Masking private information from the owner

By: Steven Trevathan

Should we consider allowing the display of all private or risky information to the owner strictly through a prompt?

This could include:

  • username
  • password
  • e-mail
  • birth date
  • social security number
  • credit card info (maybe never show it)
  • account numbers
  • you get it by now

Why?

Well, one little bit of information that someone tweets about themselves in a screenshot could mean they’re sharing a useful piece of data to a DOXX operation by some douchebag on the internet. That’s the theory, but as I know very little about DOXXing it may not make sense.

Why am I thinking this?

I just tweeted a photo and I realized after the fact I might have put some sensitive information in it. Not like credit cards or actionable items to any normal viewer, but the kind of information that could add up to something a technically sophisticated malicious person might like. Turns out it was just my name, which seems ok to me.

Because users don’t really know better and they never will

I’ve spent a lot of time resisting the “our users don’t know” mantra in certain scenarios, and I can tell you why sometimes still resist it, but I digress. When it comes to security, our brains aren’t very good at remembering the pieces of information we’ve shared. I have 4k+ tweets and I know a lot of people are at that or beyond. How can we be sure we haven’t shared too much information? I don’t think we can.

It could certainly be a pain in the designer’s ass to worry about protecting the user from doing something harmful to themselves (on purpose yet without being aware) in addition to everything else our daunting jobs require us to, but maybe this really warrants consideration by designers. Maybe it’s part of the job.