WordPress and ‘persona separation’

Anyone who has heard me talk on the subject of privacy has probably heard me say how important I think it is to be able to reflect different privacy contexts by using different ‘personas’.

Privacy is – somewhat paradoxically – not about secrecy. If I keep all my information secret, I’m not “private”, I’m a recluse – asocial. Privacy is a social phenomenon; a way of ensuring that we retain the freedom to interact in one way with our loved and trusted companions, in another with, say, business and social acquaintances, and in yet another with people we’ve never met. You can do all this without failing to be true to your nature or character. It is healthy and appropriate to have different privacy rules for different circumstances and relationships. Someone who tries to deny you this ability is denying your right to interact socially on your terms, rather than theirs.

This is one of the many reasons why the “nothing to hide, nothing to fear” bleat should be reacted to with derision as a minimum, and outright hostility for preference.

But that’s not what I was going to write about. 

No, all I was going to do was observe that WordPress’s deployment of OAuth-based authentication is actually far better designed than its own authentication mechanism. Persona management just happens to be why I think that’s the case. Here’s why.

I happen to have two WordPress accounts, one of which is pseudonymous. There’s nothing sinister in that. I just occasionally what to post something caustic or mildly risqué which, in the context of my “Robin Wilton” blog might offend some readers, or might simply be irrelevant to that audience. (For instance, the identerati are probably not the least bit interested in my probably-not-very-funny pastiche in homage to the late Alan Coren).

But a couple of times, I have – thanks to the not very well designed authentication and persona management aspects of WordPress – published a post to the wrong one of the two blogs. OK, I delete and re-publish, and probably no-one noticed… though depending on things like RSS refresh intervals, someone may have done. That problem is worse if you have multiple accounts with a more synchronous protocol, like Twitter.

But if you’re commenting on someone else’s WordPress blog, as opposed to posting on your own, you get an OAuth-based alternative, so that you can authenticate using, say, your Twitter or Facebook account. If you choose that option, not only should it be fairly obvious which you’re using (because you have to click on one icon rather than the other), but WordPress actually reminds you, before you hit Publish, which persona it is that you’re about to use.

From a privacy perspective, it’s all rather nice. If only WordPress’ own login and dashboard were as well designed.

Peter Schaar: Snowden should come to Germany…

Even back in June, Federal Data Protection Commissioner Peter Schaar was sugesting that Germany would be a better place for Edward Snowden to lie low than Hong Kong –

He’s still of the view that Snowden shouldn’t settle down just yet. I was in Berlin last week for IETF87, and saw him quoted in a piece in Stern. Here’s a rough translation (with apologies for any errors, especially in translating the titles of various politicans…). It’s interesting not just for Schaar’s observations, but also for the depth and breadth of antipathy it reveals among German elected representatives to the US surveillance program:

German authorities could benefit from Snowden’s knowledge of foreign intelligence services’ intercept practices, Schaar said to the “Cologne Stadt-Anzeiger” newspaper. Meanwhile, in the light of new revelations about the scale of the XKeyscore snooping program, German opposition parties have called for clarification from the federal government.

Snowden needs a safe haven; “I can imagine such a refuge in Germany”, says Schaar. He can also imagine that the federal attorney general might welcome Snowden in person. In Schaar’s view, Snowden’s admission to Germany “also has the advantage that we would not then be driving someone into the arms of an authoritarian regime whose real intentions can, not entirely unfairly, be regarded with scepticism. Schaar was alluding to Russia, where Snowden has been since the end of June.

SPD leader Thomas Oppermann spoke in Reutlingen of a “total surveillance” which cannot be reconciled with the German constitution. The federal government must put an end to this surveillance. Ronald Pofalla, the minister currently responsible for the intelligence services, accused Oppermann of “manifestly having failed to tell the whole truth” about the snooping program, and described as “disturbing” the fact that German intelligence services were conducting tests with elements of the XKeyscore program.

Renate Künast, head of the Green party, exhorted Chancellor Angela Merkel to engage: “The Chancellor must finally take her head out of the sand and defend citizens’ freedom, she explained in Berlin, professing the new revelations about XKeyscore to be disturbing: “It means every citizen can fall under the focus of the secret services”. Green party official Hans-Christian Ströbele described XKeyscore as a “diabolically comfortable surveillance program”.

Left-winger Petra Pau called for a “democracy summit” at which the international implications of the latest US surveillance revelations would be examined. The federal government must prevent the secret services from undertaking a “general assault on essential elements of the constitution”, she continued.

Accoring to a report in the British “Guardian” newspaper, the US secret services have far more sweeping access to world-wide Internet communications than had hitherto been assumed. The XKeyscore snooping programme allows the US security services to see “practically everything the average user does on the Internet”, reported the paper, referring to comments by the former US intelligence worker Edward Snowden.