Bcc

The Knight News Challenge applications are in and I find them a particularly exciting batch this year, perhaps because of a burst of activity spurred on by a handful of surveillance revelations you might have heard about. I read through all 660: below are my list of promising applications from friends and colleagues. I’m sure there are many more awesome ones, including some I already “applauded”, but I thought a starter list would still be useful. Go applaud these and add comments to help them improve.

Which are your favorites that I’ve missed? I’m keeping a running list here: https://pinboard.in/u:npdoty/t:newschallenge

Encrypt all the things

Mailpile - secure e-mail for the masses!

Making secure email (using the OpenPGP standard) easier by developing an awesome native email client where encryption is built-in. They already have an alpha running that you might have seen on Kickstarter.

Encryption Usability Prize

Peter Eckersley, just over the Bay at EFF, wants to develop criteria for an annual prize for usable encryption software. (Noticing a theme to these encryption projects yet?) Notes SOUPS (CMU’s conference on usable security, happening this summer at Facebook) as a venue for discussion.

LEAP Encryption Access Project: Tools for Creating an Open, Federated and Secure Internet

LEAP (leap.se) is a project for developing a set of encryption tools, including proxies, email (with automatic key discovery) and chat, in an effort to make encryption the default for a set of at-risk users. (My colleague Harry Halpin at W3C works with them, and it all sounds very powerful.)

TextSecure: Simple Private Communication For Everyone

TextSecure is likely the most promising protocol and software project for easy-to-use widely adopted asynchronous encrypted messaging. (Android users should be using the new TextSecure already, fyi; it basically replaces your SMS app but allows for easy encryption.) Moxie (formerly of Twitter) is pretty awesome and it’s an impressive team.

Standards

Speaking of encryption, there are two proposals for standards work directly related to encryption and security.

Advancing DANE (DNS-Based Authentication of Named Entities) to Secure the Internet’s Transport Layer

This one may sound a little deep in the weeds, but DANE is a standard which promises end-to-end transport security on the Internet via DNSSEC, without relying on the brittle Certificate Authority system. Yay IETF!

Improved Privacy and Security through Web Standards

My colleagues at W3C are working on WebCrypto — a set of APIs for crypto to be implemented in the browser so that all your favorite Web applications can start implementing encryption without all making the same mistakes. Also, and this is of particular interest to me, while we’ve started to do privacy reviews of W3C specs in general via the Privacy Interest Group, this proposal suggests dedicated staff to provide privacy/security expertise to all those standards groups out there from the very beginning of their work.

Open Annotations for the Web

Hypothes.is (with lots of I School connections!) has been contributing to standards for Web annotations, so that we can all share the highlights and underlines and comments we make on web pages; they’re proposing to hire a developer to work with W3C on those standards.

Open Notice & Consent Receipts

A large handful of us I School alumni have been working in some way or another on the idea of privacy icons or standardized privacy notices. Mary Hodder proposes funding that project, to work on these notices and a “consent receipt” so you’ll know what terms you’ve accepted once you do.

Documenting practices, good and bad

Usable Security Guides for Strengthening the Internet

Joe Hall, CDT chief technologist and I School alumnus extraordinaire, has an awesome proposal for writing guides for usable security. Because it doesn’t matter how good the technology is if you don’t learn how to use it.

Transparency Reporting for Beginners: A Starter Kit and Best Practices Guide for Internet Companies, and a Readers’ Guide for Consumers, Journalists, & Advocates

Kevin Bankston (formerly CDT, formerly formerly EFF) suggests a set of best practices for transparency reports, the new hot thing in response to surveillance, but lacking standards and guidelines.

The positive projects in here naturally seem easier to build and less-likely to attract controversy, but these evaluative projects might also be important for encouraging improvement:

Ranking Digital Rights: Holding tech companies accountable on freedom of expression and privacy

@rmack on annual ranking of companies on their free expression and privacy practices.

Exposing Privacy and Security Practices: An online resource for evaluation and advocacy

CDT’s Justin Brookman on evaluating data collection and practices, particularly for news and entertainment sites.

IndieWeb and Self-Hosting

IndieWeb Fellowships for the Independent and Open Web

I’ve been following and participating in this #indieweb thing for a while now. While occasionally quixotic, I think the trend of building working interoperable tools that rely as little as possible on large centralized services is one worth applauding. This proposal from @caseorganic suggests “fellowships” to fund the indie people building these tools.

Idno: a collective storytelling platform that supports the diversity of the web

And @benwerd (werd.io) is one of these people building easy-to-use software for your own blog, not controlled by anyone else. Idno is sweet software and Ben and Erin are really cool.

Mail-in-a-Box

Even if you had your own domain name, would you still forward all your email through GMail or Hotmail or some free webmail service with practices you might not understand or appreciate? This project is for “a one-click, easy-to-deploy SMTP server: a mail server in a box.”

Superuser: Internet homeownership for anyone

Eric Mill (@konlone) has been working on a related project, to make it end-user easy to install self-hosted tools (like Mail-in-a-box, or personal blog software, or IFTTT) on a machine you control, so that it’s not reserved for those of us who naturally take to system administration. (Also, Eric is super cool.)

IndieWeb folks,

While privacy was not the most common topic at #indiewebcamp earlier this summer, I think the independence of controlling one's own Web presence has a lot in common with freedom from surveillance.

In that spirit, I thought you all might be interested in the 1984 Day rally, taking place this Sunday, 1pm (after the Doctor Who live stream, of course) on the Embarcadero. The Web page for the event suggests, apparently without any irony at all, RSVPing on Facebook, but I thought an email/blog post was a more appropriate way to tell you all that I'll be there. Daniel Ellsberg (of the Pentagon Papers) will speak, among others.

Hope you're well and to see you soon,
Nick

P.S. Can you RSVP to an event within the description of an event itself? Test case: the paragraph above.

Please see attached comments, also publicly available at: https://www.w3.org/2012/04/ntia-multistakeholder-comment.html

Nick Doty
Privacy
World Wide Web Consortium

We've commonly heard (at workshops in July '10, December '10 and April '11, for example) that W3C should have a venue for discussing and addressing ongoing and upcoming privacy issues. To that end, we're proposing a Privacy Interest Group, with a draft charter now available.

http://www.w3.org/2011/07/privacy-ig-charter

Feedback from the public (and this list in particular) would be most helpful.

I'm imagining this group as a place to discuss new issues (via public-privacy), spin off Recommendation-track work as necessary, develop guidelines for handling privacy considerations and provide advice to other groups for handling privacy in Web specifications. How do *you* think a group like this should function?

Discussion is welcome on this list, or feel free to send me feedback offline.

Thanks,
Nick

Following up on the Princeton workshop [1] and widespread interest from both industry and regulators [2] in standardizing Do Not Track technologies, we're proposing a Tracking Protection Working Group, with a draft charter now available.

http://www.w3.org/2011/tracking-protection/charter-draft

Feedback from the public (and this list in particular) would be most helpful.

Next steps will be to send the charter to the W3C Advisory Committee for review. After that step and approval from the Director, we expect the group to form and work to begin by the end of August.

Discussion is welcome on this list; if you wish to send comments offline, please contact me <npdoty@w3.org> and Thomas Roessler <tlr@w3.org>.

Thanks,
Nick

[1] http://www.w3.org/2011/track-privacy/report.html
[2] http://www.w3.org/QA/2011/06/do_not_track_the_regulators_ch.html