Re: [saag] Liking Linkability from Kingsley Idehen on 2012-10-21 (public-privacy@w3.org from October to December 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Sun, 21 Oct 2012 14:26:32 -0400
To: Sam Hartman <hartmans-ietf@mit.edu>
CC: Ben Laurie <ben@links.org>, Henry Story <henry.story@bblfish.net>, Mouse <mouse@rodents-montreal.org>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, "public-webid@w3.org" <public-webid@w3.org>
Message-ID: <50843E58.1030606@openlinksw.com>

On 10/21/12 1:55 PM, Sam Hartman wrote:
> I think if I hear the phrase  context fluidity or nebulous enttity one
> more time I'm going to give up in disgust.
> Those phrases don't have enough meaning to have any place in a security
> argument.

Context matters.

The subject of a security token matters.

If they don't mean anything to you, then clearly, talking past one 
another is where we are at.

>
> You seem to believe that it is necessary to prove an event is related to
> a person in order to have a privacy problem.

Sorry, but it isn't as simple as that. But you don't believe in context 
or the nebulous nature of identity, so what else can I say?

Somehow, you believe privacy is a simple matter. It isn't so simple, far 
from it.

I one context I might want you to know what "I LIke" on Facebook in 
another I might not. I need to be the controller of this reality (fluid 
context). That's my reality offline, and it can be my reality online too.

> If  there  are 20 seditious (in the context of some government)
> messages posted and  the government is able to link those events down to
> 3 machines and conclude that only 10 people had access to those machines
> at the same time, you have a privacy problem.

Yes, but I don't think you can prove that who the 10 people where at 
that specific time.

Again, you have temporality, context, and cognitive beings in the mix.

Did "I" send this email? Or was it sent by some entity associated with 
the mailto: scheme URI: <mailto:kidehen@openlinksw.com> ? Who am I ? Who 
are You?
Of Whom do you speak?

> If the government decides that executing 10 people  is an acceptable
> cost those 10 people are just as dead even if 9  of them had nothing to
> do with it.

Well, I don't know that to be the norm in the real world. Luckily I've 
lived under dictatorships during a significant chunk of my life, and it 
isn't even so easy under those circumstances to pull off what you just 
outlined as some kind of example.

>
> Sitting there going "you never proved it was me, only my machine," isn't
> going to help you as the fluids of your context are leaking out of an
> ever more nebulous entity.
> The fact is that by linking events, people can gain information about
> real-world entities that might have had something to do with an event.
> To the extent they gain that information, there is a loss of privacy.

Privacy is lost when you aren't the one calibrating your vulnerability. 
The applies to online and offline media. That's the fundamental point 
re. privacy. It is all about "You" not "Them". Thus, the we need point 
to point communications where the payloads reach destinations without 
anyone snooping or acting as a "big brother" intermediary. "You" have to 
be able to control that.

Simple example: "I" should be able to place a document in your in-box 
knowing its only accessible to "You". Likewise, you should be able to 
ensure that only "I" can place a document in an in-box you've setup for:

1. me
2. a group to which I belong
3. an expression that logically concludes I am an accepted depositor.

>
> Not all losses of privacy are bad.

I never implied anything to the contrary. The only bad loss is the 
ability to calibrate your vulnerability online or offline.

> Not all linkability is bad.

Never said or every implied  that either.

> I give up privacy and create linkability every time I log into a site,
> so that I can store preferences, manage entries I've posted in the past,
> etc.

You are calibrating your vulnerability when you decide to make data 
public, in any form.

> Of course for the most part I'm not risking my fluid context with what I
> do online.

No, you are aware of the context in play. You know its fluid, but you 
don't care since the bottom-line is that you know its out in a medium 
that doesn't have an eraser.

>   I'd probably decide preferences weren't worth it if that was
> the potential price.
>
> But seriously, can we either move this discussion off IETF lists or use
> enough precision and stop hiding behind vague terminology that we can
> have a computer security discussion?

I am not in the business of vague terminology. I have live examples that 
back up whatever opinions I hold. There are just a link away, or a 
Google search away.

>
> Thanks for your consideration,
>
> --Sam
>
>
>

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Sunday, 21 October 2012 18:27:00 UTC