Talk:Privacy

Contents 1 Closing the Digital Privacy Gap 1.1 The app worth killing for? 1.2 Reviving the traditional mail software 1.3 Web-based bidirectional privacy

Closing the Digital Privacy Gap

It's not like, we can wait for any state or company to take action for us. It's not like, we could trust anything or anybody that isn't open source on this. It's in our own hands to solve this digital privacy gap issue. These paragraphs are to evaluate some options, obviously seen from a psycer's perspective.

What is it, that the people like me and your mother need? My dad and your half-tech-savvy girlfriends. To protect ourselves. We all need the ultimate, and we all kind of know it, but.. what is it, exactly?

• end-to-end encryption
• applied to electronic mail (or kind of)
• and real-time messaging
• exchange files
• all of this potentially also many-to-many
• maybe even make phone calls (although regular phone is probably still okay privacy-wise)

Web-based email and social networks do not comply - they will never be able to provide us with true privacy, even if they give us https. Our PCs are also a source of danger, always vulnerable to all kinds of malware, but we can leave the creation of safe havens in form of discs or sticks to those who are already at it. What should be on such a medium?

The app worth killing for?

So far we were thinking in terms like this..

• Encryption in an off-the-record way
• File transfer, but not like Skype, more like Allpeers with resume-the-next-day, and whenever a relay server is necessary, be able to use our own or find them in our social network, thus have better service.
• Social networking and messaging, maybe
• Telephony sometimes
• Multicast..

But what about the asynchronous aspect? The longer mails.. the files sent to you in absence.. the fact that OTR only works if both have OTR applications running in real time. OTR on the mobile phone? Sounds logical.

Reviving the traditional mail software

Yes, a messaging client with integrated friendship and trust management is one thing, but to really be useful people need to be able to e-mail. And we don't want to keep them from having proper folder management etc. So should it be traditional e-mail software? Connecting via TLS-tunneled SMTP and POP protocols to something which will then apply trust modeling, routing, SPAM protection, also by not even gatewaying to the traditional SMTP network. A high load PSYC router with .. ahem.. spooling. Not store & forward. Leave the mails on the sender's server side? Or just the attachments - and provide links instead?

The encryption however belongs into both the e-mail and chat client application, unless we put a PSYC router on the PC itself and all SMTP & POP traffic is emulated on localhost. Then the PSYC router can do all the encryption work, and the user is liberated to use any e-mail and chat software he or she is familiar with.

Ahem.. it's probably better to pick NNTP since (1) it has newsgroups to handle folders (2) it doesn't need a separate connection for submitting messages (3) the implementation already does that, pretty much.

Web-based bidirectional privacy

Other strategic approach: The early adopters have a psyced with https installed. We could upload mail and files to it. We need easy & acceptable HTTP authentication for our peers (I mean friends) to be able to access the things. Modern browsers provide tools to simplify these operations in ways that many Internet users are familiar with.

This isn't giving our peers the safety of an OS-independent solution, but it's a simple approach that requires no special effort on their side. Yet we get to send them private information and data, using acceptable encryption. Of course this isn't so different from a company's extranet, so let's see what else we can achieve.

Auth can be as simple as a one-time-link sent via email. It should only reach one person, and anyone listening in would give up his passive observation status to actually use it, which is unlikely, as this would be detected. The recipient can upgrade his auth himself by adding a password, or the sender can improve auth by providing a question and answer that only the recipient would know. And then there are always other options, like agreeing on a password by phone.

We could provide a reply button, resulting in basic privacy-enhanced bidirectional communication. We are however missing all typical advantages of e-mail tools, like folder management. Web-based social networks have proven, that this may not be a dramatic minus.

We should provide user profiles instead, which we luckily already do. People really like to look at the recipient's photo when typing a message. And, admit it, you can't always know who is emailing you. Sometimes you know people just by their face.

So we collect logins for every person we communicate with? Well.. yes.. there are worse things on earth. Each mailto login on a psyced is a separate identity. Of course we can unify identities - decentralized auth.. redirection etc. The more advanced users can slowly evolve into conscious PSYC users, themselves. Set up their own server, configure all of their identities to converge, or not. Whatever seems good.

In this constellation we do trust some servers, but it is always either my or your server - so it is always somehow legitimate. It's not so nice, that data is residing on a server unencrypted, considering that every server needs to be running somewhere, so you are always trusting some service providers.

What happens in a many-to-many/multicast situation? Since it is kind of okay to trust the edge servers, we just need encryption to bridge over the interserver links and in-between routers. See encryption for possible strategies.

So what's missing to do this?

• file/mail upload management
• a psyced which can actually handle large files and binary data
• mailto: based identification and auth
• mail editing, storage, various notifications...
• web interfaces to trust and friendship management
• tons of glue