[governance] Identity systems and privacy (was Re: New IGF community site)

Norbert Bollow nb at bollow.ch
Mon Oct 22 03:13:28 EDT 2007 

Stephane Bortzmeyer <bortzmeyer at internatif.org> wrote:

> On Sun, Oct 21, 2007 at 04:01:51PM +0200,
>  Ralf Bendrath <bendrath at zedat.fu-berlin.de> wrote 
>  a message of 23 lines which said:
> 
> > Just for everyone's information:
> 
> Hmmm, this list is probably not the best place to discuss the pros and
> the cons of specific technologies... Specially when you make bold
> statements like:
> 
> > your OpenID provider can track every move you make when you use it
> > frequently.

Given that the igf-online.net site prominently promotes OpenID, I
think it is quite appropriate to discuss whether OpenID (in its
most straightforward usage mode) violates the fundamental civil
society position that no outside third party should be easily able
to track a person's significant online activities.

> Security is always a trade-off. OpenID gives you more convenience at
> the price of some security (you can lower this price by being your own
> OpenID provider, something which is quite simple, unlike what happens
> in other identity technologies).

"Being your own OpenID provider" is AFAIK not possible behind NAT.

Therefore, as long as the problem with the shortage of IP addess
numbers remains unsolved, I don't believe that I can accept this
as a solution to the privacy problem with OpenID.

> Another solution is to keep a separate identity for every Web site you
> visit, something most people find painful.

In principle it should be possible to automate this process to
whatever extent the user desires to automate it while keeping all
the involved software and data just on the computers which the
user is using anyway.

I would suggest that this Caucus should adop the position that
only this kind of approach to automated or semi-automated
identity management is acceptable.

Greetings,
Norbert.


-- 
Norbert Bollow <nb at bollow.ch>                      http://Norbert.ch
President of the Swiss Internet User Group SIUG    http://SIUG.ch
Working on establishing a non-corrupt and
truly /open/ international standards organization  http://OpenISO.org
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

More information about the Governance mailing list