Zero Knowledge; Meeting the Growing Demand for Security and Privacy in a National Security World

Ben Dechrai (01.Jul.2017 at 11:45, 45 min)
Talk at Dutch PHP Conference 2017 (English - UK)

Rating: 4 of 5

We've all read the news; we're being surveilled as a massive level. Governments are indiscriminately collecting data, and storing it for years. Even if we trust our governments, this creates a honey-pot of information that criminals would love to get their hands on.

SSL certificates and encryption are important for data transport, and yet even some of the bigger companies don't get it right. Encryption is hard, and it's not end-user friendly, but the tide is changing.

What if your business needs to work with the data? End-to-end encryption between users isn't an option. How can we increase security and privacy, when we need to see our users' data? The principle of datensparsamkeit, to store only what you absolutely need, is still subject to concern if there's a data breach.

This talk discusses the options for end-to-end communications encryption in web applications, as well as ways of securely and anonymously handling and distributing sensitive information between users, without allowing the raw data to give anything away.

Who are you?

Claim talk

Talk claims have been moved to the new Joind.in site.

Please login to the new site to claim your talk

Want to comment on this talk? Log in or create a new account or comment anonymously

Write a comment

 
Please note: you are not logged in and will be posting anonymously!
= two plus seven

Comments

Rating: 5 of 5

01.Jul.2017 at 19:06 by Boy Baukema (52 comments) via Web2 LIVE

I did not expect this talk to be about the *implementation* of a zero knowledge application and was pleasantly surprised.

Rating: 3 of 5

03.Jul.2017 at 12:08 by Christopher Pitt (68 comments) via Web2 LIVE

Only got to hear half of this talk, but that which I heard was wonderfully thought-provoking. I am beginning to try to plan out applications like the one that was described, so there was a lot to take a way after, including from a conversation with you later in the day.

I feel as though you gave the talk a month too early, though. There were so many awesome things you proposed and described, but seemed just out of time enough not to have had a chance to implement them before the talk. I also feel like Laravel was less incidental than you explained to me before. The built-in auth (which I think is uniquely fully-featured in the category of frameworks) is a huge benefit for people starting to make this project. I'd concentrate more on building the JS aspects closer to the native JS of Laravel, explaining the custom and repurposed async bcrypt/pgp JS (these were an interesting story not told), and demonstrating more of the processing concept in real code.

I'd definitely like to listen to the full talk, with a more developed proof of concept!

Speaker comment:

07.Jul.2017 at 03:42 by Ben Dechrai (32 comments) via Web2 LIVE

Thanks for the great feedback, Chris. I see what you're getting at in terms of making the project more aligned with Laravel, however my hope is that this project brings a more generic solution that's applicable to other frameworks and even languages. It's a big goal, that might end up being refined to a Laravel implementation :)

The fuller talk that I alluded to in the presentation did delve in to how the PGP encryption worked, with step-through debugging, and more, to offer the audience a greater insight. I did wonder whether I should have kept that in, in place of the presentation that describes the process pictorially. I do worry that, without the presentation of the workflow, simply stepping through the code would be too abstract.

I'll certainly apply your feedback to future implementations of this talk though, and will definitely be continuing to work on advancing the project itself, in what time I have available :)

© Joind.in 2017