2012/Getting a Handle on Privacy and Security
Speaker: Shane Caraveo
Return to this session's details
Goal: to make privacy/security issues more understandable to users.
DNT: Do Not Track
Doesn't prevent tracking by itself. Is a signal for the user's preference that organizations have to buy into.
- W3C technical bits defined
- Process issues
- what is tracking?
- what happens when you see the header?
Technical bits are easy; behaviors are difficult to define.
Odd that Microsoft turned it on by default. Nice that they jumped on the bandwagon, but it's supposed to be the user's choice. Does this water down the meaning for ad agencies?
No demo because this is a header.
Add-on for Firefox about 3 months ago, now available for Chrome and IE.
- Mozilla and Ford Foundation working together
- educate users about tracking
- experimental addon
- real-time tracking information
- help users identify tracking
- will help users opt-in to tracking
- UI is still too techy
Crowd-source information from Collusion to identify trackers and problems.
(Demo -- shows sites that track and links between them. Cool techy graph UI. :-) )
Personas aka BrowserID
Designed to be a distributed system; it's tied to your email address and you can set up your own server on your own domain.
Backend is doing Oauth (probably) with existing providers so users can easily come on board from other systems.
- secure verified authentication without passwords
- use it, it's awesome
- forward-looking sol'n for identity management
- does not solve existing password management
- demo later
BrowserID still leaves the existing problem of passwords in various places, subject to exploit
- experimental work
- examine your passwords
- duplicates, age, similarity, strength
- show you problem areas
- help you choose good passwords
- experimental, geeky, not friendly to most users
This is part of a PhD project for the person doing the work.
Alternate demo with UI Shane put together.
Shows you sites that you've shared the same password with, and also those that take passwords insecurely.
- Lots of ways to cook an egg
- User agent mediates
- Inherently private
- User retains control
Browser knows who you like to share with, what you want to share -- and the site you're using doesn't need to know that.
(demo -- on CNN site, click icon in navbar, logs in to facebook share, gplus, etc. Shane notes that initial version took more control of the UI, but social providers were uninterested in getting on board because they didn't have their branding.)
- Integrate social content in browser
- User Agent mediates
- Inherently private
- Possibly promiscuous
- Users have control
Mozilla are writing their own social provider, called "Motown." They use IRC for presence. :-) Activity stream based on tools used in Mozilla (blogging, bug tracking, yammer, etc.)
Ideas about icons indicating security, privacy, that make sense to the user. Using in-browser privacy preferences. Probably unrealistic.
"Users should expect their User Agent to be a User Agent."