Re: [saag] Liking Linkability

Henry Story <henry.story@bblfish.net> Thu, 18 October 2012 19:20 UTC

Return-Path: <henry.story@bblfish.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C05D721F86F3 for <saag@ietfa.amsl.com>; Thu, 18 Oct 2012 12:20:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pkFcpZIKgXqS for <saag@ietfa.amsl.com>; Thu, 18 Oct 2012 12:20:17 -0700 (PDT)
Received: from mail-ea0-f172.google.com (mail-ea0-f172.google.com [209.85.215.172]) by ietfa.amsl.com (Postfix) with ESMTP id B6E9921F845D for <saag@ietf.org>; Thu, 18 Oct 2012 12:20:16 -0700 (PDT)
Received: by mail-ea0-f172.google.com with SMTP id k13so2495177eaa.31 for <saag@ietf.org>; Thu, 18 Oct 2012 12:20:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=ysAXMD9Kx2SEboz/i0LLBpHctinCg6eh6RWtVHQkW9M=; b=ZJSzhqcp/d9ijo/nfv9VuChceAS1yCiGwjkvyb5i3EBV2kcZV0Q39HoOwi/jMhlm+W kN1ePLQwmDcN/ARExJBDqJEnCrSmVnALwhW9dKMlJXS7Lso5xu9ZqI1YtzIRXYw8jtWV 7+DuAVtUBjU/rVFmNwLfKsUIn+Gz0tMQukA4MpjqO1nKgss0dFJpycFUXhsDwbBrG7Hr EobRhvdzullIn4BxGcImrGvFYQFsX/Q5KHBemIbBSRhXeEz32j8lbnPfaNVEu6z0gGSQ ZiPQpe/KzH+NMKTDHe4namOGLkuAFuW4Janx4vcMFKPpZwaqQTj3nrTc5avfS4i0zHzF yyWg==
Received: by 10.14.194.72 with SMTP id l48mr33565558een.9.1350588015795; Thu, 18 Oct 2012 12:20:15 -0700 (PDT)
Received: from bblfish.home (AAubervilliers-651-1-132-122.w86-198.abo.wanadoo.fr. [86.198.99.122]) by mx.google.com with ESMTPS id c6sm41447273eep.17.2012.10.18.12.20.11 (version=SSLv3 cipher=OTHER); Thu, 18 Oct 2012 12:20:13 -0700 (PDT)
Content-Type: multipart/signed; boundary="Apple-Mail=_6C2CB0E3-8C40-4BA7-9F6B-636E922ECD20"; protocol="application/pkcs7-signature"; micalg=sha1
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Henry Story <henry.story@bblfish.net>
In-Reply-To: <201210181904.PAA07773@Sparkle.Rodents-Montreal.ORG>
Date: Thu, 18 Oct 2012 21:20:09 +0200
Message-Id: <FB9E461D-CA62-4806-9599-054DF24C3FD9@bblfish.net>
References: <CCA5E789.2083A%Josh.Howlett@ja.net> <tslzk3jsjv8.fsf@mit.edu> <201210181904.PAA07773@Sparkle.Rodents-Montreal.ORG>
To: Mouse <mouse@Rodents-Montreal.ORG>
X-Mailer: Apple Mail (2.1499)
X-Gm-Message-State: ALoCoQkR9nZJTcMLEv559L33WJz0OdLpyNXw1KB/e+YdseHM7CVWN7+KGeobyHwjFwLb9PaULA3Z
Cc: "public-philoweb@w3.org" <public-philoweb@w3.org>, "public-identity@w3.org" <public-identity@w3.org>, "saag@ietf.org" <saag@ietf.org>, "public-privacy@w3.org" <public-privacy@w3.org>, Sam Hartman <hartmans-ietf@mit.edu>, "public-webid@w3.org" <public-webid@w3.org>
Subject: Re: [saag] Liking Linkability
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Oct 2012 19:20:19 -0000

On 18 Oct 2012, at 21:04, Mouse <mouse@Rodents-Montreal.ORG> wrote:

>> [...]
>> Unfortunately, I think that's too high of a price to pay for
>> unlinkability.
>> So I've come to the conclusion that anonymity will depend on
>> protocols like TOR specifically designed for it.
> 
> Is it my imagination, or is this stuff confusing anonymity with
> pseudonymity?  I feel reasonably sure I've missed some of the thread,
> but what I have seem does seem to be confusing the two.
> 
> This whole thing about linking, for example, seems to be based on
> linking identities of some sort, implying that the systems in question
> *have* identities, in which case they are (at best) pseudonymous, not
> anonymous.

With WebID ( http://webid.info/ ) you have a pseudonymous global identifier,
that is tied to a document on the Web that need only reveal your public key. 
That WebID can then link to further information that is access controlled,
so that only your friends would be able to see it.

The first diagram in the spec shows this well 

  http://webid.info/spec/#publishing-the-webid-profile-document

If you put WebID behind TOR and only have .onion WebIDs - something that
should be possible to do - then nobody would know WHERE the box hosting your 
profile is, so they would not be able to just find your home location 
from your ip-address. But you would still be able to link up in an access 
controlled manner to your friends ( who may or may not be serving their pages
behind Tor ).

You would then be unlinkable in the sense of 
http://tools.ietf.org/html/draft-iab-privacy-considerations-03

[[
      Within a particular set of information, the
      inability of an observer or attacker to distinguish whether two
      items of interest are related or not (with a high enough degree of
      probability to be useful to the observer or attacker).
]]

from any person that was not able to access the resources. But you would
be linkable by your friends. I think you want both. Linkability by those 
authorized, unlinkability for those unauthorized. Hence linkability is not
just a negative.

Henry


> 
> /~\ The ASCII				  Mouse
> \ / Ribbon Campaign
> X  Against HTML		mouse@rodents-montreal.org
> / \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag

Social Web Architect
http://bblfish.net/