April 1, 2021

Privacy in Action: Jack Daniel, Co-founder of Security BSides

Jack Daniel, Co-founder of Security BSides

Jack Daniel is the Community Advocate for Tenable and a co-founder of Security BSides. At Tenable, Jack supports the global security and hacker communities through public speaking, conference support and engagement, community engagement, and community-centric work including Security BSides, the Stress and Burnout project, the Shoulders of InfoSec, Security Voices podcast, and more. He is the only remaining founder still active in BSides on a day-to-day basis. Jack sees his role as admin, advocate, cheerleader, and mentor for the BSides community. To follow Jack, check out @jack_daniel.

Interview with Jack Daniel

Startpage: What does privacy mean to you?

Jack Daniel: Privacy is too big a topic to do justice to here, but a short answer is that I think of privacy as control over, and protection for, your information.

Here’s a story which helps explain some of the privacy tradeoffs in the modern world.

Several years ago, I was in San Francisco working a couple of conferences. At the end of one day, I got back to my hotel room and my new Android phone had a message on the screen which said Junior Brown was playing at Yoshi’s that night. Obviously, my phone knew where I was and since it was Google, they knew that I had searched for Junior Brown’s tour dates on a different computer months before. My first reaction was to curse at Google for knowing too much about me and I threw the phone on the bed. Then I thought about it, picked up the phone asked Google to tell me what the phone number was for Yoshi’s, called and confirmed that tickets were available, used Google Maps to walk over to the jazz club, and saw an amazing show that night.

In this case, I traded privacy, information about myself, in exchange for something of value, that is Google putting the pieces together and recommending something of value to me. It is a simple example, but it highlights the need for us to ask the question “what’s in it for me?”. When we lose control of our information and get nothing in return or when we get things we don’t want that’s not good. Other people are profiting off our information if we choose to be private and that isn’t respected; it is bad and it’s all too common in the hyperconnected world today.

It also think it is important to disambiguate between privacy and anonymity. The best explanation I have heard is from Blaine Burnham’s insightful Usenix 2000 talk, I would summarize it as:

Privacy is a global system property, the system knows but doesn’t tell.

Anonymity is an edge property, the system doesn’t know and therefore cannot tell.

This highlights a value of anonymity, if they don’t get our data, they (whoever “they” are) can’t use it.

Startpage: We know confidentiality is one of the components of the CIA Triad of cybersecurity. Is there a difference between confidentiality and privacy?

Jack Daniel: Absolutely, the people who abuse our privacy often keep the data that we don’t want them to have confidential; they sell it, it has commercial value, so confidentiality is important to them. They are related in that if we keep our private information confidential that boosts our privacy, but they are different animals.

Startpage: Tell us a bit about Security BSides. What inspired you to start that worldwide phenomenon?

Jack Daniel: We did not set out to create a series or a movement, we just wanted to provide a place for people to get together share ideas and have some fun. A group of us saw some great talks that didn’t fit at the big conferences in the summer of 2009, so we came up with a way to let them be heard. The response was surprising, people wanted more, and more, and the idea spread around the world.

The magic of BSides is that it is a simple idea, with simple rules, and it lowers the barrier to entry for not just creating events, but for speaking at events, sponsoring, building community, and advancing careers. Each event is locally organized and operated; the events feel local, but with a global community behind them.

From that first event in Las Vegas in July of 2009 BSides has steadily grown. The pandemic has dampened things with many events skipping a year or two, or going virtual, but the growth continues.

As of today, there have been 652 Security BSides events held in 185 cities in 52 countries around the world.

Startpage: Tell us about some of the cybersecurity podcasts you’ve worked on.

Jack Daniel: Many years ago, Paul Asadoorian and Larry Pesce invited me to be a guest on what was then the PaulDotCom podcast (long since renamed to Paul’s Security Weekly), and after a few appearances I became a regular co-host. I was on for several years but a few years ago my life changed dramatically and it became harder and harder to participate regularly so I sort of faded away. It was and still is a great podcast, and a great group of people. I had a lot of fun with them and I really miss that crew.

I also worked with Paul on the tenable network security podcast for a few years when he was still with Tenable.

For the past two years my friend Dave Cole and I have had a great time doing our security voices podcast. That is a non-commercial unsponsored longform interview podcast where we talked to financiers, executives, entrepreneurs, and many others, and we have long engaging, free-form conversations. 

Startpage: What are some misconceptions about digital privacy that laypeople often have?

Jack Daniel: Not just laypeople. I think the two most common misconceptions are near opposites, that it is either easy, or impossible. As with many things, I believe the answer lies in the middle. There are simple steps we can take to improve our privacy, but we are up against well-funded tech behemoths, so complete privacy is extremely hard.

Startpage: So Startpage is the world’s first private search engine! What do you think of private search engines? What are features you’d like private search engines to have?

Jack Daniel: I think the biggest hurdle to widespread adoption is the quality of search results, and I believe a secondary challenge is the healthy skepticism many have towards things which claim to respect privacy, I think Clubhouse’s current issues are a good example of claiming, but not delivering, privacy.

Startpage: What are some things ordinary people can do to better protect their privacy?

Jack Daniel: This is an oversimplification, but slow down and think.

Ask questions, like

“What do I get in return for giving my email address/phone number?”

“Do they have a privacy policy which is easy to find, and easy to read?”

“Do I really need to do this?”

A tangent: a pet peeve of mine is requiring email addresses as usernames. Email addresses and phone numbers can get plugged into databases and information about us can be extracted. Create an account on a new website, they use your email address to find data about you and share that you have registered with them. It might be innocuous, registering with a local retailer, but “local” confirms your area. It might connect dots that you may want to keep private, such as joining online communities which some would not consider mainstream or creating accounts on websites which may indicate things like pending marriage, pregnancy, sexual orientation, religious or political affiliations. One at a time, these may seem minor, put together they can draw an interesting picture.

Startpage: Do you have any other interesting ideas to share with us?

Jack Daniel: Hang in there, these are trying times. Be wary of stress and burnout in yourself and others. The pandemic is increasing loneliness and isolation for many, this adds to our stress. 


Privacy in Action is a series of interviews with privacy-minded Startpage users from diverse backgrounds. If you are interested in participating in the Privacy in Action or would like to nominate someone to be interviewed by us, reach out to us at [email protected].

The views expressed in this Q&A are those of the interviewee and do not necessarily reflect those of Startpage.

 

Was this article helpful?

Go Private

Make Startpage your
default search engine

Set as default