casual privacy (ignite web2.0 expo)
DESCRIPTION
My "casual privacy" talk from Ignite on the Web 2.0 Expo opening night.TRANSCRIPT
![Page 1: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/1.jpg)
Casual Privacy
“a design pattern for sharing non-public information using out-of-band exchange of unguessable tokens.”
because most privacy isn’t worth it.
![Page 2: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/2.jpg)
Privacy is more trouble then its worth right now. Some people share in public, some people give up.
How to do we get more people to share more information, and more interesting information?
Is there information you’re sharing more widely right now then you feel comfortable with?
Is there information you’d share with more people if it was easy that you don’t want to tell GoogleBot?
Assertion:
Open Questions:
![Page 3: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/3.jpg)
Current Privacy Options
1. Share Nothing
2. Share Everything
3. Manage a crowd
![Page 4: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/4.jpg)
Everything Private Sucks
• Lonely!
• No wisdom of the crowds
• Web 1.0!
• We’d all be out of jobs!
![Page 5: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/5.jpg)
Share Everything?
On Flickr people want to share (privately)
1. Kids
2. Home
3. Weddings
4. Last nights party
• Default Web 2.0 assumption (Flickr, del.icio.us, Upcoming, Twitter)
• Not everyone can, will
![Page 6: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/6.jpg)
Sharing: Because it works!
• Outboard brain
• Wisdom of crowds
• Serendipity enhancement
• More valuable then privacy?
![Page 7: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/7.jpg)
friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, quasi-friend, sort-a-friend, weird-uncle, kith, annoying ex-roomate
Manage a crowd
• “Traditional” approach• Contacts + Roles• Complex• Cognitive burden• also: ego, anxiety, social pressure, attractive
nuisance.
![Page 8: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/8.jpg)
Account proliferation!
• Contact based approach, everyone needs an account.
• Use ~14 sites roughly daily all designed to share.
• Small pieces loosely joined hurts now
![Page 9: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/9.jpg)
“a design pattern for sharing non-public information using out-of-band exchange of unguessable tokens.”
http://flickr.com/gp/86712998@N00/BWk63T
SUPER SEKRET URLZ!!1!
![Page 10: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/10.jpg)
Case Study: Flickr Guest Pass
http://flickr.com/gp/ + 86712998@N00/ + BWk63Tj7
Simple?• No authentication• No account need• No activation• No identity• You have the token, you're in.
![Page 11: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/11.jpg)
Casual Privacy: Features
• Its Internet scale by default!
• Credential are forwardable.
• Authorization is contextual
![Page 12: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/12.jpg)
OMG Alice isn't trustworthy and leaked the secret token!
• In practice, accidental not malicious
• Tokens revokable. Always. Poof!
• Visual cues
• Sufficient information
![Page 13: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/13.jpg)
Deniable
• Don't leak
• No sequential IDs
• No hinting
• Don’t bring the egos back
• Greenfield: “beneficial hypocrisy”
![Page 14: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/14.jpg)
Hard to Guess
• 8 places of random alpha-numerics gets you a really big search spaces
• 2,251,875,390,625
• Extra fun? Make your tokens checksumable
![Page 15: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/15.jpg)
History Of
• Odeo, 2005
• Quicktopic, 1999
• High school rave, 1992
![Page 16: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/16.jpg)
Worse is Better
• More flexible
• Network effects make databases cry
• Everybody less anxious
![Page 17: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/17.jpg)
Casual Privacy: Checklist
• Simple
• Forwardable/sharedable
• Revokable
• Deniable
• Visual Indicators
• Hard to guess
• Easy to implement
![Page 18: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/18.jpg)
Security Concerns
• Don’t use in feeds (aggregator data hygiene sucks!)
• Proxies cache URL. HTTP headers can help
• document.location.hash
![Page 19: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/19.jpg)
Future Work
• Data fuzzing
• URL decay
• Ben Adida’s BeamAuth
• Build it already!
![Page 20: Casual Privacy (Ignite Web2.0 Expo)](https://reader035.vdocument.in/reader035/viewer/2022070303/54b67b1c4a795962088b460f/html5/thumbnails/20.jpg)
• http://flickr.com/photos/dirtyfeet/217931104/• http://flickr.com/photos/lalunablanca/62556584/• http://flickr.com/photos/mesolimbo/86561068/• http://flickr.com/photos/merlin/13374753/• http://flickr.com/photos/fetching/387574792/• http://flickr.com/photos/stewart/459153074/• http://flickr.com/photos/oybay/111504290/• http://flickr.com/photos/
68888883@N00/274651759/• http://flickr.com/photos/laughingsquid/
390813713/ - Scott Beale / Laughing Squid (laughingsquid.com)