W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: YouID for Android Released

From: Peter Williams <home_pw@msn.com>
Date: Thu, 22 May 2014 16:00:52 +0000
Message-ID: <SNT404-EAS23110FC63C26B0B5A9BED4E923F0@phx.gbl>
To: Melvin Carvalho <melvincarvalho@gmail.com>, Anders Rundgren <anders.rundgren.net@gmail.com>
CC: Kingsley Idehen <kidehen@openlinksw.com>, "public-webid@w3.org" <public-webid@w3.org>
remember two things - that perhaps dont gel with how you are indoctrinated (if you grew up in the UK say, and reached 18 before the internet took off.).

in the US, there is NO expectation or privacy IF YOU USE THE INTERNET. That is the official position. Ask Mr  Lavabit. You can add “sensitivity private” to your headers all you like, you can add a footer saying “private and conditional, attorney privilege”; it makes no difference (contrary to what you might believe). The only privacy comes when you make it so (because its hard to read..)

Collect it all, is the phrase to remember. What don’t you get, yet, about ‘collect it ALL??!!??” (to use an Americanism.) All  means ALL (including whatever your mic is picking up, en les environs, and your “proxmity association” with other devices in sound range [ about 100m, for a modern phone)).

the rationale is quite simple: who knows - when tracing back four years later through having figured that you were happenstance near Mr Foo - four year ago - now a terrorist suspected of planning a demo against animal cruelty - the mic MIGHT have picked up the original plot details, the co-conspirators, etc etc.

Dont be tempted to talk about Arab Springs, or low cost twittering devices that faciliate web revolutions that free folk from the local dictator. That was as bogus a technique for technology saving freedoms as was PGP saving the Soviet Refusniks  (an invented evil and solution, used to selling PGP to Americans).

Now, what we can do with linked-data trust models is augment the public/enterprise/cloud space; with an overlay. that is the trust and assurance that comes with good governance is a [assurance] bootstrap - for the overlay that then expresses mutual understandings on a small scale.

The purpose of NOT going against the tide is that the tide GIVES distributed models what they lack - a trusted bootstrap. Put technically, you use the public channels of SSL (wehre there is “zero expectation of privacy”, say, to boot up the next SSL tunnel - which is NOT build according to the “governance model”.

This is what we did with SSL, years ago. We allowed the whole CA hierarchy to come into being, allowed NSA to infiltrate VeriSign upper management (easy enough… just offer $$$), IN ORDER THAT there was easy plumbing for self-signed certs that its trivial to configure - on consumer-grade [prpducts (phones, routers bought in the supermarket). Back then, this was as much as we could get through the “crypto politics” , allowing public trust and personal trust to intermingle.

Now, I feel, with self-signed client certs, linked through json-ld, we get to go further. 

The key is NOT to annoy the “authorities” but work with them (understand that now we all know thats its a “collect it all” atmostsphere;. Of course, folks HERE knew that ALL along (where else did the research funds for all this… come from; lets be honest)). one goes out tpo find a new level of public/private partnership; using the overlay concept set - understand that private means “cipher it” vs expect some rights. Of course, ciphering it doesnt means folks dont have easy access to your commodity phone/router to explouit it, or the inbility in 5 years to decrypt it by cryptanlaysis, having “collected it all, including the ciphertext).

But, we WOULD have moved forward…. an inch.

Sent from Surface Pro

From: Melvin Carvalho
Sent: ‎Thursday‎, ‎May‎ ‎22‎, ‎2014 ‎8‎:‎07‎ ‎AM
To: Anders Rundgren
Cc: Kingsley Idehen, public-webid@w3.org, peter Msn

On 22 May 2014 14:55, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:

On 2014-05-22 13:03, Kingsley Idehen wrote:

On 5/22/14 12:55 AM, Anders Rundgren wrote:

Statements like "take full control of your online (Web and Internet)
Identity" may sound cool but has essentially no value since just about
all service providers have their own "identity system" which you
either accept or reject.  The latter means you won't be able to use
their services.  Calling this "take full control" is IMO quite a stretch.

You have full control of your (Web and Internet) Identity when the
following hold true:

1. You control the Identifiers that denote You
2. You control the Identity Cards that Describe You
3. You control the location of Identity Cards that Describe You
4. You control the Signature used to verify You
5. You control the control how Data is encoded for You
6. You control the ACL and Access policies for accessing stuff created
by You
6. You can achieve all of the above from any platform You choose.

Of course!  What I'm (indirectly) saying is that this doesn't apply to
- Government IDs
- Enterprises using AD
- Banks
because in those cases you are *assigned* an identity and what is behind that is
completely out of your control.  Your only option is not using the services.

But the web as a publishing platform allows you to annotate that ID however you want.  Especially if all parties agree, at least in principle, that it belongs to you.


Look, the architecture of the World Wide Web wasn't built for any
particular industry. It was built to empower You!

IMO, the web is just a network and can in similarity with most other
technology be used in good and bad ways.

I regard "the distributed social web" as a positive development but I
also have severe problems with the proponents' lack of interest in
traditional uses since this is how Microsoft managed achieving a ZERO
market-share for their take on authentication in the consumer space.
Pragmatism you know :-)

I notice you still don't send signed emails, why? I don't believe that
has anything to do with a particular industry, or does it? :-)

Well, I have actually been involved in this discussion since around Y2000
but I don't want to go over this here...

Received on Thursday, 22 May 2014 16:20:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC