(Editor's Note: The following is a guest blog Tomás Touceda, Privacy Officer at SpiderOak)
I've had this in my head for some time now. Especially in recent months when the privacy products appear on the left and right.
When is an approach thin when and keeps it that way?
The thin approach to entrepreneurship basically means you do less things to see if an idea would work. The goal is not to lose a lot of time to do what will give no return.
frequently test, quit bad roads as soon as possible. I am a beginner in this area, however, if one of the questions I have is: when not prevented an approach to be skinny
This can have very easy answers to many different? products, but things are very different in the area of privacy.
do something is the lean path not mean protect as many things as you need? Make a secure software takes a little time. It is not a 'Oh, by the way, would you throw in some privacy? kind of thing.
So what do you do? Do you have something prototypes with a beautiful user interface, add a padlock icon somewhere and say it is completely secure and private? Perhaps seeing if you get users, and then you add real security?
In some situations, will tell you that is a good approach. But what kind of user you have had in this lean approach insecurity? Activist? Journalists in complex political situations? You could have people killed.
So what? You test with users who are not really the target of your system? This could be a good compromise ethics, because you do not want to get people into dangerous situations because they use your new product confidentiality. If you do well, how on earth will you polish your system to meet your real users?
What is the right balance?
When something Privacy- preserve
Then we move to this problem :? when something can be called "protecting privacy"
a lot ... much new systems themselves call Privacy- conservation. But there seems to be a tag is added quite lightly.
What are the minimum requirements for a system to be able to say that it protects your privacy? Nobody has defined this, and it makes sense in a way because it depends on the threat of each system model, but most are not even a threat model!
confidentiality can be compared to a characteristic such as stability. Any system can say "We provide stability," and it will be true until the system breaks down and suddenly the company behind it lying because he proved to be stable.
Privacy works the same way, everyone can say "We protect your privacy," and that will remain true until a user is aware of their information is somehow apart from this system when it should not be. So how can we make sure something really private?
Stability can be found by improving the system. Privacy, once broken, can not be taken as easily or at all
Revenue growth hacking of privacy
How does this story sound :.
- Company A product launches maintaining privacy, but it is her safety is questionable at best. The user interface looks really nice.
- Security experts call for these problems.
- Company A said: "If you can break under these constraints, we will accept our system is not secure."
- security experts explain why these constraints are not reasonable. Nobody wins the challenge even though the system used to insecurity known techniques.
- The journalists the challenge, call the NSA system to the test, and make a big fuss about it.
- Company A gets millions of users.
Sounds neat the start point of view, right? It really happened. Product safety is still questionable at best, but nobody cares.
Growth everyone piracy!
And this "technique" was repeated with incredible success. Everyone wants to make millions in revenue, but at what price?
We need to understand this
I wrote more questions than answers here, and that is no accident. We really have more question marks than large definitive answers. We need to change that well and we need to understand this set Privacy start thing before it comes back to bite.
The real security is boring, I will not lie. Therefore, it is no surprise it has not gone viral. How can we change this? How can we make high security and confidentiality of the basic requirement for all?
default privacy, real privacy. It is the only way. Now, we need to understand how to get there in a way that is financially viable.
0 Komentar