When your business is built on using people’s financial information, security is of paramount importance. Balanced complies with the PCI DSS Level 1 standard, which is the highest level of this important industry standard, which is like table stakes: you can’t even play without implementing it. (And if you use Balanced, balanced-js ensures you don’t need compliance yourself.) Of course, PCI isn’t the end of the story: all of the other standard security practices that the software field has developed exist for good reason.
Security for Humans
I’m also a big proponent of security and privacy technology for individuals, as well as businesses. In a post-Snowden world, using privacy technologies has never been more important. I gave a talk on this at the Golden Gate Ruby Conference here in San Francisco late last year:
It got good reviews:
While I’d love for everyone to use PGP, there’s an old saying that certainly applies: “security and usability are inversely proportional.” The easier something is to use, the less secure it is. In PGP’s case, most of this difficulty comes in the setup stage. Once you’ve got it installed, it’s just as easy to send an encrypted email as it is to send a non-encrypted one.
So, how to get over that issue? The answer is to throw a key signing party. Basically, you get a bunch of people together, someone gives a short presentation explaining the basics of how this all works, and then you all make some keys, share them with each other, and get yourselves all set up in your mail clients.
Let’s throw a party!
I’d been wanting to hold one of these for a while, but I couldn’t find the time. Then, someone recently asked me if I was throwing a birthday party, as my birthday is coming up. The word ‘party’ connected the two in my brain, and so I decided that yes, I am throwing a birthday party, but it’s also going to be a key signing party!
I don’t want any gifts: you sending PGP emails is gift enough. On Saturday, January 25th from 2PM to 6PM, come on down to the Balanced office with your laptop, and we’ll get you all set up with what you need to start sending encrypted emails. And generally have a good time.
If you can swing by, you’ll learn about:
The basics of public key crypto
Generating public/private keys with pgp
Setting up your mail client to encrypt mails
the web of trust and key signing
Let’s have some fun and throw a wrench into passive surveillance!
Since Balanced is hosting, we want to make sure we know how many of you are showing up. Please register with a ticket so we can get all of the logistics properly set up. Feel free to make up names and addresses, I won’t be using any of that information for anything.
I hope to see you there!