Consensual Software O'Reilly Security Conference

Transcript

1. Consensual Software Danielle Leong Application Engineer GitHub

2. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 2 @tsunamino

3. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 3 @tsunamino

4. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 4 @tsunamino

5. None

6. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 6 @tsunamino

7. None

8. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 8 @tsunamino

9. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 9 @tsunamino

10. None

11. Danielle Leong @tsunamino @consentsoftware

12. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 12 @tsunamino

    GitHub

13. Title Text @tsunamino

14. Build systems that empower inclusive and healthy communities and encourage

    good online citizenship. Discourage behavior that is destructive or threatens personal safety. @tsunamino

15. Security protects the company from bad actors. We protect people

    from other people. http://www.pewresearch.org/fact-tank/2015/11/10/key-takeaways-mobile-apps/

16. •Not using full names on social media sites •Not using

    real photos for avatars •Turning off location tracking data •Regularly Googling name, address, & phone numbers •Using a burner phone number service & PO boxes •Turning off direct messages •Not live posting on social media during vacation Keeping your info private is hard

17. 60% of Americans will not download an app if they

    discover how much personal information the app requires Pew Research Center

18. 90% of smartphone owners say having clear information about how

    their data will be used is “very” or “somewhat” important when choosing to download an app Pew Research Center

19. Software isn’t built with privacy or safety in mind @tsunamino

20. What if software respected personal boundaries @tsunamino

21. What if software asked for your consent? @tsunamino

22. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 22 https://www.youtube.com/watch?v=oQbei5JGiT8&t=1s

23. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 23

24. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 24

25. None

26. Consensual software needs to go beyond GDRP and ePrivacy Regulations

    @tsunamino

27. Consensual software is a design pattern that asks for the

    user’s consent to interact with them or their data @tsunamino

28. Consent to interact with the person @tsunamino

29. How can this feature be used to hurt someone? @tsunamino

30. None

31. Principle of least privilege but for people’s information @tsunamino

32. None

33. Features should be opt-in, not opt-out @tsunamino

34. None
35. None

36. Consent to use a person’s data @tsunamino

37. Determine what information is private @tsunamino

38. Private Public •Full names (current or former) •Birthday •Government IDs

    •Phone numbers •Addresses •Passwords •Biometrics •IPs •Credit card/bank info •Geographic locations •Intimate photos •Info the user has consented to be public •Likes •Avatars •Handles or usernames Semi-Private •Email addresses •City of residence •Race •Gender •Sexual orientation

39. What kind of information are you sharing by default? @tsunamino

40. None
41. None
42. None
43. None

44. Audit your site @tsunamino

45. New user flows @tsunamino

46. ❌ Bad

47. ✅ Good

48. ❌ Bad

49. What does your privacy settings page look like? @tsunamino

50. LinkedIn Privacy settings are

51. Need to go beyond having a bunch of toggles. It

    must be incorporated into every aspect of the product @tsunamino
52. None

53. Have a clear privacy policy that defines consent @tsunamino

54. None
55. None

56. @tsunamino Consensual software is a design pattern that asks for

    the user’s consent to interact with them or their data

57. Things to do • Ask how a feature can be

    used to hurt someone • Audit your site, especially new user flows • Streamline your privacy settings pages • Have a clear privacy policy that defines consent @tsunamino

58. Don’t wait until something catastrophic happens @tsunamino

59. Ways to find me on the internet • @tsunamino •

    @consentsoftware • consensualsoftware.com

60. Thanks!