[OpenID] Shade's questions - Privacy for Foundation members

Eran Hammer-Lahav eran at hueniverse.com
Sun Dec 14 07:15:46 UTC 2008 

Beside the legal requirement of running a corporation (which is what the OpenID foundation is), the idea of anonymity in standards work is generally not desirable. The whole premise of a groups of people/companies coming together to form a standard is to find common ground. How can you find common ground with someone who will not reveal their identity and intentions?

EHL



> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of SitG Admin
> Sent: Saturday, December 13, 2008 6:06 PM
> To: general at openid.net
> Subject: [OpenID] Shade's questions - Privacy for Foundation members
>
> "You cannot have freedom of speech without the option to remain
> anonymous. Most censorship is retrospective, it is generally much
> easier to curtail free speech by punishing those who exercise it
> afterward, rather than preventing them from doing so in the first
> place."
> (http://freenetproject.org/philosophy.html)
>
> Is running the Foundation in an open/transparent way incompatible
> with any sort of privacy that could conceal the identity of its
> members? How do you reconcile the two ideas?
>
> One of the criticisms of OpenID has been that it would make tracking
> far too easy, being able to target a single user and gain ALL
> information about their online activities because they would have
> used the same OpenID *everywhere*. We talk about using multiple
> OpenID's, of course, and some IDP's even automate the process
> (already!), but generally the margin of opportunity is the same: hit
> one target, get ALL that users' data (and possibly every other user
> there, as a bonus, but the goal here isn't mass data-mining of
> unknown victims, it's being able to execute precision attacks without
> going after multiple sources). Compartmentalization of identity in a
> user-centric manner, where the USER makes those decisions - will the
> Foundation, looked to by many as the sterling example of OpenID "in
> action", be led by its Board in a different direction?
>
> I can see where privacy could be considered a dangerous thing for
> Board members to have; if you can't run a background check on them,
> they might be a secret Corporate lobbyist and you would never know.
> What's the risk from non-Board members, though? And what about the
> risk *to* them - let's say their "offline" identity works someplace
> that is politically opposed to OpenID, and the member is a good
> little office grunt who does their paperwork and stays out of such
> discussions, then goes home with their paycheck to spend all their
> free time working on OpenID development. If the employer were to
> discover a connection between one of their own employees and one of
> The Hated Enemy, they might find (or create) some reason to terminate
> that employee's stay with them. Suddenly, that employee is looking
> for a new job (yes, in THIS economy!), and may face other
> repercussions as well.
>
> Especially if they had established that separate identity for the
> purpose of engaging in free-speech activities, and might then be
> targeted by nearby parties. They may have been free with information
> that they never would have let out if it could be combined with
> information associated with their *other* Identity, to discover such
> things as their physical address, or where they worked - as just one
> example, imagine being "out" in a Deep South town. BIG difference
> between being *anonymously* out on some message board, somewhere, and
> having all your neighbors learn that carefully-kept, long-held
> secret. Enabling hate crimes is NOT something OpenID should be seen
> as responsible for (so let us be VERY cautious about security, as it
> relates to privacy!), it could create a NASTY publicity backlash.
>
> So, obviously, privacy is something that should be important for
> OpenID to preserve. But when it comes to membership in the
> Foundation, should we advise those who value their privacy to just
> stay away?
>
> -Shade
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

More information about the general mailing list