Industry perspective: What privacy-enhancing design really looks like (beyond the obvious)

Andrew Moon
October 2nd, 2020 · 1 min read

Privacy hasn’t always been front page news, according to George Rosamond.

“I watched the way privacy went from being something that a lot of large companies joked about to something that’s a bumper sticker on every car today,” said the co-founder and CTO of ClearOPS at our latest privacy_infra() event on September 24.

As the focus on privacy has grown, so has “privacy by design,” a catchphrase that Rosamond thinks is often incorrectly used.

“It’s not saying in your policy, ‘we do privacy by design.’ That really isn’t by design — that’s by promise.”

So what does truly building for privacy by design look like?

According to Rosamond, it's technology that holds the assumption that when using it, you don’t trust anyone. A Tor network is a great example of privacy by design, Rosamond says, because trust isn’t necessary in the network. In fact, it’s assumed that untrusted actors are running relays and trying to read traffic, but 3-hop circuits that change every 10 minutes can obscure identities and minimize risk.

VPN services, on the other hand, are generally trusted despite using a single-point for all traffic and potentially reselling user data. There’s no way to verify the promises of VPN services to not log users, but they’re typically trusted anyway.

“A lot of these applications, a portion of the users are in life and death situations,” said Rosamond. “People tend to think of these big, glamorous spy scenarios, when actually privacy and anonymity are really base needs.”

Watch Rosamond’s talk to understand the steps any engineer can take to enhance the privacy of their projects, beyond the obvious check boxes. Watch the full talk here.

Note: This post reflects information and opinions shared by speakers at Transcend’s ongoing privacy_infra() events, which feature industry-wide tech talks highlighting new thinking in data privacy engineering every other month. Watch the full September eventregister for the next event on November 12, or learn more about privacy_infra().

If you’re working on solving universal privacy challenges and interested in speaking about it, submit a proposal to speak at an upcoming event.

More articles from Transcend

Privacy Playbook: Building a best-in-class privacy program without a FAANG engineering budget

You don’t need an Apple- or Google-size budget to implement a user-centric privacy program.

October 1st, 2020 · 7 min read

Watch Back: Privacy_Infra() September

Watch back our Privacy_Infra() virtual event for engineers held on September 24th.

September 29th, 2020 · 1 min read

Privacy XFN

Sign up for Transcend's weekly privacy newsletter.

San Francisco, California Copyright © 2022 Transcend, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Link to $ to $ to $