W3C home > Mailing lists > Public > public-webid@w3.org > October 2012

Re: [saag] Liking Linkability

From: Henry Story <henry.story@bblfish.net>
Date: Fri, 19 Oct 2012 15:13:42 +0200
Cc: Anders Rundgren <anders.rundgren@telia.com>, Ben Laurie <benl@google.com>, Kingsley Idehen <kidehen@openlinksw.com>, public-identity@w3.org, "saag@ietf.org" <saag@ietf.org>, "public-webid@w3.org" <public-webid@w3.org>
Message-Id: <D920BC74-B642-4EFE-8836-8D281D9E087F@bblfish.net>
To: Klaas Wierenga <klaas@cisco.com>

On 19 Oct 2012, at 14:43, Klaas Wierenga <klaas@cisco.com> wrote:

> Hi,
> (as a side note: shouldn't this be on the privacy list rather than the saag list?)

It kind of covers both, security and privacy. They are closely related. Also
WebID is a protocol that uses IETF's TLS so closely that I like to have the IETF
people in the loop. We're kind of between two institutions here. (I am used to
that: my mother is Austrian, my father British, lived in the US for a long time,
and was brought up in France :-).

> On Oct 18, 2012, at 9:30 PM, Anders Rundgren <anders.rundgren@telia.com> wrote:
>> On 2012-10-18 18:06, Ben Laurie wrote:
>>>> Do you have example of what you describe? By that question I mean: implicit
>>>> anonymity as a functional substrate of some realm that we experience today?
>>> That's what selective disclosure systems like U-Prove and the PRIME
>>> project are all about.
>> Which will never be of any practical use because without a reference
>> back you cannot really get anything useful done.  The search service
>> monopoly your employer (Google) runs is clearly among the largest threats
>> to privacy there is so I don't understand what you are blabbing about.
>> Is this about theory versus practice :-)
> Let's refrain from ad hominem attacks in a technical discussion….


But I think the fear expressed by that attack is justified and is really part
of what this thread is about. By focusing one unlinkability of identifiers one
in fact creates the space for large mega providers that have a Panopoticon-like
oversight over huge numbers of users to emerge. While I do wish to applaud those
services for the bold vision they have displayed in making us conscious of 
the advantages to be gained by working together on such a scale, I wish to enlarge 
that vision to a much larger space allowing the same to be done by players that
do not wish or cannot legally allow those players as intermediaries. 
> I don't think anyone has argued that linkability is a bad thing per se, what I believe is the crux is whether the links exists -by default- (like locators for a person that can be looked up by 3d parties in DNS) rather than -by choice-. It is the difference between being listed in the phone directory versus giving someone your phone number. I think the likes of Tor are not sufficient here, if the norm is that you are linkable than someone that is using Tor is by definition suspicious…

It is helpful to bring Tor into the discussion because it helps show what types of technology
can fix that type of problem.

> David Chadwick rightfully remarks that there is a balance that you need to strike based on a risk analysis, for me the question is how much of that risk analysis you want to leave to the protocol designer versus the end-user.

In risk analysis you need to also consider the other side of the question: what do you do if you don't have linkability? The answer is that you have to go to a central provider.

> As an end-user I like to have sufficient control over my privacy without having to understand how to do Tor.

If Tor, or something similar became widespread, you'd have no trouble using it, just like most people using Apple's products have no trouble using Unix (it used to be argued that Unix was impossibly difficult to use)

Anyway, we have a continuum:

 1. you use a mega provider with one login to it
   a. the mega provider can read all your mail, and everything you are communicating with other people
   b. the telcos can tell you are using the mega provider - but not what you are communicating about (assuming you use TLS)

 2. You use WebID over TLS + Access Controlled Read Write Web
   a. you can communicate only with the people/organisation you want to 
     ( no need for a mega provider, though they are not excluded )
   b. the telcos can see where your traffic is going more precisely - but they can't read your messages

 3. You use WebID + ACLed RWW + Tor
   a. you can communicate with the people/orgs you want to (and only them)
   b. the telcos can't see where your traffic is going
That is the continuum. So currently we are at 1. WebID adds the choice of 2 and 3, to increase
the options for privacy.

> Klaas

Social Web Architect

Received on Friday, 19 October 2012 13:14:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:37 UTC