[LINK] RFC: Negative Assessment of Mozilla BrowserID
Michael Skeggs mike@bystander.net
mskeggs at gmail.com
Wed Jul 20 16:08:34 AEST 2011
I have no connection with Mozilla except as a user, but it sounds like
they are taking criticisms seriously, which is to be applauded.
Regards,
Michael Skeggs
On 20 July 2011 09:55, Roger Clarke <Roger.Clarke at xamax.com.au> wrote:
> I had a call from, and an interesting chat with, Mozilla's Alex
> Fowler (policy) and Ben Adida and Dan Mills (tech leads on the
> privacy team).
>
> They believe they have a better story to tell than I have been able
> to extract from their document.
>
> In particular:
> - signing keys are per-email-address and short-lived (hrs to a day)
> and hence of quite limited use as a means of correlating traffic
> - they have ideas on how to encourage and support the use of
> 'single-site email-addresses'
> - the database-server approach is intended only as a boot-strapping
> mechanism, and the authentication mechanism is intended to be
> implemented in the browser. (To be fair, their page does say this,
> but I wanted to undermine the idea of sustaining the server)
>
> They said they're working on other privacy-protective features for
> the browser family. But they prettymuch accepted my statement that
> they're pushing a big rock up a steep hill, given how inherently
> marketer-friendly and consumer-hostile the current versions of
> Firefox have become.
>
> They say they think they need a more privacy-oriented explanation of
> the initiative. I encouraged separate papers for commercial
> web-sites, for intermediaries and technology providers, and for
> consumers. (Naturally, sceptics in all three camps would want to
> read all three, but this way the pitch to each interest-group would
> be clear).
>
> They intend an open call to privacy advocates for feedback, and I
> stressed the need to get a wide-enough list. Alex mentioned CDT, and
> is ex-EFF. I mentioned EPIC, PI and APF, and specifically referred
> to the valuable feedback I'd had on the PI Advisory Board list.
>
> We'll see.
>
> _______________________________________________________________________
>
>
> Roger wrote on Sun, 17 Jul 2011 16:54:06 +1000
>>Constructively negative comments are urgently sought on the
>>following exposure draft:
>> Reactions to Mozilla's BrowserID Proposal
>> http://www.rogerclarke.com/II/BrowserID-1107.html
>
>
> Roger wrote on Tue, 19 Jul 2011 08:39:30 +1000
>>Mozilla want to have a yarn with me.
>>I've previously said very negative things about Mozilla's recent browsers:
> http://mailman.anu.edu.au/pipermail/link/2010-March/087411.html
> http://mailman.anu.edu.au/pipermail/link/2010-March/087415.html
> http://mailman.anu.edu.au/pipermail/link/2010-November/090443.html
>>
>>But I've never done a solid analysis of their features, in order to
>>be specific about their anti-consumer nature.
>>Can anyone point me to any such analyses?
>>Re HTML 5 specifically, there's the NYT article of Oct 2010:
> http://mailman.anu.edu.au/pipermail/link/2010-October/089788.html
>
>
> --
> Roger Clarke http://www.rogerclarke.com/
>
> Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
> Tel: +61 2 6288 1472, and 6288 6916
> mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
>
> Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
> Visiting Professor in Computer Science Australian National University
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>
More information about the Link
mailing list