Name: プライバシー第一主義の生理トラッカー？それは可能なのか？ by Benedicte Raae｜JSConf Budapest 2019 (A privacy first period tracker? Is it even possible? by Benedicte Raae | JSConf Budapest 2019)
Uploaded: 2021-01-14T10:25:16.000Z
Duration: 28 min 40 s
Description: VoiceTubeの動画で発音を聞きながら英語表現を覚えよう！学べる英語：

過去形

Um, as you said, my name is Benedict and I am a full stack job developer from Oslo, Norway.

And today I'm gonna share with you what I learned.

And that, more importantly, key management when it comes to encryption on my quest to figuring out how to make a privacy first.

Um period, Uh, period tracker or menstrual cycle tackle the checker.

Um I hope I can help lower the bar when it comes to encryption s so that maybe you also will use encryption in your next side Proud project and maybe later at work.

For years and years, I've been able to keep consumer Benedicta away from developer Benedicta Consumer Benedicta has been using APS, and service is like most regular users.

And if I did like, I just don't have the time but then to care about it.

But then, um, this winter Ah, the first kind of major league that health APS and especially menstrual cycle trackers were leaking data to Facebook through Facebook analytics.

And later, just couple of weeks ago a new report came out where they're potentially sharing that data with other people.

Ah, some companies selling it and some using it for Reacher research, which is a good cost.

But it's still something we need to know about as a consumer when we make choices.

So Benedicta developer Benedicts and Consumer Benedict had to have a little talk.

Ah, because, um, right after this leak came out, my period tracker Clue, which is one of the nicer ones, sent me this email.

And it says that on Lee, a few people have access to the tools we use to look into the data basis and that that's the point for consumer Benedict Ah realized you know what developer Benedict has always known and that's this data is just there in plain text.

I mean, it's in the database and somebody needs to have access to that database, and it could be any of you.

It could be me, could be in my friend from university and with some types of data that could just be, you know, very awkward conversations are not like trying to pretend that I haven't seen the data s o for me.

Kind of hit home or personally when I started thinking about that same area then, kind of like the big data scenario.

Um, so in the back of my mind, I've always felt like the's APS have been very invasive.

They don't care about Only when my period is.

And like all these kinds of weird questions, and my friend has been single for months.

She's tired of getting the The question every day is like, Have you had sex?

Um, And like, there's been, like, this thing in the back of my mind like, Why are they so invasive?

And I've realized, of course, it's because they're going to use this data, um, for something else.

So they need a certain kind of detailed level.

So my idea of making so in the back of my mind, I've always wanted to make, um, less invasive and less detailed after would fit, um, fit my cycle better.

And I thought if I was ever gonna make this, I need to learn how to shield myself from my user's data.

I want to be one of those can't be evil acts.

I don't wanna be the one Don't be Evil s.

So I sat down and I did what any sane developer reduced that I made the proposal that got me on the stage today saying, stating, I'm gonna learn what I need to learn to make a privacy First app.

Um, and also, while I was, like, inhaled the site, same developer do as well.

While I was protesting ating finishing these slides, I actually took a stab at making the app s.

So it's called Powell and I launched it on product tenders, a very minimal version.

And on the same day that new leak came out.

So, you know, could think that I actually had an agreement with these journalists because it was just hours after I released Palin on product and the supporting the tension has been Really it's blown.

My mind, like people are really interested.

So I've decided to just keep focusing on actually making the app and will try to launch on March 8th 2020.

For those you don't know what that day is.

Um, so I'm happy to say it seems like privacy is becoming more mainstream and people are getting interested in knowing where their data is going.

And also maybe, um, having a say in where it's going before ago into encryption.

I just need to think Geoffrey is not Geoffrey from one password.

It was really hard trying to find information on this topic from, ah, Web app perspective.

There's a lot of more theoretical knowledge, but the only real luck riel content I found on how the full flow of a Web application goes.

It's, um it's ah, this security white paper by, um, Jeffrey, who works at one password, which is a great app.

So if you wanna look into it more after my talk, which is very introductory, you should try to read this white paper and I'm a nube.

I just learned this, and I'm gonna trying to explain how to use encryption algorithms.

I will not go into how they actually work on you.

Will should not try to make your own encryption.

That is something that will take about 20 years to be able to do if you're going to do it on the state secret level.

Yeah, You first need your PhD in about 15 years of experience and then you're allowed to make encryption.

And I would not go through all the attack factors ever looked more into How would you actually do it?

So, um, I'm actually, um I have a master of computer science, and I remember talks about encryption, but I feel like I know a way wave.

Ah, and I'm still, as I said in all of the people making encryption algorithms, but we're going to go and look at how to use them and especially key management.

As I realised, using algorithm using the encryption algorithms are fairly easy.

But what to do about all the keys we're going to get into?

So this is a basic, um, encryption algorithm, our encryption flow.

Ah, you have your plain text and you have a key and then encrypted on what comes out is called cipher or cipher text, and then to get their plain text back, your reverse it through your description, your decryption algorithm, One of the things that I spent on embarrassingly long amount of time to figure out This, uh, what is this key?

It's usually just drawn as a key the same way I did.

It's, you know, the start of magical thing.

But it turns out it's a very long sequence of characters, um, on.

But you use different algorithms to make them for specific.

You generate them for specific algorithms.

But basically they're just long, random strings of characters.

Random strings of character is really important in encryption.

And so they even have a word for it called entropy.

And because if you have something that's easy to guess, then the whole thing would fall apart.

Then you would just guess the key or guess the password, um, and encryption would fall apart.

And if you now you know very off a script Developers, if you're thinking, Ah, math random right now, then that is not a true random algorithm.

They gives you pseudo random values, but what we need is a crypto cryptographic lee strong random values.

Therefore showing a code example we're going to look at than analogy that's often used in the crypt a world away To think about encryption is how we secure our belongings by locking them into our house on Lee.

Somebody with the correct key can unlock the door and get ahold of your belongings.

The big difference, though, is we look something inside.

Well, with the Crip shin, we actually transform your belongings so the furniture would no longer be there.

But we're still going to use this, um, analogy, because it's used a lot, and it's easier than like transforming things into different substance matter.

So luckily for us, um, the browsers now come with bed crypto I p I embedded.

So we don't have to do any crypto stuff ourselves as we should not do.

Um, and the first thing we need to do is make that key that we saw in our encryption algorithm and before we can make the key, we need to decide on what encryption algorithm to use.

And from what I've gathered, this is the algorithm.

We want the advanced encryption standard with Gallows Contra mode s.

We start by generating a key for that algorithm, and here we say that we want to link to be 256 256.

プライバシー第一主義の生理トラッカー？それは可能なのか？ by Benedicte Raae｜JSConf Budapest 2019 (A privacy first period tracker? Is it even possible? by Benedicte Raae | JSConf Budapest 2019)