{"id":439,"date":"2009-06-29T02:55:00","date_gmt":"2009-06-29T11:55:00","guid":{"rendered":"http:\/\/www.cloudidentity.com\/blog\/2009\/06\/30\/think-inside-the-box\/"},"modified":"2013-03-14T22:07:27","modified_gmt":"2013-03-15T07:07:27","slug":"think-inside-the-box","status":"publish","type":"post","link":"https:\/\/www.cloudidentity.com\/blog\/2009\/06\/29\/think-inside-the-box\/","title":{"rendered":"Think inside the box"},"content":{"rendered":"

\"IMG_2201_small\"<\/a> <\/p>\n

Yesterday evening I stumbled upon a curious article on an Italian online magazine, and as it became a conditioned reflex I posted it on my Facebook\u2019s wall: then i promptly forgot everything about it.<\/p>\n

This morning I stumbled upon a blog post from a good friend of mine in the identity community, who (not speaking Italian) thought that the above entry was in fact one of those very annoying fb quizzes and reposted a screenshot snippet on his blog with a humor comment on it. All normal, right? Those sound like the most unremarkable events ever reported. And yet, think for a moment: something broke, a system did fail here. My Facebook entry was set to be visible only to my fb friends & networks, while my friend\u2019s blog is available on the public Internet<\/em>. In analogy to the \u201celevation of privilege attack\u201d expression, I would say I was a victim of \u201cunintended audience enlargement\u201d attack; but then again, I should probably phrase it differently\u2026 \ud83d\ude09 Let\u2019s just say that when I use a system like Facebook I am in fact thinking inside the box<\/em>: I think in term of what Fb enforces, and confidently use the tools at my disposal with the implicit assumption that everything will comply with the Fb\u2019s laws of physics. Guess what, those laws can be eluded: you think that\u2019s air you\u2019re breathing now? You may think that placing the Bishop there will close the chess match in your favor, however your adversary may still have a move at its disposal: indeed, smashing the checkerboard with a sledgehammer is one such move. Taking a screenshot (or a picture, as the photo on the left suggests) of my fb\u2019s wall is the sledgehammer that shatters the thin porcelain between the original intended audience and the vast see of casual internet surfers. Hofstadter<\/a> (I never, never<\/em> spell it right at first attempt) makes a beautiful point about heterarchies in GEB<\/a>, but I don\u2019t want to overstate my case. My friend certainly didn\u2019t enlarge the audience of that piece on purpose, and I really really don\u2019t care if that specific entry is visible on the wild wild Internet. But it\u2019s a very good example of how *hard* is it really to manage rights and access rules on information outside a rigorously secured system. Expressing intentions is complicated: I know that Eve<\/a> is working hard on the problem, and at the last IIW<\/a> it was clear that the issue is of interest for many. Having an intuitive understanding of other\u2019s intent is complicated as well, as our little example demonstrates: misinterpreting can happen even to identity experts, and once we misunderstand, percolating to the next level in the heterarchy and violating it can be exceedingly easy. Don\u2019t get me wrong, the fact that it is complicated does not exempt us system builders from trying. The fact that many users may choose not to bother to understand and take control does not exempt us either: we should work toward reasonable defaults (good luck defining those) for the ones that can\u2019t be bothered, and empower the others to take informed decisions. First law<\/a>! You know Aenea<\/a>\u2019s leitmotif, \u201cchoose again\u201d. At least, IMO that holds for agile applications where the info you share are vacation pics and the latest phone you bought, however I do believe that for certain other applications we should be ready to kick up a notch. That means both making sure that the user appreciate the sensitivity of the information being handled (dialog: \u201cDude! That\u2019s your SSN we are talking about. Are you sure you want to print it on a tshirt?\u201d) and providing adequate measures for keeping the info within the intended audience (ie encrypt a token containing SSN with the key of its intended audience, and have the token declare the intended audience in the signed portions). That does not mean that the info cannot be improperly shared (wait a minute, with uprove it may mean exactly that! You can\u2019t share what you don\u2019t know), but that doing so requires effort: how much effort should be a function of how much you care about keeping the info inside its proper box. <\/p>\n

Oh well, 30 mins of rambling for what? In summary: we can trust each other, but that does not imply that we always understand each other\u2019s intention: the resilience of one system should a misunderstanding (or abuse) occur should be proportional to the projected cost of the consequences of such misunderstanding. The fact that in our daily experience that cost often tends to zero (as in today\u2019s example, luckily I was not saying anything exceedingly wrong\u2026) should not lull us in the conviction that it is always<\/em> zero.<\/p>\n

Woah, it was a long time I could not afford the luxury of a post deserving the tag \u201cWild Ideas\u201d, it was nice to unwind a bit. Nevermind, I\u2019ll get back to business soon enough \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"

Yesterday evening I stumbled upon a curious article on an Italian online magazine, and as it became a conditioned reflex I posted it on my Facebook\u2019s wall: then i promptly forgot everything about it. This morning I stumbled upon a blog post from a good friend of mine in the identity community, who…<\/p>\n","protected":false},"author":1,"featured_media":1421,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[9,60],"tags":[],"class_list":["post-439","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-identity","category-wild-ideas"],"_links":{"self":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/comments?post=439"}],"version-history":[{"count":2,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/439\/revisions"}],"predecessor-version":[{"id":1702,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/posts\/439\/revisions\/1702"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/media\/1421"}],"wp:attachment":[{"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/media?parent=439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/categories?post=439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudidentity.com\/blog\/wp-json\/wp\/v2\/tags?post=439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}