Cinco armadilhas para projetar para privacidade

[SOUND] In this lecture we're going to be

looking at five pitfalls in designing for

privacy.

The lessons in here are discussed much

more in-depth in this paper which is

linked in the readings, and

which you should take a look at.

The five pitfalls for designing for

privacy can be broken into two categories.

The first is understanding.

And in this category,

we have two main pitfalls,

obscuring potential information flow,

and obscuring actual information flow.

And we'll get to the details of what

these actually mean in a minute.

The second category of pitfalls is action.

And there's three additional

pitfalls in this category.

Emphasizing configuration over action,

lacking coarse-grained control, and

inhibiting established practice.

What we are going to do in the rest

of this video is look at each of

these five pitfalls along with examples

of each, when they're done poorly,

and when they're done well.

So, let's take those first two,

obscuring potential information flow and

obscuring actual information flow.

Both of these require us to

understand what information flow is.

So, let's look at that.

Information flow talks about when

people are sharing information.

Who is it shared with?

What kind of information is it?

Who are the kind of observers, who are

the people who will see that information?

The media through which it's conveyed.

The length of the retention

of the information.

The potential for

unintended disclosure of the information.

Collection of metadata, and other

things that fall in these categories.

Essentially, users are creating

a lot of information, and

they should know what's done with it,

and where it's going after it's created.

If we're talking about obscuring

potential information flow.

That means that there's a possible

way information can be shared, but

it's not made clear to the users how

that's actually going to happen.

So here is an example of a Gmail account

and though there's no messages in

the inbox, you can see that

there's ads across the top.

People have been upset, and

there's actually been a lot of press over

the fact that, these ads can be targeted

based on the content of the messages

that you send and receive on gmail.

Google doesn't actually show anyone

the content of your messages.

They automatically analyze

them on their servers and

take ads where the advertisers

have expressed key words, and

matched those to the things

they've analyzed in your messages.

But people were very concerned that

the content of their messages were

being shared with advertisers, it was just

unclear what Google was doing on Gmail,

and that made a lot of people concerned.

When we're talking about

obscuring actual information flow,

that means that information is

being shared in a specific way, but

that's being hidden from the users.

Here's an example of that.

So here we're looking at the settings

section of the iPhone, and

if we go to privacy, and

then location services,

if we scroll all the way to the bottom of

this window, you can see system services.

System services brings up a long list, and

if we scroll down there, we find

a section called frequent locations.

This is a list of places

that I go frequently.

It's automatically pulled up the names

of these places, I haven't entered it.

And if we were to click the first one,

College Park, Maryland.

...