Category Archives: identity

Trader Reputation

Leave a reply

Presumably as the internet identity problem get’s solved services will emerge that can cough up tiny nuggets of information about those identities. Did zippy_133_a go to Harvard? Is sweet_thing_341 over 18 years of age? What percentage of wild_boy_12’s comments to blogs were flagged as spam, offensive, angry? Ebay, for example could provide a service that provides information about an identities’ feedback at there, i.e. “bought 10 items for a value 312$ with 100% positive feedback, sold 3 items for 17$ 33% positive feedback, 66% no feedback recieved.”

I was pleased to discover there is another trading reputation server: Heatware. Heatwave is used by folks that buy, sell and trade in internet venues other than eBay. Since you can click around in their user database it’s easy to find the high volume traders, for example this quy. Since traders here post their persona’s in various trading sites this also provides a directory of trading venues other than eBay. I’ll note in passing that forces accounting linking across the persona, which I consider to be unfortunate.

I can’t believe I didn’t know about this.

Now Heatware should not be confused with Heatwave, who makes giant vacum+microwave chambers used to dry your lumber so you can sell it immediately.

Unlinkablity

Leave a reply

I see that the New York Times found a reporter with sufficent wit to actually track down one of the users who’s searchs are revealed in the AOL search data. It’s a pretty good article.

Meanwhile Ben Laurie is curious about creating an anonymous package delivery system by mimicing the ideas found in Tor. It’s an amusing idea Anonymous Package System, or APS; I’m sure that Fedex is scared! If two of you out there want to give this a try you can forward a package thru me; send me a pgp email and I’ll send you back a token to include in the package (think of it as postage) to provide you “bought” the one unit of forwarding. I’ll can then take pictures of the various artifacts for and do blog posting to report on how it works out.

Today, rather than anonymous physical package delivery, I find my self yearning for Tor like functionality that I can target at particular URLs; because today I’m much more interested in hiding my search data from Google than I was a week ago.

Inalienable

Leave a reply

An interesting triple.

… arguments in favour of having secret ballots …; most obviously the argument that secret ballots obscure the information needed to perfect a market in votes; so that the vote remains effectively inalienable …

These three: privacy, markets, and inalienable are deeply linked.

Fungibility – the dark side

1 Reply

If you give your child lunch money only later to discover they are buying candy with it you may discover your yearning for a special less fungible lunch currency. Not surprisingly there are micro-currency solutions for this problem in micro-managing your subordinates. If you give money to the local youth center earmarking your donation for youth basket ball and later find out it was spent to repair the roof the situation is less clear. When the green grapes appear at your grocer in January you can thank free trade and Chile; when there happens to be a black widow spider in the grapes you might question the wisdom of the making produce so fungible.

I used the word fungiblity a lot when I was working on Internet Identity. One of the many players in that standards making process are the firms that have huge amounts of account data about their trading partners. A strong identy system would allow them to make that data more fungible. If they could puzzle out a way to get permission to exchange that data with other parties they could convert static data in their vaults into dynamic data – a source of profit.

So I’m gobsmacked that I didn’t see this coming. The tax prep industry is seeking a rule change from the IRS that would allow them to resell the tax return data of their clients. Man is that evil! I paarticularly admire how this is framed as a clarification of tax payer privacy rights – indeed it is. Notice also how the industry is using it to protect themselves from foriegn competition. I guess this kind of thing happens almost automatically when the middlemen – in this case the tax prep industry – becomes sufficently concentrated.

Meanwhile, back on the lunch money problem. You could send you child to school with lunch already made. This would teach them valuable negotiation skills as they barter their lunch for better options. A wise parent might just send them to school with some highly fungible trade goods – cookies for example.

Anonymous Gossip

Leave a reply

For the last few years I have worked off an on on the issues around Identity on the internet. Browser redirects, browser cookies, web bugs embedded on the page, plus the occasional bit of JavaScript to orchestrate browser behavior loom large in the toolkit used to design these systems. The systems that invade people’s privacy, like DoubleClick, uses these same tools.

I’m kind of proud of my gossip model for thinking about these problems; e.g. that what really bothers people about the problems of privacy invasion is the sense that people are talking about them; passing gossip, slander, and which articles in the paper they read this morning. That gossip is passed across back-channels your unaware of. That gossip is aggregated by brokers who provide gossip-knowledge-pools for their customers. The gossip brokers don’t necessarily have any relationship the folks, you and me, about whom they are accumulating data.

The architectures for internet identity that strive to be respectful of end-user privacy are complex because they draw the end-user into the negotiation about what information may be passed between to parties that have relationships with that user. So if your mortgage company wants to work with your bank in a manner that respects your privacy they need to bring you into the loop and get your permission. The internet identity solutions manage this using the tools (redirect, cookies, etc) to orchestrate that.

Of course parties that don’t respect your privacy can use the same tools to pass data back and forth. In effect using your web browser to help them establish the back channel they need to be able to gossip about you. Thus if a few customers of a gossip broker, like DoubleClick, all drop a web bug on their pages then the broker can act as a clearing house for information about your behavior at each of their sites.

So, I enjoyed this paper on “New Covert Channels in HTTP: Adding Unwitting Web Browsers to Anonymity Sets” because outlines a delightful point in the spectrum such systems. It sort of turns everything on it’s head.

In this case, instead of a group of gossip-broker customers coordinating the web pages they present to users so they can pool their knowledge of how those users behave we have a group of sites that are looking for a way to pass messages around anonymously. In particular they want to be sure that no outside observer can tell who is exchanging messages with whom.

For example I have a few friends who practice good privacy hygiene and with those I encrypt almost all my email. This way observers listening in on the wire can’t see what we are talking about. That’s good, but what’s bad is that these observers can see who my friends are, and they can tell when I’m communicating with them. Which, frankly, is none of their business.

To solve problem you need a special black box. I poke my message into the box and sometime later it pops out on at my correspondent. You can’t trust anybody to run this box, so you have to figure out a way to run it without a central authority. The traditional means to that end is to run a swarm of email servers – called remixers. You poke your message at one remixer and it jumbles up it’s parts and timing and scatters it out to the swarm. Slowly but surely the scattered bits rattle around the swarm until they pop out on the other side.

The paper reframes that idea with one key additional trick. The nodes in the swarm are web servers. These web servers never connect to another member of the swarm. Instead when an unwitting browser lands on them, like a bee on a flower, they use the bag of tricks used for gossip passing (redirects, cookies, etc.) to push their message fragments onto other nodes in the swarm.

I love it. For example; notice how this is a peer to peer network with two classes of actors; the unwitting browsers and the servers of those who which to remain anonymous.

Identity Blackmail

Leave a reply

Credit rating firms are the premiere example of an identity business in my gossip model of identity. They aggregate gossip about citizens from institutions that have active relationships with them know them. They then sell models of those citizens to institutions that would lack a model but need one to reduce risk. You and me, those who are being modeled are typically not their customers, we lack any relationship with these gossip firms. They have relationships with their suppliers, firms with models, and their demand comes from firms without models.

That’s been changing as consumer protection laws have begun to force the credit rating firms to develop a relationship with the consumer. That’s turned out to be profitable.

These gossip firms aren’t limited to just credit rating. Some of them will talk about credentials – criminal, academic, licensing. Some of them do medical records. I assume there are ones for insurance and physical location, etc. etc.

The Internet is beginning to provide an interesting new source of supply for the gossip companies and new business models for building them. You can aggregate a lot of information about some people using just a search engine; and who knows maybe it’s higher or lower quality than the information a more classic background checking firm could get you. The social networking sites are kind of gossip firm – with much smaller suppliers and customers than the traditional credit checking firm.

A friend asked recently how he could fix the bogus links that come up first on Google when you enter his name. These were articles from a local newspaper full of inaccuracies. Since there is no consumer protection laws around google’s role as a gossip intermediary my answer – a somewhat more nuanced version of ‘get better fresher gossip’ – wasn’t particularly helpful.

Today another friend sent me a link to a web site with a model of everybody. They have scraped the web trying to find each and every one of us, and then populated their model with what they found. Here’s what you get if you look up my name.

Recalling that the credit check firms where forced into the discovered that it can be profitable to create a relationship with the people they are modeling. Recall that the social networking firms (orkut, linkedin, friendster, etc. etc.) start right out the gate by creating a relationship with the people they are modeling.

I’m amused to notice that the folks at this place have a button that allows me to claim my page. Since much of what they collect is woefully incomplete and full of errors this button looks a lot to me like blackmail. The first time I saw that “claim your page” technique was at blogshares – a delightfully silly game built around how many links your blog has. Technorati has a similar device. So it’s not always blackmail; though it does always have just a hint of something odd. That’s the nature of gossip.

Thanks for two typos so far.

What do I need line for, when I have color?

Leave a reply

I am not worthy! Peter Davis attempts the impossible; to reduce thousands of man years of work on PR agendas, industry politics, entrepreneurial hope, market share machinations, expert puzzle solving, and late night enthusiasms into a simple block diagram! Maybe version 1.1 could show the number of email messages, frequent flyer points, and billable legal hours. Oh, possible he could hint a the IPR dispute density with drop shadows?

Enabling Agency

Leave a reply

Agency is a puffed up word used to way to say that somebody else is doing the work for you. A real estate agent, for example, sells your house for you. The paranoid worry that agents won’t manifest exactly your best interests as they do the work.

The other day I overheard somebody saying he wanted to allow users of his site, call it A, to give permission to other sites, call them B, to push and pull information from A. That ought to be common, but it is not. eBay has a scheme for doing this; but that maybe the only example I’ve seen in the wild of what ought to be a common pattern.

For example say I wanted to delegate to a B site permission to scan my email for important messages and when it finds them it should send me SMS. For example say I wanted to give permission to site hosting my blog permission to pull URLs from my private bookmarks site. For example I want to give permissions out so that my blogging and email sites can collaborate to make posting something I got in an email more trivial.

The usual, and extremely lame work around for this is for site B to ask for my user name and password at site A. Site B then visits site A pretending to be me and get’s the data it needs. That’s bogus because it grants site B far more power to act on my behalf than is desirable. This is the “Here let me help! Oh, I’ll just need to steal your identity.” approach.

Better systems aren’t hard to build. For example Site A can have a page that the user fills out to state: “I grant site B the following rights to act on my behalf for the following period.” Submitting that page results in site A coughing up a big number, in effect a ticket (technically it’s called a capability). The user gives the capability to site B.

Just a small matter of standardization?

Actually no. These such simple systems that standards, while nice, aren’t really necessary. All site A needs to do is keep a table recording the capability tokens it has handed out. When site B wants to do work as the users agent it works directly with site A. The best news is that it does not have to lie. It no longer needs to masquerade as the user. Site B authenticates with site A using it’s own account. Site A knows who it’s working with. When B wants to do some work for the user it includes with it’s request the Site A capability token it got from the user.

Site A then has to check if the requested operation is approprate; e.g. timely, within the rights the user granted, and something Site A currently trusts Site B to do. Site A can then lookup who the user is and do the deed. Site B never need know the user’s identity at Site A.

I suspect the real reason this is so uncommon is that site A doesn’t really want to relinquish data to site B; it would rather horde that data and the options for what to do with that data closely. In the dreams of site A’s product managers holding the data enables them to lock the user into a more bundled solution. Capablities help temper this concern, notice that Site A can negotiate with Site B over time to reach mutually advantagous deals.

Small sites should do two things. They ought to enable this kind of agency because it will create complements around their offering; while complements always make your offering more valuable they also let small sites collaborate to create integrated experiances that currently only huge portals can. The second thing they should do is just as important though. They should be prepared to limit partner site access in scenarios where it becomes clear that they are taking more than they are giving back. I.e. some sort of peering agreement would be a good thing.

If small service sites can enable this kind of activity highly cool highly integrated services will emerge quickly, much more quickly than the product manager at any tightly integrated centralized site can manage to implement them.

Fear of agency v.s. fear of concentration – damn’d if you do damn’d if you don’t.

(thanks to the three people who noted typos so far)

Barndoor standards

Leave a reply

Javascript is a perfect example of a syndrome in standardization that keeps CIO’s up at night. Let’s call it the barndoor syndrome; after closing folksy saying: “Shutting the barndoor after the horse escapes.”

Javascript escaped into the wild before it was standardized; it then underwent very rapid mutation in the installed base. Three forces drove this rapid emergance of new species: the security nightmare, the fun everbody was having, and high stakes competition. The last is particularly corrosive to the collaboration necessary for standards making. This family of species are now all over the installed base, and as we all know installed bases are very hard to move.

The poor web site designer is stuck with a miserable choice. He can antagonize large numbers of users; or he can make himself miserable. It’s a kind of quanity/quality trade off.

The standard(s) for Javascript aren’t a foundation for innovation; they are more like a beacon in the night toward which their authors hope the installed base slowly migrates.

When learning the language the standard is only a point against which you can measure the distance, in units of exceptions possibly, you must travel to reach this or that subpopulation of the installed base.

Driving the horse out of the barn is very tempting, since it builds momenteum and helps you search for the best design informed by actual use rather than ivory tower mumbling (i.e. security architectures). So we could rename this syndrome entrepeurial standards making rather than barndoor standards making.

When small entrepeurial firms do this it’s reasonably ethical; how else are they going to get traction in the market. When large monopolist firms do it the ethics are much more muddy. Which is something to think about when reading people’s critiques of Microsoft’s infocard. It is of course irrelevant to Microsoft if their designs go thru a legitimate standards process; just as long as it wins in the marketplace. Microsoft has cleverly attempted to substitute for a real standard process a conversation in among bloggers. The technorati are one audience you need to convince before a standard will gain great  momentum, but they are not a substitute for real legitimate standards making.  Assuming that you lack  sufficient  market power to just command it’s success.

Boundries and Identities

Leave a reply

Boundary activation consists of an increase in the salience of one such boundary, hence one identity, at the expense of others that are available. ”

The identity problem has three parts: the individual, the relationship, the other. Your identity is a bag of these triples; which I find useful to call persona. Over time various persona ebb and flow; so one’s identity is an extremely very dynamic construct. The other entities; found on the other side of these relationships are also extremely dynamic.

More often than not the others are institutions; clubs, gender, race, nation, guild, religion, bank, shop. Social networks. These must all be treated as first class citizens as we search for designs to solve the problem. We can do serious damage to the enterprise, even it it has a certain emotional appeal, if we ostracize these from the design.

Dick Hardt’s marvelously entertaining OSCON keynote consolidates a pile of sharp insights. But it concerns me that he appeals to the emotional when he suggests that the Identity 2.0 meme is about moving the individual to the center. That just doesn’t make any sense to me. It don’t think it helps our ability to find a functional design to activate a boundary that forces people to pick sides between the social institutions and the individuals. In that light the subtext in Dick’s talk regarding Canada seems particularly poignant.