Sowrey.org

Last session of the conference. And yes, another Schill recommendation. But this one I wanted to go to as well. We always have this problem — how to let people know something is private without the fear of “unauthorised” access.

Sadly, Kellan’s slides exploded just prior to the session, so we see an Apple-like presentation sans imagery.

Presenter: Kellan Elliott-McCrea, Flickr

• Sharing/privacy two sides of the same coin
• Casual privacy is a design pattern for doing sharing
  • Can’t replicate the human experience in software, so we’re not even going to try
• Software needs to have the experience of whispering at a party
• Security through Obscurity++
  • It’s make of (unguessable) URLs
• Sharing vs. Privacy — why do we care?
  • We’re on information overload
  • We share to try get over all that
  • “Outboard brain”
  • Participate in the wisdom of crowds; collective wisdom
• Basic models:
  • Share nothing
    • Total privacy is a fire suppression technique (aka it doesn’t work; one minor spark and you’re screwed)
    • We need a leaky privacy model (for the 99.5% of us who don’t need total privacy)
  • Share everything
    • There are some things people should not be sharing (kids, home, last night’s party)
  • Manage a crowd
    • Signing up people, adding people, assigning permissions
    • Leads to social fatigue
    • Massive cognitive burden
    • Human internal patterns are incompatible with the web
  • Casual privacy
    • Unguessable (but unprotected) URL for the purposes of sharing
    • Only the author can create one for their own content
    • URLs are neat (have neat properties); email, blog, IM, list, etc.
    • Whispers are forwardable, which means the URL is effectively the same
    • Whispers are deniable, so how do you do this with URLs?
      • “Beneficial hypocracy”
      • URLs need to be opaque, non-identifiable and unable to map it
      • No identifying error messages
      • No obvious gaps
• Casual privacy works because of context
  • Leaks happen not maliciously
  • Give enough people enough information, and they’ll understand why it’s important
• Deniability also supported through revoking
  • Removes the guest pass to see something previously allowed
• GPs could be used as REST targets
• Possible to pre-sign URLs and expiry (less casual privacy, BTW)

This entry was posted on Monday, April 28th, 2008 at 7:56 and is filed under Critical Mass, Technology, Travel.You can follow any responses to this entry through the RSS 2.0 feed.You can leave a response, or trackback from your own site.