Getting a handle on privacy and security

by https://speakerdeck.com/mixedpuppy

Embed

Start on current slide

Slide 1

Slide 1 text

Thursday, 28 June, 12

Slide 2

Slide 2 text

Getting a handle on Privacy and Security Thursday, 28 June, 12

Slide 3

Slide 3 text

How well do you understand Privacy and Security? "Knowledge is power, if you know it about the right person." - Erastus Flavel Beadle Thursday, 28 June, 12

Slide 4

Slide 4 text

Proﬁle of a User •Blogs (a little) •Avid Facebook user •Sells workshops online •Using computers as long as some of you have been alive •Lives with a relatively knowledgable tech nerd •Loves her Mac Air and iPhone •possibly more than me Thursday, 28 June, 12

Slide 5

Slide 5 text

Proﬁle of a User •Cookies? Mmmm •What’s tracking? •HTTPS? That’s what I have you for •Privacy Policies? Aren’t they all the same? •I keep my passwords in my address book, is that bad? •Is this something I’m supposed to know? Thursday, 28 June, 12

Slide 6

Slide 6 text

How much should people be expected to know? "I am not ashamed to confess that I am ignorant of what I do not know." - Marcus Tullius Cicero Thursday, 28 June, 12

Slide 7

Slide 7 text

How do you communicate Privacy? Thursday, 28 June, 12

Slide 8

Slide 8 text

We can do more to help people make decisions that are right for them "The more you know, the less you understand." - Tao Le Ching Thursday, 28 June, 12

Slide 9

Slide 9 text

So what have we done? Thursday, 28 June, 12

Slide 10

Slide 10 text

DNT: Do Not Track •user opt-out of 3rd party tracking •industry opt-in notiﬁcation •alone, does not solve tracking •does not help users otherwise identify and stop tracking source: freefoto.com Thursday, 28 June, 12

Slide 11

Slide 11 text

DNT: Do Not Track •W3C technical bits deﬁned •Process issues •what is tracking? •what happens when you see header? source: freefoto.com Thursday, 28 June, 12

Slide 12

Slide 12 text

Collusion •Mozilla and Ford Foundation working together •educate users about tracking •experimental addon •real-time tracking information •helps users identify tracking •will help users opt-in to tracking •my opinion, UI is still too techy Thursday, 28 June, 12

Slide 13

Slide 13 text

demo Thursday, 28 June, 12

Slide 14

Slide 14 text

Personas aka BrowserID •secure veriﬁed authentication without passwords •use it, it’s awesome •forward looking solution for identity management •does not solve existing password management •demo later Thursday, 28 June, 12

Slide 15

Slide 15 text

Watchdog •experimental work •examine your passwords •duplicates, age, similarity, strength •show you problem areas •help you choose good passwords •not yet built for normal users •demo Thursday, 28 June, 12

Slide 16

Slide 16 text

demo Thursday, 28 June, 12

Slide 17

Slide 17 text

Web Activities •Lots of ways to cook an egg •User Agent mediates •Inherently private •Users have control •Services have control Thursday, 28 June, 12

Slide 18

Slide 18 text

demo Thursday, 28 June, 12

Slide 19

Slide 19 text

SocialAPI •Integrate Social content in browser •User Agent mediates •Inherently private •Possibly promiscuous •Users have control •Services have control Thursday, 28 June, 12

Slide 20

Slide 20 text

demo Thursday, 28 June, 12

Slide 21

Slide 21 text

Lots of problems to solve, Here’s one unrealistic crazy idea... Thursday, 28 June, 12

Slide 22

Slide 22 text

Privacy Icons? Thursday, 28 June, 12

Slide 23

Slide 23 text

Why not this? Thursday, 28 June, 12

Slide 24

Slide 24 text

Privacy Dating Game •in-browser privacy behavioural questionnaire, similar to match.com •creates user privacy profile •matches that profile to preferences •Simple UI indicators based on MY profile A single icon that reflects my privacy preferences Thursday, 28 June, 12

Slide 25

Slide 25 text

Crazy Ideas Welcome Thursday, 28 June, 12

Slide 26

Slide 26 text

Other ideas and problems •Cookie management •Password management •W3C Privacy Dashboard •authorized addon •cookie jars •etc. etc. https://wiki.mozilla.org/Privacy Get Involved, many items on the privacy roadmaps need help. Thursday, 28 June, 12

Slide 27

Slide 27 text

Users should expect their User Agent to be a User Agent. Thursday, 28 June, 12

Slide 28

Slide 28 text

"Never fail to know that if you are doing all the talking, you are boring somebody." - Helen Gurley Brown Questions and Comments Welcome Thursday, 28 June, 12

Slide 29

Slide 29 text

https://wiki.mozilla.org/Privacy http://blog.mozilla.com/privacy/ http://mozillalabs.com/ irc: #labs #privacy #identity Shane Caraveo Mozilla Lab Rat, Privacy Friend, Instigator Vancouver, Canada [email protected] "I don't even know what street Canada is on." - Al Capone Thursday, 28 June, 12