Posts Tagged ‘Access control’

Platform vs Relationships

February 15th, 2011
Comments Off

A little while ago, Scott Adams wrote his thoughts about FutureMe and how it might  become a Facebook killer. Adams pointed out that information about our past–what we’ve already done–is useful, but less so than what we’re looking to do in the future. He suggests a new fourth party (user-driven) service:

The interface for Futureme is essentially a calendar, much like Outlook. But it would include extra layers for hopes and goals that don’t have specific dates attached.

For every entry to your Futureme calendar, you specify who can see it, including advertisers. If you allow advertisers a glimpse of a specific plan, it would be strictly anonymous. Advertisers could then feed you ads specific to your plan, while not knowing who they sent it to. The Futureme service would be the intermediary.

Now imagine that you never have to see any of the incoming ads except by choice. If you plan to buy a truck in a month, you would need to click on that entry to see which local truck advertisements have been matched to your plans. This model turns advertising from a nuisance into a tool. You‘d never see an ad on Futureme that wasn’t relevant to your specific plans.

The biggest benefit of the system could come from your network of friends and business associates. Suppose you post on the system that you would like to see a Bon Jovi concert sometime in the next year. Now your friends – the ones you specify to see this specific plan – can decide if they want in on it.  Maybe someone you know can get free tickets, and someone has a van and is willing to be the designated driver.  Maybe someone has a contact that can get you backstage passes. By broadcasting your plan, you make it possible for others to improve your plan.

Conversely, if you plan to do something stupid, your contacts have time to talk you out of it or suggest a superior alternative.

The great thing about Adams’ plan is that it shows how our data and online presence can be user-driven–meaning we make choices about who gets to see what. Moreover, by identifying Futureme as an intermediary on the user side, Adams has described a fourth-party service. (I’m guessing that Adams is intending this to be on the user side, or it can’t really live up to the promise of being a “Facebook killer.” I don’t know of any way at this time to be a perfectly neutral intermediary, so he likely has to fall on one side or the other.)

Coaching moment: I’d like to point out a significant distinction here between platforms and relationships. Adams is apparently describing a platform for social interaction and commercial services. This is also the Facebook model. On Facebook, someone else (the shareholders of Facebook) owns your user data and service usage logs. Facebook is in control. As we’ve seen before, it’s one thing to set your privacy wishes, but if Facebook is calling the shots, the rules can be changed anytime. Moreover, you’re always under surveillance whether you knowingly agree to that or not.

Now consider the idea of personal data stores where you control your data in any way you wish, using software tools that you choose, on hardware that you own (or not), at any time or under circumstances that you want. Nobody gets access that you don’t authorize. Wouldn’t that be something?

friends/family, future, history, records, tools , , , , , , , , , , , , , , ,

On Data and Disclosure

December 15th, 2009
Comments Off

I like to think about ways to customize my world, and the digital world writ large, in ways that support and help us explore our unique selves. It is in our very diversity that individual strengths can play out to become our personal best, to help each other grow, and create fertile new worlds.

However, under the guise of “increased security,” we are increasingly surrounded by tools and technologies that minimize and standardize us, including video surveillance and data storage and analysis. About that last link to Google, CEO Eric Schmidt recently said “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.

This indiscriminate personal data hoarding is both an individual and a societal problem. Schmidt’s argument that we shouldn’t have anything to hide is specious (not to mention a double standard: it doesn’t apply to Schmidt). In a 2007 paper called ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy, George Washington University Law School’s Daniel J. Solove convincingly critiques that argument. Indeed we have many things to hide, like our passwords and credit card numbers, certain personal habits and preferences, things that contribute to human dignity and respect. As noted security expert Bruce Schneier writes in his essay The Eternal Value of Privacy, “Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control.”

Ironically, Gary Wolf and Kevin Kelly host a blog called The Quantified Self where they report about people exploring ways to keep track of themselves. It’s a significant difference between curiosity, personal need, and voluntary disclosure that’s driving data sets, and corporate ventures like Facebook (nod to jerking you around again with recent privacy policy changes), Google (Schneier’s response to Schmidt’s quote above), and damned near every corporate site you make an account with and that tracks your every move these days.

I’m looking for examples of sites that encourage liberty and demonstrate some respect for its users/clients. I will be reporting on what I find. If you have suggestions, I welcome them.

Coaching moment: Here’s a little thought exercise. Think about a typical day in your life.

What kind of things do you do in private? These might be taking a shower, brushing your teeth, thinking about the day. Some things might be really private as in just you by yourself, and other things may be private in some context, like thinking about your day out loud with your spouse or partner. Once you get a good list, which of those things would make you uncomfortable if they were made public in some way?

Now think of the kind of things you do in public, like driving to work or the store, walking around, having a conversation over lunch. Think about stories that might be told about you from the perspective of not knowing what you were really doing. You might take clues from signs that you walk by, or maybe other people (posture, groupings, facial expressions). Can you think of any stories that are not only wrong but might hurt you?

Finally, think about your online tools. Have you actually looked at the Terms of Service or Privacy Policies that you’re agreeing to? If you knew they were disrespectful to you or even abusive of your personal self and liberty, would you stop using them? Since the answer is “probably not,” what would you suggest these companies change?

friends/family, future, history, records, tools , , , , , , , , , , , , , , , , ,

The Five A’s of Security

September 7th, 2009
Comments Off

Personal and online security is a desirable state and a complex idea. This guide offers a general overview of the main idea that, when used together, help us establish a level of security that makes us comfortable using our computer in an online world.

A is for Awareness


The first subject in talking about security is awareness. We need to be aware, for example, that we are not always safe in the world (online and offline). When we are online, most people are aware that there are certain dangers such as viruses, phishing, and spam that threaten our safety (personal, financial, or data). Once we know that problems exist, we are more likely to learn about and take steps to avoid danger and keep ourselves safe and secure.

A is for Authentication


Authentication is the process of verifying that you are the real you. Your friend may authenticate you to other friends by saying something like “this is my friend Chris” (or whatever your name is). You may prove that you’re who you are to a business entity by answering questions that only you would know the answer to. You are usually being authentic when you speak honestly, from your perspective, to someone you love.

A is for Authorization


When you are authorized, you have access to a computer system. Verifying users of your computer, or your work’s computer, or any storage systems or online accounts, can help you track the activity in files and resources. An unauthorized user can be prevented from gaining access to your information. Authorization is the process of assigning permission to use certain files and resources.

A is for Access Control

Access Control

Setting permissions on files, directories, accounts, or computers can establish limits to these resources. You may wish to be the only person that read and update your personal finances, for example. This is referred to as individual read-write access (only the owner of the file can read or update). At work, your group may have access to read and maybe edit a collaborative document. Most of the web pages offer global read-only access. Individual, group, or global access can be set to allow reading, editing, and/or other permissions.

A is for Auditing


As individual computer users, we don’t often think about the clues that we can use to track where we’ve been and what we’ve been doing. However, whenever we visit a web site, the site’s server automatically keeps a record of things like our domain name or IP #, the time and date of our request, the page or file requested, a code indicating success or error, the number of bytes transferred, and more. As the visitor, we don’t have such tracking tools (and in many cases, don’t need them). However, as our habits and travels on the Internet are increasingly scrutinized by the sites we visit, we have a stronger case for understanding what is being compiled about us.

Coaching moment: In reality, these five A’s are somewhat intertwined. For example, it doesn’t make sense to have Authentication without Authorization. Access control doesn’t happen without Authentication and Authorization, and none of these make sense without Awareness.

What does this have to do with digital identity? These are the pieces that make up our digital records, including who we are and what we’re allowed to do. Sometimes we have control over these decisions, and sometimes control is in the hands of others. It depends on the context of where we are and what we need.

history, records, tools , , , , , , , , , , , , ,