[OpenID] Shade's questions - Privacy for Foundation members

Peter Williams pwilliams at rapattoni.com
Sun Dec 14 14:09:34 UTC 2008 

That's far too ideal and academic, Eran.

I cannot join (and happily give my $100) because of the IP rules (on members no less, vs IP contributors). So I do it indirectly but within the rules here, arguably in a useful manner.

Seeing as we are in introspection mode (for perhaps another 5 days), on disclosure "culture" , let note that don't require the corporate members to disclose which claims they have (and which *are* imputing they actually have) in their background sso and (by now) openid-specific patents. So, this is not a 100% intention-disclosing club - by any means. Half my value (if not all of it ) is my access to 25 years of prior art, abdneing able to navoigate over it to help structure openid so it can lay claim to be a descendent, point by technical point ideally!

Folks have created a temporary patent "no-use" regime, for those firms who opt in. This means the corporates have patents, are applying for more each moment (which is natural, and almost obligatory feature of professionally-run R&D), and are simply agreeing not to use them (for now) against those in the club. But, it only applies to those in the club - and its only a suspension of the game, not a cessation. Don't believe for a moment the soviet commune crap about nobody is in this to make money...

Standards are a power game - operating here under the rule that its appropriate to hold off use of the patent portfolio while the market forms. It's exploiting the legal rules on (pre-competitive only) joint research. Once the market opens, life will be different - assuredly - whereupon lots of submarine IP will surface. This is because even unasserted patents are assets in their own right - and can be traded, particularly as companies themselves are traded, broken apart for resale value, etc. They have economic value (even without being asserted against someone); just like a junkbond.

The function of the chair/EO is to manage this incredibly difficult world of standardization, and keep the peace long enough so the technology can advanced, as can the brand, the community, the applications and the core value proposition for buyers. And they are doing fine - for now.


-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Eran Hammer-Lahav
Sent: Saturday, December 13, 2008 11:16 PM
To: SitG Admin; general at openid.net
Subject: Re: [OpenID] Shade's questions - Privacy for Foundation members

Beside the legal requirement of running a corporation (which is what the OpenID foundation is), the idea of anonymity in standards work is generally not desirable. The whole premise of a groups of people/companies coming together to form a standard is to find common ground. How can you find common ground with someone who will not reveal their identity and intentions?

EHL



> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of SitG Admin
> Sent: Saturday, December 13, 2008 6:06 PM
> To: general at openid.net
> Subject: [OpenID] Shade's questions - Privacy for Foundation members
>
> "You cannot have freedom of speech without the option to remain
> anonymous. Most censorship is retrospective, it is generally much
> easier to curtail free speech by punishing those who exercise it
> afterward, rather than preventing them from doing so in the first
> place."
> (http://freenetproject.org/philosophy.html)
>
> Is running the Foundation in an open/transparent way incompatible
> with any sort of privacy that could conceal the identity of its
> members? How do you reconcile the two ideas?
>
> One of the criticisms of OpenID has been that it would make tracking
> far too easy, being able to target a single user and gain ALL
> information about their online activities because they would have
> used the same OpenID *everywhere*. We talk about using multiple
> OpenID's, of course, and some IDP's even automate the process
> (already!), but generally the margin of opportunity is the same: hit
> one target, get ALL that users' data (and possibly every other user
> there, as a bonus, but the goal here isn't mass data-mining of
> unknown victims, it's being able to execute precision attacks without
> going after multiple sources). Compartmentalization of identity in a
> user-centric manner, where the USER makes those decisions - will the
> Foundation, looked to by many as the sterling example of OpenID "in
> action", be led by its Board in a different direction?
>
> I can see where privacy could be considered a dangerous thing for
> Board members to have; if you can't run a background check on them,
> they might be a secret Corporate lobbyist and you would never know.
> What's the risk from non-Board members, though? And what about the
> risk *to* them - let's say their "offline" identity works someplace
> that is politically opposed to OpenID, and the member is a good
> little office grunt who does their paperwork and stays out of such
> discussions, then goes home with their paycheck to spend all their
> free time working on OpenID development. If the employer were to
> discover a connection between one of their own employees and one of
> The Hated Enemy, they might find (or create) some reason to terminate
> that employee's stay with them. Suddenly, that employee is looking
> for a new job (yes, in THIS economy!), and may face other
> repercussions as well.
>
> Especially if they had established that separate identity for the
> purpose of engaging in free-speech activities, and might then be
> targeted by nearby parties. They may have been free with information
> that they never would have let out if it could be combined with
> information associated with their *other* Identity, to discover such
> things as their physical address, or where they worked - as just one
> example, imagine being "out" in a Deep South town. BIG difference
> between being *anonymously* out on some message board, somewhere, and
> having all your neighbors learn that carefully-kept, long-held
> secret. Enabling hate crimes is NOT something OpenID should be seen
> as responsible for (so let us be VERY cautious about security, as it
> relates to privacy!), it could create a NASTY publicity backlash.
>
> So, obviously, privacy is something that should be important for
> OpenID to preserve. But when it comes to membership in the
> Foundation, should we advise those who value their privacy to just
> stay away?
>
> -Shade
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

More information about the general mailing list