Security is an interesting problem. It would be very difficult to
impliment, but here is my idea:
I was thinking that you could use one proxy (your comany) to control all
access to personal data. Then you could generate a public key for
indexing your data on the proxy. If someone wanted your data they would
have to check it out using their public key (this is the point at which
you could deny access). The kicker would be this: if they want to send
you any information then they address the object with your public key.
The object is then sent through the proxy to translate the public key to
your real information (a second check to ensure they are allowed to send
to you occurs here). Moving this out of the digital world would be
difficult though. You would need cooperation from all major shipping
companies, etc. Definately a difficult problem.
- Sebastian
On Fri, 14 Jul 2006, Anna wrote:
there are a lot of problems. I've been thinking that security would be
relatiely easy to handle compared to ... getting Safeway or SBC (for
instance) to play along. How to I get them to sign a contract before
they access my address and/or phone number?
this makes me wonder about the feasability of giving each different
entity a different "proxy" version of my information, so I can tell
which entity is violating the contract. how would that be managed? The
other day I thought I could perhaps cooperate with the USPS in order to
have them replace the "proxy" version with the actual address.
another problem: how to I get people (everyone) to care enough about the
security (ownership) of this basic personal info that they're willing to
use these legal methods of protecting them? The reason I say "everyone"
is it seems to me this system would be sort of like a union, which only
have a chance of working if you get a sizeable population involved.
As far as internet security; well, that is a tough one of course. It
seems like the best way to go is with two things. 1) Don't even offer
to store financial inforamation or social security numbers or such.
Only contact information. Basically, you lower the target value. 2)
make the interface as simple as possible. only port 443 is allowed
through a firewall. Simple, fast web servers handle everything... The
cgi/whatever system itself implemented is also simple, open source, and
developed in a very clean and modular style with the primary coding goal
being security. I'm sure there are other helpful tricks and strategies
I'm not aware of.
Thanks,
- Anna
On Fri, Jul 14, 2006 at 09:31:13AM -0700, Rick Shepherd wrote:
Very interesting but that site would be the holy grail of identity thieves.
You would need some serious protection; yep, not going to get away with
administrator/null logins there...
R
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anna
Sent: Wednesday, July 12, 2006 6:04 PM
To: [email protected]
Subject: [RLUG] thinking about a project...
Hi.
I've been thinking about a possible project for a while, about
reclaiming control over my personal information. Taking ownership of
it. The latest version goes something like this:
I hand my personal info to an organization (hopefully non-profit and
free). I then specify who is allowed to access my personal information
and under what conditions. The conditions are presented in the form of
something like a software license. (the standard... you can use this
information as long as you abide by these rules.) I (the
customer/owner of personal info) can change the rules depending on who I
give access to my information.
One of the possible rules I can apply to my friends (those I trust), for
instance, is the right and ability to freely disseminate my personal
information to other people they trust in turn, so long as they (my
friends) make the third party receiver of my info aware of the license
I've applied to third parties. (or whatever.)
I imagine a web based interface for the initial setup and as a good
central software if/when this thing ever grows beyond the web. A nice
plus of this is when I move or change my phone number, or even change my
email address, I only have to update one location. I envision a
database like this serving as a nice back-end for potentially all
software and devices that need accurate, current contact info.
I've been thinking about for quite a while. it's just spinning up
there. I haven't really talked about it though. anyone think this is
an interesting idea?
- Anna
_______________________________________________
RLUG mailing list
[email protected]
http://lists.rlug.org/mailman/listinfo/rlug
_______________________________________________
RLUG mailing list
[email protected]
http://lists.rlug.org/mailman/listinfo/rlug
--
( )
H
H
_H_
.-'-.-'-.
/ \
| |
| .-------'._ Sebastian Smith
| / / '.' '. \ Robotic Research Laboratory 775.784.4580
| \ \ @ @ / / Department of Computer Science and Engineering
| '---------' University of Nevada, Reno
| _______| http://www.cse.unr.edu/~ssmith [EMAIL PROTECTED]
| .'-+-+-+|
| '.-+-+-+| (Ascii art by Silver Saks)
| """""" |
'-.__ __.-'
"""
_______________________________________________
RLUG mailing list
[email protected]
http://lists.rlug.org/mailman/listinfo/rlug
