Trust and Internet Identity Meeting Europe
11-14 Feb 2019: Workshops and Unconference

Session 30 Interoperability towards User Empowered Standards

Interoperability towards User empowered standards.

Idea has come up a couple of years ago, from a focus on UMA, block chain, Yubikeys.

Tools for empowering the user to be in charge of their own data.

What is already there and how does it fit together?

YubiKey as an extra security layer, to ensure the right person is logging in.

To empower users they have to be able to understand what is going on. -> Privacy Assistance

Machine Learning to group users and based on this create some suggestions.

Even for expert users all these different permission factors might be too complicated.

Having programs helping the user? Would this scare the user away or make things easier?

These kind of software needs knowledge about what the App does. This implies that every App developer might have to register/document their App in some way for this knowledge base.

Privacy Guard - Android App which checks allowances, privacy by default.

Visualizing things can help users understand more complex privacy concepts.

**More than one problem: **

  • Are the controls actually very complex?
  • Can you show users the effect of their actions, choices, can you visualize it?

Classic tradeoff between complexity and visibility.

Block chain used in cases when a Distributed Database would have done the job (Shiny Object Syndrome).

How can distributed databases help to empower people?

When is Blockchain necessary?

Graphics about the spread of personal data across time - Evolution of Privacy on Facebook:

http://mattmckeon.com/facebook-privacy/

TrustPilot : https://www.trustpilot.com/

Reviews for Services from private people

A quick walkthrough of how to use privacy guard:

http://www.guidingtech.com/42045/cyanogenmod-privacy-guard/

Kantara UMA Personal data and the person who controls the data, the data may sit in different places so you have the identity provider and a quite easy second factor - to get higher security but making it easier at the same time.

Kantara does some work on consent receipts, you have one place where you manage your data and when you log in you can access all that data at that place.

Usable privacy - by entering for example seven questions you are grouped out of that questions.

You get some machine assistant to help you otherwise it would be too difficult even for expert users. Imagine it asks you 100 times a day for your location, but the problem is how will users today react to that, would that scare them away if computers are suggesting answers for them .For example Facebook - Facebook have changed their privacy policy over time like an opening flower, the default settings were shared more and more publicly, so that the user had to stop Facebook from doing that (the default settings had a bigger and bigger scope).

Basically the idea is not to have multiple checkboxes where we can tell what scope we want our data to be instead to have one button to minimalize the scope or maximize, and to have a filter in between.There can be an assistant instead of crowdsourcing for that knowledge which tells you for example if the following app really requires my location or not.

Privacy in a blockchain issue.

Distributed databases - the idea is to not have a centralized government model. Depends how trustworthy the data should be.

How can distributed databases empower people?