Re: [saag] Liking Linkability

Sam Hartman <hartmans-ietf@mit.edu> Sun, 21 October 2012 17:55 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E96D21F88BE for <saag@ietfa.amsl.com>; Sun, 21 Oct 2012 10:55:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.994
X-Spam-Level:
X-Spam-Status: No, score=-99.994 tagged_above=-999 required=5 tests=[AWL=2.605, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zpt-gREYZf46 for <saag@ietfa.amsl.com>; Sun, 21 Oct 2012 10:55:29 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id 5673B21F889B for <saag@ietf.org>; Sun, 21 Oct 2012 10:55:29 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (c-98-217-126-210.hsd1.ma.comcast.net [98.217.126.210]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS id B3A7A20115; Sun, 21 Oct 2012 13:55:08 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 8A5414AD5; Sun, 21 Oct 2012 13:55:25 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Kingsley Idehen <kidehen@openlinksw.com>
References: <CCA5E789.2083A%Josh.Howlett@ja.net> <tslzk3jsjv8.fsf@mit.edu> <201210181904.PAA07773@Sparkle.Rodents-Montreal.ORG> <FB9E461D-CA62-4806-9599-054DF24C3FD9@bblfish.net> <CAG5KPzxGz+4MywjP4knfbDr2gyvqUZc1HEBXgtaDfYT+DPg5yg@mail.gmail.com> <5084238D.9040106@openlinksw.com> <CAG5KPzweMZzS=8tWbExm_xc1Yfi8Zi=2P8gkYnUf0WDKvJEj_Q@mail.gmail.com> <50842A1D.8090104@openlinksw.com>
Date: Sun, 21 Oct 2012 13:55:25 -0400
In-Reply-To: <50842A1D.8090104@openlinksw.com> (Kingsley Idehen's message of "Sun, 21 Oct 2012 13:00:13 -0400")
Message-ID: <tslobjv90c2.fsf@mit.edu>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailman-Approved-At: Mon, 22 Oct 2012 08:25:26 -0700
Cc: "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Oct 2012 17:55:35 -0000

I think if I hear the phrase  context fluidity or nebulous enttity one
more time I'm going to give up in disgust.
Those phrases don't have enough meaning to have any place in a security
argument.

You seem to believe that it is necessary to prove an event is related to
a person in order to have a privacy problem.
If  there  are 20 seditious (in the context of some government)
messages posted and  the government is able to link those events down to
3 machines and conclude that only 10 people had access to those machines
at the same time, you have a privacy problem.
If the government decides that executing 10 people  is an acceptable
cost those 10 people are just as dead even if 9  of them had nothing to
do with it.

Sitting there going "you never proved it was me, only my machine," isn't
going to help you as the fluids of your context are leaking out of an
ever more nebulous entity.
The fact is that by linking events, people can gain information about
real-world entities that might have had something to do with an event.
To the extent they gain that information, there is a loss of privacy.

Not all losses of privacy are bad.
Not all linkability is bad.
I give up privacy and create linkability every time I log into a site,
so that I can store preferences, manage entries I've posted in the past,
etc.
Of course for the most part I'm not risking my fluid context with what I
do online. I'd probably decide preferences weren't worth it if that was
the potential price.

But seriously, can we either move this discussion off IETF lists or use
enough precision and stop hiding behind vague terminology that we can
have a computer security discussion?

Thanks for your consideration,

--Sam