ListenLog Meeting Notes: Difference between revisions

From Project VRM
Jump to navigation Jump to search
(New page: ===12/12=== ====Parking Lot==== ------------------------ Where is data stored? Does it sync locally? Is there any concern from collaboration stations and partners that there's no exclusive...)
 
No edit summary
Line 2: Line 2:
====Parking Lot====
====Parking Lot====
------------------------
------------------------
Where is data stored? Does it sync locally?
* Where is data stored? Does it sync locally?
Is there any concern from collaboration stations and partners that there's no exclusive access to data / analytics?
* Is there any concern from collaboration stations and partners that there's no exclusive access to data / analytics?
What do we capture? Application behavior data?
* What do we capture? Application behavior data?
Security / encryption on the stored data? Which bits?
* Security / encryption on the stored data? Which bits?
How best to communicate and promote the ListenLog concept and where the key benefits and differentiators are? How do we address naysayers and differentiate from alternative approaches, e.g. APML?
* How best to communicate and promote the ListenLog concept and where the key benefits and differentiators are? How do we address naysayers and differentiate from alternative approaches, e.g. APML?
How do we do identity? How do we make it swappable? Do we use icards, openID, Oauth?     
* How do we do identity? How do we make it swappable? Do we use icards, openID, Oauth?     
How do we start the service without identity? (e.g. access to device ID?)
* How do we start the service without identity? (e.g. access to device ID?)
Do users have control over what's stored?
* Do users have control over what's stored?
What's the absolute minimum of device-side functionality?
* What's the absolute minimum of device-side functionality?
Opt-out(?)
** Opt-out(?)
Change repository
** Change repository
Assign identity
** Assign identity
Where does legal and TOS come in? (see rights and contracts below)
* Where does legal and TOS come in? (see rights and contracts below)
Does anyone enforce standards compliance?
* Does anyone enforce standards compliance?
Who does the work / coding?
* Who does the work / coding?
PRX+?
** PRX + who?
Do we think about revenue / sustainability? PRX has two roles here - one to build codebase and standards for storage, the other to think about services and how we'd use the data.
* Do we think about revenue / sustainability? PRX has two roles here - one to build codebase and standards for storage, the other to think about services and how we'd use the data.
Do we do opt out for data capture? (probably yes)
* Do we do opt out for data capture? (probably yes)
Do we provide "public by default," e.g. ubiquitious, anonymous access to the data out of the box  (probably no)
* Do we provide "public by default," e.g. ubiquitious, anonymous access to the data out of the box  (probably no)
Can we open source iphone bit? Publicly available libraries?
* Can we open source iphone bit? Publicly available libraries?
What's in the first release?
* What's in the first release?
Should we provide ability for users to release data? How and to whom? What capacity for sharing? What terms? Anon vs. nonanon?
** Should we provide ability for users to release data? How and to whom? What capacity for sharing? What terms? Anon vs. nonanon?
Does there need to be database legal protection underlying data rights access to drive user terms?
* Does there need to be database legal protection underlying data rights access to drive user terms?


===12/13===
===12/13===
How do we make the data inherently more anonymous?
* How do we make the data inherently more anonymous?
Match account data between logs
** Match account data between logs
Make timestamp and LAT-LONG fuzzy?
** Make timestamp and LAT-LONG fuzzy?
What data rights can a user authorize for third parties?
* What data rights can a user authorize for third parties?
propagation rights (can I give this to someone else?)
** propagation rights (can I give this to someone else?)
public rights vs. directed/assigned rights (e.g. for anyone to use vs. for specific entity to use)
** public rights vs. directed/assigned rights (e.g. for anyone to use vs. for specific entity to use)
anon/non-anonymous
*** anon/non-anonymous
Most rights issues/rats nests are associated with assigned rights
*** Most rights issues/rats nests are associated with assigned rights
How long you can use the data for? Keep the data?
** How long you can use the data for? Keep the data?
Rights to cease use, remove data(?) + confirmation(?)
** Rights to cease use, remove data(?) + confirmation(?)
Can't use this to try and find/identify someone - reverse-engineering rights
** Can't use this to try and find/identify someone - reverse-engineering rights
commercial/non-commercial?
** commercial/non-commercial?
Contact me (e.g. DNC)
** Contact me (e.g. DNC)
Compare to IRB
** Compare to IRB
Contract rights
* Contract rights
Investigate proactively - what is it that pandora might want to do? What is reasonable?
** Investigate proactively - what is it that pandora might want to do? What is reasonable?
give me audio recommendations
*** give me audio recommendations
use for product development
*** use for product development
Don't cross-correlate/aggregate (e.g. social network correlation, Ben Laurie) - piercing identity/privacy data
** Don't cross-correlate/aggregate (e.g. social network correlation, Ben Laurie) - piercing identity/privacy data
Endorsement / assignment to my identity
** Endorsement / assignment to my identity


===Core Requirements===
===Core Requirements===
what data is going to be captured
* what data is going to be captured
where is it stored and in what format
* where is it stored and in what format
how does one identify oneself / assign identity
* how does one identify oneself / assign identity
what's the minimum functionality that needs to live on the device
* what's the minimum functionality that needs to live on the device
what's the minimum functionality that needs to live remotely
* what's the minimum functionality that needs to live remotely
additional / core functionality to prove value necessary?
* additional / core functionality to prove value necessary?
Determine protections for communication and storage between client app and repository authenticated, encrypted, etc.
* Determine protections for communication and storage between client app and repository authenticated, encrypted, etc.
Draft requirements
* Draft requirements

Revision as of 10:37, 14 January 2009

12/12

Parking Lot

  • Where is data stored? Does it sync locally?
  • Is there any concern from collaboration stations and partners that there's no exclusive access to data / analytics?
  • What do we capture? Application behavior data?
  • Security / encryption on the stored data? Which bits?
  • How best to communicate and promote the ListenLog concept and where the key benefits and differentiators are? How do we address naysayers and differentiate from alternative approaches, e.g. APML?
  • How do we do identity? How do we make it swappable? Do we use icards, openID, Oauth?
  • How do we start the service without identity? (e.g. access to device ID?)
  • Do users have control over what's stored?
  • What's the absolute minimum of device-side functionality?
    • Opt-out(?)
    • Change repository
    • Assign identity
  • Where does legal and TOS come in? (see rights and contracts below)
  • Does anyone enforce standards compliance?
  • Who does the work / coding?
    • PRX + who?
  • Do we think about revenue / sustainability? PRX has two roles here - one to build codebase and standards for storage, the other to think about services and how we'd use the data.
  • Do we do opt out for data capture? (probably yes)
  • Do we provide "public by default," e.g. ubiquitious, anonymous access to the data out of the box (probably no)
  • Can we open source iphone bit? Publicly available libraries?
  • What's in the first release?
    • Should we provide ability for users to release data? How and to whom? What capacity for sharing? What terms? Anon vs. nonanon?
  • Does there need to be database legal protection underlying data rights access to drive user terms?

12/13

  • How do we make the data inherently more anonymous?
    • Match account data between logs
    • Make timestamp and LAT-LONG fuzzy?
  • What data rights can a user authorize for third parties?
    • propagation rights (can I give this to someone else?)
    • public rights vs. directed/assigned rights (e.g. for anyone to use vs. for specific entity to use)
      • anon/non-anonymous
      • Most rights issues/rats nests are associated with assigned rights
    • How long you can use the data for? Keep the data?
    • Rights to cease use, remove data(?) + confirmation(?)
    • Can't use this to try and find/identify someone - reverse-engineering rights
    • commercial/non-commercial?
    • Contact me (e.g. DNC)
    • Compare to IRB
  • Contract rights
    • Investigate proactively - what is it that pandora might want to do? What is reasonable?
      • give me audio recommendations
      • use for product development
    • Don't cross-correlate/aggregate (e.g. social network correlation, Ben Laurie) - piercing identity/privacy data
    • Endorsement / assignment to my identity

Core Requirements

  • what data is going to be captured
  • where is it stored and in what format
  • how does one identify oneself / assign identity
  • what's the minimum functionality that needs to live on the device
  • what's the minimum functionality that needs to live remotely
  • additional / core functionality to prove value necessary?
  • Determine protections for communication and storage between client app and repository authenticated, encrypted, etc.
  • Draft requirements
Retrieved from "http://cyber.harvard.edu/projectvrm/?title=ListenLog_Meeting_Notes&oldid=3221"