Re: [GNU/consensus] [RFC][SH] User Data Manifesto

[Christian Grothoff]

Dear Hellekin,

My vision differs somewhat from yours, as I believe what you propose
cannot be strictly enforced on a technical level and thus results in
making promises to the user that cannot be kept.  How about this:


1. Control Sharing
You will control the set of users to which the software will make your
data available to.  Different information can be made accessible to
different audiences. This even includes the fact that you're using the
network in the first place.

2. Be Honest about Technical Limitations
Once your data has been made available to others, we will be honest in
the documentation and admit that the specified recipients can then
pretty much do with it as they please with your information. User
interfaces will not attempt to fool you with 'expiration' or similar
misleading options. Advisory options (requested expiration, requested
restrictions on circulation, requested licensing conditions) which rely
on the goodwill of other users will be strictly marked as such.

3. Enable Attribution
If applicable, the we will try to make it convenient to preserve
attributions (i.e. authorship) and licensing information, especially
when forwarding data beyond the initial target group. Still, we will not
claim that this will stop violations of the licensing terms or plagiarism.

4. Your Data Stays with You
Your data will be primarily stored on your system.  Only the data you
explicitly choose to share with others will be made available to those
other individuals.  Third parties may help with the transmission
process, but we will use the strongest cryptographic protections
available to ensure that those parties will learn as little as
practically possible about your data.  However, depending on the
application, they may still learn something about the message (such as
an approximation of its size and the communicating parties). We will not
make any promises about your data remaining available once the primary
copy on your system(s) becomes unavailable.


I realize this is a totally different approach, but I personally would
neither want to promise something that software alone cannot ensure nor
rely on other participants to behave lawfully or ethically.

Happy hacking!

Christian


On 01/01/2013 01:17 AM, hellekin (GNU Consensus) wrote:
> http://userdatamanifesto.org/ proposes 8 points "defining basic rights
> for people to control their own data in the internet age"
> 
> I'd like to reach consensus on officially supporting this manifesto:
> 
> ==
> hk
> 
> 1. Own the data
> The data that someone directly or indirectly creates belongs to the
> person who created it.
> 
> 2. Know where the data is stored
> Everybody should be able to know: where their personal data is
> physically stored, how long, on which server, in what country, and what
> laws apply.
> 
> 3. Choose the storage location
> Everybody should always be able to migrate their personal data to a
> different provider, server or their own machine at any time without
> being locked in to a specific vendor.
> 
> 4. Control access
> Everybody should be able to know, choose and control who has access to
> their own data to see or modify it.
> 
> 5. Choose the conditions
> If someone chooses to share their own data, then the owner of the data
> selects the sharing license and conditions.
> 
> 6. Invulnerability of data
> Everybody should be able to protect their own data against surveillance
> and to federate their own data for backups to prevent data loss or for
> any other reason.
> 
> 7. Use it optimally
> Everybody should be able to access and use their own data at all times
> with any device they choose and in the most convenient and easiest way
> for them.
> 
> 8. Server software transparency
> Server software should be free and open source software so that the
> source code of the software can be inspected to confirm that it works as
> specified.

signature.asc
Description: OpenPGP digital signature