right to be forgotten and non-repudiation

The Indieweb privacy challenge (Webmentions, silo backfeeds, and the GDPR) // Sebastian Greger by Sebastian Greger (sebastiangreger.net)

Using a social media silo backfeed in the way it is commonly implemented today may not be entirely impossible from the legal perspective, as presented in the “Rechtsbelehrung” podcast (building the argumentation on Twitter users having consented to the service’s terms on third-party data use during sign-up, informing comprehensively about it in the privacy statement, and ensuring that the implementation is 100% compliant with all applicable API, developer and service terms). Yet, as also becomes clear from the podcast, this argumentation comes with heaps of potential points of failure that could later lead to it being declared unlawful in a legal dispute (did the user really agree to this specific use in the Twitter T&Cs? were the Twitter terms really understandable enough for the user? does the backfeed solution truly adhere to every single API rule in place, e.g. almost instant deletion of mentions based on deleted Tweets?).

I have information security-related issues with the "right to be forgotten". In information security, non-repudiation is the assurance that someone cannot deny something. Systems built for non-repudiation have the ability to ensure that a party to a communication cannot deny the sending of a message that they originated. It seems to me that the "right…

Read Full Post

Webmentions and Privacy and GDPR

Photo by Dayne Topkin on Unsplash
Untitled | David Shanske by David ShanskeDavid Shanske (David Shanske)

And being as I’m as regular contributor, there are a few ideas I’ve floating that I think are a good start, and invite you to contribute more.

  • Add text to the Webmention form that explains how to use it to delete a mention. Since the form can be used without supporting webmentions on your own site, this is something that should be made clear.
  • Add Setting to not display avatar/photo
  • Add ability to edit mentions, to correct inaccurate data.
  • Add setting to store more/less data.
  • Add privacy policy to plugin for those who install it and add text/link to webmention form.
  • Explain how to request a takedown of information.
  • Periodically poll/refresh sources.
  • Allow a different level of processing for ‘native’ webmentions vs backfeed run through a service like Bridgy.

David, I think that Sebastian Greger (and perhaps some of the GDPR) is really concerned about anonymity; not privacy. But I think you have responded reasonably. I don’t think one can expect privacy when acting publicly. Imagine if newspapers had to get permission to quote something I said publicly (especially something controversial)? Or a radio…

Read Full Post