Taking Back Control of Your Data, With Fine Grained, Explicit Permissions

← Back to Stories (view on slashdot.org)

Taking Back Control of Your Data, With Fine Grained, Explicit Permissions

Posted by timothy on Saturday October 5, 2013 @12:01PM from the consent-as-a-dialogue dept.

BrokenHalo writes with a story at New Scientist outlining one approach to reclaiming your online privacy: a software gatekeeper (described in detail in a paper from last year) from two MIT developers. "Developers Sandy Pentland and Yves-Alexandre de Montjoye claim OpenPDS (PDF) disrupts what NSA whistleblower Edward Snowden called the 'architecture of oppression,' by letting users see and control any third-party requests for their information – whether that's from the NSA or Google. Among other things, the Personal Data Store includes a mechanism for fine-grained management of permissions for sharing of data. Personally, I'm not convinced that what the NSA demands outright to be shared is as relevant as what they surreptitiously take without asking."

55 comments

Min score:

Reason:

Sort:

I see a problem... by hercludes · 2013-10-05 12:14 · Score: 4, Interesting

Regardless if this is a good idea with good implementation, people will find a way to get data openPDS is trying to hide. And it sounds like people who use this will only store more 'sensitive' information; digging themselves in a deeper hole.
1. Re:I see a problem... by Anonymous Coward · 2013-10-06 07:18 · Score: 1
  
  Yes, their naivete is so cute.
  From the FA: " People hosting openPDS at home would always know when entities like the NSA request their data, because the law requires a warrant to access data stored in a private home."
Needs to be an appliance.. by xtal · 2013-10-05 12:18 · Score: 2, Interesting

I already monitor all the traffic into and out of my network - there's lots you have no idea about.
Has to be an appliance.. but that's cheap. Making it easy to understand might open quite a few people's eyes...

--
..don't panic
1. Re:Needs to be an appliance.. by icebike · 2013-10-05 12:38 · Score: 2
  
  I already monitor all the traffic into and out of my network - there's lots you have no idea about.
  Has to be an appliance.. but that's cheap. Making it easy to understand might open quite a few people's eyes...
  Really? All traffic?
  Seems unlikely. Or, that your network actually does nothing, and has no significant data.
  Because there are a million ways insiders can sneak data out, some of which requires visual
  inspection. (That email with pictures? No algorithm is going to detect that it is a screen shot
  of your secret stuff). That wrist watch? Its really a USB drive. Someone filling out a form
  on a SSL website?
  
  --
  Sig Battery depleted. Reverting to safe mode.
2. Re:Needs to be an appliance.. by smittyoneeach · 2013-10-05 13:10 · Score: 3, Interesting
  
  And did you review all of the logic on your chip, just to make sure some of the "redundant" circuits might be less redundant than you think?
  That spare core seems. . .strangely active, if you know what I mean, and I think you don't.
  
  --
  Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
3. Re:Needs to be an appliance.. by xtal · 2013-10-05 16:36 · Score: 4, Insightful
  
  It's quite easy to monitor all traffic.
  Monitoring is not the same thing as analyzing.. but I am quite certain I know where my packets are headed - at least when they're sent from my gateway. That's how the internet works.
  
  --
  ..don't panic
4. Re:Needs to be an appliance.. by Z80a · 2013-10-05 23:26 · Score: 1
  
  Given the ridiculously small tracks, i bet its quite easy to create some "spread" circuit that assembles a much less powerful CPU over the regular tracks. Just add a transistor here, a transistor there, and some really long "roads" and you wont be able to clock very high, but not everything evil requires fast clocking anyway.
5. Re:Needs to be an appliance.. by smittyoneeach · 2013-10-06 00:45 · Score: 1
  
  You can label these shadow circuits "evil spirits", and do brisk business in the digital exorcism market.
  
  --
  Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
6. Re:Needs to be an appliance.. by Fnord666 · 2013-10-06 05:05 · Score: 1
  
  Monitoring is not the same thing as analyzing.. but I am quite certain I know where my packets are headed - at least when they're sent from my gateway. That's how the internet works.
  But are you sure you know everything that is in those packets? Nothing extra in those DNS requests leaving your network?
  
  --
  'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Oh the naivete!! by fustakrakich · 2013-10-05 12:21 · Score: 1, Insightful

How many times do you people need to be told? If it's on a network, any network, it is out of your control! You really think you can stop the NSA, Google, or any of them?

--
“He’s not deformed, he’s just drunk!”
1. Re:Oh the naivete!! by coldmist · 2013-10-05 12:55 · Score: 5, Funny
  
  You bet I can! I have my robots.txt file up to date, you know.
  
  --
  Don't steal. The government hates competition.
2. Re:Oh the naivete!! by Samantha+Wright · 2013-10-05 13:11 · Score: 2
  
  It's basically like asking Google to set the evil bit when they poll your data. I am mesmerized that the MIT Media Lab would turn out something so obviously incapable of disrupting the current ecosystem.
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
3. Re:Oh the naivete!! by fustakrakich · 2013-10-05 13:31 · Score: 1
  
  Redundant? Redundant?? I'll show you redu... oh wait, you're right. NSA and Google are redundant!
  Oops..
  I feel so very sorry...
  
  --
  “He’s not deformed, he’s just drunk!”
More useful by Rosco+P.+Coltrane · 2013-10-05 12:55 · Score: 5, Insightful

Instead of a gatekeeper, I'd rather have a layer of software that automatically lies about myself (such as always giving my name as "John Doe" or my GPS location as being somewhere in the open desert near Timbuktu or something), so that not only the data hoarders don't get my personal information, but their data pool gets polluted. Bad data is much more of a problem to them than no data at all.

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
1. Re:More useful by peragrin · 2013-10-05 13:10 · Score: 3, Interesting
  
  not really they don't care about bad or missing data. the piles of data are to large.
  Seriously my credit report lists a name of a relation that hasn't existed in 18+ years. And when it did exist it lasted less than 6 months.( a very short marriage of a relation,not mine). But nobody cares about accurate useful data, only if they have it or not.
  Take Amazon. they have a record of every purchase I have made over a similar time span. yet they only ever show me adds for things i already have. amazon won't show me something new. What good is showing me stuff that I already own/watched?
  I figure just let them keep on collecting it. sooner or later they will have so much useless old data clogging their systems that it will hide you better than trying to delete and police everything.
  
  --
  i thought once I was found, but it was only a dream.
2. Re:More useful by smittyoneeach · 2013-10-05 13:11 · Score: 1
  
  Yep. Signal-to-noise ratio. Said Smith.
  
  --
  Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
3. Re:More useful by Anonymous Coward · 2013-10-05 13:31 · Score: 3, Interesting
  
  Even better a botnet that does this - dictionary of names, generate pseudo-biographic info, but distributing across devices you own, device signatures similar to what you own, spoofing MAC addresses etc. Enough noise to reduce their quality & quantity of matches, but not to the point where positives csn stand out..
  Now how to wreck matching against LexisNexis matches w/o wrecking Lexis-Nexis per se...
4. Re:More useful by bdcrazy · 2013-10-05 13:42 · Score: 2
  
  God help you if you order gifts through amazon as well. 'I saw you buy X, you might like Y.' Uh, nope. That was for my sister. Thanks for trying though.
  
  --
  Tonights forecast: Dark. Continued dark throughout most of the evening, with some widely-scattered light towards morning
5. Re:More useful by Anonymous Coward · 2013-10-05 13:43 · Score: 1
  
  Look, they have all of the data and do not have to prove a thing. As far as you or anyone else knows, the whole story is bullshit and the NSA has nowhere near the ability that we are lead to believe.
  However, since what I just said sounds so stupid and obnoxious, not to be taken seriously, you know, because it's so silly and stuff, but anyway, suppose that they want to lie about having data on you that links you to the scene of the crime, what the hell could you do to argue about it? They don't have to state the ways that they have the information, because that would reveal to much "national security". So if they want to say that they have this data, then show me the data. Otherwise, shut up about it. It's all bullshit to me.
  The whole idea that there's a security measure to sell to someone will be the next zeitgeist for salesmen to tamper with. If the NSA does have the things in place mentioned by Snowden, then there's nothing that you can install (software or hardware) to not route traffic through the Utah data center.
6. Re:More useful by Anonymous Coward · 2013-10-05 13:56 · Score: 2, Informative
  
  If you use Android... openPDroid: http://forum.xda-developers.com/showthread.php?p=36678558
7. Re:More useful by Nemyst · 2013-10-05 14:14 · Score: 2
  
  That's too obvious, though. In order to properly pollute data, you need to provide information which seems legitimate, but isn't. John Doe in Timbuktu one hour and Mexico City the next will likely trip any check they might have, and they'll either strip the data or try to watch you in a different fashion. A believable name with consistent locations which are entirely faked is much, much harder to filter, while still quite easy to generate.
8. Re:More useful by Anonymous Coward · 2013-10-05 14:50 · Score: 1
  
  There's specifically a feature to say "Don't take this into account in my buying history." It's just to give Amazon even more info of course, but the suggestions will go away.
9. Re:More useful by Anonymous Coward · 2013-10-05 15:04 · Score: 0
  
  I think this is a great idea!
  --
  John Doe
  16.775833 N, -3.009444 W
10. Re:More useful by Anonymous Coward · 2013-10-05 15:06 · Score: 0
  
  I would pay for this.
  I want this. No. I NEED this on my android phone.
  Time for privacy to be put back in the hands of the user.
  I can understand why some information is needed
  Seriously though do websites really need to know my exact location? No. Not even close. They just need to know what city I am, perhaps, and even then that is something I would like to be able to select.
  I came across a cinema website a year ago which automatically detects and shows you the closest cinema. There were a few problems with this the main one being that my ISP is based in another city which means that anyone trying to find my location will have it wrong.
  No matter what I did I could not get the site to show me the local cinema. I sent them an email about it and now they have changed it to allow the user to select which city they are in. Why they didn't allow for change of city in the first place is frustrating. I quote this as a good example of how allowing a user to review and change metadata is needed.
  The user agent plugin for firefox is very useful for 'pretending' to be another browser, in particular for websites which insist on specific browsers and versions.
11. Re:More useful by Anonymous Coward · 2013-10-05 19:14 · Score: 0
  
  Ha! you mean like a disinfoBot! great idea
12. Re:More useful by Tom · 2013-10-05 21:57 · Score: 3, Insightful
  
  Depends on what they are using it for. If the purpose is individual identification, the data doesn't have to be correct, just unique. If they want to track you, behavior is more important than data, and so on.
  But in general, I agree. When those "bonus card" systems for the supermarket etc. came to Europe, I was the guy at the CCCamp to propose everyone in the room stand up and exchange their cards with someone else at random.
  But life is turning into a cyberpunk story in one important regard: The vast majority of the population doesn't know nor care about fighting this crap. Those of us who do, we are very few. We are the 1% in this aspect. Your and my data polluting doesn't change a thing in the big picture.
  And that's where you are right on the money: If someone came up with a device that does that automatically, and had some other benefit related to this feature so it is of interest to grandma to use it, then you'd have ruined the current Internet top dogs business model in one brave stroke.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
13. Re:More useful by peragrin · 2013-10-05 22:35 · Score: 1
  
  the suggestions go away but it is buried deep under an odd name and your history is still there.
  
  --
  i thought once I was found, but it was only a dream.
14. Re:More useful by Anonymous Coward · 2013-10-06 14:29 · Score: 0
  
  So I should help them offer me more stuff? Its always amusing buying textbooks through them. The suggestions based on these are useless.
A little misleading by fred911 · 2013-10-05 12:56 · Score: 1

This seems to be an Android only app. What did I miss?

--
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
1. Re:A little misleading by icebike · 2013-10-05 13:22 · Score: 3, Insightful
  
  You are missing the fact that the the summary, the article, and the so called detail description give not a single
  clue about how it works, or even precisely what it does.
  One would have to assume its some sort of elaborate ruse to see if they can sucker more people into handing over more data by offering a nebulously described so called private data gatekeeper as a free app. Undomesticated equines could not drag me to installing that app.
  
  --
  Sig Battery depleted. Reverting to safe mode.
2. Re:A little misleading by gl4ss · 2013-10-05 13:52 · Score: 1
  
  it's a joke.
  how the fuck could the app know if your information was requested from google by the nsa? it couldn't. furthermore google wouldn't be at the liberty to tell you.
  
  --
  world was created 5 seconds before this post as it is.
3. Re:A little misleading by BrokenHalo · 2013-10-05 21:45 · Score: 1
  
  You are missing the fact that the the summary, the article, and the so called detail description give not a single clue about how it works, or even precisely what it does.
  You can thank the /. editors for that. (Sigh...)
  
  In my (now totally re-written) submission I provided a link to the actual NS article (which is still up there on the main page) and a detailed description from the developers here (PDF).
  
  HTH.
They can still hack the guard software by manu0601 · 2013-10-05 12:58 · Score: 1

From TFA:

People hosting openPDS at home would always know when entities like the NSA request their data, because the law requires a warrant to access data stored in a private home.
They disregard the constitution and you want them to respect the law? Indeed the government will not physically get into your house without a warrant, but we know they have no problem remotely hacking your computer.
1. Re:They can still hack the guard software by Guest316 · 2013-10-05 13:07 · Score: 2
  
  >Indeed the government will not physically get into your house without a warrant
  The residents of Watertown might disagree:
  
  https://www.youtube.com/watch?v=YWsbBhzxYw8
2. Re:They can still hack the guard software by manu0601 · 2013-10-05 13:33 · Score: 1
  
  Mmmm... you suggest USA's democracy is even more rotten that what I thought.
Summary by Anonymous Coward · 2013-10-05 13:11 · Score: 0

Bullshit.
(As anyone with any real knowledge of networks should know).
MIT? Garbage.
That won't work by Anonymous Coward · 2013-10-05 13:15 · Score: 0

That won't work. The NSA will just probe everyone's data. You won't know if you are targeted or just swept up like everyone else.
Fine-grained permissions? by tftp · 2013-10-05 13:39 · Score: 2

I never felt the need for fine-grained permissions. Here is the configuration that I use:
permissions {
deny all;
}
If you need something that doesn't pass through that filter, come and see me.
Reminiscent of .pdf "redaction" circa 1995 by Anonymous Coward · 2013-10-05 13:41 · Score: 0

With redacted data just paved over by a layered black line, whoops.
Because nobody would bother to.. nah. It's a BLACK LINE. Trust that the data beneath it is forever secret.
Taking Back Control of Your Data... Pfft! by fustakrakich · 2013-10-05 13:50 · Score: 1

All *your* data are buried in the wall...
Sounds eerily familiar...

--
“He’s not deformed, he’s just drunk!”
Easier to configure than SELinux? by the_B0fh · 2013-10-05 13:52 · Score: 1

Configuring it is always the hardest problem, even if everything else worked right.
Potential problem by Okian+Warrior · 2013-10-05 14:57 · Score: 5, Interesting

Instead of a gatekeeper, I'd rather have a layer of software that automatically lies about myself (such as always giving my name as "John Doe" or my GPS location as being somewhere in the open desert near Timbuktu or something), so that not only the data hoarders don't get my personal information, but their data pool gets polluted. Bad data is much more of a problem to them than no data at all.
I've been doing that for some years.
In early September, my bank implemented a new type of authentication process. Before I could log in, it asked me a series of questions culled from the public records of my name - it said as much when it started.
The questions were multiple choice, five answers, and went like this:
In what town is 35 Granite Ave located?
. Greenville
. Lexington
. Berwick
. Nashua
. Holliston
Needless to say, I've never been to 35 Granite Ave (that I can remember), never lived there, and don't have the first clue what they were on about. My "polluted public records" came back to bite me.
The bank representative couldn't help because they don't make the web page, the web page techs can't help because they outsource to a service, &c &c. It took extreme measures from one very helpful bank rep to allow me to log in, on a system which had been giving me no problems for many yeas. I'd be screwed if it were the cable, ISP, or phone company.
I'm still in favour of polluting records. If the person asking doesn't have any business knowing whatever it is they're asking, I will lie.
It looks like I'll have to start keeping track of the lies.
1. Re:Potential problem by Jah-Wren+Ryel · 2013-10-05 17:01 · Score: 2
  
  It looks like I'll have to start keeping track of the lies.
  Or get a new bank. I've heard of similar things - like BofA asking what color your first car was. The thing is that the low quality of information in these databases is well known. If a bank doesn't have a way to deal with their pseudo-authentication data being bad then they are just negligent - maybe ignorant, maybe sold snake-oil by the data 'proprietor' but either way it is a level of failure that should cause you to question how competent they are in other areas.
  
  --
  When information is power, privacy is freedom.
2. Re:Potential problem by Anonymous Coward · 2013-10-05 18:40 · Score: 1
  
  What's even worse is when the bank asks where you stash the bodies as a recovery question...
3. Re:Potential problem by BrokenHalo · 2013-10-05 21:26 · Score: 1
  
  It looks like I'll have to start keeping track of the lies.
  Or else maybe train your system to send null data rather than fake stuff? I'm going to investigate openPDroid that AC mentioned earlier. Looks like a start...
4. Re:Potential problem by Tom · 2013-10-05 22:00 · Score: 1
  
  It looks like I'll have to start keeping track of the lies.
  Use mnemonics - if you invent an address, make the first letter of the street and the town identical. If you invent a birthday, use the same day and vary years, or the other way around. Some people use spam-catch email addresses including the sites name - e.g. tom.nameofthesite@mydomain.com - so if they get spam they know who sold their address. You can use the same trick in your invented personal data. So your G+ address is 1 Google Ave. while your FB address is 1 Facebook Road. Stuff like that.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
5. Re:Potential problem by Anonymous Coward · 2013-10-05 23:08 · Score: 0
  
  ...I'm going to investigate openPDroid that AC mentioned earlier. Looks like a start...
  I highly recommend it myself.
6. Re: Potential problem by UnknownSoldier · 2013-10-06 01:52 · Score: 2
  
  Uh, why aren't you using a password manager and adding a note about the fake data in the notes/extra info field??
Lessons of SELinux by Antique+Geekmeister · 2013-10-05 16:44 · Score: 2

If the control is too fine grained, people give up and just turn off the controls altogether. I see this constantly with SELinux and complex firewalls and filesytem permissions, and two-part authentication.
DRM by Anonymous Coward · 2013-10-05 18:48 · Score: 0

I believe this is what we call Digital Rights Managment
Permissions? by jandersen · 2013-10-05 20:31 · Score: 1

...the Personal Data Store includes a mechanism for fine-grained management of permissions for sharing of data ...
You mean like in Oracle, where the list of system and object privileges cover 14 pages in the manual (version 12)? In my experience this is simply too unwieldy to use in practice; in most cases you end up defining a small handful of roles (in Oracle: a bundle of privileges) that are used for everybody. Or if you are the average, lazy guy, you just grant dba to all users; you wouldn't believe how many Oracle instances I have come across, where the SYS account still had password "CHANGE_ON_INSTALL".
There is a reason why the admittedly crude and primitive permission model of UNIX is still around: it is easy to understand and use, and it can be surprisingly effective.
Oh Great... by GerryHattrick · 2013-10-06 00:26 · Score: 1

Ultimately-brave men are going right in to Somalia and other hell-holes to take out the nasties, while you-all are trying to make more difficult the work of the services which our taxes pay to protect us.
1. Re: Oh Great... by Anonymous Coward · 2013-10-07 07:39 · Score: 0
  
  go suck on a fat dick you shill
The stuff that isn't in the summary by davecb · 2013-10-06 01:41 · Score: 1

Author page, with links - http://demontjoye.com/projects.html
Their video http://www.youtube.com/watch?v=eS1LgeQTO1A
The product page - http://openpds.media.mit.edu/

--
davecb@spamcop.net
Pretty sure. by Anonymous Coward · 2013-10-07 03:25 · Score: 0

Monitoring is not the same thing as analyzing.. but I am quite certain I know where my packets are headed - at least when they're sent from my gateway. That's how the internet works.
But are you sure you know everything that is in those packets? Nothing extra in those DNS requests leaving your network?

Nothing is truly certain in this vale of tears, but if you can't depend on tcpdump and wireshark, you may as well give up now.