Privacy hasn’t always been front page news, according to George Rosamond.
“I watched the way privacy went from being something that a lot of large companies joked about to something that’s a bumper sticker on every car today,” said the co-founder and CTO of ClearOPS at our latest privacy_infra() event on September 24.
As the focus on privacy has grown, so has “privacy by design,” a catchphrase that Rosamond thinks is often incorrectly used.
“It’s not saying in your policy, ‘we do privacy by design.’ That really isn’t by design — that’s by promise.”
So what does truly building for privacy by design look like?
According to Rosamond, it’s technology that holds the assumption that when using it, you don’t trust anyone. A Tor network is a great example of privacy by design, Rosamond says, because trust isn’t necessary in the network. In fact, it’s assumed that untrusted actors are running relays and trying to read traffic, but 3-hop circuits that change every 10 minutes can obscure identities and minimize risk.
VPN services, on the other hand, are generally trusted despite using a single-point for all traffic and potentially reselling user data. There’s no way to verify the promises of VPN services to not log users, but they’re typically trusted anyway.
Watch Rosamond’s talk below to understand the steps any engineer can take to enhance the privacy of their projects, beyond the obvious check boxes.
“A lot of these applications, a portion of the users are in life and death situations,” said Rosamond. “People tend to think of these big, glamorous spy scenarios, when actually privacy and anonymity are really base needs.”
Note: This post reflects information and opinions shared by speakers at Transcend’s ongoing privacy_infra() events, which feature industry-wide tech talks highlighting new thinking in data privacy engineering every other month. Watch the full September event, register for the next event on November 12, or learn more about privacy_infra().
If you’re working on solving universal privacy challenges and interested in speaking about it, submit a proposal to speak at an upcoming event.