Re: [DotGNU]Re: [Arch]Re: [Auth]a list of what we need the personal Data system to do.

[Jeremy Petzold]

sorry, use of the wrong word made me look bad. I intended to say somthing more 
along the lines of what you just layed out with the multiple providers, though 
what I wrote was more of a ill thought out idea.

-Jeremy


On Sun, 15 July 2001, John wrote:

> 
> > I realy don't think that we should make the decision for the people
> > about who holds their information. if they want a third party to do it
> > then they should have the right and the ability to do so. 
> 
> Exactly true, but by saying "a provider", you've grammatically excluded
> the possibility that the customer might choose to have the ISP hold only
> *certain* information, while consigning *other* information to another
> provider to hold, and saving yet *other more private* information on
> their own PC for self release. As described this would mean that the
> customer would have have "multiple simultaneous providers" and that
> DotGNU would need to support transactions using information from
> "multiple, distributed providers where the customer has pre-stored
> information on that provider's service".
> 
> Most providers will want to hold all the information about a customer
> (ala Microsoft). Most people will even go along with this hoarding, but
> we all know the risks to freedom when too much information is
> concentrated in one place? Thus I say more as a matter of course: *** No
> entity should hold more information about another entity in excess of
> what they currently hold.***.
> 
> What they currently hold is defined by applicable laws, court cases, and
> individuals decisions! The first two guarantee freedom for the third,
> but if we design a system that allows for only two providers: the person
> and a DataBank, we are abrogating the intent of the first two, to the
> detriment of the individual!
> 
> Note: the "should" in my emphasized statement does not imply "must". The
> customer is always right. If they wish to give away their freedom,
> certainly we should make this option possible. However, the reverse is
> also true. The customer  should be given the option to use multiple
> providers to distribute their information holdings and yet percieve that
> they are operating through only only one service DotGNU.
> 
> I, for one, would certainly exercise a multiple, simultaneous provider
> option - my privacy is worth it. I'm certain there are other privacy
> lemmings like me who will say, "I'm not stupid; I'm not expendable and
> I'm not jumping off that cliff!"
> 
> > this may have
> > a positive effect as it will creat compotition for  "information Banks"
> > I can see subscription services that your information will not be sold,
> > and I see free services that will sell your information. ISPs would also
> > beable to use this as a meathod  of getting customers by saying
> > Information hosting is free with a subscrition to their service and they
> > will not sell your data.
> 
> True, but no customer should be locked into the single provider model.
> Many may *choose* to, but let's not make that their only option. A
> multiple simultaneous provider model doesn't preclude what you are
> advocating. 1 is after all a multiple of 1.
> 
> Consider that having a multiple simultaneous provider model (MSPM) will
> allow further competition by allowing an ISP to outsource certain
> portions of their data storage, while allowing user transparency.
> Further, allowing such non-centralised MSP has at least four additional
> freedom yielding effects:
> 
> 1) More secure even than a distributed model. If an ISP offers DotGNU
> servers to its clients, and those servers contain all client
> information, then that server becomes an obvious target for crackers of
> that ISP. If MSP are permitted under DotGNU, then the cracker has to
> guess which server at which provider contains the relevant information. 
> 
> 2) MSP allow for external mirroring, at the clients option outside of
> the control of the ISP, making complete DoS attacks less likely.
> 
> 3) Less lock-in, a client can switch their ISP service without having to
> rebuild his personal information database. He merely selects an
> alternate provider, does a DotGNU transfer and he is now free to dump
> his provider. Of course this imples that there must be a mechanism to
> transfer data from one provider to another.
> 
> 4) In MSP exclusion of mining does not depend upon a promise from the
> provider. Unless the customer explicitely grants access to the miner to
> all the customer's providers, no single provider can mine all the data.
> 
> Of course such distributed multiple providers will be an additional cost
> to the consumer, but if we don't design in the MSP feature, we're
> *inviting* ISP or other "Data Bank" to mine customer data. We're
> offering the customer no *option* of protection from data mining beyond
> a privacy statement from the DataBank. 
> 
> > I don't know, I Just think the option should be there for the Customer
> > to make, since we are talking about freedom hear, people need to be free
> > to make their own choices.
> 
> Exactly. You say "a provider" and you're taking away choice. You say
> "multiple, simultaneous providers" and you're giving choice back. Now,
> that is freedom.
> 
> John Le'Brecage
> _______________________________________________
> Developers mailing list
> address@hidden
> http://dotgnu.org/mailman/listinfo/developers

Regards,

Jeremy
Find the best deals on the web at AltaVista Shopping!
http://www.shopping.altavista.com