Re: WebID-ISSUE-24: Privacy issues from WebID URI dereferencing [WebID Spec] from Stéphane Corlosquet on 2011-02-01 (public-xg-webid@w3.org from February 2011)

From: Stéphane Corlosquet <scorlosquet@gmail.com>
Date: Tue, 1 Feb 2011 08:23:35 -0500
To: WebID Incubator Group WG <public-xg-webid@w3.org>
Message-ID: <AANLkTimqe2AE=eFvyjTSqPH171nE-8u19r3yCVw=NBdv@mail.gmail.com>

On Tue, Feb 1, 2011 at 6:27 AM, WebID Incubator Group Issue Tracker <
sysbot+tracker@w3.org <sysbot%2Btracker@w3.org>> wrote:

>
> WebID-ISSUE-24: Privacy issues from WebID URI dereferencing [WebID Spec]
>
> http://www.w3.org/2005/Incubator/webid/track/issues/24
>
> Raised by: Nathan Rixham
> On product: WebID Spec
>
> Part of the WebID protocol includes dereferencing a "WebID URI" specified
> by the identifying agent.
>
> Whilst a measure of privacy and anonymity is provided by one half of the
> protocol (the TLS side), the act of dereferencing a "WebID URI" currently
> has authority/provenance issues (as outlined in ISSUE-23) and privacy
> issues.
>
> Namely, privacy is not guaranteed, an intermediary (or a "webid/profile
> host") can detect a request from a server (say a bank, a private site, an
> adult site, a gambling site) to a users WebID URI and thus know the user has
> attempted to identify on said site.
>

So Mr. Evil runs a adult site and accesses Alice's Google WebID, and then
Google reports that Alice tried to authenticate on adult site. That's a bit
far fetched, you'd have to prove that Alice (the person) was actually
operating her browser attempting to login on the adult site. Otherwise it's
a too easy to put people in trouble.

>
> This may be something which the protocol needs to address (for instance,
> force TLS for dereferencing), or may be something that is best noted and
> addressed by specification text (note as a security consideration and give
> advice).
>

OpenID suffers from the same privacy issue. You will get the same issue
whenever you delegate your identity with some provider which you have to
trust... however, one advantage of WebID is that it is very easy to host
yourself on your own server (much easier than running your own OpenID
server), and if you're concerned about privacy issue, I would suggest to
simply use a WebID you host yourself and make nobody else can access the
logs.

This is worth noting in the spec though. I like Toby's suggestion re proxy
as well, but you have to trust the proxy.

Steph.

Received on Tuesday, 1 February 2011 13:25:32 UTC