Hi everyone - Just two quick comments on the "how much data should be disclosed" theme…
1 - I think the fact that this is being discussed in detail is very healthy; the fact that there's no easy answer shouldn't deter us from exploring all the nuances and contradictions. 2 - In case it's useful… I can think of at least three instances where I can communicate successfully with a website, without that website knowing my IP address: A trivial case: when I'm behind a network component that performs Network Address Translation A more general case: When I'm using TOR (The Onion Router) and my traffic passes through one or more intermediary nodes A more specific case: when I use privacy-enhanced search tools like IXQuick or DuckDuckGo Yrs., Robin Robin Wilton Technical Outreach Director - Identity and Privacy Internet Society email: [email protected] Phone: +44 705 005 2931 Twitter: @futureidentity On 3 Sep 2012, at 11:33, S Moonesamy wrote: > > >> * Section 5: The right amount of information >> >> I believe what this section should say is that there are situations where >> one would like to provided information to the recipient so that a response >> can be provided and in other cases that's not desired. For example, in >> today's telephone system you can hide your phone number. Similarly, in SIP >> there are ways to prevent all information to reach the recipient. > > I will see how to fit in the following sentence in Section 5: > > There are situations where one would like to provided information to the > recipient so that a response can be provided and in other cases that's > not desired." > > I read about several identifiers, including the phone number for SIP, when I > wrote the draft. I decided to avoid SIP as I could not find a definition > similar to "where" or "to whom" which the average person might grasp easily. > I'll comment on the telephone system as an example. Let's say that you call > me and you hide your phone number. We can still have a conversation; a > response can be provided. Now, why can't I hide my IP address when I go to a > web site? We both know the argument. That gets you to: why does the > Internet work like that? > >> So, the question isn't really about all or nothing but it is about the >> ability for the user to decide about the context when they want to reveal >> information and when they don't. > > That's another way to look at it. Let me put it differently. We don't ask > for consent to reveal the IP address. That's the all-or-nothing proposition > for communication over the Internet. We could argue about having a "trusted" > middle so that the user does not have to reveal the IP address. We end up > putting into question an architectural choice on which the Internet is based. > I used the following as the argument: > > "There is an implicit assumption that the underlying protocols are > transmitting the right amount of information needed for the > protocols to work." > > The "amount of information needed for the protocol to work" is debatable. It > comes down to a technical choice where we may decide that it is necessary to > transmit the IP address at a different layer to address a performance issue. > The question I might ask the user is: > > Do you want to share your IP address to make your communication faster? > > The usual answer would be yes. I'll reword your comment as follows: > > it is about the ability for the user to decide about the context when > they want to reveal information and when they don't, in all fairness. > > There are too many tangents to that. There is also the question of whether > the average person can take an informed decision.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
