Question about capabilities

Hello,

On the Solid forum, https://forum.solidproject.org/t/wac-vs-object-capabilities/3114/8, @happybeing made the point that SAFE uses capabilities to control who has access to the data.

I don’t know much about any of this, but from the general direction of the discussion, and other discussions on solid before that, I have some concerns about connex aspects of this.

On a separate topic, https://forum.solidproject.org/t/users-should-not-sign-documents/3115/5, I explained how signing capabilities could lead to a much worse situation with respect to harassment.

Does this apply to SAFE? Or does it take measures so that the scenario I describe cannot happen?

5 Likes

“Of course, she could unlink her signing key from her profile, but then she loses all other relations based on that public key. Will she choose to do that?“

First off, in the SAFE network this kind of stuff will be abstracted away in the UI by design. I don’t think the average Alice or Bob will even know what a signing key is let alone waste their time trying to explain to others that it’s mathematical proof that Bob had a photo of Alice that Alice did in fact share with Bob. Alice would have to have the foresight to accept or not accept the risk of sharing the photo with Bob if it would affect her socially if exposed in the first place.

More direct to your question. I may need correction here but I believe this is how it works. In SAFE there is your main account (your passphrase and password that you self-authenticate to the network with) which will have the ability to create and manage as many keys as you like, in the form of SAFE ID’s. SAFE ID’s are like sub accounts in that sense, though no one interacting with them will ever really think of them that way. You can create as many as you like and the SAFE ID is like a profile card allowing you to describe yourself and it holds your contact methods within SAFE, almost like a little digital LinkeIn business card if you like. These SAFE ID’s could just be aliases or you could be who you say you are. You also have the ability to interact anonymously within SAFE.

Each SAFE ID is able to manage permissions of any number of files with any number of other SAFE ID’s. So like you suggest in your post you can share, set time sensitive access, revoke, etc.

If you delete a particular SAFE ID I’m not sure exactly what that would mean for all the permissions of the data it shared. I’m not certain if it just means you lose the ability to manage permissions on previously posted data (other users permanently keep the persimmons you had set), or all the data permissions associated with it are revoked, or if you would be prompted to choose from those options.

But whatever can be shared can be screen captured, downloaded, photographed, you get my point. That is simply just an unavoidable fact. Some people know this and some don’t but if you share something sensitive or share something with someone sensitive then half the damage is done. You can revoke access in the hopes they were already honest and respectable but you just don’t know and so you take that into account going into it. If this person was too lazy to screen shot, etc then they are probably too lazy to go way beyond the user interface into the workings of the network to prove something. This kind of situation is a gamble for Alice and most likely not 100% solvable.

5 Likes

I would correct here a nitpick, actually you only have the ability to interact anonymously in SAFE, but you can of course forsake it if you want it.
Just like using TOR, it is anonymous by default by design, but if you really want to sign up with your real name in a hidden service forum, it is up to you.

3 Likes

I think the average Alice and Bob know that a screenshot of a tweet can easily be faked, but things that go on archive.org tend to be harder.

This is a huge problem. The news is filled with problems like this. For instance: https://www.nytimes.com/2020/04/26/world/middleeast/gay-morocco-outing.html Now imagine that all the information of all gays in the country were public and immutable. There would be way more than “dozens” of victims.

The answer cannot be that gays should stop dating. The technological part of the answer is that the people should be able to delete the data about them.

Is there a way to link them together and unlink them at will, or is it sign / revocation?

1 Like

Excellent and welcome nitpick.

1 Like

Not sure I follow. Like @piluso had corrected me, in SAFE you are anonymous by default but you can make your persona whatever you want with a SAFE ID. All your different SAFE ID’s are managed under your SAFE account (which isn’t in any way identifying or public facing whatsoever). So the SAFE ID’s are linked to your SAFE account in the sense of it has the ability to create and manage as many identities as you like.

As far as the rest, it’s very political and technology is just a tool not a policy. I get your point though that these technological tools should enhance our freedom, not damn it. I believe the SAFEnetwork will enhance our freedom in many ways. These people you speak of can communicate freely, anonymously, encrypted. But all of this only goes far. There is a proverbial schism between our digital and physical worlds.
Someone can chat encrypted, and even anonymously, but if they send a compromising picture, then if the other end has malicious intent, then game over no matter what. Again, this becomes more of a political issue.

1 Like

from my understanding, and this can be outdated, private data could be deleted or unlinked, but if you publish it as “public” it becomes permanent and it becomes undeletable.
So if you privately shared an intimate pic with Bob, you could easily unshare it and Bob wouldn’t have access to it anymore.

3 Likes

Yes, but once you start sharing serious data with others you are not anonymous anymore. So anonymity does not matter much in my opinion.

So when a court orders the picture be taken down, technology will not interfere? I have doubts ^^ Anyway, I have a specific topic for this: https://forum.solidproject.org/t/we-need-a-read-write-web/3119

You will probably have plausible deniability as there is no way to actually prove you are who you claim you are. Anyone can be behind an alias, and IP addresses are not even used in routing.
There is no way of geolocating anyone.

1 Like

Right, but there is a way to prove correlations between actions by the user ID. This is how the attack on the dating app works: you correlate the information you get (where the person lives, the age, photos and everything) until a point where you can identify the person. Even if there are no names, dating is an activity that requires sharing a lot of personal details to strangers.

You are quite fixated with an dating app, hah.
Of course there is no way of keeping yourself anonymous if you going to meet them in person, do you think an app could fix meeting someone in person?

1 Like

Yes, I do. Many people use such kinds of apps to meet each other, and I believe an app that deletes data fixes it with less risks than an app that keeps all the data with a provable authenticity forever :wink:

As I said, if the app treats all data among its users as private, you could unshare your content with a person, and technically since all your chats with such a person are your data, everything you shared in text, pics or any other data, in a practical sense would simply vanish from his/her/its end.
Now, how much personal information you revealed prior to the unsharing would stay in his/her/its brain.

If you are looking for an app for that, then you’d need this:

And that’s beyond the scope of any platform.

2 Likes

I am glad that the private data works that way.

As for already published data, I don’t think the answer can be an app, but I still have a couple ideas: https://forum.solidproject.org/t/we-need-a-read-write-web/3119

“We are masters of the unsaid words, but slaves of those we let slip out.” - Winston Churchill

This was true before the internet, it is true in today’s internet and the Safe Network is simply owning to its fact by formalizing it on the design of a immutable persistent network.

Also, there is a historical value of offering appended edits, instead of deleting previous versions. If you want to correct something, you can simply append an edit in a new version.
But if you want to lie about something, or backdating a prediction, you should be exposed.
Also allowing the network to be archiving the whole history of the published works is an important value not only for scholars in posterity, but as a fact checking tool.

Having the Internet Archive embedded in the next internet would be of immense value.

2 Likes

It is difficult to reason about the internet as an invention.

I think the world it goes with changed deeper than that. It is comparable to the printing press. Before the printing press, we could certainly have found nobles saying that storing data would be useless, because it would require a whole life to write anything of value, and besides the only knowledge worth storing is the bible. Then, the data started to accumulate (very slowly, but still we got newspapers and books). It was read-only data, of course, because only the public figures could afford to be recorded or printed, but everyone ended up being able to read.

With the internet came the possibility for everyone to write data. I think Churchill would not believe it if we told him that thousands of people (the average type, not public figures) could be simultaneously discussing a common thing from all over the world without the approval or even the knowledge of any public figure. The rise of the voice of non-public figures is I think something new. It has special needs, like communicating sensible information to almost complete strangers. There was an episode of Last Week Tonight some years ago, https://www.youtube.com/watch?v=XEVlyP4_11M, with an interview of Edward Snowden in it. The problem was the citizens continued to share intimate data, despite the widespread knowledge that the NSA was and still is doing something wrong with that. I think this habit will never be stopped, and the laws are slowly coming in order to acknowledge that.

You could just make heavy use of time sensitive sharing (think snapchat), and/or revocation. If this is a dating app for an everyday user then the UI should just be simple and this can all be achieved on the backend with the users having a high level of protection. As for what info you share with someone or them seeing your face or physically collecting info or evidence, I just don’t think it can be ENTIRELY circumvented. SAFE enables a great deal of this from a deep level and is honestly probably the best environment for this type of app.

1 Like