Working on a more thought-out post on this but I thought I'd get some feedback before diving too deep.

How about an Identity #coop ? A simple but solid #oauth identity provider that also advocates for it's inclusion as an idp to the services used by its members.

Convenience of single sign-on with the smallest possible security risk surface area and, being a co-op, members (users) decide what data is collected, shared, etc.

I have more but I'll stop here for now :)

@jjg I love the part where users would get to decide what kinds of data Is to be collected for analysis and for what purposes would the data be used, to facilitate service improvement.

For example, I am not against bug reports collecting by Mozilla in an effort to make Firefox better, but I am hoping that those crash reports are anonymous and only strictly relevant to Firefox.

From a privacy standpoint bulk data collection without choice and transparency is biggest issue.

@mareklach @alanz @jjg in theory this is what EU data protection law is supposed to be, right?

I wonder if the GDPR will change things much?

@ebel @alanz @jjg Perhaps they don't have to change much, as we know that in practice security agencies like the NSA, or GCHQ don't give much regard to laws written in theory on paper.

But I would think that they can collect private data only if these have first been collected by companies like Facebook and Google. I know Facebook got fined a bit for #privacy violations, but they are still not transparent about exactly what they collect.

@mareklach @alanz @jjg I think most EU data protection law has an exemption for (EU member state) national security. Which is bleh.

But the GDPR might limit what Facebook etc can do