W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: YouID for Android Released

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 22 May 2014 13:23:05 -0400
Message-ID: <537E3279.7030702@openlinksw.com>
To: Peter Williams <home_pw@msn.com>
CC: "public-webid@w3.org" <public-webid@w3.org>
On 5/22/14 12:00 PM, Peter Williams wrote:
> remember two things - that perhaps dont gel with how you are 
> indoctrinated (if you grew up in the UK say, and reached 18 before the 
> internet took off.).
> 1.
>     in the US, there is NO expectation or privacy IF YOU USE THE
>     INTERNET. That is the official position. Ask Mr  Lavabit. You can
>     add “sensitivity private” to your headers all you like, you can
>     add a footer saying “private and conditional, attorney privilege”;
>     it makes no difference (contrary to what you might believe). The
>     only privacy comes when you make it so (because its hard to read..)

This is what I mean by "self calibration of one's vulnerability" i.e., 
you control the levers in regards to:

1. signature
2. encryption (be it asymmetric or symmetric [here the "shared secret" 
is encrypted using your Public Key in Encryption At Rest (EAR) scenarios 
using AES] )
3. access to resources you share via the Web or Internet -- agents 
accessing your protected resource don't need to be equipped (by default) 
with any particular information about your ACLs or Data Access policy 
algorithms (you control that by making up whatever policy works for you).

> 1.
>     Collect it all, is the phrase to remember. What don’t you get,
>     yet, about ‘collect it ALL??!!??” (to use an Americanism.) All 
>     means ALL (including whatever your mic is picking up, en les
>     environs, and your “proxmity association” with other devices in
>     sound range [ about 100m, for a modern phone)).

Yes, you have to assume everything is collected because its sort of 
cheaper (in a retarded way, at tax payer expense) to do it that way.

> the rationale is quite simple: who knows - when tracing back four 
> years later through having figured that you were happenstance near Mr 
> Foo - four year ago - now a terrorist suspected of planning a demo 
> against animal cruelty - the mic MIGHT have picked up the original 
> plot details, the co-conspirators, etc etc.


> Dont be tempted to talk about Arab Springs, or low cost twittering 
> devices that faciliate web revolutions that free folk from the local 
> dictator. That was as bogus a technique for technology saving freedoms 
> as was PGP saving the Soviet Refusniks  (an invented evil and 
> solution, used to selling PGP to Americans).
> Now, what we can do with linked-data trust models is augment the 
> public/enterprise/cloud space; with an overlay. that is the trust and 
> assurance that comes with good governance is a [assurance] bootstrap - 
> for the overlay that then expresses mutual understandings on a small 
> scale.
> The purpose of NOT going against the tide is that the tide GIVES 
> distributed models what they lack - a trusted bootstrap.


> Put technically, you use the public channels of SSL (wehre there 
> is “zero expectation of privacy”, say, to boot up the next SSL tunnel 
> - which is NOT build according to the “governance model”.
> This is what we did with SSL, years ago. We allowed the whole CA 
> hierarchy to come into being, allowed NSA to infiltrate VeriSign upper 
> management (easy enough… just offer $$$), IN ORDER THAT there was easy 
> plumbing for self-signed certs that its trivial to configure - on 
> consumer-grade [prpducts (phones, routers bought in the supermarket). 
> Back then, this was as much as we could get through the “crypto 
> politics” , allowing public trust and personal trust to intermingle.

Enabling URIs in the SAN slot of a certificate was the key to 
everything. That ensured the future of webby PKI.

> Now, I feel, with self-signed client certs, linked through json-ld, we 
> get to go further.

Yes, but do remember:

1. json-ld -- is for web developers
2. turtle -- is for everyone.

Thus, the goal is for everyone to be able to represent their worldview 
using compact digital sentences. For instance, I can pack Turtle into a 
tweet which turns a tweet into a Linked Data launchpad for 
follow-your-nose exploration (by human or machine). Basically, I refer 
to this as "Nanotation" .

> The key is NOT to annoy the “authorities” but work with them 
> (understand that now we all know thats its a “collect it all” 
> atmostsphere;. Of course, folks HERE knew that ALL along (where else 
> did the research funds for all this… come from; lets be honest)). one 
> goes out tpo find a new level of public/private partnership; using the 
> overlay concept set - understand that private means “cipher it” vs 
> expect some rights. Of course, ciphering it doesnt means folks dont 
> have easy access to your commodity phone/router to explouit it, or the 
> inbility in 5 years to decrypt it by cryptanlaysis, having “collected 
> it all, including the ciphertext).
> But, we WOULD have moved forward…. an inch.


Kingsley .

> Sent from Surface Pro
> *From:* Melvin Carvalho <mailto:melvincarvalho@gmail.com>
> *Sent:* ‎Thursday‎, ‎May‎ ‎22‎, ‎2014 ‎8‎:‎07‎ ‎AM
> *To:* Anders Rundgren <mailto:anders.rundgren.net@gmail.com>
> *Cc:* Kingsley Idehen <mailto:kidehen@openlinksw.com>, 
> public-webid@w3.org <mailto:public-webid@w3.org>, peter Msn 
> <mailto:home_pw@msn.com>
> On 22 May 2014 14:55, Anders Rundgren <anders.rundgren.net@gmail.com 
> <mailto:anders.rundgren.net@gmail.com>> wrote:
>     On 2014-05-22 13:03, Kingsley Idehen wrote:
>         On 5/22/14 12:55 AM, Anders Rundgren wrote:
>             Statements like "take full control of your online (Web and
>             Internet)
>             Identity" may sound cool but has essentially no value
>             since just about
>             all service providers have their own "identity system"
>             which you
>             either accept or reject.  The latter means you won't be
>             able to use
>             their services.  Calling this "take full control" is IMO
>             quite a stretch.
>         You have full control of your (Web and Internet) Identity when the
>         following hold true:
>         1. You control the Identifiers that denote You
>         2. You control the Identity Cards that Describe You
>         3. You control the location of Identity Cards that Describe You
>         4. You control the Signature used to verify You
>         5. You control the control how Data is encoded for You
>         6. You control the ACL and Access policies for accessing stuff
>         created
>         by You
>         6. You can achieve all of the above from any platform You choose.
>     Of course!  What I'm (indirectly) saying is that this doesn't apply to
>     - Government IDs
>     - Enterprises using AD
>     - Banks
>     because in those cases you are *assigned* an identity and what is
>     behind that is
>     completely out of your control.  Your only option is not using the
>     services.
> But the web as a publishing platform allows you to annotate that ID 
> however you want.  Especially if all parties agree, at least in 
> principle, that it belongs to you.
>         Look, the architecture of the World Wide Web wasn't built for any
>         particular industry. It was built to empower You!
>     IMO, the web is just a network and can in similarity with most other
>     technology be used in good and bad ways.
>     I regard "the distributed social web" as a positive development but I
>     also have severe problems with the proponents' lack of interest in
>     traditional uses since this is how Microsoft managed achieving a ZERO
>     market-share for their take on authentication in the consumer space.
>     Pragmatism you know :-)
>         I notice you still don't send signed emails, why? I don't
>         believe that
>         has anything to do with a particular industry, or does it? :-)
>     Well, I have actually been involved in this discussion since
>     around Y2000
>     but I don't want to go over this here...
>     Anders



Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Received on Thursday, 22 May 2014 17:23:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC