On our journey to deprecate the password: Public Implementation Draft of FIDO2 Client to Authenticator Protocol (CTAP) specification

FIDO logoI’m pleased to report that a public Implementation Draft of the FIDO2 Client to Authenticator Protocol (CTAP) specification has been published. This specification enables FIDO2 clients, such as browsers implementing the W3C Web Authentication (WebAuthn) specification, to perform authentication using pairwise public/private key pairs securely held by authenticators speaking the CTAP protocol (rather than passwords). Use of three transports for communicating with authenticators is specified in the CTAP specification: USB Human Interface Device (USB HID), Near Field Communication (NFC), and Bluetooth Smart/Bluetooth Low Energy Technology (BLE).

This specification was developed in parallel with WebAuthn, including having a number of common authors. This CTAP version is aligned with the WebAuthn Candidate Recommendation (CR) version.

The CTAP Implementation Draft is available at:

Congratulations to the members of the FIDO2 working group for reaching this important milestone. This is a major step in our journey to deprecate the password!

For privacy we need tech more than policy

Nature and the Internet both came without privacy.

The difference is that we’ve invented privacy tech in the natural world, starting with clothing and shelter, and we haven’t yet done the same in the digital world.

When we go outside in the digital world, most of us are still walking around naked. Worse, nearly every commercial website we visit plants tracking beacons on us to support the extractive economy in personal data called adtech: tracking-based advertising.

In the natural world, we also have long-established norms for signaling what’s private, what isn’t, and how to respect both. Laws have grown up around those norms as well. But let’s be clear: the tech and the norms came first.

Yet for some reason many of us see personal privacy as a grace of policy. It’s like, “The answer is policy. What is the question?”

Two such answers arrived with this morning’s  Continue reading "For privacy we need tech more than policy"

Facebook’s Cambridge Analytica problems are nothing compared to what’s coming for all of online publishing

Let’s start with Facebook’s Surveillance Machine, by Zeynep Tufekci in last Monday’s New York Times. Among other things (all correct), Zeynep explains that “Facebook makes money, in other words, by profiling us and then selling our attention to advertisers, political actors and others. These are Facebook’s true customers, whom it works hard to please.”

Giant Irony Alert: the same is true for the Times, along with every other publication that lives off adtech: surveillance-based advertising. These pubs don’t just open the kimonos of their readers. They treat them as naked beings whose necks are bared to vampires ravenous for the blood of personal data, all ostensibly so those persons can be served with “interest-based” advertising.

With no control by readers (beyond tracking protection which relatively few know how to use), and damn little care or control by the publishers who bare those readers’ necks to the vampires,

Continue reading "Facebook’s Cambridge Analytica problems are nothing compared to what’s coming for all of online publishing"

W3C Web Authentication (WebAuthn) specification has achieved Candidate Recommendation (CR) status

W3C logoThe W3C Web Authentication (WebAuthn) specification is now a W3C Candidate Recommendation (CR). See the specification at https://www.w3.org/TR/2018/CR-webauthn-20180320/ and my blog post announcing this result for the WebAuthn working group at https://www.w3.org/blog/webauthn/2018/03/20/candidate-recommendation/.

This milestone represents a huge step towards enabling logins to occur using privacy-preserving public/private key pairs securely held by authenticators, rather than passwords. Its contents have been informed by what we learned during several rounds of interop testing by multiple browser and authenticator vendors. The Web Authentication spec has also progressed in parallel with and been kept in sync with the FIDO2 Client To Authenticator Protocol (CTAP) specification, so that they work well together.

Fixing the Five Problems of Internet Identity

Summary: Sovrin capitalizes on decades of cryptographic research and the now widespread availability of decentralized ledger technology to rethink identity solutions so that we can have scalable, flexible, private interactions with consent despite the issues that distance introduces.

Credential Exchange

Andy Tobin has a great presentation that describes five problems of Internet identity. Our claim is that self-sovereign identity, and Sovrin in particular, solve these five problems:

The Proximity Problem—The proximity problem is as old as the familiar cartoon with the caption "On the Internet, nobody knows you're a dog." Because we're not interacting with people physically, our traditional means of knowing who we're dealing with are useless. In their place we've substituted username-password-based authentication schemes. The result is that people's identity information is replicated in multiple identity silos around the Internet.

The Scale Problem—Digital identity currently relies on hubs of identity information. We login using Facebook or Google—huge Continue reading "Fixing the Five Problems of Internet Identity"

Equifax and Correlatable Identifiers

Summary: We can avoid security breachs that result in the loss of huge amounts of private data by creating systems that don't rely on correlatable identifiers. Sovrin is built to use non-correlatable identifiers by default while still providing all the necessary functionality we expect from an identity system.

Yesterday word broke that Equifax had suffered a data breach that resulted in 143 million identities being stolen. This is a huge deal, but not really too shocking given the rash of data breaches that have filled the news in recent years.

The typical response when we hear about these security problems is "why was their security so bad?" While I don't know any specifics about Equifax's security, it's likely that their security was pretty good. But the breach still occurred. Why? Because of Sutton's Law. When Willie Sutton was asked why he robbed banks, he reputedly said "cause that's where Continue reading "Equifax and Correlatable Identifiers"

Daily Tab for 2016_06_07

away2remember2manytabsFor today’s entries, I’m noting which linked pieces require you to turn off tracking protection, meaning tracking is required by those publishers. I’m also annotating entries with hashtags and organizing sections into bulleted lists.
#AdBlocking and #Advertising

Have we passed peak phone?

2017-03-27_subwayphones I should start by admitting I shot this picture with my phone. Also that on my rectangle with the rest of these people through most of this very typical subway trip yesterday. I don’t know what they were doing, though it’s not hard to guess. In my case it was spinning through emails, texting, tweeting, checking various other apps (weather, navigation, calendar) and listening to podcasts. We shape our tools and then they shape us. That’s what Marshall McLuhan’s main point was. And then we shape society, policy and the rest of civilization. People won’t stop staring at their phones, so a Dutch town put traffic lights on the ground, Quartz reports. In less than two years, most of the phones used by people in this shot will be traded in, discarded or re-purposed as iPods or whatever. And most of us will be tethered to Apple, Google and
Continue reading "Have we passed peak phone?"

Exploring the business behind digital media’s invisibility cloaks

  amsterdam-streetImagine you’re on a busy city street where everybody who disagrees with you disappears. We have that city now. It’s called media—especially the social kind. You can see how this works on Wall Street Journal‘s Blue Feed, Red Feed page. Here’s a screen shot of the feed for “Hillary Clinton” (one among eight polarized topics): blue-red-wsj Both invisible to the other. We didn’t have that in the old print and broadcast worlds, and still don’t, where they persist. (For example, on news stands, or when you hit SCAN on a car radio.) But we have it in digital media. Here’s another difference: a lot of the stuff that gets shared is outright fake. There’s a lot of concern about that right now: fakenews Why? Well, there’s a business in it. More eyeballs, more advertising, more money, for more eyeballs for more advertising. And so on. Those ads are aimed
Continue reading "Exploring the business behind digital media’s invisibility cloaks"

A few words about trust

cropped-wst-logo-mainSo i was on a panel at WebScience@10 in London (@WebScienceTrust, #WebSci10), where the first question asked was, “What are two aspects of ‘trust and the Web’ that you think are most relevant/important at the moment?” My answer went something like this:::: 1) The Net is young, and the Web with it. Both were born in their current forms on 30 April 1995, when the NSFnet backed off on its forbidding commercial traffic on its pipes. This opened the whole Net to absolutely everything, exactly when the graphical Web browser became fully useful. Twenty-one years in the history of a world is nothing. We’re still just getting started here. 2) The Internet, like nature, did not come with privacy. And privacy is personal. We need to start there. We arrived naked in this new world, and — like Adam and Eve — still don’t have clothing Continue reading "A few words about trust"

The problem for people isn’t advertising, and the problem for advertising isn’t blocking. The problem for both is tracking.

Ingeyes Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking, @JuliaAngwin and @ProPublica unpack what the subhead says well enough: “Google is the latest tech company to drop the longstanding wall between anonymous online ad tracking and user’s names.” Here’s a message from humanity to Google and all the other spy organizations in the surveillance economy: Tracking is no less an invasion of privacy in apps and browsers than it is in homes, cars, purses, pants and wallets. That’s because our apps and browsers are personal and private. So are the devices on which we use them. Simple as that. (HT to @Apple for digging that fact.) To help online advertising business and the publications they support understand what ought to be obvious (but isn’t yet), let’s clear up some misconceptions:
  1. Tracking people without their clear and conscious permission is wrong. (Meaning The Castle Doctrine Continue reading "The problem for people isn’t advertising, and the problem for advertising isn’t blocking. The problem for both is tracking."

The Giant Zero

The Giant Zero

The world of distance

Fort Lee is the New Jersey town where my father grew up. It’s at the west end of the George Washington Bridge, which he also helped build. At the other end is Manhattan.

Even though Fort Lee and Manhattan are only a mile apart, it has always been a toll call between the two over a landline. Even today. (Here, look it up.) That’s why, when I was growing up not far away, with the Manhattan skyline looming across the Hudson, we almost never called over there. It was “long distance,” and that cost money.

There were no area codes back then, so if you wanted to call long distance, you dialed 0 (“Oh”) for an operator. She (it was always a she) would then call the number you wanted and patch it through, often by plugging a cable between two holes in a

Continue reading "The Giant Zero"

Some thoughts on privacy

Somebody280px-Do_not_disturb.svg on Quora asked, What is the social justification of privacy? adding, I am trying to ask about why individual privacy is important to society. Obviously it is preferable to individuals for a variety of reasons. But society seems to gain more from transparency. Rather than leave my answer buried there, I thought I’d share it here as well:
Society is comprised of individuals, and is thick with practices and customs that respect individual needs. Among these is privacy. All but those of us who live outside and walk around naked have a need for clothing and shelter, both of which are means of expressing and guarding spaces we call “private.” One would hardly ask to justify the need for privacy before the Internet came along; but it is a question now, because the Internet, like nature in the physical world, doesn’t come with privacy. We are naked by Continue reading "Some thoughts on privacy"

At last, Cluetrain’s time has come

While The Cluetrain Manifesto is best known for its 95 theses (especially its first, “Markets are conversations”), the clue that matters most is this one, which runs above the whole list:
we are not seats or eyeballs or end users or consumers.
we are human beings and our reach exceeds your grasp. deal with it.
  That was the first clue we wrote. And by “we” I mean Christopher Locke (aka RageBoy), who sent it to the other three authors in early 1999. At that time we were barely focused on what we wanted to do, other than to put something up on the Web. But that ur-clue, addressed to marketers on behalf of markets, energized and focused everything we wrote on Cluetrain site, and then in the book. But it failed. Are you hearing me, folks? It failed. For a decade and a half, Cluetrain succeeded as a book and as a meme, but
Continue reading "At last, Cluetrain’s time has come"

Talking customer power and VRM

I’ll be on a webinar this morning talking with folks about The Intention Economy and the Rise in Customer Power. That link goes to my recent post about it on the blog of Modria, the VRM company hosting the event. It’s at 9:30am Pacific time. Read more about it and register to attend here. There it also says “As a bonus, all registered attendees will receive a free copy of Doc’s latest book, The Intention Economy: How Customers Are Taking Charge in either printed or Kindle format.” See/hear you there/then.    

Separating advertising’s wheat and chaff

wheatAdvertising used to be simple. You knew what it was, and where it came from. Whether it was an ad you heard on the radio, saw in a magazine or spotted on a billboard, you knew it came straight from the advertiser through that medium. The only intermediary was an advertising agency, if the advertiser bothered with one. Advertising also wasn’t personal. Two reasons for that. First, it couldn’t be. A billboard was for everybody who drove past it. A TV ad was for everybody watching the show. Yes, there was targeting, but it was always to populations, not to individuals. Second, the whole idea behind advertising was to signal one message to lots of people, lots of times, whether or not the people seeing or hearing the ad would ever use the product. In their landmark study, “The Waste in Advertising is the Part that Works” (Journal of
Screen Shot 2015-08-12 at 11.01.20 AM
Continue reading "Separating advertising’s wheat and chaff"

We can all make TV. Now what?

meerkatLook where Meerkat andperiscopeapp Periscope point. I mean, historically. They vector toward a future where anybody anywhere can send live video out to the glowing rectangles of the world. If you’ve looked at the output of either, several things become clear about their inevitable evolutionary path:
  1. Mobile phone/data systems will get their gears stripped, in both directions. And it will get worse before it gets better.
  2. Stereo sound recording is coming. Binaural recording too. Next…
  3. 3D. Mobile devices in a generation or two will include two microphones and two cameras pointed toward the subject being broadcast. Next…
  4. VR, or virtual reality.
Since walking around like a dork holding a mobile in front of you shouldn’t be the only way to produce these videos, glasses like these are inevitable:


(That’s a placeholder design in the public domain, so it has no IP drag, other than whatever submarine patents already exist, and I am Continue reading "We can all make TV. Now what?"

T.Rob on the Samsung AdHub Privacy Policy – Have We Reached a Privacy Waterloo?

iopt-logoOne of my favorite bloggers in the Internet identity/security/privacy/personal data space, T.Rob Wyatt, just posted an expose of what the Samsung privacy policy really means when it comes to using Samsung devices and their integrated AdHub advertising network. I can tell you right now, I’ll never buy a Samsung smart-ANYTHING until that policy is changed. Full stop. If every prospective Samsung customer does the same thing—and tells Samsung this right out loud, like I’m doing right now—then we’d finally see some these policies changing. Because it would finally hit them in the pocketbook.