Privacy

Privacy is often not exactly the same thing as security, but it makes sense to talk about privacy in the context of security. Often security vulnerabilities lead to privacy violations.

Chandler will by design handle and manage a lot of personal and private information. Chandler needs a strong notion of identity for certain tasks. If this strong identity, along with any other information Chandler manages, is passed around carelessly, it can lead to privacy issues. Because we want Chandler to be easy to use, many tasks will be automated, which will require automatic access to a lot of sensitive information, and we will need to be very careful in how that information is used.

The rule of thumb is that the user must be in control. Before sending identity information or any other potentially personally identifiable or sensitive information accross the network (or unprotect it locally from some protected source, or download it from offsite to unprotected local format), Chandler must make its intensions clear to the user, and let the user decide. This is a difficult task, since typical users probably don't know or understand the issues. We should have safe defaults, and the best UI we can create to help the user understand.

Minimizing the number of questions asked of the user is also important, since too frequent interruptions will just make the user get rid of them as soon as they appear without any thought to the issues.