Navigate back to the homepage

Industry perspective: What privacy-enhancing design really looks like (beyond the obvious)

Andrew Moon
October 2nd, 2020 · 1 min read

Privacy hasn’t always been front page news, according to George Rosamond.

“I watched the way privacy went from being something that a lot of large companies joked about to something that’s a bumper sticker on every car today,” said the co-founder and CTO of ClearOPS at our latest privacy_infra() event on September 24.

As the focus on privacy has grown, so has “privacy by design,” a catchphrase that Rosamond thinks is often incorrectly used.

“It’s not saying in your policy, ‘we do privacy by design.’ That really isn’t by design — that’s by promise.”

So what does truly building for privacy by design look like?

According to Rosamond, it’s technology that holds the assumption that when using it, you don’t trust anyone. A Tor network is a great example of privacy by design, Rosamond says, because trust isn’t necessary in the network. In fact, it’s assumed that untrusted actors are running relays and trying to read traffic, but 3-hop circuits that change every 10 minutes can obscure identities and minimize risk.

VPN services, on the other hand, are generally trusted despite using a single-point for all traffic and potentially reselling user data. There’s no way to verify the promises of VPN services to not log users, but they’re typically trusted anyway.

Watch Rosamond’s talk below to understand the steps any engineer can take to enhance the privacy of their projects, beyond the obvious check boxes.

“A lot of these applications, a portion of the users are in life and death situations,” said Rosamond. “People tend to think of these big, glamorous spy scenarios, when actually privacy and anonymity are really base needs.”

Note: This post reflects information and opinions shared by speakers at Transcend’s ongoing privacy_infra() events, which feature industry-wide tech talks highlighting new thinking in data privacy engineering every other month. Watch the full September event, register for the next event on November 12, or learn more about privacy_infra().

If you’re working on solving universal privacy challenges and interested in speaking about it, submit a proposal to speak at an upcoming event.

More articles from Transcend

Watch the recording: privacy_infra() September

Watch back our privacy_infra() virtual event for engineers held on September 24th.

September 29th, 2020 · 1 min read

Hassle-free frontends in AWS with Terraform 0.13 and GitHub Actions

At Transcend, we create our frontends using cutting-edge open-source Terraform modules. In this post, learn how to create production-ready frontends with continuous delivery in minutes.

September 22nd, 2020 · 6 min read
© 2017 - 2020 Transcend
Link to $https://twitter.com/transcend_ioLink to $https://www.linkedin.com/company/transcend-io/Link to $https://github.com/transcend-io