[Freedombox-discuss] Relationship driven privacy

Sébastien Lerique seblerique at wanadoo.fr
Tue Jul 12 19:05:51 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello everybody,

On 12/07/11 14:17, Isaac Wilder wrote:
> <snip> I think
> that you've presented a workable breakdown of the issues at hand,
> though I hold that you've neglected one FreedomBox capacity that I
> would consider essential.
> 

Indeed it was missing! Comments below.

> I also want to pose a question to the wider community, which I hope
> won't be considered presumptuous. It's asked only in the spirit of
> cooperation, common cause, and camaraderie. Does anyone else feel like
> there is a progress-inhibiting rift developing between a group of
> 'insiders' and 'outsiders?' I only mean to say that I have some doubts
> about the efficacy of on-list conversation, because I do not see much
> participation from members of the TAC. This makes me worry that we
> are engaging in idle chatter while the actual decisions about
> FreedomBox and its features are being made in a back room somewhere.
> 
> I would be happy to be told that I'm wrong on this one, and that a
> quorum is indeed present. Just thought I would see if anyone else if
> having similar feelings. What is the organisational structure here?
> What does it mean? Who are we? Is this a worthwhile question?
> 

I agree with this question! In fact, when the TAC was announced on this
list I had hoped some smart plan would be developed behind the scenes
and then dropped here, to be accepted thanks to TAC legitimacy (thus
jumping over the difficult process of agreeing among so many people).
Then the community could start hacking in a direction. Maybe that is
what is happening now, but I have doubts about it. Not all TAC members
are subscribed to this list (although some could be private members, and
others are subscribed with different addresses on the two lists), which
makes perfect sense since many of them probably have huge amounts of
email and since "TAC" includes "advisory", which means they needn't
follow all the discussions (as I understand it). But I believe it is a
symptom of the existence of two separated groups.

This is in no way an accusation, rather a big question mark (as Isaac
puts it), coming from the lack of information and communication. If the
Foundation and/or the TAC want to pull back and start planning as a
smaller group I'm fine with it (although I would have loved to be part
of that process), I think if done properly it would even serve the goals
better (as a first step at least). But if that is the case, *we should
know* instead of spending time discussing stuff in the wild with some
hope that someone knows where all this is going. That process should be
documented/blogged about (if not public): we've donated money to the
Foundation, and many on this list seem pretty committed to the goals.

On the other hand, if there is still no answer from either TAC or the
Foundation, I take it this is a complete do-ocracy (as Jonas said some
time ago), and sets the direction whoever talks, does, gets followed,
and is approved by the Foundation and the TAC (but in that case even
that approval doesn't really seem necessary anymore...?).

I'll be posting something along those lines to the TAC list, to make
sure this gets to the right ears.

> On 07/11/2011 06:46 PM, Sébastien Lerique wrote:
>> On 08/07/11 14:13, Daniel Kahn Gillmor wrote:
>>> On 07/08/2011 12:20 PM, nathan nolast wrote:
>>>> now, i know that the freedombox is going to be used by average
>> individuals
>>>> that are not interested in remaining anonymous for what ever
>> reason. But
>>>> lets not kid ourself, social networking is social networking... we can
>>>> increase the privacy, make strong privacy relation policys, but
>> posting your
>>>> pictures and life story on a service is not in any way shape or
>> form ...
>>>> logical.
> Perhaps we could adopt something of a 'harm reduction' approach here.
> It's like binge drinking in colleges. We know that people are going to
> do it anyway, so we should do whatever we can to make them safe in
> doing so. More than that, as Daniel said, there is value in it.
> 

+1

>>
>>> Wanting to form a meaningful and potentially lasting relationship with
>>> other humans may not be "logical", but i consider it very valuable.
> Not to mention the fact that it is becoming increasingly difficult to
> function as a member of society *without* engaging in broad-spectrum
> social networking. There are some of us holding out, until we can do
> it safely, but it is a race against time. If we cannot figure out a
> way to distribute network ownership while improving on the feature
> set, even the holdouts will soon hop on the google+/facebook bandwagon.
> 

+1 :-)

>>
>>> If we build a network that is completely opaque, such that no one can
>>> form any lasting relationship across it, we might as well not bother.
> Agreed. As I see it, there are three modes of network access:
> anonymous, eponymous, and onymous. It is the access session itself that
> has the attributes, not the activity. Anonymous means that there is no
> link between a session and an identity. Eponymous means that there is
> a link between a session and an avatar. Onymous means that there is a
> link between a session and an actual person in the web of trust.
> 
> Does it make sense to other people to break the issue down into these
> three session types?
> 

That is very interesting. So we could define separately "physical
person", "identity", "avatar", and "session". Each physical person would
have a number of identities (like how they are at work, with their
family, with their friends, etc.). On-line, there are avatars, which can
be linked or not to identities, depending on the session-type used to
control the avatars. Reformulating what you said:

- - Anonymous: no link between a session and an avatar (I have my doubts
that this is useful in any case...?)
- - Eponymous: link between a session and an avatar (this is most likely
useful for whistle-blowing, activism, and the like. The important points
are: 0) it is maintainable through time, and 1) it is impossible to tie
to an identity or a physical person).
- - Onymous: link between a session and an avatar, and between that avatar
and an identity (which is linked to a physical person).

I was thinking of collapsing "avatar" and "identity" (i.e. changing the
vocabulary and the number of layers). Identities would live on-line, are
controlled by physical persons through sessions, and can be tied
(Onymous) or not tied (Eponymous) to physical persons. So there could be
identities for "how I am with friends", "how I am at work" (both tied to
my physical person), and "this whistle-blower fubar127" (not tied to any
physical person, but controlled by one -- i.e. signed always with the
same key, maybe).

How does that figure? (I think we should discuss this in a dedicated group).


>> <snip>
>>> We should not be segregating our work into systems for "normal people"
>>> and "dissidents".  To make that segregation implies two things:
>>
>>>  0) surveillance and corporate- or government-controlled communications
>>> for "normal people" is acceptable, and
>>
>>>  1) that these categories are fixed, mutually-exclusive, and static --
>>> an individual cannot be both at once, or change from one to the other,
>>> either voluntarily or involuntarily.
> Agreed. User categories are fluid. Session categories are not. Users
> should be able to identify their needs, and pick a session type
> (anonymous, eponymous, or onymous) accordingly. Different modes are
> appropriate for the same people at different times. I would like to be
> able to maintain my anonymity, build the reputation of an avatar that
> can't be traced to my real name, and to be the exclusive
> representative of my legal self, Isaac Wilder, in cyberspace.
> 
>>
>>> We should support people making connections with other people, creating
>>> social bonds and sharing values.  We should discourage or prohibit third
>>> parties from commoditizing or surveilling these relationships.  We
>>> should enable people to take a stand publicly for what matters to them.
>>>  And we should enable people to publish material anonymously, to ensure
>>> that even people with significant vulnerabilities have a way to get
>>> their important information out to the world.
> Hear hear.
> I'll only add that anonymity is part of the authentication spectrum,
> but it's not the only part that matters. Giving people distinct and
> understandable choices as regards their mode of access seems
> essential. That means providing mechanisms not just for anonymization,
> but for building avatars which are identified but not verified, and
> finally for presenting an identity that is verifiably linked to a person.
> 

Yes (with the added question from above: is it necessary to separate
identity and avatar?)

>>
>>> We cannot presume to say that sharing personal stories, opinions,
>>> images, movies, jokes, etc. is somehow irrelevant to the creation of a
>>> more just society.  And we can't afford to ignore the appeal of sharing
>>> in making this network something people actively want to participate in,
>>> and enjoy using.
> It is becoming impossible to resist.
> 
>>
>>>     --dkg
>>
>>
>> -----------------
>> Some sort of disclaimer: what I write below is based on reading the
>> FreedomBox list for many months, as well as the TAC list. I do not know
>> what the TAC members are doing, especially behind the scenes (work at
>> the Foundation, etc.)
>> -----------------
> Sébastien, I hope that you won't mind my saying so, but I wish that
> people didn't have to make this sort of disclaimer. I'll just put it
> this way: it sucks not knowing if big decisions are being made in a
> room somewhere. If they are, is the room open to the public, because I
> swear I'll show up. Perhaps this is just frustration with the nature
> of collaboration in cyberspace. Everything is shadows - we've got no
> idea what kind of attention is being paid, and by who. I think we
> would do well to give some consideration to community process. We
> need more transparency on several fronts. I know that it may not feel
> like the most important work, but it does pay dividends, in the end.
> 

I absolutely agree :-) (see above).

>>
>> It seems to me FreedomBox has evolved into an opportunity for many
>> people to fix most of the problems they identify with today's Internet,
>> but where we haven't yet acquired the means of successfully doing so,
>> or, which is more of a concern to me, where we haven't yet realized the
>> size and the complexity of what we want to tackle (or at least I don't
>> see us acting upon it). I'm answering in the "privacy" thread because I
>> see it as a strong example of what's happening to the project:
> It's tough, because there are some pretty serious interdependencies
> between the various aspects of the project. You're right though, to
> pick a patch and dive ahead. We've got to learn not to worry about
> so-called 'chicken and egg' problems, because the thing is, chickens
> exist. As long as week keep making incremental progress in many areas,
> things will get to where they need to be. We've just got to divide the
> problem up into little actionable parts, be realistic about what we,
> as individuals can do, and then take ownership of tasks. If somebody
> doesn't like the job that's done, then can do it better. If we wait
> for too much direction from above, nothing is ever going to get done.
> 
>>
>> Yesterday I was watching the Federated Social Web 2011 Summit videos[0]
>> (they are well worth the time watching), which led me to Seda
>> Gürses,<snip>
> I haven't yet had time to watch the talk, but I look forward to it.
> Apologies for respond before I've gotten the chance.
> 

<snip>
>> (for example, Seda talks about a mathematical proof showing
>> that anonymizing a database is impossible in practice: the data in the
>> database can be cross-linked with other databases, eventually leading to
>> identify 80% or 90% of the people in the initial database). This is
>> quite similar to what Sam Hartmann explains in his post on the TAC list,
>> about anonymity on Internet[3] (that, too, is enlightening).
> This depends on what sort of information is in the database, no?
> 

Probably, yes. I don't know the details. Some time ago I heard a group
of researchers had managed to identify 500 persons based on their
(anonymized) movie preferences. I have no references though, and it
would be interesting to know with what other DB they cross-linked.

> I see no reason why we can achieve the sort of session identification
> scheme that I mentioned above. After that, it is a matter of people
> understanding the difference between anonymity, pseudonymity, and
> onymity, and using their various identities responsibly.
> 

+1

<snip>
> Tor has certainly laid much of the groundwork for anoymous sessions.
> Any particular pages in their wiki that you had in mind?
> 

Nope :(. Haven't explored it thoroughly yet, but I'm sure there's plenty
of stuff in there.

>>
>> What I am trying to say is that "privacy" is a *hard* and *complicated*
>> problem, and we cannot aim to implement it correctly without better
>> resources, means, or organization. I think we need to 1) get all
>> competent parties on board, and 2) organize ourselves accordingly, if we
>> want to achieve something useful.
> I agree wholeheartedly. The global network is an unbelievably complex
> system. We need many people with many perspectives working on many
> problems, because the problems are hard, and because they are
> important. It is difficult to overstate the importance of the work
> that we are doing, and it is easy to get frustrated at the slow pace
> of progress. Then again, things are moving. We will get there, one way
> or another.
> 
> I wonder if we need to draw a distinction between FreedomBox and the
> sovereign computing / free network movements in general. FreedomBox
> seems like it could be a useful base for other projects, and careful
> stewardship does make a degree of sense. This comes back to the role
> of the TAC, of Mr. Moglen, of the people who are in charge, but who do
> not seem to be a part of this conversation. The division of labor in
> this community is unclear. The boundaries, scope and roles are fuzzy
> as well. If this organization were completely bottom-up, we could move
> forward with Sébastien's suggestion. As it is, things fall flat
> because they do not come from authority figures. We are top-heavy.
> 

Yes oh yes. I guess the answer to this is in waiting if an answer comes
from TAC / Foundation / Mr. Moglen.

>>
>> Privacy is not the only *hard* problem we are tackling. I would say
>> there are four main areas the project aims for at large (all of them
>> interlinked of course):
>>
>> 1. Privacy (see above)
> yes.
> 
>>
>> 2. The Federated Social Web.<snip>
> yes.
> 
>>
>> 3. User Experience. <snip>
> yes.
> 
>>
>> 4. Data ownership: <snip>
> yes.
> 
> I'd like to throw in another broad category: device-as-infrastructure
> capacity. FreedomBox should be able to communicate with other
> FreedomBoxes via local routes. It should be intelligent enough to know
> when those routes are available, and use them automatically. We're
> basically talking about mesh networking here, which has been discussed
> form the beginning as a central functionality of the box.
> 
> At the Free Network Foundation, we make the distinction between
> logical peer-to-peer (what we have today) and material peer-to-peer,
> where the actual path that the bits take is peer-to-peer. The social
> parts of FreedomBox should enable secure, logical peer-to-peer at all
> times, and material peer-to-peer when possible. We call this behavior
> opportunistic peer-to-peer
> 
> Does this come through to people? If not, please let me know, because
> I believe it to be of critical importance, and I'd be happy to try to
> express it differently and more clearly. Let me know. Anyways, let's
> call device-as-infrastructure/opportunistic peer-to-peer capacity
> point 0, not because it is more important, but to keep numbering
> contiguous, and because who doesn't love a good zero-index
> 

Yep, I agree, forgot about it. And it makes perfect sense with what
you're doing at the FNF.

>>
>> IMO, points 1), 2), and 3) need thorough work/development and maybe
>> research, and are not only about bundling existing stuff together. Each
>> one is virtually a sub-project of its own (or has the ambition of one,
>> at least). Those areas are already explored by many other entities
>> working sometimes individually or not so individually (software
>> projects, standards organizations, researchers, etc.). I think we need
>> to reach out to as many of them as possible, and explicitly start
>> working with them.
> Point 0) needs work and development as well. There is lots of
> interesting work coming out of both Project Byzantium and the
> Commotion Project, but there is a massive job to be done. We need to
> get all of critical people under a banner, doesn't matter which, but
> that is proving difficult. Sascha Meinrath is in charge of Commotion,
> and sits on the TAC, and folks from Byzantium are certainly on board
> as well. It's a shame we can just all drop everything and do this. It
> seems like the right thing to do.
> 

Yes

>>
>> I don't know if those categories are shared at all among members on this
>> list. Another way of categorizing could be with the different layers of
>> the FreedomBox: data layer, identity management layer, authentication
>> layer, social and people-discovery layer, UI layer, etc. But I think it
>> is not yet clear how "privacy" interacts with each of those layers.
> I think that comes next. Let's focus on division by functionality for
> now, and division by architecture later.
> 

Yes

>>
>> I suggest we form dedicated (and publicized) working groups for areas
>> 1), 2), and 3). Those groups could reach out to other competent entities
>> and work with them (other projects, standards organizations,
>> researchers, etc.), at the same time updating each other on the progress
>> that is made, so as to make sure all parts work together (because those
>> areas are interlinked and can't be separated so easily) and don't
>> diverge. This would make sure we don't reinvent the wheel or overlook
>> existing knowledge and expertise on a subject, as well as providing
>> specific spaces for discussion about those areas (that way not flooding
>> a common list with a maze of diverse subjects). In this sense, I see
>> FreedomBox as some sort of meta-project.
> I agree with this suggestion. We should do so for my proposed area 0)
> as well. I would be happy to participate/facilitate that group.
> 
> The first challenge for group 0 could be to bring folks from
> Commotion, Byzantium, Serval, open-mesh and others into dialogue. Then
> we need to share knowledge and decide on a standard. I've got stuff to
> say here, but I'll save it for a more appropriate venue.
> 

Yes

>> <snip> [example first steps for the sub-groups]
>>
>> Concerning what help I can bring, I am currently studying sociology and
>> cognitive science in a masters program after having studied quite a lot
>> of maths, and am therefore relatively close to the academic world of
>> privacy and social network research. I would be happy to be part of a
>> "privacy" working group if this view is shared. If people agree with
>> this, please drop me an email (and we could start).
> I'm in. I only worry that it will be fruitless unless sanctioned by
> the TAC and Board of Directors.
> 

Indeed. I'm going to post something on those lines to the TAC list to
see if we can agree.

PS: damn I just saw Ya Knygar's answer. Your position is interesting!

Take care,
- -- 
Sébastien Lerique
seblerique at wanadoo.fr | @wehlutyk on twitter/identi.ca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk4cmw8ACgkQgkn/UaLvmGfdSQCgxmKrATqdVtlTgsHL2Y3TzzTu
uNcAn2QDZB8l3nC5DZUtM8CFbh3G44kO
=Q4ae
-----END PGP SIGNATURE-----



More information about the Freedombox-discuss mailing list