Story 10FM9 HTTPA protocol for tracking how private data is used online.

HTTPA protocol for tracking how private data is used online.

by
in security on (#10FM9)
By now, most people feel comfortable conducting online financial transactions on the Web. The cryptographic schemes that protect online banking and credit card purchases have proven their reliability over decades. But right now, there is no effective way to prevent misuse of your data by the people authorized to access it, say for example a bank employee can still access your data, and frequently we are reading news about misuse of the data by the bank employees. i-e Once you share your data with the bank, Healthcare system or any other private company, for your online transactions, you don't have any control over who exactly is using or misusing your data.

http://news.mit.edu/2014/whos-using-your-data-httpa-0613
Reply 4 comments

So basically (Score: 0)

by Anonymous Coward on 2016-01-13 07:50 (#10GS8)

Strip the URI from the data and you are screwed. I can see why this did not take off.

Why this won't work (Score: 2, Insightful)

by Anonymous Coward on 2016-01-14 03:47 (#10M4X)

You're advocating a [borrowed from an old email spam tempate]:

(X) technical (X) legislative ( ) market-based ( ) vigilante

approach to fighting data sharing. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

(X) Scammers can easily use it to harvest personal data
(X) Existing DBs would be affected
( ) No one will be able to find the guy or collect the money
(X) It is defenseless against the unethical
( ) Users will not put up with it
(X) Microsoft will not put up with it until they've made it their own
( ) The police will not put up with it
(X) Requires too much cooperation
(X) Requires immediate total cooperation from everybody at once
( ) Many users cannot afford to lose business or alienate potential employers
( ) Scammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority
(X) DBs in foreign countries
(X) Ease of searching
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment
(X) Susceptibility of protocols
( ) Willingness of users to install OS patches
(X) Extreme profitability of unencrypted data
(X) Joe jobs and/or identity theft
(X) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with scammers
(X) Dishonesty on the part of scammers themselves
( ) Bandwidth costs that are unaffected by client filtering

Re: Why this won't work (Score: 0)

by Anonymous Coward on 2016-01-15 02:51 (#10QS7)

Would vote for you if I could.