towards minimising timestamp usage in application software
play

Towards Minimising Timestamp Usage in Application Software A Case - PowerPoint PPT Presentation

Christian Burkert , Hannes Federrath Towards Minimising Timestamp Usage in Application Software A Case Study of the Mattermost Application 26.09.2019 Project: Employee Privacy in Development and Operations 26.09.2019 | Christian Burkert,


  1. Christian Burkert , Hannes Federrath Towards Minimising Timestamp Usage in Application Software A Case Study of the Mattermost Application 26.09.2019

  2. Project: Employee Privacy in Development and Operations 26.09.2019 | Christian Burkert, Hannes Federrath 2

  3. Project: Employee Privacy in Development and Operations 26.09.2019 | Christian Burkert, Hannes Federrath 2

  4. Project: Employee Privacy in Development and Operations 26.09.2019 | Christian Burkert, Hannes Federrath 2

  5. Project: Employee Privacy in Development and Operations 26.09.2019 | Christian Burkert, Hannes Federrath 2

  6. Project: Employee Privacy in Development and Operations 26.09.2019 | Christian Burkert, Hannes Federrath 2

  7. Project: Employee Privacy in Development and Operations 26.09.2019 | Christian Burkert, Hannes Federrath 2

  8. Monitoring of Employees Source: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD) 26.09.2019 | Christian Burkert, Hannes Federrath 3

  9. Monitoring of Employees Monitoring Performance Down on Mondays? Progress Stuck on a task? Habits Working after midnight? Source: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD) 26.09.2019 | Christian Burkert, Hannes Federrath 3

  10. Monitoring of Employees Monitoring Performance Down on Mondays? Progress Stuck on a task? Habits Working after midnight? Employment Power imbalance Collective measures vs. individual consent Source: Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD) 26.09.2019 | Christian Burkert, Hannes Federrath 3

  11. People Analytics: Microsoft Workplace Analytics 26.09.2019 | Christian Burkert, Hannes Federrath 4

  12. People Analytics: IBM Personal Social Dashboard 26.09.2019 | Christian Burkert, Hannes Federrath 5

  13. Timestamp Metadata 26.09.2019 | Christian Burkert, Hannes Federrath 6

  14. Timestamp Metadata: Research Questions RQ1 Where do timestamps occur in the data model? 26.09.2019 | Christian Burkert, Hannes Federrath 7

  15. Timestamp Metadata: Research Questions RQ1 Where do timestamps occur in the data model? RQ2 Which of them are personally identifiable? 26.09.2019 | Christian Burkert, Hannes Federrath 7

  16. Timestamp Metadata: Research Questions RQ1 Where do timestamps occur in the data model? RQ2 Which of them are personally identifiable? RQ3 For what purpose are they collected/processed? 26.09.2019 | Christian Burkert, Hannes Federrath 7

  17. Timestamp Metadata: Research Questions RQ1 Where do timestamps occur in the data model? RQ2 Which of them are personally identifiable? RQ3 For what purpose are they collected/processed? RQ4 Are there more proportionate/data minimal alternatives? 26.09.2019 | Christian Burkert, Hannes Federrath 7

  18. Case Study: Mattermost Source: mattermost.com 26.09.2019 | Christian Burkert, Hannes Federrath 8

  19. Purpose Analysis: Methodology RQ1 Where do timestamps occur in the data model? 1. Find all uses of int64 keyword in model code 2. Filter out non-timestamp related occurrences Target of evaluation: Mattermost Server v4.8, Mattermost Web Client v5.5.1 26.09.2019 | Christian Burkert, Hannes Federrath 9

  20. Purpose Analysis: Methodology RQ1 Where do timestamps occur in the data model? 1. Find all uses of int64 keyword in model code 2. Filter out non-timestamp related occurrences RQ2 Which of them are personally identifiable? 3. Keep only timestamps with a connection to User Target of evaluation: Mattermost Server v4.8, Mattermost Web Client v5.5.1 26.09.2019 | Christian Burkert, Hannes Federrath 9

  21. Purpose Analysis: Methodology RQ1 Where do timestamps occur in the data model? 1. Find all uses of int64 keyword in model code 2. Filter out non-timestamp related occurrences RQ2 Which of them are personally identifiable? 3. Keep only timestamps with a connection to User RQ3 For what purpose are they collected/processed? 4. Locate all uses of these timestamps with gorename 5. Inspect source code of all uses and categorise them 6. Discard all non-programmatic uses (i.e., which have no effect on MM’s behaviour) 7. Identify user facing timestamps by in the web client Target of evaluation: Mattermost Server v4.8, Mattermost Web Client v5.5.1 26.09.2019 | Christian Burkert, Hannes Federrath 9

  22. Timestamps in Mattermost’s Data Model (Excerpt) ChannelMember � � Status � ChannelMemberHistory + � � Session + � � Channel + � � User + � � � Post + � � Legend: + Creation Reaction + � Update � Deletion � Last Viewed � Last Activity � Expiration 26.09.2019 | Christian Burkert, Hannes Federrath 10

  23. PII vs. Non-PII Timestamps PII 47 73 Total 26 No-PII 26.09.2019 | Christian Burkert, Hannes Federrath 11

  24. Timestamp Types Update 14 Create 15 47 PII 10 8 Delete Misc 26.09.2019 | Christian Burkert, Hannes Federrath 12

  25. Visibility for Users Not Visible 42 47 PII 5 Visible 26.09.2019 | Christian Burkert, Hannes Federrath 13

  26. Programmatic Usage Used 23 47 PII 24 Unused 26.09.2019 | Christian Burkert, Hannes Federrath 14

  27. Distribution of Types between Used and Unused 6 create 9 used (23) 8 update 6 4 delete 6 unused (24) 5 misc 3 26.09.2019 | Christian Burkert, Hannes Federrath 15

  28. Categories of Programmatic Usage Type of Use Description EditLimit Enforce edit limit for posts Etag Calculate Etag for HTTP header Expiry Enforce the expiry of an object Filter Filter a sequence of objects by time MinElapse Ensure that a minimum amount of time has elapsed PostNovelty Highlight new posts Sort Sort a sequence of objects by time State Track the state of an object Timeout Enforce a timeout 26.09.2019 | Christian Burkert, Hannes Federrath 16

  29. Categories of Programmatic Usage Etag 8 State 11 31 Usages 4 Expiry 2 4 2 Novelty Misc Timeout 26.09.2019 | Christian Burkert, Hannes Federrath 17

  30. RQ4: More proportionate/data minimal alternatives r e r b e m b m u n N u o N n e n i o t a c n o i n i t r o t p e e c i s y m u u r i q v d c u e e e n n R R S E E EditLimit � Etag � Expiry � Filter � MinElapse � Novelty � Sort � State � Timeout � User Information � � 26.09.2019 | Christian Burkert, Hannes Federrath 18

  31. Purpose: Sort, Novelty and Etag Property Monotonic ordering 26.09.2019 | Christian Burkert, Hannes Federrath 19

  32. Purpose: Sort, Novelty and Etag Property Monotonic ordering Alternative Sequence or revision numbers 26.09.2019 | Christian Burkert, Hannes Federrath 19

  33. Purpose: Sort, Novelty and Etag Property Monotonic ordering Alternative Sequence or revision numbers Example Novelty detection: 1. Add sequence number to post 2. Record last seen seq. number per channel and user 3. On revisits: highlight posts with higher seq. number 26.09.2019 | Christian Burkert, Hannes Federrath 19

  34. Mattermost Case Study: Summary Goal Analysis of timestamp usage and purposes 26.09.2019 | Christian Burkert, Hannes Federrath 20

  35. Mattermost Case Study: Summary Goal Analysis of timestamp usage and purposes Findings majority of PII timestamps is not used only a small proportion is visible to users programmatic usages have potential for data minimisation 26.09.2019 | Christian Burkert, Hannes Federrath 20

  36. Mattermost Case Study: Summary Goal Analysis of timestamp usage and purposes Findings majority of PII timestamps is not used only a small proportion is visible to users programmatic usages have potential for data minimisation Limitation Case study is not representative 26.09.2019 | Christian Burkert, Hannes Federrath 20

  37. Mattermost Case Study: Summary Goal Analysis of timestamp usage and purposes Findings majority of PII timestamps is not used only a small proportion is visible to users programmatic usages have potential for data minimisation Limitation Case study is not representative Future Expansion to other software Improvement of the usage analysis (automation, reproducibility) Investigation of possible causes (anti patterns) 26.09.2019 | Christian Burkert, Hannes Federrath 20

  38. Contact Christian Burkert Tel. +49 40 42883-2406 Mail burkert@informatik.uni-hamburg.de I’d be happy to hear from you! OpenPGP Fingerprint: 9B97 CC4B 5FF4 7BA3 EF7B 1966 A5FB 6E0B 41AC CDFB 26.09.2019 | Christian Burkert, Hannes Federrath 21

  39. Timestamp Type and their Programmatic Usage Type Usage Category Create EditLimit, Expiry, PostNovelty, Sort, State Update Etag, Filter, State Delete StateDeleted LastActivityAt MinElapse, Timeout LastViewedAt PostNovelty ExpiresAt Expiry 26.09.2019 | Christian Burkert, Hannes Federrath 22

Recommend


More recommend