Privly System and Organization Overview

Privly System and Organization Overview

About

Privly is a protocol and suite of applications for controlling personal data shared via any site on the web. For consumer-focused information on what Privly is, visit priv.ly/pages/about.

This document is intended to give a high level overview of the Privly implementation and organization. The current version of this document will be maintained on the Privly wiki.

Sections of this document include information on:

• Privly Foundation
• Development Effort

Privly Foundation

Founding Status

The Privly Foundation is a pending US 501 (c) 3, tax-exempt organization, whose purpose is to develop and protect the Privly project, as well as educate the general public about Privly and internet privacy.

The Privly board and developers are committed to using donor funds to effectively build Privly. We are disclosing the current expenditures on Privly.org. The donor roll is now permanently in the source code for Privly.

Board of Directors

The inaugural Privly Foundation board meeting took place on September 18th, 2012 in Portland Oregon. The founding board members are listed below:

Sean McGregor - Ph.D. Student in Computer Science at Oregon State University

Sean McGregor is the creator and lead developer for the Privly project. A native of the United States, McGregor is a PhD student in computer science at Oregon State University. In 2008, McGregor earned a Bachelor of Arts from Claremont McKenna College, with studies in computer science, environmental policy, government, and economics.

Carlos Jensen - Associate Professor of Computer Science at Oregon State University

Carlos Jensen is an Associate Professor in the School of Electrical Engineering and Computer Science (EECS) at Oregon State University (OSU). He received his B.S. degree in Computer Science from the State University of New York (SUNY) Brockport, and a Ph.D. in Computer Science from the Georgia Institute of Technology in 2005, where he was a member of the Graphics, Visualization and Usability Center (GVU).

His areas of research are in Usable Privacy and Security (HCISec), with a particular focus on making online decisions about privacy and security understandable and meaningful to users. He also does research related to open source communities.

Leslie Hawthorn - Community Action and Impact at Red Hat

An internationally known community manager, speaker and author, Leslie Hawthorn has over 10 years experience in high tech project management, marketing and public relations. In March 2012 she joined Red Hat, Inc., where she is responsible for Community Action & Impact on the company’s Open Source and Standards team. Prior to Red Hat, she served as Outreach Manager at Oregon State University’s Open Source Lab and as a Program Manager for Google’s Open Source Team, where she managed the Google Summer of Code Program, created the contest now known as Google Code In and launched the company’s Open Source Developer Blog.

Development

Technical Vision

Every website has its own navigation structure, layout, and audience, but when you strip away these unique attributes of websites, you are left with data-- chats, emails, photos-- that can be treated uniformly across all websites. Operations on these data like encryption and signing, can be performed with indifference to their context and their contents.

Privly uses data indifference to create the notion of ``Injectable Applications,'' which are full web applications that are injected into the context of other web application. Since these applications are scoped to data and not layout, their properties are simplified and usable across the web.

Privly works within browser extensions by scanning web pages for specially formatted hyperlinks. When the extension detects the hyperlink, it ``injects'' the link into an iframe that is served locally from the browser extension. Since the injected application is a full web application, the app could potentially support any web-implementable feature, including APIs between the host page and the injected application.

The core concepts of Privly can be broken into two components:

1. Link Discovery and Injection
   First the extension must detect specially formatted links indicating the linked content should be injected into the host page. By reversing the logic of the link, Privly is able to "fail gracefully." If the link is not injected properly, is placed behind a URL shortener, or is viewed without an extension, the user is able to click on the link to view the content.

2. Injectable Applications
   When the Privly extension detects the Privly-type link, the extension will replace the link on the host page with an iframe. The iframe will contain an injected application, which will run a complete web application within the host page. Due to Browsers' Same Origin Policy, the injected application will not be accessible by the host page. Privly will develop several applications for injection into the web page. Known injected applications will be packaged into the extensions and have access to the user's compiled encryption library API.

Current Functionality

Several Privly packages are in Alpha. The Chrome version is the most functional and provides the following functionality for user testing:

• Contextual Posting: Posting to any website by right-clicking a form element.
• Locally stored applications: The Chrome extension runs no remote-code.
  • PlainPost Application: The PlainPost application supports content injection of web pages from any source domain. Note: the injected web pages do not include external media and code.
  • ZeroBin Application: The ZeroBin application encrypts content with a key unique to the hyperlink. Anyone with access to both the host page and the content server will be able to decrypt the content. Anyone without access to the server will be unable to decrypt the content.
• Security glyph: Every Chrome extension places a unique security glyph above Privly content when you hover over it.
• Options Page: The extension now has an options page that allows you to select content servers, add to a domain whitelist, and run automated code tests.
• User-defined Whitelists: Users can now add domains to their "whitelist." This means any domain you trust to deliver content will be able to add a layer of privacy on top of your browsing experience.
• Augmented Browsing Toggle: When you turn off Privly, the web page you are viewing will be restored to the un-augmented view.
• Message Interface to Compiled Code: See the nacl branch of the repository.
• Testing Library: The Jasmine testing library is integrated with the extension.

Version Status

• Privly Applications - In development
• Chrome and Opera - In development
• Firefox - In development
• Safari - Development stalled (no maintainer)
• Internet Explorer - Not under development (no maintainer)
• Reference Implementation Content Server - Not currently a focus of development since the Privly Applications repository houses most of the functionality client-side.

Each Privly version will be released "when it's ready."

Openness of the Protocol

Privly already works with any content server's domain, however, if the domain is not trusted by the extension, it is not automatically injected into the page (it will inject after you click the link). All users will have full control of their list of trusted domains.

Documentation

Privly has documentation in three different locations (we know, that's a lot, hear us out).

1. privly.org- Privly.org is the stable and official home of Privly. Users, testers, and developers wanting a high-level overview of Privly should go here. It contains:

• Development Blog
• Finalized and adopted specifications
• Tester information
• Privly Foundation organization information

1. Github Wiki- The wiki permits anyone to contribute and improve content. Since anyone can change the wiki, you should regard its content with a higher level of skepticism than www.privly.org. The wiki contains:

• Developer Information
• Working Draft Specifications

1. In application-specific repositories.

Testing

In software development there are at least two types of testing: developer and user testing. Developer tests are programs which test other programs, and user testing are people who test programs. If you are not a developer, you can skip to the user testing section.

Developer Testing

Privly, and browser extensions in general, lack a cohesive regression testing framework. Privly has three formal testing resources:

1. test.privly.org: The Privly testing domain is built for the quick inspection of browser extension functionality. After visiting the various test pages, you can tell whether the Privly-type links were properly detected and injected into the host page. As we discover integration issues with host websites, we are characterizing the problems with a page on test.privly.org.

2. Extension Tests: The Jasmine JavaScript testing library is being integrated into the browser extensions. The Chrome extension currently has the library integrated.

3. privly-web tests: The reference implementation for Privly Content servers uses the built in Ruby on Rails testing suite. The testing script, executed by the rake test command, is run before every deployment. The original code base was not developed with test cases, but all new commits require full test coverage.

User Testing

At the start of August we rolled out the first round of testing for anyone joining the testing mailing list. Since Privly is intended to work on any website, we continually need bug reports for user experience across the web.

Community

Most new open source projects benefit from the experience of developers who worked on similar projects. While many projects cover components of Privly, few have approached Privly's use case. The absence of widely accepted and developed Privly-type systems means Privly needs significant concept communication before people can effectively contribute to the project. Privly is a relatively small development community, but the potential payoff of attracting new developers necessitates a greater focus on communication than development.

The current Privly development community (people who have contributed code, graphics, organization, or system administration) are found on the priv.ly website

Communication

Privly has several locations for project related communications:

• Mailing Lists
• Developers Mailing List
• Tester Mailing List
• Announcement Mailing List
• IRC
• Privly developers gather on irc.freenode.net, in the #privly room
• Social Networks
• Diaspora
• Twitter
• Facebook
• Google+
• Direct Emails
• Sean McGregor: [email protected]
• Jen Davidson (Community Manager): [email protected]
• GitHub
• Create an Issue in a Repository

Localization (Translating)

None of the Privly software has reached "string freeze," which is the point in development where we have written all the final english text for the software. The first version of Privly to reach string freeze will likely be after version 1.0 is released.