Notes and Photos from PrivacyAppCamp

Here’s notes from our PrivacyCamp in Mt. View! Check out the CDT flickr account for pictures.


Morning Sessions

  • User expectation / responsibility
    • Privacy responsibility lies with the platform because that’s what the user expects
    • User privacy expectations change with context
    • Should have control over privacy on the fly instead of a single setting that applies to everything
  • Identity
    • Data minimization vs. identifiers = co-mingling of authentication, authorization, tracking, id
      • Authentication proves the truth of a claim of identity, authorization is a permission for an action
      • ID is not always necessary to prove permission, but is used as such constantly
      • If ID is always tied to permission, then all actions permitted can be tied to identity (i.e., behavioral tracking)
      • Is there a way to mitigate this tracking? Can ID be separated from permission and still allow the ease of use users want?
  • Location
    • Location notice and use or storage challenges
      • Communicating to the user about their location privacy is difficult to do when it matters (when it’s being used)
      • You might auth your app for location and then forget about it
    • Children
      • How do you handle parents that want to track location of their child?
      • This might accidentally allow tracking of spouse, others
      • Age identification is hard
    • Apps to trace or log data path
    • Ad-networks make collecting location data easy
      • Ad apps (iApp, etc) make it easy to get location data even if it isn’t needed for the user’s experience
    • Many SDKs default to sharing
    • Location retention isn’t generally addressed
      • There might be location correlation made over time without the user knowing it’s used more than spuriously

Afternoon Sessions

  • Responsibility
    • Platforms manage relationship w/consumers
      • So they bear a lot of the responsibility for managing privacy on behalf of the user
    • Need for government clarification
      • By law or precedent that identifies free speech / intermediary vs. negligence
    • Transparency in Data profit
      • Would be good to show user how the company is using user data for profit
  • Privacy by design / Privacy Apps
    • If you had a formal list of criteria for an app, what would it be?
      • Feedback and control – a stronger voice for users as a part of the development process
      • Data Access
        • Users should have constant access to their information no matter how much the product evolves
        • Right to deletion
      • Privacy fixing SDKs / library
        • One could create an SDK / library for app developers that would generate a privacy subset (location settings, data settings, etc).  Like a privacy framework to jump-start your app with good initial privacy settings.
  • User Experience
    • User as admin
      • The user shouldn’t always have to be administering their user experience
    • Iconography challenge
      • No great standards to represent privacy ideas
    • No negotiations
      • It’s really hard for users to negotiate with corporations
      • How to pool negotiation for good consumer <-> vendor conversation

Filed under: Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

About Privacy Camp

PrivacyCamp is an multi-city unconference about privacy focusing on government policy and social networking.


%d bloggers like this: