2013/UK/IndiePrivacy

Archived from https://etherpad.mozilla.org/indiewebcamp-indieprivacy, please clean.

IndieWebCamp 2013-09-07 session on #indieprivacy
Do we have a responsibility to build privacy into our tools? Current indieweb implementations:
 * aaronparecki.com has draft posts, indieauth login-protected, access limited to a list of URLs
 * waterpigs.co.uk did implement this a while ago, never used it, probably want to get it working again soon

Consequence of NSA surveillance revelations is that the assumption that posting content to X silo creates only a relationship between you and X, whereas in fact there are other parties involved. We know that NSA is a $5 BN problem, we know that we have to up the stakes. With postal mail, for your mail to be read “they” have to break down your door. Now everything happens through back doors.

Nobody has good identification structure, we delegate those problems to government or silos like. A problem with privacy is that no-one has the same definition of it. Manifesto version: ability to selectively expose yourself to the world. There is an emerging understanding in the crypto world that UX is the problem. No-one uses it beacuse it’s too hard.

If you want to be able to do secure web stuff you need certs (don’t make that face!)

Tangent: FF OS security model: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Security_model
 * TODO: try to find the persona threat model docs on the wiki somewhere

This is a decent summary of the approaches behind PiCL (profiles in the cloud): https://blog.mozilla.org/warner/2013/07/23/picl-crypto-review/

People care about things they have a degree of control over. People need control in order to care. Our needs are aligned with our customers (if indeed we actually have customers), as opposed to ad-based, data-exploiting business models.

Most personal cloud solutions at the moment try to reinvent and build all of the “core” needs e.g. email, file hosting etc.
 * http://cozy.io/
 * http://owncloud.org/

Competition between multiple separate apps instead of monolithic monocultures can be a good thing and will drive innovation, the apps should be able to represent data in consistent ways. Shared culture between multiple interoperable apps — who designs it, where does it come from? A potential problem with the solving-your-own-problems is that different solutions will have different UI conventions and cultures.

The higher-level things are, the less standardisation there is.

We need a UX standardisation effort for the web a la W3C. (If the conversation is mature enough for that?) We should actually build stuff instead of just talking about it or writing specs.

If you look at open source projects they have a “look”.

Most people who want to contribute to OS projects want to contribute code (or maybe design stuff) — but to build a business you need all sorts of other stuff (marketing, leadership, etc.)

Do we need an addition to http://indiewebcamp.com/principles on this?

Possibility: with "own your own data", something about "you have the choice to publish/selectively publish whatever you would like. ?

Possibility: owning your data — even if it's not related to the Web. iCloud equivalents. If this doesn't fall under the remit of the IndieWeb, where does that discussion go?

Tangent discussion: are domains actually the best unit for an identity? We should consider this carefully. We need a mechanism for revocation, if you give up a domain.

We need to show that these are actually problems and prototype/build other solutions instead of just saying that they exist.

Why_web_sign-in