BC TECH
Saved by @ThomassRichards

Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY

 Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.
Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.
How do you operationalize privacy rights?

Primary stakeholders:
* Legal
* Business
* Engineering
We spend a lot of time on Twitter analyzing the legal rulings, but it's harder where the "rubber meets the code" 🥁
Three rights:
* access
* rectification
* deletion

Legal's trying to uphold them, but it's a technical question!

Legal wants to decrease risk but don't know software
The business wants to stay in business and make money. They want to be able to use data for things like placing ads and analysis.
It takes a lot of time to handle these requests, too!

They need a streamlined technical solution.
Program management wants to streamline and make things efficient and predictable... but they don't understand the technical limitation
As a software engineer, you've seen technical debt. So much technical debt. All the weight of the decisions that were made in the past, especially if you scaled without a data plan.

Average SMB has data in 10 different systems.
How do we delete?
Some poor software engineer is trying to track down what data is where?
What even *is* PII? There's no real standard.
What should be returned? What should be deleted.

Make a definition and stick to it.
Some of your databases might use email addresses as a primary key, some user IDs, etc.
1. Define PII
2. Find all the PII
3. Use pseudonymization to replace PII with some kind of random value which can't be tied back to the user

[reminder I am livetweeting this is not me speaking]
How do you do this at scale?
Maybe a centralized team who can handle this?
If you're a small company, plan ahead!
Be careful when you're doing sanitization -- some databases really don't like batch processes and you can make things fall over.
Speed
* you have a timeline -- often 30 or 45 days
* but that's not enough time if you haven't planned for streamlined speed

Ideally you won't need it, but have a backup plan, in case something goes wrong with a slow data system
Plan for a solution that grows with your business, not just a hacked-together series of SQL queries, but instead a centralized portal with extensibility as the business changes and technical systems grow.

... and as new privacy laws come into place
Privacy is way, way more than compliance. But compliance needs to happen.

Let's all do our part

[ end of talk ]

More from Lea Kissner

Lea Kissner
Lea Kissner
@LeaKissner
Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the

In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML

For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.


Prior work considers ML models in a standalone, mathematical way
* looks at the robustness in an isolated manner
* doesn't look at the whole ecosystem and how the model is used -- ML models are running in real hardware with real software which has real vulns!


This talk focuses on hardware-level vulnerabilities. This is particularly interesting because these can break cryptographic guarantees (because those are outside of their threat models)
e.g. fault injection attacks, side-channel attacks
SCIENCE
Lea Kissner
Lea Kissner
@LeaKissner
Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020

Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL.


But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework


We just did the 2020 US census
* required to collect it by the constitution
* but required to maintain privacy by law

But that's hard! What if there were 10 people on the block and all the same sex and age? If you posted something like that, then you would know what everyone's sex and age was on the block.
TECH , TEACH
Advertisement
Lea Kissner
Lea Kissner
@LeaKissner
We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE

A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.

But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation

Yao's garbled circuits were first demonstrated on the millionaire's problem -- figuring out who's richer without revealing actual amounts.

Used for other things like cryptocurrency these days.

Can we use this for nuclear inspection?

MPC can be used to compute anything computed by a computer [but it's expensive!]
TECH
Lea Kissner
Lea Kissner
@LeaKissner
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION

Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?

Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!

Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton


One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
POLITICS
Lea Kissner
Lea Kissner
@LeaKissner
In more Securing Democracy at #enigma2021, @ChrFolini talking about "THE ADVENTUROUS TALE OF ONLINE VOTING IN

Switzerland is a direct democracy where citizens get to vote at least 4x/year, with a lot of mail-in voting. We have a long history of online voting.

Disclaimer: THIS IS NOT SWEDEN.

[I get the picture that @ChrFolini has had to explain the difference several times.]


Process around mail-in ballots.

[tl;dr it's very complicated and wasn't threat-modeled until recently]


But the in-person ballots are complicated, too!


Most security folks don't think that we can't make a secure online voting system.

@ChrFolini says this is because of encryption
[Note: this is not the main reason that a lot of people cite -- we're more worried about things like malware but it's complicated]
WORLD

More from Tech

Antonio Garc\xeda Mart\xednez
Antonio García Martíne...
@antoniogm
Observing the public conversation around FB, and the private ones happening among techies and ex-FBers, I think the mutual misunderstanding is worse than when I set out two years (and 500 pages) ago to (in a small way) bridge that gulf.

We're basically fucked.

The tech world has gotten so huge, self-reinforcing, and insulated from reality they can no longer even vaguely look at themselves (and their actions) as others do. They just live on a different planet than most people.

Conversely, the average tech consumer doesn't understand the technology that has slowly taken over their lives, and their designated emissaries to figure it out--politicians, pundits, regulators, journalists--understand it barely better than they do, and have their own agendas.

To say more than generalities for a moment, here's what I think is likely the core problem.

Techies take weird, improbable visions, and make them realities: some BS pitch deck to a VC, mixed with money and people, really does turn into some novel thing.

Most people work inside a legacy industry that's evolved that way over time (usually for good reasons), and they think about the future via some analogy with their present (which is a function of a long-ago past). The interruption that tech will introduce is often hard to grasp.
TECH
Aditya Todmal
Aditya Todmal
@AdityaTodmal
The absolute best 15 scanners which experts are using.

Got these scanners from the following accounts:

1. @Pathik_Trader
2. @sanjufunda
3. @sanstocktrader
4. @SouravSenguptaI
5. @Rishikesh_ADX

Share for the benefit of everyone.

Listing all scanners from @Pathik_Trader Sir first.

1. Open

2. 80-20 Reversal Setup


3. Fake

4. Trapping Inside Bar (Positional Setup)
TECH , STOCKLEARNINGS , STOCKS
Advertisement
EverythingOppresses
EverythingOppresses
@SoOppressed
The first area to focus on is diversity. This has become a dogma in the tech world, and despite the fact that tech is one of the most meritocratic industries in the world, there are constant efforts to promote diversity at the expense of fairness, merit and competency. Examples:

USC's Interactive Media & Games Division cancels all-star panel that included top-tier game developers who were invited to share their experiences with students. Why? Because there were no women on the

ElectronConf is a conf which chooses presenters based on blind auditions; the identity, gender, and race of the speaker is not known to the selection team. The results of that merit-based approach was an all-male panel. So they cancelled the conference.

Apple's head of diversity (a black woman) got in trouble for promoting a vision of diversity that is at odds with contemporary progressive dogma. (She left the company shortly after this

Also in the name of diversity, there is unabashed discrimination against men (especially white men) in tech, in both hiring policies and in other arenas. One such example is this, a developer workshop that specifically excluded men: https://t.co/N0SkH4hR35
TECH
Steve Schoger
Steve Schoger
@steveschoger
How to make a "Briefcase" icon in @figmadesign.

🧵 thread 👇


In a 24 x 24 pixel artboard, use the rectangle tool (R) to draw a 18 x 10 pixel rectangle positioned horizontally centered and 6 pixels from the top of the artboard.


Using the ellipse tool (O), draw a 96 x 96 pixel circle and align the top to the center/top of the rectangle. Select both shapes and use the boolean tool to intersect the group.


Using the ellipse tool (O), draw a 48 x 48 pixel circle and align the bottom to the center/bottom of the rectangle. Select both shapes and use the boolean tool to intersect the group.


Flatten the shape (command + E) and double click it to make it editable. Select the top left and right points and give them a 2 pixel corner radius. Select the bottom left and right points and give them a 1 pixel corner radius.
TECH
Joe Natoli
Joe Natoli
@joenatoli
#UX and #design friends, we need to talk about estimating. I'd like to share some advice that's come up 3 times this week, in hopes it's useful. And it's echoed, by the way, in the BUSINESS OF UX course @EliNatoli and I are teaching at my UX 365 Academy (link at the end).

(1/12)

Avoiding wars with clients is a matter of how you structure your engagements, along with how you spell out what you're doing in your proposals/contracts. That starts with estimating.

The biggest 2 rules I follow are these:

(2/12)

1. I do not EVER estimate a project in full from start-to-finish.

2. Once we're past initial Discovery (see below), I estimate in small chunks, e.g. "here's what will take us to the next iteration/review."

(3/12)

NEVER estimate past the point where you may get new information based on a build/test cycle.

Believe me when I say that you'll be wrong every time. Ask me how I know ;-)

(4/12)

So instead, first, I estimate a Consult/Discovery part that details what I think we need to do to get a handle on what's actually wrong here, and how long that will take.

For example...

(5/12)
TECH

You May Also Like

Aditya Todmal
Aditya Todmal
@AdityaTodmal
12 TRADING SETUPS which experts are using.

These setups I found from the following 4 accounts:

1. @Pathik_Trader
2. @sourabhsiso19
3. @ITRADE191
4. @DillikiBiili

Share for the benefit of everyone.

Here are the setups from @Pathik_Trader Sir first.

1. Open Drive (Intraday Setup explained)


Bactesting results of Open Drive


2. Two Price Action setups to get good long side trade for intraday.

1. PDC Acts as Support
2. PDH Acts as


Example of PDC/PDH Setup given
STOCKLEARNINGS , LEARNSTOCKTRADING
Erik Torenberg
Erik Torenberg
@eriktorenberg
1/ Here’s a list of conversational frameworks I’ve picked up that have been helpful.

Please add your own.

2/ The Magic Question: "What would need to be true for you


3/ On evaluating where someone’s head is at regarding a topic they are being wishy-washy about or delaying.

“Gun to the head—what would you decide now?”

“Fast forward 6 months after your sabbatical--how would you decide: what criteria is most important to you?”

4/ Other Q’s re: decisions:

“Putting aside a list of pros/cons, what’s the *one* reason you’re doing this?” “Why is that the most important reason?”

“What’s end-game here?”

“What does success look like in a world where you pick that path?”

5/ When listening, after empathizing, and wanting to help them make their own decisions without imposing your world view:

“What would the best version of yourself do”?
LIFE
Advertisement
Robin Berjon
Robin Berjon
@robinberjon
Recently, the @CNIL issued a decision regarding the GDPR compliance of an unknown French adtech company named "Vectaury". It may seem like small fry, but the decision has potential wide-ranging impacts for Google, the IAB framework, and today's adtech. It's thread time! 👇

It's all in French, but if you're up for it you can read:
• Their blog post (lacks the most interesting details): https://t.co/PHkDcOT1hy
• Their high-level legal decision: https://t.co/hwpiEvjodt
• The full notification: https://t.co/QQB7rfynha

I've read it so you needn't!

Vectaury was collecting geolocation data in order to create profiles (eg. people who often go to this or that type of shop) so as to power ad targeting. They operate through embedded SDKs and ad bidding, making them invisible to users.

The @CNIL notes that profiling based off of geolocation presents particular risks since it reveals people's movements and habits. As risky, the processing requires consent — this will be the heart of their assessment.

Interesting point: they justify the decision in part because of how many people COULD be targeted in this way (rather than how many have — though they note that too). Because it's on a phone, and many have phones, it is considered large-scale processing no matter what.
TECH
Kitze @ \U0001f1e9\U0001f1ea\ufe0f
Kitze @ 🇩🇪️...
@thekitze
To people who are under the impression that you can get rich quickly by working on an app, here are the stats for https://t.co/az8F12pf02

📈 ~12000 vistis
☑️ 109 transactions
💰 353€ profit (285 after tax)

I have spent 1.5 months on this app. You can make more $ in 2 days.

🤷‍♂️


I'm still happy that I launched a paid app bcs it involved extra work:

- backend for processing payments (+ permissions, webhooks, etc)
- integration with payment processor
- UI for license activation in Electron
- machine activation limit
- autoupdates
- mailgun emails

etc.

These things seemed super scary at first. I always thought it was way too much work and something would break. But I'm glad I persisted. So far the only problem I have is that mailgun is not delivering the license keys to certain domains like https://t.co/6Bqn0FUYXo etc. 👌

omg I just realized that me . com is an Apple domain, of course something wouldn't work with these dicks
MAKERS
Patrick McKenzie
Patrick McKenzie
@patio11
Some people really benefit from hearing advice that everyone knows, for the same reason we keep schools open despite every subject in them having been taught before.

In that spirit, here's some quick Things Many People Find Too Obvious To Have Told You Already.

Your idea is not valuable, at all. All value is in the execution. You think you are an exception; you are not. You should not insist on an NDA to talk about it; nobody serious will engage in contract review over an idea, and this will mark you as clueless.

Technologists tend to severely underestimate the difficulty and expense of creating software, especially at companies which do not have fully staffed industry leading engineering teams ("because software is so easy there, amirite guys?")

Charge more. Charge more still. Go on.

The press is a lossy and biased compression of events in the actual world, and is singularly consumed with its own rituals, status games, and incentives. The news necessarily fails to capture almost everything which happened yesterday. What it says is important usually isn't.

Companies find it incredibly hard to reliably staff positions with hard-working generalists who operate autonomously and have high risk tolerances. This is not the modal employee, including at places which are justifiably proud of the skill/diligence/etc of their employees.
TECH