tangibly related: What ever happened to Mozilla Persona?
I had integrated it into my site and it was really slick, all I had to know was an email address and the system verified the rest. It was federated too. :/
I wish Mozilla was able to keep these services floating around. They could vertically integrate their own slice of the web especially among techies/privacy minded sites & users.
Hopefully there are popular services which can allow anonymous comments, posts without creating accounts.
I find it harder and harder to see such things. Today majority of the sites don't even work in privacy mode forget about anonymous.
I believe Google, Facebook, Amazon, Microsoft or any other company whose business depends on customer personal information will have incentive to promote it really. Yes they might have efforts towards some privacy which does not affect their profit. But anonymity will never be supported by then. Try using any of their services over Tor network and see the issues.
Verifying your login by asking for mobile phone in many cases. Put captcha before login are all means to identify a person indirectly.
I have not yet tried it in EU, but for rest of the world, Facebook and other services do it very often. They precisely want to know your location by some means and when they cannot a dreaded verification process starts.
While I do appreciate the efforts of the foundation, a true privacy by design foundation should be promoting the PbD principles in general instead of simply building a decentralized identity app.
The point of my post is IRMA, their decentralized, attributed-based identity project. The mods changed the title I gave to that of the foundation website.
PS: I learned about it via a talk from the Royal Institution:
If anyone from Privacy by Design is reading, an explainer article with a headline clearly stating the tool and intent would be very useful collateral to share.
HN, and numerous other sites, insist on sticking strictly to original titles in many cases, to avoid amplification or distortion by submitters. As original authors, getting your own headlines appropriately focused is a huge benefit.
The site itself is a bit of a hot mess (as are many these days) and could use some focus on orienting and familiarising readers with the project, goals, action items, and tools & resources.
It was open-source, MIT/BSD-licensed reference implementations of X11, email and Web servers which helped hugely to promote the adoption of these protocols.
It was the mere hinting by the University of Minnesota that it might consider proprietary licencing of the gopher protocol that killed it dead. Numerous other protocols have been pitched but as proprietary solutions, never to see widespread acceptance. Sun's NEWS display system, and numerous HTML also-rans particularly come to mind.
Even the FSF, which strongly encourages GPL and APL licencing to spread the concept and use of Free Software acknowledges and encourages the use of "permissive" licencing -- MIT, BSD, and LGPL -- to encourage adoption of open protocols and infrastructure (glibc and other libraries).
Anyone else unable to load the app after install? I’m on a VPN so maybe that’s the problem. Kinda desirable attribute to be able to access from less personally identifiable network locations.
I've been thinking about negotiated disclosure since the mid 90s. Back then we called it faceted personas. In an effort to protect oneself from aggregators of demographic data.
I've gotten nowhere.
TLDR: 99% certain deanonymization will always prevail.
Not saying I'm right. I'm not particularly smart or insightful. I just try to apply ideas foraged from academia to real world problems. Alas, the times I've slogged thru the maths and algos, I'm always left befuddled. I'm just not clever enough to figure out all the attack vectors. (I'd make a terrible criminal.)
--
re: Privacy by Design
That means Translucent Databases. Where all data at rest is encrypted. Just like you salt and hash password files.
This book details clever applications of that strategy to real world problems:
Mea culpa: I'm still unclear how GDPR's tokenization of PII in transit works in practice. Anyone have some sample code? And I still don't see how it protects data at rest.
--
Source: Design, implemented, supported some of the first electronic medical records exchanges (BHIX, NYCLIX, others). Worked on election integrity for a decade, including protecting voter privacy (secret ballot).
--
Prediction: Accepting de-anon will always win in the long run, we'll eventually also accept that privacy has a half-life. To adjust, we'll adapt differential privacy algos to become temporal privacy.
23 comments
[ 3.1 ms ] story [ 69.5 ms ] threadI had integrated it into my site and it was really slick, all I had to know was an email address and the system verified the rest. It was federated too. :/
I find it harder and harder to see such things. Today majority of the sites don't even work in privacy mode forget about anonymous.
I believe Google, Facebook, Amazon, Microsoft or any other company whose business depends on customer personal information will have incentive to promote it really. Yes they might have efforts towards some privacy which does not affect their profit. But anonymity will never be supported by then. Try using any of their services over Tor network and see the issues.
That said, they're of course still enforcing their real name policy and so your general point still stands.
Last time I checked (2013?), not in Germany. Germans are allowed to use any (nick)name.
I have not yet tried it in EU, but for rest of the world, Facebook and other services do it very often. They precisely want to know your location by some means and when they cannot a dreaded verification process starts.
PS: I learned about it via a talk from the Royal Institution:
https://www.youtube.com/watch?v=vINtD58nLPQ
If anyone from Privacy by Design is reading, an explainer article with a headline clearly stating the tool and intent would be very useful collateral to share.
HN, and numerous other sites, insist on sticking strictly to original titles in many cases, to avoid amplification or distortion by submitters. As original authors, getting your own headlines appropriately focused is a huge benefit.
The site itself is a bit of a hot mess (as are many these days) and could use some focus on orienting and familiarising readers with the project, goals, action items, and tools & resources.
It was the mere hinting by the University of Minnesota that it might consider proprietary licencing of the gopher protocol that killed it dead. Numerous other protocols have been pitched but as proprietary solutions, never to see widespread acceptance. Sun's NEWS display system, and numerous HTML also-rans particularly come to mind.
Even the FSF, which strongly encourages GPL and APL licencing to spread the concept and use of Free Software acknowledges and encourages the use of "permissive" licencing -- MIT, BSD, and LGPL -- to encourage adoption of open protocols and infrastructure (glibc and other libraries).
Why won't we fall on the same problems we had with SSL certificate issuers until Let's Encrypt truly made HTTPS viable to everyone?
What will prevent requestors from requesting all or most users attributes like most apps do with permissions on Android platform?
Edit: add "with permissions"
I've been thinking about negotiated disclosure since the mid 90s. Back then we called it faceted personas. In an effort to protect oneself from aggregators of demographic data.
I've gotten nowhere.
TLDR: 99% certain deanonymization will always prevail.
Not saying I'm right. I'm not particularly smart or insightful. I just try to apply ideas foraged from academia to real world problems. Alas, the times I've slogged thru the maths and algos, I'm always left befuddled. I'm just not clever enough to figure out all the attack vectors. (I'd make a terrible criminal.)
--
re: Privacy by Design
That means Translucent Databases. Where all data at rest is encrypted. Just like you salt and hash password files.
This book details clever applications of that strategy to real world problems:
https://www.amazon.com/Translucent-Databases-Peter-Wayner/dp...
Mea culpa: I'm still unclear how GDPR's tokenization of PII in transit works in practice. Anyone have some sample code? And I still don't see how it protects data at rest.
--
Source: Design, implemented, supported some of the first electronic medical records exchanges (BHIX, NYCLIX, others). Worked on election integrity for a decade, including protecting voter privacy (secret ballot).
--
Prediction: Accepting de-anon will always win in the long run, we'll eventually also accept that privacy has a half-life. To adjust, we'll adapt differential privacy algos to become temporal privacy.
They also dabble with identity based encryption it seems.
From what I understand,the issuer still needs to know your information?