Seems rather reminiscent of the [don't copy me] symbol, actually. Hmmm.. wonder if anyone's made a T-shirt of that yet? Anyway, I'm personally not necessarily totally against embedding such devices in printers, so long as it's made clear to users at the outset that the printers contain them. - MoonShadow
Oh, neat! I didn't realise that the 'this is a banknote' detection was so simple yet clever. On the printing matter - this is BadWrong?. Not only that the output should be what I decide it to be (you smudged my text!) but also the prospects of tracking back text to the author is generally a bad thing. Now, I can see where it might be useful to say "Do you want to sign your name to this document?" - but you need to be able to say no. And it needs to be publicised, not "On a chip very close to the laser that normal hacking about with won't be able to disable" --Vitenka
Interestingly, he hits at once upon the easiest way to resist (supplying false information) and then dismisses it. The more people who put garbage information into the system, the more useless it becomes and the less invasive. Surely I'm not the only one who receives credit card applications in other peoples names? --Vitenka (Though I'm willing to accept only a minority have gotten them for their nyms)
Since I'm feeling random - why not redefine identity? Let there exist only a small number of identities which are valid for a given purpose. And if two people claim to have the same one at once, well, let them fight it out and admit whichever one is more convincing. --Vitenka (No, not serious)
There's actually a grain of usefulness there. Start by realising that "who is this person" and "does this person have the right to do this" are actually separate questions. ID documents are usually used to link answers to these questions, but they don't necessarily have to be linked. I'm not sure that calling what you're proposing "identity" is entirely correct, though - it's more a right or capability; the compsci equivalent would be processes owning access capabilities, but the system limiting the total number of capabilities that can exist; semaphores are examples. - MoonShadow
Well, it's precisely capabilities. The limit was intended to force people to find ways to assert their identity. Semaphores are generally only limited due to a lack of resources, so I'm not sure that's quite the right metaphor. --Vitenka
Also, seperating identity and capability is abusable. A reputation system has to be able to know about repeat offenders, and it can't do that if there's no way to spot that a new member is actually an old one under a new name. Unless we are willing to never extend credit (any kind of credit) then thi becomes a problem. MUDs and similar have expored this for us, thankfully. --Vitenka
But dammit, I still want to not have to have the same work name as home name. Though it would be hard to make the seperation total, and someone somewhere would quickly set up linking databases. --Vitenka
Your goals directly compete with each other as stated. You want to be able to use independent identities to demonstrate to a service provider your right to access a service in different contexts, to stop anyone building a complete history of your transactions, yet it is precisely in the interest of the service providers to buld such a history. ISTM the way forward to designing a scheme like the one you propose would be to work out quite where you want the balance to lie between those two requirements first. - MoonShadow
Or, slightly more seriously - I wound like to be able to prove my identity to a provider or a person, but that person then not be able to take that information for later use. --Vitenka
Which is kinda difficult. Either the abuse problem needs to be solved in another way, or maybe some kind of anonymised reputation which attaches to all of someone's identities. --Vitenka
What's an identity? What's a reputation? A capability could contain a "recommendation" section signed by all the providers who trust you, and service providers could keep lists of providers whose signatures they trust. You cannot be trusted to get a "disrecommendation" section of your capability signed by people who mistrust you, but you could make it part of the protocol - every time you make a transaction, the provider signs the entire state of your capability at the time, and once it is known that the transaction was successful, they sign again in the recommendation section. Any signatures in the transaction list which are older than a certain time and aren't matched to a signature in the recommendation section count against you. I see few reasons to link a system like that to who you are. - MoonShadow
Nice, but the flaw there is that your recommends and costs are linked to a capability. This makes transferring to a new capability hard. - Vitenka
You have to examine what you want to happen at the point of transfer. If you want to start with a clean slate, the system as described allows this. If you want to retain the entire history, include a crypto link - a signature? to the previous capability as part of the information embedded in the new one. If you just want to include the trust level while losing the detailed history, allow the issuer of a capability to describe in it an initial level of trust. - MoonShadow
Authenticating that all of those signatures are legit would also be a real pain, though random testing might be enough. And the abuse problem still exists with whoever is last in the chain simply refusing to give out the 'done' mark. --Vitenka
That last one is hard - in practice, the user needs a way to decide whether they trust the provider, just as the provider needs a way to decide whether they trust the user; and other providers need to decide how much they trust a provider to make recommendations / disrecommendations. The details would also depend on how much a single disrecommendation affects your rating (presumably you would not interact twice with a provider that did that). Yes, I am basing all this on eBay, PGP and WebOfTrust. - MoonShadow''
Be thankful for [small victories]. (Police's non-destruction of DNA sample, fingerprints and photograph ruled unlawful, and damages awarded to suspect/victim for the assault committed in obtaining them.) --B
There's already a LegislativeWorkaround? for this. Private companies can't compel you to take a DNA test, but if you've had one taken they can require the results be disclosed. --Vitenka
I got my first biometric passport on Saturday, and immediately made a tinfoil Faraday cage for it. I hope it should be safe except at passport control. --PT
"You guys track this for us, it's too expensive for us to do it." --Vitenka
Same story, different interpretation. The Independent's is more accurate, the Telegraph is, unusually for it, scaremongering. The basics of the story are: there are government plans for an evil database, Labour are in favour but didn't allot Parliamentary time for it before the election, the Conservatives and Lib Dems are opposed, the only chance for it actually coming in is the Conservatives doing the predictable "all parties are libertarian in opposition and authoritarian in government" switcheroo. --SF
[Panopticlick] - site from the EFF which looks at whether you're uniquely identifiable from what websites can tell about your browser. Of their sample set so far, it looks like I'm the only one to have the exact same set of plugins I have, and the only one to have the exact same set of fonts; even with a bigger data set they can intersect these with your screen resolution, browser version, timezone, etc etc.
Gosh, interesting. It appears that under "plugins", they're including the full list of associations of different file types that can be handled in the browser; I didn't realise the browser forwards all that to sites on demand. --AC