Re: [saag] Liking Linkability from Ben Laurie on 2012-10-18 (public-privacy@w3.org from October to December 2012)

From: Ben Laurie <ben@links.org>
Date: Thu, 18 Oct 2012 20:29:37 +0100
To: Henry Story <henry.story@bblfish.net>
Cc: Mouse <mouse@rodents-montreal.org>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>
Message-ID: <CAG5KPzxGz+4MywjP4knfbDr2gyvqUZc1HEBXgtaDfYT+DPg5yg@mail.gmail.com>

On Thu, Oct 18, 2012 at 8:20 PM, Henry Story <henry.story@bblfish.net> wrote:
>
> On 18 Oct 2012, at 21:04, Mouse <mouse@Rodents-Montreal.ORG> wrote:
>
>>> [...]
>>> Unfortunately, I think that's too high of a price to pay for
>>> unlinkability.
>>> So I've come to the conclusion that anonymity will depend on
>>> protocols like TOR specifically designed for it.
>>
>> Is it my imagination, or is this stuff confusing anonymity with
>> pseudonymity?  I feel reasonably sure I've missed some of the thread,
>> but what I have seem does seem to be confusing the two.
>>
>> This whole thing about linking, for example, seems to be based on
>> linking identities of some sort, implying that the systems in question
>> *have* identities, in which case they are (at best) pseudonymous, not
>> anonymous.
>
> With WebID ( http://webid.info/ ) you have a pseudonymous global identifier,
> that is tied to a document on the Web that need only reveal your public key.
> That WebID can then link to further information that is access controlled,
> so that only your friends would be able to see it.
>
> The first diagram in the spec shows this well
>
>   http://webid.info/spec/#publishing-the-webid-profile-document
>
> If you put WebID behind TOR and only have .onion WebIDs - something that
> should be possible to do - then nobody would know WHERE the box hosting your
> profile is, so they would not be able to just find your home location
> from your ip-address. But you would still be able to link up in an access
> controlled manner to your friends ( who may or may not be serving their pages
> behind Tor ).
>
> You would then be unlinkable in the sense of
> http://tools.ietf.org/html/draft-iab-privacy-considerations-03
>
> [[
>       Within a particular set of information, the
>       inability of an observer or attacker to distinguish whether two
>       items of interest are related or not (with a high enough degree of
>       probability to be useful to the observer or attacker).
> ]]
>
> from any person that was not able to access the resources. But you would
> be linkable by your friends. I think you want both. Linkability by those
> authorized, unlinkability for those unauthorized. Hence linkability is not
> just a negative.

I really feel like I am beating a dead horse at this point, but
perhaps you'll eventually admit it. Your public key links you. Access
control on the rest of the information is irrelevant. Indeed, access
control on the public key is irrelevant, since you must reveal it when
you use the client cert. Incidentally, to observers as well as the
server you connect to.

Received on Saturday, 20 October 2012 20:28:43 UTC