Skip to:

Privacy versus Protocol

  • Arx Poetica


    It occurred to me recently that there is a bit of a dichotomy between distributed social protocols and the call for more and better privacy. I wanted to open a thread just for this topic alone because I believe it will impact how we all view distributed social networking and the protocols we build such a system on.

    I think we’re all familiar with some of the drumming around big tent players “breaking trust” with our data and privacy. I’m sure you could list few.

    This post* hit on the antithesis of these fears by addressing the (probably correct?) solution.

    However, it occurred to me recently the protocols are by their very nature outward bound, and work completely counter to inward, privatized, protective non-shared data. I think this bears an important point, *even though* I completely believe the flow of data should be controlled mostly if not entirely by the user, and not by the protocol. In other words, we need to consider that the protocols are designed to distribute data in a less-than private manner, but just how private that is will depend entirely upon a) how well it is built and b) the user.

    Or, to put it bluntly, *NOTHING* is 100% private when it is distributed. Just something to think about. (This from somebody who still thinks privacy should be a top consideration in how we build these things.)

    *relavent post –>

Viewing 3 replies - 1 through 3 (of 3 total)

  • Bentrem


    I’m going to quibble with your use of “dichotomy”. Not suggesting that you’re wrong … I’ve been working with fractals so long I think that has affected my frame of reference … but I’ll suggest a refinement: that these are two aspects of the complex, and there’s a tension between them. (I set up precisely to explore that sort of thing. Information wants to be “free” in the sense that it seems to have a tendency towards growth / expansion / self-organisation.)

    Laterally, recently someone on my #Geeks list tweeted about “persistent identity” and privacy, and that took me aback. Is that term new coinage?
    Anyhow, thinking about it I came up with something of a continuum: on one end we have “publish” (roughly equivalent to “broadcast”?) and on the other, “communicate”.

    If I @ you something I assume that tweet is very public. And if I DM you … likely I’m assuming that gesture will remain between us. If I choose the email you instead it’s likely I want to apply yet another layer of protection. (Is it still netiquette that email are not quoted in public w/o the other party’s permission?) But we all know that’s no guarantee at all.

    What I have in mind is that the communicative gesture includes indicates of intention. When a person has a reasonable presumption of privacy (email or DM) then breach of that should imply some liability.
    So a well designed protocol would provide options that allow the user to make their intention explicit. No guarantee of anything, of course, but still …

    Arx Poetica


    Totally agree.

    Jeff Sayre


    Let’s talk a little bit about identity and privacy. First, we should better define identity, at least as it pertains to the Web.

    Identity is not a username and password combination. Identity is not your OpenID or WebID. Those are simply identifiers, of which a user may have many different ones across the Web, one for each social network site. Even if a user has carefully selected to join only those sites that offer the option to register via OpenID Connect, their single OpenID is not their identity. It is just an identifier. So, OpenID Providers are not identity providers, they are identifier providers.

    What is identity on the Web, then? Identity is your presence strewn throughout the Web. It is the sum total of all your verified activity on the Web (blog, forum, and social network posts, video, music, and photo uploads, etc.), your associated interactions with others, and their comments about and interactions with you. That makes up what can best be thought of as your identity graph.

    When we talk about privacy control on the Web, we are not talking about the ability of users to totally control their identity graph. Obviously, a given user can theoretically control only part of their identity graph. Why? Because each user can exert only so much control over what others on the Web think and say about them. That part of their identity graph is controlled by others. ( See note at end)

    So what are we trying to accomplish by allowing users partial access to and control over their identity graph? What kind of privacy controls can reasonably be provided to users?

    Well, from a user’s perspective, privacy control on the Web is about offering fine-grained control over the data that they generate.

    Open Stack Protocols Versus Semantic Stack Protocols

    @arxpoetica, with regards to your comment here:

    However, it occurred to me recently the protocols are by their very nature outward bound, and work completely counter to inward, privatized, protective non-shared data. I think this bears an important point, *even though* I completely believe the flow of data should be controlled mostly if not entirely by the user, and not by the protocol.

    This is true more for the various Open Stack protocols than the Semantic Web Stack protocols. By its very nature, for instance, OpenID Connect requires the services of a 3rd-party identifier provider which in turn requires the services of a Key Signing Party (also called a Certificate Authority or CA for short) to issue a certificate. A WebID, on the other hand, can easily be created and controlled exclusively by the owner of the ID. This also includes the self-signed certificate which each user is free to generate and can quickly be changed at anytime for any reason. That is not practical with an OpenID.

    –> See this link for short list of the advantages of self-signed certificates over Certificate Authoritie (CA) issued certificates

    The FOAF file is another piece of the Semantic Web Stack that can be (although often is not) under the exclusive control of the user. Whereas most FOAF files do indeed reside on 3rd-party services, any user who chooses can easily create their own FOAF file within a webspace that they control (their self-managed WordPress blog, for instance). They can then tell the world, via their WebID, that this is the webspace that I own and the FOAF file that I consider most relevant to my identity graph. All other FOAF files will of course remain in existence (at least until a given 3rd-party service shuts down), but none of those services can successfully claim to be that user’s primary FOAF file.

    Offering Identity Graph Control

    The real issue to discuss is how much identity graph control can we offer users (members) of BuddyPress sites? What options can and should we provide users to manage their privacy? To what degree can we offer users access to their data–in terms of not only privacy controls, but also in terms of data portability?

    Obviously, whatever controls we provide in the BuddyPress codebase or via a 3rd-party component, we must offer Site Administrators the ultimate control. In other words, the Site Admins own the site. They take the risk in setting up the site and incur all the site expenses.

    So, we have to consider their rights of ownership and offer them the ability to turn on or off any and all user-level identity management features. It will be up to each potential user who comes to a site to join, to make up their own mind as to whether the given site has an acceptable level of user-controllable identity management tools.

    NOTE: Do users have any options for managing that part of their identity graph that is created and controlled by others? Yes. It is called reputation management and there are some fee-based services that offer users some concrete means with which to do just that. But in a free society whenever two or more people are involved in creating an identity graph, it will never be possible for each individual to be able to control their entire identity graph.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Privacy versus Protocol’ is closed to new replies.
Skip to toolbar