• View
• Edit
• History
• Print

PrivacySettings

Goal

Being explicit about what is private, what is not, how it is done and why.

Means

OS users and groups management, Wiki users and groups management, jails, closures, virtual machines, darknets, IPs, VPN, SSH tunnel, cryptography (from transmission to file to entire harddrive an memory), passwords, keys

Synthetizing visual model

older simplified version Russian dolls models (source)

1. the smaller one, the core, being the most private
   1. finance, health, notes on my social network
2. the middle ones being limited sharing
   1. licensed content, personal logs of conversation
3. the outer one being public sharing
   1. book notes, cookbooks, languages, tools, ...

half of the schema/model is lacking, it will put on the right with lines the technical and behavior solutions associated to each strata

Inspired by

Ghost in the Shell: Gouda Cyberbrain Hack

Coding part

1. how you migrate a piece of information from a doll to another safely and rationally (thus documented for next time)
   1. configuration
   2. transition from one realm to another automatically and documented
      1. the process shouldn't be symmetric
         1. easy to go from public to private
         2. hard to go from private to public
   3. use tag and category to find which pages have not been handled yet

This page is now in your harddrive in your browser history, if somebody were to hack your laptop, he or she would have access to the content without you even knowing it Thus it must be taken into account prior to the action of sharing because after, it's too late.

See also

• Engineering Private Spaces Online by Betsy Masiello, 2010 Google Faculty Summit

Test

1. ask a friend to reach the core
2. make a fake version
   1. ask a friend to set up passwords and such
      1. reach the core yourself

To do

1. share it on ##PIM, with Gwenael, phan_tom_99 and to ThePhysicist
2. embed security good practices
   1. list the tools and their versions for each technical mean
      1. automatically get notification on exploits found
   2. periodically password changes
   3. physical access
3. include information currently outside of my PIM
   1. emails, paper, ...
   2. backups
   3. information in PIMs of friends
   4. indexed content (in particular search engines through their crawlers)
4. integrate lessons learned from Botnets
5. consider not just information sharing but also transmission of information
   1. including keys, backups with configuration files, ...
      1. see also http://fabien.benetou.fr/Bypassing/Monitoring

• "I've Got Nothing to Hide" and Other Misunderstandings of Privacy by Daniel J. Solove, San Diego Law Review 2007
  • Daniel Solove at George Washington University Law School

1. consider the legal applications of licensing on personal content
   1. cf discussion on ##pim and ##law
2. take social engineering into account
   1. in particular regarding remote system you are not directly managing
      1. cf identity theft
3. check after-life continuity
   1. La Vie d'Après Patrimoine numérique, messages après son décès.d
4. Privacy Icons - Making your online privacy rights understandable, Mozilla Drumbeat
5. Electronic Privacy Information Center (EPIC)