Re: [apps-discuss] Webfinger discussion

[John C Klensin <john-ietf@jck.com>]

--On Tuesday, March 27, 2012 15:32 -0400 'Andrew Sullivan'
<ajs@anvilwalrusden.com> wrote:

> On Tue, Mar 27, 2012 at 12:15:21PM -0400, Paul E. Jones wrote:
>> We'll add text along those lines to the next draft.  Any
>> other security considerations we should note?
> 
> I wish I had something more intelligent to say than, "Is
> anyone [else] worried about the aggregation of this
> information amd what it does to the security profile of the
> aggregated things?"  Note this isn't exactly the privacy
> issue, though there's that. 

Short answer: yes.

Slightly longer answer: While most of today's privacy
discussions correctly focus on such questions as "why do you
need to know that", "why should I tell you", and "if I do tell
you, what control do I have over your telling others", many of
the really hard questions lie in the observation that the more
dimensions of information I know about you (or about your
membership in various groups and categories) the more I identify
you and predict your behavior in statistically-interesting ways.
Now combining information associated with me@service1,
me@service2, and me@service3 doesn't inherently create any extra
risk unless you have (deliberately or accidentally) associated
different information with those identities s.t. the information
content in their union is significantly larger than the
information content in their intersection.   If that
relationship holds, you are exposed to a new family of
unintended disclosures, some of it based on statistical models
of the behavior of populations that share a large enough number
of attribute categories with you.

I have no idea how we go about sorting it out, but I agree that
we need to be clear about the possibility and risks.

   john