<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.17098" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=703405505-28062011>Hi
Everyone,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=703405505-28062011></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=703405505-28062011>I assume the
"Freedom Social Network" will work similar to other social networks. One thing I
would like to see when you connect to someone either via an invite or a
request is to capture the relationship (one or many) from each party's
POV e.g. co-resident, sibling, friend etc. Each relationship would
have a pre-configured profile to show personal information (avatar,
email address) and/or personable identifiable information (name, gender,
address). Each person you connect with, will automatically be added to their
appropriate Group (All Friends, All Siblings, etc.), but you still have the
option to create your own Group(s) later. The benefit of "streaming your
relationships" is that applications will not leak information from between
Groups e.g. you post something you want your friends to know but not
your parents. You should also get a warning if you create a Group with people of
mixed relationships e,g, parents and friends. Applications could also use
the relationship profiles to automate privacy settings, e.g. if a relationship
profile has an avatar instead of a photo then you call the person, but
if the profile has a photo you video call the person. The social
networking site Plaxo.com follows this kind of model calling it connections, but
one thing I do not like Plaxo is that both parties must have the same
relationship, which is not a reflection of the real world.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=703405505-28062011></SPAN></FONT> </DIV>
<DIV><SPAN class=703405505-28062011><FONT face=Arial size=2>After reading about
anonymity, pseudonymity(1) and identity both here and on the web, I have been
thinking about identity managers/providers. I never thought about it before but
companies like Nike manage their own identity at Nike.com.
Families/individuals should manage their own personal identities through
their own domain name, but instead most people have Google and Facebook manage
their personal identities - nobody would do this in the real world. Still, in
the real world we do have identity providers that control our identities to
protect their interests, e.g. our employers provide us with a work address,
work telephone number, work email address which when we leave they take away.
However, our employers also anonymise our personal identifiable information
(home address, next of kin, etc.) except for our name, <FONT size=2>from the
majority of employees and all company clients. A similar relationship exists
between a freedom fighter in their home country and the freedom fighters
organisation in exile, with the organisation anonymising (unlinkable
pseudonyms) all the freedom fighter's identity. The same
principle exist between a reporter and a whistleblower. The pseudonymity
article suggests the technology exists to protect freedom fighters through
unlinkable pseudonyms.</FONT></FONT></SPAN></DIV>
<DIV><SPAN class=703405505-28062011><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=703405505-28062011><FONT face=Arial size=2>Outside the
FreedomBox network, I will still need to access websites using
the insecure practise of username/password. I would like to see FreedomBox
support OpenID and WebID i.e. the FreedomBox owner is the identity manager.
OpenID is in wide use, and has "personas" which is similar to relationship
profiles. WebID is more secure than OpenID, but AFAIK does not
have relationship profiles and is not widely used.</FONT></SPAN></DIV>
<DIV><SPAN class=703405505-28062011><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=703405505-28062011><FONT face=Arial size=2>Why can't new
users today create their own account after passing a challenge
test using their personal information? The challenge test would be
performed on a</FONT></SPAN><SPAN class=703405505-28062011><FONT face=Arial
size=2> device (MAC address registered on server) in a secure area
(identity check required for area access) and the user's personal information
must already exist on the HR/owner's server (Web of Trust). I am not suggesting
FreedomBox do this, but wonder why doesn't this WOT model exist already?
Security experts out there, is there something inherently insecure with this
model?</FONT></SPAN></DIV>
<DIV><SPAN class=703405505-28062011><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=703405505-28062011><FONT face=Arial size=2>Again, thank you for
reading my "user view".</FONT></SPAN></DIV>
<DIV><SPAN class=703405505-28062011><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=703405505-28062011><FONT face=Arial size=2>(1) <A
href="http://en.wikipedia.org/wiki/Pseudonymity">http://en.wikipedia.org/wiki/Pseudonymity</A></FONT></SPAN></DIV>
<DIV><SPAN class=703405505-28062011><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=703405505-28062011><FONT face=Arial
size=2></FONT></SPAN> </DIV></BODY></HTML>