- From: Henry Story <henry.story@bblfish.net>
- Date: Wed, 8 Feb 2012 22:28:02 +0100
- To: Larry Masinter <masinter@adobe.com>
- Cc: "www-tag@w3.org" <www-tag@w3.org>
- Message-Id: <270E582A-9E61-43B6-B45A-EA505F3283D8@bblfish.net>
Hi Larry, If SSL is combined with something like WebID ( http://webid.info/spec ) then it can improve privacy by reducing your need to go through a centralised provider. Currently the difficulty of creating accounts anywhere (user password combinations) has lead to a massive centralisation of information on a few providers. Since you need only one password to access all their nice features, people tend to gravitate there, even when protocols are available for instead using p2p networks. So if 2 people who want to communicate could easily communicate without involving any third party - and this has to be easy - then you do increase privacy massively. It is quite possible at a later point that SSL will need to be improved to make negotiation of authentication more sophisticatedand settable. But it is a good starting point, which works now, and with which one can get going immediately. I go into this in a bit more detail in the videos on my home page. The "Philosophy of the Social Web" shows how one can do this applying TAG principles. Henry On 8 Feb 2012, at 14:21, Larry Masinter wrote: > Recently in a TAG discussion about SPDY the statement: > “The use of SSL for all SPDY interactions offers the promise of improved privacy on the Web.” > > was discussed. I objected to this statement. > > I don’t see how using SSL offers much of a promise at all for improved privacy on the Web. To really offer a promise of “improved privacy on the Web”, a mitigation technique would have to actually be helpful in some of the privacy use cases. > > The primary security threat model to HTTP, for which SSL is mitigation, is that of 3rd party observation of communication. For example: > > A talks to B. Party C eavesdrops on the conversation (through packet sniffing, breaking into the routers between A and B, installing MITM interception). > SSL offers end-to-end encryption; without it, party C knows everything they are saying to each other. > > The primary privacy threat is not from eavesdroppers, though. The main privacy threat cases are of the form: > A talks to B; B gathers and collects information about A’s habits. B then subsequently shares B’s knowledge about A with a third party C, without A’s approval. > > That is, “privacy” is primarily concerned with the passing on of information that was originally allowed, through explicit, intentional actions of one of the parties. Intrusion is not required or necessary. > > Of course there are of course cases where poor security practices can also lead to loss of privacy (B tries to keep information about A private, but B’s data storage is compromised), but even in those cases, SSL, being only a session-layer security method, doesn’t offer any promise of improvement. > > And even with SSL, an eavesdropper C still can observe traffic, and know that A is talking to B. Traffic analysis – knowing what URLs you have visited – could still be a privacy threat. In some of the privacy use cases (“insurance company observes potential health insurance applicant might have a prior condition because they have visited web sites devoted to discussions of expensive to treat illnesses”), traffic analysis is almost as serious a threat. > > Could SSL actually REDUCE privacy? > > I can imagine that using SSL for all transactions can also diminish privacy – by improving the fingerprint of clients who use SSL, by interfering with or increasing the cost of using, supplying, supporting proxy anonymizers, etc. > > Conclusion: > > I can’t see any way that using SSL offers much of a promise of improved privacy on the Web. I don’t think anyone should claim it offers such a promise without at least justifying that it does more good than harm. > > Larry > > Social Web Architect http://bblfish.net/
Received on Wednesday, 8 February 2012 21:28:36 UTC