Pascal Van Hecke – Daily Links

"The developers behind the OAuth protocol have developed a new variant called OAuth WRAP that is simpler and easier to implement. It's a stop-gap solution that will enable broader OAuth adoption while OAuth 2.0, the next generation of the specification, is devised by a working group that is collaborating through the Internet Engineering Task Force (IETF)."

Quick intro to Oauth + differences with Oauth WRAP (OAuth Web Resource Authorization Protocol):
- simplified variant
- communication takes place of SSL (mandatory!)
- tokens in OAuth WRAP are short lived and can represent claims issued by an authorization server

Twitter still shows the username/password antipattern, yet they deserve praise for asking to make you findable via emailaddress (they are probably aware that lots of users use the service in a pseudonymously!):
"In order to be discovered by contacts, users must opt-in to the service, meaning they must explicitly choose to make their Twitter username findable via their contact information (otherwise we anonymize the username, as shown above.) "

"reveals cross-connections between conversations on Twitter [...] earch for usernames or topics, which are tracked through time and visualized much like the way a particle collider draws pictures of subatomic matter"
Nice visualisation, not useful at all however

"Er bestaat onder consumenten en bedrijfsleven een behoefte aan een hoogwaardige B2C identity oplossing met een laag trustniveau. OpenID.nl+ is een initiatief van ECP-EPN waarin potentiële Identity Providers (IdP’s) en Relying Parties (RP’s) samenwerken om dit in Nederland van de grond te krijgen"
Grote IdP's en RP's gaan in Nederland samenwerken om "kwaliteitsgaranties" af te spreken over de data die via Attribute Exchange wordt uitgewisseld:
"- gegevens die de consument vanaf een andere website kan importeren vaak op echtheid gecheckt en krijgt de website dus bijvoorbeeld het correcte mobiele nummer of juiste adresgegevens binnen
- Ook voor de bedrijven die meedoen aan OpenID+ is vertrouwen belangrijk: een webwinkel die meedoet aan het OpenID+ netwerk zal geen rare dingen doen met de gegevens die het krijgt van de bijvoorbeeld hyves, anders volgen er sancties. Daarom is de Hyves dan ook bereid de webwinkel hoogwaardige informatie te leveren."

Some thoughts of Andy Oram on the concept of VRM:

- Success requires making both sides happy: VRM advocates have to offer juicy carrots to both customers and vendors.
- It really is all about the data: Many customers are already sitting ducks for phishing and other social engineering attacks. VRM that moves too fast and gets too far ahead of the users can lead them to make decisions they'll regret later.
- Where to start VRM: there are no real VRM systems yet, although a few progressive web sites demonstrate bits and pieces of that approach

On Paul Ohm's work on de-anonymisation:

"Here is Ohm's nightmare scenario: "For almost every person on earth, there is at least one fact about them stored in a computer database that an adversary could use to blackmail, discriminate against, harass, or steal the identity of him or her. I mean more than mere embarrassment or inconvenience; I mean legally cognizable harm. Perhaps it is a fact about past conduct, health, or family shame. For almost every one of us, then, we can assume a hypothetical 'database of ruin,' the one containing this fact but until now splintered across dozens of databases on computers around the world, and thus disconnected from our identity. Reidentification has formed the database of ruin and given access to it to our worst enemies.""

Andy Oram trying to discuss all aspects of online/digital identity in a series of 8 articles published in december 2009
# Introduction
# Your identity in real life: what people know
# Your identity online: getting down to basics
# Your identity to advertisers: it's not all about you
# What you say about yourself, or selves
# Forged identities and non-identities
# Group identities and social network identities
# Conclusion: identity narratives

The story of how members of the Coworking Google Group pulled together to get some 6000 dollar to buy the coworking.com domain name.

Art project in Berlin: @tweetleak prints tweets from people as stickers to show how public your tweets are:
"Tweetleak, a monolithic anthracithe-colored pole, which is placed in a public place, aggregates tweets from nearby and "materializes" them. The collected fragments from people's lives on the web leave the digital public space on adhesive paper strips. being taken away by other individuals, they are distributed in physical space, eventually being placed in another context in another environment.

After a tweet has been printed out the author is notified. There is also a notification via twitter when the printed tweet has been taken away. The loss of control over one's data is illustrated: after a short period of time, the user won't be able to track his tweet. "

NAI is a consortium of advertising networks, Google, Microsoft and Yahoo being the most important.
This page pulls in code from all of these networks to check whether you have their cookie, whether you have opted-out and if you haven't, gives you the opportunity to do so.
Its aim is to promote the idea of opt-out when it comes to behavioural targeting.

Google translate buttons for websites, and, more importantly, bookmarklets for 1-click translations to every language available.

And yet again: "private by default, public by choice". EFF now on Google Buzz:

"While this may help Buzz grow and save users the time to type in all their contacts, it also has an inherent danger of inadvertent disclosure of private information. Google could significantly reduce this problem simply by making the list private by default, so users could opt-in after reviewing the suggested list. "

"PseudoID is a privacy enhancement for federated login systems that is backward-compatible with OpenID. PseudoID is designed to protect users from disclosre of private login data held by federated identity providers. It is based on a cryptographic tool called a blind signature, which are used in a manner similar to David Chaum's classic untracable payment scheme. PseudoID was designed and developed by Arkajit Dey and Stephen Weis."

In februari 2009, Viviane Reding brought together a number of social networking providers, that resulted in a form of selfregulation: a declaration with a number of safer social networking principles the SNSes said they were going to stick to.
Now, after a year, the commission has published a report with an evaluation on how every signatory has implemented these principles.

Entrepreneurial/marketing lessons for engineers/people with a European mindset. By Filip Tack, Nomadesk:
- Quality is secondary (time-to-market, early feedback and marketing are more important)
- Innovating is not banking, don’t hedge your bets (if you try to please everyone, you won't please anyone)
- Remain cautiously opportunistic (don't get entrenched in your original product vision)