Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Designing Software That Protects People's Privacy

DZone's Guide to

Designing Software That Protects People's Privacy

As the amount of personal information on the internet grows every year, the need for enhanced privacy and security settings has never been more apparent.

· Security Zone
Free Resource

Discover how to protect your applications from known and unknown vulnerabilities.

The objective of this post is to make developers aware of the privacy-related aspects we must take into account as we design our software systems.

By this time Valentine's Day has come and gone. You, dear Reader, have probably gone out on a special evening with your loved one, and I'm sure you had a terrific time!
Now, try to remember with precision all those great, intimate moments you had that evening... including how that special night ended. Got them?

Now write them all down and post them in DZone's comments. Don't miss any details! We want to know it all! What have you got to hide anyway?

Are You Insane? That's None of Your Business!

Of course it's none of my business! That's between you and your loved one, that's how it should be! The bad news, though, is that much of what defines you and your relationship is already out for sale.

When the Internet became widespread around the mid-1990s it allowed people around the world to break those geographic barriers and freely exchange information. To say that it opened many doors is an understatement! Today, however, the Internet is becoming a mass surveillance tool used by multiple parties to identify and monitor users' habits. The original dream is over.

This is the consequence of the huge amount of information we produce on the web. Just have a look at how much data we generate per minute. In 2013, the SINTEF estimated that 90% of the world's data was generated over the last two years. That was before the reported data explosion of 2014, and before we bring IoT data into the equation.

So Who's Collecting Data On Me? 

Right, but have you thought about who has actually accessed to that information?

While it's true that applying prediction algorithms and extracting patterns from that data can be a game-changing tool, it can also become a serious threat to your privacy!

Knowing You

By gathering all that information you are essentially being profiled. Whether it is by snooping on your messages or by analyzing your phone logs, your profile is giving away your religious, political or even sexual inclinations... among others!

It used to be only your family and best friends who would know so much about you. Not anymore.

Systems are regularly hacked and databases leaked, sometimes with comic consequences, other times ending up in tragedy.

More worrying is the propensity of government agencies to profile you, the citizen. The counterintelligence argument does not explain why they keep on gathering data over ordinary Internet users. Or spy on journalists. The CIA even invests in data mining tools to browse through those large datasets! And if you think you're safe in Europe... think twice.

Why Should You Care?

Your privacy, your secrets, all those little things that you keep for yourself are defining you as a human being. Whoever profiles you is, in essence, stripping you from your identity. What remains is a malleable entity whose parameters are known and modifiable at one's will.

And whoever knows enough about you can influence you, like a good friend who knows which buttons to push.

This is not a tale of fiction anymore. There is now little doubt on whether all this information is shared, either with other government agencies or with foreign countries.
And if you think you're safe in Europe, you might be interested to know that your privacy rights as a non-American have also been completely disregarded. Angela Merkel might tell you one or two things about it

This has measurable consequences too: according to PEN research, knowing that you are tracked, profiled, and under surveillance leads to self-censorship.

Who can you trust to access your data? The answer should be obvious: trust no one.

It is not a question of paranoia. It all comes down to one thing: we are all humans.
Humans can make mistakes, which is why IT systems are hacked.
Humans can be attracted by quick profit, which is possibly what led US and UK police forces to abuse confidential databases.
Humans can have an opinionated view on how to finance their SaaS: selling your privacy to third parties.

Sometimes companies start with the best intentions, before giving up after being acquired. Sometimes they are just built on dubious ethical grounds.

There might be alternatives, though. 

Your Mission as a Software Engineer and Developer

Back in 2014, two naïve developers agreed that a person's privacy should be protected no matter what the circumstances are. And without realizing it, we started using "privacy by design" to achieve our goal. The result of that experiment became Seeld: a messaging application using a privacy-centric design and multiple encryption techniques in order to protect the confidentiality of the exchanged data against intruders, governments, and against ourselves, the system administrators!

More than two years down the line we log into our production database and find out that we are technically unable to count how many messages our early adopters had exchanged so far. The information is simply not accessible, not even to us. 

Considering all the above, we took it as a good sign. But here's the best bit: these results are achievable by you, developers of the world! 

Most of you (all of you!) have probably learned their lesson and hashed those passwords. Good.
But have you thought about using AES to encrypt that sensitive user information? Why should you, you may ask. Because all systems will eventually be hacked! So once your security layers are broken or circumvented, you nevertheless have prevented a data leak.
You can even push it as far as Open Whisper Systems and make the FBI go home empty-handed!   

So yeah, you could argue that data mining is an effective and lucrative business model, so by cutting yourself out of that mine of gold, you will be turning your back to a proven source of revenues.
But remember: there's a growing awareness on privacy issues on the Internet. So there's a chance that privacy-centric development will be the new skill on demand in a near future.
It's the developer's important new mission. We're betting on it

Nothing to Hide. Really?

Then again, maybe you have watched Glenn Greenwald's excellent TED talk and are still convinced that good guys have nothing to hide?

Never mind then. Let's go back to your Valentine's evening with your loved one.

Everything went perfectly well, and you decided to drive back home. Candles were lit, the mood became Barry White-sweet and you ended up in each other's arms.

Forget all those concerns about privacy and stuff. The Ministry of Truth will fix History, while the Ministry of Love will keep on watching over you, courtesy of your Smart TV.

Who said dystopia's are works of pure fiction?

Find out how Waratek’s award-winning virtualization platform can improve your web application security, development and operations without false positives, code changes or slowing your application.

Topics:
security ,privacy ,hack ,internet safety

Published at DZone with permission of Diego Pappalardo. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}