Talk:On Presence updates/User Profiles/Collaboration

From OLPC
Revision as of 15:40, 29 April 2008 by Bemasc (talk | contribs) (Privacy)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Privacy

I would argue strongly that the list of activities in which I am participating is private. You wouldn't want your IRC client telling me what other applications you're running. The Sugar design calls for implementation of sharing Activities that are only visible to a specific group, where each group corresponds to a single unique keypair.

One possible way of implementing this is to set up a distinct, parallel presence system for each group. Offhand, I cannot think of any acceptably efficient way of implementing this design, especially since every non-public activity generates a new group. Instead, we may encrypt each entry in the list of shared activities with the private key of the group that has permission to join it. With this system, I can tell whether two people are in the same activity, but I cannot tell what activity it is. To improve privacy further, we may pad out each Activity entry to a fixed length with random data before encryption, so that two people joined to the same activity show different entries in their presence data.

I appreciate that on a mesh network, every node can be a router, and the routing protocol may require that every router know the source and/or destination. However, that data will be encrypted, and so it will be impossible to identify it without traffic analysis. Requiring a malicious eavesdropper to perform traffic analysis of encrypted streams seems a reasonable bar to set for privacy. Ben 11:40, 29 April 2008 (EDT)