Add Privacy Considerations section on "phone home". #349
Conversation
index.html
Outdated
| <a>issuer</a> about a specific <a>verifiable credential</a>. This | ||
| practice is known as "phoning home" and can result in a mismatch | ||
| in privacy expectations between <a>holders</a>, <a>issuers</a>, | ||
| <a>verifiers</a>, etc., as it allows <a>issuers</a> to correlate |
There was a problem hiding this comment.
| <a>verifiers</a>, etc., as it allows <a>issuers</a> to correlate | |
| and <a>verifiers</a> as it allows <a>issuers</a> to correlate |
There was a problem hiding this comment.
I went with etc. because I didn't want to explicitly list subjects, who are invisible/silent participants, and there may be other such, beyond the trinity of Issuer, Holder, Verifier.
Replacing etc. with and removes subjects and any other non-trinity participants in the ecosystem from privacy consideration.
index.html
Outdated
| practice is known as "phoning home" and can result in a mismatch | ||
| in privacy expectations between <a>holders</a>, <a>issuers</a>, | ||
| <a>verifiers</a>, etc., as it allows <a>issuers</a> to correlate | ||
| <a>holders</a> with <a>verifiable credentials</a> without their |
There was a problem hiding this comment.
| <a>holders</a> with <a>verifiable credentials</a> without their | |
| <a>holders</a> with <a>verifiable presentations</a> to <verifiers</a> without their |
There was a problem hiding this comment.
I don't think correlate <a>holders</a> with <a>verifiable presentations</a> to <verifiers</a> is accurate, because the issuer can't correlate verifiable presentations at all, because — even though the verifier only receives verifiable presentations of verifiable credentials — the issuer should never receive any verifiable presentation identifiers, only verifiable credential identifiers.
index.html
Outdated
| <p> | ||
| Sometimes an <a>issuer</a> can be contacted to get status information in | ||
| a privacy-respecting manner, such as through a status list that provides | ||
| herd privacy. This is ok as long as the <a>issuer</a> is not able to |
There was a problem hiding this comment.
My understanding is that the term "herd" is to be avoided now to be replaced by "crowd" or "group". I'm not sure which we'd prefer.
| herd privacy. This is ok as long as the <a>issuer</a> is not able to | |
| group privacy. This is ok as long as the <a>issuer</a> is not able to |
Co-authored-by: Ted Thibodeau Jr <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]> Co-authored-by: Dave Longley <[email protected]>
msporny
force-pushed
the
msporny-avoid-phone-home
branch
from
5e57876
to
cacbfde
Compare
Co-authored-by: David Chadwick <[email protected]>
Co-authored-by: Ted Thibodeau Jr <[email protected]>
This pull request is an attempt to address issue #186 by adding a Privacy Considerations section on avoiding "phoning home".
Preview | Diff