Thank you to everyone who joined the lively conversation on data security and privacy last week!
Lightning talk
@chrissyhroberts and @seadowg shared their insights on fingerprint data collection using Keppel, a ODK-compatible tool developed for Ebola vaccine trials. They showed a demo of how it integrates with Collect and highlighted the risks of collecting any type of sensitive data.
Strategies to identify and mitigate potential risks
@LN walked us through the benefits of threat modeling how frameworks like STRIDE can be used to identify and assess risks. Together, we discussed mitigating threats such as:
- Leakage of biometric data from servers
- Disruption caused by individuals registering as the wrong person
- Risks of device theft by malicious actors
ODK's security practices
@yanokwa shared our new security documentation detailing how we safeguard the sensitive data you collect with ODK. He also went through recommendations for device settings and considerations for hosting.
Product updates
We skipped product updates to give more time for discussion, but you can check out the slides or the roadmap to see what's coming up next with Central, Collect, and Web Forms.
After Hours
Looks like after hours might become a regular thing, as there were plenty of questions and more discussions after the call. After hours are not recorded, so to participate, become an Insider.
Resources
- Slide deck
- ODK Security doc - our threat models, security practices, and device recommendations
- OWASP threat modeling cheat sheet
- ODK Collectβs protected settings
- ruODK v1.5.1 release - now with Entities support
- Simprints - biometrics solution compatible with ODK that includes search by print
Please add to the thread if we missed anything, you have questions, or other resources to share.
Join us on Dec 4th
Itβs been fantastic to see some new faces on the calls and to learn from your experiences! Our next @Insiders call will focus on capturing and editing a point or location in both Collect and Web Forms. Want to join? Learn how.