Re: [Auth]Freport Update

[John]

David - You're still hung up on the Services colluding. I'm not
concerned about the services. I'm concerned about the Manager. I pointed
out why the first party hosting scenario is less than reliable and
practically forces the traveling Owner to the reliable third-party
scenario, which is has a hole that allows the collection of transaction
meta-data. Thus I'm heartened that you say in-situ:

David Sugar wrote:
> I do not say IDsec is perfect, but it is a reasonable effort and what
> flaws exist can be understood and mitigated, especially by locally
> hosting profiles.  The primary question is can profile providers be
> trusted?  But since anyone can become one, it is quite possible for
> trustworthy (and untrustworthy) ones to exist.

and disenheartened by this non-extension:

As I pointed out in my reply, in a UCITA state that trustworthiness can
evaporate with the flip of some bits at no notice to yourself. Remember,
every well-written commercial TOS contains an agreement as to which 
State and Country terms of the TOS are to be adjudicated. Once you click
you're bound; if the company happens to be governed under UCITA - it
doesn't matter where *you* are only where "they" are. In a UCITA state
he who is trustworthy today in not collecting transactional meta-data is
not necessarily trustworthy tomorrow.

ID-Sec doesn't "prevent the possible abuses of Passport" (one of the
original requirements); but instead allows more corporate entities to
abuse customers in the same way. Colloquially, ID-Sec gives the data
Owner a choice of bloodsuckers to marry. The only way to prevent cloning
the passport collection is to prevent transactional metadata from being
collected at all. (See my other response for how transactional meta-data
can be abused)

Close the barn door. As was originally positted: offer an alternative
that is private on every level. If the aim of DotGNU is to foster our
moral choices (in such manner as the GPL fosters our moral choices),
then opening the barn door wide for even one potential entity to abuse
is a very bad idea. Better to chose a design that backs what we felt
were moral choices in the beginning, than grab the first thing that
comes along and give it the imprimateur of "our way" simply out of
convenience. Build paranoia into our solution from the start as we
originally planned, assume that everyone is dishonest and will try to
benefit from dishonesty.

A piece of paper is a flimsy protection for privacy.

As I said before, I only believe that people should be informed, and if
Hans can show me that the transactional metadata cannot be collected
under his current design *in any sane usage scenario*, then I will
renounce my objection: and probably apologize. 

John Le'Brecage