Comments on: Protecting Your Users’ Data with a Privacy Wall

By: Safeguarding Your Data: The Privacy Wall « Wesabe: Your Money. Your Community.

Wed, 18 Nov 2009 03:27:27 +0000

[...] like something a bit more technical, along with ways to attack the wall, I’ve posted a longer article over on my personal [...]

By: David

David — Mon, 05 Oct 2009 21:18:47 +0000

Brad-

The only thing I could think would need a change to the OpenID spec.

Along with the user’s OpenID would be sent some random (but consistent) secret. Each user would get a different value.

Then that secret could be used to index the user’s private data in the database.

Not sure there’s much chance in getting that accepted though.

By: brad

brad — Mon, 05 Oct 2009 20:36:23 +0000

Good question, David. There really needs to be some secret that is not stored on the server-side in order for this to work, so it’s not a great fit for things like OpenID or OAuth.

You could ask the user to create a secondary password, although that kind of defeats the purpose of OpenID.

You could set a cookie with a generated secret when the user first signs up, but that’s going to stop working if the user changes browsers or clears their cookies. You could also send that secret to them via email, telling them that they’ll need it should they use another browser or clear their cookies, but that’s still not very user-friendly.

This might make for a good follow-up post. If you have any ideas on it, let me know.

By: David

David — Mon, 05 Oct 2009 19:39:53 +0000

Nice article.

Got any ideas for when I don’t have anything that only the user knows?

I’m authenticating using OpenID, so I only get the user’s OpenID – no password or anything only known to the user (the OpenID is by its nature public).

By: sınıf öğretmeni

sınıf öğretmeni — Tue, 03 Feb 2009 20:24:47 +0000

thanks, great article.

By: Ajanslar

Ajanslar — Fri, 30 Jan 2009 14:45:25 +0000

Wonderful article. I’m interested in this subject and want to learn more. Privacy wall is so important. Thank you

By: boyaci

boyaci — Tue, 20 Jan 2009 18:44:03 +0000

Ninja Privacy Techniques” was on one-way hashes which is ancient (in computer terms), but the privacy wall techniques they’re both implementing and educating around are beautifully simple, and pressingly

By: nick

nick — Fri, 02 Jan 2009 16:09:45 +0000

thanx

By: aşk şiirleri

aşk şiirleri — Wed, 19 Nov 2008 12:33:56 +0000

[...] footle » Protecting Your Users’ Data with a Privacy Wall. the privacy scheme is pretty obvious but they have some good tips on other production problems that come up. [...]

By: oil painting reproductions

oil painting reproductions — Thu, 17 Jul 2008 08:48:00 +0000

We’re presently setting up a server for a small call center. The client wishes to upload all call recordings through FTP to his own server file. At this point, I’ve already detected a server hole. In this case, how can your discussion help us? How can we implement it to our server or system?