Working on a more thought-out post on this but I thought I'd get some feedback before diving too deep.
How about an Identity #coop ? A simple but solid #oauth identity provider that also advocates for it's inclusion as an idp to the services used by its members.
Convenience of single sign-on with the smallest possible security risk surface area and, being a co-op, members (users) decide what data is collected, shared, etc.
I have more but I'll stop here for now :)
@Antanicus Thanks! I have a couple pages of mixed notes/lists/descriptions that I'll try to polish into a tight page. I think it's all there but it's not very parse-able in its current state :)
Need to do a little technical research/confirmation as well.
@jjg I love the part where users would get to decide what kinds of data Is to be collected for analysis and for what purposes would the data be used, to facilitate service improvement.
For example, I am not against bug reports collecting by Mozilla in an effort to make Firefox better, but I am hoping that those crash reports are anonymous and only strictly relevant to Firefox.
From a privacy standpoint bulk data collection without choice and transparency is biggest issue.
@mareklach thanks!
That's a big issue for me as well, and I think storing more than is necessary increases vulnerability (if nothing else it makes the service a higher-value target).
There's also a metadata privacy issue using Facebook or Github as your idp, because that gives the service you auth to more knowledge about you (your repos, your posts) than may be required.
@jjg Yes, well, it's an interesting point to think about what exactly do you give permission to when you store your code on Github: I mean one might do contributions to public free software that everyone is allowed to modify so that's okay, but your own projects... not so much.
Would be cool if such services displayed an option like: 'Choose what kind of data can we anonymously collect from you for the purpose of improving our service' and then there would be options...
@mareklach @alanz @jjg in theory this is what EU data protection law is supposed to be, right?
I wonder if the GDPR will change things much?
@ebel @mareklach @alanz Could be, I'm no expert on the subject though.
Being an American, it never occurs to me that government might protect someone's privacy 😂
@jjg @mareklach @alanz Lots of big US tech companies with a presence in EU will just implement EU data protection rules for everyone. It'd be too hard to separate out EU & non-EU data. Lots of Facebook features which allow you to export data are due to that being a current EU legal requirement.
@ebel @alanz @jjg Perhaps they don't have to change much, as we know that in practice security agencies like the NSA, or GCHQ don't give much regard to laws written in theory on paper.
But I would think that they can collect private data only if these have first been collected by companies like Facebook and Google. I know Facebook got fined a bit for #privacy violations, but they are still not transparent about exactly what they collect.
@mareklach @alanz @jjg I think most EU data protection law has an exemption for (EU member state) national security. Which is bleh.
But the GDPR might limit what Facebook etc can do
@ebel @alanz @jjg Oh, let's hope, because it would be high time. Choice and transparency should always be key, because the question of data collection may not always be a simple yes, or no, I can understand that, so then it becomes about being able to choose what are we willing to share (for example sharing hardware specifications to improve software compatibility'd always be ok for me) but also know exactly where & why we're sending data.
@mareklach @alanz @jjg Do you know about #
NOYB? It's a proposed NGO from Max Schrems, long time successful privacy actvist. He's trying to raise €250k by end of Jan to launch it and then use the new law to sue companies which are bad for privacy,
@jjg
Love the idea so far. Could definitely be part of social.coop future plans!