We need to fundamentally reconsider the way that we think about privacy within apps and services. For too long, the edge case in privacy design has been anyone who is in a targeted group. My talk at BSidesSF aims to show how many tech products and services mainly protect from a threat that is outside the home or inner circle. I would like to see more empathy in privacy design.
A useful example might be the recent issues with Facebook’s privacy have caused many people to pour scorn on those who use Facebook or similar platforms. There are those who proudly state that they warned of such issues long ago and wonder why no one listened then.
I am not here to argue against either point of view. I do, however, want to encourage people to consider why people might use Facebook and Messenger.
For many groups, Facebook is a free, easy-to-use platform to organize events. People already have accounts and can join discreetly. There is no need to explain a new email or app on a device. There are not many services available that offer the same benefits to end users. Many end users are not always able to control access to their devices or even their accounts. Very often I am told that people are afraid of installing something as popular as WhatsApp because a partner or significant other would challenge its use.
Someone who lives with you is able to have physical access to your devices and to you. They can install spyware, use personal information about you to get customer service reps to believe they are you, or track your activity via WiFi or unsecured IoT devices.
We have two jobs to fulfill. The first is to design devices and apps and services that have privacy (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/security-awareness/events/planning-threat-model-home/