Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Consensual Software O'Reilly Security Conference

15d8946b2d4141db558701c2327ceb25?s=47 Danielle Leong
October 31, 2017
Programming
0
48

Consensual Software O'Reilly Security Conference

15d8946b2d4141db558701c2327ceb25?s=128

Danielle Leong

October 31, 2017
Tweet

More Decks by Danielle Leong

See All by Danielle Leong
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
0
62
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
22
8.2k
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
0
67
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
0
31
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
0
120
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
1
180
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
2
140

Other Decks in Programming

See All in Programming
Cc8ec9594b83b5dc3c7eef345c05dc8d?s=48 shiz
1
100
428a9c6e5b151e618d4db288105bc5f3?s=48 rarous
0
170
Dcbf2269af2483cabf43128ad1718c11?s=48 grapecity_dev
0
190
Dc52871050369929247b69f3767e8737?s=48 pirosikick
4
950
7c9b8b368924556d8642bdaed3ded1f5?s=48 danilop
0
230
3009eedce0d0f7ae45987a7bd8f57b85?s=48 nkjzm
1
200
3aae47c11fab74b1db6ec80cd6f49058?s=48 takahi5
3
120
Dcbf2269af2483cabf43128ad1718c11?s=48 grapecity_dev
0
180
0b8ad408b31cb9d5cff2828086c65d58?s=48 temoki
2
220
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
160
1d5ca7d8f17f15de4272e1ec7ef7abac?s=48 watilde
5
1.4k
6c3e7ef20801b4b967dc1643f63d6233?s=48 ianaya89
2
220

Featured

See All Featured
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
18
1.2k
E195ae45320d9202eaa01c9f1d31a416?s=48 marktimemedia
7
400
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
652
110k
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
9
590
D47656e20ff5e42f125fc5ea0fd636c6?s=48 tmm1
61
9.4k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
446
36k
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
20
710
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
230
18k
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
6
720
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
10
1.6k
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
219
15k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
272
16k

Transcript

  1. Consensual Software Danielle Leong Application Engineer GitHub

  2. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 2 @tsunamino

  3. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 3 @tsunamino

  4. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 4 @tsunamino

  5. None

  6. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 6 @tsunamino

  7. None

  8. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 8 @tsunamino

  9. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 9 @tsunamino

  10. None

  11. Danielle Leong @tsunamino @consentsoftware

  12. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 12 @tsunamino

    GitHub

  13. Title Text @tsunamino

  14. Build systems that empower inclusive and healthy communities and encourage

    good online citizenship. Discourage behavior that is destructive or threatens personal safety. @tsunamino

  15. Security protects the company from bad actors. We protect people

    from other people. http://www.pewresearch.org/fact-tank/2015/11/10/key-takeaways-mobile-apps/

  16. •Not using full names on social media sites •Not using

    real photos for avatars •Turning off location tracking data •Regularly Googling name, address, & phone numbers •Using a burner phone number service & PO boxes •Turning off direct messages •Not live posting on social media during vacation Keeping your info private is hard

  17. 60% of Americans will not download an app if they

    discover how much personal information the app requires Pew Research Center

  18. 90% of smartphone owners say having clear information about how

    their data will be used is “very” or “somewhat” important when choosing to download an app Pew Research Center

  19. Software isn’t built with privacy or safety in mind @tsunamino

  20. What if software respected personal boundaries @tsunamino

  21. What if software asked for your consent? @tsunamino

  22. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 22 https://www.youtube.com/watch?v=oQbei5JGiT8&t=1s

  23. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 23

  24. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 24

  25. None

  26. Consensual software needs to go beyond GDRP and ePrivacy Regulations

    @tsunamino

  27. Consensual software is a design pattern that asks for the

    user’s consent to interact with them or their data @tsunamino

  28. Consent to interact with the person @tsunamino

  29. How can this feature be used to hurt someone? @tsunamino

  30. None

  31. Principle of least privilege but for people’s information @tsunamino

  32. None

  33. Features should be opt-in, not opt-out @tsunamino

  34. None
  35. None

  36. Consent to use a person’s data @tsunamino

  37. Determine what information is private @tsunamino

  38. Private Public •Full names (current or former) •Birthday •Government IDs

    •Phone numbers •Addresses •Passwords •Biometrics •IPs •Credit card/bank info •Geographic locations •Intimate photos •Info the user has consented to be public •Likes •Avatars •Handles or usernames Semi-Private •Email addresses •City of residence •Race •Gender •Sexual orientation

  39. What kind of information are you sharing by default? @tsunamino

  40. None
  41. None
  42. None
  43. None

  44. Audit your site @tsunamino

  45. New user flows @tsunamino

  46. ❌ Bad

  47. ✅ Good

  48. ❌ Bad

  49. What does your privacy settings page look like? @tsunamino

  50. LinkedIn Privacy settings are

  51. Need to go beyond having a bunch of toggles. It

    must be incorporated into every aspect of the product @tsunamino
  52. None

  53. Have a clear privacy policy that defines consent @tsunamino

  54. None
  55. None

  56. @tsunamino Consensual software is a design pattern that asks for

    the user’s consent to interact with them or their data

  57. Things to do • Ask how a feature can be

    used to hurt someone • Audit your site, especially new user flows • Streamline your privacy settings pages • Have a clear privacy policy that defines consent @tsunamino

  58. Don’t wait until something catastrophic happens @tsunamino

  59. Ways to find me on the internet • @tsunamino •

    @consentsoftware • consensualsoftware.com

  60. Thanks!