We've all read the news; we're being surveilled as a massive level. Governments are indiscriminately collecting data, and storing it for years. Even if we trust our governments, this creates a honey-pot of information that criminals would love to get their hands on.

SSL certificates and encryption are important for data transport, and yet even some of the bigger companies don't get it right. Encryption is hard, and it's not end-user friendly, but the tide is changing.

What if your business needs to work with the data? End-to-end encryption between users isn't an option. How can we increase security and privacy, when we need to see our users' data? The principle of datensparsamkeit, to store only what you absolutely need, is still subject to concern if there's a data breach.

This talk discusses the options for end-to-end communications encryption in web applications, as well as ways of securely and anonymously handling and distributing sensitive information between users, without allowing the raw data to give anything away.

Comments

Comments are closed.

Boy Baukema at 19:06 on 1 Jul 2017

I did not expect this talk to be about the *implementation* of a zero knowledge application and was pleasantly surprised.

Only got to hear half of this talk, but that which I heard was wonderfully thought-provoking. I am beginning to try to plan out applications like the one that was described, so there was a lot to take a way after, including from a conversation with you later in the day.

I feel as though you gave the talk a month too early, though. There were so many awesome things you proposed and described, but seemed just out of time enough not to have had a chance to implement them before the talk. I also feel like Laravel was less incidental than you explained to me before. The built-in auth (which I think is uniquely fully-featured in the category of frameworks) is a huge benefit for people starting to make this project. I'd concentrate more on building the JS aspects closer to the native JS of Laravel, explaining the custom and repurposed async bcrypt/pgp JS (these were an interesting story not told), and demonstrating more of the processing concept in real code.

I'd definitely like to listen to the full talk, with a more developed proof of concept!

Ben Dechrai (Speaker) at 03:42 on 7 Jul 2017

Thanks for the great feedback, Chris. I see what you're getting at in terms of making the project more aligned with Laravel, however my hope is that this project brings a more generic solution that's applicable to other frameworks and even languages. It's a big goal, that might end up being refined to a Laravel implementation :)

The fuller talk that I alluded to in the presentation did delve in to how the PGP encryption worked, with step-through debugging, and more, to offer the audience a greater insight. I did wonder whether I should have kept that in, in place of the presentation that describes the process pictorially. I do worry that, without the presentation of the workflow, simply stepping through the code would be too abstract.

I'll certainly apply your feedback to future implementations of this talk though, and will definitely be continuing to work on advancing the project itself, in what time I have available :)