[Freedombox-discuss] Relationship driven privacy

[John Walsh]

Hi Everyone,
 
I assume the "Freedom Social Network" will work similar to other social
networks. One thing I would like to see when you connect to someone either
via an invite or a request is to capture the relationship (one or many) from
each party's POV e.g. co-resident, sibling, friend etc. Each relationship
would have a pre-configured profile to show personal information (avatar,
email address) and/or personable identifiable information (name, gender,
address). Each person you connect with, will automatically be added to their
appropriate Group (All Friends, All Siblings, etc.), but you still have the
option to create your own Group(s) later. The benefit of "streaming your
relationships" is that applications will not leak information from between
Groups e.g. you post something you want your friends to know but not your
parents. You should also get a warning if you create a Group with people of
mixed relationships e,g, parents and friends. Applications could also use
the relationship profiles to automate privacy settings, e.g. if a
relationship profile has an avatar instead of a photo then you call the
person, but if the profile has a photo you video call the person. The social
networking site Plaxo.com follows this kind of model calling it connections,
but one thing I do not like Plaxo is that both parties must have the same
relationship, which is not a reflection of the real world.
 
After reading about anonymity, pseudonymity(1) and identity both here and on
the web, I have been thinking about identity managers/providers. I never
thought about it before but companies like Nike manage their own identity at
Nike.com. Families/individuals should manage their own personal identities
through their own domain name, but instead most people have Google and
Facebook manage their personal identities - nobody would do this in the real
world. Still, in the real world we do have identity providers that control
our identities to protect their interests, e.g. our employers provide us
with a work address, work telephone number, work email address which when we
leave they take away. However, our employers also anonymise our personal
identifiable information (home address, next of kin, etc.) except for our
name, from the majority of employees and all company clients. A similar
relationship exists between a freedom fighter in their home country and the
freedom fighters organisation in exile, with the organisation anonymising
(unlinkable pseudonyms) all the freedom fighter's identity. The same
principle exist between a reporter and a whistleblower. The pseudonymity
article suggests the technology exists to protect freedom fighters through
unlinkable pseudonyms.
 
Outside the FreedomBox network, I will still need to access websites using
the insecure practise of username/password. I would like to see FreedomBox
support OpenID and WebID i.e. the FreedomBox owner is the identity manager.
OpenID is in wide use, and has "personas" which is similar to relationship
profiles. WebID is more secure than OpenID, but AFAIK does not have
relationship profiles and is not widely used.
 
Why can't new users today create their own account after passing a challenge
test using their personal information?  The challenge test would be
performed on a device (MAC address registered on server) in a secure area
(identity check required for area access) and the user's personal
information must already exist on the HR/owner's server (Web of Trust). I am
not suggesting FreedomBox do this, but wonder why doesn't this WOT model
exist already? Security experts out there, is there something inherently
insecure with this model?
 
Again, thank you for reading my "user view".
 
(1) http://en.wikipedia.org/wiki/Pseudonymity
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110629/e25f474d/attachment-0001.html>