[Freedombox-discuss] Relationship driven privacy
On 3 July 2011 00:58, John Walsh <fiftyfour at waldevin.com> wrote:
>
>
>> Behalf Of Tony Godshall
>
>> > ... The?same principle?exist between a reporter and a
>> whistleblower.
>> > The pseudonymity article suggests the technology exists to protect
>> > freedom fighters through unlinkable pseudonyms.
>>
>> It's important, I think, to be able to extend the web of
>> trust to people we can identify and trust, not just the I met
>> at a key signing and confirmed his government ID, but also
>> the guy who organized the protest and wears the baseball cap
>> and shades and owns the freedomfigher997 at gmail.com e-mail address...
>
> Agree
>>
>> > Outside the FreedomBox network, I?will still need to access
>> websites
>> > using the?insecure practise of username/password. ...
>>
>> Not so insecure if the password is encrypted... ?indeed it
>> may be more secure than carrying around media containing your
>> key, which may be taken from you by an authority...
>
> The hard thing to know is if your password is encrypted and the password
> rules are constantly changing the rules for password. Does this password
> require numbers only? At least one capital letter? Are non-alphanumeric
> characters required or accepted? Can the sites staff see the password so
> that you must come up with another new password to remember? Finally you
> only get 3 chances from your 20 possible password before we disable your
> account. For me, a master password to your keys for is the best option
>>
>> > ... I would like to see FreedomBox
>> > support OpenID and WebID i.e. the FreedomBox owner?is the
>> identity manager.
>> > OpenID is in wide use, and has?"personas" which is similar to
>> > relationship profiles. WebID is more secure than OpenID, but AFAIK
>> > does not have?relationship profiles?and is not widely used.
>>
>> Can you tell us more?
> Basically at myopenid.com you can create different "Personas" (profiles of
> information), which you choose at the time you login with openid. For me you
> could have a friend persona, a sibling persona etc. I believe the technical
> term is attribute exchange. If freedombox friend process had a similar UI
> then there would be no distinguishable difference between the user.
Myopenid is a good model, and great interface, but openid has shifted
to more corporate, rather than it's original user centric roots.
Hosting your own profile is barely supported by OpenID these days, but
we can do that same thing with WebID which is user centric.
You dont need AX (attribute exchane), just use the HTML5 data layer,
which should be fine if freedom box is hosting a web server.
>
>>
>> > Why can't new users?today create their own account?after passing a
>> > challenge test?using their personal information?? The
>> challenge test
>> > would be performed on a device (MAC address registered?on
>> server) in a
>> > secure area (identity check required for area access) and
>> the user's
>> > personal information must already exist on the HR/owner's
>> server (Web of Trust).
>>
>> Well, that's opens our freedom fighter up for compromise, doesn't it?
>> Our oppressed hero probably wants all his activities done
>> under one or more pseudonyms...
>>
>> > I am
>> > not suggesting FreedomBox do this, but wonder why?doesn't this WOT
>> > model exist already?
>>
>
> I wasn't really thinking of a freedomfighter use case. More like a secure
> place such as a home or office. I can't understand why granting access to a
> system is not automated when you have the new employees details in a HR
> database or at home when a family member is listed in the owner's address
> book
>
>> Um... keysingings?
>>
>> https://secure.wikimedia.org/wikipedia/en/wiki/Key_signing_party
>>
>> Not that they're particularly user-friendly :-(
>>
>> Tony
>
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
>
Reply to: