MS Zone Users Must Use Passport Accounts

pathos writes: "CNet reports in this article that Microsoft, in its continued obsession to get everyone and his/her mother to be a registered Passport user, forced all of it's MS Zone gaming site users (including players of 'Asheron's Call') to open accounts in Passport in order to keep using the service... too bad that a bug with their .NET deployment kept many users not being able to access the service..." Of course, if you run the hotel, you get to say who uses the pool ...

Makes sense

[jathos]

I hate Microsoft as much as the next *nix guy, but this makes sense to me. If you're going to push a single account/password strategy, you need to implement it yourself first.

If you are going to use Microsoft web services, you have to get used to .NET and Passport. For myself, I'll just continue to choose not to use any Microsoft web services.

Maybe this is not so obvious...

[--daz--]

But the whole point of passport was to provide a single continous logon throughout the MSN suite of web sites.

Why is Zone.com any different?

Business sense.

[Matt2000]

Of course, it looks a little different if you consider things from a business perspective. If you're a company that has 7 different login and authentication systems for their wide array of services, and you could centralize that for cost savings, wouldn't you do it? I would.

The problem with Microsoft is that later down the line someone will say "we should use this massive pile of user data we've got to get volunteers to test our new free brain implants."

Not everything Microsoft does is evil, it's just usually the last thing that they do that turns everything they've done before evil.

Are you surprised?

[Rick the Red]

This is not news. News is if Micro$oft ever announces that Passport accounts are no longer required to access one of their sites.

Predictions:

Microsoft will block access to www.microsoft.com unless you have a Passport account.

When that happens, Slashdot will report it as 'news'.

Re:I refuse to use Passport.

[pi radians]

I have decided to start boycotting the Microsoft. Please also start, if you care about your rights as a citizen of the 21st century.

Dude, I think most of us are way ahead of you. I was boycotting MS when I cared about my rights as a citizen of the 20th century.

I have never paid for MS product. Sure, I've used them countless times, buy not a single dollar of mine has gone to the evil empire.

TOS?

[ryanr]

And if I violate the ToS for any Microsoft service, do I get my passport pulled so that I can no longer access my Hotmail account or anything else that requires it?

Someday this will bite them in the ass.

[Xenopax]

I know we've said this before, but whenever Passport allows access to everyone bank account and stock portfolio the Passport servers will the the target of every black-hat hacker on the planet. And you know that script kiddies will be blasting it constantly with DOS attacks.

I'm sure MS will have excuses for why it happened to, like published security holes and such. But it will be their fault for leaving so much critical information linked to one account.

-Xenopax

Re:who is this supposed to be a surprise to?

[elefantstn]

Hmmm, I was unaware that special legislation was required to make people use their login system for their website. What did I miss?

Terms of Service

[sterno]

Here's a question for people to ponder. What happens if I violate the terms of service of Passport or any attached property of Microsoft? Or more to the point, what happens if Microsoft mistakenly thinks I did but I didn't (like if I was hacked, etc). It seems that as Passport is further extended, this has a greater and greater impact on my ability to do things on-line. What if my bank uses passport? What if I communicate with my doctor through a passport secured site? If I get booted from passport for whatever reason, there could be some serious personal ramifications, and there's noreal recourse for me because I clicked the little "I Accept" button.

I grant you this is a little out there and paranoid, but I think that if passport does become a very fundamental part of on-line authorization systems, this could become a potential problem

Re:Makes sense

[O2n]

Yes - it makes sense.

And be assured a lot of other big guys will back Micros~1 on this one - using the "if you can't beat 'em, join 'em" strategy. I mean, when almost everybody (say, 95% of the people) buying things online will have Passport, who's going to say "you need something else to get my stuff"? You have to have:
a) big balls;
b) a somewhat unique product or service;
c) some nerve

to try to pull this one.

Of course there will be (pathetic) alternatives to Passport - just enough that Micros~1 can say "it's a free market, Your Honor...".

Re:TOS?

[Syberghost]

Exactly. This is why you have to make a decision:

Either use Microsoft for EVERYTHING, or for NOTHING.

There just isn't much of a middleground anymore. Either take the plunge, wipe Linux off your drives, and surrender all your data (personal and PC) to Microsoft, or don't use them for ANYTHING at all.

Get rid of that Windows gaming partition, and just run Linux games. Or don't bitch when Microsoft bends you over like this. It's their service, you agreed to that when you signed up. Even if you signed up with Hotmail before Microsoft bought it, you still agreed to follow Hotmail's terms of service, including updates, and it's been updated.

There are still pockets of things you can do with Microsoft software that don't suck you into the whole mess (such as using Windows 98 for those games), but eventually it's all going this way. Eventually you won't be able to run any of the new games on Win98, and you'll have to make the choice; and when it comes, it'll be a Microsoft product that requires Passport in order to function.

Make your choice, and don't bitch if Microsoft changes the rules after you've agreed to a contract allowing them to. You're a free human being, you make your choices and you live with the consequences.

Re:What's the big deal?

[Rick the Red]

I assume you have to have a "MS Zone" account to play the games, what's the big deal about having a passport account instead?

It's a privacy thing. If you have a MS Zone account and you access some other site, that other site doesn't know who you are, let alone that you have a MS Zone account. Now, if you instead have a Passport in order to play at the MS Zone and go to that same other site, if they use Passport too then that other site not only knows who you are they know where you live and your phone number and your ISP and your credit card number(s) and any other info M$ has managed to collect about you. This may ease checkout at their online store, but if you're not there to buy anything why would you want them to know all this?

It remindes me of Tandy's long-bankrupt Incredible Universe, which wouldn't let you in the the door without a credit check. Hmm, I wonder why they're no longer in business?

Re:This surprised people?

[jd]

There are some differences, as you're probably
aware. :) First, the US Government doesn't own
98% of all usable land. Now, if they did, and they
insisted that some African goat-herder who has
never even heard of the US be a US citizen in
order to continue herding goats, you could expect
a bit of a protest. Quite a bit of a protest.

The point is not that Microsoft is doing something
wrong, because they DO own the service and they DO
therefore have a say on how it is used.

The point is that they have monopoly control on
the desktop, they have monopoly control on the
browser market, and they are rapidly acquiring a
monopoly on the online gaming industry. The
leverage of a monopoly in ONE field to control
another is illegal, never mind three!

And therein lies the problem. The control is not
at issue. It is the abuse of monopoly power in a
seperate field, in order to gain that control,
which is so often the problem. You are simply not
permitted that kind of power, in the US. At least,
in theory. It's not slowed Microsoft any, even
though their actions have been declared illegal,
by numerous courts, over monopoly abuse.

(And here you were, thinking Monopoly was just a
board game!)

Why is this under "Your Rights Online"

[Quarters]

This has nothing to do with rights. Well, it does, but it has to do with Microsoft's rights. They have a right to use whatever authentication system for their web pages that they choose.

You, as the average internet consumer do not have a right to access some companies pages without using the access mechanism that they choose. You do have a right to not grace that company with your business, though.

Really, can someone explain to me all of the mis-directed righteous indignation at Microsoft over this? It's a non-issue. If you don't like what MS has done with the Zone...tough. Just go play elsewhere.

I agree, there.

[Anonymous Coward]

I can still play MechWarrior 4, for example, I just can't be an 'uber stat monkey' and sit around on the zone all day making fun of people who can't stand against my ph4t sk1llZ. :p

And even if future Microsoft games require Passport to play.. So? It's a Microsoft game. They have a right to choose who plays it. As long as it says, "Passport required for play." on the box, why do we have the right to bitch?

..If I want karma on Slashdot, I need to make an account. True, an account also saves preferences and tells the server where to shove that karma. But there's little difference here, because the Zone, for example, required me to make an account to store my MW4 stats.

So they're changing from some obscure account system to Passport. An account is an account. Accounts tend to hold you accountable, too, from what I hear.

Of course, there are alternatives. If I don't wish to endure the Passport system, I can go play, say, Heavy Gear instead. Or insist that Bandai needs to release a Gundam sim. Sure, it's not Mechwarrior 4, but maybe I should be taking that up with the people who sold the Battletech rights?

Rights, there's that word again. Yes, people who create things generally have rights to do with as they please with said thing. I'm an author by trade, and, while I don't feel the need to come out and say, "Hey, Joe Windows User, I don't want you reading my book!", I have the right to say, "Hey! Fred Publisher! You're not reprinting my material without paying me!"

But should I ever want to say, "Hey, Joe Windows User..", shouldn't I have that right? (Granted, it'd be pretty stupid of me *to* say that, but hey, work with me, people.) After all, anything I create is *mine*, to do with as *I* please.

I'm delving into things that are just silly here, but the argument holds with common sense issues too. Just as we don't want foreign nationals electing our president, we don't want people basing programs off of GPL'd code and closing the source. If we have those rights, why doesn't Microsoft have the right to say, "You can't utilize our stat recording system without getting a Passport."?

Perhaps it's just that some people insist the entire world revolves around and exists to serve *them*. (:

Re:Why is this under "Your Rights Online"

[MisterBlister]

I was about to post the same, when I saw this message.

Your Rights Online? WTF?

As Quarters said, nobody is forcing you to use Passport..If you disagree with the idea of Passport, don't use the Zone. Last time I read it the US Constitution (and I'm sure the founding documents of all other countries) didn't grant anyone the right to play Asheron's Call without signing up for a Passport account.

The only way this would be a rights issue, and then corporate more than individual, is if Microsoft were NOT allowed to make such decisions about properties that it fully owns.

Re:Why is this under "Your Rights Online"

[davidhan]

If Microsoft is a monopoly such that users do not have a meaningful choice, their policies may affect Your Rights Online.

Re:Hotel pools

[ConceptJunkie]

Worse, Microsoft is peeing in their own pool.

They've managed to walk a fine line for years between having notoriously bad security, but not bad enough to get into serious trouble, legally or civilly (let's face the whole DoJ thing is a bust). Now _that's_ innovation!

Re:Stinks of a Monopoly

[Erore]

Exactly, in this case it is using its lock-in to a popular site and popular game to drive people to register with Passport.

Someone at Microsoft creamed their pants when they woke up one day and realized how many things they could tie Passport into. And by tieing into it, they realized that they would have 80% of the world on Passport before Joe Consumer realized how dangerous Passport could be.

It's insidious.

Re:Business sense.

[deebaine]

You have described the situation exactly. Lately, say over the past 12-18 months, Microsoft has made several decisions that I regard as outstanding business moves, reminiscent more of the vision of a PC on every desk than of the "what Internet" debacle.

And not only is this a sensible business decision, but also I'd rather have one login and set of user data, all else being equal. Of course, all else is not equal. A single point of failure demands a level of planning, care, and skill that Microsoft does not have or has not demonstrated in the recent past.

It is the track record of their implementations of ideas that makes me terribly nervous, not necessarily the ideas and decisions themselves.

-db

Where's the balance?

[telstar]

When another company does it ... it's called "Single Sign-On". When Microsoft does it ... it's an attack on personal rights and privacy.

Re:Why is this under "Your Rights Online"

[lynx_user_abroad]

Today, it's about playing M$ games or not. Big Deal, right?
Someday you'll understand.
It might be on Tax day, when you realize that you can "choose" to pay your taxes on line (for free, and get your return quickly) using Passport, or you can "choose" to pay the filing fee and wait six months for the return, but not use Passport.
It might be on Election Day, when you can "choose" to vote electronically, from your desktop, and for the Incumbent Party using Passport, or you can "choose" to take time off from work, stand in line at the polling place (in the bad neighbor hood, in the rain) and vote anonymously for the party of your choice.
It might be when you take your car in for an oil change, and "choose" to pay with your Passport-linked credit card, knowing full well that the next time you go on-line every pop-up add will tell you about the neat accessories available for your "2004 Dreadnought SUV" (except for tinted windows, 'cause you already got those) or how 'old' a car with 21,294.6 miles is...
Perhaps Graduation day, when you realize that without a Passport, your shcool won't make a transcript available on-line to potential employers. Of course they can still request one by mail, but that may take up to six weeks, and the job offer may not wait that long...
.
That's what 'monopoly' means, really. It means a condition exists under which a choice which you would otherwise have (or expect to have) does not exist.
Monopolies in themselves are not absolutely bad. In some cases they are naturally occuring, in others they are necessary and beneficial.
But in cases where a company (which, by definition, exists only to make a profit for it's shareholders) can leverage a monopoly to their own benefit and in a way which could destroy the checks and balances we've carefully constructed in other areas, there is due cause to be concerned.
And when that company has a history of abusing prior monopoly advantage, the cause for concern is even more justified.
And when that company can exercise "root access" control of the computers we are expecting to be serving us and making decisions which should only consider the costs and benefits to us, and won't allow us to even look at the source code to verify that our personal information isn't being sent against our will, it becomes a critical concern.
.
Did you really think Microsoft would come right out and say "we're doing this to remain profitable, and we don't care how many other business we have to bankrupt to do it?" Of course not. This is just about games. It's always just about games, right up until it isnt.

Re:Why is this under "Your Rights Online"

[Stultsinator]

Really, can someone explain to me all of the mis-directed righteous indignation at Microsoft over this?

I think this is an appropriate post under this topic. Yes, MS should and will use whatever authentication scheme they want, and if you use their services you need to agree to understand that. However, in order to decide whether or not to use Passport (or buy an MS game title, or whatever) one needs to be informed of the ramifications of that choice.

That's the sort of thing I read these posts for. I personally dislike Microsoft's business tactics, but it's hard for me to justify either to myself or others why their products and services shouldn't be used unless I have a valid argument. Even though "MS bashing" tends to get out of hand here, for the most part the top moderated comments provide valid arguments.

So, from this article I now know that in order to play MS games online I'll need to give them personal information by signing up for Passport. I like AoE, but I'm not willing to sacrifice my privacy to play it. Privacy issues definitely belong under the "Your Rights Online" topic.

The Bigger Picture

[rediguana]

Taken on its own, this doesn't mean much. However, I was just reading an article on The Reg - The Microsoft Secure PC: MS patents a lock-down OS [theregister.co.uk] and this paragraph puts Microsofts plans much more in place...

"the content provider would have to maintain a registry of each subscriber's DRMOS identity or delegate that function to a trusted third party," and the number of unique DRMOSes, the authors acknowledge, could run into the millions."

This fits in very nicely with passport as you can not only authenticate the user, but the system they are operating as well. Not nice when you consider that MSFT has registered patents that include the removal of unauthorised software from the system...

Re:What's your alternative?

[kindbud]

So how do you propose these problems are solved?

What problem? That you can't remember your own passwords? That justifies the titanic investment in infrastructure that Microsoft is making, along with Sun, and everyone else who is throwing their hat into this ring?

I doubt any of them are trying to solve the same, simple problem you want them to solve. How would solving it contribute to their bottom line? Think about it. Has Microsoft ever done anything that didn't reflect their desire to increase the bottom line? Why do you think they are spending a massive amount of money on .Net? Just so you don't have to remember many passwords? I think that's a very silly idea on its face.

But I am sure that they will continue to promote the idea that that are trying to solve that simple problem of multiple accounts and passwords. After all, who could object to that?

Re:Why is this under "Your Rights Online"

[Demonbird]

This, unfortuneately, has everything to do with Rights. Yes, Microsoft can do whatever it pleases with it's properties but the issue is what happens when everyone is using Passport.

What happens when every internet-based company and thier brother starts requiring passport, because they need to integrate with Microsoft or someone else? What's going to happen when it get's to the point that to get anything done on the net, you are fairly well required to be subscribed to Passport? That's a corporation - an artificial entity with no greater motive than profit - taking away my right to choose and remain anonymous. That will never sit well with me, and I am certainly not ashamed of my indignation.

Re:What's your alternative?

[frank_adrian314159]

So how do you propose these problems are solved?

Oh, I dunno... How about an open, documented trust protocol so that more than one trust authorizer could be established? How about having the trust authorizer legally liable for any financial damage cause by their mismangement of trusted information? Have the providers establish bonds or insurance to cover this.

How about extending the current trust infrastructure into the digital domain rather than handing off to one company on a silver platter?

Oh yeah, I forgot... This is America 2001 - private is good, public is bad. Sorry for the slip up. I promise it won't happen again.

Re:What's your alternative?

[lamontg]

But does anybody have a better method of solving the multiple account problem?

Sure, look at your e-mail address and basically copy that architecture. E-mail overloads the DNS system by specifying a MX record that takes you to a mail exchanger. The entire system is very distributed, unlike the centralized nature of passport and hailstorm. So, to create an alternative, just add some DNS records for authentication and user information records for a given domain. Of course for this to work the DNS system would need to be secured via DNSSEC or something similar.

That way, just like I run my own DNS server and my own e-mail server on a box sitting under my desk, I could similarly run authentication and authorization services from a box under my desk. When I logged into a site it would acccept my e-mail address as my username and validate my password against my authorization service sitting under my desk at home. Then the site could be allowed to store cookies and other information it needs on my box at home for personalization of that site (or this could be denied by those who were paranoid about usage tracking). Then when I wanted to buy something it could securely retrieve my credit card information from the authorication server sitting under my desk and use that.

This way I get to control access to all my information, I get to run security on all my information and I'm not affected by any sort of failures (security, availability, etc) in any centralized service (other than the root nameservers, which i don't want to claim isn't important, but its less of a problem than centralized control of everything like passport and hailstorm). For people who don't know how to setup their own mail and DNS servers they could choose ISPs that they trusted, or if they trusted their IS department at work they could use servers at work. Ideally you'd see the current crop of DSL router/hub/firewall/DHCP boxes grow to also offer plug-and-play authentication and authorization for more novice users at home.

This solves both the multiple-account problem and it also solves the multiple access point problem (having uniform accounts and such across your laptop, desktop, PDA, home, work, etc...). It doesn't, however, give one company centralized control over all of the information and the ability to tax every transaction running across the service (as may happen with passport).

I sincerely hope that something like this will come out of the Liberty Alliance. Unfortunately, I don't see much of a business model involved in it. The only hope for this is either in truely altruistic Open Source, or in a consortium of companies that want to avoid the Microsoft Passport Tax.

Opting out

[Animats]

I don't subscribe to any Microsoft Passport services because they insist on being relieved of liability for their mishandling of my personal information.

I don't rent videos from Blockbuster because they insist I waive my rights under the Video Rental Privacy Act.

I don't buy from Amazon because they now insist I "register" before buying.

It's getting hard to spend money.

Re:What's your alternative?

[WolF-g]

One company does not need to control ALL of anyone's information. Credit card companies can continue to hold your credit card number, banks can continue to hold you bank numbers, your phone company can continue to hold your phone number and address, etc. With the help of a central company, one can link much of this information together with a single password, but still having information stored and protected by these original organizations. One profit driven (or even not for profit, motive hidden) organization cannot possibly handle the amount of trust that would be required to have all of this information together centrally controlled, both for technical and trust issues. No alternatives exist because this is a being implimented by a monopoly which will do everything required (not justified) to fulfill their task of remaining at the top in their current fields and new ones. Everyone with a computer that has anything recent M$aft based are already being flooded with reminders to register for this so called optional service that has an agreement over 4 pages long. Someone already mentioned you can't de-list from some of their email lists without a passport, what happened to the law that required prompt removal from unwanted email lists without the need for personal information? They are already breaking the law. Where does this leave the future when undoubtedly all M$aft based computers will require passport to even turn on to it's rent-a-software scheme? It's a grim future for computing and personal privacy if something is not done.