A matter of trust

Seattle's OneName has a plan for making the Net safe, private, and spam-free. Can they get the rest of the world to go along?

DESPITE THE UPROAR over online privacy, very few Net users behave like they give a damn, plopping personal data into forms without worrying too much about where it's headed. There's an element of fatalism to it all—after the thousandth form asking for your name, address, age, and so forth, a person starts to feel less like they're being intruded upon and more like they're talking to a rather hard-of-hearing elder relative.

Not that Web sites are eager to help you out: They put the worst writers on their legal staffs to the task of delineating the latest policies, then expect you-the-user to make a point of checking in regularly to pore through the legalese for changes. (How bad is it? Amazon got positive press merely for announcing that they'd changed their policies.) And if you don't like the changes, good luck proving things were ever different—and best of luck taking back your personal information once a company's got their hot little marketing hands on it.

Drummond Reed has an idea about fixing that. He's built XNS (eXtensible Name Service), a spiffy means of protecting you from those who would pester you, not only privacy-stealers but spammers. While he does that, he'll also make sure you never have to send one of those massive hey-I'm-changing-e-mail-addresses notes again. It's open-source and automatic and free for the first million Net users to hook up, and it has an entire standards body standing behind it.

Now all he has to do is convince the rest of the Net to join up.

THERE'S AN INDUSTRY JOKE that says that standards are a good thing, so much so that every company ought to develop a set. Those familiar with the history of the Net will remember the tussle for the souls of HTML and Java, as companies such as Microsoft and AOL "enhanced" the work of the worldwide committees managing those languages until nothing worked quite right.

Partly because of such shenanigans, the World Wide Web Consortium—the global governance in charge of tending to hoary old HTML—created XML, a sophisticated way for designers to tell applications and databases what was expected of them. HTML tends to concern itself with stuff like the size of headlines; XML can explain to a database how to work with an application it's never seen before.

Or, in the case of Reed's OneName, it can hook up with a "Web agent" to act as your personal representative/kneebreaker when dealing with businesses angling for your personal info. Agents are also a Web idea with some mileage; the basic idea is that it's a computer program that can automatically do stuff on your behalf. Most folk are familiar with shopping agents such as My Simon or Expedia's Fare Finder, which keep track of prices on flights or other items it knows you're interested in. Agents speak in the "grammar" laid out by XML; the new XNS is a vocabulary they plug into the grammar.

(A geekish aside here for hardcore privacy/standards heads; the rest of you may proceed to the next paragraph unmolested. XNS is interesting for folks like us to compare to that other standard-in-training, P3P—the Platform for Privacy Preferences Project, the W3-proposed standard for machine-readable privacy policies. P3P specifies how a site owner might translate her site's privacy policies into an XML document readable by user agents such as a browser enhancement. Cool stuff. XNS uses two agents— one from the user, one from the business— to negotiate privacy contracts, explicit permissions, and the like. The two standards are in fact potentially complementary—P3P communicates, XNS negotiates. Nifty, no? Let's rejoin the others now.)

THE NICE THING IS that OneName doesn't aim to own XNS the way that certain large companies wish to own, say, the desktop; they don't even want to be the boss of it. That task falls to XNSORG, a nonprofit ICANN-style standards body to whom OneName has licensed the Web-agent patents that make XNS tick. OneName CTO Reed has a seat on the XNSORG board (the company is also a member of the W3C). OneName operates (for now) the sole XNS root directory, though freeinternet.com is expected to roll theirs out by the end of this month.

Kicking the standard out into the open air is crucial for universal acceptance; HTML won the Web not because it was the best option but because it was the most widely accepted. Since XNS involves not only tech infrastructures but legal and operational ones as well as a serious open-source community commitment, ICANN wasn't likely to be of help. The inaugural board is chaired by tech journalist Adam Engst (known to many as the force behind Washington's recent attempts at anti-spam legislation) and is currently working out the details of being a brand-new global standards body.

AND WHAT DOES THIS get the average consumer? Letting a privacy-savvy agent handle the process of doling out your personal info online can mean more, not less, control over what you give and where it goes. If you have a personal agent, you might entrust it with your name, address, age, credit card info, and so forth. You'd then tell your agent how much of this information you're willing to let out.

As you go about your online life, the agent handles not only the tedious stuff like filling in your forms automatically (suddenly everything is one-click shopping if you want it to be) but the grotty business of negotiating with Web sites over personal data the site is allowed to have. There'll be none of this business of Web sites promising total privacy one day and throwing their kimonos open to marketers the next; the agent keeps track of what privacy policies are in effect for each transaction you make with a site, and if they're asking for more than they're allowed they get smacked. Legally smacked, no less—the XNS standard provides for legal dispute resolution for business and personal agent-holders, just as ICANN provides for resolution of disputes over domain names. And OneName-offering sites are responsible for your info for as long as you let them have it; claiming that data is out of their control once it passes to "third-party" partners won't fly.

Having an agent handle your info has collateral advantages, too. One of the sweetest for rank-and-file Net users may be the potential to eradicate, finally, the scourge of spam. One of the things needed by Web agents to function is a permanent, universal address—a bit like the domain-naming (DNS) system but even sturdier. (OneName explicitly compares XNS to DNS, as XML is to HTML.) Now that you have an address that never changes, it can act as a central point for managing your address book, passwords, digital wallet, and so forth. Since the agent handles your address book, it can compare your incoming mail to folks it knows you wish to hear from; if mail comes from an unrecognized source, your agent can send over a note requesting that the original sender agree to your no-spam conditions and even give a bit of personal information before passing the mail along to you—farewell, friend@public.com.

Even cooler, such agent action could nip the prospect of wireless spam before it really takes hold. And businesses benefit too, as up-to-date agents pare bad or ancient data out of the records and improve that all-important consumer trust, battered by recent privacy violations (and lack of attention from toothless "advocacy" outfits such as TRUSTe).

So, from this OneName makes money? That's the plan; though they no longer control their patents, OneName sells XNS services to Net businesses, provides XNS registrations (similar to the DNS registrations Network Solution more-or-less provides), hosts agents, and develops Java-based "knowledgepacks" for other XNS agencies to add to their own offerings. After all, they're not running a charity here—but for Net users tired of typing in their personal info and worried about where it's going, they are nonetheless offering a blessing.

comments powered by Disqus

Friends to Follow