Jump to ratings and reviews
Rate this book

Obfuscation: A User's Guide for Privacy and Protest

Rate this book
With Obfuscation, Finn Brunton and Helen Nissenbaum mean to start a revolution. They are calling us not to the barricades but to our computers, offering us ways to fight today’s pervasive digital surveillance—the collection of our data by governments, corporations, advertisers, and hackers. To the toolkit of privacy protecting techniques and projects, they propose adding obfuscation: the deliberate use of ambiguous, confusing, or misleading information to interfere with surveillance and data collection projects. Brunton and Nissenbaum provide tools and a rationale for evasion, noncompliance, refusal, even sabotage—especially for average users, those of us not in a position to opt out or exert control over data about ourselves. Obfuscation will teach users to push back, software developers to keep their user data safe, and policy makers to gather data without misusing it.

Brunton and Nissenbaum present a guide to the forms and formats that obfuscation has taken and explain how to craft its implementation to suit the goal and the adversary. They describe a series of historical and contemporary examples, including radar chaff deployed by World War II pilots, Twitter bots that hobbled the social media strategy of popular protest movements, and software that can camouflage users’ search queries and stymie online advertising. They go on to consider obfuscation in more general terms, discussing why obfuscation is necessary, whether it is justified, how it works, and how it can be integrated with other privacy practices and technologies.

144 pages, Hardcover

First published September 4, 2015

Loading interface...
Loading interface...

About the author

Finn Brunton

8 books13 followers
Finn Brunton is assistant professor in the Department of Media, Culture, and Communication at New York University. He is the author of Spam: A Shadow History of the Internet and the coauthor of Communication and Obfuscation: A User’s Guide for Privacy and Protest. He has written for the Guardian, Artforum, and Radical Philosophy, among many other publications.

Ratings & Reviews

What do you think?
Rate this book

Friends & Following

Create a free account to discover what your friends think of this book!

Community Reviews

5 stars
49 (15%)
4 stars
123 (39%)
3 stars
110 (35%)
2 stars
27 (8%)
1 star
4 (1%)
Displaying 1 - 30 of 40 reviews
Profile Image for BCS.
218 reviews29 followers
January 26, 2016
Obfuscation is the deliberate addition of ambiguous, confusing, or misleading information to interfere with surveillance and data collection.

The underlying driver for considering the deployment of obfuscation techniques is due to asymmetrical relationships, characterized by an imbalance in power in a relationship, especially one in which a weaker force seeks to redress the balance in the relationship with the adversary.

Now you know this, you can start reading...

This short but powerful little book of 100 pages is presented in two sections. It begins with a ‘two-chapter’ section on the vocabulary of obfuscation, and cites many interesting cases of the application of obfuscation techniques such as using chaff to defeat military radar, or filling a channel with noise using twitter bots, through to using excessive documentation to make analysis inefficient.

The second chapter provides many thought provoking and varied examples, including, for example, using software add-ons to click all the advertisements on a web page or swapping loyalty cards to interfere with the analysis of shopping patterns.

The second section helps us to understand obfuscation, consider why it is necessary, if indeed it is justified, and whether it will work. In considering whether obfuscation will work, you need to define your project, and if you want to use obfuscation techniques, you will need to decide which of the six goals below are appropriate:

to buy some time
to provide cover
for deniability
to prevent individual exposure
to interfere with profiling
to express protest
Other questions to consider in your project definition are: is it to be carried out by an individual or does it require collective action; does it matter if your adversary knows or not; is it designed to be directed at a specific adversary (selective) or at a anyone who might be gathering and making use of data about you (general); and finally will it be over a short-term or long-term time-span?

The sheer volume of research that has been required to produce this editorial is well evidenced in the chapter notes towards the end of the book, supplemented by a further bibliography. As you would expect the text is extremely well indexed.

In summary, an enjoyable read, probably best read in two sessions - one section per session.

Review by George Williams MBCS CITP
Originally posted http://www.bcs.org/content/conWebDoc/...
Profile Image for Jay French.
2,041 reviews74 followers
July 20, 2017
Not so much a how-to book, this is more of a why-to, with some examples included that provide some ideas of what-to-do. Many of the examples are from the non-IT world, like radar chaff and the use of common masks or uniforms to temporarily confuse the police in the immediate aftermath of a robbery. But there are also examples of internet-era technology obfuscation, including Twitter-bots hijacking hashtag terms, and services that robotically send out streams of unnecessary searches in order to hide the handful of critical searches in the volume. There is certainly plenty to think about, and the authors do a good job of covering the pros and cons of obfuscation, including ethical considerations. This is one of those books that, although relatively short, will have a continued impact on how I think about obfuscation as a tool for the weak against the powerful, and it points up some additional risks of relying on data for optimization algorithms when that data could have been sabotaged.

In one section, the authors described obfuscation involving colluding people in a group that all claimed a single identity or claimed to be the cause of some action. Ah, I’m thinking, I know of this. Then the authors use as an example a scene from the movie “Spartacus,” where the slaves are asked which one is Spartacus, and all slaves claim to be Spartacus, a group act which saved Spartacus’ life. I found it funny that I was thinking of a movie as well, but it was “Seven Brides for Seven Brothers” to illustrate the same thing the same way. I’m not sure what to make of this, but it strikes me as funny.
Profile Image for Roxann.
174 reviews1 follower
July 4, 2020
The subtitle of this book is misleading; it's not a user's guide at all, but more of an introduction to and moral defense of obfuscation practices.
Profile Image for Alex.
531 reviews30 followers
January 10, 2016
Fairly scattershot and overwrought. The chapter on ethics (unfortunately the longest) felt very out of place and was not greatly informative, contributing to the book as a whole feeling more like an academic essay rather than a "guide" to anything. The most interesting thing I got out of it was some insight into generalized "classes" of obfuscation or contamination that might be present in a dataset that one is analyzing, allowing one to compensate for them the analysis, though this idea wasn't explicated in the text. A fairly quick read, but I think I could have done without nevertheless.
Profile Image for arjn.
62 reviews12 followers
April 16, 2019
This was disappointing.

This book has two parts. The first part (chapter 1 and 2) is an introduction to obfuscation and has lots of examples. It's a great introduction, a mind-expanding survey of the design space for obfuscation techniques. Unfortunately, that's where the practical bit ends. With part two, the book devolves into armchair-theorising about the ethics and ontology of obfuscation.

Chapter 3 says some interesting things about information asymmetries. The authors quote Anthony Gidden's idea of manufactured risk to state that surveillance doesn't just reduce risk, it also exports it. For example, data collection by credit agencies may protect us from one class of risks (insurance at lower premiums), but create another class of risks (hacking of collected data, sharing without consent, so on). Further, data collection usually reduces risk for the many at the expense of increased risk for the few (and this increased risk is distributed differently along different socio-economic axes, mostly affecting the already marginalised). The authors also mention James C Scott's book Weapons of the Weak on peasant resistance against asymmetric power relations and promises that this book continues in the same vein to show how obfuscation can be a tool of protest against information-asymmetric relationships of power (it hardly does, and I really wish it did).

The main takeaways of chapter 4 were ethical guiding principles for applying obfuscation; they make the utilitarian argument ("blocking a data flow is unethical only when the data flow is ethically required"), the contextual integrity argument ("inappropriate flow of information/ legitimate use of obfuscation is normative") and the individualist argument ("how much privacy should the individual have to sacrifice for the common good?"). Nothing novel or ground-breaking.

Chapter 5 has six similar-sounding goals obfuscation achieves and four obvious questions to ask yourself if you're designing an obfuscation system. There are some practical titbits here and there in this book and but it largely fails to deliver on the promise of being a "user's guide". It's more of a "philosopher's guide" than anything else.
Profile Image for Deane Barker.
Author 6 books34 followers
November 9, 2015
This book can only really be described as a manifesto. I don't know what I was expecting really.

It starts by identifying and offering a broad survey of obfuscation methods. And while clearly focused on technology, it discussed other, offline obfuscation: chaff deployed from fighter planes, something the orb-weaving spider does, and even the museum climax scene in "The Thomas Crown Affair." This, I found interesting.

But then the book took a left turn into...philosophy. It spends an inordinate amount of time talking about the philosophy of privacy and offered ethical justification to employ obfuscation. All I could think of throughout this entire section was, "No. One. Cares."

And then the book ends. If you're looking for a practical book, or even an interesting book, perhaps look elsewhere. If you want to deeply ponder the ethics of privacy, well, here you go.
Profile Image for ­.
120 reviews8 followers
May 27, 2018
The book a collection of starting points for understanding and making use of obfuscation.
It is split into two parts - an analysis of the possible applications of obfuscation and obfuscation as a strategy for privacy protection; the ethical issues obfuscation raises and salient questions to ask of any obfuscation project. The authors took care to emphasize that in addition to privacy, it is not a replacement for one or all of the tools which we already rely on.
There is no simple solution to the problem of privacy, because privacy itself is a solution to societal challenges that are in constant movement.
Profile Image for Greg Stoll.
307 reviews10 followers
June 2, 2016
Decent, but more of a textbook than I was hoping for. The most interesting part was the first section where it talked about a lot of examples of obfuscation. TrackMeNot is a Firefox/Chrome extension that does random search queries in the background.
Profile Image for Terry.
104 reviews3 followers
December 22, 2018
Decent, but the font was annoying to read and the thread of thought seemed cluttered and the narrative hard to keep cogent at times. Still, I'm glad I read this.
Profile Image for Wilte.
876 reviews15 followers
April 26, 2021
Nice little book with practical applications to ensure privacy for individuals; “getting your obfuscation work out into the world, where it can begin doing good by making noise.”


Obfuscation is the deliberate addition of ambiguous, confusing, or misleading information to interfere with surveillance and data collection.

Obfuscation has a role to play, not as a replacement for governance, business conduct, or technological interventions, or as a one-size-fits-all solution (again, it's a deliberately small, distributed revolution), but as a tool that fits into the larger network of privacy practices. In particular, it's a tool particularly well suited to the category of people without access to other modes of recourse, whether at a particular moment or in general-people who, as it happens, may be unable to deploy optimally configured privacy-protection tools because they are on the weak side of a particular information-power relationship.

Obfuscation, at its most abstract, is the production of noise modeled on an existing signal in order to make a collection of data more ambiguous, confusing, harder to exploit, more difficult to act on, and therefore less valuable.

This is not an argument against other systems and practices; it is merely an acknowledgment that there are circumstances in which obfuscation may provide an appropriate alternative or could be added to an existing technology or approach.

obfuscation is, in part, a troublemaking strategy. Although privacy is served by the constraints of law and regulation, disclosure limits imposed by organizational best practices, protective technological affordances provided by conscientious developers, and the exercise of abstinence or opting out, the areas of vulnerability remain vast. Obfuscation promises an additional layer of cover for these. Obfuscation obscures by making noise and muddying the waters; it can be used for data disobedience under difficult circumstances and as a digital weapon for the informationally weak.

Individuals have good reason to question whether their privacy interests in appropriate gathering and use of information will be secured any time soon by conventional means.

When entering the realms of the political, obfuscation must be tested against the demands of justice. But if obfuscators are so tested, so must we test the data collectors, the information services, the trackers, and the profilers. We have found that breathless rhetoric surrounding the promise and practice of data does not say enough about justice and the problem of risk shifting. Incumbents have embedded few protections and mitigations into the edifices of data they are constructing. Against this backdrop, obfuscation offers a means of striving for balance defensible when it functions to resist domination of the weaker by the stronger. A just society leaves this escape hatch open.

getting your obfuscation work out into the world, where it can begin doing good by making noise.

1.1 Chaff: defeating military radar 8
1.2 Twitter bots: filling a channel with noise 9
1.3 CacheCloak: location services without location tracking 12
1.4 TrackMeNot: blending genuine and artificial search queries 13
1.5 Uploads to leak sites: burying significant files 14
1.6 False tells: making patterns to trick a trained observer 15
1.7 Group identity: many people under one name 15
1.8 Identical confederates and objects: many people in one outfit 16
1.9 Excessive documentation: making analysis inefficient 17
1.10 Shuffling SIM cards: rendering mobile targeting uncertain 18
1.11 Tor relays: requests on behalf of others that conceal personal
1.12 Babble tapes: hiding speech in speech 21
1.13 Operation Vula: obfuscation in the struggle against Apartheid 21

2 Other Examples 25

2.1 Orb-weaving spiders: obfuscating animals 25
2.2 False orders: using obfuscation to attack rival businesses 25
2.3 French decoy radar emplacements: defeating radar detectors 2
2.4 AdNauseam: clicking all the ads 26
2.5 Quote stuffing: confusing algorithmic trading strategies 27
2.6 Swapping loyalty cards to interfere with analysis of shoppingpatterns 28
2.7 BitTorrent Hydra: using fake requests to deter collection of addresses 29
2.8 Deliberately vague language: obfuscating agency 30
2.9 Obfuscation of anonymous text: stopping stylometric analysis 31
2.10 Code obfuscation: baffling humans but not machines 33
2.11 Personal disinformation: strategies for individual disappearance 35
2.12 Apple's "cloning service" patent: polluting electronic profiling 36
2.13 Vortex: cookie obfuscation as game and marketplace 37
2.14 "Bayesian flooding" and "unselling" the value of online identity 38
2.15 FaceCloak: concealing the work of concealment 39
2.16 Obfuscated likefarming: concealing indications of manipulation 40
2.17 URME surveillance: "identity prosthetics" expressing protest 40 2.18 Manufacturing conflicting evidence: confounding investigation 41
Profile Image for Benjamin.
350 reviews1 follower
May 1, 2023
This is an important, if not terribly engaging, and thoughtful discussion of privacy presented in simple, compelling language.

I especially like the opening of Section 3.1 (titled "Obfuscation in Brief") with it's nuanced discussion of privacy and the closing of Section 3.2 (titled "Understanding Information Asymmetry: Knowledge and Power") with its argument that large organizations' data acquisition amounts to externalizing risk (the large organization can operate more efficiently or with more security, while the individual pays the price of breaches or abuses).

Almost half of the book is devoted to a dizzying array of examples of obfuscation. The point is to set the stage by showcasing the varied utility of obfuscation, whether executed by actors moral or not, technical or not, and even conscious or not. It's an impressive list.

my favorite quote: "The goal was not to construct an airtight lie, but rather to multiply the possible hypotheses so prolifically that observers would despair of ever arriving at the truth."
Profile Image for Tamim Hamoudi.
2 reviews
September 7, 2022
This is a good book for beginners who are interested in the topic of Obfuscation.

What I like about this book is that it's an easy read, and doesn't require a lot of technical knowledge to understand what its talking about. However, it kinda lost me during chapter 4, it kept talking about the topic of justifying Obfuscation over and over, like a rambling man trying to convince you with his ideologies. That doesn't mean the entirety of the book was like this. At its early chapters it had a nice way of presenting ideas in a fluid way that came full circle as you progress through the book, that is until you reach chapter 4. Chapter 4 felt like it was rushed and trying to compress a lot of information all at once.

I like to think that online privacy was always a topic of passion for me. I found myself intrigued and even smiling at a lot of points in this book.

I wonder how this book would have changed what I know about online privacy if I came across it in my younger years.
6 reviews
September 22, 2020
I didn’t really know what to expect when I saw this book, I had been meaning to learn more about privacy techniques and modern surveillance. What I got was a weirdly deep dive into this small albeit interesting slice of the conversation on privacy. Pretty interesting examples of obfuscations use, from radar chaff to the Craigslist robber, but I think a subtitle like “a users guide for privacy and protest” is a little misleading - I’m left with knowledge about obfuscation, but not much about the privacy space. It seems like there wasn’t a ton to say about obfuscation - the same points were reiterated many times, and the language is unnecessarily verbose, to the point it clouds meaning.

Tl;dr it has piqued my interest ability security, but it’s pretty low ROI in terms of knowledge and understanding
Profile Image for Cybercrone.
1,756 reviews14 followers
July 24, 2017
This book is so NOT what the title proclaims it to be.

There is no user's guide here, just yadda-yadda that comes off like a prosecutor's opening speech (what we intend to prove here . . .) or a school paper of the BBB variety.

There is virtually nothing useful to the "user", in the sense of how-to, or even much concrete in the why-to or what-to.

I really wanted a how-to, since privacy has become so difficult to maintain, even minimally, unless you can go off-grid. And with some advocates claiming that with the use of a British company, the political parties can gather enough data to craft personalised approaches to individuals for their campaigning, it's getting downright scary.

But this book was no help.
Profile Image for Sloan.
48 reviews15 followers
April 14, 2021
A nice short intro for obfuscation. Not a practical manual for those interested in practicing obfuscation, but may be a good gateway for further research.

The most interesting part for me was the ethical and political arguments. Of course a book of this length cannot go in depth with those issues and takes a rather broad and shallow approach. However, it is probably enough to inspire one to dive into deeper material.
Profile Image for Sandy Maguire.
Author 2 books156 followers
December 19, 2022
This is a really inspiring book, describing the everyday problem of power asymmetry between the people vs big organizations (governments/corporations/what have you.) Opting out of this relationship is untenable, and so what are we to do? The book's answer: obfuscation. Obfuscation is the "weapon of the weak," allowing us to resist without needing to revolt. Short and sweet, and well worth the price of admission.
260 reviews
July 27, 2019
Very short book on Obfuscation. First part was informative to me, being new to this as it covered different techniques used in the past including WW1 and mentioned possible software that you could use currently. However, most of the book dealt with the types of obfuscation and the moral issues of obfuscation which I was less interested in.
754 reviews3 followers
September 2, 2021
Good overview of obfuscation techniques with interesting examples from the physical and digital worlds. Aspects of this will likely only get more important - if nothing else a solid list of self defense techniques and tools to try to maintain some amount of privacy in these digital virtual times.
January 8, 2018
Required Reading

I found this to be an excellent dive into the world of privacy. I paused for reflection numerous times in this book to evaluate the world around me.
7 reviews
January 29, 2018
Part I is interesting enough, but less than 40 pages.

Don't waste your time with Part II. It's a repetitive lot of navel gazing reminiscent of a term paper.
Profile Image for Paul.
1,066 reviews23 followers
July 18, 2018
Title obfuscates the contents. Not a guide. Should be titled: the politics and ethics of obfuscation. Interesting arguments but completely irrelevant to absolutely everyone except academics.
Profile Image for Wendelle.
1,518 reviews24 followers
March 6, 2020
Basically a rundown of the different types of obfuscation, which refers to the strategy of mixing noise to signals to slow down or inhibit detection or catch-up by observers, enemies or competitors.
Profile Image for Thomas Jacques.
18 reviews1 follower
July 28, 2020
This is a fantastic book. I highly recommend you stop whatever you are reading now and pick this one up instead
Profile Image for Evan.
195 reviews24 followers
September 28, 2016
Like Kinney's "Hood," "Obfuscation" pairs a fantastic archive with disappointing analysis. The book starts, somewhat unconventionally, by front loading a great and extensive collection of case studies, largely, but not exclusively, drawn from the world of online big data. A certain orb-weaving spider as well as a fascinating initiative involving biometric-fooling face masks also make appearances. But it's mostly about online obfuscation.

So by the time we get to Part 2, the theoretical framework, we have a great set of data begging for analysis. So far, so good.

Unfortunately, here's where the book falls flat. A long, but surprisingly under-theorized section on the politics of obfuscation is preceded by an equally long, but even more worthless section on ethics. Seriously, STEM folk, please take a little more care to actually learn something about the philosophical traditions of ethics before purporting to apply them. A passing genuflect to Kant really doesn't cut it.

After that, the book fizzles out with a mostly redundant taxonomy of the different goals obfuscation projects might have. The space would have been much better spent trying to reach a clearer description, taxonomy and perhaps theory (hey, a boy can dream) of the techniques themselves.

Another book on surveillance culture that's more valuable for the inspiration than the actual execution.
48 reviews
February 15, 2016
I really wanted to love this book, but I didn't.

1 - The beginning pages are a great compendium of different types of obfuscation and how it could relate to protecting privacy. I enjoyed that part.

2 - It's also apparent that the authors really know their stuff and have dedicated a considerable amount of time and energy into doing the research on obfuscation and then relating that to privacy.

1 - The title is "Obfuscation: A User's Guide for Privacy and Protest", but it's not a friendly User's Guide so much as academic discourse on obfuscation and privacy.

2 - Most of Part II is written like an academic paper and is not a compelling read. Here's an example, "We beg our readers' forbearance as we sample from a vast disciplinary tradition for insights that will help us address the standoff we have identified between target and obfuscator in all its particularities."


3 - The font. It's small, heavy, and a sans-serif, which doesn't visually flow well.

Overall, I really like the idea behind the book, but the execution doesn't really live up to the title.
February 5, 2017
The first chapter are extremely informative and the different sections are very up to date (January 2017). I skipped over the last part around ethics and political motive since it's really not what we want to read from the authors who otherwise managed to focus on a simple read. Most tactics are obvious but some were completely new to me, or the usage examples were. 5* rating because I strongly recommend it, and if we all know about it, obfuscation will work better for the few people who really need it the most: post to Facebook.
546 reviews
November 10, 2015
A slim volume on a topic that needs greater attention and discussion. I found Chapter 1 and Chapter 2 on examples of obfuscation to be the most valuable and interesting.

The book doesn't acknowledge the possible value to citizens and consumers of providing truthful information. If we want governments and companies to take our views and needs into account, we need to provide truthful information - although that doesn't mean everything we do online should be available to the government.

I will think more carefully about the information I provide online - who needs to know what and to what level of accuracy?
Displaying 1 - 30 of 40 reviews

Can't find what you're looking for?

Get help and learn more about the design.