From: cvs@openprivacy.orgCVS update: openprivacy/htdocs/papers
Date: Tuesday March 6, 19101 @ 20:40
Author: fen
CVSWEB Options: -------------------
Main CVSWeb: http://openprivacy.org/cgi-bin/cvsweb/cvsweb.cgi
View this module: http://openprivacy.org/cgi-bin/cvsweb/cvsweb.cgi/openprivacy/htdocs/papers
-----------------------------------
Update of /usr/local/cvs/public/openprivacy/htdocs/papers
In directory giga:/tmp/cvs-serv14294
Modified Files:
200103-white.html
Log Message:
first draft completed (still need to spel check, add references)
*****************************************************************
File: openprivacy/htdocs/papers/200103-white.html
CVSWEB Options: -------------------
CVSWeb: Annotate this file: http://openprivacy.org/cgi-bin/cvsweb/cvsweb.cgi/openprivacy/htdocs/papers/200103-white.html?annotate=1.50
CVSWeb: View this file: http://openprivacy.org/cgi-bin/cvsweb/cvsweb.cgi/openprivacy/htdocs/papers/200103-white.html?rev=1.50&content-type=text/x-cvsweb-markup
CVSWeb: Diff to previous version: http://openprivacy.org/cgi-bin/cvsweb/cvsweb.cgi/openprivacy/htdocs/papers/200103-white.html.diff?r1=1.50&r2=1.49
-----------------------------------
Index: openprivacy/htdocs/papers/200103-white.html
This archive was generated by hypermail 2b30
: Tue Mar 06 2001 - 20:40:31 PST
diff -u openprivacy/htdocs/papers/200103-white.html:1.49 openprivacy/htdocs/papers/200103-white.html:1.50
--- openprivacy/htdocs/papers/200103-white.html:1.49 Thu Mar 1 23:10:32 2001
+++ openprivacy/htdocs/papers/200103-white.html Tue Mar 6 20:40:29 2001
@@ -9,7 +9,7 @@
</head>
<body bgcolor="#ffffff">
- <!-- $Id: 200103-white.html,v 1.49 2001/03/02 07:10:32 fen Exp $ -->
+ <!-- $Id: 200103-white.html,v 1.50 2001/03/07 04:40:29 fen Exp $ -->
<center>
<h1>OpenPrivacy - Enhancing the Internet with Reputations</h1>
@@ -112,46 +112,50 @@
power to do the right thing.
</p>
<p>
- Systems like the Anonymizer[<a href="#anon">anon</a>] and Freedom[<a
- href="#zero">zero</a>] provide the essential anonymity needed to
- protect oneself from being watched while online, but they lack a way
- to create and profit from a long-lived pseudonymous identity. In
- today's world, people want enhanced services such as personalized
- home pages, recommended reading lists and respect within their
- communities. Many systems have been created to address these
- desires, such as my.Yahoo.com, Amazon.com's book recommendations and
- Slashdot.org, but these have problems, too. A very basic issue here
- is that a person who develops a good reputation on one site cannot
- carry that reputation with them to another. A deeper issue is that
- all of your information is known by the creators of these sites and
- can be used by them at will.
+ Systems like the Anonymizer[<a href="#anon">anon</a>] and
+ Freedom[<a href="#zero">zero</a>] provide the essential anonymity
+ needed to protect oneself from being watched while online, but they
+ lack a way to create and profit from a long-lived pseudonymous
+ identity. In today's online world, people want enhanced services
+ such as personalized home pages, recommended reading lists,
+ targeted advertising and respect within their communities. Many
+ systems have been created to address these desires, such as
+ my.Yahoo.com, Amazon.com's book recommendations and Slashdot.org,
+ but these have problems, too. A very basic issue here is that a
+ person who develops a good reputation on one site cannot carry that
+ reputation with them to another. A deeper issue is that all of
+ your information is known by the creators of these sites and can be
+ used by them at will.
</p>
<p>
OpenPrivacy provides a framework for building intercommunicating
- systems that support the concept of <i>reputation</i>. Reputations,
- which can be attached to any object such as pseudonyms, purchase
- histories, physical objects (using an expanded URI namespace),
- reputation servers, and even reputations themselves, are pervasive
- and directly affect every aspect of OpenPrivacy-enabled systems.
- One example of how this framework can be used is as a customizable
- privacy-enhanced personal portal with reputation-assisted search and
- publishing features [<a href="#jets">jets</a>]. We are also
- creating reputation calculation engines that will provide work-alike
- similarity for the communities created by the likes of Slashdot and
- Advogato. Because projects such as these are built on the
- OpenPrivacy platform, not only with their users enjoy enhanced
- privacy and security from spoof attacks, but they will also be able
- to publish selected portions of their profiles for access by the
- members of these and other communities. Likewise, advertisers can
- avail themselves of targeted, high-quality profile information with
- the full cooperation and confidence of a pseudonymous user.
+ systems that support the concept of <i>reputation</i>.
+ Reputations, which can be attached to any object such as
+ pseudonyms, purchase histories, physical objects (using an expanded
+ URI namespace), reputation servers, and even reputations
+ themselves, are pervasive and directly affect every aspect of
+ OpenPrivacy-enabled systems. One example of how this framework can
+ be used is as a customizable privacy-enhanced personal portal with
+ reputation-assisted search and publishing features [<a
+ href="#jets">jets</a>]. We are also creating reputation
+ calculation engines that will provide work-alike similarity for the
+ communities created by the likes of Slashdot and Advogato. Once
+ systems such as these are built on the OpenPrivacy platform, not
+ only with their users enjoy enhanced privacy and security from
+ spoof attacks, but they will also be able to publish selected
+ portions of their profiles for access by the members of these and
+ other communities. Likewise, advertisers can avail themselves of
+ targeted, high-quality profile information with the full
+ cooperation and confidence of a pseudonymous user; conversely, the
+ user can benefit from the targeted ads and promotions that will
+ result.
</p>
<h3><a name="rms">Reputation Services</a></h3>
<p>
We introduce a set of <i>Reputation Services</i> that form the
cornerstone of the OpenPrivacy framework. These services provide a
standard reputation framework that can be used by any community,
- supporting an unlimited numbers of mechanisms to create, use and
+ supporting an unlimited number of mechanisms to create, use and
calculate results from accumulated reputation. The implementor of
these services can nest or reuse existing reputation calculation
engines or roll their own. They gain the ability to query remote
@@ -171,50 +175,51 @@
<blockquote>
<h4>Nym Service</h4>
<p>
- OpenPrivacy uses a <i>nym service</i> to to create and manage a
- set of pseudonymous virtual users - generally represented by
+ OpenPrivacy uses a <i>nym service</i> to create and manage a set
+ of pseudonymous virtual users - generally represented by
public-key pairs - that inhabit OpenPrivacy space. A primary, or
"parent" nym can be created by the nym service, and then use the
service to beget any number of child nyms which can then
recursively employ a nym service to beget grandchildren. This
creates a hierarchical nym-space in which child nyms cannot be
- linked by a third party as originating from the same parent, but a
- parent can execute a validation mechanism to create an anonymous
- certificate proving that a set of child nyms were created from the
- same parent. (And of course, the parent can do so non-anonymously
- if it so chose.)
- </p>
- <p>
- This is a key facility (pun intended) of the OpenPrivacy platform,
- as anonymity can too easily be pierced by what is known as "data
- triangulation." For example, knowing only the age, zip code, and
- the make and model of a heretofore anonymous person's car can
- narrow the population quite a bit. But if each of these data
- points were stored under a different nym, then the same data
- exists, but it is unconnected. Others can make opinions as to
- what data is connected - and gain or lose reputation according to
- the value and usefulness of their opinions - but only the owner
- can prove it. Mechanisms exist that allow for such proof to be
- tied to a single receiving party, such that further dissemination
- of the proof without permission would directly - and adversely -
- affect the reputation of the receiver.
+ linked by a third party as originating from the same parent, but
+ a parent can execute a validation mechanism to create an
+ anonymous certificate proving that a set of child nyms were
+ created from the same parent. (And of course, the parent can do
+ so non-anonymously if it so chose.)
+ </p>
+ <p>
+ This is a key facility (pun intended) of the OpenPrivacy
+ platform, as anonymity can too easily be pierced by what is known
+ as "data triangulation." For example, knowing only the age and
+ zip code of a heretofore anonymous person, plus the make and
+ model of their car, can narrow the population quite a bit.
+ However, if each of these data points were stored under a
+ different nym, then the same data exists but cannot be connected
+ to a single person. Others can make opinions as to what data is
+ connected - and gain or lose reputation according to the value
+ and usefulness of their opinions - but only the owner can prove
+ it. Mechanisms exist that allow for such proof to be tied to a
+ single receiving party, such that further dissemination of the
+ proof without permission would directly - and adversely - affect
+ the reputation of the receiver.
</p>
<h4>Bias Management</h4>
<p>
- A reputation management system may assemble a set of related
- opinions into a <i>bias</i>. Bias is maintained via additional
- RCEs (possibly object clones) with different opinion sets. When a
- nym Ji creates new Opinions and adds these to an RCE, a smart
- implementation may choose to append these to Ji's bias for later
- use by getReputation requests so that results are better tailored
- for the nym.
+ OpenPrivacy's reputation management system can assemble a set of
+ related opinions into a <i>bias</i>. Bias is maintained via
+ additional RCEs (possibly object clones) with different opinion
+ sets. When a nym Ji creates new Opinions and adds these to an
+ RCE, a smart implementation may choose to append these to Ji's
+ bias for later use by getReputation requests so that results are
+ better tailored for the nym.
</p>
<p>
Often, a bias may consist of Opinions from multiple nyms,
particularly since a parent nym may use multiple child nyms to
make successive requests. Further, a nym may want to use the bias
from someone else altogether, for it may want to benefit from the
- bias of someone it holds in high regard. Finally, a RCE itself
+ bias of someone it holds in high regard. Finally, an RCE itself
may be created with and/or develop a bias through its standard
activities. For example, it may use sophisticated collaborative
filtering techniques to develop its own opinions and associated
@@ -222,22 +227,23 @@
</p>
<h4>Reputation Calculation Engine (RCE)</h4>
<p>
- The <i>reputation calculation engine</i> is the brains of a
- reputation service, as it determines opinions on the information
- it has available. In its simplest incarnation, an RCE might do
- little more than mechanical collaborative filtering to create its
- opinions. But a sophisticated RCE has additional information at
- its disposal, such as the reputations of the various local
- opinions (and their, recursive, reputations), access to the
- opinions of other, remote RCEs, the calculated or gifted bias of
- the requester, and even hand-tweaking by its human maintainer.
- Ultimately, what form its opinions take, their quality and other
- factors are judged by its peers who may then assign it a
- reputation, and seek its advice -- or not.
+ The <i>reputation calculation engine</i> is the brains of
+ OpenPrivacy's reputation service, as it determines opinions on
+ the information it has available. In its simplest incarnation,
+ an RCE might do little more than mechanical collaborative
+ filtering to create its opinions. But a sophisticated RCE has
+ additional information at its disposal, such as the reputations
+ of the various local opinions (and their, recursive,
+ reputations), access to the opinions of other, remote RCEs, the
+ calculated or gifted bias of the requester, and even
+ hand-tweaking by its human maintainer. Ultimately, what form its
+ opinions take, their quality and other factors are judged by its
+ peers who may then assign it a reputation, and seek its advice --
+ or not.
</p>
<h4>Opinion Store</h4>
<p>
- A reputation server's <i>opinion store</i> supports the
+ The reputation server's <i>opinion store</i> supports the
putReputation() and getReputation() methods which access some form
of persistent data store. The store may be anything from simple
in-memory hash tables to a full-blown Oracle database. We include
@@ -251,20 +257,20 @@
each nexus of reputation services - generally located one to a
hardware machine - is considered to be a secure computation
environment (or "vat" [<a href="#dist">dist</a>]) with respect to
- itself. <font color=red>[present a simple proof that supports
- this claim]</font> Communications between vats are signed and
- encrypted, but also asynchronous and may be unreliable. Secure
- streams can be built, analogous to the way in which SSL is
- implemented on top of TCP, which is in turn implemented on top of
- UDP, but are not required for operation. Note that communication
- channels and communicating objects themselves can gain or lose
- reputation capital according to their reliability and speed.
- While we define the implementation of the communications mechanism
- to be outside the scope of OpenPrivacy per se, we expect that a
- secure, anonymous and uncensorable mechanism such as those that
- Freenet, Free Haven or Publius [<a href="#free">free</a>] provide
- would be best suited to the need for robust, distributed and
- private communications.
+ itself. Communications between vats are signed and encrypted,
+ but also asynchronous and may be unreliable. Secure streams can
+ be built, analogous to the way in which SSL is implemented on top
+ of TCP, which is in turn implemented on top of UDP, but are not
+ required for operation. Note that communication channels, as
+ well as the objects they transport and reference, can themselves
+ gain or lose reputation capital according to their security,
+ reliability and speed. While we leave the specifics of the
+ communications implementation as outside the scope of the
+ OpenPrivacy framework per se, we believe that a secure, anonymous
+ and uncensorable mechanism such as those that Freenet, Free Haven
+ or Publius [<a href="#free">free</a>] provide would be well
+ suited to most users' desires for robust, distributed and private
+ communications.
</p>
</blockquote>
<h3>Reference Applications</h3>
@@ -281,34 +287,36 @@
Sierra incorporates various subsystems which should be used by
most RCE implementations. It defines our Nym management system,
Store interface, Query interface and the Reputation objects which
- we use as Payload holders. Developers which wish to build RCEs or
+ we use as Payload holders. Developers that wish to build RCEs or
incorporate a Reputation Management System with their application
should evaluate Sierra.
</p>
<h4><a href="http://talon.openprivacy.org/">Talon</a>
- Reputation based Component Management System</h4>
<p>
- Talon is a flexible component system which we expect to become the
- cornerstone of all OpenPrivacy applications. Talon is simple yet
- powerful, sharing many of the characteristics of XPCOM and
- Microsoft COM [<a href="#comp">comp</a>]. However, Talon solves a
- number of problems with these existing systems and also
- incorporates Reputations (Sierra) as part of its Component factory
- mechanism. Since Talon uses RCEs to determine what components to
- return, natural selection can take hold and a Talon-based system
- can "evolve" over time to become more efficient and powerful.
- This mechanism is similar to advanced profiler technologies [<a
- href="#prof">prof</a>] but works with distributed systems.
+ Talon is a flexible component system which we expect will become
+ the cornerstone of all OpenPrivacy applications. Talon is simple
+ yet powerful, sharing many of the characteristics of XPCOM and
+ Microsoft COM [<a href="#comp">comp</a>]. However, Talon solves
+ a number of problems with these existing systems and also
+ incorporates Reputations (Sierra) as part of its Component
+ factory mechanism. Since Talon uses RCEs to determine what
+ components to return, natural selection can take hold and a
+ Talon-based system can "evolve" over time to become more
+ efficient and powerful. This mechanism is similar to advanced
+ profiler technologies [<a href="#prof">prof</a>] but works with
+ distributed systems.
</p>
<h4><a
href="http://www.openprivacy.org/projects/jetspeek.shtml">JetsPeek</a>
- A Privacy and Reputation-enhanced Internet Portal</h4>
<p>
- JetsPeek is an OpenPrivacy-enhanced personal portal builder that
- keeps a user's profile anonymous. Further, it allows for the
- attachment of Opinions to news stories (and to Opinion makers),
- which enables using reputation mechanisms to more accurately
- find and filter information.
+ JetsPeek is an OpenPrivacy-enhanced portal builder - either
+ personal or intranet - that features enhanced security as well as
+ the ability to keep a user's profile anonymous. Further, it
+ allows for the attachment of Opinions to news stories (and to
+ Opinion makers), which enables using reputation mechanisms to
+ more accurately find and filter information.
</p>
<p>
JetsPeek taps XML (RSS) channels that are published via the Open
@@ -317,56 +325,37 @@
nym-based RSS channels that may be subscribed to (and earn
reputation from) other peers on the network.
</p>
- <h4>OpenPrivacy-enabled Communities, or<br>
+ <h4>OpenPrivacy-enabled Communities, viz<br>
Slashdot Moderation for Advogato and Trust Metrics for Slashdot</h4>
<p>
-
+ An RCE can be created to emulate the reputation mechanisms and
+ trust metrics of any community and bring it the added benefits of
+ secure - and portable - reputation management. To illustrate the
+ power of this technology, we will create work-alike replacements
+ for two well-known and very different communities (currently we
+ are targeting Slashdot and Advogato [<a href="#comm">comm</a>] as
+ their open source code base will simplify the effort). We will
+ then show how reputations for one community can be migrated to
+ the other, and further, that they will be able to comingle with
+ the reputations of the JetsPeek users described above.
+ </p>
+ <p>
+ This process will highlight the <i>management</i> process of
+ reputations at several levels:
+ <ul>
+ <li>the sysadmin has the power to define the extent to which
+ sharing is permitted
+ </li>
+ <li>the profile owner specifies what parts of her profile she
+ wishes to share
+ </li>
+ <li>the reputation calculation engine, working on behalf of the
+ community or a particular user, can independently apply
+ weightings to pseudonymous profile segments
+ </li>
+ </ul>
</p>
</blockquote>
- <h3>Security, Trust, Validation and Verifiability</h3>
- <p>
- The OpenPrivacy security model is based on the user's capability to
- have control over and optionally publish their profile in chunks
- under a multitude of apparently unrelated pseudonyms. This prevents
- "data triangulation" methods used by numerous agencies and
- corporations to accurately identify a person from their activities,
- even when their name is not known. Users can create Bias objects
- that contain references to a collection of Opinions that may or may
- not all belong to themselves, and in fact the Bias itself can be
- formed under yet another pseudonym. The Sierra Reputation
- Management System transparently handles user-level nym management,
- and a well designed RMS will flag any potential data leaks as
- dangerous.
- </p>
- <p>
- We do not attempt to defeat traffic analysis mechanisms nor locality
- of reference or storage attacks. Rather, our communications are
- transport agnostic, and we expect that many users will avail
- themselves of a growing number of anonymous and censorship-resistant
- publishing mechanisms such as Freenet and Free Haven.
- </p>
- <p>
- Despite all these easily manufactured pseudonyms, the OpenPrivacy
- system encourages the use of long-lived pseudonyms for purposes of
- reputation building.
- </p>
- <p>
- </p>
- <h3>Attack Resistance</h3>
- <p>
- <ul>
- <li><b>Denial of service (DOS):</b>
- </li>
- <li><b>Spoofing:</b>
- </li>
- <li><b>Replay:</b>
- </li>
- <li><b>Flooding:</b>
- </li>
- <li><b>Shills/Slander/False claims:</b>
- </li>
- </ul>
- </p>
</blockquote>
<h2><a name="economy">OpenPrivacy Enhances The New Internet Economy</a></h2>
<blockquote>
@@ -395,18 +384,18 @@
</p>
<p>
Within the business world, the concept of profile data being
- anonymous - that is, unconnected to a person's name, address and
- other identifying means - strikes fear into the hearts of marketers,
- for while they could mine the data for concordances of interest,
- their present belief is that they would not be able to contact the
- market segments so identified.
+ anonymous - that is, not connected to a person's name, address and
+ other identifying means - strikes fear into the hearts of
+ marketers, for while they could mine the data for concordances of
+ interest, their present belief is that they would not be able to
+ contact the market segments so identified.
</p>
<p>
The OpenPrivacy platform enables a user to wear a cloak of anonymity
while divulging information useful to others - and by extension to
oneself - without losing their anonymity. She can participate in
communities, browse personalized retail catalogs, and be marketed to
- more accurately by advertisers safely.
+ more accurately and safely by advertisers.
</p>
<h3>Trust</h3>
<p>
@@ -428,19 +417,99 @@
</p>
<h3>Pseudonymity and Reputations</h3>
<p>
- <font color=red>[we will provide
- consumers with the privacy they desire while increasing the amount
- and quality of information available for data mining and direct
- marketing purposes. - address all three issues above...]</font>
-
+ The OpenPrivacy security model is based on the user's ability to
+ have control over their profile, and optionally publish chunks of
+ said profile, under a multitude of apparently unrelated pseudonyms.
+ This precludes the "data triangulation" methods used by numerous
+ agencies and corporations to accurately identify a person from
+ their activities, even when their name is not known. Further,
+ users can create Bias objects - useful for the personalization of
+ e.g. search results - that contain references to a collection of
+ Opinions that may or may not all belong to them. In fact, each
+ Bias can be formed under yet another pseudonym. Finally, the
+ Reputation Management System transparently handles nym management
+ and can additionally support the ability to flag any potential data
+ leaks believed to be dangerous to one's privacy prior to the
+ publication process.
</p>
+ <p>
+ Despite all these easily manufactured pseudonyms, the OpenPrivacy
+ system encourages the use of long-lived pseudonyms for purposes of
+ reputation creation and accrual, a key factor in any functional
+ community. Pseudonyms that have accrued valuable <i>reputation
+ capital</i> can provide a solid basis for accurate,
+ privacy-protected data mining. These pseudonyms can bestow their
+ reputation upon a new pseudonym to allow for direct marketing, and
+ later destroy that pseudonym to securely opt out of future unwanted
+ campaigns. This yields a three-way win: consumers are happy
+ because they maintain their privacy, control their information, and
+ receive <i>en point</i> advertising and promotions; advertisers are
+ happy because they can reach highly accurate market segments with
+ greater ease and at a lower cost; and a new breed of
+ <i>infomediaries</i> can reap great benefits by freely data mining
+ pseudonymous information, representing profile and demographic
+ segments to advertisers and providing consumers with enhanced
+ personalized services.
+ </p>
<h3>The Value of Information [Quality]</h3>
+ <p>
+ Information has been called the currency of the new economy, but
+ what is information really worth? Here's a quote from Bruce
+ Sterling talking about this way back in 1992:
+ </p>
+ <blockquote>
+ <font color=green>
+ [get correct Bruce Sterling quote from broadcatch site]
+ </font>
+ What's information really worth? Pretty soon you'll be able to
+ carry the Library of Congress around in your pocket. Are you going
+ to read the library of congress? Is that really valuable to you?
+ No, what's really valuable - what's in short supply - is your
+ attention. So the true value is in the signposts that direct your
+ attention to what you want to see when you want to see it. [<a
+ href="#ster">ster</a>]
+ </blockquote>
<p>
-
+ The OpenPrivacy framework creates value by enabling the attachment
+ of opinions to information. Reputation calculation mechanisms -
+ using bias metrics - then use these opinions to formulate
+ subjective judgements as to the quality of that information. Further,
+ OpenPrivacy enables a new service-based economy of information
+ hunters, gatherers and filters, all adding value to their specific
+ domains by attaching their opinions and simultaneously gaining
+ reputation capital as they do so.
</p>
<h3>An Agoric, Reputation-based Marketplace [Capitalism]</h3>
<p>
-
+ As OpenPrivacy opinion stores and reputation calculation engines
+ populate the online world, a natural economy is created, built upon
+ the enhanced access to services enabled by the associated
+ reputation mechanisms. Advertising will be much more focused,
+ personalization will be more accurate and an agoric, service-based
+ economy providing these services will thrive. There is no need for
+ digital cash mechanisms to exist to bootstrap this processes; the
+ trade in information services might resemble barter. However, when
+ used in conjuction with large, legacy databases such as those used
+ by retail, credit or financial institutions, the power of
+ reputations to help direct producers and consumers first to the
+ appropriate marketplace and then to the specific goods and services
+ desired grows exponentially.
+ </p>
+ <h3>Validation and Verifiability</h2>
+ <p>
+ OpenPrivacy supports the ability to validate groups of pseudonyms
+ as being part of a collection. This is particularly useful when a
+ nym wants to prove that several heretofore disparate profile
+ fragments all derive from the same person. Further, when
+ associated with a retail company, bank or credit institution,
+ variants of the blind signature mechanism can be used to verify the
+ credit-worthiness or purchase history of a person's pseudonym
+ without divulging the identity of the owner.
+ </p>
+ <p>
+ There are countless applications for these capabilities when
+ combined with marketing interests and community accountability.
+ These will be discussed in detail in a future paper.
</p>
<h3>Efficiency Via Chaos and Bias</h3>
<p>
@@ -455,20 +524,38 @@
set of what they would like to see as results.
</p>
<p>
- OpenPrivacy thrives in this multitude of opinion, this diversity
- of thought, for though we are all different, there are certain
- areas that two very different people may align with. For example,
- suppose person A reads the New York Times every day and finds an
- average of four articles that A considers tops - well worth the
- cost of the paper and her time to find them. Now consider that
- there probably exists a person B who finds the same four articles
- to be indispensable. The safe, secure, pseudonymous publishing
- environment of OpenPrivacy, along with the agoric marketplace of a
- million infomediaries looking for valuable concordances, make it
- possible for these two people to virtually meet. Further, A may
- strike a deal with B to provide her with the editorial filtering
- process, saving A time and aiding B at least in reputation if not
- also financially.
+ OpenPrivacy thrives in this multitude of opinion, this diversity of
+ thought, for though we are all different, there are certain areas
+ in which two very different people may see eye to eye. For
+ example, suppose person A reads the New York Times every day and
+ finds an average of four articles that A considers tops - well
+ worth the cost of the paper and her time to find them. Now
+ consider that there probably exists a person B who finds the same
+ four articles to be indispensable. The safe, secure, pseudonymous
+ publishing environment of OpenPrivacy, along with the agoric
+ marketplace of a million infomediaries looking for valuable
+ concordances, make it possible for these two people to virtually
+ meet. Further, A may strike a deal with B to provide her with the
+ editorial filtering process, saving A time and aiding B at least in
+ reputation if not also financially.
+ </p>
+ <h3>Security and Attack Resistance</h3>
+ <p>
+ OpenPrivacy does not attempt to defeat traffic analysis mechanisms
+ nor locality of reference or storage attacks. Rather, our
+ communications are transport agnostic, and we expect that many
+ users and implementors will avail themselves of a growing number of
+ anonymous and censorship-resistant publishing mechanisms such as
+ Freenet and Free Haven.
+ </p>
+ <p>
+ A rigorous treatment of attack resistance that takes into account
+ attacks such as denial of service (DOS), spoofing, replay,
+ flooding, shills/slander and false claims is still being refined.
+ However, our secure design strategy and capability-based
+ implementation prevents these types of attacks from wreaking the
+ havoc they can bestow upon other, less secure communications
+ mechanisms.
</p>
</blockquote>
<h2><a name="references">References</a></h2>
@@ -530,7 +617,7 @@
opinions that represent the views of a single principal. Biases
may be divided by area or type of reference (such as groups of
political or demographically descriptive opinions). A RCE uses
- one or more Bias collections in the couse of its calculations.
+ one or more Bias collections in the course of its calculations.
</li>
</p>
<p>
@@ -543,10 +630,12 @@
</li>
</p>
<p>
- <li><b>Profile:</b> A collection of pseudonymous opinions (also in a
- bias-like structure) that an entity claims that it can prove
+ <li><b>Profile:</b> A collection of pseudonymous opinions (also in
+ a bias-like structure) that an entity claims that it can prove
belong to a single (parent) entity. (The proof itself is called
- <i>validation</i>.)
+ <i>validation</i>.) Finally, as a profile may be a singular
+ object indistinguishable from a Reputation, the terms can be used
+ interchangably - the difference is often a matter of semantics.
</li>
</p>
</ul>
@@ -554,8 +643,15 @@
<blockquote>
<dl>
<dt><a name="anon">[<b>anon</b>]</a> The Anonymizer
- <<a href="http://www.anonymizer.com/"
+ <<a href="http://www.anonymizer.com /"
target="_new">http://www.anonymizer.com>>
+ <dt><a name="comm">[<b>comm</b>]</a> Communities; see e.g.:
+ <dd><li>Advogato
+ <<a href="http://www.advogato.org/">www.advogato.org</a>>
+ </dd>
+ <dd><li>Slashdot
+ <<a href="http://www.slashdot.org/">www.slashdot.org</a>>
+ </dd>
<dt><a name="comp">[<b>comp</b>]</a> Component systems; see e.g.:
<dd><li>XPCOM
<<a href="http://www.mozilla.org/projects/xpcom/"
@@ -591,6 +687,7 @@
<<a href="http://java.sun.com/products/hotspot/"
target="_new">http://java.sun.com/products/hotspot>>
</dd>
+ <dt><a name="ster">[<b>ster</b>]</a> Bruce Sterling....
<dt><a name="tmay">[<b>tmay</b>]</a> Tim May used the term
"reputation capital" in a 1994 cypherpunk paper
<dd><i>Crypto Anarchy and Virtual Communities</i>