Highlights from Data Transparency Weekend


Now that the Personal team has caught up (somewhat) on sleep after an exciting few days at the first-ever Wall Street Journal Data Transparency Weekend, we wanted to share a handful of highlights and takeaways from our point of view as both a participant and a sponsor.

First of all, our hats go off to all of the organizers, track leaders and speakers who made this weekend one to remember: Julia Angwin, Jennifer Valentino-DeVries, Allen Gunn, Alessandro Acquisti, Sid Stamm, Daniel Weitzner, Andrew McLaughlin, Dan Kaminsky, Ashkan Soltani, Brian Kennish and Jacob Appelbaum. We were impressed with how well-organized, full of camaraderie and downright awesome the event proved to be from the very beginning.

What truly made the event special, of course, were the participants we met and the many projects that came out of it. While all of them were great, here are a few highlights in no particular order:

MobileScope

Voted the “Ready for Primetime” Winner, MobileScope was developed by David Campbell, Aldo Cortesi, Ashkan Soltani and Pascal Van Hecke to provide all desktop and mobile users with “privacy enhancing features via an intercepting proxy in the cloud.” Such features include Collusion, Do Not Track, Certificate Pinning, AdBlock and visualization of your personal data usage. This is the first implementation that specifically caters to non-jailbroken mobile devices.

Make Myself Clear

Our friends at Ghostery joined forces with a few others to build a web app that scans social networks for sensitive information – e.g. references to drugs and alcohol, health issues, etc. – about users. As employers become increasingly insistent on investigating our digital lives, even going so far as to demand job applicants’ Facebook passwords, Make Myself Clear gives us the tools to self-audit and preview the information that a company with access to our social profiles might see.

CensorSweeper

Dan Kaminsky, Joe Geffen and Michael Tiffany teamed up to build a Web app based on the premise that there should be a simple way for everyone (read: a way that doesn’t require people to install code) to visit a website and figure out what has been censored. The first version of the app is live and ready for you to try.

What did the Personal team build?

As far as our own project, Zogger, goes: it’s a Firefox extension that, once enabled, stores data about the sites you visit and gives you a quantified-self analytics view to help you better understand where you go and what data you give up in the process. While it’s still a work-in-progress, you can download the extension and give Zogger a try today.

If you’re a developer, we invite you to fork our extension and build on it.

We are proud to have sponsored this forward-thinking and collaborative event and are already looking forward to continuing the fight for privacy, transparency and, yes, freedom at next year’s Data Transparency Weekend.

Tarik

By Tarik Kurspahic in Power Shift

April 17, 2012

How Personal lets you login…without storing your password


Since we launched our open beta last month, we’ve received valuable feedback and good questions from people, including these: “Does Personal really not store a copy of my password? And, if you don’t store my password, how do you know it’s really me when I log in?”

Very understandable.  After all, you provide your username and password to log into Personal. It may seem like magic – or just hard to believe that we wouldn’t store a copy of your password – but it actually comes down to a little bit of very smart math.

In cryptography, there is a set of functions that comprise a Secure Hash Algorithm, or SHA, designed by the National Security Agency.  SHA functions are used with your password to produce a hash, or a long string of letters and numbers, that Personal stores for comparison with the password you enter, but cannot be used to reverse engineer your password. (If you want to get deeper into it, this Wikipedia article will help.)

Here’s an example:

Let’s say this is the password you’ve chosen to use on Personal: $aGuhetE4e6E5e%a.

When you register for Personal, we will take that password, apply the SHA functions and hash it like so:

SHA-256($aGuhetE4e6E5e%a) = 7313c5fdbe55eccd01e857cb64c5784d569f342f191d118dfffcbc8c748d37d7

This long string of characters is known as the hash. Only the hash is stored in the database. We never store your actual password, and it cannot be reverse-engineered from the hash.

The next time you come to Personal, you’ll enter your username and password again and Personal will simply hash Login screenthe newly-entered password. We then compare the  two hashes (the stored one and the entered one) to determine if they match. If so, we allow the login. If the passwords don’t match, we know to reject the login attempt.

This is just one of many security concepts and best practices that Personal uses in conjunction with a SHA-256 password hash to keep your sensitive information safe and accessible by only you and those to whom you grant access.

Do you have a question?  Let us know in the comments and subscribe to our RSS to get notified when we post more on these topics.

Tagged in: ,
Tarik

By Tarik Kurspahic in Inside Personal

December 12, 2011

What is Personal? This is Personal.


What is Personal - Infographic

Last Chance to Vote for SXSW Entries


Vote for my SXSW IdeaWe need your help to make sure Personal is represented at SXSW Interactive 2012 in Austin, Texas on March 9-13, 2012.

We submitted two sessions for company executives and we’re also included in several other panels that are now under consideration. In choosing submissions, SXSW scores each proposal, with 30 percent of the score based on public voting, which closes on September 2nd. We’d love to get your “thumbs up” vote, but first, here are summaries of each presentation we submitted:

“Taking Back Data You Never Thought You Lost”

In this proposed SXSW talk, co-founder and CEO Shane Green reimagines how the world would work if individuals owned, catalogued, and mined their own personal data, instead of companies. For example, based on knowledge only you have about how you prefer to travel, the kinds of destinations you like to visit or the services you appreciate in a hotel, think of how quickly the perfect vacation could find you, instead of you searching for it or, worse, being bombarded by irrelevant ads and spam.

You can read more about Shane’s entry and vote for it here.

“How to Build a Privacy By Design Web Company”

Personal’s founders committed to create a company with both privacy and security baked in from the start. This proposal features co-founder and CTO Tarik Kurspahic, who will share how we accomplished this. For example, to include something as seemingly simple as a video player on our website to show our How It Works video, our developers needed to engineer a solution that ensured viewers’ information wouldn’t be shared with the player company, as it usually is, and that their visits to our site wouldn’t be similarly tracked.

You can read our submission for Tarik and vote for it here.

More Personal Data-Focused Panels

Personal has also been included on three other SXSW submissions for panels with representatives of likeminded companies. You can read about them – and vote for them – here:

Rules for Innovators of User Centric Personal Data

Is Privacy Dead or a Billion Dollar Business?

Legal Architecture for the Personal Data Ecosystem

Thanks for voting and supporting us at SXSW in 2012!

Josh

By Josh Galper in Power Shift

September 1, 2011

Passwords and Party Tricks


Most people think their passwords are pretty good. After all, these passwords protect a growing stash of precious digital information about us. I used to do a party trick and/or a security demonstration where I bet people I could ask them five questions and then guess their password in five tries or less.  I won the bet a frightening percentage of the time.  For most people, my five password questions would be along the lines of:

  1. What is your significant other’s name?Password Phishing
  2. What is your pet’s name?
  3. What is your firstborn child’s name?
  4. When is your birthday?
  5. When is your anniversary?

Combining these in a fairly predictable way, I could almost always get close.  After a few questions, many people started to realize that their entire digital life was locked away behind these easily picked locks of their own creation. Banking, credit card accounts, emails, instant messages – all potentially hanging in the breeze.  Not a good feeling when you’ve always acted with the presumption of security and privacy.

For some people, I would ask different questions, “what is your favorite beer,” or “who is your favorite athlete/celebrity,” but the principle is that people generally create passwords around things meaningful to them that they can remember.  If you understand this principle, passwords become increasingly easy to guess, as they are almost always based on common words and names.  They more you know about a person, the easier the guessing game.

This gave me a natural segue to talk about password security and password complexity, topics of ever increasing importance in the digital age, and as more and more of our lives transition to the digital realm, the trend isn’t going to reverse anytime soon.

Stay tuned for the next installment where we’ll talk further about how to keep your digital property safe and secure!

Greg

By Greg Bledsoe in Practical Tips

July 19, 2011