2013/UK/IndiePrivacy

From IndieWeb


Archived from https://etherpad.mozilla.org/indiewebcamp-indieprivacy, please clean.

IndieWebCamp 2013-09-07 session on #indieprivacy

Do we have a responsibility to build privacy into our tools? Current indieweb implementations:

  • aaronparecki.com has draft posts, indieauth login-protected, access limited to a list of URLs
  • waterpigs.co.uk did implement this a while ago, never used it, probably want to get it working again soon

Consequence of NSA surveillance revelations is that the assumption that posting content to X silo creates only a relationship between you and X, whereas in fact there are other parties involved. We know that NSA is a $5 BN problem, we know that we have to up the stakes. With postal mail, for your mail to be read β€œthey” have to break down your door. Now everything happens through back doors.

Nobody has good identification structure, we delegate those problems to government or silos like. A problem with privacy is that no-one has the same definition of it. Manifesto version: ability to selectively expose yourself to the world. There is an emerging understanding in the crypto world that UX is the problem. No-one uses it beacuse it’s too hard.

If you want to be able to do secure web stuff you need certs (don’t make that face!)

Tangent: FF OS security model: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Security_model

  • TODO: try to find the persona threat model docs on the wiki somewhere

This is a decent summary of the approaches behind PiCL (profiles in the cloud): https://blog.mozilla.org/warner/2013/07/23/picl-crypto-review/

People care about things they have a degree of control over. People need control in order to care. Our needs are aligned with our customers (if indeed we actually have customers), as opposed to ad-based, data-exploiting business models.

Most personal cloud solutions at the moment try to reinvent and build all of the β€œcore” needs e.g. email, file hosting etc.

Competition between multiple separate apps instead of monolithic monocultures can be a good thing and will drive innovation, the apps should be able to represent data in consistent ways. Shared culture between multiple interoperable apps β€” who designs it, where does it come from? A potential problem with the solving-your-own-problems is that different solutions will have different UI conventions and cultures.

The higher-level things are, the less standardisation there is.

We need a UX standardisation effort for the web a la W3C. (If the conversation is mature enough for that?) We should actually build stuff instead of just talking about it or writing specs.

If you look at open source projects they have a β€œlook”.

Most people who want to contribute to OS projects want to contribute code (or maybe design stuff) β€” but to build a business you need all sorts of other stuff (marketing, leadership, etc.)

Do we need an addition to http://indiewebcamp.com/principles on this?

Possibility: with "own your own data", something about "you have the choice to publish/selectively publish whatever you would like. ?

Possibility: owning your data β€” even if it's not related to the Web. iCloud equivalents. If this doesn't fall under the remit of the IndieWeb, where does that discussion go?

Tangent discussion: are domains actually the best unit for an identity? We should consider this carefully. We need a mechanism for revocation, if you give up a domain.

We need to show that these are actually problems and prototype/build other solutions instead of just saying that they exist.

Why_web_sign-in

See Also