Designing for Privacy – An Emerging Software Pattern
medium.comI don't actually know if I read this quote somewhere or made it up somehow, but I've been using:
"Privacy/Security is getting better but it's getting worse faster".
There's soooo many people working hard on both security and privacy. They're trying their best to make products that are privacy focused and more secure. But they're up against Facebook, Google, etc... and the fact that many consumers just don't care. We say we care, but in the end, we don't.
*I guess the quote is paraphrased from a Renner book?
> We say we care, but in the end, we don't.
Others who care are fighting this fight. Facebook's message at the recent f8 was "privacy is the future"... It is not everyday you get giants like those, even superficially, to pay lip-service to something like that.
> But they're up against Facebook, Google, etc.
It isn't a losing battle, I don't think so. A lot of hardworking and smart people are putting in the effort, like you mentioned, but that effort isn't in vain. May be you're not paying enough attention to know the impact their work is having?
> A lot of hardworking and smart people are putting in the effort, like you mentioned, but that effort isn't in vain. May be you're not paying enough attention to know the impact their work is having?
I'm paying close attention, it could be I'm just being pessimistic :-) This is certainly a case where I hope I am wrong.
Thing is, the people that care about privacy and security are often the often the ones understanding and developing the privacy conscious and secure apps we hear of.
Like any product however, if people don't care you won't survive and that's why none of the privacy conscious alternatives survive.
Only legal requirements have really made secure, privacy conscious or locally developed alternatives viable.
The "getting worse faster" part is only likely to get even faster with the growing amount of internet interactions and internet use.
Privacy right now is still a super luxury product that hasn't trickled down generally to the aspirational goods market. I'm all for engineering privacy solutions, but reality is, these are designed to facilitate information sharing that was previous considered taboo or beyond the acceptable. You probably wouldn't trust a bunch of anonymous random grad students using university tech to keep your family's medical records safe, but with a privacy technology, suddenly giving them the data is viable - and this is what we call "privacy" now.
Privacy engineering is interesting, but not nearly as much as privacy products, as really without viable privacy products, privacy engineering is just another self-selected problem.
There are a number of viable data privacy software products out there. Companies, and engineers they employ, need to account for that and stop being ignorant
I’m curious if security consciousness has been raised to the point where people are willing to pay for the iron-clad guarantee that their information will never be sold... and if it’s enough to support privacy-first apps and startups.
Great question. There's certainly a raising awareness on data privacy, from both consumers and companies. A clear driving force is coming from regulators, as well.
If anything, companies can use privacy-first value proposition as a distinction.
Is there any instance of (a) a SaaS with a legally binding contract with some teeth around user privacy and (b) where that clause was exercised and the user benefited?
The civil route be an alternative to regulatory solutions.
one hundred percent agree. The civil route is the only one where we can achieve a true change. The regulations can push, but consumer demand will ultimately change business perception
Regulation doesn't make the social change. Software does.
Ah, the third leg of the solutions stool: civil, government, and tech. I'd argue any culture will have a mix of all three.
For traffic accidents, there might be various applications of lawsuits, citations, and speed bumps in your town.
In the case of SaaS, we might have only one or two. For example, take LinkedIn last week, selling everyone's PII to ScribD. There might be legal issue in GDPR or CA jurisdictions. There's probably no civil one (?). There is certainly no tech one: you need your PII to be on LI so your friends can find you, because that's the value of LI. I suppose in there future there could be a tech solution here with agents representing you in the cloud, or maybe e2e homomorphic encryption, but it's surely not what drives LI's income at the moment.
Did anyone else immediately guffaw at the pairing of article title and domain, or am I just an oddball?