Re: Privacy/Security Friends of GNOME campaign?



On Wed, Dec 19, 2012 at 12:35 AM, Federico Mena Quintero
<federico gnome org> wrote:
> On Wed, 2012-12-12 at 23:19 -0500, Karen Sandler wrote:
>
>> The marketing team agreed that this time a privacy/security campaign would
>> be great for a friends of GNOME drive. After Jacob Applebaum's talk at
>> GUADEC, we heard a lot of people discussing how important these issues are
>> and how we'd like to do more at GNOME.
>>
>> Are there areas of GNOME that you think could be improved from this
>> perspective?
>
> Jacob mentioned that Pidgin/libpurple badly needs a security audit (and
> since Empathy's machinery is in libpurple, this would have a direct
> benefit for Gnome).  Maybe we could fundraise with that in mind.
>
> Some random ideas:
>
> * What would it take to have a Tor-ified session right from GDM?
>
> * Should we have a desktop-wide "incognito mode"?

While we're throwing wild ideas around that might actually make a
difference in the world, let me share a half-backed idea that came
to mind last night (coincidence I'm reading this thread the following
morning !)... bear with me, the idea is a bit vague and I don't see
the crystal clear path to implementing it, but I'm sure it's quite
doable (and much less complex than implementing Tor).

Simply put the idea is "Identity Sharing".

What if I had multiple identities when I logged into my desktop
which I would use for different purposes ?

The key point here is that I envision some infrastructure that
allows one to tie all access to internet services with a given
identity which can then in turn be shared (and when I thought
of this, I was thinking that GNOME Online Accounts was a
great place to start out on this sort of thing)

For instance, I would log in to hack on GNOME stuff and I would
use some kind of "official appearance" identity... using my
"Tristan Van Berkom" pseudonym. Then I would not share this
particular identity because I may risk sharing GNOME private
stuff (like GNOME commit access)... But I may at other times
rather to use a shared identity.

Sharing an identity would mean that others would have access
to all the facebook/google/youtube/skype/whatever services which
were subscribed to by the original creator of that identity.

The idea is to counteract malicious attempts to tie an
identity to a single person and then profile, track
and spy on them.

This would work better of course when coupled with
something like Tor.

I recall in Jacob's talk on Tor at GUADEC he mentioned
some obvious pitfalls where Tor could not always protect
your anonymity online... i.e. when you log into a site with
your user information... like Skype for instance... they might
not know your location and IP, but your data is being pushed
through their site and is also attached to the "personal information"
you used to create that Skype account in the first place,
which means that they can still spy on you and associate your
conversations with your identity (even without an IP).

Identity Sharing, by way of lessening/removing the overall
value of an internet identity, by way of dissociating the
identity with the person; seems to me to be a small
but significant step towards protecting users from spyware.

Anyway... a friends of GNOME campaign might not be
the right time and place for such a venture, but I thought
it was worth while to share the idea while on the topic
of security.

Best Regards,
              -Tristan


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]