Web 2.0 Expo: Casual Privacy

Last session of the conference. And yes, another Schill recommendation. But this one I wanted to go to as well. We always have this problem — how to let people know something is private without the fear of “unauthorised” access.

Sadly, Kellan’s slides exploded just prior to the session, so we see an Apple-like presentation sans imagery.

Presenter: Kellan Elliott-McCrea, Flickr

  • Sharing/privacy two sides of the same coin
  • Casual privacy is a design pattern for doing sharing
    • Can’t replicate the human experience in software, so we’re not even going to try
  • Software needs to have the experience of whispering at a party
  • Security through Obscurity++
    • It’s make of (unguessable) URLs
  • Sharing vs. Privacy — why do we care?
    • We’re on information overload
    • We share to try get over all that
    • “Outboard brain”
    • Participate in the wisdom of crowds; collective wisdom
  • Basic models:
    • Share nothing
      • Total privacy is a fire suppression technique (aka it doesn’t work; one minor spark and you’re screwed)
      • We need a leaky privacy model (for the 99.5% of us who don’t need total privacy)
    • Share everything
      • There are some things people should not be sharing (kids, home, last night’s party)
    • Manage a crowd
      • Signing up people, adding people, assigning permissions
      • Leads to social fatigue
      • Massive cognitive burden
      • Human internal patterns are incompatible with the web
    • Casual privacy
      • Unguessable (but unprotected) URL for the purposes of sharing
      • Only the author can create one for their own content
      • URLs are neat (have neat properties); email, blog, IM, list, etc.
      • Whispers are forwardable, which means the URL is effectively the same
      • Whispers are deniable, so how do you do this with URLs?
        • “Beneficial hypocracy”
        • URLs need to be opaque, non-identifiable and unable to map it
        • No identifying error messages
        • No obvious gaps
  • Casual privacy works because of context
    • Leaks happen not maliciously
    • Give enough people enough information, and they’ll understand why it’s important
  • Deniability also supported through revoking
    • Removes the guest pass to see something previously allowed
  • GPs could be used as REST targets
  • Possible to pre-sign URLs and expiry (less casual privacy, BTW)

Leave a Reply

Your email address will not be published. Required fields are marked *