Privacy by Design
De l'autonomie de l'individu sur ses données personnelles
@m4d_zhttps://talks.m4dz.net/privacy-by-design/fr/Des grosses boîtes
qui pompent des données
Des petites boîtes
qui pompent des données et n’en ont pas conscience
Des startups
qui pompent des données pour faire comme les grands
Cambridge Analytica, 2016, campagne présidentielle US
Vie privée, pour l’utilisateur•trice
I call this device a Personal Information Telecommunication Agent, or Pita for short. The acronym also stand for Pain In The Ass, which it is equally likely to be, because having all that connectivity is going to destroy what’s left of everyone’s privacy.
David Gerrold, in Sm@rt Reseller, « future of computing » prediction, 1999
Préquelle : Accountability pattern
7 Laws of Identity
PET, nouveaux animaux outils de compagnie
Checklists
Permissions
OpenID
export middleware = (next, action, userManager) => {
if (!storedUser || storedUser.expired) {
next(loadingUser())
userManager.getUser()
.then(getUserCallback)
.catch(errorCallback)
}
return next(action)
}
RSA Signature
const encrypt = new JSEncrypt()
encrypt.setPrivateKey(privkey))
let signature = encrypt.sign(message, CryptoJS.SHA256, 'sha256')
const decrypt = new JSEncrypt()
decrypt.setPublicKey(pubkey)
let verified = decrypt.verify(message, signature, CryptoJS.SHA256)
return verified? 'It Works!' : 'Error with signature'
RSA Encryption
const encrypt = new JSEncrypt()
encrypt.setPublicKey(pubkey))
let ciphertext = encrypt.encrypt(message)
const decrypt = new JSEncrypt()
decrypt.setPrivateKey(privkey)
let plaintext = decrypt.decrypt(ciphertext)
return plaintext == message ? 'It Works!' : 'Error with decryption'
Libs crypto dans le navigateur
jsSocials
SweetAlert
swal("A wild Pikachu appeared! What do you want to do?", {
buttons: {
catch: { text: "Throw Pokéball!", value: "catch" },
defeat: true
}
}).then(value => {
switch (value) {
case "defeat": swal("Pikachu fainted! You gained 500XP!"); break
case "catch": swal("Gotcha!", "Pikachu was caught!", "success"); break
}
})
rm -rf /
Stream Large Objects
oboe('/myapp/things.json')
.node('foods.*', foodThing => { log( 'Go eat some', foodThing.name) })
.node('badThings.*', badThing => { log( 'Stay away from' badThing.name) })
.done(things => {
log(`
there are ${things.foods.length} things to eat
and ${things.nonFoods.length} to avoid
`)
})
GraphQL
const { graphql, buildSchema } = require('graphql')
const schema = buildSchema(`
type Query { hello: String }
`)
const root = { hello: () => 'Hello World!' }
graphql(schema, '{ hello }', root)
.then(response => {
log(response)
})
La Privacy By Design est complètement aux antipodes de la souveraineté numérique des individus : on fait sans les individus, on protège la vie privée sans définir ce que c’est.
Fabrice Rochelandet. Souveraineté numérique et modèle d’affaires. In: Numérique, reprendre le contrôle. Framasoft: 2016, p.65
Chacun•e se doit
d’alerter
Code is Law
Les développeurs•euses sont politiques
Publicness is value. This is an argument I’ll make that what’s public is owned by the public — whether that’s governments’ actions or images taken in public space — and whenever that is diminished, it robs from us, the public.
Jeff Jarvis - Privacy and Publicness and the power behind it - Youtube, 2011
Nul ne sera l’objet d’immixtions arbitraires dans sa vie privée, sa famille, son domicile ou sa correspondance, ni d’atteintes à son honneur et à sa réputation. Toute personne a droit à la protection de la loi contre de telles immixtions ou de telles atteintes.
Déclaration universelle des droits de l’homme. Article 12, 1948
Paranoïd Web Dino · Tech Evangelist
https://talks.m4dz.net/privacy-by-design/fr/ Available under licence CC BY-SA 4.0
m4dz, CC BY-SA 4.0
Courtesy of Unsplash and Pexels contributors
Powered by Reveal.js
Source code available at
https://git.madslab.net/talks