martes, 1 de diciembre de 2009

Social Rings: A Simple Method For Enhancing Privacy In Web 2.0 And Social Networks


Disclaimer: This post was written for the annoyingly paranoid.

If you are worried about your privacy but you don't want to be isolated in Internet then you may want to implement social rings. Here we will describe the simple method we devised for enabling a little privacy in web 2.0 and social networks. We design four privacy levels or social rings to access the web and contact people through social network services. Keep in mind, that as soon as other abstract communication layers don't provide any privacy, probably your privacy is invaded by your local ISP, government intelligence/security agency or employer.

This method includes human and automatic computer interactions. We have been testing it for about a year and provides a more clear understanding of privacy in the Internet, given the little effort of managing the different rings. It is designed to avoid phishing, spamming and optimized your mindshare/attention online, a limited resource.
  • Social Ring 0 (The Circle Of Trust or The Social Circle): Include here close friends, trusted co-workers and trusted family members. Create an e-mail for this ring. Identify yourself with your complete name but don't include your complete name in the e-mail, you don't want people knowing your complete your name to deduce the e-mail. Use this e-mail only for human-human contacts, not for automatic subscriptions, the latter usually contains messages from people you don't trust. This email, not directly deducible from your complete name, will be the key/token (we will call it token0) to enter social ring 0, but assume that contacts in this ring know your complete name. Use token0 to create and account on you favorite social network service. Check that people can only contact you in this ring if they have token0. In Facebook for example you must not use your complete name, but you may want to be contacted with token0 in the people search queries. From example if your name is Alan Smithee you may use alans or as23 as privacy token0. Only people (or robots?) will enter this ring after physical contact or personal recommendation from an existing contact. You may subscribe to news feed system only in this feed systems allows anonymous subscriptions or followers. Twitter allows anonymous subscriptions via RSS feeds but following people in Twitter with your Twitter account is not anonymous.
  • Social Ring 1 (The News/Nickname Ring): Here are included not so close friends, untrusted co-workers/family and automatic subscriptions/robots. Create an email with privacy token1, similarly as with ring 0 but now with a token completely uncorrelated to your complete name. Don't use your complete name anywhere within this ring (!), use a simple nickname, such as alan666 or morfeus. Using token1 you can subscribe to people and systems that only supports non-anonymous subscriptions such as Twitter. E-mail newsletters and lists are included in this ring because this qualifies as an interaction with an untrusted machine possibly aggregating content and spam from people you don't know. Don't use token1 for possible spammish subscriptions or people/social network systems suspected of being malicious. You may want to use your complete name in blogs and services associated with token1 but only for publishing content, not consuming.
  • Social Ring 2 (Social Event Horizon): create a totally uncorrelated social key token2 for this ring. Use it for subscriptions/services you don't trust at this moment. You can probe suspicious services or people comfortably standing in this ring. Surely you will need an email for this ring.
  • Social Ring 3 (The Anonymous Moors): anonymous polls, anonymous social comments in web forums, no credentials needed. As you can be approximately geographically located, you may want to used anonymous routers such as Tor to avoid geographical bans or censorships. Remember to don't use any ring 0-2 credentials in this ring.
Some improvements may include Social Ring -1 with an encrypted web vault for storing personal data such as financial information, other critical data and Social Ring 0-2 credentials.

You want to avoid scenarios were people/machines can't deduce token{n-1} from token{n} so that can elevate their social ring level.

Please comment any method bugs or possible improvements.

(Last photo courtesy of lois_15354.)

No hay comentarios:

Publicar un comentario