[Freedombox-discuss] Relationship driven privacy

John Walsh fiftyfour at waldevin.com
Fri Jul 1 14:28:33 UTC 2011 

 Hi James,
Thanks for your response

> We can do it like Facebook.  Everybody friends your profile 
> and you manually group them.  The grouping is private in that 
> your friends don't know what groups they're in (and most of 
> the time, even if they've been grouped at all).

At the time you "friend" (connect) a profile instead of "Accept" you must
choose a relationship(s) (sibling, parent, etc.) or "Ignore". The same as
facebook this relationship selection remains private. These relationships
can be based on XFN(1). This minimises leaking and optimises privacy based
on relationships.

> 
> We can do it like Diaspora.  Explicit groups where the 
> interface requires that you group people and is public about 
> which groups you're interacting with when.

I haven't explore Diaspora because I thought it was alpha software. 
> 
> Another approach is to use URLs.  Give all your friends the 
> http://fbox.example.com/wild-and-crazy-guy address.  Give 
> your family the http://fbox.example.com/pious-father address. 
>  Give your coworkers the 
> http://fbox.example.com/always-at-my-desk address.  Each of 
> these are just different views of the same profile.  And then 
> you could manually change what people see if somebody's 
> status changes from, say, /boyfriend to /ex-boyfriend.

I don't like this solution - too much work for the user.
> 
> The interface should be obvious about which groups you are talking to.
> Perhaps the css could change in obvious ways (backrgound 
> color?) or perhaps the software could be smart enough to know 
> you don't want to share "me-drunk.png" with the group labelled "WORK"

I think change of colour is important for mixed groups, e.g. you have people
in a group with different relationships and no mutual relationships. XFN do
this too.

Personally, I prefer the activity interface (grouped by conversations) than
the traditional inbox interface. The default group/view is "all"
activities(items), but you could also have views for friends, co-residents.
Look at Chandler to see there is a single data item but can be seen from
different views. So if I choose the sibling view, I can only email/respond
to addresses for people with a sibling relationship (this does not exist in
Chandler)- choose the relationship, then choose app.  
> 
> I'm interested in other ideas and mechanisms for managing 
> identities and making sure information doesn't leak between 
> identities.

Another option would be to choose the message "sensitivity" at time of
publication. "Private" (default)you can only post to "me". "Secret" you can
only choose individuals who become licensees of the information, i.e. a
disclaimer/license says not to distribute the information. "Confidential"
license can be individuals or groups who are licensors of the content, i.e.
they can distribute to their friends(licensees)only, but their friends
cannot distribute it further. The license is an honour bound thing like
creative commons. "Public" content is posted to "Everyone" - the public part
of your website with a CC license. 

Another option is post the content to your website only, allowing licencees
to view "secret" information. For "confidential" information you also
provide a download link to a file (hi-def for photos) so that it's an extra
step for your licensors to forward to their friends/licensees. There would
be embedded metadata in this file listing the licensors (email address)with
a licence (rights) restricting distribution to licensors only.

I think your personal email address should be just numbers like a telephone
number or tax number i.e. personal informtion, but not personably
identifibly. Like CallerID for the phone, the people that are directly
connected to you will pull in your details, while the people that received
the file would not know who you are. 

However, even if you did all this, the applications of today would leak your
identity. My email address is fiftyfour at waldevin.com to protect my identity,
but when my friend emailed all her friends my name appeared due to the
display name field in her Outlook. Similarly, signing up to this mailing
list I choose a nickname, but my full name appears in the archives. The
irony of my name appearing on the freedombox mailing ;o I am curious about
how non-intentionaly leaky apps/friends are with my personal identifible
information.

My last point would be to check-out Google+ for any ideas - I haven't seen
it and I have no invite. Like Facebook the appearance/UI of privacy will be
important - in facebook you can hide your friends list from your facebook
friends, but your list is publicly available through Google. FreedomBox
should copy the UI, but make it real!!

(1) http://gmpg.org/xfn/intro

More information about the Freedombox-discuss mailing list