So, it is my first week at Mozilla Labs; I picked a great first week - the launch of Firefox 4 for both desktop and mobile.
One of the big topics for Mozilla is Identity and Privacy. After all, "Firefox answers to no one but you." However, digging into identity (above the layer of authentication and authorization) is a tricky business.
This book is a very interesting framework in which to think of identity. It is intuitive social science: we all have expectations about how our personal information should be used, based on the context of use; when our expectations are not met, we react poorly; when our expectations are stressed, but not broken, expectations may evolve, especially to encapsulate new technologies.
Contextual Integrity is the catch phrase to encompass this idea...and the idea that identity/Privacy is not about hiding your information, but about its appropriate use.
The difficulty is turning a social science into a computer science. There has been lots of follow on work on Contextual Integrity, using temporal and other logics. They give the foundations for how to implement a system, but really it is the system inputs which are problematic. The biggest issue, of course, is establishing context. It is well known that users will not take the time to define contexts, so we need to derive context from activity: browsing, communication, location, etc.
In many ways the browser is the right place to establish context (for your online identity), so I am optimistic that Mozilla can bring (at least parts of) this to life.
This book is a very interesting framework in which to think of identity. It is intuitive social science: we all have expectations about how our personal information should be used, based on the context of use; when our expectations are not met, we react poorly; when our expectations are stressed, but not broken, expectations may evolve, especially to encapsulate new technologies.
Contextual Integrity is the catch phrase to encompass this idea...and the idea that identity/Privacy is not about hiding your information, but about its appropriate use.
The difficulty is turning a social science into a computer science. There has been lots of follow on work on Contextual Integrity, using temporal and other logics. They give the foundations for how to implement a system, but really it is the system inputs which are problematic. The biggest issue, of course, is establishing context. It is well known that users will not take the time to define contexts, so we need to derive context from activity: browsing, communication, location, etc.
In many ways the browser is the right place to establish context (for your online identity), so I am optimistic that Mozilla can bring (at least parts of) this to life.
Comments