[OpenID] Shade's questions - Privacy for Foundation members

SitG Admin sysadmin at shadowsinthegarden.com
Sun Dec 14 09:56:50 UTC 2008 

>Beside the legal requirement of running a corporation (which is what 
>the OpenID foundation is),

So, if I get hired on at Microsoft as a janitor ("sanitation 
engineer"), I join the elite group of Microsoft-employed stalkers who 
can acquire the personal information of other stalkers who work at 
Microsoft?

Sharing with law enforcement *when a subpoena has been granted by the 
judge* is one thing. Giving away a user's personal information in 
response to a faxed-in request made on Law Enforcement letterhead 
(*cough* eBay), a claim to be that person's employer (*cough* 
Facebook - sorry), or during the simple course of handing out 
publicity materials (*cough* OIDF?!?), is quite another.

Running a corporation does not require management to readily yield 
the personal information of their employees to any interested party. 
I'm not sure what other "legal requirement" could prevent a 
corporation from having ANY policy about its employee's privacy. 
(Since we are not "employed" by the OIDF in any traditional/monetary 
paying sense, this analogy does not quite work. But it seems the 
closest equivalent.)

>How can you find common ground with someone who will not reveal 
>their identity and intentions?

How can you know the identity of someone who does not tell you 
everything about themselves, reveal to you every handle they have 
ever used, and share their hopes and dreams for the future with you?

I submit that it is sufficient to know *some* of who a person is; 
that, in lieu of certainty (proof) that the compartmentalized 
identity they have presented to you is their "primary" identity 
(possessing the lion's share of their identifying data), it would be 
adequate to, after interaction/evaluation, treat that "less than 
everything" "identity" as a person just as real as others about whom 
you know just as much (little).

Okay, more simply put - unless you are in the habit of running 
background checks on everyone you interact with, just to find out 
whether they are keeping any secrets from you (i.e. not telling you 
everything; leaving out, ANYthing), you probably won't know the 
difference when you *do* encounter "partial" individuals.

If dishonest as well as private, you almost *certainly* won't, 
because they'll give a real-sounding name that simply happens to not 
be theirs. And who can tell? Is someone going to step forward and say 
"I looked but there is NOONE in the geographical area we can assume 
this person to live in, who has that name."? I may look around and 
see one blog giving this person's name, another 20 or so referring to 
it - but where did *they* get *their* information? Did *anyone* know, 
did anyone confirm this identity outside the (network) channels used 
to advertise it?

Is the difference here between incidentally "not revealing" all of 
their identity/intentions (but not telling anyone), and 
*deliberately* (with privacy aforethought!) withholding the 
identity/intentions that aren't relevant to the situation? (In one's 
own judgement, of course - but note, this is the same rationale that 
goes into *incidentally* not revealing such things!) If so, the 
process seems to favor those who are secretive - only the innocent 
would single themselves out for such punishment. Hardly the 
environment designed to encourage/foster honesty!

-Shade (an obvious pseudonym, not a real-sounding name)

More information about the general mailing list