Re: Recovery of compromised WebID

On 3/4/19 12:26 PM, Jonas Smedegaard wrote:
> Hi Kingsley,
>
> Quoting Kingsley Idehen (2019-03-04 16:58:02)
>> On 3/4/19 5:26 AM, Jonas Smedegaard wrote:
>>> No self-host-your-WebID turnkey solutions exist yet, to my 
>>> knowledge, but if some custom tinkering is acceptable, then in 
>>> addition to my own work above you might consider these alternatives: 
>>> https://freedombox.org/ and https://internetcu.be/
>>
>> Hi Jonas,
>>
>> We have implemented the following in our YouID offering:
>>
>> 1. X.509 Cert and WebID-Profile doc relations setup for both WebID-TLS 
>> and WebID-TLS+Delegation
>>
>> 2. Delivered as a hosted App or Browser Extension.
>>
>> Thus, if you have a WebDAV- or LDP-compliant data space YouID will 
>> assist in the creation of a self-hosted data space for your 
>> credentials (i.e., relations in WebID-Profile doc).
>>
>> Links:
>>
>> 1. https://youtu.be/GkD0RCh9kGs -- screencast demonstrating YouID 
>> Browser Extension and the use of a Solid Pod for self-hosting 
>> credentials
> Yes, I am aware of YouID, but believe it does not (yet) fit my criteria:
>
> When I search (using DuckDuckGo, if that matter) I find 
> http://youid.openlinksw.com/ - is that the YouID project homepage?
>
> At that page I see several links to _installing_ the project, but no 
> link to getting the _source_ for it.  I guess source is available and 
> freely licensed, just not as prominently promoted as usage, right?  Can 
> you help point me to its sources?
>
> With those two data points, I am better able to assess if YouID is 
> suitable for packaging into Debian, which is one of my criterias.
>
> ...and even if unsuitable, or perhaps even not freely licensed, I still 
> appreciate its existence - then I just don't find it trustworthy, 
> personally :-)
>
>
>  - Jonas
>
The original YouID releases covered:

1. iOS -- secure

2. Android -- secure

3. Hosted Edition -- questionable since a hosted app is trying to offer
privacy to a 3rd party (not possible).

Assumption is that privacy is about self-calibration of one's
vulnerability. Thus, a 3rd party cannot offer that to an individual (as
per #3).

The chrome extension is an addition.

Here is the chrome store browser extension page:
https://chrome.google.com/webstore/detail/openlink-youid/kbepkemknbihgdmdnfainhmiidoblhee?hl=en
.

This extension localizes (everything is in your browser) the process of
creating and saving your credentials. It's support of Solid Pods as
WebID-Profile docs hosts fills in the missing gaps of yore re. bootstrap.

The big problem here is that to self-host users have to make some
investment in knowledge about the basics of PKI, but they typically
don't want to do this which makes them eternally vulnerable to the
"devil's in the default" problem that permeates the Web i.e., some big
co offers a convenient solution that compromises their privacy, implicitly.

[1] https://github.com/OpenLinkSoftware/youid -- Open Source Edition of
YouID Browser Extension (it might be a little out of date, but you can
fork and track PRs etc..)

-- 
Regards,

Kingsley Idehen       
Founder & CEO 
OpenLink Software   
Home Page: http://www.openlinksw.com
Community Support: https://community.openlinksw.com
Weblogs (Blogs):
Company Blog: https://medium.com/openlink-software-blog
Virtuoso Blog: https://medium.com/virtuoso-blog
Data Access Drivers Blog: https://medium.com/openlink-odbc-jdbc-ado-net-data-access-drivers

Personal Weblogs (Blogs):
Medium Blog: https://medium.com/@kidehen
Legacy Blogs: http://www.openlinksw.com/blog/~kidehen/
              http://kidehen.blogspot.com

Profile Pages:
Pinterest: https://www.pinterest.com/kidehen/
Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen
Twitter: https://twitter.com/kidehen
Google+: https://plus.google.com/+KingsleyIdehen/about
LinkedIn: http://www.linkedin.com/in/kidehen

Web Identities (WebID):
Personal: http://kingsley.idehen.net/public_home/kidehen/profile.ttl#i
        : http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this