[Freedombox-discuss] Relationship driven privacy

[Tony Godshall]

> ... The same principle exist between a reporter and a
> whistleblower. The pseudonymity article suggests the technology exists to
> protect freedom fighters through unlinkable pseudonyms.

It's important, I think, to be able to extend the web of trust to
people we can identify and trust, not just the I met at a key signing
and confirmed his government ID, but also the guy who organized the
protest and wears the baseball cap and shades and owns the
freedomfigher997 at gmail.com e-mail address...

> Outside the FreedomBox network, I will still need to access websites using
> the insecure practise of username/password. ...

Not so insecure if the password is encrypted...  indeed it may be more
secure than carrying around media containing your key, which may be
taken from you by an authority...

> ... I would like to see FreedomBox
> support OpenID and WebID i.e. the FreedomBox owner is the identity manager.
> OpenID is in wide use, and has "personas" which is similar to relationship
> profiles. WebID is more secure than OpenID, but AFAIK does not
> have relationship profiles and is not widely used.

Can you tell us more?

> Why can't new users today create their own account after passing a challenge
> test using their personal information?  The challenge test would be
> performed on a device (MAC address registered on server) in a secure area
> (identity check required for area access) and the user's personal
> information must already exist on the HR/owner's server (Web of Trust).

Well, that's opens our freedom fighter up for compromise, doesn't it?
Our oppressed hero probably wants all his activities done under one or
more pseudonyms...

> I am
> not suggesting FreedomBox do this, but wonder why doesn't this WOT model
> exist already?

Um... keysingings?

https://secure.wikimedia.org/wikipedia/en/wiki/Key_signing_party

Not that they're particularly user-friendly :-(

Tony