- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Sun, 21 Oct 2012 14:26:32 -0400
- To: Sam Hartman <hartmans-ietf@mit.edu>
- CC: Ben Laurie <ben@links.org>, Henry Story <henry.story@bblfish.net>, Mouse <mouse@rodents-montreal.org>, "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, "public-webid@w3.org" <public-webid@w3.org>
- Message-ID: <50843E58.1030606@openlinksw.com>
On 10/21/12 1:55 PM, Sam Hartman wrote: > I think if I hear the phrase context fluidity or nebulous enttity one > more time I'm going to give up in disgust. > Those phrases don't have enough meaning to have any place in a security > argument. Context matters. The subject of a security token matters. If they don't mean anything to you, then clearly, talking past one another is where we are at. > > You seem to believe that it is necessary to prove an event is related to > a person in order to have a privacy problem. Sorry, but it isn't as simple as that. But you don't believe in context or the nebulous nature of identity, so what else can I say? Somehow, you believe privacy is a simple matter. It isn't so simple, far from it. I one context I might want you to know what "I LIke" on Facebook in another I might not. I need to be the controller of this reality (fluid context). That's my reality offline, and it can be my reality online too. > If there are 20 seditious (in the context of some government) > messages posted and the government is able to link those events down to > 3 machines and conclude that only 10 people had access to those machines > at the same time, you have a privacy problem. Yes, but I don't think you can prove that who the 10 people where at that specific time. Again, you have temporality, context, and cognitive beings in the mix. Did "I" send this email? Or was it sent by some entity associated with the mailto: scheme URI: <mailto:kidehen@openlinksw.com> ? Who am I ? Who are You? Of Whom do you speak? > If the government decides that executing 10 people is an acceptable > cost those 10 people are just as dead even if 9 of them had nothing to > do with it. Well, I don't know that to be the norm in the real world. Luckily I've lived under dictatorships during a significant chunk of my life, and it isn't even so easy under those circumstances to pull off what you just outlined as some kind of example. > > Sitting there going "you never proved it was me, only my machine," isn't > going to help you as the fluids of your context are leaking out of an > ever more nebulous entity. > The fact is that by linking events, people can gain information about > real-world entities that might have had something to do with an event. > To the extent they gain that information, there is a loss of privacy. Privacy is lost when you aren't the one calibrating your vulnerability. The applies to online and offline media. That's the fundamental point re. privacy. It is all about "You" not "Them". Thus, the we need point to point communications where the payloads reach destinations without anyone snooping or acting as a "big brother" intermediary. "You" have to be able to control that. Simple example: "I" should be able to place a document in your in-box knowing its only accessible to "You". Likewise, you should be able to ensure that only "I" can place a document in an in-box you've setup for: 1. me 2. a group to which I belong 3. an expression that logically concludes I am an accepted depositor. > > Not all losses of privacy are bad. I never implied anything to the contrary. The only bad loss is the ability to calibrate your vulnerability online or offline. > Not all linkability is bad. Never said or every implied that either. > I give up privacy and create linkability every time I log into a site, > so that I can store preferences, manage entries I've posted in the past, > etc. You are calibrating your vulnerability when you decide to make data public, in any form. > Of course for the most part I'm not risking my fluid context with what I > do online. No, you are aware of the context in play. You know its fluid, but you don't care since the bottom-line is that you know its out in a medium that doesn't have an eraser. > I'd probably decide preferences weren't worth it if that was > the potential price. > > But seriously, can we either move this discussion off IETF lists or use > enough precision and stop hiding behind vague terminology that we can > have a computer security discussion? I am not in the business of vague terminology. I have live examples that back up whatever opinions I hold. There are just a link away, or a Google search away. > > Thanks for your consideration, > > --Sam > > > -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Sunday, 21 October 2012 18:26:58 UTC