Working on a more thought-out post on this but I thought I'd get some feedback before diving too deep.
How about an Identity #coop ? A simple but solid #oauth identity provider that also advocates for it's inclusion as an idp to the services used by its members.
Convenience of single sign-on with the smallest possible security risk surface area and, being a co-op, members (users) decide what data is collected, shared, etc.
I have more but I'll stop here for now :)
@jjg I love the part where users would get to decide what kinds of data Is to be collected for analysis and for what purposes would the data be used, to facilitate service improvement.
For example, I am not against bug reports collecting by Mozilla in an effort to make Firefox better, but I am hoping that those crash reports are anonymous and only strictly relevant to Firefox.
From a privacy standpoint bulk data collection without choice and transparency is biggest issue.
@mareklach @alanz @jjg in theory this is what EU data protection law is supposed to be, right?
I wonder if the GDPR will change things much?
@ebel @alanz @jjg Perhaps they don't have to change much, as we know that in practice security agencies like the NSA, or GCHQ don't give much regard to laws written in theory on paper.
But I would think that they can collect private data only if these have first been collected by companies like Facebook and Google. I know Facebook got fined a bit for #privacy violations, but they are still not transparent about exactly what they collect.
@mareklach @alanz @jjg I think most EU data protection law has an exemption for (EU member state) national security. Which is bleh.
But the GDPR might limit what Facebook etc can do
@mareklach @alanz @jjg Do you know about #
NOYB? It's a proposed NGO from Max Schrems, long time successful privacy actvist. He's trying to raise €250k by end of Jan to launch it and then use the new law to sue companies which are bad for privacy,
@ebel @alanz @jjg Oh, let's hope, because it would be high time. Choice and transparency should always be key, because the question of data collection may not always be a simple yes, or no, I can understand that, so then it becomes about being able to choose what are we willing to share (for example sharing hardware specifications to improve software compatibility'd always be ok for me) but also know exactly where & why we're sending data.