index.html

<!doctype html>
<html>
	<head>
		<meta charset="utf-8">
		<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">

		<title>Pseudonymization Techniques in Python - Frank Valcarcel</title>

		<link rel="stylesheet" href="css/reveal.css">
		<link rel="stylesheet" href="css/theme/solarized.css">

		<!-- Theme used for syntax highlighting of code -->
		<link rel="stylesheet" href="lib/css/zenburn.css">

		<!-- Printing and PDF exports -->
		<script>
			var link = document.createElement( 'link' );
			link.rel = 'stylesheet';
			link.type = 'text/css';
			link.href = window.location.search.match( /print-pdf/gi ) ? 'css/print/pdf.css' : 'css/print/paper.css';
			document.getElementsByTagName( 'head' )[0].appendChild( link );
		</script>
	</head>

	<body>
		<div class="reveal">
			<div class="slides">

				<!-- #0 // Title Slide -->
				<section>
					<h1>Pseudonymization</h1>
					<h3>Techniques in Python</h3>
					<p>
						<small><a href="https://twitter.com/fmdfrank">@fmdfrank</a></small>
					</p>
				</section>


				<!-- #1 -->
				<section>
					<h2>What is pseudonymization?</h2>

					<p class="fragment">a data de-identification procedure</p>
					<p class="fragment">data records are replaced by one or more artificial identifiers called <em>pseudonyms</em></p>
					<p class="fragment">pseudonyms make a data record less identifiable without sacrificing data analysis and processing</p>

					<aside class="notes" data-markdown>
						- will repeat a lot of this later, but for folks unfamiliar with it... pseudonymization is:
					</aside>
				</section>


				<!-- #2 -->
				<section>
					<h2>Why would you do this?</h2>

					<p><span class="fragment">protect user identities</span></p>
					<p><span class="fragment">secure a dataset from identification</span></p>
					<p><span class="fragment">🚨 <strong>GDPR</strong> 🚨</span></p>

					<aside class="notes" data-markdown>
						- anything worth protecting is worth protecting well
						- security through obscurity
						- and it's kind of the law... have y'all heard of a little thing called GDPR?
					</aside>
				</section>


				<!-- #3 -->
				<section>
					<section>
						<h2>We've Updated Our Privacy Policy</h2>

						<aside class="notes">
							- anyone get one of these emails last month?
						</aside>
					</section>


					<section>
						<h2>IANAL</h2>
						<h3 class="fragment">I am not a lawyer.</h3>

						<aside class="notes" data-markdown>
							- I am not a lawyer!
							- don't ask me for legal advice
							- as a note, we're going to skip a lot of the mechanics of GDPR to focus on the scope of this talk so we wont talk about:
								- consent
								- the difference between collectors or processors
								- or how to know if it effects you or your org
							- ask a lawyer these questions
						</aside>
					</section>

					<section>
						<h2>General Data Protection Regulation (GDPR)</h2>

						<p>A new set of EU-based policies about how companies can collect and use consumer data. GDPR passed in 2016, but that included a waiting period for companies to adjust.</p>

						<p class="fragment"><strong>May 25, 2018</strong></p>

						<aside class="notes" data-markdown>
							- anyone know when it went into effect?
						</aside>
					</section>

					<section>
						<h2>The Rules</h2>

						<p class="fragment">
							<strong>Lawfulness, Fairness and Transparency</strong>
						</p>

						<p class="fragment">
							<strong>Purpose Limitation</strong>
						</p>

						<p class="fragment">
							<strong>Data Minimization</strong>
						</p>

						<p class="fragment">
							<strong>Accuracy</strong>
						</p>

						<p class="fragment">
							<strong>Storage Limitation</strong>
						</p>

						<p class="fragment">
							<strong>Integrity and Transparency</strong>
						</p>

						<aside class="notes">
							<ul>
								<li>Lawfulness, fairness and transparency <br>
									Data use must be lawful, fair, and transparent.
								</li>
								<li>Purpose Limitation <br>
									Data use must be for specific and legitimate purposes.
								</li>
								<li>Data Minimization <br>
									As little data as possible should be collected – only what’s required for your specific purposes.
								</li>
								<li>
									Accuracy <br>
									In-use data must be accurate and up to date at all times.
								</li>
								<li>
									Storage Limitation <br>
							  		Data must be stored for an appropriate amount of time; data should not be stored indefinitely.
								</li>
								<li>
									Integrity and Transparency <br>
							  		Data must be stored and processed securely.
								</li>
							</ul>
							</p>
						</aside>
					</section>

					<section>
						<h2>Personal Data</h2>

						<p>
							GDPR sets a broad definition of what constitutes <em>personal data</em>.
							<br><br>
							Any information that is owned by an individual, or that could identify a user, is now off-limits for most purposes without proper consent.
						</p>

						<aside class="notes" data-markdown>
							- it's important to define exactly what type of data this is all
							referencing...

							- the gist is that it's any personal data, we call this personally identifiable data, or PII
							but GDPR just calls it "personal data". GDPR paints in very broad strokes.
						</aside>
					</section>

					<section>
						<h2>Personal Data (examples)</h2>

						<ul>
							<li>Full Names</li>
							<li>Home Addresses</li>
							<li>Email Addresses</li>
							<li>Telephone Numbers</li>
							<li>DOB and/or Birthplace</li>
							<li>any Identification Numbers <br><em>(e.g. Driver's License, Passport, etc.)</em></li>
						</ul>

						<aside class="notes">
							can you identify someone with it?
							can it be used to identify someone with or without another data point?

							<br>
							if yes, or your unsure... it's probably personal data

						</aside>
					</section>
				</section>


				<!-- #4 -->
				<section>
					<h2>Who does this effect?</h2>

					<p>Countries in the European Union (EU) <span class="fragment"><strong>...actually 🤔</strong></span>
						<img height="470px" data-src="static/img/2000px-European_Union_map.svg.png" alt="the European Union">
					</p>

					<aside class="notes" data-markdown>
						- BREXIT anyone?
						- GDPR applies to all 28 members of the EU
						- under the regulation, any citizen of the EU is protected
						- so this should only concern you if you're collecting data from someone that's an EU citizen right?...
					</aside>
				</section>


				<!-- #5 -->
				<section>
					<h2>Long-Arm Jurisdiction</h2>

					<p>
						<strong>Article 3(1)</strong>
						<em>"applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union,
						regardless of whether the processing takes place in the Union or not"</em>
					</p>

					<aside class="notes" data-markdown>
						- ever heard the expression "the long arm of the law"?
						- GDPR is basically the Mr. Fantastic of Data Regulations! It has some very long and flexible arms!

						ok, some legal jargon:

						- this Article extends the regulation directly to a US web hosting company, for example, or an outsourced BPO firm, a Filipino technical support service, or any number of foreign service providers that in the past operated outside the scope of European law, when those services are used by a European data controller.

						- it also arguably applies to the activities of a US headquarters or affiliate in handling personal data in support of the activities of a European subsidiary.

						- and it also extends jurisdiction to controllers or processors with no establishment in the EU, if they offer goods or services to EU residents or monitor their behavior (this is especially significant since the GDPR extends the definition of “personal data” to include “online identifiers”).

					</aside>
				</section>


				<!-- #6 -->
				<section>
					<section>
						<h2>Data Privacy Techniques</h2>

						<p>🎉 no more legal stuff 🎉</p>
					</section>

					<section>
						<h2>Two Popular Methods</h2>

						<p>PSEUDONYMIZATION</p>

						<p>ANONYMIZATION</p>
					</section>

					<section>
						<h2>PSEUDONYMIZATION</h2>

						<p>An approach for treating personal data so that it cannot be used to identify individual users without the use of additional information. Most techniques involve replacing data with a placeholder value, or pseudonym. This pseudonym may be a masked version of a record or a token used for retrieving the original value.</p>

						<p class="fragment">Recommended by GDPR</p>
					</section>


					<section>
						<h2>ANONYMIZATION</h2>

						<p>A permanent de-identification of a data set so that no party will be able to identify the individuals in reference no matter what additional data they possess. Since anonymized data cannot be used to identify any individual, it is no longer considered personal data and as such does not fall under the purview of GDPR.
						</p>
					</section>
				</section>


				<!-- #7 - Pseudonymization -->
				<section>
					<section>
						<h2>Pseudonymization Techniques</h2>
					</section>

					<section>
						<h3>Data Masking</h3>

						<p>altering or replacing a record or part of a record without changing its format. For example, an unmasked social security number (SSN) might be stored as <br>
							<code>679-69-8549</code>, <br>
							but a masked SSN using a technique to substitute the digits might look like <br> <code>145-126-7741</code>.
						</p>

						<aside class="notes" data-markdown>
							- To mask data, characters in a record may be shuffled or substituted, and words may be substituted or obscured completely. The result is a realistic data set that cannot be reverse engineered or re-identified without additional information.
							- there are a lot of techniques that fall under this broader category.
						</aside>
					</section>

					<section>
						<h3>Approximation</h3>

						<p>
							a technique for replacing specific personal data with less specific values. For example, if a user's date of birth is August 20, 1997, then an approximated record might be stored as July 1- September 25, 1997, or even just 1997..
						</p>

						<aside class="notes" data-markdown>
							- This allows an organization to remove as much specific personal data as possible from a data set while still being able to derive useful information from it.
						</aside>
					</section>

					<section>
						<h3>Encryption</h3>

						<p>
							a cryptographic process that converts data into an unreadable format (ciphertext) so that only individuals or systems with access to the appropriate key can decrypt and read it.
						</p>

						<p class="fragment"><strong>No.</strong> Not mandatory according to GDPR</p>

						<aside class="notes" data-markdown>
							- we're probably familiar with this
							- so is it required by GDRP?
							- Data can be encrypted while in storage (at rest), and can also be encrypted when being shared or transferred (in transit). Note that there’s no one set of rules for when or how to encrypt personal data, and that encryption can place a heavy load on an application’s compute resources.
						</aside>
					</section>

					<section>
						<h3>Tokenization</h3>

						<p>
							tokenizing a piece of data is to replace it with a unique token that acts as a stand-in which can be used to retrieve the original value.
						</p>

						<aside class="notes" data-markdown>
							- Tokenization is often used in payment processing solutions such as Apple Pay or PayPal.
						</aside>
					</section>
				</section>


				<!-- #8 - Simple Example -->
				<section>
					<section>
						<h2>Simple Implementation Example</h2>

						<p>
							Python already supports a common pattern that allows an engineer to replace a attribute with a set of methods that can intercept values as they're written and read.
						</p>

						<p class="fragment">either <code>getter</code>/<code>setter</code> or <code>properties</code></p>

						<aside class="notes" data-markdown>
							- Python already supports a common pattern that allows an engineer to replace a attribute with a set of methods that can intercept values as they're written and read.
							- any guesses as to what they are?
						</aside>
					</section>

					<section>
						<p>For the following examples we'll use an overly simplified data masking and unmasking algorithm</p>

							<pre><code class="hljs lang-python" data-trim>
def shift(string, reverse=False):
    """Shift ord value of character within range."""

    new_string = []

    for char in string:
        try:
            value = ord(char)

            if value in range(ord('A'), ord('Z') + 1):
                min = ord('A')
                max = ord('Z')
            elif value in range(ord('a'), ord('z') + 1):
                min = ord('a')
                max = ord('z')

            values = range(min, max + 1)

            if reverse:
                index = values.index(value) - 1
            else:
                index = values.index(value) + 1

            new_string.append(chr(values[index % len(values)]))

        except:
            new_string.append(char)

    return ''.join(new_string)
							</code></pre>

							<aside class="notes" data-markdown>
							- this is really really simple, and incredibly easy to reverse engineer. DON'T DO THIS!
						</aside>
					</section>

					<section>
						<p>then to <code>mask</code> and <code>unmask</code>...</p>

							<pre><code class="hljs lang-python" data-trim>
def mask(value):
    return shift(value)


def unmask(value):
    return shift(value, True)
							</code></pre>
					</section>

					<section>
						<p>looks something like:</p>

						<pre><code class="hljs lang-python" data-trim>
$ python simple.py Frank Valcarcel
MASKING "Frank Valcarcel"
MASKED "Gsbol Wbmdbsdfm"
UNMASKED "Frank Valcarcel"
						</code></pre>
					</section>

					<section>
						<h2>Simple Implementation Example<br><small><code>getter/setter</code></small></h2>

						<pre class="fragment preload"><code class="hljs lang-python" contenteditable data-trim>
class User:
    def __init__(self):
        self._name = None

    @property
    def name(self):
        return self._name

    @name.setter
    def name(self, value):
        self._name = value
						</code></pre>

						<aside class="notes" data-markdown>
							- let's assume this class User, it has an attribute called `name` that qualifies as personal data
							- here we have a getter/setter defined that allows us to store and retrieve the attribute for `_name`
							- *edit textarea with the following examples
								- if we want to add pseudonymization to the value when it's stored, then we only need to update the `property` method, `name`
								- likewise, to re-identify the data on retrieval, we'd add a method on `name.setter`
						</aside>
					</section>

					<section>
						<p>looks something like:</p>

						<pre><code class="hljs lang-python" data-trim>
$ python
>>> user = User()
>>> user.name = "Frank Valcarcel"
>>> print(f'user.name => {user.name}')
user.name => Frank Valcarcel
>>> print(f'user._name => {user._name}')
user._name => Gsbol Wbmdbsdfm
						</code></pre>
					</section>
				</section>


				<!-- #9 - Django -->
				<section>
					<section>
						<h2>django Example</h2>
					</section>

					<section>
						<h2>A Simple django User Model</h2>

						<pre><code class="hljs lang-python">
from django.db import models
from django.contrib.auth.models import AbstractUser

class User(AbstractUser):
    name = models.CharField(max_length=128, blank=True)
    phone = models.CharField(max_length=17, blank=True)
    date_of_birth = models.DateField(blank=True, null=True)
    ip_address = models.GenericIPAddressField(blank=True, null=True)
						</code></pre>

						<p class="fragment">which fields are personal data?</p>
						<p class="fragment"><strong>ALL OF THEM</strong></p>
					</section>

					<section>

						<p><code>utils.py</code></p>

							<pre><code class="hljs lang-python" data-trim>
def shift(string, reverse=False):
    """Shift ord value of character within range."""
    new_string = []
    for char in string:
        try:
            value = ord(char)...
            new_string.append(chr(values[index % len(values)]))
        except:
            new_string.append(char)
    return ''.join(new_string)

def mask(value):
    return shift(value)

def unmask(value):
    return shift(value, True)
							</code></pre>

						<aside class="notes" data-markdown>
							- we're going to take our code from the simple example and create a utils file
							- remember, the masking algorithm was incredibly simple... don't use that it production!
							- to keep this talk short, I'm going to focus on the name field, since it ties back to our simple example and easy to follow.
						</aside>
					</section>

					<section>

						<p>Updated <code>user/models.py</code></p>

						<pre><code class="hljs lang-python" data-trim>
from django.db import models
from django.contrib.auth.models import AbstractUser

from app.utils import mask, unmask

class User(AbstractUser):
    _name = models.CharField(max_length=128, blank=True)

    @property
    def name(self):
        return unmask(self._name)

    @name.setter
    def name(self, value):
        self._name = mask(value)
							</code></pre>

						<aside class="notes" data-markdown>
							- now let's add the getter/setter to our `_name` field in our User model
						</aside>
					</section>
				</section>


				<section>
					<h2>Are we done?</h2>

					<img class="fragment" src="https://media.giphy.com/media/dqmpS64HsNvb2/giphy.gif">

					<aside class="notes" data-markdown>
						- we're going to take our code from the simple example and create a utils file
					</aside>
				</section>

				<section>
					<section>
						<h2>Checklist</h2>

						<p class="fragment">☐ Update the QuerySet</p>
						<p class="fragment">☐ Exclude Pseudonyms</p>
						<p class="fragment">☐ Update django-admin</p>

						<aside class="notes" data-markdown>
							- we want to filter our pseudonyms from the model object that we interact with in the application
							- the model's queryset doesn't yet support our properties
							- the django-admin won't work yet, it doesn't know how to exclude the pseudonyms or write to our setters and mask our values
						</aside>
					</section>

					<!-- Update the QuerySet -->
					<section>
						<h2>Update the QuerySet (1)</h2>

						<p>as defined, our model can not be queried using any of the unmasked values. e.g. we can not call methods like: <code>User.objects.filter(name='Frank')</code></p>

						<p>to get this working, we're going to overide our model's <code>QuerySet</code>, more specifically the <code>_filter_or_exclude</code> method</p>

        				<aside class="notes" data-markdown>
        					- we could override many more queryset methods, but this is where we're going to focus for the scope of this talk
        				</aside>
					</section>

					<section>
						<h2>Update the QuerySet (2)</h2>

						<p>let's look at the source code... <a href="https://docs.djangoproject.com/en/2.0/_modules/django/db/models/query/" target="_blank">django.db.models.query</a></p>
					</section>

					<section>
						<h2>Update the QuerySet (3)</h2>

						<p>so let's just insert our masked values in, and <code>super</code> the parent instance of <code>models.QuerySet</code> for everything else</p>
					</section>

					<section>
						<h2>Update the QuerySet (4)</h2>

						<pre><code class="hljs lang-python" data-trim>
class UserQuerySet(models.QuerySet):
    def _filter_or_exclude(self, negate, *args, **kwargs):

        masked_fields = ['name']

        for field in masked_fields:
            value = kwargs.pop(field, None)
            if value is not None:
                kwargs['_{}'.format(field)] = mask(value)

        return super(UserQuerySet, self)._filter_or_exclude(negate, *args, **kwargs)
						</code></pre>
					</section>

					<section>
						<h2>Update the QuerySet (5)</h2>

						<p>To finish this, we override the <code>AuthUserManager.get_queryset</code></p>

						<pre><code class="hljs lang-python" data-trim>
class UserManager(AuthUserManager):
    def get_queryset(self):
        return UserQuerySet(self.model)

class User(AbstractUser):
	...
	objects = UserManager()
						</code></pre>

					<p>✅ <code>User.objects.filter(name='Frank')</code> <br>✅ <code>User.objects.exclude(name='Frank')</code></p>

					</section>

					<section>
						<h2>Checklist</h2>

						<p>☑️ Update the QuerySet</p>
						<p>☐ Exclude Pseudonyms</p>
						<p>☐ Update django-admin</p>

						<aside class="notes" data-markdown>
							- ok, now lets filter out our pseudonyms
						</aside>
					</section>

					<!-- Exclude Pseudonyms -->
					<section>
						<h2>Exclude Pseudonyms (1)</h2>

						<p>pseudonyms are useless and will pollute our models</p>
						<p>django has this method <code>defer</code> we can call on QuerySets so let's look at the source code again... <a href="https://docs.djangoproject.com/en/2.0/ref/models/querysets/#defer" target="_blank">QuerySet.defer()</a></p>
					</section>

					<section>
						<h2>Exclude Pseudonyms (2)</h2>

						<p>This will be an easy addition now that we override <code>models.QuerySet</code></p>

						<pre><code class="hljs lang-python" data-trim>
class UserQuerySet(models.QuerySet):
    def _filter_or_exclude(self, negate, *args, **kwargs):

        masked_fields = ['name']
        unmasked_fields = [f'_{field}' for field in masked_fields]

        for field in masked_fields:
            value = kwargs.pop(field, None)
            if value is not None:
                kwargs[f'_{field}'] = mask(value)

        return super(UserQuerySet, self)._filter_or_exclude(negate, *args, **kwargs).defer(*unmasked_fields)
						</code></pre>

						<aside class="notes" data-markdown>
							- we added an unmasked_fields list, which is a comprehension of all fields from the masked list that start with '_'
							- we're then appending the defer method to our returned QuerySet
						</aside>
					</section>

					<section>
						<h2>Exclude Pseudonyms (3)</h2>

						<pre><code class="hljs lang-python" data-trim>
>>> u = User.objects.filter(name='Frank Valcarcel')
>>> u.__dict__
{'id': 1, 'password': 'pbkdf2_sha256...=', 'last_login': datetime.datetime(2018, 6, 11, 16, 20, 19, 775436, tzinfo=<UTC>), 'is_superuser': True, 'username': 'frank', 'first_name': 'Frank', 'last_name': '', 'email': 'katie@cuttlesoft.com', 'is_staff': True, 'is_active': True, 'date_joined': datetime.datetime(2018, 6, 11, 16, 20, 14, 334272, tzinfo=<UTC>)}
						</code></pre>

						<p><strong>Note: </strong>I did not override the <code>all()</code> query, but query methods that call <code>filter</code> like <code>get</code> will behave this way.</p>
					</section>

					<section>
						<h2>Checklist</h2>

						<p>☑️ Update the QuerySet</p>
						<p>☑️ Exclude Pseudonyms</p>
						<p>☐ Update django-admin</p>

						<aside class="notes" data-markdown>
							- almost done!
						</aside>
					</section>

					<!-- Update django-admin -->
					<section>
						<h2>Update django-admin (1)</h2>

						<p>write/read is masked/unmasked... but what about the django-admin?</p>

						<p>We need to update our admin so we can read and write appropriately

						<aside class="notes" data-markdown>
							- data on the object level is now automatically masked and unmasked... but what about the django-admin?
							- our admin forms have no idea what to do with this model's pseudonymized attributes... so we gotta fix that
						</aside>
					</section>

					<!-- Update django-admin -->
					<section>
						<h2>Update django-admin (2)</h2>

						<pre><code class="hljs lang-python" data-trim>
    class Meta:
        model = User

        fields = ('username', 'password', 'name')
        				</code></pre>

						<aside class="notes" data-markdown>
							- first we should tell it which fields to use
						</aside>
					</section>

					<section>
						<h2>Update django-admin (3)</h2>

						<pre><code class="hljs lang-python" data-trim>
class UserChangeForm(AuthUserChangeForm):
    name = forms.CharField()

    def __init__(self, *args, **kwargs):
        super(UserChangeForm, self).__init__(*args, **kwargs)
        self.fields['name'].initial = self.instance.name

        self.fields['name'].validators = self._meta.model._meta.get_field('_name').validators

    def clean(self, *args, **kwargs):
        super(UserChangeForm, self).clean(*args, **kwargs)
        self.instance.name = self.cleaned_data.get('name')
        				</code></pre>

						<aside class="notes" data-markdown>
							- next, let's begin to define a form that we can swap in place for the default one django wants to use
							- you can see we're overriding the built-in UserChangeForm from django.contrib.auth.forms
							- we're creating a form with a new Char field, name
							- on initialization we get the correct value, and check it against the validator for our masked field
							- so when the form's clean method is called, we can get the appropriate value, or error out on invalid input
						</aside>
					</section>

					<section>
						<h2>Update django-admin (4)</h2>

						<pre><code class="hljs lang-python" data-trim>
@admin.register(User)
class UserAdmin(AuthUserAdmin):
    form = UserChangeForm

    fieldsets = [
        (None, {'fields': ['username', 'password']}),
        ('Personal Data', {'fields': [
            'name',
        ]}),
    ]

    list_display = ('username', 'name')
        				</code></pre>

						<aside class="notes" data-markdown>
							- last we gotta register this sucker
							- we have our base fields of the model, namely username and password, but now
							- we created a group of subfields called personal data and added the `name` property to it
							- last we told django-admin how we would like the user's to be displayed in the user's list
						</aside>
					</section>

					<section>
						<h2>Checklist</h2>

						<p>☑️ Update the QuerySet</p>
						<p>☑️ Exclude Pseudonyms</p>
						<p>☑️ Update django-admin</p>

						<aside class="notes" data-markdown>
							- done!
						</aside>
					</section>

				</section>

				<section>
					<h2>Wanna see a demo?</h2>

					<!-- TODO: add link to live demo of django example -->
					<p>coming soon</p>
				</section>

				<!-- // end of slides -->
			</div>
		</div>

		<script src="lib/js/head.min.js"></script>
		<script src="js/reveal.js"></script>

		<script>
			Reveal.initialize({
				dependencies: [
					{ src: 'plugin/markdown/marked.js' },
					{ src: 'plugin/markdown/markdown.js' },
					{ src: 'plugin/notes/notes.js', async: true },
					{ src: 'plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } }
				],
				history: true,
			});

			// automatically load the initial fragment on a slide if the fragment
			// has been defined with the 'preload' class
			Reveal.addEventListener('slidechanged', function(event) {
			  if (event.currentSlide.querySelectorAll('.preload[data-fragment-index="0"]').length > 0) {
			    Reveal.nextFragment();
			  }
			});

			// if the initial fragment on a slide has been defined with a 'preload' class
			// then transition to the previous slide if the fragment is hidden
			Reveal.addEventListener('fragmenthidden', function(event) {
			  if (event.fragment.hasAttribute('data-fragment-index') && event.fragment.classList.contains('preload')) {
			    if (event.fragment.attributes['data-fragment-index'].value == "0") {
			      Reveal.prev();
			    }
			  }
			});
		</script>
	</body>
</html>