search

solid / webid-profile

Discovery based on Solid Social Agent WebID
https://solid.github.io/webid-profile/
MIT License
12 stars 8 forks source link

Document know privacy issues with Type Indexes and Trusted Apps #16

Open elf-pavlik opened 2 years ago

elf-pavlik commented 2 years ago

I understand that this repo focuses on prior art. Still, I think it should honestly document known issues and possibly even reference ongoing efforts which are addressing those issues. It could be addressed by Privacy considerations section(s).

TypeIndex

ISSUE: Apps that have access to given TypeIndex can see the complete index. It doesn't allow users to selectively (e.g. as part of authorizing the app) disclose to the app what kind of data they have. It is known to be problematic when users have some specific data like (mental) health data, (un)employment data, etc. While apps should be able to discover data the user authorizes that app to access, it shouldn't have knowledge that any other data even exists in any of the user's storage instances.

ALTERNATIVE: Solid Application Interoperability

Trusted Apps

ISSUE: User may not want to publically disclose which app they are using. It is known to be problematic when users use apps related to (mental) health data, (un)employment data, dating, etc.

ALTERNATIVE: Solid Application Interoperability

jeff-zucker commented 2 years ago

We discussed this issue in today's meeting and we agree that there are privacy concerns with both trustedApps and type indexes. We will refer to these concerns in a "Considerations" section of the document at a later date.