[Openid-specs-risc] RISC Notes March 7

[Adam Dawes]

March 7

*Attendees*

Anton Taborszky, Brad Hill, Adam Migus, Adam Dawes, George Fletcher, Mark
Risher

*Updates*

   -

   Google
   -

      Performed experiment with another RISC party who gave us a set of 300
      hijacked accounts with @gmail recovery addresses. 19% of those accounts
      were also hijacked at Google, many of which had not been detected. Very
      promising signal. Next step to work through specifics of each of
the shared
      accounts and understand sensitivities of timing.
      -

      Have new lawyer working on bi-lateral contract for sharing hijacking
      data (explicit and implicit connections). Hoping to have first draft this
      week.
      -

      Privacy approval for building infrastructure and sending ‘change
      password’ event to address hijacking + SSO issues. Also approval to move
      forward on bi-lateral contract to share hijacking info with RISC parties
      for experiments. Positive view towards sending other signals as well.
      -

      Interest from trust and safety team to surface RISC controls and
      messages to 3rd parties. Will be working with team to define goals in
      coming weeks. This is not blocking getting the base infrastructure set up
      and starting first signals.
      -

   Facebook
   -

      Working to get internal privacy approval to share data as well
      -

   Deutsche Telekom
   -

      Working to get internal privacy approval to share data. Difficult to
      connect with the right person.
      -

   Confyrm
   - Had meetings at RSA with possible clients. Will send update separately
      by email.


-- 
Adam Dawes | Sr. Product Manager | adawes at google.com | +1 650-214-2410
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20160307/3643df9e/attachment.html>