Privacy Threats in Intimate Relationships

All of the proceeds from my next two books are going to support the Red Door Shelter in Toronto. One of the first things shelters like it do if someone is trying to escape an abusive situation is replace their phone, because their abuser may well have installed tracking and monitoring software on it to keep an eye on them. That scenario isn't discussed in most computer security courses, both because hackers with nose rings make for better cinema and because intimiate attacks usually target individual women rather than threaten CEOs' annual bonuses.

Levy2020 is a great introduction to this problem that I think every programmer should read. It talks about the types of attackers and their victims, common features of intimate threats, and implications for policy and design. These are necessarily high-level; translating them into specific features in commonly-used applications would be a great exercise for a class or a product team.

In my experience, it's hard to get programmers to care about privacy and security—really care, not just pretend to care—because at some level they know that they themselves are unlikely to be harmed. I don't know if building a security curriculum around countering threats like this will do better, but I think it's worth a try. Even if it doesn't make programmers care any more than they do now, it's still worth trying.

If you see a drowning child that you are able to save, you save the child because you are able to do so. If any further reason is required, then it is unlikely that any further reason will be persuasive.
— Fred Clark