Allison Marie Naaktgeboren

Poking sleeping software with even sharper sticks

  • About Allison
  • Publications
  • Speaking

Applying Privacy Series: The 2nd meeting

Posted by Allison M. Naaktgeboren on 2014-11-27
Posted in: Data Safety, Mozilla, Privacy.

The day after the first meeting…

Engineering Manager: Welcome DBA, Operations Engineer, and Privacy Officer. Did you all get a chance to look over the project wiki? What do you think?

Operations Engineer: I did.

DBA: Yup, and I have some questions.

Privacy Officer: Sounds really cool, as long as we’re careful.

Engineer: We’re always careful!

DBA: There are a lot of pages on the web, Keeping that much data is going to be expensive. I didn’t see anything on the wiki about evicting entries and for a table that big, we’ll need to do that regularly.

Privacy Officer: Also, when will we delete the device ids? Those are like a fingerprint for someone’s phone, so keeping them around longer than absolutely necessary increases risk for the user & the company’s risk.

Operations Engineer: The less we keep around, the less it costs to maintain.

Engineer: We know that most mobile users have only 1-3 pages open at any given time and we estimate no more than 50,000 users will be eligible for the service.

DBA: Well that does suggest a manageable load, but that doesn’t answer my question.

Engineer: Want to say if a page hasn’t been accessed in 48 hours we evict it from the server? And we can tune that knob as necessary?

Operations Engineer: As long as I can tune it in prod if something goes haywire.

Privacy Officer:: And device ids?

Engineer: Apply the same rule to them?

Engineering Manager: 48 hours would be too short. Not everyone uses their mobile browser every day. I’d be more comfortable with 90 days to start.

DBA: I imagine you’d want secure destruction for the ids.

Privacy Officer:: You got it!

DBA: what about the backup tapes? We back up the dbs regularly?

Privacy Officer:: are the backups online?

DBA: No, like I said, they’re on tape. Someone has to physically run ‘em through a machine. You’d need physical access to the backup storage facility.

Privacy Officer:: Then it’s probably fine if we don’t delete from the tapes.

Operations Engineer: What is the current timeline?

Engineer: End of the quarter, 8 weeks or so.

Operations Engineer: We’re under water right now, so it might be tight getting the hardware in & set up. New hardware orders usually take 6 weeks to arrive. I can’t promise the hardware will be ready in time.

Engineering Manager: We understand, please do your best and if we have to, Product Manager won’t be happy, but we’ll delay the feature if we need to.

Privacy Officer:: Who’s going to be responsible for the data on the stage & production servers?

Engineering Manager: Product Manager has final say.

DBA: thanks. good to know!

Engineer: I’ll draw up a plan  and send it around for feedback tomorrow.

 

Who brought up user data safety & privacy concerns in this conversation?

Privacy Officer is obvious. The DBA & Operations Engineer also raised privacy concerns.

Posts navigation

← Applying Privacy Series: The 1st meeting
Applying Privacy Series: The 3rd meeting →
  • Recent Posts

    • void* vikings presenting at BSides PDX 2020
    • Planting Your CHERI Tree: Advice for Getting Started with CHERI & CheriBSD
    • Speaking at Linux Security Summit NA
    • Reverse engineering, corrupting, & fixing Seagate firmware at bsidesPDX 2019
    • The Naked Trill Project is Presenting at DEF CON 27!
  • Categories

    • Book Reviews
    • conferences
    • CTFs
    • Data Safety
    • DEF CON
    • firmware
    • Mozilla
    • Privacy
    • research
    • security
    • Uncategorized
  • Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
Proudly powered by WordPress Theme: Parament by Automattic.