- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Tue, 18 Oct 2011 23:08:56 +0200
- To: Rigo Wenning <rigo@w3.org>
- Cc: public-privacy@w3.org
* Rigo Wenning wrote: >I think we need further research on the "right to be forgotten" to erase >content from the web. But this is tricky. Remember the cancel messages in >NNTP? There were cancel-message wars going back and forth. I also don't >believe the web can guarantee the total technically guaranteed erasure of >content. But there should be ways to make some stuff more difficult to see as >it may ruin lifes, even after years. Usenet also has the X-No-Archive header which signals that a message should be kept out of long term archives. It's obviously imperfect as the messages do not self-destruct and you have semantic problems like whether the signal is transitive (do you archive replies to messages with the header set?) but there seems to be enough social pressure to honour it so it works quite well as far as I am aware. Archives also tend to offer out-of-medium ways to cancel messages late which may be necessary as cancels for very old messages might not propagate, so you might enter a message id in a web form and then have to click on some confirmation link that arrives via e-mail. Lack of verification that some entity is legitimately requesting that a message be canceled is in fact the primary problem with cancels on Usenet. There have been a number of threads on comp.lang.javascript recently for instance about how Google is letting its users bury the group with porn and pill spam that would be utterly trivial to detect with as little as a keyword filter with a dozen of keywords, but the social conventions around third party cancels make it difficult to re- move the Google user spam. Conversely, some people would really like to remove old messages of theirs, but they no longer control the mail address they posted it under. Another interesting aspect with Usenet cancels is that for most other users the mechanism is largely hidden and when their server decided to honour a cancel, they most probably would not be able to retrieve the message anymore. On Wikipedia the dynamics are quite different, it is easy to see when a user removed some other user's statements, usually it's easy to access and restore them for everybody, and some editors have adopted various "proven identity" schemes where they just need to know a certain secret even if they lose their accounts (they publish some hash along with instructions how to generate it from a secret on their user page, the edit along with who made it and when it was made is logged; if their accounts get hacked, revealing the secret proves they are likely whoever put the hash there, if that was sufficiently long ago, they can have their account restored to them, without need to reveal anything else). In meatspace we are already a bit farther ahead. It's easy to buy a telescope and spy on your neighbours, but most people will actually feel that they are doing something society deems largely unacceptable if they do so, even if only indirectly through fearing to be found out much as we tend to turn around, move away, pretend not to have caught anything when accidentally intruding in some private situation. Here in Germany, law already protects citizens from abusive use of old Usenet postings in a similar way: everyone has the right to access the data someone might hold on them, including where the data is from and the logic involved in the automated processing of the data. If someone suspects something fishy going on, like when they are supposed to pay a premium they did not expect, they principially have the tools to get to the bottom of it and expose it, allowing society to impose further restrictions where self-regulation has failed. We also organize things like many forms on insurance on the principle of solidarity and if you are a federal minister whose extramarital affair results in a child, that no longer means you can't lead a conservative party, so there is not much of an incentive to use such data either, relatively speaking. (We actually have "Die datenschutzkritische Spackeria", a movement of slightly satirical "post-privacy" advocates who remind us that there are multiple angles to address "privacy" issues, highlighting things as I mentioned them above like solidarity and tolerance that can re- move the need to, say, segregate audiences as Rigo Wenning mentioned, to some degree. That does seem important to keep in mind.) -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Tuesday, 18 October 2011 21:09:30 UTC