Plaxo announced by email on 6 July that they will charge for Outlook contact synchronisation as a paid for feature $at 59.95 as part of Plaxo Premium http://www.plaxo.com/downloads/outlook_premium? . In the email they say "This change will allow us to continue to invest in the development and support of this valuable (but high-cost) feature."

As our readers will know we have always said that a free cloud based server model is unsustainable for contact and identity management.

Of course the only way to offer a low cost sustainable service is to synchronise P2P and avoid mediation by servers. Not only does this eliminate server traffic it also puts the user back in control of their contact information.

We want to roll out a robust platform for this before extending our business.

Please keep using Glynx, give us your feedback and spread the word on a superior way to manage your contact information.

We have had several requests for us to explain more about our Trust framework, so I thought I would put a summary of our thoughts in a post.

The general aim is to provide a Trust architecture that mirrors the real world of Trust and Claims. In the real world most claim interactions happen Peer-to-Peer and are unmediated – hence our model of privacy and control.

We currently recognise four levels of Trust for Identities and we let user’s decide which level for which Identity they wish to use or accept (note that this is a more general solution to the Social Networking model which typically only recognizes two or three levels). Trust is reflected by certificates linked to the Identity Claim. Trust is assigned at the Facet (individual Identity Claim) and Persona (collection of claims) levels.

1)       Unverified Claims: eg an “About me” claim, unverified by any means.

2)       Peer verified claims: eg A “recommendation” claim is certified by “friend” using their friend@othermail.com Identity. Since I trust “friend” I trust the claim “recommendation” These are typically useful for reputation based Facets.

3)       Glynx verified claims: for major communications IDs we run a Glynx verification service. This is backed up by an HSM based certificate assigning service. Currently we verify claims for email addresses, mobile phone numbers and Skype IDs. Of course others are possible but we selected those to give users a taste of the general solution (and cover some of the major bases). Expect us to verify other types of claims in future. However, we do not intend to become a claims verification business.

4)       Identity Provider Claims: Identity Providers can offer the strongest certification of claims (for example a phone company is the best certifier of your phone number). At the moment the architecture recognizes this claim type but the API is not yet open for Providers to certify claims. Watch this space…

Our aim is to eventually open up the API to enable third parties (especially Identity Providers and holders of reputation credentials, so your reputation becomes portable) to certify claims directly into our peer network.

 Claims can be held in several places:

• Privately – i.e. I keep claims in a private repository and only issue them to you directly as required (cloud or device based of course)
• In Blackpages – this is our P2P directory Summary of Blackpages. This enables claimants to publish, search, and associate claims with privacy and control. Exchange and digest happens P2P.
• In a hosted Yellow directory – Examples of this are the typical web directory you are familiar with such as Google, ebay, Facebook, etc.. Other sorts of this directory include network directories (not just Yellow pages but also the directories held in switches, etc.) and government directories (such as centralised medical records). Significantly these are held and mediated by a third party and you trust the third party to provide the “truth, the whole truth and nothing but the truth” in providing listing publishing, search and association services.

The Blackpages directory is significant. Because all current directories, are essentially mediated, they are managed in the interests of the hosting organisation. For example your VoIP Identity rarely listed in your telco provider’s directory (even though this might be useful), Social Networks do not typically provide details of other Social Networks you belong to in your profile. Even if they did contain this Identity information you could you trust them to provide it to Identity requestors in a way that always meets requestors interests? You generally have to hunt around for all this claims information in an unsystematic way.

Blackpages enables systematic publishing, search, association and exchange of Identity information with a master directory of all possible user identities across all possible services in a way that means entries are generally only controlled by the user.

The Trust framework takes care of the level of search, association and exchange users are prepared to accept but we do not mandate a trust level. It is buyer beware which puts the responsibility for interpreting Trust on the claimant and recipient, like the real world.

So Blackpages can act as a meta directory across all your Private White directories. We want this to drive innovation back into the directory space: for example when I browse a Social Networking user homepage it might be nice to see what other places outside of the Social Network you could find information about the user or their activity. With the Blackpages directory and Glynx I can do this (once our browser plugin/API is complete J ). I may use many good Social Networking products that we would benefit from using together but it is too hard for you to find out about them.

The Black feature is important as it prevents threats to Trust of spam/hack/unauthorized observation attacks, etc. so eliminating the need for user self censorship to prevent these threats. All hosted directories are to some extent open to these threats which is why no hosted directory can become the master directory n matter how well it is managed or what promises the directory controllers make.

 

I enjoyed Identity Woman's post Am I to “old” to get Facebook? - or do they not get it?

She raises questions that many people I know feel uncomfortable about. Are we older and wiser or just plain older when it comes to thinking about Identity Privacy online!?

One reason we invented Glynx was as a big experiment – do (enough) people care enough about privacy to want to maintain separate Personas and keep the audiences of these separate? Is this a business? Of course the only way to truely test this is to build a tool (and a business) that enables users to manage claims locally and  publish, find, associate and share claims as peers. Providing Identity claim information to third party servers (social networking sites, login credentials sites such as an OpenID server or contact details sites) necessarily means you give up observation and control of personal Identity information to at least one other party.

So far interestingly I would say the answer to the question has been mixed (to the extent that there is anyone interested enough to seriously discuss this topic with us - this probably warrants another post). Most people who have engaged us have done so with puzzlement – “why would you want to be private”? My answer is mixed – there is plenty of utility in being public but in the end I have four big concerns that mean I could never go totally public (i.e. delegate all my Identity authority to a third party).

• It concentrates power over my online life in a/the server business which makes me vulnerable to abuse.
• It is fine for me to make a mistake but if all my Identity information is held by a third party with essentially unregulated Ts & Cs, I have to trust them (and all their agents), forever, which seems like a ton of trust. And there are plenty of examples where this trust has been misplaced.
• In the real world my Identity is exchanged peer-to-peer – I go to a bar and give my driver’s license to the doorman to check. I don’t give my driver’s license to the Bank (say) and tell the doorman to call the bank to let me in (infact I would feel very uncomfortable if this was the case). Why should the online world be any different – who’s business is my business anyway?
• I may be fine about being represented by a server business but why should I provide information about my relationships? Many people represented by my relationships have not given me authority to use their information in such a way. Privacy laws prohibit businesses giving out their membership lists. Why do server businesses expect a lower standard of their members? This erodes the trust others place in me.

Ultimately we must take responsibility for our own relationships and our own claims. Only in this way can we have integrity in the relationships we have and only then can we give real meaning to “trust”.

Release announcement of version 0.2.3

Read more..

Announcement of public beta launch XP and Vista

Read more..