[Freedombox-discuss] Relationship driven privacy
John Walsh
fiftyfour at waldevin.com
Sat Jul 2 22:58:20 UTC 2011
> Behalf Of Tony Godshall
> > ... The same principle exist between a reporter and a
> whistleblower.
> > The pseudonymity article suggests the technology exists to protect
> > freedom fighters through unlinkable pseudonyms.
>
> It's important, I think, to be able to extend the web of
> trust to people we can identify and trust, not just the I met
> at a key signing and confirmed his government ID, but also
> the guy who organized the protest and wears the baseball cap
> and shades and owns the freedomfigher997 at gmail.com e-mail address...
Agree
>
> > Outside the FreedomBox network, I will still need to access
> websites
> > using the insecure practise of username/password. ...
>
> Not so insecure if the password is encrypted... indeed it
> may be more secure than carrying around media containing your
> key, which may be taken from you by an authority...
The hard thing to know is if your password is encrypted and the password
rules are constantly changing the rules for password. Does this password
require numbers only? At least one capital letter? Are non-alphanumeric
characters required or accepted? Can the sites staff see the password so
that you must come up with another new password to remember? Finally you
only get 3 chances from your 20 possible password before we disable your
account. For me, a master password to your keys for is the best option
>
> > ... I would like to see FreedomBox
> > support OpenID and WebID i.e. the FreedomBox owner is the
> identity manager.
> > OpenID is in wide use, and has "personas" which is similar to
> > relationship profiles. WebID is more secure than OpenID, but AFAIK
> > does not have relationship profiles and is not widely used.
>
> Can you tell us more?
Basically at myopenid.com you can create different "Personas" (profiles of
information), which you choose at the time you login with openid. For me you
could have a friend persona, a sibling persona etc. I believe the technical
term is attribute exchange. If freedombox friend process had a similar UI
then there would be no distinguishable difference between the user.
>
> > Why can't new users today create their own account after passing a
> > challenge test using their personal information? The
> challenge test
> > would be performed on a device (MAC address registered on
> server) in a
> > secure area (identity check required for area access) and
> the user's
> > personal information must already exist on the HR/owner's
> server (Web of Trust).
>
> Well, that's opens our freedom fighter up for compromise, doesn't it?
> Our oppressed hero probably wants all his activities done
> under one or more pseudonyms...
>
> > I am
> > not suggesting FreedomBox do this, but wonder why doesn't this WOT
> > model exist already?
>
I wasn't really thinking of a freedomfighter use case. More like a secure
place such as a home or office. I can't understand why granting access to a
system is not automated when you have the new employees details in a HR
database or at home when a family member is listed in the owner's address
book
> Um... keysingings?
>
> https://secure.wikimedia.org/wikipedia/en/wiki/Key_signing_party
>
> Not that they're particularly user-friendly :-(
>
> Tony
More information about the Freedombox-discuss
mailing list