The Personal Identity Server
Your identity is too important to be owned by any one company.
Your friends are too important to be owned by any one company.
The Case
If you are a digital consumer probably you are not so worried if your online habits goes for analysis to service providers like Google, Twitter, Facebook — to anyone who offers you a good tool in exchange of your identity information.
Even if there are shocking examples on how one’s online identity is transparent to the large public, to any user of the internet.
Even if you don’t realize consuming today — sharing — is producing identity information about yourself, it is building your very valuable digital footprint.
You think you are protected by anonymity which is an illusion. Google who knows you online doesn’t really knows who you are in real life but Facebook does both. Your internet service provider even knows more. And all these information can be collected in one place when necessary, or when an authority considers to do it.
Okay, you consider there is nothing to hide. Yet.
If you watch current trends you see the next web is about knowledge, more about what you know and what you think. Not just about plain information and simple sharing. It is about finishing uploading yourself to the net and creating your online alter ego. Putting together all pieces of information currently hosted by several independent services into one digitally living entity.
It is about becoming fully transparent on the net.
The one who names you controls you. In turn, what you are capable to name it becomes yours, will belong to you.
The question is you want to be controlled or you want to be in control? The only difference between is a little bit attention, self-control, directed interaction with the digital.
And yes, a yet missing proper tool to help you.
A Proposal
The best things in life are driven by secrets. Without secrets there is no discovery, motivation, possibility. Life experience is about to realise what makes you and what makes others, the world around you. Evolution is about to find, open and enjoy as many channels as possible inside you.
Once you’ve become fully transparent to others you’ll got the feeling of being watched, used. Your experiment won’t be fully hearted, completely clear, simply enjoyable without hidden concerns. You won’t be safe.
The Personal Identity Server
Who do you fully trust? In what you really trust? Who can keep best a secret?
Only you do.
So keep the secret of your online identity strictly personal. Manage your digital ego independently. Take fully what the digital universe offers but play with it, don’t take it straight.
- Distribute yourself across many hosts, make your identity redundant. Do not offer a single point of failure, or a single point of control.
- Make sure even if the chunks of information giving your identity are put together they cannot give the big picture.
- Serve others only with chunks of identities not with a single universal identity.
- Don’t stick forever to your online identities. They are not making you, you are making them. Change them, forget them, create new ones for new occasions.
It is about a peer-to-peer network of hosting identity chunks in an encrypted format. There is no centralized server or service provider. You host many but unknown identity chunks and others are hosting some of your identities. Untraceable and not decryptable.
Login to different services with different identities. Use as many browsers as possible each for a special purpose. Separate your online activities to different locations. In the office work only with your professional identities, when having fun at home use others. Do not mix them.
Be aware of the connection points where digital meets the real. Your mobile operator or internet service provider knows who pays the bills, and also knows your online activity history.
It’s not about being paranoiac it is about paying attention and dealing with the consequences. Comfort is dangerous eliminates the game, it makes you become the game of others. Renounce to some services, do not make your online activities and presence ubiquitous.
Try to learn separating things for your own benefit.
[UPDATE] Bruce Schneier thoughts about privacy in 2006.
[UPDATE] A Slashdot take on privacy.
To Google, you are the product. They are selling advertising. More specifically, they are selling your attention to marketers. Giving you privacy is contradictory to the entire purpose of their existence. They give you nice, fast, free stuff to keep you hooked in to their services and to keep collecting more data so that they can sell more advertising.
There is no privacy using Google services. There never will be. They will keep encroaching into your private info as far as you let them.
Spread the confusion by always killing your cookies and use different browsers.
http://ask.slashdot.org/comments.pl?sid=1476918&cid=30425542
1) Use different browser profiles for different web applications.
If you start firefox with these options: -no-remote -ProfileManager it will allow you to run multiple copies simultaneously, each with a separate profile (different set of cookies, different set of plugins, different skins, different bookmarks, different histories, etc).
I create a specific profile for each major web app – I have one for IMDB, one for google searches, one for google mail, one for google voice, etc. And one for generic browsing.
Each profile has a couple of add-ons:
Adblock Plus [mozilla.org] – general catch-all to block things like doubleclick and the million other trackers
CookieSafe Lite [mozilla.org] – for fine-grained control of what sites can set cookies
NoScript [mozilla.org] – for fine-grained control of what sites can use javascript and flash
Redirect Cleaner [mozilla.org] – for removing those “bounce links” that a lot of sites use to track you when you follow a URL off their site, with the cleaner you go directly to the destination URL
RefControl [mozilla.org] – for clearing out or rewriting the referrer URL – prevents sites from knowing where you came from when you clicked a URL to their site, sometimes helpful in accessing poorly ‘restricted’ content
Targetted Advertising Cookie Opt-Out [mozilla.org] – sets special cookies that sites may choose to obey to say “don’t profile me” since these TACOs are not unique-per-user, I figure it can’t hurt although it probably doesn’t do anything
User Agent Switcher [mozilla.org] – Lets your browser identify itself as a different browser – this is very important
Ghostery [mozilla.org] – Informational Only – tells you what tracking sites may be tracking you on any given page (does not block them, and you get false alarms on sites where NoScript blocks javascript, but it is still good for situational awareness)
Better Privacy [mozilla.org] – Blocks new stealth “super cookies” in Flash and DOM Storage Objects. VERY IMPORTANTUsing the above plugins, I do the following in each profile:
1) Set NoScript to only allow javascript from the one website the profile is intended for – and block flash as much as possible regardless due to cross-profile flash cookies
2) Set CookieSafe that same way and then only for per-session cookies
3) Block and/or auto-delete Flash and DOM Storage cookies with Better Privacy – note flash cookies tend to be shared across all profiles because they go in a folder under “Documents & Settings” on MS Windows and ~/.macromedia/ on Linux. I am still looking at ways to force each profile to use a different directory for flash cookies – until then, block flash as much as possible and auto-delete cookies frequently
4) Set the User Agent to be different in each profile – this gives the appearance of multiple users behind a firewall which is key
5) Load a different theme or skin for each profile to make it easy to visually distinguish between windows so you don’t accidentally start browsing the web from your gmail window or vice-versaAll that is a little bit of a pain to set up, an hour or two total. But once in place, I think it is a reasonable compromise for reducing the risk of having your personally identifiable information gleaned in services like Google Mail from being automatically cross-referenced with your browsing habits. I am considering taking it a step further with FoxyProxy [mozilla.org] configurations to use TOR [wikipedia.org] for searches and other low-bandwidth actions that might further reduce centralized tracking of web usage without running everything through TOR.
