Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Consensual Software O'Reilly Security Conference

15d8946b2d4141db558701c2327ceb25?s=47 Danielle Leong
October 31, 2017
Programming
0
51

Consensual Software O'Reilly Security Conference

15d8946b2d4141db558701c2327ceb25?s=128

Danielle Leong

October 31, 2017
Tweet

More Decks by Danielle Leong

See All by Danielle Leong
Consensual Software - QCon London 2017
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
0
65
Geek Women Japan keynote
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
21
8.8k
Mills College - Making online collaboration safer at GitHub
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
0
75
Making Online Collaboration Safer at GitHub
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
0
37
Women in Tech: How I got here and how to survive being in a male-dominated workforce
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
0
140
Design 101 for Developers: 5 ways to make your site less ugly
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
1
200
The Curious Incident of the Developer on the Design Team
15d8946b2d4141db558701c2327ceb25?s=48 dmleong
2
150

Other Decks in Programming

See All in Programming
RustのWebフレームワーク周りの概観
E42cffccdc14c60a449caac8de0ce0e0?s=48 hayao
0
180
Now in Android Overview
62384887995a0ce07ec4f86b89f5ec9e?s=48 aosa4054
1
410
Amazon SageMakerでImagenを動かして猫画像生成してみた
5426a03f740cd61fa5e0d4bfdb7a6cc8?s=48 hotoke_neko
0
120
Carp言語さわってみた 〜鯉を取り戻せ編〜
Ced5def68f1a6bcd0736018bc64b116d?s=48 tsin45
0
110
There's an API for that!
6b6e72d297aa0270654a0d4575f1287e?s=48 mariatta
PRO
0
110
夕食断食にTRY!/for-lt-12th
82492720940b57cec5072e190213ba3a?s=48 pachikuriii
0
240
Introduction to Property-Based Testing @ COSCUP 2022
Fd9f21969cd8a0cbf0b2f48a9af0cc28?s=48 cybai
1
150
SwiftUI+TCAに挑戦!NewsPicks iOSアプリのリアーキテクチャ/re-architecture-newspicks-ios-app-with-swiftui-and-tca
1da8b476058df860d83a12c496b74fff?s=48 takehilo
0
400
Rust on Lambda 大きめCSV生成
Bfcda4dca8fd6a07980ed8d5b21a572b?s=48 atsuyokota
1
400
Computer Vision Seminar 1/コンピュータビジョンセミナーvol.1 OpenCV活用
Bbf28bf908ac83e5b85b52a675641641?s=48 fixstars
0
170
設計の考え方とやり方
8f84b7d8869ef6005d89b378e8661f7c?s=48 masuda220
PRO
56
31k
WindowsコンテナDojo:第6回 Red Hat OpenShift入門
E5eb221d34d4ffbe973f8542b4c3a00e?s=48 oniak3ibm
PRO
0
180

Featured

See All Featured
GraphQLの誤解/rethinking-graphql
3cb4e761dbdb7aebd1ffd85f752e1e3e?s=48 sonatard
31
6.8k
Adopting Sorbet at Scale
2bb923c57a1fdc3a2eb484bb8d565fd2?s=48 ufuk
63
7.6k
Statistics for Hackers
56c4053438af8e8b90d6f53cbb7573be?s=48 jakevdp
782
210k
Clear Off the Table
Ef32e0b1ac5082450dc8c1fca3a26b5c?s=48 cherdarchuk
79
290k
The Straight Up "How To Draw Better" Workshop
Aff5641764408271f7bc398f2097edd0?s=48 denniskardys
225
130k
A designer walks into a library…
15f2b8221f247985a27a627d2ece72f0?s=48 pauljervisheath
196
16k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
107
16k
In The Pink: A Labor of Love
E837d2996f52008ace055a08fbfff992?s=48 frogandcode
131
21k
Documentation Writing (for coders)
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenintech
48
2.6k
Design by the Numbers
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
271
17k
How STYLIGHT went responsive
F716e5f737fcfb03f2cf8d1a184f1dbe?s=48 nonsquared
85
4k
The Art of Programming - Codeland 2020
719435d98d452de7ac367c828266cf01?s=48 erikaheidi
32
11k

Transcript

  1. Consensual Software Danielle Leong Application Engineer GitHub

  2. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 2 @tsunamino

  3. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 3 @tsunamino

  4. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 4 @tsunamino

  5. None

  6. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 6 @tsunamino

  7. None

  8. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 8 @tsunamino

  9. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 9 @tsunamino

  10. None

  11. Danielle Leong @tsunamino @consentsoftware

  12. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 12 @tsunamino

    GitHub

  13. Title Text @tsunamino

  14. Build systems that empower inclusive and healthy communities and encourage

    good online citizenship. Discourage behavior that is destructive or threatens personal safety. @tsunamino

  15. Security protects the company from bad actors. We protect people

    from other people. http://www.pewresearch.org/fact-tank/2015/11/10/key-takeaways-mobile-apps/

  16. •Not using full names on social media sites •Not using

    real photos for avatars •Turning off location tracking data •Regularly Googling name, address, & phone numbers •Using a burner phone number service & PO boxes •Turning off direct messages •Not live posting on social media during vacation Keeping your info private is hard

  17. 60% of Americans will not download an app if they

    discover how much personal information the app requires Pew Research Center

  18. 90% of smartphone owners say having clear information about how

    their data will be used is “very” or “somewhat” important when choosing to download an app Pew Research Center

  19. Software isn’t built with privacy or safety in mind @tsunamino

  20. What if software respected personal boundaries @tsunamino

  21. What if software asked for your consent? @tsunamino

  22. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 22 https://www.youtube.com/watch?v=oQbei5JGiT8&t=1s

  23. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 23

  24. Consensual Software: Prioritizing Trust & Safety ! @tsunamino 24

  25. None

  26. Consensual software needs to go beyond GDRP and ePrivacy Regulations

    @tsunamino

  27. Consensual software is a design pattern that asks for the

    user’s consent to interact with them or their data @tsunamino

  28. Consent to interact with the person @tsunamino

  29. How can this feature be used to hurt someone? @tsunamino

  30. None

  31. Principle of least privilege but for people’s information @tsunamino

  32. None

  33. Features should be opt-in, not opt-out @tsunamino

  34. None
  35. None

  36. Consent to use a person’s data @tsunamino

  37. Determine what information is private @tsunamino

  38. Private Public •Full names (current or former) •Birthday •Government IDs

    •Phone numbers •Addresses •Passwords •Biometrics •IPs •Credit card/bank info •Geographic locations •Intimate photos •Info the user has consented to be public •Likes •Avatars •Handles or usernames Semi-Private •Email addresses •City of residence •Race •Gender •Sexual orientation

  39. What kind of information are you sharing by default? @tsunamino

  40. None
  41. None
  42. None
  43. None

  44. Audit your site @tsunamino

  45. New user flows @tsunamino

  46. ❌ Bad

  47. ✅ Good

  48. ❌ Bad

  49. What does your privacy settings page look like? @tsunamino

  50. LinkedIn Privacy settings are

  51. Need to go beyond having a bunch of toggles. It

    must be incorporated into every aspect of the product @tsunamino
  52. None

  53. Have a clear privacy policy that defines consent @tsunamino

  54. None
  55. None

  56. @tsunamino Consensual software is a design pattern that asks for

    the user’s consent to interact with them or their data

  57. Things to do • Ask how a feature can be

    used to hurt someone • Audit your site, especially new user flows • Streamline your privacy settings pages • Have a clear privacy policy that defines consent @tsunamino

  58. Don’t wait until something catastrophic happens @tsunamino

  59. Ways to find me on the internet • @tsunamino •

    @consentsoftware • consensualsoftware.com

  60. Thanks!