Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Consensual Software O'Reilly Security Conference

Avatar for Danielle Leong Danielle Leong
October 31, 2017
Programming
0
120

Consensual Software O'Reilly Security Conference

Avatar for Danielle Leong

Danielle Leong

October 31, 2017
Tweet

More Decks by Danielle Leong

See All by Danielle Leong
Consensual Software - QCon London 2017
Avatar for Danielle Leong dmleong
0
100
Geek Women Japan keynote
Avatar for Danielle Leong dmleong
21
9.8k
Mills College - Making online collaboration safer at GitHub
Avatar for Danielle Leong dmleong
0
130
Making Online Collaboration Safer at GitHub
Avatar for Danielle Leong dmleong
0
110
Women in Tech: How I got here and how to survive being in a male-dominated workforce
Avatar for Danielle Leong dmleong
0
260
Design 101 for Developers: 5 ways to make your site less ugly
Avatar for Danielle Leong dmleong
1
370
The Curious Incident of the Developer on the Design Team
Avatar for Danielle Leong dmleong
2
280

Other Decks in Programming

See All in Programming
オンコール⼊⾨〜ページャーが鳴る前に、あなたが備えられること〜 / Before The Pager Rings
Avatar for Yuuki Takahashi yktakaha4
2
1.1k
DMMを支える決済基盤の技術的負債にどう立ち向かうか / Addressing Technical Debt in Payment Infrastructure
Avatar for yoshiyoshifujii yoshiyoshifujii
4
590
バイブスあるコーディングで ~PHP~ 便利ツールをつくるプラクティス
Avatar for uzulla uzulla
1
260
「テストは愚直&&網羅的に書くほどよい」という誤解 / Test Smarter, Not Harder
Avatar for Munetoshi Ishikawa munetoshi
1
220
Hack Claude Code with Claude Code
Avatar for Akihiro Okuno choplin
8
2.8k
AI コーディングエージェントの時代へ:JetBrains が描く開発の未来
Avatar for Masaru Horioka masaruhr
1
210
構造化・自動化・ガードレール - Vibe Coding実践記 -
Avatar for ふくすけ tonegawa07
0
150
No Install CMS戦略 〜 5年先を見据えたフロントエンド開発を考える / no_install_cms
Avatar for Masahiko Sakakibara rdlabo
0
210
ISUCON研修おかわり会 講義スライド
Avatar for Yuki Yata arfes0e2b3c
1
480
ご注文の差分はこちらですか? 〜 AWS CDK のいろいろな差分検出と安全なデプロイ
Avatar for Kenji Kono konokenj
4
670
11年かかって やっとVibe Codingに 時代が追いつきましたね
Avatar for yimajo yimajo
0
150
プロダクトという一杯を作る - プロダクトチームが味の責任を持つまでの煮込み奮闘記
Avatar for 幡ヶ谷亭直吉 hiliteeternal
0
140

Featured

See All Featured
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
138
34k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
34
3.1k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
34
5.9k
Gamification - CAS2011
Avatar for David Bonilla davidbonilla
81
5.4k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
69
4.7k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
53
7.7k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
8
370
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
3.9k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
613
210k
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
43
7.6k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
337
57k

Transcript

  1. Consensual Software Danielle Leong Application Engineer GitHub

  2. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 2 @tsunamino

  3. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 3 @tsunamino

  4. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 4 @tsunamino

  5. None

  6. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 6 @tsunamino

  7. None

  8. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 8 @tsunamino

  9. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 9 @tsunamino

  10. None

  11. Danielle Leong @tsunamino @consentsoftware

  12. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 12 @tsunamino

    GitHub

  13. Title Text @tsunamino

  14. Build systems that empower inclusive and healthy communities and encourage

    good online citizenship. Discourage behavior that is destructive or threatens personal safety. @tsunamino

  15. Security protects the company from bad actors. We protect people

    from other people. http://www.pewresearch.org/fact-tank/2015/11/10/key-takeaways-mobile-apps/

  16. •Not using full names on social media sites •Not using

    real photos for avatars •Turning off location tracking data •Regularly Googling name, address, & phone numbers •Using a burner phone number service & PO boxes •Turning off direct messages •Not live posting on social media during vacation Keeping your info private is hard

  17. 60% of Americans will not download an app if they

    discover how much personal information the app requires Pew Research Center

  18. 90% of smartphone owners say having clear information about how

    their data will be used is “very” or “somewhat” important when choosing to download an app Pew Research Center

  19. Software isn’t built with privacy or safety in mind @tsunamino

  20. What if software respected personal boundaries @tsunamino

  21. What if software asked for your consent? @tsunamino

  22. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 22 https://www.youtube.com/watch?v=oQbei5JGiT8&t=1s

  23. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 23

  24. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 24

  25. None

  26. Consensual software needs to go beyond GDRP and ePrivacy Regulations

    @tsunamino

  27. Consensual software is a design pattern that asks for the

    user’s consent to interact with them or their data @tsunamino

  28. Consent to interact with the person @tsunamino

  29. How can this feature be used to hurt someone? @tsunamino

  30. None

  31. Principle of least privilege but for people’s information @tsunamino

  32. None

  33. Features should be opt-in, not opt-out @tsunamino

  34. None
  35. None

  36. Consent to use a person’s data @tsunamino

  37. Determine what information is private @tsunamino

  38. Private Public •Full names (current or former) •Birthday •Government IDs

    •Phone numbers •Addresses •Passwords •Biometrics •IPs •Credit card/bank info •Geographic locations •Intimate photos •Info the user has consented to be public •Likes •Avatars •Handles or usernames Semi-Private •Email addresses •City of residence •Race •Gender •Sexual orientation

  39. What kind of information are you sharing by default? @tsunamino

  40. None
  41. None
  42. None
  43. None

  44. Audit your site @tsunamino

  45. New user flows @tsunamino

  46. ❌ Bad

  47. ✅ Good

  48. ❌ Bad

  49. What does your privacy settings page look like? @tsunamino

  50. LinkedIn Privacy settings are

  51. Need to go beyond having a bunch of toggles. It

    must be incorporated into every aspect of the product @tsunamino
  52. None

  53. Have a clear privacy policy that defines consent @tsunamino

  54. None
  55. None

  56. @tsunamino Consensual software is a design pattern that asks for

    the user’s consent to interact with them or their data

  57. Things to do • Ask how a feature can be

    used to hurt someone • Audit your site, especially new user flows • Streamline your privacy settings pages • Have a clear privacy policy that defines consent @tsunamino

  58. Don’t wait until something catastrophic happens @tsunamino

  59. Ways to find me on the internet • @tsunamino •

    @consentsoftware • consensualsoftware.com

  60. Thanks!