[LINK] Keeping our web browsing safe from News International

Tom Worthington tom.worthington at tomw.net.au
Mon Jul 18 10:33:10 AEST 2011 

On 17/07/11 16:54, Roger Clarke wrote (was: "[LINK] RFC: Negative 
Assessment of Mozilla BrowserID"):
> ... comments are urgently sought on ... Reactions to Mozilla's
> BrowserID Proposal  http://www.rogerclarke.com/II/BrowserID-1107.html

Okay, some quick comments below. I suggest you could make it a little 
more topical by connecting it to the News of the World phone hacking 
scandal:

"Title: Keeping our web browsing safe from News International

The UK government is investigating claims of phone hacking by staff of 
the News of the World with the assistance of corrupt police officers. 
But this may be just the tip of the iceberg. Browsing the web leaves a 
trail of information. Are these Internet records safe from media 
intrusion, with, or without, the assistance of corrupt government 
officials? Has this information been used to invade the privacy of 
ordinary citizens and breech the security of governments? What steps are 
needed to prevent it? Will new web browser features, such as Mozilla 
BrowserID, make us less, rather than more, secure?"

> 1. Introduction
>
> In July 2011, Mozilla announced an identity authentication mechanism
> based on email-addresses and digital signatures. Its intention is to
> embed the facility in Mozilla browser-functionality, and to provide
> an at least interim identity-server in the meantime. ...

But what is the BrowserID actually for? What is Mozilla trying to 
accomplish? Is your concern that it will not do what it is intended to 
do, or that what it is intending to do is not a good idea, or that it 
has bad side-effects?

> On reading the ArsTechnica article (15 July 2011) that publicised the
> announcement, I felt a number of concerns about the initiative, and
> expressed them to Lauren Weinstein, and the comments were published
> on his Privacy Forum. ...

Who is "Lauren Weinstein"? This might make an interesting footnote, but 
doesn't explain what the problem is.

> This document expands on my original expression of concern. It is
> based on a critical reading of 'How BrowserID Works', of c. 3 July
> 2011, mirrored here. ...

You still haven't told us what the problem is.

> It is important for many personal, social, economic and political
> reasons to sustain separation of a person's multiple identities in an
> electronic world. ...

So is the problem that the BrowserID doesn't allow multiple 
personalities? Would allowing them fix the problem? If so, then perhaps 
you should suggest it.

> ... wide variety of assaults are being conducted
> on individual freedoms, by governments and business alike, and a
> considerable amount of invasive technology is being developed in
> support of those assaults. ...

You are more likely to have your article read if you leave this out. 
Just tell us what the problem is in this case, rather than make an 
X-files conspiracy out of it.

> It is vital for a number of personal, social, economic and political
> reasons to sustain anonymous communications and anonymous access to
> information in an electronic world. ...

Most governments and organizations would argue that anonymous 
communication is a threat to 
civilization/democracy/capitalism/communism/baathism/newslimitedism 
(except where they are trying to undermine someone else's regime).

By including this strong assertion for anonymity you are likely to have 
your paper dismissed as the rantings of an extreme libertarian opposed 
to 
civilization/democracy/capitalism/communism/baathism/news-limited-ism. 
Better to just address the issue of BrowserID.

ps: How much bigger would the News-of-the-World scandal be if the 
journalists hacked into on-line accounts, not just phone messages? How 
can it be that with the resources available to a publication like 
News-of-the-World they did not hack into on-line accounts?


-- 
Tom Worthington FACS CP HLM, TomW Communications Pty Ltd. t: 0419496150
PO Box 13, Belconnen ACT 2617, Australia  http://www.tomw.net.au
Adjunct Senior Lecturer, School of Computer Science, The
Australian National University http://cs.anu.edu.au/courses/COMP7310/
Visiting Scientist, CSIRO ICT Centre: http://bit.ly/csiro_ict_canberra

More information about the Link mailing list