Re: privacy definitions -- was: WebID questions from Kingsley Idehen on 2012-09-27 (public-webid@w3.org from September 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 27 Sep 2012 17:38:04 -0400
To: Ben Laurie <benl@google.com>
CC: Henry Story <henry.story@bblfish.net>, public-webid@w3.org
Message-ID: <5064C73C.4090706@openlinksw.com>

On 9/27/12 4:42 PM, Ben Laurie wrote:
>> I was only saying: if you want to log into a site without using a WebID based certificate, then don't use a WebID based certificate. But don't think that by doing that you are guaranteeing your privacy. As I explained if there is only one big web site to rule them all and you log into it without webid, whatever you post there will be seen not only by the people you wanted to have it visible to, but also by the owners of the site. In our Freedbom Box scenario that is not the case. So this is a case of showing how having a global identity that the user can control enhances privacy.
> Are you trolling? Your two examples would be equally satisfied by:
>
> 1. I have a site that will tell everybody everything that you are
> doing, except there's one GIF that only you and your friends can see.
> Clearly I am providing privacy to you.

"You" have a site? Who provides the infrastructure for the site to you? 
It could be any of the following:

1. Typical Web 2.0 SaaS instance -- the kind Google and friends offer, 
in this case members simply hope that Google stays clear (a major leap 
of faith e.g., GMAIL which requires access to mail content in order to 
serve up Ads based on content)

2. VM in the Cloud (like Amazon or indirectly via an Amazon reseller)  
-- in either case you might have:
    -- a SaaS app. so your back to the point in #1 but its some other 
entity playing Google's role
    -- Amazon or its reseller who don't have application level access 
but can shut the VM down

3. A site (data space) controlled by you e.g., a machine at home.

>
> 2. If you use your alternative technology via a man-in-the-middle, you
> get no privacy at all, so clearly your alternative technology provides
> no privacy.

Don't understand the point you are making. But I can tell you this, the 
man-in-the-middle vulnerability is speculative at best when dealing with 
Linked Data, graphs, and logic. The balance of power shifts from 
invaders/snoopers to  data space owners who can change policies, 
identity, and acls with alacrity.

>

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Thursday, 27 September 2012 21:38:31 UTC