Casual Privacy (Ignite Web2.0 Expo)

Casual Privacy “ a design pattern for sharing non-public information using out-of-band exchange of unguessable tokens.” because most privacy isn’t worth it.

Privacy is more trouble then its worth right now. Some people share in public, some people give up.
How to do we get more people to share more information, and more interesting information? Is there information you’re sharing more widely right now then you feel comfortable with? Is there information you’d share with more people if it was easy that you don’t want to tell GoogleBot? Assertion: Open Questions:

Current Privacy Options 1. Share Nothing 2. Share Everything 3. Manage a crowd

Everything Private Sucks
Lonely!
No wisdom of the crowds
Web 1.0!
We’d all be out of jobs!

Share Everything?
Default Web 2.0 assumption (Flickr, del.icio.us, Upcoming, Twitter)
Not everyone can, will
On Flickr people want to share (privately)
Kids
Home
Weddings
Last nights party

Sharing: Because it works!
Outboard brain
Wisdom of crowds
Serendipity enhancement
More valuable then privacy?

Manage a crowd
“ Traditional” approach
Contacts + Roles
Complex
Cognitive burden
also: ego, anxiety, social pressure, attractive nuisance.
friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, quasi-friend, sort-a-friend, weird-uncle, kith, annoying ex-roomate

Account proliferation!
Contact based approach, everyone needs an account.
Use ~14 sites roughly daily all designed to share.
Small pieces loosely joined hurts now

“ a design pattern for sharing non-public information using out-of-band exchange of unguessable tokens.”
http://flickr.com/gp/86712998@N00/BWk63T SUPER SEKRET URLZ!!1!

Case Study: Flickr Guest Pass
http://flickr.com/gp/ + 86712998@N00/ + BWk63Tj7
Simple?
No authentication
No account need
No activation
No identity
You have the token, you're in.

Casual Privacy: Features
Its Internet scale by default!
Credential are forwardable.
Authorization is contextual

OMG Alice isn't trustworthy and leaked the secret token!
In practice, accidental not malicious
Tokens revokable. Always. Poof!
Visual cues
Sufficient information

Deniable
Don't leak
No sequential IDs
No hinting
Don’t bring the egos back
Greenfield: “beneficial hypocrisy”

Hard to Guess
8 places of random alpha-numerics gets you a really big search spaces
2,251,875,390,625
Extra fun? Make your tokens checksumable

History Of
Odeo, 2005
Quicktopic, 1999
High school rave, 1992

Worse is Better
More flexible
Network effects make databases cry
Everybody less anxious

Casual Privacy: Checklist
Simple
Forwardable/sharedable
Revokable
Deniable
Visual Indicators
Hard to guess
Easy to implement

Security Concerns
Don’t use in feeds (aggregator data hygiene sucks!)
Proxies cache URL. HTTP headers can help
document.location.hash

Future Work
Data fuzzing
URL decay
Ben Adida’s BeamAuth
Build it already!

http://flickr.com/photos/dirtyfeet/217931104/
http://flickr.com/photos/lalunablanca/62556584/
http://flickr.com/photos/mesolimbo/86561068/
http://flickr.com/photos/merlin/13374753/
http://flickr.com/photos/fetching/387574792/
http://flickr.com/photos/stewart/459153074/
http://flickr.com/photos/oybay/111504290/
http://flickr.com/photos/68888883@N00/274651759/
http://flickr.com/photos/laughingsquid/390813713/ - Scott Beale / Laughing Squid (laughingsquid.com)

Casual Privacy (Ignite Web2.0 Expo)

by Kellan on Apr 16, 2007

Accessibility

Categories

Upload Details

Usage Rights

3 Embeds 16

Statistics

Casual Privacy (Ignite Web2.0 Expo) Presentation Transcript

http://www.slideshare.net	9
http://www.linkedin.com	5
http://www.informationweek.com	2