How to conceive customized applications without storing users data ?
by Andrei Sambra
(@andreisambra)
A bit of personal history...
Status quo?
(centralization is bad)
Governments abuse their power leading to mass surveillance
One stop shop for hackers
143 million accounts
87 million accounts
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Can't prevent good companies being acquired by "bad" ones, and the other way around
Solution: decentralize
Scaling?
Uptime?
Availability?
Metrics?
Far from a perfect solution...
User
Experience
(always think about the user experience)
Is technology alone sufficient?
No.
GDPR
(as of 25 May 2018)
GDPR "do's"
(TL;DR for developers)
- Right to be forgotten (delete)
- also notify 3rd parties of erasure
- Restrict processing (data not visible to staff, or even publicly)
- Data portability (art. 20)
- export human-readable version
- export machine-readable version
- APIs (when possible!)
- All user data must always editable by the user
- Request user consent for processing their data (opt-in)
- Data retention (delete data after processing)
- Encrypt everything (in transit, at rest, backups)
- Keep a record of all activities where you use personal data
- Age checks (wishful thinking)
GDPR "don't's"
(TL;DR for developers)
- Don't use data for purposes that then ones agreed by the user
- Don't log personal data (IDs are sufficient)
- Don't use forms with more fields than necessary
- Don't rely on 3rd parties being compliant (exercise due diligence)
GDPR is just the begining.
(We need "online" seat belts)
What options do we have today?
Build centralized services
(much more difficult to guarantee GDPR compliance)
Build decentralized services
And the answer that everyone is waiting for...
Let’s use the Blockchain
No.
Use the Web as is, but decouple everything
Device
Data
App (UI)
Why decouple?
We can avoid tech debt by staying up to date with respect to a fast-paced technical evolution
Why decouple?
It allows App developers to focus on what they like the most (building a user experience through UI/UX)
(cont)
Why decouple?
..while removing a lot of headaches most developers face
(cont)
- how to deal with identity management (email) ?
- how to securely store user data ?
- how can I ensure my users' privacy ?
- how can I be GDPR-compliant overall (at least in EU) ?
Our approach at Qwant...
- client-side, peer-to-peer data management
- app data is stored encrypted on the user's devices
- offline-first user experience
- applications need to be authorized to access storage
- encrypted data is synced in real time using PFS
- all code is open sourced (MIT), including the sync service
- optional backup (coming soon™)
#NOCLOUD
https://unsplash.com
Shifting and balancing responsibility
Image credit - https://www.infovista.com
Conclusion
Decentralized governance
Decentralized technology
</Presentation>
Andrei Sambra - @andreisambra
a.sambra@qwant.com
https://slides.com/deiu/clean-data-conf/
(all uncredited images in this presentation come from Wikimedia)
How to conceive customized applications without storing users data ?
By Andrei
How to conceive customized applications without storing users data ?
- 2,255