{"id":806,"date":"2007-06-18T14:43:54","date_gmt":"2007-06-18T22:43:54","guid":{"rendered":"\/?p=806"},"modified":"2007-07-17T20:38:45","modified_gmt":"2007-07-18T04:38:45","slug":"no-masks-in-the-grocery-store","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=806","title":{"rendered":"No masks in the grocery store"},"content":{"rendered":"<p>Dave Kearns <a href=\"http:\/\/vquill.com\/2007\/06\/i-dont-wear-mask-when-i-go-to-grocery.html\" class=\"broken_link\">discusses <\/a>the first part of my examination of the relation between identity technologies and linking, beginning with a reference to Paul Madsen:<\/p>\n<p style=\"margin-left: 30px\">Paul Madsen <a href=\"http:\/\/connectid.blogspot.com\/2007\/06\/colluding-with-yourself.html\"><font color=\"#0069c3\">comments<\/font><\/a> on Kim Cameron&#39;s <a href=\"\/?p=804\"><font color=\"#0069c3\">first post<\/font><\/a> in a series he&#39;s about to do on privacy and collusion in on-line identity-based transactions. He notes:<\/p>\n<p style=\"margin-left: 60px\">&#8220;<span style=\"font-style: italic\">A meaningful distinction for RP\/RP collusion that Kim omits (at least in the diagram and in his discussion of X.509) is &#8216;temporal self-correlation&#8217;, i.e. that in which the same RP is able to correlate the same user&#39;s visits occurring over time.<\/span>&#8220;<\/p>\n<p style=\"margin-left: 30px\">and concludes:<\/p>\n<p style=\"margin-left: 60px\">&#8220;<span style=\"font-style: italic\">Not to say that designing identity systems to inhibit correlation isn&#39;t important &amp; valuable for privacy, just that there is little point in deploying such a system without addressing the other vulnerabilities (like a masked bank robber writing his &#8216;hand over the money&#8217; note on a monogrammed pad).<\/span>&#8220;<\/p>\n<p>Paul makes some good points.&nbsp;&nbsp;Rereading my post I&nbsp;tweaked&nbsp;it slightly to&nbsp;make it somewhat clearer that correlating the same user&#39;s visits occuring over time is one possible aspect of linking.&nbsp;<\/p>\n<p>But&nbsp;I have to admit that I have not personally been that interested in the use case of presenting &#8220;managed assertions&#8221; to amnesiac web sites.&nbsp; In other words, I&nbsp;think the cases where you would want a managed identity provider for completely&nbsp;amnesiac interactions are fairly few and far between.&nbsp; (If someone wants to turn me around me in this regard I&#39;m wide open.)&nbsp; To me the interesting use cases have been&nbsp;those of pseudonymous identity &#8211;&nbsp;sites that&nbsp;respond to you over time, but are&nbsp;not linked to a natural person.&nbsp; This isn&#39;t to say that whatever architecture we come out with can simply ignore&nbsp;use cases people think are important.<\/p>\n<p>Dave continues:<\/p>\n<p style=\"margin-left: 30px\">I&#39;d like to add that Kim&#39;s posting seems to fall into what I call on-line fallacy #1 &#8211; the on-line experience must be better in some way than the &#8220;real world&#8221; experience, as defined by some non-consumer &#8220;expert&#8221;. This first surfaced for me in discussions about electronic voting (see <a href=\"http:\/\/www.networkworld.com\/columnists\/2004\/0223kearns.html\" class=\"broken_link\"><font color=\"#0069c3\">Rock the Net Vote<\/font><\/a>), where I concluded &#8220;The bottom line is that computerized voting machines &#8211; even those running Microsoft operating systems [<em>Dave, mais vous <span>\u00c3\u00aa<\/span>tes trop m<span>\u00c3\u00a9<\/span>chant! &#8211; Kim<\/em>]- are more secure and more reliable than any other &#8216;secret ballot&#8217; vote tabulation method we&#39;ve used in the past.&#8221;<\/p>\n<p style=\"margin-left: 30px\">When I re-visit a store, I expect to be recognized. I hope that the clerk will remember me and my preferences (and not have to ask &#8220;plastic or paper?&#8221; every single blasted time!). Customers like to be recognized when they return to the store. We appreciate it when we go to the saloon where &#8220;everybody knows your name&#8221; and the bartender presents you with a glass of &#8220;the usual&#8221; without you having to ask. And there is nothing wrong with that! It&#39;s what most people want. Fallacy #2 is that most Jeremiahs (those weeping, wailing, and tooth-gnashing doomsayers who wish to stop technology in it&#39;s tracks) think that what <span style=\"font-weight: bold\">they<\/span> want is what everyone <span style=\"font-weight: bold\">should<\/span> want, and <span style=\"font-weight: bold\">would<\/span> want if the hoi-polloi were only educated enough. (and people think I&#39;m elitist! \ud83d\ude42<\/p>\n<p style=\"margin-left: 30px\">I do wish that all those &#8220;anonymity advocates&#8221; would start trying to anonymize themselves in the physical world, too. So here&#39;s a test &#8211; next time you need to visit your bank, wear a mask. Be anonymous. But tell your lawyer to stand by the phone&#8230;<\/p>\n<p>Dave, I think you are&nbsp;really bringing up an&nbsp;important issue here.&nbsp; But beyond the following brief comment,&nbsp;I&nbsp;would like&nbsp;to refrain from the discussion until I finish the technical exploration.&nbsp; I&nbsp;ask you to go with me on the idea that&nbsp;there are cases where you want to be treated like you are in your local pub, and there are cases where you don&#39;t.&nbsp; The whole world is not a pub &#8211; as much as that might have some advantages, like beer.<\/p>\n<p>In the physical world we do leave impressions of the kind you describe.&nbsp; <em>But&nbsp;in the digital world they can&nbsp;all be assembled and integrated automatically and communicated intercontinentally to forces unknown to you in a way&nbsp;that is just impossible in the physical&nbsp;world.&nbsp; There is absolutely no precedent for digital physics.<\/em>&nbsp; We need to temper your proposed fallacies with this reality.<\/p>\n<p>I&#39;m trying to do a dispassionate examination of how the different identity technologies relate to linking, without making value judgements about use cases.<\/p>\n<p>That done, let&#39;s see if we can agree on some of the digital physics versus physical reality issues.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dave rejects the idea that the on-line experience must be better in some way than the &#8220;real world&#8221; experience.  But is he dealing with the realities of digital physics?<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6,17,47,11],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/806"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=806"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/806\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}