際際滷

際際滷Share a Scribd company logo

Casual Privacy (Ignite Web2.0 Expo)

Download as PPT, PDF
Kellan
Kellan

The document proposes a design pattern called "Casual Privacy" for sharing non-public information using tokens exchanged out-of-band rather than requiring users to create accounts. It notes that current options of sharing nothing, sharing everything, or complex audience management are not ideal. Casual Privacy uses unguessable tokens shared via URL to allow easy, revocable sharing without authentication or identity. The tokens are designed to be hard to guess, forwardable, and deniable while providing sufficient context about the shared information.

1 of 20
Casual Privacy a design pattern for sharing non-public information using out-of-band exchange of unguessable tokens. because most privacy isnt worth it.
Privacy is more trouble then its worth right now. Some people share in public, some people give up. How to do we get more people to share more information, and more interesting information? Is there information youre sharing more widely right now then you feel comfortable with? Is there information youd share with more people if it was easy that you dont want to tell GoogleBot? Assertion: Open Questions:
Current Privacy Options 1. Share Nothing 2. Share Everything 3. Manage a crowd
Everything Private Sucks Lonely! No wisdom of the crowds Web 1.0! Wed all be out of jobs!
Share Everything? Default Web 2.0 assumption (Flickr, del.icio.us, Upcoming, Twitter) Not everyone can, will On Flickr people want to share (privately) Kids Home Weddings Last nights party
Sharing: Because it works! Outboard brain Wisdom of crowds Serendipity enhancement More valuable then privacy?
Manage a crowd Traditional approach Contacts + Roles Complex Cognitive burden also: ego, anxiety, social pressure, attractive nuisance. friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, quasi-friend, sort-a-friend, weird-uncle, kith, annoying ex-roomate
Account proliferation! Contact based approach, everyone needs an account. Use ~14 sites roughly daily all designed to share. Small pieces loosely joined hurts now
a design pattern for sharing non-public information using out-of-band exchange of unguessable tokens. http://flickr.com/gp/86712998@N00/BWk63T SUPER SEKRET URLZ!!1!
Case Study: Flickr Guest Pass http://flickr.com/gp/ + 86712998@N00/ + BWk63Tj7 Simple? No authentication No account need No activation No identity You have the token, you're in.
Casual Privacy: Features Its Internet scale by default! Credential are forwardable. Authorization is contextual
OMG Alice isn't trustworthy and leaked the secret token! In practice, accidental not malicious Tokens revokable. Always. Poof! Visual cues Sufficient information
Deniable Don't leak No sequential IDs No hinting Dont bring the egos back Greenfield: beneficial hypocrisy
Hard to Guess 8 places of random alpha-numerics gets you a really big search spaces 2,251,875,390,625 Extra fun? Make your tokens checksumable
History Of Odeo, 2005 Quicktopic, 1999 High school rave, 1992
Worse is Better More flexible Network effects make databases cry Everybody less anxious
Casual Privacy: Checklist Simple Forwardable/sharedable Revokable Deniable Visual Indicators Hard to guess Easy to implement
Security Concerns Dont use in feeds (aggregator data hygiene sucks!) Proxies cache URL. HTTP headers can help document.location.hash
Future Work Data fuzzing URL decay Ben Adidas BeamAuth Build it already!
http://flickr.com/photos/dirtyfeet/217931104/ http://flickr.com/photos/lalunablanca/62556584/ http://flickr.com/photos/mesolimbo/86561068/ http://flickr.com/photos/merlin/13374753/ http://flickr.com/photos/fetching/387574792/ http://flickr.com/photos/stewart/459153074/ http://flickr.com/photos/oybay/111504290/ http://flickr.com/photos/68888883@N00/274651759/ http://flickr.com/photos/laughingsquid/390813713/ - Scott Beale / Laughing Squid (laughingsquid.com)

More Related Content

Casual Privacy (Ignite Web2.0 Expo)

  • 1. Casual Privacy a design pattern for sharing non-public information using out-of-band exchange of unguessable tokens. because most privacy isnt worth it.
  • 2. Privacy is more trouble then its worth right now. Some people share in public, some people give up. How to do we get more people to share more information, and more interesting information? Is there information youre sharing more widely right now then you feel comfortable with? Is there information youd share with more people if it was easy that you dont want to tell GoogleBot? Assertion: Open Questions:
  • 3. Current Privacy Options 1. Share Nothing 2. Share Everything 3. Manage a crowd
  • 4. Everything Private Sucks Lonely! No wisdom of the crowds Web 1.0! Wed all be out of jobs!
  • 5. Share Everything? Default Web 2.0 assumption (Flickr, del.icio.us, Upcoming, Twitter) Not everyone can, will On Flickr people want to share (privately) Kids Home Weddings Last nights party
  • 6. Sharing: Because it works! Outboard brain Wisdom of crowds Serendipity enhancement More valuable then privacy?
  • 7. Manage a crowd Traditional approach Contacts + Roles Complex Cognitive burden also: ego, anxiety, social pressure, attractive nuisance. friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, quasi-friend, sort-a-friend, weird-uncle, kith, annoying ex-roomate
  • 8. Account proliferation! Contact based approach, everyone needs an account. Use ~14 sites roughly daily all designed to share. Small pieces loosely joined hurts now
  • 9. a design pattern for sharing non-public information using out-of-band exchange of unguessable tokens. http://flickr.com/gp/86712998@N00/BWk63T SUPER SEKRET URLZ!!1!
  • 10. Case Study: Flickr Guest Pass http://flickr.com/gp/ + 86712998@N00/ + BWk63Tj7 Simple? No authentication No account need No activation No identity You have the token, you're in.
  • 11. Casual Privacy: Features Its Internet scale by default! Credential are forwardable. Authorization is contextual
  • 12. OMG Alice isn't trustworthy and leaked the secret token! In practice, accidental not malicious Tokens revokable. Always. Poof! Visual cues Sufficient information
  • 13. Deniable Don't leak No sequential IDs No hinting Dont bring the egos back Greenfield: beneficial hypocrisy
  • 14. Hard to Guess 8 places of random alpha-numerics gets you a really big search spaces 2,251,875,390,625 Extra fun? Make your tokens checksumable
  • 15. History Of Odeo, 2005 Quicktopic, 1999 High school rave, 1992
  • 16. Worse is Better More flexible Network effects make databases cry Everybody less anxious
  • 17. Casual Privacy: Checklist Simple Forwardable/sharedable Revokable Deniable Visual Indicators Hard to guess Easy to implement
  • 18. Security Concerns Dont use in feeds (aggregator data hygiene sucks!) Proxies cache URL. HTTP headers can help document.location.hash
  • 19. Future Work Data fuzzing URL decay Ben Adidas BeamAuth Build it already!
  • 20. http://flickr.com/photos/dirtyfeet/217931104/ http://flickr.com/photos/lalunablanca/62556584/ http://flickr.com/photos/mesolimbo/86561068/ http://flickr.com/photos/merlin/13374753/ http://flickr.com/photos/fetching/387574792/ http://flickr.com/photos/stewart/459153074/ http://flickr.com/photos/oybay/111504290/ http://flickr.com/photos/68888883@N00/274651759/ http://flickr.com/photos/laughingsquid/390813713/ - Scott Beale / Laughing Squid (laughingsquid.com)