On Wed, 2009-06-10 at 13:49 -0400, Matt Lee wrote: > Nicolás Reynolds wrote: > > > instead of refusing to scrobble every leaked album, nixtape should not show > > them on public available pages, i mean, mark the scrobbles as private until > > the official release. this will protect users from being monitored by said > > anti-share groups. > > It doesn't protect the database from being subpoenaed.
I think that it isn't libre.fm's responsibility to enforce user security. Only the user can make themselves secure or anonymous; attempting to transparently do so will inevitably fail because anonymity and security require work. In that light I propose that libre.fm listen on the public internet and also through a Tor hidden service (or, to reduce latencies, run a Tor server with a restrictive exit policy that will allow for torified requests to libre.fm to exit the Tor network on libre.fm's node). In this case, the onus is on the user for keeping the datastream clean of identifying information (this is a hard thing to do, especially given the concept of "friends" and the fact that libre.fm by nature reduces the anonymity set over time), but assuming they do so, there is nothing that libre.fm can do to produce their identity. All their scrobbles will originate at localhost as far as libre.fm is concerned, and so that, along with whatever other user data they give, is all that could be handed over in the event of a subpoena. This has the added effect of making it easy to tell whether or not a user is taking advantage of anonymity software, and so segmenting the userbase into those that noticeably care about their privacy and those that care less. This means that the defaults for accounts created on this interface can be much more locked-down that the defaults for accounts created on the www interface. Also, it would mean that libre.fm would be the first social networking site with a strong commitment to user privacy through anonymity software. This has been a long-running thread and I've never read over it in its entirety, so I'm not sure how much of this has been proposed before. In my mind it is the strongest solution, as it guides users who want privacy towards a time-tested and secure anonymity network.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Libre-fm mailing list [email protected] http://lists.autonomo.us/mailman/listinfo/libre-fm
