Meetup: People + Security: Talk Privacy @ Alto Health
I attended a thing, it was pretty great. link Talks were recorded by Alto(?) but I don’t know where or when the recordings will be findable.
Lea Kissner
Twitter bio: “Chief Privacy Officer @humuinc, formerly Global Lead of Privacy Technology for @google. Privacy eng, crypto, security, and building for respect. she/her”
Talk title: “Building for Respect”
This talk was really excellent, one that taught me new things and which I want to re-watch and show to colleagues.
“You can’t assume that your adversaries have thought this through…”
“An unfortunate 3am code spelunking exercise”
One of the Q&A questions was about designing a new browser, and she mentioned that login sucks, which I agree with…
She is co-organizing 2020 USENIX Conference on Privacy Engineering Practice and Respect
Leigh Honeywell
Leigh is great! I loved her description of “Lea’s talk was about edges… mine is about a deep hole”
Talk title: “Privacy and Personal Safety”
parasocial interaction, i.e fandom
K-pop stalking is SUPER intense, figuring out someone’s apartment location from a reflection on their glasses on a livestream… A fan getting a job in hospitality so they can work at the hotel the kpop star stays at… eek
Home ownership de-anonymizes you. CCPA might change this…
Voter rolls are not anonymizable no matter what (victim protection etc), fuck
Your phone number might be on a PDF somewhere because you participated in a school play or something, “the very long tail”
“immutable laws” of security have in the past included that “If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore” but intimate partner attacks (or roommate attacks) mean that actually we have to do better than that.
I found an immutable law link but there are counterarguments
“Trauma informed systems” i.e. sometimes people are going to be interacting with your system while they are in the middle of a gith-or-flight response, which is a very altered mindset (totally reactive), people who are not doing ok but need to interact with your system… (for google- getting at essential info in an email etc)
Recommendation to gruff and rough-around-the-edges security people: read about bedside manner
“Poppy seed of prevention is worth a truck load of cure”
Megan Niedermeyer
Head of Legal & compliance, Gusto
Speaking on: Privacy Q & A
This ended up being mostly about CCPA, similarities/differences to GDPR, how it affects IRS filings, CCPA CCPA CCPA
The state of oregon is also having a privacy law. Nevada had one but more for ad sellers(?)
“CCPA is making everyone get their house in order” even tho it’s not completely clear what enforcement will be like yet
other stuff
Interesting dude who is head of security for an unnammed mental health care startup “a few blocks from here”
I briefly met the head of the Salesforce red team eek wow