Re: privacy definitions -- was: WebID questions from Henry Story on 2012-10-18 (public-webid@w3.org from October 2012)

From: Henry Story <henry.story@bblfish.net>
Date: Thu, 18 Oct 2012 17:37:14 +0200
To: Rigo Wenning <rigo@w3.org>
Cc: ashok.malhotra@oracle.com, public-privacy@w3.org, David Singer <singer@apple.com>, Ian.Oliver@nokia.com, melvincarvalho@gmail.com, benl@google.com, public-webid@w3.org
Message-Id: <5BB53B71-F072-4F85-ADF7-B6E8832BD4BF@bblfish.net>

On 18 Oct 2012, at 17:03, Rigo Wenning <rigo@w3.org> wrote:

> On Thursday 18 October 2012 16:57:23 Henry Story wrote:
>> Is there a document that one can look at that shows the results of
>> this work?
> 
> http://code.w3.org/privacy-dashboard/
> Note that the dashboard has not fully implemented the mockups that 
> had been done. The dashboard carries a smiley. But we found out that 
> the best would be an non-animated button with footsteps on them. If 
> you click on them you would go to the dashboard. 

Ah yes. There is also this Firefox collusion plugin I installed which shows some 
interesting info about how different sites are tied together through cookies

  https://addons.mozilla.org/en-US/firefox/addon/collusion/

Before a browser can serve a cookie it is going to need to look up a cookie 
for that state in a database. So the persona functionality for example in
Google Chrome must tie the cookies to a persona, so that as one works in 
different personas different cookies get set. At the same time with different
personas, different setting for such a privacy dashboard could be set too 
( and I 

So the Google Chrome profile is allowing one to do this. But I am still not
quite there, because I would like to be able to know a bit more about the 
certificate used for example when I connect. 

To add to this picture now: with WebID I could potentially connect to all 
web sites with the same global ID easily. I could create a persona to do 
that in Google Chrome which  could offer the following settings:

 1. to first ask me when I get to a new web site, and then keep the selection
 2. to always use the same certificate when I use a persona
 3. to transitively use the same certificate when going between sites that 
   I have initially accepted using a certificate for.

So logging out from a web site here could mean something like switching
to the anonymous persona ( which opens a new frame ) rather than trying to log 
out of a site directly in the same frame. That could be one way to do it. 
But I think there is still an issue of making visible the strength of the connection
( cookie, cookies over sites, ssl, webidssl ). 

> 
> The documents are on 
> http://www.primelife.eu/
> 
> Rigo
> 

Social Web Architect
http://bblfish.net/

Attachments

application/pkcs7-signature attachment: smime.p7s

Received on Thursday, 18 October 2012 15:37:54 UTC