Rebuilding Trust Through Privacy by Design. by Alexander Hanff alexander.hanff@startmail.com



Similar documents
The following Protective Markings are classified as Dissemination Limiting Markers (DLM).

Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices

White paper. Why Encrypt? Securing without compromising communications

Privacy by Design. Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of

Encryption Made Simple

Encryption Made Simple

Exam Papers Encryption Project PGP Universal Server Trial Progress Report

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide

Encrypting your Communications using PGP

Secure Frequently Asked Questions

4. Click Next and then fill in your Name and address. Click Next again.

Privacy Policy - LuxTNT.com

Privacy & Big Data: Enable Big Data Analytics with Privacy by Design. Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014

How To Secure Mail Delivery

DEPLOYMENT GUIDE DEPLOYING F5 WITH MICROSOFT WINDOWS SERVER 2008

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP LTM v10 with Citrix Presentation Server 4.5

MARKETING MODULE OVERVIEW ENGINEERED FOR ENGAGEMENT

The 7 Foundational Principles. Implementation and Mapping of Fair Information Practices. Ann Cavoukian, Ph.D.

Leonardo Hotels Group Page 1

PGP Desktop Quick Start Guide version 9.6

Secure User Guide

Vulnerability Remediation Plugin Guide

Encryption and Digital Signatures

How To Protect Your From Being Hacked On A Pc Or Mac Or Ipa From Being Stolen On A Network (For A Free Download) On A Computer Or Ipo (For Free) On Your Pc Or Ipom (For An Ipo

Chapter 2 Editor s Note:

Policy Based Encryption Z. Administrator Guide

Secure User Guide

Yale Software Library. PGP 9.6 for Windows

How To Protect A Web Application From Attack From A Trusted Environment

Wayland Student & Adjunct Account Instructions

Receiving Secure from Citi For External Customers and Business Partners

Secur User Guide

Background Information

Bodywhys Privacy Policy

mkryptor allows you to easily send secure s. This document will give you a technical overview of how. mkryptor is a software product from

AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Secure FAQs 1

Spring Hill State Bank Mobile Banking FAQs

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM System with VMware View

HMRC Secure Electronic Transfer (SET)

Webmail Using the Hush Encryption Engine

Telstra Wholesale Digital Certificates

Using etoken for Securing s Using Outlook and Outlook Express

Paladin Computers Privacy Policy Last Updated on April 26, 2006

Green Pharm is committed to your privacy. We disclose our information practices below and we agree to notify you of:

End-to-End Encryption for Everybody?

Problem. Solution. Quatrix is professional, secure and easy to use file sharing.

How to Optimize MS Outlook Exchange Traffic Over SSL

Aspera Connect User Guide

PGP Zip Self-Decrypting Archive (SDA) 5/29/2012 Version 1.1

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5

Keep Yourself Safe from the Prying Eyes of Hackers and Snoopers!

Maximize the Value of Your Data and the Ability to Protect Privacy, by Design

Vodafone Hosted Services. Getting your . User guide

The Benefits of SSL Content Inspection ABSTRACT

IBM Aspera Add-in for Microsoft Outlook 1.3.2

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

DMZ Network Visibility with Wireshark June 15, 2010

Secure FAQs for External Stakeholders

Advanced Diagnostics Limited ( We ) are committed to protecting and respecting your privacy.

SSL EXPLAINED SSL EXPLAINED

Security: Focus of Control. Authentication

Balamaruthu Mani. Supervisor: Professor Barak A. Pearlmutter

Personal data privacy protection: what mobile apps developers and their clients should know

Honeywell Secure External User Guide August 2013

Microsoft Internet Explorer (IE) Settings

HOW TO CONFIGURE PASS-THRU PROXY FOR ORACLE APPLICATIONS

DEPLOYMENT GUIDE Version 1.2. Deploying F5 with Microsoft Exchange Server 2007

HMRC Secure Electronic Transfer (SET)

PRIVACY & DATA PROTECTION ANNUAL REPORT

A Guide to Mobile Security For Citizen Journalists

Setup Guide. Archiving for Microsoft Exchange Server 2010

How to use PGP Encryption with iscribe

CHARTER BUSINESS custom hosting faqs 2010 INTERNET. Q. How do I access my ? Q. How do I change or reset a password for an account?

THE MOBILE MAJORITY: BUILDING PRIVACY BY DESIGN INTO MOBILE APPS

CrashPlan Security SECURITY CONTEXT TECHNOLOGY

Bentley CONNECT Dynamic Rights Management Service

INTERNET DOCUMENT SECURITY & PRIVACY RESOURCES

STERLING SECURE PROXY. Raj Kumar Integration Management, Inc.

INSTALLATION AND CONFIGURATION GUIDE (THIS DOCUMENT RELATES TO MDAEMON v ONWARDS)

Overview Keys. Overview

Netscape Setup Instructions

Privacy by Design Setting a new standard for privacy certification

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Real-Time Communication Security: SSL/TLS. Guevara Noubir CSU610

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP LTM with the Zimbra Open Source and Collaboration Suite

Transcription:

Rebuilding Trust Through Privacy by Design by Alexander Hanff alexander.hanff@startmail.com

The Principles of Privacy by Design (You all know this stuff right?) o Proactive not Reactive; Preventative not Remedial o Privacy as the Default Setting o Privacy Embedded into Design o Full Functionality Positive-Sum, not Zero-Sum o End-to-End Security Full Lifecycle Protection o Visibility and Transparency Keep it Open o Respect for User Privacy Keep it User-Centric

Proactive not Reactive; Preventative not Remedial Both Ixquick and Startpage are built on the same privacy focused principles. o No IP addresses recorded. o No record is made of your searches. o No identifying or tracking cookies used. o All communications with both sites are encrypted by default over a Secure Socket Layer (SSL/HTTPS) with highest-level encryption including Perfect Forward Secrecy and supporting TLS1.1 and 1.2. o No logs are retained of any personal information. o No personal information is being send to third parties. (no search leakage)

Proactive not Reactive; Preventative not Remedial o Users can customise their experience and make those customisations persistent without the use of cookies by using a url generator o Users can view search results anonymously via a proxy server which o automatically parses the incoming data for malicious technologies to further protect users o Users can choose whether to use European servers or servers in the United States o Search requests are sent using the POST method instead of GET

Proactive not Reactive; Preventative not Remedial StartMail o Minimal logging o All internal emails encrypted o User Vault (encrypted Inbox) o Question/Answer o HTTPS/PFS o PGP Public Key Server o Works seamlessly with desktop client PGP plugins

Privacy as the Default Setting o As with StartPage & Ixquick, StartMail has Privacy by Default o HTTPS/PFS o Encrypted Inbox (they cannot read your email) o All internal mail encrypted (no-one else can read your email when you are logged in) o Revocable Addresses o IMAP Support

Privacy Embedded into Design o StartMail developed over 3 years with Privacy embedded at the core from the beginning o Surfboard Holding BV consulted with respected privacy advocates, regulators & lawyers from the start o Before the first piece of code was written, the foundations were built around privacy with a clear strategy and focus in place o In order to fulfil PbD principles, entire system written from the ground up

Full Functionality -- Positive-Sum, not Zero-Sum o StartMail has been developed to provide a feature rich solution to users rather than a half measure o Through innovation and collaboration StartMail provides users with a Positive-Sum service o Even most geeks do not use encrypted email because PGP plugins are non-trivial StartMail makes PGP trivial o Don t just sign your email encrypt it

End-to-End Security Full Lifecycle Protection o As already mentioned encryption, encryption, encryption o Encrypted inbox (user vault), encrypted emails o HTTPS + PFS is essential in light of Snowden revelations o Don t forget your PGP passphrase (but if you do you can revoke & set a new one) o Recipient has client without PGP support? No problem with Question/Answer challenge for decryption

Visibility and Transparency Keep it Open o As with StartPage & Ixquick StartMail is completely transparent to users o Clear and Plain Language Privacy Policy o Knowledge Resources o Honesty is key to building trust

Respect for User Privacy Keep it User Centric o Surfboard Holding BV places user privacy as their top priority across their entire product range o With constant innovation and re-investment coupled with on going and open dialog with regulators, legislators and privacy advocates, Surfboard Holding BV keeps on pushing the bar higher, enhancing privacy well beyond mere compliance o Users maintain a very strong and interactive relationship via email, forums and Twitter o All tickets answered & all bugs escalated users are the customer not the product

Respect for User Privacy Keep it User Centric o Surfboard Holding BV also act as the citizens champion, pushing for stronger privacy regulations and deconstructing the moral panic built by big data corporations who seek to weaken citizens fundamental rights through aggressive lobbying against existing and emerging privacy and data protection legislation and regulations o StartPage & Ixquick prove that Privacy can be a viable competitive differentiator with staggering year on year growth o Over 40 000 accounts reserved on StartMail before the service has even launched illustrates growing trust in the brand

Privacy by Design Ambassadors o It is because of these strong principles and policies that they are Ambassadors of Privacy by Design o For more information on StartPage and Ixquick s Privacy by Design template: http://www.privacybydesign.ca/content/uploads/2013/0 8/StartPage-and-PbD.pdf o Or by following the Ambassadors link on the Privacy by Design main page

Startmail a new era for email o After nearly 4 years of development StartMail.com just entered Public Beta o 50 000 people enrolled for the Public beta programme o Built on the same principles of Privacy by Design o Extensive collaboration with privacy advocates o Feature rich positive sum

The Snowden Apocolypse o Snowden has opened Pandora s Box o Can the public trust giant US companies with their data? o Users looking for privacy focused alternatives o Now is the time to rebuild trust through Privacy by Design o Now is the time to use Privacy as a competitive differentiator

Lessons Learned o Even with a history of providing privacy enhancing services it took nearly 4 years to develop StartMail o Privacy is never a cookie cutter solution every service & product has unique obstacles to overcome o Collaboration with experts, looking outside the organisation, listening to advice and acting on it is key o Speak to the public, privacy advocates and regulators look for solutions based on their feedback o Don t assume people will not pay for your product/service data is not the ONLY currency FREEMIUM is not the only model

Focus o The most important principle of Privacy by Design is Focus o Focus on Privacy above all else as soon as you lose that focus your design will fail o Developers are bad at privacy, listen to the experts, let those experts talk to your developers o Make sure your developers listen and act on their advice o Control the development cycle, don t let it control you o A strong finished product is always better than a rushed beta

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information