Re: privacy definitions -- was: WebID questions from Kingsley Idehen on 2012-09-27 (public-webid@w3.org from September 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 27 Sep 2012 16:01:09 -0400
To: Henry Story <henry.story@bblfish.net>
CC: Ben Laurie <benl@google.com>, public-webid@w3.org
Message-ID: <5064B085.3030804@openlinksw.com>
On 9/27/12 3:09 PM, Henry Story wrote:
> My understanding of privacy starts from a different intuition. A communication between two people is private if the only people who have access to the communication are the two people in question. One can easily generalise to groups: a conversation between groups of people is private (to the group) if the only people who can participate/read the information are members of that group....
>
> So now imagine that you and I and each member of this mailing list have their own freedom box [1] . A freedom box is a one person server that serves only the person in question. I am purposefully taking an extreme example to make the point. Now lets imagine you put a picture of our future meeting at TPAC in late October - I hope you will be able to come - onto your freedom box, and tag the people who appear in that picture taken later at night in a bar. You may not want to make it public until and unless all the members who have appeared in the picture accept that picture to be public. So to keep it close to our current technology, let us say you send them an e-mail with the link to the page containing the pictures. You don't want all the people on the web who see that URL as it passes unencrypted through the etherspace to be able to also click on the URL and see the picture. So you add an access control rule to your page that only allows the people who were designed in the picture - by WebID - to access to those resources. On receiving the mail the tagged people can click on the picture's URL, authenticate with WebID, and see the picture. Anybody else who tried would not be able to see it: 403 Access Forbidden. Now I would say that those pictures are protected for privacy - they are not public, and only visible to the designated group - and you have used WebID in the process of making sure they were kept private. There was no third person in the loop that also saw the pictures. Only those people you wanted to could see them.

Apropos your comments above, here is simple scenario demonstrating 
self-calibration of one's vulnerability i.e., privacy.

You take a photo of your kids, nephews, nieces etc. that you only want 
to share it with other family members.

Who determines and defines family and its membership in a machine 
discernible way that scales to the Web? Basically, in a manner that 
doesn't require any family member to signup up with Google+, Facebook, 
LinkedIn, Twitter etc..

Courtesy of WebID, you can mint certs. (circa. 2012 where WebID tools 
generate certs. with alacrity) for your family members, the perform the 
following steps:

1. use the WebID in an ACL (listing each family members WebID or a Group 
comprised of each family members WebID) or a SPARQL ASK query based data 
access policy
2. export x.509 certs, public key, and private key data  to a pkcs#12 file
3. email the pkcs#12 file to family members
4. share pkcs#12 file password with them via phone, sms, email, snail 
mail etc..
5. done!

Additional benefits, you know all the family members with whom you've 
shared access. Likewise, they know you know that they've been provided 
with access to a resource based on trust etc..

The same sequence plays out for any kind of resource: calendars, shared 
mailbox access (via IMAP4+WebID), RSS and Atom feeds, basic HTML docs, 
basically any kind of document that bears resources (useful stuff) via 
content.

Humans are best behaved when verifiable identity is pegged to specific 
activities. They also understand the value of trust :-)

As for the Freedom Box, it could be an actual machine at home or in the 
cloud. If in the cloud, your only vulnerability is the VM owner shutting 
down the VM instance or the VM hosted software admin role shutting down 
the data space (nee. Web) application server or disabling your account.

Note, I see personal data spaces evolution evolving as follows:

1. initially hosted within a SaaS model server -- the root / admin 
account can disable your account but never access your data (if its 
encrypted and you hold the decryption key)
2. hosted within a VM that you control in the cloud -- you are root / 
admin in this scenario
3. hosted in a machine in your own network -- a Freedom Box hosted 
personal data space .


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Thursday, 27 September 2012 20:01:38 UTC