early-career engineer in open scheduling org Appears to have 4–5 open hours/day BANK + CEI + OCEP
Public figure with assistants booking on their behalf High-profile scheduling scrape risk FAPS + FRCM
Remote worker in non-managerial role Pattern of availability invites frequent “quick chats” OCEP + CEI

6. Deployment and Compliance

POL-1 is suitable for deployment across major federated scheduling platforms (CalDAV, Exchange, Google Calendar API v3). Compatibility modules are provided for Outlook Graph Surfaces and GSuite Legacy Redirection endpoints.

Note: Organizations governed by EO 14217 (“Minimum Obfuscation Baselines for Federal Metadata Systems”) must deploy POL-1 or equivalent by Q3 FY25.

7. Availability

A reference implementation of POL-1 is available on the NIST GitHub mirror under a modified FIPS-aware BSD license:
đź“Ž https://github.com/nist-opsec/pol1

"Availability is a feature. Apparent availability is a liability."
— NIST IR 8429-DRAFT, April 1, 2025

Monday, April 1, 2024

Hyperlinks for emails?

It's looking like we could be able to hyperlink to emails soon! No more of this "oh uh check your email for the one I sent at 11:27...". You'll be able to add a link that works just like linking the web!

The IETF is working on their "Parsable Mail Pointer Email Protocol" (PMPEP), and I was able to get an advance copy! Check it out below:

RFC 9869: Parsable Mail Pointer Email Protocol (PMPEP)

Personally, I think they backronymed it from "Per My Previous Email Protocol"...

Edit 4/11: Yes, this was a joke. And apparently it would indeed be enough just to use the messageID. So why hasn't anyone implemented this???

Thursday, February 22, 2024

Setting short-selling straight; or, "But who let you short that?"

You might not be aware, but I've been short-selling some cryptocurrencies. (I would have said "been making money short-selling cryptocurrencies", but ...)

Often people ask some from of, "oh wow, what broker lets you do that?" It's actually an interesting misunderstanding, in that it misses a key insight:

You can short-sell any time you have a debt denominated in that asset.

At that point, you are short the asset. You benefit from anything that makes that asset easier to obtain, and thus extinguish your debt.

In the decentralized finance world, there are platforms (in my case, Compound.finance) that let you deposit some crypto asset A, and borrow some other crypto asset B. Once you do so, and sell B, you are now short-selling B!

The concept applies more generally too: for example, if you owe your friend the favor of helping them move, then you are "short moving services" (because anything that makes moving services cheap, also makes your debt easier to service, at least because you have the option to satisfying by paying a service rather than doing it yourself).

Also, if you borrow US dollars, and spend them, you are "shorting the dollar", although it's usually not talked about in these terms. (You hold a debt denominated in dollars, after having "sold" them for something else, which we generally refer to as "buying".) Although, there was an interesting case where people would borrow USDC (a crypto dollar substitute) and then find out they could be bought back for less than a dollar during the Silicon Valley Bank collapse. Thus making them "accidental short-sellers"!

Sunday, January 28, 2024

A serious paper on bits as Joules per Kelvin

My ramblings about thermodynamics aren't so off-base, it turns out!

Remember this one? From 2009? Where I explained how Joules per Kelvin (energy per unit temperature) is a valid measure of information (or entropy, effectively "missing information"), which is normally measured in bits?

Well, now there's a paper that formalizes that idea and related ones. As the title ("Temperature as Joules per Bit") indicates, it looks at a rearranged version of the same insight (mine was "bits as Joules per temperature"). But, it also goes a lot deeper and derives thermodynamics starting from entropy to understand temperature, rather than the other way around, as is conventionally done.

Related thought: I remember back in that 2009 thermodyanmics/info theory frenzy, one of my goals was rederive the Carnot limit based on information-theoretic considerations -- that is, show it as a simple implication of the amount of knowledge you have about a system in a case where only know the temperature difference. (Naturally, I assumed someone had already done this and tried to find it but it was very hard to google for.)

Background: The Carnot limit tells you the maximum amount of mechanical work ("useful energy") you can extract from heat -- like, through an engine -- and, as it turns out, it's a function of the ratio of absoute temperatures you're working between. You don't face this limit when extracting work from a flywheel (spinning disc with grooves). Inspired by an counterintuitive insight in an Eliezer Yudkowsky LessWrong post, and my thoughts about it, I figured you could draw a more direct line from "knowledge of a temperature difference" to "how much energy is extractable".

Now I'll give it a go with ChatGPT, and post my findings!

Sunday, May 21, 2023

ChatGPT4 refines my argument about fish being bad swimming instructors

I finally splurged for a paid ChatGPT subscription! With access to GPT-4, I asked it to refine my earlier argument about fish being bad swimming instructors. Here's what it gave me:

***

Certainly, let's rework the argument using more scientifically grounded explanations and references:

While it's true that fish, with their adept aquatic abilities, may seem like logical swimming instructors for humans at first glance, upon closer examination, it becomes clear that this is far from practical or effective. Even if we put aside the substantial communication and physical barriers, there are fundamental biological and behavioral differences between fish and humans that pose significant challenges.

Humans are terrestrial, bipedal mammals, and our motor skills and locomotive mechanisms are naturally adapted to this lifestyle. Fish, in contrast, are aquatic creatures designed to maneuver efficiently in water (Webb, P.W., 1982, "Locomotor patterns in the evolution of actinopterygian fishes"). Their ability to swim is an innate behavior, hardwired into their neural circuitry, not a learned skill (Gould, J.L., 1982, "Ethology: The Mechanisms and Evolution of Behavior"). Given this, fish cannot consciously comprehend or articulate the mechanics of their swimming abilities as humans would require in a teaching-learning scenario.

In the field of pedagogy, it is well accepted that the process of teaching involves more than simply demonstrating a skill; it requires an understanding of learning styles, the ability to give and receive feedback, and a degree of self-awareness in the teacher (Boud, D., et al., 1985, "Reflection: Turning Experience into Learning"). Fish, as far as current scientific consensus suggests, lack these cognitive capacities (Butler, A.B., et al., 2005, "Evolution of the Neural Basis of Consciousness: A Bird-Mammal Comparison").

Furthermore, many human skills, including swimming, are learned through a combination of instruction, practice, and feedback (Kirschner, P.A., et al., 2006, "Why Minimal Guidance During Instruction Does Not Work"). This model of learning doesn't align with the unconscious, reflex-driven behaviors seen in fish.

Lastly, it's important to acknowledge the vast physiological differences between humans and fish. Human limbs and fish fins have evolved for different purposes and environments, with humans developing more for grasping and manipulation and fish for efficient aquatic locomotion (Thorsen, D.H., et al., 2004, "Biomechanics of Locomotion in Asian Carp"). These differences are fundamental and cannot be bridged by simple observation or imitation.

In conclusion, despite their swimming prowess, fish cannot be effective swimming instructors for humans due to biological, behavioral, and cognitive differences, as well as practical communication and anatomical obstacles. This argument does not discount the value of observing aquatic creatures to improve our understanding of efficient movement in water, but it's clear that such observation is a far cry from active instruction.

Thursday, August 25, 2022

Extended shower thought: Fish would be bad swimming instructors

Obligatory epistemic status: Speculative and hard to test but falls out an as implication under current worldmodel.

Just a shower thought I've had on my mind for a while:

Fish would be bad swimming instructors (for humans).

This remains true even after adjusting for/overcoming the differences in body types and ability to speak your language.

What do I mean? Well, to be sure, fish are good at swimming. And normally, that's what's you want in a swimming instructor...

...but not here. While fish are good at swimming, they have always been good at swimming. They were deft swimmers before they reached any point of being able to reflect on their selves or what they are doing. They have no appreciation for what it's like not to be a good swimmer.

What does "learning swimming" involve (for humans)?

Fish, being fish, never had to make the transition from being a natural biped to one that has repurposed its body for motion in water, which is what humans have to go through to "learn swimming". They never had to start from a mentality that finds walking somewhat natural -- and swimming somewhat unnatural -- and then adjusts its appendage motion in a way more suited to the latter.

We can imagine any kind of instruction session between fish and humans (as above, appropriately adjusted for language) to be fraught with peril. The fish might try to point out deficiencies that hold back the human. But it has never had to think about such deficiencies, because it has never needed to distinguish between the right way and the wrong way.  It was always just "the way" that came instinctually.

The fish might nearly lash out, frustrated that the human attempts an obviously ineffective means of water locomotion. But it has no idea why those flawed attempts are wrong. They just feel wrong.

The fish will happily demonstrate the "right way", just by doing it. But identifying the difference between its "right way" and "what humans do" would be a learning experience in itself, something it has no natural advantage in, as it was never part of the fish's "learning process for swimming".

The converse is true -- humans would be bad at teaching fish to walk (with the appropriate apparatus) or otherwise move on land. (But note the parallel isn't perfect as humans generally do have to struggle and learn how to walk, but not in any way that involves formal instruction.)

Implications for human-human interaction

So far, this insight feels (and, well, is) just idle speculation. But there are implications for ordinary life.

There will be times when someone is a "natural" at some skill. They're good at it. And that is their only teaching qualification. And they try to teach a non-natural that skill. They are then bad at teaching. The missing piece is the learner's mind is very different from what the natural is capable of filling in. Such a teacher will constantly show them how to do it "right" but not be able to identify the difference between what they're doing and what the learner is -- except by drawing on some kind of unrelated, general intelligence.

(I won't give any specific examples of such a skill, because those become contentious issues in their own right and detract from the general point. But I've definitely been on both sides -- learning from someone who has no understanding why they're good at it, and grasping to communicate something I do without ever thinking about it.)

You can also run into this problem when you become skilled at something. You can sometimes assimilate the skill so well that you are effectively a natural, by forgetting the whole process by which you learned it. You may lose the perspective you had as a beginner and are no longer able to relate to them.

Part of why I enjoy teaching what I know is that I seem unusually resistant to this process, and have vivid memories of the hurdles I overcame as a newbie.

Sunday, August 15, 2021

Refuting arguments no one cares about: Exploiting the "help" in the pandemic vs the wildfires

I don't think anyone actually wanted to learn about this, but it's stayed on my mind for being "an argument that's wrong and I can prove".

Background:

A while ago I made fun of a Facebook friend (call her D) for her "let them eat cake" cluelessness. This was during the 2018 (?) California wildfires when she made a big post saying how thankful she was that, in miserable air conditions, she could "still get her groceries" through delivery services. That prompted me (and, among others, another FB friend, "E") to drop our jaws and say, "Um, you don't care that you're just offloading all that suffering to poor workers that can't afford to just stay home, and will be breathing the lung-destroying air in your stead?"

(And, to be sure, there's the argument that someone total utility is increasing by virtue of how said workers still have the option to expose themselves to risks for money, and the counterargument about "well why have OSHA that workers can't opt out of ..." which is its own topic but didn't really appeal to me or E at the time.)

So far, so good.

But later, during the pandemic, it came out that E, for similar reasons, didn't feel comfortable just getting delivery so she could stay home when we were being asked/mandated to.

Those ... situations don't seem analogous at all to me, and I don't think someone should feel bad for ordering delivery during a pandemic like in an air quality emergency like wildfires. Here's why:

A) In a wildfire, you are shifting all of the hazard of the smoke onto the people who bring your deliviers.

B) But in a pandemic, moving to delivery reduces the hazard for everyone, including the delivery people.

In Kantian terms: If "everyone did it", then everyone would still benefit in case B). But in A), all the avoidance by the rich "D" personas would be matched by losses to those who still have to deliver.

To elaborate on B: the way a delivery service works, every worker involved has less Covid-spreading contact than than if everyone were shopping at a grocery store. The warehouses that set up the goods for delivery can, for their part, refactor and apply inexpensive countermeasures to reduce those worker's exposure. Furthermore, with everyone moving to delivery, you get economies of scale, allowing everyone to afford the delivery service.

So, to me, it didn't didn't seem like you were doing anyone a favor out of solidarity to keep getting your grocerys through in-person shopping.