BALANCING IDENTITY & PRIVACY: BUILDING TOOLS TO HELP USERS

Transcript

1. Balancing Identity & Privacy Building Tools to Help Users Protect

   Themselves

2. Who am I? • Lindsey Bieda • @lindseybieda • @lindseyb

   • Application Engineer @ GitHub

3. Community & Safety • ⛺ CampS • Build tools to

   help communities grow • Build tools to keep users safe • Look for abuse vectors in new features

4. Abuse Vectors in Tech A path through a given feature

   that allows a user to interact in a way that is destructive or disruptive

5. (Virtual) Identity • Build through information about yourself • Certain

   level of vulnerability • Authenticity (or the illusion of)

6. Information Oversharing • Oversharing is the norm • Unknown risks

   • A balance with identity

7. Users and Trust • Users expect information not publicly visible

   to be private • Users do not anticipate malicious users • Data scraping

8. What Can We Do?

9. Identity in git • Name • Email • That’s it

10. Case Study: Emails in git History • Email is accessible

    to anyone who views the git history • Can be used by anyone maliciously or not • Abuse vector

11. git History Abuse Vector • Unsolicited Emails • Emails can

    be shared or sold to 3rd parties • Deadnaming (unsolved)

12. Tools • Focus on tooling that helps users keep the

    information they don’t want to release private • Stealth Emails

13. Stealth Emails [email protected] or [email protected]

14. Messaging • Inform the user when they are performing an

    action that may leak information they may want private • Block command line pushes that expose my email

15. Information • Ensure the user knows how they can maintain

    their privacy • About Commit Email Addresses

16. Privacy First • Make information private first then have options

    for it to be released • GitHub now enables private emails for all initial sign ups

17. Trust • Quickly lost • Hard to rebuild • Loss

    of trust is entirely preventable

18. Focus on Consent First Features • New features should not

    expose information that users have previously opted to keep private • Always give users the choice • @consentsoftware

19. Ask Don’t Assume

20. Protect Users As You Would Yourself …and then some

21. Inform Users of the Risks

22. More Reading • Data and Goliath: The Hidden Battles to

    Collect Your Data and Control Your World by Bruce Schneier • Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance by Julia Angwin • The Smart Girl's Guide to Privacy by Violet Blue

23. THANKS! @lindseybieda

24. None