[Freedombox-discuss] FBX Privacy Enabled UX

Fifty Four fiftyfour at waldevin.com
Tue Apr 3 06:11:46 UTC 2012 

Hi Nick,
Thanks for your response.
> > A further protection would be that each FBX automatically generates
> > the same pseudonymous names for new contacts. That way, "blue"
> > (example only) on my account could be by Mum, but on partners account
> > "blue" could be her brother.  An informants printout would say "blue"
> > made the offending comment, while the accused printout would say
> "red"
> > made the comment.
> 
> This sounds mighty similar to pet-names [0].  The idea is that
> everybody has a publically visible, self-validating, pseudonym.  You
> give your own meaningful name to the pseudonym, which is never shared
> with anyone.
> The system substitutes every occurrence of the pseudonym with your
> meaningful name [1].  The upshot of all this is that only people who
> know who you are know that you're the one speaking.  You always know
> exactly who you're speaking to, though.
In the petname system, I think most people would use peoples real names just
like people turn mobile numbers into Contact names. My proposal is that the
FBX issues the name (another layer of pseudonymous names) thereby protecting
peoples comments being printed/screenshot by an informant, i.e. a contacts
real name is never beside a contacts comment - separate screens. 
> 
> We have this already, in the form of pseudonymous GPG keys [2].
> 
> As DKG makes clear, though, there are certainly other approaches to
> identity [3].
> 
> > If the informant felt they were being victimized, then they could
> > click an Report Abuse button...
> 
> I like this, but I think this might be a box-specific setup (along the
> lines of which services you provide, you specify your own abuse
> policy).  What other abuse systems would be good approaches?  I know
> I'm offering my box's services only to people I know personally and
> trust to not abuse the system.
If there are technical problems with an FBX, you would report it to the FBX
owner. The same rule should apply to abuse, although I admit the powers of
the FBX owner are limited if the offender is on a different FBX. Still the
FBX owner of the offender should at least be informed because that FBX Owner
may not find that abuse acceptable. I was thinking of kids and parents, but
I don't see why it shouldn't apply to adults too.
  
> 
> > An additional measure would be to mark the sensitivity of content.
> 
> Interesting!  I tend to think in terms of friend circles (similar to
> how Google does it), but I can see where sensitivity could be useful.
> Still, though, you're *always* at the mercy of anyone you share
> anything with.
Sensitivity labels indicate which content can/cannot be shared and with
whom. An embarrassing photo would be marked as "secret" while a holiday
photo could be marked as "confidential". The "confidential" photo could be
shared with friends of friends, i.e. strangers would see a photo of you with
their friend (and yours), but they wouldn't know who you are because your
photo would not be in their contact list to allow facial recognition.
 
> 
> > Just a thought, but in the future "sensitivity labels" could be used
> > as a basis for a Privacy License, similar to the Creative Commons
> Labels.
> 
> Yes, and no.  The fact that there isn't really an established legal
> framework for "privacy license" (much unlike copyrights) makes that
> particular maneuver difficult.  Standardizing levels of sensitivity
> (and what that actually means) could be useful, though.
I only recently realized that the legal text you find at the bottom of
"confidential" emails are not legally binding. It's nothing more than a
reminder/request to do the right thing, but the legalese speak made me think
if I didn't, I could be sued.

> 
> > I am not a developer, but to me these proposals seem minor changes.
> > For years, Wordpress comments have been able to track the comments of
> > the same external identity. Generating a reasonably memorable
> > pseudonymous name is the biggie, but it will be reusing/abusing
> > display name fields. AFAIK, sensitivity labels are well defined.
> >
> > What do you think? Would these proposals be effective? Are there any
> > other Privacy enhanced UX measures we could use?
> 
> I like where these ideas are coming from.  If you happen to have
> thoughts or references for any other approaches to privacy and
> identity, I'd love to hear them.

> 0: http://www.skyhunter.com/marcs/petnames/IntroPetNames.html
> 
> 1: http://www.erights.org/elib/capability/pnml.html
> 
> 2: https://en.wikipedia.org/wiki/Public-key_cryptography
> 
> 3: http://meetings-archive.debian.net/pub/debian-
> meetings/2011/debconf11/high/776_Distributed_Naming_BoF.ogv

Thanks for the links. Link 3 is an important but separate issue.

More information about the Freedombox-discuss mailing list