プライバシー第一主義の生理トラッカー？それは可能なのか？ by Benedicte Raae｜JSConf Budapest 2019 (A privacy first period tracker? Is it even possible? by Benedicte Raae | JSConf Budapest 2019)

字幕表動画を再生する

So hello.
Um, as you said, my name is Benedict and I am a full stack job developer from Oslo, Norway.
Still Europe.
And today I'm gonna share with you what I learned.
Ah, so far about encryption.
And that, more importantly, key management when it comes to encryption on my quest to figuring out how to make a privacy first.
Um period, Uh, period tracker or menstrual cycle tackle the checker.
It depends on the world.
But where do you use?
Um I hope I can help lower the bar when it comes to encryption s so that maybe you also will use encryption in your next side Proud project and maybe later at work.
But first, we'll have some story time.
For years and years, I've been able to keep consumer Benedicta away from developer Benedicta Consumer Benedicta has been using APS, and service is like most regular users.
You know, I have nothing to hide.
And if I did like, I just don't have the time but then to care about it.
But then, um, this winter Ah, the first kind of major league that health APS and especially menstrual cycle trackers were leaking data to Facebook through Facebook analytics.
And later, just couple of weeks ago a new report came out where they're potentially sharing that data with other people.
Ah, some companies selling it and some using it for Reacher research, which is a good cost.
But it's still something we need to know about as a consumer when we make choices.
So Benedicta developer Benedicts and Consumer Benedict had to have a little talk.
Ah, because, um, right after this leak came out, my period tracker Clue, which is one of the nicer ones, sent me this email.
And it says that on Lee, a few people have access to the tools we use to look into the data basis and that that's the point for consumer Benedict Ah realized you know what developer Benedict has always known and that's this data is just there in plain text.
I mean, it's in the database and somebody needs to have access to that database, and it could be any of you.
It could be me, could be in my friend from university and with some types of data that could just be, you know, very awkward conversations are not like trying to pretend that I haven't seen the data s o for me.
Kind of hit home or personally when I started thinking about that same area then, kind of like the big data scenario.
Um, so in the back of my mind, I've always felt like the's APS have been very invasive.
They're very detailed.
They don't care about Only when my period is.
It's like how much and for how long.
And like all these kinds of weird questions, and my friend has been single for months.
She's tired of getting the The question every day is like, Have you had sex?
No, not yet.
Um, And like, there's been, like, this thing in the back of my mind like, Why are they so invasive?
And I've realized, of course, it's because they're going to use this data, um, for something else.
So they need a certain kind of detailed level.
So my idea of making so in the back of my mind, I've always wanted to make, um, less invasive and less detailed after would fit, um, fit my cycle better.
And I thought if I was ever gonna make this, I need to learn how to shield myself from my user's data.
I want to be one of those can't be evil acts.
I don't wanna be the one Don't be Evil s.
So I sat down and I did what any sane developer reduced that I made the proposal that got me on the stage today saying, stating, I'm gonna learn what I need to learn to make a privacy First app.
So that's what I did.
Um, and also, while I was, like, inhaled the site, same developer do as well.
While I was protesting ating finishing these slides, I actually took a stab at making the app s.
So it's called Powell and I launched it on product tenders, a very minimal version.
And on the same day that new leak came out.
So, you know, could think that I actually had an agreement with these journalists because it was just hours after I released Palin on product and the supporting the tension has been Really it's blown.
My mind, like people are really interested.
They really want such a nap.
So I've decided to just keep focusing on actually making the app and will try to launch on March 8th 2020.
For those you don't know what that day is.
It's the International Women's Day.
Um, so I'm happy to say it seems like privacy is becoming more mainstream and people are getting interested in knowing where their data is going.
And also maybe, um, having a say in where it's going before ago into encryption.
I just need to think Geoffrey is not Geoffrey from one password.
It was really hard trying to find information on this topic from, ah, Web app perspective.
There's a lot of more theoretical knowledge, but the only real luck riel content I found on how the full flow of a Web application goes.
It's, um it's ah, this security white paper by, um, Jeffrey, who works at one password, which is a great app.
So if you wanna look into it more after my talk, which is very introductory, you should try to read this white paper and I'm a nube.
I just learned this, and I'm gonna trying to explain how to use encryption algorithms.
I will not go into how they actually work on you.
Will should not try to make your own encryption.
That is something that will take about 20 years to be able to do if you're going to do it on the state secret level.
Yeah, You first need your PhD in about 15 years of experience and then you're allowed to make encryption.
So that's and not for us.
And I would not go through all the attack factors ever looked more into How would you actually do it?
Because that's what I found lacking.
So, um, I'm actually, um I have a master of computer science, and I remember talks about encryption, but I feel like I know a way wave.
Thio knew too little about it.
Ah, and I'm still, as I said in all of the people making encryption algorithms, but we're going to go and look at how to use them and especially key management.
As I realised, using algorithm using the encryption algorithms are fairly easy.
But what to do about all the keys we're going to get into?
So this is a basic, um, encryption algorithm, our encryption flow.
Ah, you have your plain text and you have a key and then encrypted on what comes out is called cipher or cipher text, and then to get their plain text back, your reverse it through your description, your decryption algorithm, One of the things that I spent on embarrassingly long amount of time to figure out This, uh, what is this key?
It's usually just drawn as a key the same way I did.
Ah, and I was like this key.
It's, you know, the start of magical thing.
But it turns out it's a very long sequence of characters, um, on.
But you use different algorithms to make them for specific.
You generate them for specific algorithms.
But basically they're just long, random strings of characters.
Um, and it turns out that ran them long.
Random strings of character is really important in encryption.
And so they even have a word for it called entropy.
And because if you have something that's easy to guess, then the whole thing would fall apart.
Then you would just guess the key or guess the password, um, and encryption would fall apart.
Mmm.
And if you now you know very off a script Developers, if you're thinking, Ah, math random right now, then that is not a true random algorithm.
That's something called a pseudo random.
They gives you pseudo random values, but what we need is a crypto cryptographic lee strong random values.
Therefore showing a code example we're going to look at than analogy that's often used in the crypt a world away To think about encryption is how we secure our belongings by locking them into our house on Lee.
Somebody with the correct key can unlock the door and get ahold of your belongings.
The big difference, though, is we look something inside.
Well, with the Crip shin, we actually transform your belongings so the furniture would no longer be there.
It would be something different.
But we're still going to use this, um, analogy, because it's used a lot, and it's easier than like transforming things into different substance matter.
So luckily for us, um, the browsers now come with bed crypto I p I embedded.
So we don't have to do any crypto stuff ourselves as we should not do.
Um, and the first thing we need to do is make that key that we saw in our encryption algorithm and before we can make the key, we need to decide on what encryption algorithm to use.
And from what I've gathered, this is the algorithm.
We want the advanced encryption standard with Gallows Contra mode s.
We start by generating a key for that algorithm, and here we say that we want to link to be 256 256.
But it could just as well be 100 and 28th.
And Jeff Jeffrey, from one password has a long blood post about it, not really being that it's not that much more secure with the 250 bit encryption, as it's called as 100 and 28 bit encryption.
It's like going from infinity to infinity, he says.
But but for the user's they they like the sound of 256 over 100 and 28.
It just sounds more secure.
It sounds better.
So I found that also in a security, there's a lot of disability issues, and it's not only like the hard science that they might want you to believe in, you read most of their literature.
So we have the key.
Um, now we're gonna encrypt our little note, and, ah, some people might notice we're not allowed to work on strings.
We have to make Buff Bevers, which I find quite annoying cause that's not something I usually do.
Ah, in my day to day work eso as well as this on the diagram, we input the key and the note and out we get a cipher.
Ah, and but there's another thing here.
In addition, it's called, um, it's insulation installation in in the victor.
Um, because, um um to counter against something called cipher attacks that I don't totally understand.
We need a different random value.
A swell.
But we could save that together with our cipher text, because it does not have to be secret.
And we generated here with that cryptographic safe, random value generator.
So it has to be a unique for every piece of data you encrypt, but it doesn't have, but it doesn't have to be secret.
And to get a note back with the decrypt using the same installation vector key, Victor, the key.
And we have our cipher test text.
We get, um, the buffer back, and then we make it into our string again.
So that was basic encryption.
We generated the key, the red key.
We encrypted our data, and then we decrypted our data again.
So I was very pleased with myself, and I got this far in my exploration.
But I quickly realized that there's a lot more, uh, more to it.
I was a left closer to those two circles than the AO.
So I'm going to try now to walk you through how we generate keys.
And when we use what key to to hopefully make you better equipped to read, Uh, they read, um, content around encryption.
We're going to start start by just assuming everything is in your client or mobile phone or your, um, your laps up on.
It's easy peasy.
We just save our cipher text of the local storage.
But where do we keep the key?
So this is our first encounter with key management.
If we stored the key together with our cipher text, then you know there wouldn't have been much point in encrypting Ah at all.
So let's go back to our house on in this scenario.
We're gonna look at the way to do this, so it's a little bit of a stretch, since we would probably not do this with houses in real life, but just bear with me.
So in this scenario, we're looking at um, where would actually just like hide the key next to the house?
Some people would do that for convenience.
You maybe it would be under the flowerpot on the veranda, or like a secret spot under the stairs.
Something like that.
It's convenient, but it's not really recommended because anybody could get in your house if they found the key.
So therefore, you decide to get one of those key boxes that are more popular now, especially with Airbnb for you.
Pop your key into key Box, and then you set a code on the key books.
And in this way you can access only you can access the key with something you remember, not something that's stored anywhere.
So for to do this, um, we can we can we can do this and that code as well.
Um, we can import a key buy from a password, um, on with this function called importante, and we want to use the password based key derivation function, too.
We asked the reason for their password and then which transformed the password into a key by using this function.
And then again, we have to encode our strengths and using that password key.
We can derive a key, and as the name implies, it's really good at making keys from passwords.
But since you stood still like, his passwords are often E.
C two guests than something we generate randomly.
We also need a truly random key, and we add that, and we call it the salt.
So this function derived keys determine the mist deterministic, meaning that as long as he prided with same salt in the same password, the output will be the same, so we can generate it again and or derive it again and again.
And in our case so far, we would have to save that salt together with our cipher text so it doesn't provide.
Um, the password provides us with some extra security, but the salt is not giving us much extra right now, but laid around, we will see how the salt can shine.
So let's get back to our house there.
We only had the key luck with the pass code on it, so we need to get one of those key boxes that has ah, code and a lot of regular luck.
I don't think those exist that that's what we're getting, and then we take that salt or that key for the regular lock, and we put that one under the flowerpot.
So to get in, we need to find the key that we've hidden very secretly under the flower.
But and we need to remember our code.
Then we can get our house key and we can get into our house so that, um um, yes.
So that was, uh, this was our basic encryption, and as you can see, the encryption stays the same.
But we're now deriving the key instead of generating the key.
So let's move over to cloud storage.
So there could be a case where a menstrual cycle tracker app could just store everything locally.
That consumer Benedicta has has gotten some fancy habits, and she likes her data in the cloud so she can get access for multiple clients and also back up.
So we'll keep going on our encryption and key journey.
We'll start by what goes where so we'll put our cipher text in the cloud will keep our assault on the client, and then everything else is kept in memory.
The password kept in, you know, our own human memory and then everything else in the client's memory.
And this looks like this for the use Erinn one password when you're going to move between devices, this is where our salt shines, because you can.
If you pick up a new device, you will need the password, but you also need assault.
So you need access to your other device to get that salt, and you need to mentally transfer it.
So this gives us some added benefit.
Ah, instead of just hiding it in the player foot flowerpots next to the house, Um, and one password calls it the secret key, and they also give us a Q R code.
So it's easier to set up on a new mobile device.
But just taking a photo.
They also really want you to print this out and put it somewhere safe.
And they have a little, um, field where you can write in the password that you're supposed to only remember in your mind.
And the reason for this is that in these kind of privacy, first focused EPPS.
If you forget your password, then they can give you any account recovery because they don't know your password, and they don't have access to your content anymore.
So you really need the users to remember that password or print both their secret key and their password out and put it in the safe for some or somewhere because you cannot give their content back to them if they forget.
Um, so it's a very interesting from a user standpoint.
We need to, um, help our users to get new mental models about where data is stored and how it's stored, because a lot of people are very used to just hitting the recovery.
Or I forgot my password link.
A nice thing with this set up is that something that sounds really fans here, at least for me, sounded very fancy end to end encryption something that's people say whenever they talk about Cloud.
Um, it's not as hard as it sounds her special that sound.
It just means that all encryption and decryption happens on the client, and, you know, that's what we're already doing.
So we have intend encryption down without much extra F or with no extra effort effort again, you might say you know what the sharing have to do with periods wrecker up and over these last weeks of making that and started talking about menstrual cycles.
I've talked, talked more to, um, more about cycles with my friends and other random people than I think I have in my lifetime combined.
And this I d that I've had, um, that we've had at home where I want.
I maybe want to share some of my data with my significant others.
There are parts of the days and the cycle, but I don't really want to communicate as a regular human.
I just want my have to do it for me.
Ah, and other people, some people think it's It's a hard boil, a horrible idea, and other people love it.
So we're going to go with the people who loves it, and we're also going to share some of our data.
So to share data, we need some different encryption, um, flow.
And it's called a sink encryption, because I'm I always have a problem saying a a synchronous encryption on in this type of a sink encryption.
There's a different key for encryption and decryption.
So so we have the orange key old old school looking key there on ah left on the uh, purple on the right.
You could switch these up and used the other one for encryption on the 1st 14 decryption.
And this this is really hard for me to understand in the beginning, because they're usually taught and they labeled public and private.
So I thought it was always the public that had to encrypt on the private that had the crypt or the other way around.
But you can switch these up and they have different use cases.
But for our use case, this is the one we want.
We want encrypt with the public key, which is something that you can freely share, and then we want a decrypt with the private key.
So let's go back to our houses.
You know, Hatton, you now have, um, a neighbor, and the neighbor has very complimentary tools to use.
You want to be able to share your tools with your neighbor, and she wants to share her tools with you.
Which is really nice is a nice neighborhood.
But you don't want to always have to be a home when she comes over and you want some way to coordinate the sharing.
And, um, you could just, um, give, you know, give give it to her in the physical world, but, um, this is a special case.
Well, anyway, so, uh, you put your you can put all of your tools and she can put all of her tools in your respective sheds.
But how are you supposed to be able to give her the key if you're not gonna?
If you don't have time to me, turn meter in perfect person on one way to do that.
Is that all you're?
All the neighbors have lockable mailboxes, so you can take your said a copy of her shed key, and then you can drop it in her mailbox, and she will be the only one able to unlock that and get the key to your shed and the same the other way around.
She could take a copy of her shed key and drop it into your PA public mailbox, and then you will be the only one able to open it with the key to your mailbox.
But then you have a key again.
So you have the key to the mailbox and what you do with this well, we'll put it into that um, key bucks again.
That has a cold.
And then it has the lock.
And then you put that key under your flyer, but And to generate these a sink keys you can use, um Ah, this algorithm, I won't go much further into that, but we'll look at the flow.
So for sharing data, you'll take your plain text and you'll, um thank you.
Let's see.
Now there's something wrong here, huh?
No.
Yes, sir.
Uh uh, You'll take your first generate a key like we did all the way in the beginning, and you'll encrypt the data with that, and you get your cipher text.
But then you take your generated key and encrypt that with the other person's public e.
And you get an encrypted generated key, and you can share both of those and put it in the cloud.
And then to ah, decrypt the other person will take their private key decrypt, encrypted, generated key, get degenerated key and then decrypt the cipher Text to plain text says you can see with old these keys.
We gotta really stay sharp to not mess it up.
But where You know, that private key can't just be laying around.
So this is what we do with our private keys.
We encrypted with the derived key, and then we can decrypt it again.
So if you then look at the whole flow.
If I want to decrypt something shared with me, I first have to, um, get my derives key decrypt my encrypted private key.
Then I use my private creek to decrypt my encrypted generated key.
I get my generated key, and I can finally decrypt my text and I get my plain text back.
And this is actually what we usually do also, with things we only want to share with ourselves, we do the same flow so that it will be the EQ and equal process.
So then you just use your own public e when encrypted, and then you do this whole song and dance to get your content back.
So in authentication, that kind of just skip the whole authentication part.
As you might have noticed, we just put things on the cloud and without knowing who anyone waas and the reason for that that it becomes more problematic than in a normal web app since we use our password to generate keys we don't really.
The password becomes much more sensitive than in a regular app, so we don't want to send the password, even if it's hashed back and forth between the server to Le Guin.
Ah, and I haven't been able.
And one password called this.
They've solved this using something called secure remote password where you never send the passage over.
You just do a lot of really cool math on both sides, and you're able to say, like we both know the same secret.
But you don't send the password back and forth, but I have not been able to find any service is that gives us this because old regular back and as the service providers and off providers, they do regular authentication flow.
I found one random package on node, which, you know I can't just jump attempting to use that without knowing anything more about it.
One password has, um, open source to go implementation if you wanna try to host her own secure remote password solution.
But for power, I find something else.
It's called Block Stack.
It's a fairly seems to be fairly a new framework for creating decentralized apse, so they have authentication on, you know, the block chain, which is very popular word to say these days.
But I find it to be able to use this for power is a very practical example of when it's needed.
And there they do a similar thing where you intend to authenticate without sending the password, um, over any wires.
They also help you with encryption.
So if you're just going to do simple encryption, it's much easier.
You don't have to Ah, work of it.
But first, you can just encrypts strings like, um, you know, normal jobs give developers would like, um so check that out if you want it.
If you just want to do some fun side projects.
So where to the main question?
Is it possible eso for my use case?
It's definitely possible, cause we can encrypt and I have made ah version of the F.
But I think what is more important is that more of us, especially in the developers, started using encryption and really taking privacy first to help our users and educate our users to know when they share and how that whole flow works.
When you do encrypted APS and there will always be a trust issue, because I could off course do things in the browser in addition to encrypting and just sending off the data if I wanted to.
And that's one of the things side projects and indie developers.
I think ah comes in our favor is that it may be easier to get the trust and you start with your friends than it is for the bigger company.
Bigger corporations.
So maybe we we might have a competitive advantage, as in the developers, if you take privacy.
Um, seriously.
So my, um, I would like everybody to just go out and start making your own private APS.
And if you want to copy whatever I've made, feel free to do that and let me know how it goes.
Ah, if you wanna see the slides or codes are cold or anything, you can go to this address.
I'm gonna leave it there for a while.
Um, and please come talk to me in the in the lunch break if you have any questions.
And that was all Thank you.
And I also got lost.
Yeah, and also just wanted to thank Lillian who made all of the the beaded illustrations.