The Shifting Privacy Left Podcast
Shifting Privacy Left features lively discussions on the need for organizations to embed privacy by design into the UX/UI, architecture, engineering / DevOps and the overall product development processes BEFORE code or products are ever shipped. Each Tuesday, we publish a new episode that features interviews with privacy engineers, technologists, researchers, ethicists, innovators, market makers, and industry thought leaders. We dive deeply into this subject and unpack the exciting elements of emerging technologies and tech stacks that are driving privacy innovation; strategies and tactics that win trust; privacy pitfalls to avoid; privacy tech issues ripped from the headlines; and other juicy topics of interest.
The Shifting Privacy Left Podcast
S2E18: Making Digital Contact Cards Private, Shareable & Updatable with Brad Dominy (Neucards)
I am delighted to welcome my next guest, Brad Dominy. Brad is a MacOS and iOS developer and Founder & Inventor of Neucards, a privacy-preserving app that enables secure shareable and updatable digital contacts. In this conversation, we delve into why personally managing our digital contacts has been so difficult and Brad's novel approach to securely manage our contacts, architected with privacy by design and default.
Contacts have always been the “junk drawer” of digital data, where people have information that they want to keep up-to-date, but are rarely able to based on current technology. The vCard standard is outdated, but is the only standard that works across iOS, Android, and Microsoft. It is still the most commonly used contact format, but lacks any capacity for updating contacts. Once someone exchanges their contact information with you, it then falls on you to keep that up-to-date. This is why Brad created Neucards: to gain the benefits of sharing information easily, privately (with E2EE) and receiving updates across all platforms.
Topics Covered:
- Why it is difficult to keep our digital contacts up-to-date across devices and platforms.
- Brad describes his career journey that inspired him to invent Neucards; the problems Neucards solves for; and why this became his passion project for over a decade
- Why companies haven’t innovated more in the digital contacts space
- The 3 main features that make Neucards different from other contact apps
- How Neucards enables you to share digital contacts data easily & securely
- Neucards' privacy by design and default approach to sharing and updating digital contacts
- How you can use NFC tap tags with Neucards to make the process of sharing digital contacts much easier
- Whether Neucards can solve the "New phone, who dis?" problem
- Whether we will see an update to the vCard standard or new standards for digital contacts
- Neucards' roadmap, including a 'mask communications' feature
- The importance of language; the difference between 'privacy-preserving' vs. 'privacy-enabling' architectural approaches
Resources Mentioned:
- Learn about Neucards
- Download the Neucards iOS app
Guest Info:
- Follow Brad on LinkedIn
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.
Shifting Privacy Left Media
Where privacy engineers gather, share, & learn
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Copyright © 2022 - 2024 Principled LLC. All rights reserved.
Debra Farber 0:00
Hello, I am Debra J. Farber. Welcome to The Shifting Privacy Left Podcast, where we talk about embedding privacy by design and default into the engineering function to prevent privacy harms to humans and to prevent dystopia. Each week we'll bring you unique discussions with global privacy technologists and innovators working at the bleeding edge of privacy research and emerging technologies, standards, business models, and ecosystems.
Debra Farber 0:28
Welcome, everyone to Shifting Privacy Left. I'm your host and resident privacyguru, Debra J. Farber. Today, I'm delighted to welcome my next guest, Brad Dominy, MacOS and iOS developer and founder and inventor of Neucards (that's N-E-U-C-A-R-D-S), privacy-preserving, updatable digital contact cards. He's focused on the email management and contacts lists space for a long time. He was a member of Xobni's iOS team working on it's "Smarter Contacts for iPhone" project, and that focused on performance and stability and was then acquired by Yahoo in 2013. He then worked as a Yahoo Principal Engineer on the iOS Mail Team with a focus on contacts. And then, he moved to LumiLabs to work on its Sunshine Smart Contacts product; and now, he's focused on bringing Neucards to market.
Debra Farber 1:20
Today, we're going to chat about why personally managing our digital contacts has been so difficult to do and Brad's novel approach to managing our contacts lists with privacy built in. Welcome, Brad.
Brad Dominy 1:33
Thank you. It's a pleasure to be here.
Debra Farber 1:35
Excellent. Oh, I'm really happy that you're joining us today. You know, this is a topic that sounds so simple on its face - we're just talking about contacts, right? But, it seems like there's a lot of challenges underneath the surface, and so I'm really excited to explore that with you today.
Debra Farber 1:50
So Brad, why the focus on digital contact cards? And, given your deep experience, why is it so difficult to keep our digital contacts up-to-date across devices and platforms?
Brad Dominy 2:02
Well, contacts has always been sort of a...what I used to call the 'junk drawer of digital data,' like it's one of those places where people have information that they want to keep up-to-date, but rarely are they able to. Like...and that's not a fault of theirs; it's the way that contacts has been done for the last like 30+ years. The original promise of sharing contact information was trying to make that simple. There was a vCard format. There was other ways to sort of bring things across. There have been numerous attempts to try and make this process of sharing contact information with other people simple, and some have caught on; some haven't.
Brad Dominy 2:37
What ends up happening generally, though, is that most people usually end up feeling fairly frustrated, and so they end up just taking what they can get. If they're on an iOS device, they kind of use the built-in contacts app. If they're on Android, they do contacts that way through Google. And generally, they try to do their best. For the people that are really important to them, they take extra steps to try and keep things as current as possible, just manually. For people that they're not as connected with...the, you know, generally those those contacts end up becoming more and more outdated over time.
Debra Farber 3:07
Yeah, sometimes it becomes a digital graveyard almost of just randos that I don't want to delete, though, because you know, I might have a use for it later. Right? Sounds familiar, kind of like big data, you know? But, this has been a challenge. I mean, I just think of it personally. But why haven't phone and email companies done enough in this space? What's been the blocker for engineers?
Brad Dominy 3:28
I would argue, I guess, two things. One is that...so there is a common standard, It's called the vCard standard. It's a very old standard; it's text-based. And, you can send a vCard to people as an attachment. And we're, you know...with AirDrop or things like that, that standard is great. But, the trouble is that it doesn't have really any capacity for updating. And so, once I give you a copy of my contacts, it goes into your contacts on your phone, but then you have to keep it up-to-date after that. That means I have to remember that I gave you my information, and when I move or change phone numbers or anything like that, I have to like send out a note to all those people and say, "Hey, go update your information." That's the only standard that works sort of across both iOS, Android, Microsoft, all these different places...desktop, too.
Brad Dominy 4:10
There isn't right now, that I know of, any kind of like place where you can get both the benefits of sharing information easily, but also getting the updates done across platform. I'm being a little presumptuous here because I'm not cross platform either. Right? I'm just on iOS right now. I'm kind of like, that's been my background. That's why I built the app the way I did. But, the hope would be that I could have a Neucards client for Android down the road on desktop clients, you know, have all these other things, and start turning this updating piece into something that works for everyone.
Debra Farber 4:38
And that helps me better understand that the challenge has been that there's a place to maybe share your info, and there's a place to maybe update your info, but there's no place where you can...there's no like one centralized place that exists for you to share and update. So, is that the main innovation with Neucards you're looking to solve for?
Brad Dominy 4:56
I am, yeah. I think that the best place I would say that does it right now is probably LinkedIn. LinkedIn is a place where people can connect really easily. It's very universal because everyone's got it, essentially. And, you know, once you've made that connection with somebody on LinkedIn, you do get the updates when they change jobs, change titles, things like that. Neucards is meant to be in a very similar vein; you can make the connection once with somebody, and once you've made that connection with someone, the updates just naturally, you know, flow to you whenever they come. My main difference from LinkedIn is that - I stress again this privacy aspect of it - with LinkedIn, I think it's very...people don't mind sharing, again, that high-level information like their role, their company, maybe just a little bit of information about themselves like a photo; but, you'd never, or very rarely, would you ever see like, say, a phone number on LinkedIn or a home address or something that would be considered a lot more private, because that information is just public information at that point. And, I want Neucards to be something where people can share that information and feel comfortable that it's only going to go to the people that they want.
Debra Farber 5:55
Right, right. So, to have some access control capability there. So, I know that Neucards has been a passion project of yours for over a decade. Can you please tell us about your journey, what is Neucards (you know, why is it different from other contacts apps on the market?), and then what motivated you to bring new cards to life and then to iterate on it for so long? And, why is it so exciting right now? It's a bunch of questions, but hopefully you get the gist and can add it all into one answer.
Brad Dominy 6:24
Well, so 10 years ago, more than 10 years at this point, I was working actually as a developer in a law firm, like as a, you know, we were we had our own internal software, and they needed people like me to write that software for the attorneys. While I was there - and I'd always had an interest in contacts - I had written several utilities to help with contact, you know, transferring from one machine to another, things like that. When I talked to the attorneys, I used to think that they really, really cared about the quality and the state of their contacts. Like, they were very, very, like focused on making sure that their clients' information got updated quickly and easily, and there's been a ton of, again, solutions out there, you know, CRMs, things that work on this premise of when someone gets new information, they can bring that into a centralized place within the firm, and then everyone sort of gets the benefit of that new information.
Brad Dominy 7:14
I always remember thinking at the time how backwards it all seemed to me. Again, where if someone gives me their information, I then have to keep it up-to-date. And, you know, when you try to do things like say scraping web information off the web, or trying to bring in information from people's like, say, signatures and your emails and things like that, those all have their merits; but, at the end of the day, you're still doing the same thing, which is that you are trying to discern what's the truth of somebody else's contact information? So, the thought came to me that wouldn't be cool. If I had some, you know, magic business card that I could hand out to people that I could know who has it; and, whenever I changed the information on that magic business card, all those people will get the updates right away.
Brad Dominy 7:56
Right at that time, iOS became a thing. iPhones were becoming, you know, a very popular thing and I started the process of (just with that idea) could I create an app that would let me share contact information across devices? The initial app was based on QR codes. So, I could show a QR code on one device and someone could scan with their camera on the other device, and it would transfer the information across. And then, once that information had been transferred, then I could update my card on the first device and the person who had received it would see the updates.
Brad Dominy 8:26
So, it was very straightforward, almost kind of a demo, you know, proof of concept app originally. And, it worked great. I was really pleased with it. I showed some people about it. And I thought, "Yeah, cool." And then, I got busy with other things and kind of put it on the background for a long time. I would come back to it because it was kind of a fun project for me to work on. I get to...I'm an iOS developer. I've done lots of different techniques and apply different ideas to how to build apps. Neucards was kind of my proving ground in many ways. I was able to kind of do things the way I want it to and try out new techniques and make things work the way I wanted them to. And, it was a lot of fun.
Brad Dominy 8:59
So, fast forward to a few years ago, and I found myself with COVID and many other circumstances. I thought to myself, "You know what, this is my chance to sort of bring new cards into the world," right "to bring it from not just a side project I worked on to, you know, a real, shipping app. And so, that became my focus; and, I decided I was going to, you know, commit myself full-time to it. My wife was very understanding. She was like, saying, "Alright, I know you've cared about this for a long time. Let's give you a chance to do it." And so, you know, I basically, you know, started creating the service and making sure that it would be, you know, something useful for people out there.
Debra Farber 9:34
That's awesome. So let's talk about what, you know, what specifically makes Neucards different from other contacts apps out there?
Debra Farber 9:41
apps out there.
Brad Dominy 9:42
Okay. So, new cards has, I would say, 3 main features that are different than what's out there. So, the first is that the updates is a piece that can exist and has existed in some forums for some people, but generally speaking, most ways that you share your contact information nowadays are, again, based on that 'read once' - like you give someone a copy of your contacts - and then that's it. Like, so there's no maintained list of who has your card. There's no updates that go out automatically. It's just about the ease of exchanging card information, not so much about the preserving of the connection long-term. So, that's the first part: the updates piece.
Brad Dominy 10:20
The second major difference is the privacy aspects. And so, I have always thought that like people's personal information is theirs. It should be theirs to control; it should be theirs to like give to whom they want and to take away if they don't; they should know, again, what is being shared and, again, the scope of where that information is. Neucards employees privacy as a first-class principle. It was built from the beginning to be a 'privacy aware' application. All this means is that nothing on my services - no data that's stored no data that's transmitted, nothing like that - none of that information can be used by anyone to read your cards' information. So, I can't see what's on your card. I can't see your phone numbers, your home address any of that kind of information like that.
Brad Dominy 11:14
And then, the final thing that makes Neucards different is that it tries to be helpful in terms of when you make a connection with somebody; we try to give you some extra context about when that exchange happened. And so, Neucards also does things like capture location. It doesn't capture specific location and it doesn't track your location; but, when you exchange cards with somebody else, you can get a little ping on where that exchange happened.
Brad Dominy 11:40
I have actually found this very helpful because, going back to LinkedIn, you know, you make a connection with someone on LinkedIn, but then six months later, you go back, look at your connections, and it's sometimes very difficult to remember, "Why did I meet this person or what was going on?" With Neucards, I've been showing it to people like at, you know, founder meetups, or like, you know, TechCrunch, or places like that, and I can go back and look at someone's card that I've received or their recipient listing where I gave them my card, and I can see, "Okay, it's happened on this date and it happened at the Moscone Center" or something like that. And so, with those pieces of information, I can figure out "Oh, okay, that's how I know them." So, I'm able to get that. And it's not something I have to type in; it's just kind of handled pretty much automatically.
Debra Farber 12:20
That's awesome. And, from what I've read, that's an opt-in capability, right? You put in your settings that you allow that location to be logged.
Brad Dominy 12:30
Right. iPhones, when you first request access to people's location, there's always a prompt that will say, "Hey, would you allow this or not?" And again, the information is, it's stored in that private way. So again, it's not information that's up on my website; you can't read like the locations or anything like that for people. So, it's not even like...it's just part of the cards' payload, I would say, which is already protected. And then, again, those locations are done always manually. There's no automatic tracking; there's nothing going on the background, anything like that.
Debra Farber 12:59
Got it. That makes sense. Yes. So the privacy by design piece is like a big portion of the value proposition. I love it. Okay, well, let's talk about some of the controls and protections that Neucards give us. You know, on your website...and you even mention, some of the main features of the app are sharing, updates, and privacy. Let's kind of go through each one of these and just flesh out a little more the benefits of using Neucards' iOS service. So, for sharing, what are the ways that a person can use Neucards to share this data, like the technological ways?
Brad Dominy 13:32
Sure. I wanted to make Neucards, when it comes to sharing, as easy as sending a vCard or sending someone a text like with your phone number or an email or something like that. So, all the fairly-standard ways of exchanging or sharing is supported. So, you can bring up a QR code that you can show to somebody else. If the other person has Neucards, it'll create that connection between you and them. If they don't have it, then you're redirected to the Neucards website where they can see the information and act upon it there. So, it acts the same way as getting like a copy again. And so, there's no updates in that case where they're just seeing it on the website, but you can quickly exchange the information you want with somebody so that instead of having to like yell across a crowded room what your phone number is or something like that, you can send them a link with a QR code, with AirDrop, with a text message, with emails. AirDrop is supported. And, once they've received that information, they can act upon it by tapping on your phone number, say, on the website, and that will start a phone call or a chat message with you. And, it takes that process of sharing and makes it as easy, if not more easy, than what you already experienced.
Debra Farber 14:37
Would it be easier than texting someone like a phone number? Or is it that if you text someone a phone number right now lives in unstructured text somewhere?
Brad Dominy 14:45
If you text them phone number, it's basically you know, just part of the text. So, it will be unstructured; it will be there. I would say that there's two other aspects to this, too. So, the first is that I have multiple cards that you can set up with a Neucard. So, by default, they're has just one card and it has all your information in it. But, you can set up what I call 'Card Types,' and essentially, those are like 'Professional Card,' a 'Personal Card,' 'Family Card,' a 'Minimal Card,' things like that. And, on these cards, you can put different pieces of information. So, for example, a personal card might have you know, your name of course, phone number, maybe your home address. Your professional card would have your title, your company, you know, business, phone numbers, business URLs, things like that. A minimal card might just have your name and maybe, you know, like a social profile, like your LinkedIn profile or something like that.
Brad Dominy 15:30
When you exchange information with a text and you just send some of your phone number, that's meant to be essentially you just starting out...you know, it's kinda like a breadcrumb. You're saying like, "Okay, let's start this conversation between me and somebody else and then I can exchange whatever information through that conduit going forward." With Neucards, I can still text that information via a link or, you know, like send them again through the QR code. But, they can now get more than just my phone number; they can get whatever information I want them to have. And so, I use it myself for like when I meet people, sometimes with the tap tags, they can tap their phone against my phone, and they will immediately see my name, my phone number, my LinkedIn profile, whatever seems appropriate for the moment. And, I'm able to like just provide a better, richer, more error-free exchange of information just by doing the sharing using Neucards rather than the old-fashioned way.
Debra Farber 16:18
And so, for the privacy piece, I know a big part of why it's protected more than other contacts lists is that it's end-to-end encrypted so that the communication itself is not accessible to anybody except for the intended recipient and the sender. So, there's not really question but is there anything you want to expound upon in regards to the privacy there?
Brad Dominy 16:42
So, in an encryption is an interesting feature. So, a couple of years ago, I was all primed and ready to go out the door with Neucards without end-to-end encryption as part of the app in the sense that I had the prototype working with just exchanging information. And, I was planning on doing what most people did or most services do, which is that they take care information, they stored in their databases, and they make sure there's lots of protections against outside attackers or, you know, again, procedures that are in place to make sure that employees only access the information respectfully and things like that. That was my plan. But, I remember talking to some other founders at the moment, and I remember mentioning end-to-end encryption as something that I wanted to add, and they were actually all, surprisingly, like, they thought that would be a killer feature. They thought that if you added the end-to-end encryption piece and you made it so that the information is protected, not because of a policy or because of strong passwords on my site or whatever like that, but because it's built-in to the way that the exchange of information flows, that that would give them a lot more assurances that the information is going to be used properly and only for the people that they want.
Brad Dominy 17:52
Now, the problem at the time was that I wasn't an end-to-end encryption expert. Like, I hadn't done any of this kind of stuff before. So, I actually spent quite a long time researching, looking for, you know, examples, finding out where end-to-end encryption was being used, and who are the big players in the space. And, at the time, end-to-end encryption was just starting to become a thing, especially in the messaging space. So, a great example is Signal or WhatsApp or Apple, too. They were using it for their messaging applications to be able to assure the people using those apps that the information - the chats - are only going to be accessible to people that they send them to. End-to-end encryption feature was something that, again, it kind of like, helped square the circle for me; it created an app now that was going to be respectful of your information, not just who you share it with, but also in keeping it out of the hands of people that you don't want it to be (including me and Neucards). So, when I started that process of adding end-to-end encryption, it just became, again, the the most critical thing to me, like to make sure that would work like seamlessly because that's one of the aspects of this...is that, you know, for WhatsApp and apps like that encryption is there. It's helpful, but it's not something that is hard for a user to set up. I wanted the same experience for Neucards where you can just download the Neucards app; you can set up your card; you can share it with other people; and, the end-to-end encryption is there to protect you. But, it's not something you have to go through like lots of hoops in order to engage it. It's just, again, part of the way the app works in terms of exchanging data.
Debra Farber 19:24
That makes sense. And, you know, I know that Neucards has some hardware that's relatively new on the market as well, what you call the Neu Tap Card and the Neu Phone Round Tag. You know, can you tell us a little bit about these products and what benefits they enable and why we should run out and get them?
Brad Dominy 19:42
Sure. So, these products are NFC tap tags. So, these are cards that you can carry in your wallet or the you can adhere them to the back of your phone. In both cases, they are linked with your digital card. They basically contain a URL that has a link back to your digital card that you want to share with somebody, and they make the process of sharing that much faster. With the original app, without these tags, you know, you'd have to bring up the app; you'd have to like go through the sharing flow; you'd have to like, you know, bring up a QR code; and it wasn't slow, but it wasn't as fast as just bringing out a card from my wallet and then have someone tap their phone against it. And, what I really want to do is make it like, again, just very convenient for you to be able to take that information and share it as quickly as possible with others, especially when you're in a networking environment and things like that.
Brad Dominy 20:33
These cards are an interesting challenge for me when I originally thought, "Well, we just would put the information on the card and that would be it." But then, I realized that there was an aspect of this that I really had to focus on for the privacy aspect. And that was that I couldn't just set some static URL on the card and let that information out there because I didn't want to be storing on my server the destination URLs on my server that would have people's card information. Again, I didn't want to make it so that if somebody was to gain access to my servers, they could just download all the cards that were linked to Tags and just see other information. And so, what I did as a solution is that I've actually got these tags set up so that they have, basically kind of a one-time key that's generated when you activate the card. That key is used to encrypt the information that is stored on the server. And, that information, that key, is only shared with the Tag and not through the service. So, you have to like have tapped the tag to get the key or shared that tag with somebody else in order to be able to get the key to unlock the stored information that's up on the service. And this protects people from, again, having it where, you know, I can just download a bunch of URLs off of my service and see card information. It's still the case that you have to have had a physical like tap with somebody else before you can get access to it.
Debra Farber 21:51
Got it. And so, this would be enhancing your iOS app experience, right? You couldn't just couldn't just get a card by itself and use that. Correct?
Brad Dominy 21:59
Right. Well, and, you know, to be honest, I think that these are great things to have. They can be good for starting conversations with people. When you bring out your tag people are curious about them. They are wondering "How is it that you're doing this so quickly?" and things like that. So, as an experience, when you when you're sharing information, they're very good for starting conversations. They're very good for the environment because we're trying to remove the need for having paper cards all the time so that you can have a way of exchanging information with others without having to give them a paper card, which a digital card you never run out of. There's a lot of, you know, benefits, again, to having that information. When you have it on a tap tag, again, it just makes that process that much faster. If your phone runs out of battery, you can still share with the tap tag. So, it's actually, you know, it's just meant to be a way of having convenience and still maintaining the security / privacy aspects of Neucards.
Debra Farber 22:49
That's pretty awesome. You know, I hadn't even thought of that benefit, and that is definitely something I would use. I'm always running out of battery at a conference, just something about, you know, just the long days and not having time to, you know, plug into a computer, or forgetting my battery or something like that. So, that's a nice use case. Okay, so this is one that I really been wanting to ask: Will Neucards, solve the forever-annoying, but totally relatable problem where we receive a text from someone who does not show up in our contacts list, but they seem to be familiar and think they're in our contacts list? I'm going to call that the 'new phone, who dis problem.'
Brad Dominy 23:29
Right. I will say that it's a partial solution at the moment; and, it's not my fault...it's more...I'm gonna blame Apple here, actually. So, Neucards does allow for you to use the cards' information for CallerID. There's a service that Apple provides to developers where you can input phone numbers, essentially, and labels that go along with them and then that information goes into the system, and when someone calls me from the number that's listed on their Neucard that I've received, their name will show up as part of the CallerID experience. Unfortunately, and this is what I've talked to Apple about this numerous times, that CallerID system only works for phone calls at the moment. And so, it doesn't solve the texting issue. Texting, unfortunately, is largely run by having information placed into the phone's contacts. I have actually, like actually on several occasions, talked to Apple about why I don't like the way Apple handles contact information on the phone with the built-in Contacts application. And the reason is because while they do allow some restrictions in terms of asking for permissions - so when a new app comes onto your phone, and it tries to access the contacts on your phone, it will again prompt the user to allow that permission. The trouble is that that permission then gives them access to all the contacts that are on the phone, regardless of the source. So, in other words, if I in Neucards took your information, stuck it into the contacts from your card, and then somebody had Facebook, say (I'm not trying to blame Facebook; I'm just bringing up an example), if Facebook had been given permission to access contacts in the past, then they would be able to...Facebook would be able to upload your contact information through the Contacts app on your device.
Brad Dominy 25:11
And so, I've been trying to make it as good an experience as possible without, again, sacrificing people's privacy in the process. I am hopeful - Apple has got their developer conference coming up in a few weeks - and I'm hopeful that maybe they will start to address some of these privacy shortfalls on their end. Don't get me wrong, I'm not trying to, you know, to really like diss Apple here. I think that they're kind of doing the best they can with what they have; and, again, the market, I think needs to speak more loudly about this. Because until people are requiring or demanding that they have a way of inputting information into the phone without it necessarily going out to everybody else in the world, Apple may not think it's important to come up with a solution. So, I would encourage people to like, you know, make this a reason for why you want to make privacy a priority and tell the people that are out there why you want to keep things private and why you think they shouldn't allow for things to remain private - treated me with respect, essentially.
Debra Farber 26:09
Yeah, and then give users that control. I understand that. That makes sense. And, it seems like maybe it's a limitation of just like, you know, older architecture, so that somebody would have to make the case as to why it would be profitable to put money into changing the architecture. Does that sound probable?
Brad Dominy 26:27
I think so. And you know, in many ways, I think, you know, contacts is an interesting space because some number of people (a large majority, in some ways) may think that content information should be public, like, it should be something that everyone can look at. Right? Then, a lot of people, you know, they put it on their website; they put it on there, there's signatures; they put it all these places; they don't mind it being out in the public. Right? And that's fine. It's good example of why, you know, it's meant to be distributed, so people don't think too much about it. But, that's not all your contact information.
Brad Dominy 26:55
Again, there's other things that you'd want to share, again, with more specific people like your family, your friends, you know, that is a little bit more private, that you wouldn't have just out in the open. And unfortunately, with Apple's current scheme, there's no way to differentiate between those. There's no way for me to put in "This is shareable with everybody, and this is not shareable with everybody." And, I'm hopeful; they have made a priority list in the messaging space. I'm hoping that in the contacts space, it will become a bigger issue for all the big players and that they'll start to bring in these protections for people's contacts. I would benefit from as developer of Neucards, but I think everyone benefit from having, you know, a rethink of this, to like why this information should be protected. And this is one of the aspects, I think, that you know, is becoming more widely-known, and why maybe your audience is even listening to this is that they are concerned about how their information is being used against them. Right? There's identity theft; there is like tons of scams; there's plenty of places where people, they feel that their information is being sent to marketing people right away, and they don't really like, you know, the fact that they can't answer their phone, or that every message seems to be, you know, generated by something, and it's becoming a scarier and scarier world out there.
Brad Dominy 28:06
And, the information that people gather against you, that is something that becomes more and more potent as time goes on. You know, people have been showing AI now is running around generating people's voices and creating messages that could be used against you if they know, like, who's important to you in your life. And so, that's one of the aspects, I think, that, you know, with identity with this personal information, there are larger players, I think, who are starting to see it as a problem. And, I'm hopeful that they will start to, you know, create solutions and Neucards can be part of that.
Debra Farber 28:43
You know, that really just got my head going in so many different directions about how maybe you could leverage some sort of, you know, generative AI watermarking combined with like Neucards to make it so that you know that it's truly somebody calling...or not calling, but somebody, somebody whose contacts information is...or they have the contact information, so you know that it's actually them and it wouldn't be let's say, a deep fake of your daughter who's asking for $5,000 when really it was a Nigerian prince or something. Or something else along those lines to really socially engineer folks, because you're right, deep fakes are getting really, really, really good, especially with generative AI to replicate voice. And, it is a scary world where a lot of people...soon I do think we're going to be in a world where people don't know what to believe; we're already getting there. And so, so have you thought...I mean, it sounds like you've thought about the AI space and how Neucards might be part of it. Have you thought about maybe participating in or leading efforts for a standard around contacts that might be more updatable and a new iteration of vCard? You know, something that you could bring in the Apple folks and others to move forward in this space?
Brad Dominy 29:56
I think that there are already some efforts out there working on this idea of identity and end-to-end encryption has always been a big piece of that because it has, again, the nice benefit of having these keys that are generated that are specific to a device. And, you can tell when those keys have been mucked with essentially. So, like, they provide a nice way of saying, "All right, at some point in time, I physically came into contact with this other person or I shared my information with this other person, and going forward, I can always check and see whether that works," right, whether those keys still match up. If somebody tries to imitate somebody or something like that, the keys won't be there. And so, it'll be easier to identify when somebody is, again, trying to fake being somebody else.
Brad Dominy 30:38
You know, I think that in terms of...the market is what really needs to kind of start speaking out about these things. And, I think that, you know, the professionals that are out there, they're definitely very much concerned about privacy; they're starting to make more and more laws about privacy and protecting people's information, having things, you know, opt-in, rather than opt-out. And, you know, California especially has been passing laws that have been telling vendors what you need to do with information, giving people the right to remove their information from their services and things like that. I honestly feel that the more people realize how important information is and that the means by which they share their information do matter, I think that the vendors will start to pay attention, the legislators will start to pay attention, I think people will...and the standards will come, I think. I think there would be a lot of people who definitely see the need for something that is protective, and, you know, they want to be able to find that without having, again, to...they want to find something that is accepted. And, I think all the players should come together to discuss it and, you know, propose solutions to it and let the people talk about it. So....
Debra Farber 31:45
Yeah, I think that makes a lot of sense. And then, you just released the hardware for Neucards, the Tap card and the Phone Round Tag this year. You know, so what just curious, what's on the roadmap for the future?
Brad Dominy 31:57
The pieces I have right now...so, those Tap Tags are out. I'm looking for a couple different form factors as well. Like some people have talked about maybe wanting like a different size or a different like slight shape or something like that. Those are meant to be, again, a way of having your information quickly available to anybody right away. In terms of features going forward, I don't want to promise 100%, but I'm definitely interested in this and so I'll mention it. The next big feature I want to work on is something I'm calling, you know, essentially 'mask communications.' And so, right now I have it set up so you can share your information with other people, and that information is protected from obviously, you know, meet Neucards or anybody in the mean in between you and the other person. Mask communications is like what you experience now with like, say Uber. Right? When you're when you take a ride in an Uber, you can call the driver during your time when it's active, and even for a few moments afterward to be able to communicate with them. But, you're not getting that driver's real phone number, and nor are they getting your real phone number. So mask communications is something that I want to add to Neucards to be able to share cards with somebody that has a proxy phone number or maybe a proxy email address, some way of you can have that communication with somebody else. But your information is always kept private, even from that person who received it, you can have those conversations. And, if you want to continue, you can update it to the real information or you can discard it and they won't be able to talk to you again.
Debra Farber 33:17
So, I just want to clarify, you are saying 'mask communications,' m-a-s-k, or m-a-s-s?
Brad Dominy 33:23
Yeah, mask.
Debra Farber 33:24
Okay, it sounded like m-a-s-s, but based on what you're saying mask with a 'k' at the end. Awesome - masking the communication
Brad Dominy 33:31
Mask communications or proxy information - either those are sort of...the idea is to be able to give a way of having communications without, again, having to give away an actual phone number or your actual email address, things like that.
Debra Farber 33:44
That'd be really cool.
Brad Dominy 33:46
It's been something I've been looking at for a long time, and I certainly think it's very possible. And so, that's kind of my next big, you know, privacy-facing feature that I'm looking to add. Now, I can't say exactly when that will happen. It may take a long time. This is a solo project on my part; so, unfortunately, my speed at which I get features out is not as high as I'd like it to be all the time. If people have suggestions or ideas and they'd like to contact me about that, I'd love to hear about it. Like, if there's things that they think are missing in the contacts space for privacy, and they think Neucards can be helpful with, but doesn't have now, I'd love for people to like get in touch with me and tell me what they're looking for.
Debra Farber 34:20
What's the best way of getting in touch with you?
Brad Dominy 34:23
If they just go to Neucards, that's Neucards.com, there's a contact field at the top and that'll just send an email to me. They can also contact me at brad@Neucards.com - that's my personal email address. And, they can also set up a Calendly session with me through the website. It's there to allow me to show people the features of Neucards. And, it's, again, it's a great way for me to be able to get information back. One thing I didn't consider when I built Neucards, especially with the privacy piece, is that I have no way of knowing who my clients are, so I can't ask them questions about stuff because they're anonymous; I don't know who they are. So....
Debra Farber 35:02
That's a great point.
Brad Dominy 35:03
So, I have to wait for them to either have, you know, like, I have to wait for them to reach out to me; I can't reach out to them. So....But, I like hearing from people. It's it's a space where I really enjoy talking to people about it because it's not overlooked exactly. It's just that they don't want the hassles of having to try something totally brand new, but they like the end goal: they want their information protected; they want to have control; they like to see, you know, who has it. And, just giving that ownership back to them, I think, is refreshing.
Debra Farber 35:33
I think that the seeing who has it part - almost being able to audit, you know, and then go back and look at your access controls every now and then. "Oh, maybe I don't want my ex to have this info." Maybe I don't want, you know, certain people to have certain info anymore. Or, maybe I do want to actually go "Oh, this person only has this info; they should also have that." Like, you know, just even in the security space for enterprise, we always say, you want to go back and look at your access control lists every now and then and audit them, you know. We should be doing able to do that as consumers as well. But, I do see a contacts app like this kind of being the center of a personal CRM or even, you know, could be professional too, if you have a small business, for instance. So, that it can really help you keep track of who your contacts are based on context, which I think is really, really cool.
Debra Farber 36:25
One question I did have is, if somebody loses their hardware, like the Tap Card or the Phone Round Tag, you know, how do you restore their info? Was the info, I mean, there in the app and it's just relayed through the hardware? Like, how do you re-provision it, I guess?
Brad Dominy 36:37
So, the Tap Cards themselves are easily replaced. So, you can just get another card and just reactivate it.
Debra Farber 36:43
Oh, and they're pretty cheap, too. Like, they're only like 5 bucks, 6 bucks, something like that.
Brad Dominy 36:47
Yeah, exactly. So getting a new hardware, you can add multiple tags if you want like so if you want to put like different cards and different tags, and you want to have multiple tags, you can certainly do that. I personally have the wallet version and I have the version on the back of my phone and I have different cards on each of them. And, you can even update which card is linked to the tag afterwards. So, after you've activated it, it's really simple to change, which tag or which card you have linked to your tag. It's just done in the software and it happens with just one little tap essentially, and it updates it.
Brad Dominy 37:17
The harder question, actually, is say if they get a brand new phone or something like that, and because of the end-to-end encryption piece, there is a little bit of a recovery that has to happen. And all that basically means is that...what I have on my services is all the connections you have with somebody: the other new cards' users that are out there. So, I have who is connected to who. I don't know who they are or what their information is, but I do have those connections. If you get a brand new phone or lose your phone and you log back into the new card system, what will happen is...so, new keys will be generated on this new device. Those new keys will...the public part of that key will then be sent to all your contacts - all your connections on the new cards' service. All of them will then re-encode the information for your use, and then it'll all be sent back to you. So, there is a recovery aspect to that.
Brad Dominy 38:04
I will argue - and then this is part of the whole end-to-end encryption piece that is plaguing everybody at the moment - is that that process works best if people keep using Neucards. So, if somebody had used it before, and then they quit and deleted the app or whatever, there's no way to get that information back. And, sometimes you'll see this even in, let's say WhatsApp, or like messages that, you know, were generated in a group message before you join (like you don't have access to those keys and stuff like that at the time), so they're off limits to you. Neucards does its best, again, to, you know, reconnect you with everyone, if you have a brand new phone or things like that. And, maybe at some point, you know, it's one of those aspects of continued development in terms of trying to make that process happen. It's not the most common use case, so it's not something I focused on right away, but it does work to recover. So, you are able to get a brand new phone, download Neucards, sign into your account, and the information will be there for you once everything gets re-synced, essentially.
Debra Farber 38:57
That makes sense. Is there anything you want to tell our audience about...any places they can plug in to learn more about...I don't know the contacts world? You know, any standards that are in development, any...this might not be a thing like that there's...you know, are people gathering to talk about these issues anywhere? Any conferences? You know, anywhere they can learn more, I guess, about this challenge that you're solving for?
Brad Dominy 39:22
I would be very curious to hear from people, again, if they, one, consider this to be a valuable issue...like keeping contact information safe and private, whether that's enough for them to think of changing the way they've been doing it to try something new. Right? You know, the Internet is very large. There's lots of tons of apps out there. There's a bunch of apps again, that help with contact sharing, contact management, contact de-duping, things like that. I think a lot of people have, you know, again, trying to sort of like, you know, create the tools that are necessary to deal with contacts. I don't think that there's any, at least from my experience, there's no real I'd say winner in that space just yet. I don't think...you know, there's certainly some big players. There's definitely people that are like, you know, like really, really good at what they do in terms of like either the initial sharing part of it or, you know, like, maybe they try and do the updating part of it or something like that. I haven't seen anybody that's been able to, like, pull all that together. And, that's my hope for new cards is that people will see that it's not just the sharing, it's not just the updating, it's not just the privacy, it's kind of creating a contacts solution that just works for people. That's my hope, right? They can take comfort in that, like, those basic principles that underlie the way the app is built, will be to their benefit.
Debra Farber 40:33
And, I'm hoping other people will see that, again, as a call to action to some extent. I think the more, you know, popular Neucards gets, the more people will see that it's something that is a problem worth solving and people will...the big players, again, will start to like change their thinking about why contacts information shouldn't just be, like, relegated to, you know, a couple of apps that were built 10 years ago
Debra Farber 40:54
Right.
Brad Dominy 40:54
They should be continuously looked at in terms of why and how do these...how does that contact information get into other people's hands? What information is allowed? You know, what is that information being used for? You know, like, there's a million places where, again, it's becoming more and more obvious, every day, that contact information is not being used to your benefit most of the time; and I'm thinking that, as people get more aware of that and start to react to it, that again, people will start to see the value in changing that round. Again, they've already kind of done this in the messaging space, right? You know, like, with Meta doing it for WhatsApp and for Apple doing it for iMessages and for Signal itself, you know, they've already, you know, created a feature of their product that is intended to, again, give those assurances for people using it. And, Neucards is trying to do that in the context space.
Debra Farber 41:46
Yeah, I think that's amazing, especially since you've really unpacked for me why the contacts space is separate from the messaging space. I don't think most people know that. I think we just think of: "I want to be able to get our emails;" "I want to be able to have messages;" and, we don't think about all the steps that necessarily takes to get there and that they are separate steps requiring different architectural...you know, architectural approaches. And so, you know, that I opened up my eyes when learning more about Neucards through you. So, I really think that this is really an interesting problem to solve for - something I'll be a little more vocal about.
Debra Farber 42:20
I hope you get multiple collaborators reaching out to you as a result of this show, because I think it's a problem that we all have. In fact, you know, said something interesting there where, you know, information is - especially even our contact information - that we don't even realize it, but it's not necessarily being used for our own good at times. It's just maybe what's easiest for a company or what's a better flow or something, but not necessarily like what's optimized for an individual. And, I think that that's just a perfect reminder that how we threat model for privacy is to work backwards from an individual and say, what are the potential harms that can happen to this person with this...you know, by using this data.
Debra Farber 43:01
I also think it's one of those, it's worth mentioning, that we use this term 'privacy-preserving,' when really privacy-preserving is like a company wants to use your data for a purpose, but they'll preserve the privacy around it so it's not a problem. Where we really want to get to 'privacy-enabling,' which kind of denotes that you're working on behalf of the person and their privacy is paramount and anything else is secondary. And so I really like 'privacy-preserving' rather than 'privacy-enabling' as a term, but it hasn't really taken off yet. It's just something I'm noodling on.
Brad Dominy 43:36
Right. I think a lot of people, they have a lot of trust in how things are done and they think that most websites are secure nowadays. They assume that somebody somewhere has taken the steps to make sure their information is protected. Right? Generally speaking, that's very true. Right? You know, like, I'm sure if I was trying to, you know, gain access to, you know, Meta's customer lists or whatever, that would be very tough thing for me to do. Right? I think that anytime people's information is given out, you know, there's sort of this implicit idea that that information will be, you know, stored properly, used properly, things like that.
Brad Dominy 44:10
Unfortunately, you know, I think that we have seen this kind of arms race between companies and hackers and people who are, you know, trying to get access to it, and they don't always succeed. And so, with Neucards, and with the end-to-end encryption, we're really trying to create a system where your information is absolutely useless when it's stored on my service. It's only useful on your phone; it's only useful on the people's phones that you've given your car to. That helps me sleep a lot better at night knowing that the information that's there is literally not usable, and I think that the attitude of being respectful and saying like, "I don't need to have access to this information. I don't need to know or store this information in some database somewhere." You know, I want that information to be treated as, you know, a black box for the most part. I think people are starting to see how that could be helpful, and if the technology gets to the point where there's not any real loss of convenience, (you can still get the benefits of it), I hope people will start to take to those services and they'll start using it for more and more things.
Debra Farber 45:13
Excellent. Well, thank you so much, Brad, for joining us today on Shifting Privacy Left, discussing managing digital contacts with privacy by design and default, and with end-to-end encryption for confidentiality. I look forward to, you know, learning more about where where Neucards goes and maybe inviting you back to talk about it.
Debra Farber 45:33
So, thanks for joining us, everyone. Until next Tuesday when we'll be back with engaging content and another great guest.
Debra Farber 45:42
Thanks for joining us this week on Shifting Privacy Left. Make sure to visit our website shiftingprivacyleft.com where you can subscribe to updates so you'll never miss a show. While you're at it, if you found this episode valuable, go ahead and share it with a friend. And, if you're an engineer who cares passionately about privacy, check out Privado: the developer-friendly privacy platform and sponsor of the show. To learn more, go to privado.ai. Be sure to tune in next Tuesday for a new episode. Bye for now.