[OpenID] (privacy) endorsement, John Bradley
Peter Williams
pwilliams at rapattoni.com
Tue Dec 16 12:48:11 UTC 2008
The last 7-10 days have been big help to me. Eran's email-personality is particularly helpful forcing function, because it so didactic. For my part, I've got a much better handle on UCI, arrived at by studying the reactions of Candidates to the harder issues being posited in the election (in what is an introspecting debate process).
I'd been struggling to distinguish the two types of UCI that characterize the movement: 1) UCI as in data portability (to overcome the commercial-portal imposing hub/spoke flow models that limit where you the user can take your contacts, or which IM buddy you can interact with), and 2) UCI as in multiple nyms (any one of which you may use, to compartmentalize your life with a view to hindering the correlating impulses of certain RPs with data mining power [e.g. the blog operator of change.gov])
What we have learned recently is that there is an application-infrastructure dimension which undoes those distinctions, which is positive in spirit despite un-separating that which was just separated: UCI as in the consolidation of the individual's weblife (in which one or more SPs re-build a "personal" portal that puts together all uses of a person's multiple nyms, cited earlier on multiple sites .. which specifically do not share an inherent data aggregation point. What the data mining aggregator lacks (a locator function of where you've use your openid nyms), the openid owner can provide - to guide the aggregator on the personal portal.
Then, we saw the current leadership's often vituperative position on risk management models, when dealing with the main driver for the structure chosen for the Foundation's Board; one specifically designed to deal with the IP and patent issues surrounding sso and openid technologies (the hint-hint, FUD and general threat-based environment created by a large companies with undisclosed patent claims, who yet wish to join communities focused on public-spirited IT normalization, which typically object to the contamination of public-spirited standards with submarine IP).
The IP debate caused reflection of as UCI as in "public culture": an obligation to sign documents (the professional obligation), an obligation never to use those nyms (the assumption of immorality), and an obligation to submit to mandatory accountability (transactions must be traceable). We saw how the current and candidate leaders of the openid element of the UCI movement collectively badgered those who might actually apply the anonymity element of the multiple nyms model, wholescale rejected suggestions that offered strict policy enforcement as an option per relying party, and rejected the notion that such policy enforcements can ever be optional or "discretionary" (the enforcement must be universal, mandatory and "cultural" for UCI to bring the benefits attached to its moniker).
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Eran Hammer-Lahav
> Sent: Sunday, December 14, 2008 4:04 PM
> To: SitG Admin
> Cc: general at openid.net
> Subject: Re: [OpenID] (privacy) endorsement, John Bradley
>
> > From: SitG Admin [mailto:sysadmin at shadowsinthegarden.com]
> > Sent: Sunday, December 14, 2008 3:48 PM
> > To: Eran Hammer-Lahav
> > Cc: general at openid.net
> > Subject: RE: [OpenID] (privacy) endorsement, John Bradley
> >
> > >I think anyone who believes that privacy exists
> > >online is either stupid or naïve, but I have
> > >zero interest in debating that,
> >
> > How does this work with accountability? Would you
> > support penalties for members of the Board who
> > disclosed members' personally identifying
> > information? Or would you insist that "There was
> > no breach of privacy, because the member never
> > really had any in the first place."?
>
> Current membership agreement states that you allow all your information
> to be made public. So far I am only aware of you rejecting membership
> on that ground. If more people will present a similar objection, I will
> have no problem with the board voting for changing the privacy policy
> as long as it is allowed by the state of Oregon for non-profit
> corporation. If at that point someone violates foundation rules, they
> have the full support of the legal system to pursue justice. Should a
> board member be removed because of that? Well, that's another vote and
> if it was intentional, I would vote to remove that person.
>
> We set rules and we play by them. The CURRENT rules do not offer any
> such privacy and changing it to accommodate *you* is not something I
> care about. If existing members or enough potential members cared about
> it to contact the board, I will be happy to revisit this policy and
> will likely support an opt-in mechanism.
>
> > >To suggest that you cannot trust the names
> > >people use in this community is to me an
> > >unacceptable level of paranoia.
> >
> > Idealist, realist. There is NO EVIDENCE on this
> > list that the names given are real names. Period.
> > You can go outside the list and look them up,
> > provide yourself with a level of assurance that
> > YOU accept, but do not tell us that it is
> > "unacceptable" to not trust such things based on
> > their usage alone.
>
> Technically, true. But in practice, in this community, on this list,
> living based on this assumption is paranoia.
>
> > >There isn't a single active member on this list
> > >who participated in actual work (specs,
> > >foundation, evangelism) that I haven't either
> > >met in person or met someone I trust who can
> > >vouch for them.
> >
> > I have evangelized OpenID locally, but I suppose
> > this doesn't count. Out of sight, out of mind.
> > Members of the community may have done a lot to
> > help OpenID, but if they won't give their real
> > names *on this list*, it was never actual WORK.
>
> Other than you, on this list, my statement is true. I did not imply you
> did not participate, just that from *your* POV, since everyone else has
> offered their name and affiliation, my description is accurate.
>
> > >For the record, this is exactly what I have wrote before:
> > >
> > >"The foundation should not be handing out
> > >personal information for any other purposes than
> > >to obey its bylaws (for example, sending
> > >notifications as legally required will mean
> > >giving someone with an administrative capacity
> > >access to the mailing lists). Members should
> > >have an opt-in way to allow their name and
> > >city/country to be listed, with optionally their
> > >employer."
> > >
> > >How that is different from John's position is beyond me.
> >
> > Respect for privacy - which, again, you believe
> > to not even exist. I won't try to make the case
> > (to you) that this means you don't respect US,
> > since it's tricky to include, in the definition
> > of a person, the right to that which doesn't
> > really exist.
> >
> > Many analogies spring to mind of denying some
> > minorities basic human rights because those
> > making the decisions thought there was some
> > special circumstance that applied. I won't go
> > into those, because most of them aren't nice, but
> > I do think that decisions about privacy shouldn't
> > be made based on the premise that it doesn't
> > exist.
>
> Now you are just being silly. I never said there is no such thing as
> privacy in general. My statement was clearly made in reference to the
> web. And having a right to something hardly ever translates to having
> it in practice.
>
> I'm done with this thread.
>
> EHL
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list