Consensual Software O'Reilly Security Conference

Consensual Software O'Reilly Security Conference

15d8946b2d4141db558701c2327ceb25?s=128

Danielle Leong

October 31, 2017
Tweet

Transcript

  1. 5.
  2. 7.
  3. 10.
  4. 14.

    Build systems that empower inclusive and healthy communities and encourage

    good online citizenship. Discourage behavior that is destructive or threatens personal safety. @tsunamino
  5. 15.

    Security protects the company from bad actors. We protect people

    from other people. http://www.pewresearch.org/fact-tank/2015/11/10/key-takeaways-mobile-apps/
  6. 16.

    •Not using full names on social media sites •Not using

    real photos for avatars •Turning off location tracking data •Regularly Googling name, address, & phone numbers •Using a burner phone number service & PO boxes •Turning off direct messages •Not live posting on social media during vacation Keeping your info private is hard
  7. 17.

    60% of Americans will not download an app if they

    discover how much personal information the app requires Pew Research Center
  8. 18.

    90% of smartphone owners say having clear information about how

    their data will be used is “very” or “somewhat” important when choosing to download an app Pew Research Center
  9. 25.
  10. 27.

    Consensual software is a design pattern that asks for the

    user’s consent to interact with them or their data @tsunamino
  11. 30.
  12. 32.
  13. 34.
  14. 35.
  15. 38.

    Private Public •Full names (current or former) •Birthday •Government IDs

    •Phone numbers •Addresses •Passwords •Biometrics •IPs •Credit card/bank info •Geographic locations •Intimate photos •Info the user has consented to be public •Likes •Avatars •Handles or usernames Semi-Private •Email addresses •City of residence •Race •Gender •Sexual orientation
  16. 40.
  17. 41.
  18. 42.
  19. 43.
  20. 46.
  21. 47.
  22. 48.
  23. 51.

    Need to go beyond having a bunch of toggles. It

    must be incorporated into every aspect of the product @tsunamino
  24. 52.
  25. 54.
  26. 55.
  27. 56.

    @tsunamino Consensual software is a design pattern that asks for

    the user’s consent to interact with them or their data
  28. 57.

    Things to do • Ask how a feature can be

    used to hurt someone • Audit your site, especially new user flows • Streamline your privacy settings pages • Have a clear privacy policy that defines consent @tsunamino
  29. 59.

    Ways to find me on the internet • @tsunamino •

    @consentsoftware • consensualsoftware.com
  30. 60.