there are a lot of problems. I've been thinking that security would be relatiely easy to handle compared to ... getting Safeway or SBC (for instance) to play along. How to I get them to sign a contract before they access my address and/or phone number?
this makes me wonder about the feasability of giving each different entity a different "proxy" version of my information, so I can tell which entity is violating the contract. how would that be managed? The other day I thought I could perhaps cooperate with the USPS in order to have them replace the "proxy" version with the actual address. another problem: how to I get people (everyone) to care enough about the security (ownership) of this basic personal info that they're willing to use these legal methods of protecting them? The reason I say "everyone" is it seems to me this system would be sort of like a union, which only have a chance of working if you get a sizeable population involved. As far as internet security; well, that is a tough one of course. It seems like the best way to go is with two things. 1) Don't even offer to store financial inforamation or social security numbers or such. Only contact information. Basically, you lower the target value. 2) make the interface as simple as possible. only port 443 is allowed through a firewall. Simple, fast web servers handle everything... The cgi/whatever system itself implemented is also simple, open source, and developed in a very clean and modular style with the primary coding goal being security. I'm sure there are other helpful tricks and strategies I'm not aware of. Thanks, - Anna On Fri, Jul 14, 2006 at 09:31:13AM -0700, Rick Shepherd wrote: > Very interesting but that site would be the holy grail of identity thieves. > You would need some serious protection; yep, not going to get away with > administrator/null logins there... > > R > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anna > Sent: Wednesday, July 12, 2006 6:04 PM > To: [email protected] > Subject: [RLUG] thinking about a project... > > Hi. > > I've been thinking about a possible project for a while, about > reclaiming control over my personal information. Taking ownership of > it. The latest version goes something like this: > > I hand my personal info to an organization (hopefully non-profit and > free). I then specify who is allowed to access my personal information > and under what conditions. The conditions are presented in the form of > something like a software license. (the standard... you can use this > information as long as you abide by these rules.) I (the > customer/owner of personal info) can change the rules depending on who I > give access to my information. > > One of the possible rules I can apply to my friends (those I trust), for > instance, is the right and ability to freely disseminate my personal > information to other people they trust in turn, so long as they (my > friends) make the third party receiver of my info aware of the license > I've applied to third parties. (or whatever.) > > I imagine a web based interface for the initial setup and as a good > central software if/when this thing ever grows beyond the web. A nice > plus of this is when I move or change my phone number, or even change my > email address, I only have to update one location. I envision a > database like this serving as a nice back-end for potentially all > software and devices that need accurate, current contact info. > > I've been thinking about for quite a while. it's just spinning up > there. I haven't really talked about it though. anyone think this is > an interesting idea? > > - Anna > > > _______________________________________________ > RLUG mailing list > [email protected] > http://lists.rlug.org/mailman/listinfo/rlug > _______________________________________________ RLUG mailing list [email protected] http://lists.rlug.org/mailman/listinfo/rlug
