Casual Privacy “ a design pattern for sharing non-public information using out-of-band exchange of unguessable tokens.” because most privacy isn’t worth it.

Privacy is more trouble then its worth right now. Some people share in public, some people give up. How to do we get more people to share more information, and more interesting information? Is there information you’re sharing more widely right now then you feel comfortable with? Is there information you’d share with more people if it was easy that you don’t want to tell GoogleBot? Assertion: Open Questions:

Privacy is more trouble then its worth right now. Some people share in public, some people give up.

Current Privacy Options 1. Share Nothing 2. Share Everything 3. Manage a crowd

Everything Private Sucks Lonely! No wisdom of the crowds Web 1.0! We’d all be out of jobs!

Lonely!

No wisdom of the crowds

Web 1.0!

We’d all be out of jobs!

Share Everything? Default Web 2.0 assumption (Flickr, del.icio.us, Upcoming, Twitter) Not everyone can, will On Flickr people want to share (privately) Kids Home Weddings Last nights party

Default Web 2.0 assumption (Flickr, del.icio.us, Upcoming, Twitter)

Not everyone can, will

On Flickr people want to share (privately)

Kids

Home

Weddings

Last nights party

Sharing: Because it works! Outboard brain Wisdom of crowds Serendipity enhancement More valuable then privacy?

Outboard brain

Wisdom of crowds

Serendipity enhancement

More valuable then privacy?

Manage a crowd “ Traditional” approach Contacts + Roles Complex Cognitive burden also: ego, anxiety, social pressure, attractive nuisance. friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, acquaintance, met, co-worker, colleague, co-resident, neighbor, child, parent, sibling, spouse, kin, muse, crush, date, sweetheart, me, friend, family, contact, quasi-friend, sort-a-friend, weird-uncle, kith, annoying ex-roomate

“ Traditional” approach

Contacts + Roles

Complex

Cognitive burden

also: ego, anxiety, social pressure, attractive nuisance.

Account proliferation! Contact based approach, everyone needs an account. Use ~14 sites roughly daily all designed to share. Small pieces loosely joined hurts now

Contact based approach, everyone needs an account.

Use ~14 sites roughly daily all designed to share.

Small pieces loosely joined hurts now

“ a design pattern for sharing non-public information using out-of-band exchange of unguessable tokens.” http://flickr.com/gp/86712998@N00/BWk63T SUPER SEKRET URLZ!!1!

“ a design pattern for sharing non-public information using out-of-band exchange of unguessable tokens.”

Case Study: Flickr Guest Pass http://flickr.com/gp/ + 86712998@N00/ + BWk63Tj7 Simple? No authentication No account need No activation No identity You have the token, you're in.

http://flickr.com/gp/ + 86712998@N00/ + BWk63Tj7

Simple?

No authentication

No account need

No activation

No identity

You have the token, you're in.

Casual Privacy: Features Its Internet scale by default! Credential are forwardable. Authorization is contextual

Its Internet scale by default!

Credential are forwardable.

Authorization is contextual

OMG Alice isn't trustworthy and leaked the secret token! In practice, accidental not malicious Tokens revokable. Always. Poof! Visual cues Sufficient information

In practice, accidental not malicious

Tokens revokable. Always. Poof!

Visual cues

Sufficient information

Deniable Don't leak No sequential IDs No hinting Don’t bring the egos back Greenfield: “beneficial hypocrisy”

Don't leak

No sequential IDs

No hinting

Don’t bring the egos back

Greenfield: “beneficial hypocrisy”

Hard to Guess 8 places of random alpha-numerics gets you a really big search spaces 2,251,875,390,625 Extra fun? Make your tokens checksumable

8 places of random alpha-numerics gets you a really big search spaces

2,251,875,390,625

Extra fun? Make your tokens checksumable

History Of Odeo, 2005 Quicktopic, 1999 High school rave, 1992

Odeo, 2005

Quicktopic, 1999

High school rave, 1992

Worse is Better More flexible Network effects make databases cry Everybody less anxious

More flexible

Network effects make databases cry

Everybody less anxious

Casual Privacy: Checklist Simple Forwardable/sharedable Revokable Deniable Visual Indicators Hard to guess Easy to implement

Simple

Forwardable/sharedable

Revokable

Deniable

Visual Indicators

Hard to guess

Easy to implement

Security Concerns Don’t use in feeds (aggregator data hygiene sucks!) Proxies cache URL. HTTP headers can help document.location.hash

Don’t use in feeds (aggregator data hygiene sucks!)

Proxies cache URL. HTTP headers can help

document.location.hash

Future Work Data fuzzing URL decay Ben Adida’s BeamAuth Build it already!

Data fuzzing

URL decay

Ben Adida’s BeamAuth

Build it already!

http://flickr.com/photos/dirtyfeet/217931104/ http://flickr.com/photos/lalunablanca/62556584/ http://flickr.com/photos/mesolimbo/86561068/ http://flickr.com/photos/merlin/13374753/ http://flickr.com/photos/fetching/387574792/ http://flickr.com/photos/stewart/459153074/ http://flickr.com/photos/oybay/111504290/ http://flickr.com/photos/68888883@N00/274651759/ http://flickr.com/photos/laughingsquid/390813713/ - Scott Beale / Laughing Squid (laughingsquid.com)

http://flickr.com/photos/dirtyfeet/217931104/

http://flickr.com/photos/lalunablanca/62556584/

http://flickr.com/photos/mesolimbo/86561068/

http://flickr.com/photos/merlin/13374753/

http://flickr.com/photos/fetching/387574792/

http://flickr.com/photos/stewart/459153074/

http://flickr.com/photos/oybay/111504290/

http://flickr.com/photos/68888883@N00/274651759/

http://flickr.com/photos/laughingsquid/390813713/ - Scott Beale / Laughing Squid (laughingsquid.com)