Title 3: Security & Privacy

[ascott1]

Potential titles

• Building Apps that Respect A User's Privacy
• Security & Privacy

Table of contents (draft)

• Series introduction
• https
• Web tracking
  • Introduction
  • Browser "do not track"
  • Detecting "do no track"
  • Establishing a "do not track" policy
• Web application security best practices
• Conclusion, tips, & tools

[konklone]

Some suggested resources when it comes to HTTPS:

• https://https.cio.gov/everything/ <-- USG rationale for "everything"
• https://konklone.com/post/were-deprecating-http-and-its-going-to-be-okay <-- rationale for moving beyond HTTP
• https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ <-- Mozilla deprecating HTTP

In general, feel free to @ me in any tickets about it, and I'm always happy to offer suggestions and feedback as desired.

[ascott1]

Thanks @konklone! I've been digging through the cio.gov site recently and it's fantastic.

I just laid out my outline for the https chapter and am going to be drafting it over the next week or two.

Here's the current plan:

• Intro
• How https works (quick overview of SSL/TLS)
• Why use https (definitely going to dive into your blog post as support for this)
• Implementing https
  • let's encrypt/certbot
  • other certificate options
• Further reading

[konklone]

Awesome! Oh, and I remembered a couple more resources:

• Introducing HTTPS (rationale and description for a non-technical audience): https://www.youtube.com/watch?v=d2GmcPYWm5k
• Migrating HTTPS (covers HSTS and certificate issues in detail): https://www.youtube.com/watch?v=X5H8JRULDOo

[ascott1]

Excellent! Thank you!