[Freedombox-discuss] Identity UI
Michiel de Jong
michiel at unhosted.org
Sat Jun 23 08:27:26 UTC 2012
On Sat, Jun 23, 2012 at 7:23 AM, Nick M. Daly <nick.m.daly at gmail.com> wrote:
> So, identity is pretty fundamental to this project. Without identity,
> privacy is a meaningless concept.
> The FreedomBox identifies a person or
> group of people through their keys.
IIUC, that seems to be design choice aimed at power users. You access
your freedombox from either your laptop, or your phone, or an internet
cafe, right? That means that you need to configure the key on your
laptop, then configure it on your phone, and then export it onto a usb
stick, then put the usb stick in your wallet, take it with you on
holidays, not lose it, take it into the internet cafe, stick it into
the computer there, and know how to use it to install use your key on
this computer at the internet cafe.
actually, power users probably don't even use internet cafes. my point
is, in general, people want the device they use to get to their
freedombox, to be stateless. if there is a key involved, then that's
not stateless. All people can remember is their email address and
their password. Should we design for these people? Should we teach
these people new behaviour?
That is, i think, the first question, before we can talk about how the
freedombox identifies users. My vote would be:
- the freedombox should be accessible from anywhere, using a DNS
(sub-)domain, https, and a password.
- if the user forgets their password, then with physical access to the
device (e.g. hold a button for 10 seconds) it can be reset.
- once you have established a https channel from your device (laptop,
phone, internet cafe) to your freedombox, the rest can be fanciful
(asymmetric encryption, onion routing, etcetera). But there should be
a way to get from a stateless device (e.g. a freshly reinstalled
laptop) to your freedombox.
other options are for instance to make your freedombox only work from
within your own home and all homes within wifi range of that, and if
you add physical access (e.g. a code written on the outside, or a
button you should press on there every time you log in), then maybe
you don't need password-based identification between client and
freedombox, and could use per-freedombox keys to link them together.
another thing to remember is that you probably don't want to link
people identifiably to freedomboxes. having your data in your home is
good, unless it makes the home address linked to your online identity
suddenly into public information. ;)
ps thanks for the link on WebBox, didn't know them yet! :) afaics, a
WebBox is not accessible from a stateless device, btw, so i think it's
useful for power users, but not the way to go for mainstream.
More information about the Freedombox-discuss