Secure Design: A Draft of 7 Principles

Something's not right

No matter which version of the web you believe we are currently on, our situation is far from ideal. We are still missing fundamental pieces.

This is not to suggest progress has halted. So many communities continue to contribute so much! But we often overstate our position on the roadmap. There has not been a Web 1, Web 2, or Web 3. Instead, there has been a Web 0.1, Web 0.2, and Web 0.3.

We are still incrementing on Web 0.x

We are not yet feature-complete. How do we know this? Because basic agency does not yet exist. Let's express a claim:

As a person living in a digitally-mediated world, regardless of my degree of data literacy and technical proficiency, I must be empowered to make my own decisions with my data. To make the right decisions for me and for the communities I inhabit.

Does this claim hold true today? In the worst case, it is not even possible for me to make the right decisions with my data (e.g. moving the personal relationships I've built on Facebook to another platform). In the best case, it may be possible but is far from obvious to most how they would do it (e.g. moving my email history from Gmail to a new client).

We have failed to meet an acceptable standard.

Possible != Probable

Simply making a secure outcome possible does not make it probable.

Secure means so much more than just “security at the technical layer.” It means enabling an environment and set of relations between individuals, that empowers communities to operate as they wish or need to.

The broken systems we rely on today must do more. They must ensure our experiences are secure by design — and designed thoughtfully enough to provide us with the agency we deserve. From concept, all the way down to code, and back up again: into the interfaces that govern our interactions.

The user experience of our digital existence must place every person, regardless of ability, in a position to be secure with their data. A truly secure system needs to be:

  1. Easy & Obvious: Most vulnerabilities in a system occur when we find insecure workarounds, so the secure path must be the easiest and most obvious path for us to take.

  2. Maximally De-risked: It is not realistic to expect us to be experts in keeping things secure. Therefore, systems must take the responsibility to reduce our risk by default as much as possible.

  3. Just Granular Enough: We should have control over what we permit other systems, individuals, and organizations to see and do with our data. However, this control should not be so granular that it becomes overwhelming and burdensome for us to set up and maintain.

  4. Sufficiently Legible: Informed consent is critical. We must be able to understand the actions and outcomes before we take those actions. Actors and objects in the system should also be labeled clearly and in a way that we can quickly understand.

  5. Sufficiently Auditable: Mistakes will be made. All actions taken on our data should be auditable & reversible. All permissions we delegate should be revokable. Parts of our history should be ejectable.

  6. Aware Things Change: Nothing is forever. Our circumstances may change; the world may change. We need optionality to move our data, adjust our threat models, and rotate our security factors.

  7. Reflective of My Intentions: Most critically, the system must still enable us do what we intend to do. It must allow us to present ourselves to the world in the many ways we desire or need to be presented.

This list above is forever indebted to the work that came before us in what some have begun to refer to as the Pyramid of Secure Design — happy to turn it into a more complex polygon, though:

What can you do?

  1. I would love your feedback, or links to any related initiatives. I'm still learning and exploring, and I'm sure there are a mountain of previous thoughts on these matters.

  2. Join our working group. This is a very rough draft, to help focus the initial conversations we are having in the Secure Design Working Group. If any of this resonates with you, positively or critically, I urge you to join us in our effort to articulate a clearer path to secure outcomes.

  3. Let’s develop heuristics to help evaluate the principles. Once we have a first version of these principles in a place we're happy with, I'd love to equip folks technical and non-technical alike with a checklist of heuristics they can apply to systems they build or use to asses whether these principles are being upheld.

  4. Share your work — whether that’s putting your own thoughts in to writing, sharing your team’s research findings, or publishing your patterns (like the great work being done at


Ryan leads design at Fission where he’s working on UX and DX patterns for the future of the Internet, alongside some protocol engineering phenoms. You can find him wherever he is under the alias depatchedmode.

Subscribe to depatchedmode
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
This entry has been permanently stored onchain and signed by its creator.