SlideShare a Scribd company logo

The Zero Knowledge Economy, OW2con'16, Paris.

OW2
OW2

You've probably heard the phrase "If a Service is Free, You Are the Product". While there are exceptions, it's definitely the norm when it comes to web services. Our interactions with online portals expose a wealth of personal information. When such services become compromised, the exposure of that information can have far reaching consequences for their users. The damage to a company's reputation is often irreversable, and at the very least such events put marketing departments on the defensive. Yet, few who are in a position to attract attention have been immune to attacks. Well-intentioned employees get manipulated, and customer details get exposed. With each high profile data leak, it becomes more apparent that the only way to keep private information secret is to ensure that it remains inaccessible even to yourself. At XWiki we've been developing systems which use cryptography and distributed computing to offer real time collaboration systems which keep the server oblivious of the contents of a session's contents. Zero Knowledge systems protect not just your customers, but your reputation. This presentation focuses on how an organization can use such systems, and keep its information safe, even from itself.

Technology
1 of 45
Download to read offline
09/19/16 The Zero Knowledge Economy
09/19/16 $whoami ● Aaron MacSween (IRL) ● https://github.com/ansuz ● https://keybase.io/ansuz ● Research Engineer at XWikiSAS ● building tools for Collaborative Real Time Editing (CRTE)
09/19/16 The Old Economy (This is the boring part)
09/19/16 The Old Economy ● Businesses and individuals buy and sell goods and services to each other ● Many services are provided by local businesses ● Globally available products are sold for cash ● Paper records are difficult to analyze
09/19/16 Old Economy Analytics
09/19/16 Old Economy Analytics “Being a Nielsen household brought with it some nice perks. They actually paid us. We got a check several times a year for $50. Now, that’s not a lot of money, but every little bit helps.”
09/19/16 Running an Old Economy Business ● Data is expensive ● Data is biased because users self-select ● Only metadata can be analyzed ● Data science was still fairly primitive
09/19/16 What we learned ● Consumer relations are tangible ● You can always just stop buying ● Boycotts are effective ● Users have a lot of power
09/19/16 No wait, that's wrong...
09/19/16 ● Over time the economy changed into something else ● Few people noticed ● The results were hilarious, or depressing depending on your perspective
09/19/16 The Data Economy ● Data is plentiful and profitable ● Comprehensive privacy is practically unattainable ● Sell once to users, sell again to marketers ● Users don't have much option ● Users probably don't need to know that you're selling their data
09/19/16 Surveillance Capitalism
09/19/16 How much is your data worth? ● $0.50-$2.11 per 1000 people – ($0.0005-$0.0021 each) ● Pregnant in your second trimester? – $0.11 ● Have a specific health condition? – $0.26 ● $2200 Credit card stolen? – $190 on the dark web
09/19/16 Ashley Madison
09/19/16 The Ashley Madison Leak
09/19/16 Full Delete ● For a mere $19, users could 'fully delete' their account information ● This feature modified some data, but left behind data which could potentially be personally identifying
09/19/16
09/19/16 The Sad and Lulzy Truth ● Ashley Madison used bots to simulate women and attract male users ● 31,343,429 male accounts in the database ● “Out of 5.5 million female accounts, roughly zero percent had ever shown any kind of activity at all, after the day they were created.”
09/19/16 The Plan ● Attract male users by pretending to have female users ● Wait until male users get bored or feel guilty ● Charge $19 to delete user information ● Don't actually delete user information ● Get hacked and leak everything ● Shrug it off and keep selling to chumps
09/19/16 Nailed it!
09/19/16 Pregnancy Tracking Apps ● menstruation cycle ● weight ● medications ● cervical mucous appearance ● history of abortions ● diarrhea, low sex drive, mood ● all with poor security standards...
09/19/16 Glow Pregnancy App ● Accounts linked without permission ✔ ● Personal Data Transmitted in Forums ✔ ● Passwords Changed by Attackers ✔
09/19/16 A Testimonial Seven months after my miscarriage, mere weeks before my due date, I came home from work to find a package on my welcome mat. It was a box of baby formula bearing the note: “We may all do it differently, but the joy of parenthood is something we all share.” pregnancy tracking app not disclosed*
09/19/16 I hadn’t realized, however, that when I had entered my information into the pregnancy app, the company would then share it with marketing groups targeting new mothers. Although I logged my miscarriage into the app and stopped using it, that change in status apparently wasn’t passed along.
09/19/16 The Internet of Things
09/19/16 The Internet of Things ● hardware margins start at 2% ● vendors compete to offer the most for the lowest price ● the only way to make money is to ● lock your customers into buying ● collect your customers' data and hope someone will buy
09/19/16 Sex Toys on the Internet What could go wrong?
09/19/16 Accessible via REST API
09/19/16 ● The devices share temperature data (sent once a minute), and intensity settings (in real time) ● “We want to question that assumption and say you know if you you're making [intimate] devices that are controlled by mobile apps, maybe you should consider whether you should be collecting that information in the first place. If the information isn't collected, then its not vulnerable to either security or data releases and legal enforcement.” – Followr
09/19/16 Lawsuit Pending ● The suit also alleges that without explaining to customers, the toy collects data on date, time of use, and settings, along the user’s personal email and transmits the information to the Ottawa company. ● “Any data you collect will probably leak; any data you retain will definitely leak. If the NSA can't stop its secrets from leaking, what chance does Standard Innovation stand?”
09/19/16 That's just how it works! ● You can't just connect two devices over the internet ● You need some server to act as an intermediary ● Servers naturally collect metadata ● It's not that big a deal
09/19/16 That's not just how it works! ● The web has improved! ● We have technology like WebRTC for peer to peer communication ● You may still create metadata, but most of what you send can be encrypted ● India, the Philippines and Alabama criminally punish the sale or possession of sex toys
09/19/16 Slashdot reader BarbaraHudson argues that "It kind of has to share that information if it's going to be remotely controlled by someone else."
09/19/16 IoT Rectal Thermometer
09/19/16 Nanny Cams
09/19/16 Norton's Law Over time, all data approaches deleted, or public.
09/19/16 The Zero Knowledge Economy ● Users can't verify that a service has deleted their data, and must rely on trust ● Service operators commonly abuse trust ● When sensitive information is involved, a user's best option is to prevent the operator from ever having access to their data
09/19/16 The Zero Knowledge Economy ● Businesses provide a service to clients with a guarantee of confidentiality ● Privacy is assured via Cryptography, not empty promises ● Cryptography is open source, SaaS for paying users ● Paid apps use local computation where no network (or cryptography) is necessary ● Sensitive information is never available to those who might abuse it (malicious hackers or otherwise)
09/19/16 Examples
09/19/16 ncry.pt
09/19/16 Up1
09/19/16 Cryptpad
09/19/16 That's it? ● Most collaborative apps have been built with the assumption that servers have to know everything! ● Zero-Knowledge applications are still a relatively untapped market ● When you respect a user's privacy, you earn their loyalty
09/19/16 E2EE Messengers ● Signal ● Cryptocat ● Whatsapp ● Wire ● Google Duo
09/19/16 That's It! Thanks for your attention!

Recommended

Social media knockdown
Social media knockdownSocial media knockdown
Social media knockdown
tellem
 
Using videos in English class
Using videos in English classUsing videos in English class
Using videos in English class
Mr. Euc@s
 
Itf ipp ch07_2012_final
Itf ipp ch07_2012_finalItf ipp ch07_2012_final
Itf ipp ch07_2012_final
dphil002
 
'Net'-Working for Your Own Professional Development
'Net'-Working for Your Own Professional Development'Net'-Working for Your Own Professional Development
'Net'-Working for Your Own Professional Development
Helen Buzdugan
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
dphil002
 
Research and writers’ club
Research and writers’ clubResearch and writers’ club
Research and writers’ club
Kawooya Ismael
 
OW2con'14 - ProActive Cloud Automation: Worflow scheduling & orchestration
OW2con'14 - ProActive Cloud Automation: Worflow scheduling & orchestrationOW2con'14 - ProActive Cloud Automation: Worflow scheduling & orchestration
OW2con'14 - ProActive Cloud Automation: Worflow scheduling & orchestration
OW2
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
dphil002
 

Recommended

Social media knockdown
Social media knockdownSocial media knockdown
Social media knockdown
tellem
 
Using videos in English class
Using videos in English classUsing videos in English class
Using videos in English class
Mr. Euc@s
 
Itf ipp ch07_2012_final
Itf ipp ch07_2012_finalItf ipp ch07_2012_final
Itf ipp ch07_2012_final
dphil002
 
'Net'-Working for Your Own Professional Development
'Net'-Working for Your Own Professional Development'Net'-Working for Your Own Professional Development
'Net'-Working for Your Own Professional Development
Helen Buzdugan
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
dphil002
 
Research and writers’ club
Research and writers’ clubResearch and writers’ club
Research and writers’ club
Kawooya Ismael
 
OW2con'14 - ProActive Cloud Automation: Worflow scheduling & orchestration
OW2con'14 - ProActive Cloud Automation: Worflow scheduling & orchestrationOW2con'14 - ProActive Cloud Automation: Worflow scheduling & orchestration
OW2con'14 - ProActive Cloud Automation: Worflow scheduling & orchestration
OW2
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
dphil002
 
Qualipso Open Maturity Model OW2 Conference Nov10
Qualipso Open Maturity Model OW2 Conference Nov10Qualipso Open Maturity Model OW2 Conference Nov10
Qualipso Open Maturity Model OW2 Conference Nov10
OW2
 
EGL09 Adult and Young Adult Leadership Presentation
EGL09 Adult and Young Adult Leadership PresentationEGL09 Adult and Young Adult Leadership Presentation
EGL09 Adult and Young Adult Leadership Presentation
skdyouth
 
Ow2 Jonas Use Case Ministere Interieur Open World Forum
Ow2 Jonas Use Case Ministere Interieur Open World ForumOw2 Jonas Use Case Ministere Interieur Open World Forum
Ow2 Jonas Use Case Ministere Interieur Open World Forum
OW2
 
ELPS Strategies
ELPS StrategiesELPS Strategies
ELPS Strategies
Vanessa Capaldo
 
Mfs Power Point Slides
Mfs Power Point SlidesMfs Power Point Slides
Mfs Power Point Slides
guest37c483e3
 
Эволюция продукта
Эволюция продуктаЭволюция продукта
Эволюция продукта
Pavel Antonenko
 
SeedStack - the lean development stack, OW2con'16, Paris.
SeedStack - the lean development stack, OW2con'16, Paris.SeedStack - the lean development stack, OW2con'16, Paris.
SeedStack - the lean development stack, OW2con'16, Paris.
OW2
 
LemonLDAP::NG 2.0. OW2con'15, November 17, Paris.
LemonLDAP::NG 2.0. OW2con'15, November 17, Paris. LemonLDAP::NG 2.0. OW2con'15, November 17, Paris.
LemonLDAP::NG 2.0. OW2con'15, November 17, Paris.
OW2
 
OW2con' 14 - re-VAMP load testing with CLIF for continuous integration on the...
OW2con' 14 - re-VAMP load testing with CLIF for continuous integration on the...OW2con' 14 - re-VAMP load testing with CLIF for continuous integration on the...
OW2con' 14 - re-VAMP load testing with CLIF for continuous integration on the...
OW2
 
OW2con'14 - Nanoko, 2 years feedback, Ubidreams
OW2con'14 - Nanoko, 2 years feedback, UbidreamsOW2con'14 - Nanoko, 2 years feedback, Ubidreams
OW2con'14 - Nanoko, 2 years feedback, Ubidreams
OW2
 
Viajes Al Peru
Viajes Al PeruViajes Al Peru
Viajes Al Peru
Pablo Guaña
 
Ow2 Today Solution Linux2010
Ow2 Today Solution Linux2010Ow2 Today Solution Linux2010
Ow2 Today Solution Linux2010
OW2
 
Automatizing SpagoBI, OW2con'16, Paris.
Automatizing SpagoBI, OW2con'16, Paris. Automatizing SpagoBI, OW2con'16, Paris.
Automatizing SpagoBI, OW2con'16, Paris.
OW2
 
CARTOON-Ronaldinho
CARTOON-RonaldinhoCARTOON-Ronaldinho
CARTOON-Ronaldinho
joyjubu
 
Ow2 Open World Forum09 Bonita Use Case
Ow2 Open World Forum09 Bonita Use CaseOw2 Open World Forum09 Bonita Use Case
Ow2 Open World Forum09 Bonita Use Case
OW2
 
Social Good: Social Media beyond politics
Social Good: Social Media beyond politicsSocial Good: Social Media beyond politics
Social Good: Social Media beyond politics
Vernon Joseph Go
 
Numérique et accessibilité: les personnes handicapées intellectuelles sont au...
Numérique et accessibilité: les personnes handicapées intellectuelles sont au...Numérique et accessibilité: les personnes handicapées intellectuelles sont au...
Numérique et accessibilité: les personnes handicapées intellectuelles sont au...
OW2
 
Migration Novaforge OW2 Conference Nov10
Migration Novaforge OW2 Conference Nov10Migration Novaforge OW2 Conference Nov10
Migration Novaforge OW2 Conference Nov10
OW2
 
Putting Controlled Vocabulary To Work I Davis 2008
Putting Controlled Vocabulary To Work I Davis 2008Putting Controlled Vocabulary To Work I Davis 2008
Putting Controlled Vocabulary To Work I Davis 2008
Ian Davis
 
PLAYing with SOA, EDA and Event Processing (in the Cloud), OW2con'12, Paris
PLAYing with SOA, EDA and Event Processing (in the Cloud), OW2con'12, ParisPLAYing with SOA, EDA and Event Processing (in the Cloud), OW2con'12, Paris
PLAYing with SOA, EDA and Event Processing (in the Cloud), OW2con'12, Paris
OW2
 
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in RomaOW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2
 
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
OW2
 

More Related Content

Viewers also liked

Qualipso Open Maturity Model OW2 Conference Nov10
Qualipso Open Maturity Model OW2 Conference Nov10Qualipso Open Maturity Model OW2 Conference Nov10
Qualipso Open Maturity Model OW2 Conference Nov10
OW2
 
EGL09 Adult and Young Adult Leadership Presentation
EGL09 Adult and Young Adult Leadership PresentationEGL09 Adult and Young Adult Leadership Presentation
EGL09 Adult and Young Adult Leadership Presentation
skdyouth
 
Ow2 Jonas Use Case Ministere Interieur Open World Forum
Ow2 Jonas Use Case Ministere Interieur Open World ForumOw2 Jonas Use Case Ministere Interieur Open World Forum
Ow2 Jonas Use Case Ministere Interieur Open World Forum
OW2
 
Mfs Power Point Slides
Mfs Power Point SlidesMfs Power Point Slides
Mfs Power Point Slides
guest37c483e3
 
Эволюция продукта
Эволюция продуктаЭволюция продукта
Эволюция продукта
Pavel Antonenko
 
SeedStack - the lean development stack, OW2con'16, Paris.
SeedStack - the lean development stack, OW2con'16, Paris.SeedStack - the lean development stack, OW2con'16, Paris.
SeedStack - the lean development stack, OW2con'16, Paris.
OW2
 
OW2con' 14 - re-VAMP load testing with CLIF for continuous integration on the...
OW2con' 14 - re-VAMP load testing with CLIF for continuous integration on the...OW2con' 14 - re-VAMP load testing with CLIF for continuous integration on the...
OW2con' 14 - re-VAMP load testing with CLIF for continuous integration on the...
OW2
 
OW2con'14 - Nanoko, 2 years feedback, Ubidreams
OW2con'14 - Nanoko, 2 years feedback, UbidreamsOW2con'14 - Nanoko, 2 years feedback, Ubidreams
OW2con'14 - Nanoko, 2 years feedback, Ubidreams
OW2
 
Ow2 Today Solution Linux2010
Ow2 Today Solution Linux2010Ow2 Today Solution Linux2010
Ow2 Today Solution Linux2010
OW2
 
CARTOON-Ronaldinho
CARTOON-RonaldinhoCARTOON-Ronaldinho
CARTOON-Ronaldinho
joyjubu
 
Ow2 Open World Forum09 Bonita Use Case
Ow2 Open World Forum09 Bonita Use CaseOw2 Open World Forum09 Bonita Use Case
Ow2 Open World Forum09 Bonita Use Case
OW2
 
Migration Novaforge OW2 Conference Nov10
Migration Novaforge OW2 Conference Nov10Migration Novaforge OW2 Conference Nov10
Migration Novaforge OW2 Conference Nov10
OW2
 
Putting Controlled Vocabulary To Work I Davis 2008
Putting Controlled Vocabulary To Work I Davis 2008Putting Controlled Vocabulary To Work I Davis 2008
Putting Controlled Vocabulary To Work I Davis 2008
Ian Davis
 

Viewers also liked (20)

Qualipso Open Maturity Model OW2 Conference Nov10
Qualipso Open Maturity Model OW2 Conference Nov10Qualipso Open Maturity Model OW2 Conference Nov10
Qualipso Open Maturity Model OW2 Conference Nov10
 
EGL09 Adult and Young Adult Leadership Presentation
EGL09 Adult and Young Adult Leadership PresentationEGL09 Adult and Young Adult Leadership Presentation
EGL09 Adult and Young Adult Leadership Presentation
 
Ow2 Jonas Use Case Ministere Interieur Open World Forum
Ow2 Jonas Use Case Ministere Interieur Open World ForumOw2 Jonas Use Case Ministere Interieur Open World Forum
Ow2 Jonas Use Case Ministere Interieur Open World Forum
 
ELPS Strategies
ELPS StrategiesELPS Strategies
ELPS Strategies
 
Mfs Power Point Slides
Mfs Power Point SlidesMfs Power Point Slides
Mfs Power Point Slides
 
Эволюция продукта
Эволюция продуктаЭволюция продукта
Эволюция продукта
 
SeedStack - the lean development stack, OW2con'16, Paris.
SeedStack - the lean development stack, OW2con'16, Paris.SeedStack - the lean development stack, OW2con'16, Paris.
SeedStack - the lean development stack, OW2con'16, Paris.
 
LemonLDAP::NG 2.0. OW2con'15, November 17, Paris.
LemonLDAP::NG 2.0. OW2con'15, November 17, Paris. LemonLDAP::NG 2.0. OW2con'15, November 17, Paris.
LemonLDAP::NG 2.0. OW2con'15, November 17, Paris.
 
OW2con' 14 - re-VAMP load testing with CLIF for continuous integration on the...
OW2con' 14 - re-VAMP load testing with CLIF for continuous integration on the...OW2con' 14 - re-VAMP load testing with CLIF for continuous integration on the...
OW2con' 14 - re-VAMP load testing with CLIF for continuous integration on the...
 
OW2con'14 - Nanoko, 2 years feedback, Ubidreams
OW2con'14 - Nanoko, 2 years feedback, UbidreamsOW2con'14 - Nanoko, 2 years feedback, Ubidreams
OW2con'14 - Nanoko, 2 years feedback, Ubidreams
 
Viajes Al Peru
Viajes Al PeruViajes Al Peru
Viajes Al Peru
 
Ow2 Today Solution Linux2010
Ow2 Today Solution Linux2010Ow2 Today Solution Linux2010
Ow2 Today Solution Linux2010
 
Automatizing SpagoBI, OW2con'16, Paris.
Automatizing SpagoBI, OW2con'16, Paris. Automatizing SpagoBI, OW2con'16, Paris.
Automatizing SpagoBI, OW2con'16, Paris.
 
CARTOON-Ronaldinho
CARTOON-RonaldinhoCARTOON-Ronaldinho
CARTOON-Ronaldinho
 
Ow2 Open World Forum09 Bonita Use Case
Ow2 Open World Forum09 Bonita Use CaseOw2 Open World Forum09 Bonita Use Case
Ow2 Open World Forum09 Bonita Use Case
 
Social Good: Social Media beyond politics
Social Good: Social Media beyond politicsSocial Good: Social Media beyond politics
Social Good: Social Media beyond politics
 
Numérique et accessibilité: les personnes handicapées intellectuelles sont au...
Numérique et accessibilité: les personnes handicapées intellectuelles sont au...Numérique et accessibilité: les personnes handicapées intellectuelles sont au...
Numérique et accessibilité: les personnes handicapées intellectuelles sont au...
 
Migration Novaforge OW2 Conference Nov10
Migration Novaforge OW2 Conference Nov10Migration Novaforge OW2 Conference Nov10
Migration Novaforge OW2 Conference Nov10
 
Putting Controlled Vocabulary To Work I Davis 2008
Putting Controlled Vocabulary To Work I Davis 2008Putting Controlled Vocabulary To Work I Davis 2008
Putting Controlled Vocabulary To Work I Davis 2008
 
PLAYing with SOA, EDA and Event Processing (in the Cloud), OW2con'12, Paris
PLAYing with SOA, EDA and Event Processing (in the Cloud), OW2con'12, ParisPLAYing with SOA, EDA and Event Processing (in the Cloud), OW2con'12, Paris
PLAYing with SOA, EDA and Event Processing (in the Cloud), OW2con'12, Paris
 

More from OW2

OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in RomaOW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2
 
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2
 
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
OW2
 
Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020
OW2
 
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
OW2
 
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
OW2
 
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
OW2
 
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
OW2
 
Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020
OW2
 

More from OW2 (20)

OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in RomaOW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
OW2 and RIOS teaming up to boost the open source impact, Nov. 2022 in Roma
 
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
The Open Source Good Governance Initiative presented at RIOS OS Week, Nov. 20...
 
GLPi v.10, les fonctionnalités principales et l'offre cloud
GLPi v.10, les fonctionnalités principales et l'offre cloudGLPi v.10, les fonctionnalités principales et l'offre cloud
GLPi v.10, les fonctionnalités principales et l'offre cloud
 
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
Centreon: superviser le Cloud et le Legacy à partir d'une même plateforme, po...
 
FusionIAM : la gestion des identités et des accés open source
FusionIAM : la gestion des identités et des accés open sourceFusionIAM : la gestion des identités et des accés open source
FusionIAM : la gestion des identités et des accés open source
 
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
OW2 Association Européenne aux racines grenobloises, transformer l'industrie ...
 
SFScon'20 Bringing the User into the Equation
SFScon'20 Bringing the User into the EquationSFScon'20 Bringing the User into the Equation
SFScon'20 Bringing the User into the Equation
 
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...Towards a sustainable solution to open source sustainability, OW2online20, Ju...
Towards a sustainable solution to open source sustainability, OW2online20, Ju...
 
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
Advanced proactive and polymorphing cloud application adaptation with MORPHEM...
 
Open Source governance and the Eclipse Foundation, OW2online, June 2020
Open Source governance and the Eclipse Foundation, OW2online, June 2020Open Source governance and the Eclipse Foundation, OW2online, June 2020
Open Source governance and the Eclipse Foundation, OW2online, June 2020
 
Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020Open source contribution policies, OW2online, June 2020
Open source contribution policies, OW2online, June 2020
 
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
Software development at scale, pandemic lockdown and oss ecosystems, OW2onlin...
 
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
Overview of the OpenChain Reference Tooling Work Group, OW2online20, June 2020
 
Open Source Compliance at Orange, OW2online, June 2020
Open Source Compliance at Orange, OW2online, June 2020Open Source Compliance at Orange, OW2online, June 2020
Open Source Compliance at Orange, OW2online, June 2020
 
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
Ideas, methods and tools for OSS Compliance assessment, OW2online, June 2020
 
Intelligent package management with FASTEN, OW2online, June 2020
Intelligent package management with FASTEN, OW2online, June 2020Intelligent package management with FASTEN, OW2online, June 2020
Intelligent package management with FASTEN, OW2online, June 2020
 
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
DECODER, a Smarter Environment for DevOps Teams , OW2online, June 2020
 
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
Enabling DevOps for IoT software development, powered by Open Source, OW2onli...
 
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
Upcoming Challenges in Artificial Intelligence Research and Development, OW2o...
 
Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020Cacti and Big Data at Orange France, OW2online, June 2020
Cacti and Big Data at Orange France, OW2online, June 2020
 

Recently uploaded

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

The Zero Knowledge Economy, OW2con'16, Paris.

  • 2. 09/19/16 $whoami ● Aaron MacSween (IRL) ● https://github.com/ansuz ● https://keybase.io/ansuz ● Research Engineer at XWikiSAS ● building tools for Collaborative Real Time Editing (CRTE)
  • 3. 09/19/16 The Old Economy (This is the boring part)
  • 4. 09/19/16 The Old Economy ● Businesses and individuals buy and sell goods and services to each other ● Many services are provided by local businesses ● Globally available products are sold for cash ● Paper records are difficult to analyze
  • 6. 09/19/16 Old Economy Analytics “Being a Nielsen household brought with it some nice perks. They actually paid us. We got a check several times a year for $50. Now, that’s not a lot of money, but every little bit helps.”
  • 7. 09/19/16 Running an Old Economy Business ● Data is expensive ● Data is biased because users self-select ● Only metadata can be analyzed ● Data science was still fairly primitive
  • 8. 09/19/16 What we learned ● Consumer relations are tangible ● You can always just stop buying ● Boycotts are effective ● Users have a lot of power
  • 10. 09/19/16 ● Over time the economy changed into something else ● Few people noticed ● The results were hilarious, or depressing depending on your perspective
  • 11. 09/19/16 The Data Economy ● Data is plentiful and profitable ● Comprehensive privacy is practically unattainable ● Sell once to users, sell again to marketers ● Users don't have much option ● Users probably don't need to know that you're selling their data
  • 13. 09/19/16 How much is your data worth? ● $0.50-$2.11 per 1000 people – ($0.0005-$0.0021 each) ● Pregnant in your second trimester? – $0.11 ● Have a specific health condition? – $0.26 ● $2200 Credit card stolen? – $190 on the dark web
  • 16. 09/19/16 Full Delete ● For a mere $19, users could 'fully delete' their account information ● This feature modified some data, but left behind data which could potentially be personally identifying
  • 18. 09/19/16 The Sad and Lulzy Truth ● Ashley Madison used bots to simulate women and attract male users ● 31,343,429 male accounts in the database ● “Out of 5.5 million female accounts, roughly zero percent had ever shown any kind of activity at all, after the day they were created.”
  • 19. 09/19/16 The Plan ● Attract male users by pretending to have female users ● Wait until male users get bored or feel guilty ● Charge $19 to delete user information ● Don't actually delete user information ● Get hacked and leak everything ● Shrug it off and keep selling to chumps
  • 21. 09/19/16 Pregnancy Tracking Apps ● menstruation cycle ● weight ● medications ● cervical mucous appearance ● history of abortions ● diarrhea, low sex drive, mood ● all with poor security standards...
  • 22. 09/19/16 Glow Pregnancy App ● Accounts linked without permission ✔ ● Personal Data Transmitted in Forums ✔ ● Passwords Changed by Attackers ✔
  • 23. 09/19/16 A Testimonial Seven months after my miscarriage, mere weeks before my due date, I came home from work to find a package on my welcome mat. It was a box of baby formula bearing the note: “We may all do it differently, but the joy of parenthood is something we all share.” pregnancy tracking app not disclosed*
  • 24. 09/19/16 I hadn’t realized, however, that when I had entered my information into the pregnancy app, the company would then share it with marketing groups targeting new mothers. Although I logged my miscarriage into the app and stopped using it, that change in status apparently wasn’t passed along.
  • 26. 09/19/16 The Internet of Things ● hardware margins start at 2% ● vendors compete to offer the most for the lowest price ● the only way to make money is to ● lock your customers into buying ● collect your customers' data and hope someone will buy
  • 27. 09/19/16 Sex Toys on the Internet What could go wrong?
  • 29. 09/19/16 ● The devices share temperature data (sent once a minute), and intensity settings (in real time) ● “We want to question that assumption and say you know if you you're making [intimate] devices that are controlled by mobile apps, maybe you should consider whether you should be collecting that information in the first place. If the information isn't collected, then its not vulnerable to either security or data releases and legal enforcement.” – Followr
  • 30. 09/19/16 Lawsuit Pending ● The suit also alleges that without explaining to customers, the toy collects data on date, time of use, and settings, along the user’s personal email and transmits the information to the Ottawa company. ● “Any data you collect will probably leak; any data you retain will definitely leak. If the NSA can't stop its secrets from leaking, what chance does Standard Innovation stand?”
  • 31. 09/19/16 That's just how it works! ● You can't just connect two devices over the internet ● You need some server to act as an intermediary ● Servers naturally collect metadata ● It's not that big a deal
  • 32. 09/19/16 That's not just how it works! ● The web has improved! ● We have technology like WebRTC for peer to peer communication ● You may still create metadata, but most of what you send can be encrypted ● India, the Philippines and Alabama criminally punish the sale or possession of sex toys
  • 33. 09/19/16 Slashdot reader BarbaraHudson argues that "It kind of has to share that information if it's going to be remotely controlled by someone else."
  • 36. 09/19/16 Norton's Law Over time, all data approaches deleted, or public.
  • 37. 09/19/16 The Zero Knowledge Economy ● Users can't verify that a service has deleted their data, and must rely on trust ● Service operators commonly abuse trust ● When sensitive information is involved, a user's best option is to prevent the operator from ever having access to their data
  • 38. 09/19/16 The Zero Knowledge Economy ● Businesses provide a service to clients with a guarantee of confidentiality ● Privacy is assured via Cryptography, not empty promises ● Cryptography is open source, SaaS for paying users ● Paid apps use local computation where no network (or cryptography) is necessary ● Sensitive information is never available to those who might abuse it (malicious hackers or otherwise)
  • 43. 09/19/16 That's it? ● Most collaborative apps have been built with the assumption that servers have to know everything! ● Zero-Knowledge applications are still a relatively untapped market ● When you respect a user's privacy, you earn their loyalty
  • 44. 09/19/16 E2EE Messengers ● Signal ● Cryptocat ● Whatsapp ● Wire ● Google Duo