Taking Back Control of Your Data, With Fine Grained, Explicit Permissions

← Back to Stories (view on slashdot.org)

Taking Back Control of Your Data, With Fine Grained, Explicit Permissions

Posted by timothy on Saturday October 5, 2013 @12:01PM from the consent-as-a-dialogue dept.

BrokenHalo writes with a story at New Scientist outlining one approach to reclaiming your online privacy: a software gatekeeper (described in detail in a paper from last year) from two MIT developers. "Developers Sandy Pentland and Yves-Alexandre de Montjoye claim OpenPDS (PDF) disrupts what NSA whistleblower Edward Snowden called the 'architecture of oppression,' by letting users see and control any third-party requests for their information – whether that's from the NSA or Google. Among other things, the Personal Data Store includes a mechanism for fine-grained management of permissions for sharing of data. Personally, I'm not convinced that what the NSA demands outright to be shared is as relevant as what they surreptitiously take without asking."

21 of 55 comments (clear)

Min score:

Reason:

Sort:

I see a problem... by hercludes · 2013-10-05 12:14 · Score: 4, Interesting

Regardless if this is a good idea with good implementation, people will find a way to get data openPDS is trying to hide. And it sounds like people who use this will only store more 'sensitive' information; digging themselves in a deeper hole.
Needs to be an appliance.. by xtal · 2013-10-05 12:18 · Score: 2, Interesting

I already monitor all the traffic into and out of my network - there's lots you have no idea about.
Has to be an appliance.. but that's cheap. Making it easy to understand might open quite a few people's eyes...

--
..don't panic
1. Re:Needs to be an appliance.. by icebike · 2013-10-05 12:38 · Score: 2
  
  I already monitor all the traffic into and out of my network - there's lots you have no idea about.
  Has to be an appliance.. but that's cheap. Making it easy to understand might open quite a few people's eyes...
  Really? All traffic?
  Seems unlikely. Or, that your network actually does nothing, and has no significant data.
  Because there are a million ways insiders can sneak data out, some of which requires visual
  inspection. (That email with pictures? No algorithm is going to detect that it is a screen shot
  of your secret stuff). That wrist watch? Its really a USB drive. Someone filling out a form
  on a SSL website?
  
  --
  Sig Battery depleted. Reverting to safe mode.
2. Re:Needs to be an appliance.. by smittyoneeach · 2013-10-05 13:10 · Score: 3, Interesting
  
  And did you review all of the logic on your chip, just to make sure some of the "redundant" circuits might be less redundant than you think?
  That spare core seems. . .strangely active, if you know what I mean, and I think you don't.
  
  --
  Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
3. Re:Needs to be an appliance.. by xtal · 2013-10-05 16:36 · Score: 4, Insightful
  
  It's quite easy to monitor all traffic.
  Monitoring is not the same thing as analyzing.. but I am quite certain I know where my packets are headed - at least when they're sent from my gateway. That's how the internet works.
  
  --
  ..don't panic
More useful by Rosco+P.+Coltrane · 2013-10-05 12:55 · Score: 5, Insightful

Instead of a gatekeeper, I'd rather have a layer of software that automatically lies about myself (such as always giving my name as "John Doe" or my GPS location as being somewhere in the open desert near Timbuktu or something), so that not only the data hoarders don't get my personal information, but their data pool gets polluted. Bad data is much more of a problem to them than no data at all.

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
1. Re:More useful by peragrin · 2013-10-05 13:10 · Score: 3, Interesting
  
  not really they don't care about bad or missing data. the piles of data are to large.
  Seriously my credit report lists a name of a relation that hasn't existed in 18+ years. And when it did exist it lasted less than 6 months.( a very short marriage of a relation,not mine). But nobody cares about accurate useful data, only if they have it or not.
  Take Amazon. they have a record of every purchase I have made over a similar time span. yet they only ever show me adds for things i already have. amazon won't show me something new. What good is showing me stuff that I already own/watched?
  I figure just let them keep on collecting it. sooner or later they will have so much useless old data clogging their systems that it will hide you better than trying to delete and police everything.
  
  --
  i thought once I was found, but it was only a dream.
2. Re:More useful by Anonymous Coward · 2013-10-05 13:31 · Score: 3, Interesting
  
  Even better a botnet that does this - dictionary of names, generate pseudo-biographic info, but distributing across devices you own, device signatures similar to what you own, spoofing MAC addresses etc. Enough noise to reduce their quality & quantity of matches, but not to the point where positives csn stand out..
  Now how to wreck matching against LexisNexis matches w/o wrecking Lexis-Nexis per se...
3. Re:More useful by bdcrazy · 2013-10-05 13:42 · Score: 2
  
  God help you if you order gifts through amazon as well. 'I saw you buy X, you might like Y.' Uh, nope. That was for my sister. Thanks for trying though.
  
  --
  Tonights forecast: Dark. Continued dark throughout most of the evening, with some widely-scattered light towards morning
4. Re:More useful by Anonymous Coward · 2013-10-05 13:56 · Score: 2, Informative
  
  If you use Android... openPDroid: http://forum.xda-developers.com/showthread.php?p=36678558
5. Re:More useful by Nemyst · 2013-10-05 14:14 · Score: 2
  
  That's too obvious, though. In order to properly pollute data, you need to provide information which seems legitimate, but isn't. John Doe in Timbuktu one hour and Mexico City the next will likely trip any check they might have, and they'll either strip the data or try to watch you in a different fashion. A believable name with consistent locations which are entirely faked is much, much harder to filter, while still quite easy to generate.
6. Re:More useful by Tom · 2013-10-05 21:57 · Score: 3, Insightful
  
  Depends on what they are using it for. If the purpose is individual identification, the data doesn't have to be correct, just unique. If they want to track you, behavior is more important than data, and so on.
  But in general, I agree. When those "bonus card" systems for the supermarket etc. came to Europe, I was the guy at the CCCamp to propose everyone in the room stand up and exchange their cards with someone else at random.
  But life is turning into a cyberpunk story in one important regard: The vast majority of the population doesn't know nor care about fighting this crap. Those of us who do, we are very few. We are the 1% in this aspect. Your and my data polluting doesn't change a thing in the big picture.
  And that's where you are right on the money: If someone came up with a device that does that automatically, and had some other benefit related to this feature so it is of interest to grandma to use it, then you'd have ruined the current Internet top dogs business model in one brave stroke.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
Re:Oh the naivete!! by coldmist · 2013-10-05 12:55 · Score: 5, Funny

You bet I can! I have my robots.txt file up to date, you know.

--
Don't steal. The government hates competition.
Re:They can still hack the guard software by Guest316 · 2013-10-05 13:07 · Score: 2

>Indeed the government will not physically get into your house without a warrant
The residents of Watertown might disagree:

https://www.youtube.com/watch?v=YWsbBhzxYw8
Re:Oh the naivete!! by Samantha+Wright · 2013-10-05 13:11 · Score: 2

It's basically like asking Google to set the evil bit when they poll your data. I am mesmerized that the MIT Media Lab would turn out something so obviously incapable of disrupting the current ecosystem.

--
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
Re:A little misleading by icebike · 2013-10-05 13:22 · Score: 3, Insightful

You are missing the fact that the the summary, the article, and the so called detail description give not a single
clue about how it works, or even precisely what it does.
One would have to assume its some sort of elaborate ruse to see if they can sucker more people into handing over more data by offering a nebulously described so called private data gatekeeper as a free app. Undomesticated equines could not drag me to installing that app.

--
Sig Battery depleted. Reverting to safe mode.
Fine-grained permissions? by tftp · 2013-10-05 13:39 · Score: 2

I never felt the need for fine-grained permissions. Here is the configuration that I use:
permissions {
deny all;
}
If you need something that doesn't pass through that filter, come and see me.
Potential problem by Okian+Warrior · 2013-10-05 14:57 · Score: 5, Interesting

Instead of a gatekeeper, I'd rather have a layer of software that automatically lies about myself (such as always giving my name as "John Doe" or my GPS location as being somewhere in the open desert near Timbuktu or something), so that not only the data hoarders don't get my personal information, but their data pool gets polluted. Bad data is much more of a problem to them than no data at all.
I've been doing that for some years.
In early September, my bank implemented a new type of authentication process. Before I could log in, it asked me a series of questions culled from the public records of my name - it said as much when it started.
The questions were multiple choice, five answers, and went like this:
In what town is 35 Granite Ave located?
. Greenville
. Lexington
. Berwick
. Nashua
. Holliston
Needless to say, I've never been to 35 Granite Ave (that I can remember), never lived there, and don't have the first clue what they were on about. My "polluted public records" came back to bite me.
The bank representative couldn't help because they don't make the web page, the web page techs can't help because they outsource to a service, &c &c. It took extreme measures from one very helpful bank rep to allow me to log in, on a system which had been giving me no problems for many yeas. I'd be screwed if it were the cable, ISP, or phone company.
I'm still in favour of polluting records. If the person asking doesn't have any business knowing whatever it is they're asking, I will lie.
It looks like I'll have to start keeping track of the lies.
1. Re:Potential problem by Jah-Wren+Ryel · 2013-10-05 17:01 · Score: 2
  
  It looks like I'll have to start keeping track of the lies.
  Or get a new bank. I've heard of similar things - like BofA asking what color your first car was. The thing is that the low quality of information in these databases is well known. If a bank doesn't have a way to deal with their pseudo-authentication data being bad then they are just negligent - maybe ignorant, maybe sold snake-oil by the data 'proprietor' but either way it is a level of failure that should cause you to question how competent they are in other areas.
  
  --
  When information is power, privacy is freedom.
2. Re: Potential problem by UnknownSoldier · 2013-10-06 01:52 · Score: 2
  
  Uh, why aren't you using a password manager and adding a note about the fake data in the notes/extra info field??
Lessons of SELinux by Antique+Geekmeister · 2013-10-05 16:44 · Score: 2

If the control is too fine grained, people give up and just turn off the controls altogether. I see this constantly with SELinux and complex firewalls and filesytem permissions, and two-part authentication.