Notes from #ORGConScot19

Orde Saunders' avatarPublished: by Orde Saunders

My notes from #ORGConScot19

At ORG Con Scotland and it's nice to see flyers for a number of technologies I routinely use.

  • Privacy Badger
  • Duck Duck Go
  • Firefox
  • NoScript
  • Tor

"People should not have to prove who they are unless it's absolutely necessary." The term 'absolutely necessary' is carrying so much weight in that sentence.

Just because the data about people exists in the system it doesn't mean that it can be used for a new purpose. People need to know that when they share data it's only going to be used for what they agreed to when they shared it.

Intent is often not the outcome, when an identity system is put in place to create user benefits it can get overloaded to provide shortcuts.

Sharing personal data can provide benefits it needs to be under the control of the individual. Currently we have the situation where we give data controllers all the data about us and they then choose who to share it with.

We need to be confident that the personal identity information we give away is going to be used for legitimate purposes, the current situation has destroyed this confidence.

Move fast and break things is no longer a responsible, ethical and professional approach to developing systems. When dealing with personal data it's always more appropriate to ask for permission than to beg for forgiveness.

User needs for human rights and privacy outweigh any of your concerns and problems as a system provider.

Police seizure powers mean that you could lose access to your devices for a period of time. Have a spare device and familiarise yourself with how to bring it up to usable.

Just because criminals use high levels of data security that doesn't imply that using high levels of data security means a person is a criminal.

Until people are the subject of the criminal justice system they assume it's applied fairly.

How can we share digital evidence? The legal system doesn't really seem to understand the issues behind authentication, verification and falsification of data that are addressed in our core platforms for transactional data.

Google has set up an advertising model where it has shifted any illegality in data processing onto the actors using their platform. They profit from it without incurring accountability.

The rise and rise of adblockers is sending a signal to the industry that people aren't happy with their business practices.

If advertising is to change to benefit the public it will cost more because some of the money will start going to the public.

The fact that the advertising industry is very worried that, when given a real choice, people will opt out of their business model shows how broken that model is.

As soon as a pice of data leaves your computer you have lost control over it.


Comments, suggestions, corrections? Reply to this post on Twitter.