Subject:
|
Re: Elections and Membership in ldraw.org
|
Newsgroups:
|
lugnet.cad.dev.org.ldraw
|
Date:
|
Mon, 28 Apr 2003 19:20:24 GMT
|
Viewed:
|
2372 times
|
| |
|
|
In lugnet.cad.dev.org.ldraw, Dan Boger writes:
> On Mon, Apr 28, 2003 at 06:08:54PM +0000, Tim Courtney wrote:
> > The idea of personally identifiable information is indeed a sensitive one,
> > and I recognize that. In fact, I'm a privacy freak myself - when it comes to
> > commercial entities.
>
> the fact the LDraw.org isn't a commercial entity is completely
> irrelavent in this case.
Why not? ldraw.org would presumably be (by Bylaws provision) banned from
selling the info, and would presumably be bound to take all reasonable care
with the information. Those restrictions (which would take a lot of work to
ever change, by design) don't apply to commercial entities.
Or are you saying that all entities, commercial or not, have to make privacy
provisions? If so, why not just say so?
> > The reason I included it in the recap/call for more brainstorming is simple.
> > It provides an additional option of verification for people who can't be
> > verified by any of the other means. It wasn't suggested as a requirement.
> > Perhaps I wasn't clear enough on that point? I wouldn't ever require someone
> > to send that information if they didn't want to.
> I would actually be worried about STORING that kind of information on
> the server. Even for the people who didn't care. Like someone else has
> posted here, I wouldn't want someone to hack one of the machiens at
> pair, and suddenly we need to contact all our users telling them their
> information was stolen, and they should cancel all their credit cards
> and keep an eye out for identity theft.
Good point.
Not sure it needs to be, or that anyone is SUGGESTING that it be, stored,
though. Presumably IF this scheme were one of the ones used, the info (or
paper copies of it) would be mailed/transmitted to a human to validate, and
once the user was validated, that would be it, they get shredded or whatever.
Have we exhaustively enumerated the possible verification schemes? I didn't
think we had, but we seem to be picking some of them apart, so maybe we're done.
Do we need to take a consensus check on what level of antispoofing is even
needed? I suspect that people are operating from different levels of
assumptions.
Dan, you stated that just taking people's word that they were unique wasn't
sufficient. What is the comfort level you think we need to get to? And what
schemes for getting there pass your own internal test of "secure enough for
this but not too intrusive"? I'd like to see you put some proposals on the
table.
|
|
Message has 1 Reply:
 | | Re: Elections and Membership in ldraw.org
|
| (...) my only problem, is since I know what "reasonable care" is, it's really not much. (...) I'm not sure I believe in "privacy provisions" - since it's in lawyer talk, it's usual not possible for the average user to actually know what they say - I (...) (22 years ago, 29-Apr-03, to lugnet.cad.dev.org.ldraw)
|
Message is in Reply To:
| | Re: Elections and Membership in ldraw.org
|
| (...) the fact the LDraw.org isn't a commercial entity is completely irrelavent in this case. (...) I would actually be worried about STORING that kind of information on the server. Even for the people who didn't care. Like someone else has posted (...) (22 years ago, 28-Apr-03, to lugnet.cad.dev.org.ldraw)
|
74 Messages in This Thread:
  
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
This Message and its Replies on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
