Post on 28-Jan-2018
Privacy Concerns Related to
Verifiable Claims
David Hyland-Wood david@hyland-wood.org @prototypo
““Failure is less attributable to either insufficiency of means or impatience of labours than to a confused understanding of the thing actually to be done.”
John Ruskin
A Presumption: Privacy is GoodThe UN Universal Declaration of Human Rights, adopted 10 December 1948:
Article 12: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”
Article 19: “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.”
“There is no such thing as absolute privacy in America.
James Comey, FBI Director
“Law-abiding citizens value privacy. Terrorists require invisibility. The two are not the same, and they should not be confused.
Richard Perle
How easy it is for some in the physical world to find a few minutes alone.
Privacy The Internet
A helpful Venn diagram
Privacy The Internet
A helpful Venn diagram
“Configuration options are where arguments go to die. Andrew Roberts
Verifiable Claims should:
not make the situation worse
make it better where it can
Core Issues
Cross-site tracking of credentialsAn acknowledged concern:
https://github.com/opencreds/vc-data-model/issues/12
Cross-site tracking of credentialsAn acknowledged concern:
https://github.com/opencreds/vc-data-model/issues/12
We are already tracked, and much more effectively.
Cross-site tracking of credentialsAn acknowledged concern:
https://github.com/opencreds/vc-data-model/issues/12
We are already tracked, and much more effectively.
We don't need to provide any information to be tracked successfully.
Cross-site tracking of credentialsMitigation strategies include:
Verifiable claims are identifier agnostic
Use local (non-correlatable) identifiers when possible
Accept the risks where agencies must collude, e.g. to enforce regulations
A single “identity” per individual?
Verifiable Claims:
Are “identity profiles” sufficient protection?
How do identity profiles relate to an individual “entity”?
In general:
How does an “identity” relate to a Verifiable Claims “entity”?
Privacy Concerns Related to
Verifiable Claims
David Hyland-Wood david@hyland-wood.org @prototypo
AcknowledgementsVerifiable Claims Data Model and Representations Draft Community Group
Report 25 February 2017
Verifiable Claims Data Model open issues
W3C Member-only discussions related to the Verifiable Claims Working Group
AcknowledgementsLocked gate photo by Flickr user Francesca Minonne, CC-BY-SA 2.0
UN UDHR
Hotel deadbolt lock photo by Flickr user Benjamin Turner, CC-BY 2.0
Internet privacy Venn diagram based on a Venn diagram by Flickr user Rob Jewitt, CC-BY-SA 2.0
Facebook privacy screenshot © 2010 Facebook, screenshot by Flickr user Radagast, CC-BY 2.0.
Number 2 photo by Flickr user Chris, CC-BY-SA 2.0
Spherical chicken © 1995 D.R. Commander, used under fair use provisions for educational purposes.