Privacy

(in the age of Silos)

by Andrei Sambra

Centralization is bad.

143 million accounts

87 million accounts

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Centralization is bad.

Is it?

Scaling?

Uptime?

Availability?

Metrics?

Decentralization

Quality

Is technology alone sufficient?

No.

GDPR

GDPR  "do's"

(TL;DR for devs)

  • Right to be forgotten (delete)
    • also notify 3rd parties of erasure
  • Restrict processing (data not visible to staff, or even publicly)
  • Data portability (art. 20)
    • export human-readable version
    • export machine-readable version
    • APIs (when possible!)
  • All user data must always editable by the user
  • Request user consent for processing their data (opt-in)
  • Data retention (delete data after processing)
  • Encrypt everything (in transit, at rest, backups)
  • Keep a record of all activities where you use personal data
  • Age checks (wishful thinking)

GDPR  "don't's"

(TL;DR for devs)

  • Don't use data for other purposes that then ones agreed by the user
  • Don't log personal data (IDs are sufficient)
  • Don't use forms with more fields than necessary
  • Don't rely on 3rd parties being compliant (exercise due diligence)

GDPR is not enough.

 

(online seat belts)

Search

News

Music

Shopping

Junior

(more)

#NOTRACKING*

* IP address is cached for 5 minutes

Trade-off?

Quality of search results

&

Serving ads

(relevance & bots)

Solution?

 

#NOCLOUD

And the answer that everyone is waiting for...

Let’s use the Blockchain

No.

Use the Web but decouple everything

Device

Data

App (UI)

Client-side, peer-to-peer data management

https://unsplash.com

Shifting and balancing responsibility

Image credit - https://www.infovista.com

Demo

</Presentation>

Andrei Sambra - @andreisambra

a.sambra@qwant.com

https://slides.com/deiu/privacy-qwant/

(all uncredited images in this presentation come from Wikimedia)

Privacy in the age of Silos

By Andrei

Privacy in the age of Silos

  • 109

More from Andrei