Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Privacy

Private Personal Agents vs. Microsoft's Passport 138

Posted by Cliff from the how-private-data-should-be-handled dept.
stefaanh asks: "With the recent MS Passport concerns, I remembered an 'IEEE Expert' 'JANUARY-FEBRUARY 1997 article called 'Managing your privacy in an on-line world' written by Michael McCandless. It talks about why you would hand out private information (on the Net), and proposes a personal agent that manages your info, in a way that you control, what, who and when to give out a selection of your sensitive data. Who benefits: you, and the companies that don't pay for outdated or inaccurate data anymore, but [pay you] for accessing correct data. Since I consider Passports 'security' not as serious as the potential of consumer tracking, what sits in the way for this personal agent to challenge the threat of Passport's centralized approach? Isn't the time right for such an implementation?"
This discussion has been archived. No new comments can be posted.

Private Personal Agents vs. Microsoft's Passport More

Private Personal Agents vs. Microsoft's Passport

Comments Filter:

  • Privacy? (Score:1, Interesting)

    by Anonymous Coward
    What privacy?

    Didn't you watch Ashcroft's announcement how fighting the terrorism means that you have you sacrifice your privacy to the FBI? If you haven't done anything, you've got nothing to fear, right?

    • This truely scares me. No words can describe the terrible events of Sept. 11 and there are things that can be and should be doen to improve security like having well paid, well trained FAA people at security checkpoints, and although im loath to say this face recognition software at those bording gates as well.

      However, for the Atty General to want to trash the Bill of Rights which is was supposededly sworn to uphold is a far greater threat than any terrorist act.

      Think of all the people that fought in previous wars and gave their lives to protect us from random police searches.

      This is one of the most fundimental freedoms we have.

      Am iI the only one to see Mr Ashcrofts actions as spitting on all the veterens of every war since 1776?

      I hope those who cherish freedom can help in this, I for one am going to donate to the EFF.

      If we let the FBI (et al) randomly scoure our comunications, then the terrorists have won, and iI am not ready for this.

      I do not want to live in a 'banana republic' however if we allow this invasion of our privacy, the next White House news conference may very well look like THIS [bihlertech.com]
      • We must absolutely protect our privacy, as it will come increasingly under attack. The war on terrorism will (in my opinion) never be won, and every time there is an attack, privacy will slip away more and more.

        Ohh, and why the heck aren't there security guards on aeroplanes?

  • Privacy rights are still an issue. (Score:3, Interesting)

    by www.sorehands.com ( 142825 ) on Monday September 17, 2001 @01:12PM (#2309795) Homepage
    How secure is this data? I don't mean in the sense of encryption or hacking, but being subject to subpeona.

    The police will be able to come to your door and demand your electronic wallet. Or in an auto accident, the opposing party can demand it in discovery. Think of the black boxe in your totalled vehicle, now in the possession the insurance company. What if it contained GPS data?

    • Or in an auto accident, the opposing party can demand it in discovery.

      Please keep in mind, that Passport is a global thing, while the problem above is a problem of US law. No such possibilities exit in most of Europe. The opposing party has no means to demand private information from you or other parties.

      Not the whole world has the virtually nonextistent privacy laws the US has. In fact a lot of the data trading with private data going on in the US would be criminal in, e.g., Germany.
      • "Hello... Foriegn Leader? Hi, this is GWB calling. I was wondering if you would like to impliment all of our suggested internet security measures as detailed in the email my boys sent you last week? Oh, you were unsure about which bit? Look, let me take this opportunity to assure you that if you find anything whatsoever in these suggestions to be iffy, then we will have no hesitation in turning your county into a glowing, smoking crater. What's that? 110 percent. That's great (thumbs up to advisors sitting quietly across desk)- knew we could count on you. Bye"
        • This is exactly the attitude that fosters hatred of the USA.

          Running around telling the rest of the world what to do because you are so big and invulnerable doesn't work.

          I was hoping the US might figure this out sometime soon but given Bush's recent pissed off bully style behaviour it appears not.

    • The police will be able to come to your door and demand your electronic wallet. Or in an auto accident, the opposing party can demand it in discovery. Think of the black boxe in your totalled vehicle, now in the possession the insurance company. What if it contained GPS data?

      Those aren't privacy rights that you've mentioned above. There is not an obligation for someone to be able to lie to a court order or subpeona. And as a private citizen, you don't have that right. The important thing is that you have control over your data.... when you're faced with a subpeona, you don't really have control over your data, except that you can fight the subpeona.

      Your concern seems to be that you should be able to turn off data collection. You should disable the data collection when you don't want a record kept (a.k.a. use cash, or disposable PayPal account, etc.). But having a user-side agent isn't a bad thing.

      Sujal

    • Umm, how is this any different from the centralized approach?? At least with a decentralized agent supplying this data to those that you authorize it to you are in control of who gets it, not some faceless corp. Remeber when all of the dot-coms that promised not to reveal personal information started dying?? "Private" Customer information was often the first thing they sold. In addition, at least now people will have to ask YOU for the information instead of sending the subpoena to Microsoft......

  • Mozilla has this feature (Score:3, Interesting)

    by epsalon ( 518482 ) <slash@alon.wox.org> on Monday September 17, 2001 @01:12PM (#2309796) Homepage Journal
    It keeps your personal data (optionally encrypted) and fills in forms for you. You can then select what data you want actually sent.
    Is this what the asker referred to?
    • From what I understand this only works for previously filled out forms.

      What is really needed is someone to release a standard for form field naming (i.e. name_first) then when confronted with a form you can select to fill all recognized form fields from an encrypted password protected database kept on your computer. Then it would nice if you could transfer this this database, encrypted and password protected, to sync up your other computers. This would make MS .net authentication less attractive.
      • What is really needed is someone to release a standard for form field naming (i.e. name_first) then when confronted with a form you can select to fill all recognized form fields from an encrypted password protected database kept on your computer.

        What's the point in encrypting your name? Or address? The only useful stuff to keep encrypted would be passwords to web sites. Possibly credit card numbers, if you're paranoid. Remember that to be really secure you'd have to protect this stash with a long and secure passphrase. If you worked in an office, you should not cache this passphrase, so you type it in each time. Is it really worthwhile?

        Having a standard name for the fields and auto-fill is a good idea, but it will never happen in reality. Can you really see all an Italian web sites having visitor-book scripts with labels in english? A web site may start out as local but end up as global. I'm sure many do.

        Opera has auto-completion of name, address, etc which I have found to be useful. I never put my email address in any app such as a newsreader or a browser, btw.

        bLanark
        Standards are great! There are so many to choose from!

  • Look guys... (Score:1, Interesting)

    by Anonymous Coward
    I don't like tracking, and I can remember multiple, non-obvious passwords. A lot of other people can't, and most of us don't have any serious data to protect. Passport isn't perfect, but nothing is. It simplifies life for a lot of people, they like it, they WANT to use it, so why not just leave them alone?

    Better yet, write another open source replacement that copies the commercial versions features, only make it WORK and don't do it in JAVA for Chrissake....

    'Gassport' perhaps?
    • Nothing's perfect, but some things are more perfect than others. Passport is not perfect in many ways-- security, the group that controls it, single-point-of-failure concerns, scaling concerns, etc.

      *I* want to manage my own personal data; it should be up to *me* to handle it. There is no reason a public-key system shouldn't work in a peer fashion for single-login authentication. Security would still be a problem, but a security breach means only one person has to deal with it. An *individual* should be responsible for maintaining their own identity, just as they are responsible for maintaining their own wallet or house.

      Just my views on this, but I think a combination would work well-- by default, a person can manage their own data, but proxy sites can be set up to manage it for them, like passport does currently.

  • Only one sentence (Score:1, Insightful)

    by Anonymous Coward
    The software that manages your personal information should run on your personal computer.

  • The ultimate personal agent (Score:5, Funny)

    by Invisible Agent ( 412805 ) on Monday September 17, 2001 @01:16PM (#2309822)
    a personal agent that manages your info, in a way that you control, what, who and when to give out a selection of your sensitive data.

    Boy, I think I already have one of these. It's called my brain, and when a web site asks me for personal information, I consult with my brain to see if I want to give it to them. Then, I use another technology called my 'keyboard', and type in the relevant data. It takes about 30 seconds usually, and it has none of the potential vulnerabilities that come from entrusting my data to some 3rd party.

    Are people really this lazy, or am I missing something?
    • Yes but don't forget that our era is based on laziness. Anything that makes our lives just that tiny little bit easier is essential to some people. How many people will spend 30 minutes looking for the remote when they could just walk up and change the channel?

      Then theres people like my father who *can't* remember half their information. Sometimes i have to call him to get his new email address cause he forgot his password and had to register a new account.. now if only he could get a fingerprint authenticy device to log him into one server that could feed whatever else to whatever site he needed...

      I don't know, Its a good idea for some, and a bad idea to others. It depends on what you like. just respect other peoples' choices to decide what THEY like...
      • Wouldn't a program on your computer, which stores your info encrypted, and then sends it out when it gets a finger print work? And would also mean you don't have to store your info on a third party?
        • And if his hard drive crashes, he's essentially lost everything.. Theres two schools of thought on that, some believe its safer to keep your info at home, and others think an offsite storage is more prudent. I personally aggree with you on this subject, but i was just pointing out why people use these services, not saying that i think it's a great thing..

    • I think you're missing something.

      "They" are trying to come up with a system so you don't HAVE to type that data in over and over (good for those of us with RSI). The corporate world throws in the added benifit for themselves of keeping the data that allows them to profile and target consumers. What we need is a system that benefits us. I don't mind helping a company out but I want to choose when to do it.

      You can argue that if you don't like it you don't have to do it, but what if it becomes a wide spread system? What if for some assinine system the US government started using MS passport to log into the IRS page and you HAD to file electronically? You start getting boxed into a corner. It's important that we have some say over the information profiles on us.

    • Re:The ultimate personal agent (Score:4, Insightful)

      by jheinen ( 82399 ) on Monday September 17, 2001 @01:25PM (#2309868) Homepage
      It doesn't matter if people are lazy or not. Your brain and keyboard don't mean squat when you want to order a book from Amazon and it says "Passport required." When all commercial sites require this, you are left with no choice but to sign up and have your data managed by M$. Either that, or forgo purchasing online and start buying all your stuff from brick & mortar shops with cash.

      -Jeff
      • Door number two, "local vendor," thank you very much.
        • I agree! When it comes to having no choice left (all online shops enforce passport), I'm heading down to Chapters.

          I will not be forced to use bad technology simply because the rest of the World thinks MS knows how to look after their data.

          -Ben
      • This is what "competition" is all about. Vote with your dollar. If amazon starts requiring a passport login, they'll lose my business and I'll tell them why. There are plenty of others that don't require it and aren't likely to (Powell's [powells.com] for one, at least for books).
        • The words that come to mind are "slippery slope." I am a lifelong non-driver. When I was a young adult, I was able to live my life unencumbered by *any* form of ID, and became quite accustomed to doing so. Nowadays I must carry my passport (the govt-issued one, not MS's).

          Once 80% of the population have Passport, how many voters would object to a government requirement that you have Passport (or its equivalent) to do your taxes? Or to do any monetary exchange?

          Vote with your dollars on that? I don't think so.

      • Forget the commerical pages... maybe all pages. Try going to starbucks [startbucks.com] and you can't read any page there (even the privacy policy! [starbucks.com] ) without passport cookies. All I wanted to do was to check on there 802.11b implementation progress - not even buy something over the web.
        • Then they just loose business, right?
          No way in hell I am going to fill out a form to read their public info.

          Besides, instead of Starbucks, get thee a coffe pot and make your own.

          Bhudda
          • Then they just loose business, right? No way in hell I am going to fill out a form to read their public info.

            Right. But it does no good for you to just not shop there. It is important for you to email their site designers and TELL THEM "you have lost my business because you have given me no alternative to shop without MS-passport".

            http://www.starbucks.com/customer/contact_forms.as p?nav=3i

            Be fore-warned: Unfortunately, the idiots require javascript to submit this form, on top of everything else.

            But I think it would definately get their attention if 20 different people contacted them with this.

            NOTE: do NOT convert the above URL to a link. It will look better if they cant see the complaints all came from one place like slashdot.

        • Point well taken except you mistyped the html.

          Starbucks [starbucks.com] is here. Note the "Passport" login at the top right of the page.

      • At OpenPrivacy, we are building a framework to separate who you are from what you do, so that you can contract with an agent (via a pseudonymous nym, so even the agent doesn't know who you are) to act as your "book recommender." This agent could be loaded with not only the books you're bought from Amazon, but also relevant magazine subscription, web sites, and, of course, books bought from other sources online or in meatspace. This agent would present this info to Amazon - perhaps via a Passport - as representing person X (or a demographic segment of size Y with Z tastes). After Amazon makes its recommendations and this information is returned to the user via an onion-routed delivery path, the user could go to Amazon and buy what they want. Or somewhere else, if Amazon won't play unless you have a Passport, which I doubt will happen.
      • Your brain and keyboard don't mean squat when you want to order a book from Amazon and it says "Passport required." When all commercial sites require this, you are left with no choice but to sign up and have your data managed by M$. Either that, or forgo purchasing online and start buying all your stuff from brick & mortar shops with cash.

        The moment Amazon does this, the moment they lose my business. I can go down to Chapters, sit in a comfortable chair (with a Starbucks only a few steps away, no less), and read ALL DAY, without ever being asked to buy anything. When I find something I like, I buy it at my own leisurely pace.

        It's civil, and it doesn't require my data being held by third parties [for my own protection/because I'm a fucking moron like all the other consumers].
      • When all commercial sites require this, you are left with no choice but to sign up and have your data managed by M$.

        Simply place your order on the the phone. And mention that you refuse to use Passport. They will get the message.

    • Boy, I think I already have one of these. It's called my brain, and when a web site asks me for personal information, I consult with my brain to see if I want to give it to them. Then, I use another technology called my 'keyboard', and type in the relevant data. It takes about 30 seconds usually, and it has none of the potential vulnerabilities that come from entrusting my data to some 3rd party.

      And it has the nice advantage that access control is already built in. I mean, if you trust something like Passport, you have to _really_ secure your access to it.

      Regular sweeps for bugged keyboards. No passwords while somebody looks over your shoulder. No writing down of passwords. ... Sounds actually more complicated to me than just typing in private date when you want to give it.
    • I am surprised no one pointed out the other problem with this way of doing things: You have no control over that data once it leaves your keyboard.

      Yes, you can spend time reading their privacy policy (more than the 30 seconds you allotted), but then you have to worry about the data being sold (and the privacy policy changing post de facto).
    • Are people really this lazy, or am I missing something?

      Passport isn't about saving keystrokes, it's about control, specifically who has access to your personal data and for how long.

      As slashdot has reported in the past, Failed Dotcoms Like Selling Private Customer Data [slashdot.org], and a most recent example of this is Egghead.com selling its customer list to Fry's Electronics [slashdot.org] Twice already I personally have knowingly been bitten by this (CDNow and Egghead) and I have no idea what websites I may have bought a book or CD from in the past that may have failed with my personal info in their databases or haven been sold to a competitor. With a system like Passport, I specify what which websites have information about me, what information they get to see and exactly how long keep this information.

      This is just one of dozens of possible Passport usage scenarios.
      • How does that work? The sites you allow information can just copy your personal information ("keep it locally for convenience") and they have it forever.

    • Boy, I think I already have one of these. It's called my brain, and when a web site asks me for personal information, I consult with my brain to see if I want to give it to them.


      Yeah, but then I have to remember which false information I gave for which site. It would be much nicer if my computer could remember that I told ebay.com that my name was Bill Gates and I was born February 10, 1970, but when I signed up for hotmail.com I used the name Joe Schmoe and the birthdate May 16, 1975.

      • Yeah, but then I have to remember which false information I gave for which site. It would be much nicer if my computer could remember that I told ebay.com that my name was Bill Gates and I was born February 10, 1970, but when I signed up for hotmail.com I used the name Joe Schmoe and the birthdate May 16, 1975.

        This is true, the other day we worked out that the three people in our house have about 10 email addresses total -- all in production, not counting dead ones -- and that includes my 4yr old son (ok he only has one).

        R.

    • With about 30 different accounts (including /.), currently adding two or three every month, the amount of accounts is hard to keep track of. Sometimes my prefered username already exists at a site. I use the same passwords over and over again, but sometimes a minimum length is required, or it has to contain at least one number or so. I have to write some of 'em down in order to remember. I can see the advantage of a 'personal agent'.

      Try working of two or three computers and answer some of the alternatives mentioned in the discussion:
      • store file on hard drive: no option;
      • store information in cookies: no option;
      • store information at Microsoft: not prefered!;
      It would be convenient - though lazy - to have such a personal agent. Security and privacy are the real issues here, not laziness and preference. How do you keep companies from reselling your information? How do you keep them from sending you unsollicited mail? Especially interesting question: would such a personal agent be safe enough to store my credit card data??
  • yeah, let's call it "Passport" and bundle it with XP so that we can manage our information from our desks and have it centralized at the same time. sure it will be suceptible to attack, but it would be convienent; oh wait, it alread is.

    • Re:ugh (Score:2, Funny)

      by Lonath ( 249354 )
      Fortunately, I am working on a free replacement to Passport. It's called GMOTB (GNU Mark of the Beast). All versions will be version 6.66. The software is free (as in beer) and free (as in speech), except you will have to give us an irrevocable perpetual non-exclusive license to your soul. We will not have to safeguard your soul or keep it private, and we can cross-sell souls with some of the other companies with businesses in this same IP space (such as the Christians and Muslims). Even though they don't like us very much. We are protecting our IP space from thieves like open source advocates by enforcing our patents in several key areas including "A Method and Apparatus for Parallel Achievement of Salvation", and "An Apparatus for Storing Large Numbers of 1's and 0's and Changing them Periodically to New Arrangements Based on their Current Arrangements to Create Mathematical Models of Real-World Phenomena". Needless to say, although Bill Gates has been one of our strategic partners for a long time, we feel it is important enough to win in this market segment that we have struck out on our own to give consumers true choice.
  • Before you know it, when you go to a store to make a purchase, instead of being asked for your address and phone number, they will ask for your IP address.

  • Maybe I'm missing something? (Score:3, Interesting)

    by mjh ( 57755 ) <mark@ho[ ]lan.com ['rnc' in gap]> on Monday September 17, 2001 @01:19PM (#2309834) Homepage Journal
    Even if we have dedicated networks to homes, and even if those networks are deployed to everyone's home like telephones, and even if we create this cryptographically secure database, how do we prevent someone from getting information out of it, and then reselling that information to someone else?

    I think that this guy has an interesting idea, but I don't think that it's necessarily a solution for the privacy problem. I do very much like the idea of flipping a switch on my home PC to invite people to advertise to me for services that I need at the current time (e.g. my washer just broke and I need a new one). But how do I then prevent the phone number, contact information, interests, etc that I just gave out to Sears (et al) from getting stored in their own database and being resold to someone else?

    Did I miss something in the article that addressed this?
    • In the UK, we have something called the Data Protection Act. It basically says "Don't give out your customers data unless they ask you to."

      I believe similar laws exist in the rest of the EU.

      Now the downside: A lot of contracts specify that you are waiving your data protection rights (eg credit cards, so they can run a little "bad credit" clearing extortion racket on the side). This is dodgy, and a lot of consumer rights groups are pissed off about it. Hopefully it will be changed.

      Other contracts have tiny boxes saying eg "tick here if you don't want to not invalidate your data protection rights" or something equally bewildering, so a lot of people have no idea what the box means, and end up giving permission for their data to be sold.

      Anyway, a law like this could work.

      But if you want a technical solution for your particular problem, there are a couple:

      1) The advertising requester could create a proxy with a one time address that would then be deleted when you no longer want that bunch of adverts. They don't need info about you and they don't need to correlate it. They just need info about your requirements.

      2) (My favourite) everyone just publishes information about their services on thier website in a machine understandable form ( eg similar to the BizTalk XML schemas without the broken licence) and multiple search engines indexes them. Then you put in your query, and get the list of services that fit your requirements. And contact them in whatever way you see fit.

      Anyway, enough rambling..
      • n the UK, we have something called the Data Protection Act. It basically says "Don't give out your customers data unless they ask you to."

        Yeah, but not in the US.

        Funny thing about being in the "land of the free".
        a lot of times, the "freedom" applies more to businesses than to people.

    • But how do I then prevent the phone number, contact information, interests, etc that I just gave out to Sears (et al) from getting stored in their own database and being resold to someone else?
      You can't, that is why you only give them some temporary contact info. I'm thinking of something like a sneakemail address, iwantawasher9382@myhomenetwork.whatever. When you buy the washer you want, you kill the address. Then you no longer have to care if they sell it to whoever is stupid enough to pay for a dead address.

    • I think you did miss something...

      Who benefits: you, and the companies that don't pay for outdated or inaccurate data anymore, but [pay you] for accessing correct data.

      I for one would like for spammers to pay me for all the mail they send me, instead of whomever they are paying now...

  • ESR on the WTC Attack (Score:1, Offtopic)

    by szcx ( 81006 )
    Boneheaded, opportunistic comment of the day [salon.com]. Last week Jerry Falwell blamed the WTC attack on the ACLU, feminists, and gays. Here's what ESR has to say about it;

    Raymond, the libertarian open-source guru, known for his love of firearms, suggested that if the passengers of the hijacked jets had had guns the four-plane tragedy might have been prevented: "We have learned today that trying to keep civilian weapons out of airplanes and other areas vulnerable to terrorist attack is not the answer either -- indeed, it is arguable that the lawmakers who disarmed all the non-terrorists on those four airplanes, leaving them no chance to stop the hijackers, bear part of the moral responsibility for this catastrophe."
    The story about this took less than five minutes to be rejected by the editors. Apparently when your stock is circling the drain, a member of the Board of Directors saying something like that isn't something you necessarily want publicised.

    Think air rage is bad now? Try arming those drunk businessmen and see what happens.

  • I know of some people thinking about implementing identity managers (mostly in germany). They center around the idea of "user-side" managment (as opposed to - you know it - passport).

    Myself i have the vision of a central Identity managing agent which basically

    let's you define identities in one central place (name/pgp-keys/ssh-keys etc.)

    provides interfaces (corba/c) to other programs (e.g. email-clients) to use the current identity settings

    acts as an ssh-agent

    acts as an pgp-agent (much the same way as the ssh-agent does)

    generally manages Identity-Information in profiles (like business-profile1, privat1,privat2, anonymous)

    spawns and configures proxies intercepting network communication (mostly smtp/http-proxy), filtering/altering cookies and other identification elements

    aids in encrypting personal stuff

    could run on embedded (more controalable) environments/chipcards

    I guess the agent itself should be very lean. The gui to configure/login is separated. And the programs using the ident-information (email/browsing/logins/Formular filling) should be separate too. And this has to be a free project not owned or controled by any company, i guess.

  • Personal Agents? (Score:2, Interesting)

    by j-beda ( 85386 )
    While it might be good to have complete control over your data and agents by way of not having Microsoft or anyone else store the sensitive information, it does make it a little less convenient to have to do the maintenance yourself.

    Having to carry all that information with you (maybe in a PDA or something?) if you want access to it is an additional burden.

    Perhaps having an open standard for exchange of this type of information such as done by http://xns.org/ [xns.org], would allow multiple competing agencies to act as costodians. Give people choice and perhaps some of the control and privacy (and cost) issues would be less pressing than if all data was held by a single player such as Microsoft.

    The article by Michael McCandless (stupid PDF file!) addresses some of the issues that XNS tries to address - albeit with the idea of the personal information residing on your network connected home computer rather than on an XNS-server run by some company that you decide to trust.

    Now if XNS would get around to releasing their open source code examples and the detail technical specifications perhaps there could be more motion to widespread adoption. They claim plans to do so "real soon now".

    With that said, XNS's ecard address book features are pretty nifty even at this early development stage.

    • Why not simply offer remote storage facilities that allow the storage of arbitrary encrypted data? Personal agents can then fetch that data using a username and password through, for example, LDAP. That data is decrypted on the user's computer (or cell, pda, etc.).

      This can be a subscription service and storage prices and access speed would be the points of value for consumers. It also requires nothing from the subscriber except a way for them to pay (pre-paying even?) and a username+password combo.

      No stats tracking by remote sites.
      • Why not simply offer remote storage facilities that allow the storage of arbitrary encrypted data? Personal agents can then fetch that data using a username and password through, for example, LDAP. That data is decrypted on the user's computer (or cell, pda, etc.).

        Well, many of the uses for this type of data require the exchange of the data with others, rather than simply the storage of the data for your own use. It may be nice to have personel access to your medical records in case you ever want to remember exactly which toe you broke in the third grade. It would probably be even more useful if you could allow select individuals such as your current doctor to have the ability to access the information, and only that information, you would grant them access to.

        I want the child-car-seat manufacturer to be always able to send me recall notices and thus I need them to be able to find my mailing address, even when I move. XNS protocols promise this ability while preventing the child-car-seat manufacturer using that information for junk mail, if that is how I set up the privacy contract.

        These types of data exhanges, regardless where the data is stored and who controls the access to it, will require some sort of data-exchange protocol. XNSorg seems to be working towards that protocol development in an open standards way which gives me more confidence than many of the other initiatives I have seen.

        • I don't think you understood my point.

          I was suggesting configuring personal agents on one's own devices to access encrypted data at these remote sites to then send themselves to the websites / services requiring that information.

          Instead of having "ME visit ECOMM site, ECOMM site pass me to PASSPORT, PASSPORT log me into ECOMM site", it would be "ME visit ECOMM site, MY AGENT fetch data from STORAGE SITE, MY AGENT send data to ECOMM site."
          • You are correct, I did misunderstand.

            This is added functionality to just having a data repository, but it does not provide the same level of functionality that XNS could provide - not that MikeBabcock implied that it did of course.

            I do like the idea of privacy contracts that some of XNS's features are built upon.

            • There is almost no need for a privacy contract when using strong crypto and deciding which data to pass along yourself.
      • Novell's DigitalMe [digitalme.com] is something like this. You decide which bits of information other DigitalMe accounts have access to. It has an interface which will log you into all your web site accounts. The only problem is allowing a corporate entity control over the database. Thanks to Novell's distributed Directory Service, it is theoretically possible for a user to choose a trusted entity to host the information.
  • I used to work for Intermind, which morphed into 'OneName', which was the commercial counterpart to xns.org. The open source community just hasn't picked up the XNS ball for some reason. *shrug*
    • XNS has most of the features that people here have been mentioning, but they still haven't released the source for it. They're still saying they plan to, but they're about a year behind schedule in doing so.
    • The open source community just hasn't picked up the XNS ball for some reason.

      There's a really good reason: XNS is vaporware.

      There is no source to be seen. There are still no technical specs to be seen. There are no answers on the mailing list, other than stalling tactics and vague "soons" that have been uttered by those "in the know" since day one.

      The reason the community doesn't pay any attentiong to XNS is because they haven't given anything to pay attention to.

      It's really time for them to put up or shut up.

  • Make it a law: in order to email me or send me junkmail or otherwise harass me with advertising, you must pay me to get my updated contact information. (It'd be like $0.001 per but you know, when someone sends out 1,000,000 emails that's $10000 extra. At the rate of emails that I get, about 30 spams a day prefilter, that'd add up after a while).

    Even if it was like $0.0001 the advertiser could benefit because they would have up-to-date advertising information.

    And if I could indicate what I like and don't like, then they can also target better.

    So $0.0001 if you just want my updated email address, or $0.001 if you want to know what I don't like, or $0.005 if you want to know what I like.

    Pay per use advertising. Nice!

    Scary thing is that it could benefit the advertisers too. =)

  • Rich people already have "personal agents" (Score:4, Interesting)

    by JoeShmoe ( 90109 ) <askjoeshmoe@hotmail.com> on Monday September 17, 2001 @01:43PM (#2309974)
    They are called financial managers. They get all the bills, they keep tabs on all expenses, they handle all dealings with the financial world. All the rich person does is spend it and read reports on the interest they've earned.

    So why shouldn't the rest of us have the same thing? I hate having to update dozens of records across the country every time i change an address or lose a credit card. Switching banks caused a huge uproar in my automatic online banking.

    It's like e-mail. I would have to be a complete idiot to use my ISP-given e-mail box. As soon as a switch providers, its worthless since no ISP wants to offer a nice handy eForwarding option (even for a small fee). They want to punish you for leaving. Not even that, sometimes ISPs decide on their own to change their addresses (like what Netscape did when it bought some free webmail thing, or like MediaOne did when they became part of @Home).

    So what do I do? I get my own domain and give that out. When my ISP changes, I don't care. Update the record in a single place and I'm done.

    Extra layers of abstraction, like this, are desperately needed in the financial sector. I would love to see some AI that could handle the same functions as a financial manager without me having to make enough interest off of my measly savings account to be able to pay his salary.

    - JoeShmoe

    • Passport is exactly like an ISP - think of it as a CSP - a credential service provider. Every issue you hate about ISPs applies. You just haven't figured it out yet cause M$ is almost the only CSP around, and most people figure that since passport is free, it doesn't matter anyways.

      So what happens when M$ decides in 5 years to suddenly charge you $50 a year for passport service? At least you can CHOOSE to switch ISP's! And even if you have a choice in the future to switch to a different CSP - whaddaya know, you still have to enter all your information all over again.

      I hate to break it to you, but passport probably won't make your life that much easier.

      Ultigirl

      • I'm not suggesting we all use Passport, in fact I think it should be avoided for the exact reasons you list.

        The article I thought was talking about agents that we would each be running ourselves, just like any other service (web, mail, ftp). That agent that we run and maintain interacts on our behalf each time some organization needs financial information.

        There would probably have to be some central database, just like there are root servers for resolving web addresses. But there is no reason these databases can't all compete with each other just like registrars are supposed to be doing.

        Point is it should definitely be something that we control or maintain, although low tech users may with to enroll with a CSP provider rather than maintain the service themselves.

        - JoeShmoe
  • How about Freedom from ZeroKnowledge [zeroknowledge.com] up in Canada? It's been a while since I looked at it properly, but it always looked like it was building into exactly what you're talking about.

    Jedidiah

  • A recent MSDN article quotes, "Microsoft will not mine, target, sell, or publish any data contained within the Hailstorm data store without explicit user concent."

    Is there any way to have a "EULA" type thing from the USER instead of the company? Could we take legal action in the same way they can if we violate thier EULA?
    • Is there any way to have a "EULA" type thing from the USER instead of the company? Could we take legal action in the same way they can if we violate thier EULA?

      IANAL, but...

      An EULA is a contract, worded by the company and agreed to you by you. If they state in the EULA to not do something, and they do, you can file suit and win--and any ambiguous wording in the EULA will be decided against them.
      Plus, if you've got the cash you can take them to court and challenge the validity of the EULA yourself. Such legal activities aren't reccommended to anyone without oodles of money--enough money to hire real lawyers, and not IANAL'd Slashdot posters!
    • This does seem to be the intent of the XNS [xns.org] system's privacy contracts. The users of the data have to agree on how the data is used by legally binding contracts before they can have access to the data itself.

      From the FAQ [xns.org]:
      This contract specifies the privacy and security terms governing the data to be exchanged, including the specific privacy permissions and synchronization permissions granted by the data owner.

    • Read further. It sates that the terms can change any time without notice to you. All they have to do is to decide to sell and voila it's all good.
  • I believe that there are several options available to do some similar things today. Zero Knowledge's Freedom Firewall provides an encrypted personal info tool with it's free firewall and cookie manager. You don't even need to sign up for their anonymous web browsing service to get it.

  • the only solution: manage your privacy proactively (Score:2, Insightful)

    by Anonymous Coward
    I've found that the *only* way to effectivly manage your personal information is to fabricate it when the request for it viloates your personal boundaries.

    Everybody treats identify theft as a bad thing; however, I believe that as long as you are ethical in your use of another person's or fabricated identity (ie you aren't using their idenity to commit some sort of tanageable fraud that results in loss to another person or company for the direct purpose of evading prosecurtion), there's absoluetly *nothing* wrong with it.

    Case in point: ebay has *never* had any of my personal information. They might have enough to eventually track me down to a phone number, but then who's to say if actually that means anything. In retrospect (when the .com boom going got a little tough), I'm very glad I made this decision. This does go to show you just how careful you have to be when making this call.

    My windows boxes? All registered to "_" who works for a company called "_@-.com". My word documents? All check with strings and binary edited to remove unwanted tracking information. I'd suggest everyone out there do the same and show microsoft just how irrelivant their user ID is (something that I hope they're not using for passport).

    Some suggested reading:

    Who Are you?
    Inetrrupted Identity
    From Victim to Victor

    The degree to which an alternate identity is used is, of course, up to the users. And obviously, there's some funadmental line in the sand that each of us draw. Mine is my employer. Basically, I believe that it is funadmentally wrong to use an alternate identity for employment. That usually goes a long way towards abreviating any run-ins I might have with the Feds. regarding victimless forms of "fraud" as interperted by the letter of the law. If you're cleaver, other ways to sign documents and fill out government forms that will keep you clear of these issues, but, for me, it's not worth the hassel.

    One of my biggest pet peeves is recruiters and placment sites/agencies that take liberties with my resume, references or other personal information. Recruiters are such information whores (part of their job) and job web sites are even more poorly secured that most ecommerce sites... once the information goes into the hands of recruitment, it's basically public domain. What *really* pisses me off are the government job-kit sites that require your SSN (and threatens the force of fenderal fraud law if you don't supply the correct one). If you've shopped around for a government job, one thing you'll notice is that government bureaucrats required the use of these sites and have you fill out all manner of paperwork and forms in order to reduce their work load. Often, they'll require your SSN to be actually listed *on* your resume (god help you if you mix that up with the regular recruitment agencies).

    Consequently, I use web bugs to track the distribution of documents I write. In particular, my resume:

    http://www.datadoctors.com/webbugs/

    Adding a web bug to your resume is so incrediably easy I don't understand why more people don't do it:

    Microsoft Word
    Main menu
    Insert
    Picture
    From file
    URL in the filename box
    Pulldown: link to file.

    Of course you have to have a transparent 1 pixel gif/jpg out on a web server to which you have access to the log, but hey doesn't every self-respecting geek have one of those?

    I only which this microsoft word feature had the ability to send more information back and perhaps execute some server side code; it would be really nice if you could gain access to word environment variables via the url specification, like this:

    http://www.resume-tracker.com/cgi-bin/trackit?user s-resume?

    Which would serve up a 1 pixel transparent gif/jpg while recording the reader's e-mail address in my log file.

    Or, how about a word macro that automatically inserts a web bug with the date as a filename in each document you write (of course, you'd have to load up your webserver with a bunch of 1 pixel gifs or the macro would have to dynamically publish the new file name out to the server).

    I've also been thinking about extending this technique to web-based or HTML e-mail using javascript/activex, but I don't write a lot of HTML mail (it's fundamentally evil in my opinion).

    Also Adding embedded javascript/active-X into the text input at various job sites meets with varying amounts of success.

    Of course, sending a word or html document that would load the core information (payload?) from a central location using strong encryption would be best

    Upon sending out a few resumes, I've noticed serveral things. First, I can identify those who are well networked. Second, I can track resume age/versions fairly accurately. And finally, I can easily discover which job search sites are the best with respect to the privacy vs. dispersion trade-off.

    A resume isn't a fully fleged meme, but it's close and, as a consequence, I would like to have a little control/information about how it propagates.

    Is that too much to ask?
  • Looking at online stores I think it's a fair deal that they collect the information _they_need_ to do their business in a database - but only that bits they need and with a grant that they use this information only for their business.

    So the problem remains with logging in to their site and people today seemingly unable to remember username&password. So what we need is a standardized login interface (xml-rpc, soap whatever) and a facility in the browser to talk to it.
    The browser would hold a database with URIs (https of course) and login/pw. To add security, this database could be encrypted globally with a user password and per-site with a key the site transmits (or just with the URI said information gets POSTed to).
  • The problem the open source community I think is in it's lack of innovation. Rather than just trying to do "that", only make it open source is a bad approach to ever making any real change, or ever getting people to use your software. The idea should be to do "that", first. When it matters. Just something to think about.

  • Consumer tracking? (Score:3, Interesting)

    by sheldon ( 2322 ) on Monday September 17, 2001 @02:48PM (#2310335)
    I don't want to dismiss the fear, because I think it is important.

    But why attack Passport? How is Passport any more centralized than Visa or Mastercard?

    You don't think credit card companies track your purchases? You don't get a statement at the end of the month? In the case of American Express they send you a statement at the end of the year that even classifies your purchases, so much at restaurants, so much for travel, etc...

    These reactions seem to be more anti-Microsoft kneejerk reactions than any serious discussion of the problems and solutions. I don't see much value in that tactic.
    • It is not because Visa or Mastercard are already doing this, that there is no problem. And yes, it's obvious you see it as an anti-Microsoft action.

      It is more Michael's article that brought me to the subject, years ago. Passport just reminded me of that article. And I am still convinced that technically it should be possible to postpone revealing your identity online until the moment you actually buy a product or service. Everything what happens before that should stay anonymous.

      -- Speaking of Passport: I was particularly upset when I got my "Passport" for "free", even after explicitly declining the proposition during a MSN Messenger update. MS imposed a Hotmail account with its MSN Messenger subscribtion. The Hotmail account splitted to create that free Passport account. With Passport is sure goes in the wrong direction with far more implications involved than VISA's or MC's tracking of buying habits. Passport is far more pro-active. And many Passport users seem to never have had the chance to think, let alone say no.

      And could someone convince me that Passport enabled sites actually never see [part of] your identity without your consent?
    • With a credit card, I hold my tastes, wants and desires; all information relevant to the process of negotiation; back until I am ready to buy. This lets me look around for what I want. With Passport, the minute I click in, I'm attacked with what the vendor thinks I want which is almost always wrong. (Like quorum.org's "relevancy" thingie is always wrong for me.)


      Plus there's a good chance they've got an idea about how much I might be willing to spend. Ever shop on-line for an airline ticket? I shopped for prices, decided what I wanted and went back to it to find the price went up. Huh? It was less than 5 minutes ago! Found a cookie from the airline, deleted it, and the price dropped back down. With a CC, the price is set before they know who I am, where I've been, or how I'm going to pay. All their tracking buys them is what kind of "special deals" to mail me so I can throw them away for them.

    • It has to do with trust. Microsoft has a history of unethical and sleazy behavior. While Visa and mastercard also have had bouts with sleazy behavior it certainly has not been the same pathological degree.

      I for one would much rather trust Visa then MS about anything. If Bill gates offered to babysit my kids I'd refuse.
  • Maybe I'm missing the point, but hasn't Gator [gator.com] been doing this for years? I'm not sure about it's backend and whether it encrypts your data or not, but it keeps your information on your computer and fills in forms semi-automagically. Despite it's reputation as spyware I know a lot of people who use it to simplify their online lives.
  • ...is that they run on hostile computer systems.

    How can you make code that securely holds data, can unlock that data, can not be altered, and runs on systems that you do not control?

    Sooo, which is worse, MS holding data about you on the terms that they won't do anything with it without your permission, or a piece of code running on hostile systems in every corporation that holds more data about you?
    • An agent can very well use remote messaging to communicate. That way, you have the advantage of an agent managing your profile and exercising your policy, without the risks of travelling to a unknown host. Of course, host authentication can solve this problem, allowing save travelling.

      My employer Tryllian [tryllian.com] makes an agent platform that solves a lot of these issues.
  • Another alternative is network based peered agent services that are operated by third parties on the behalf of consumers. This would be similar to having someone run your personal agent for you, or being able to choose between a bunch of different passport service operators. This eliminates the operations burden on end users who are then able to use the trusted third party of their choice to host their information. Access to the information would still be governed based on rules defined by the end user.

    -n
  • I need to get some sleep...

    I read something about a Microsoft agents' personal privates...

    Now my stomach is really upset... :-b

  • Interesting approach (Score:4, Insightful)

    by sfe_software ( 220870 ) on Monday September 17, 2001 @04:14PM (#2310994) Homepage
    I personally hate Passport. However, if a centralized system were done *correctly*, there are a couple of advantages.

    You can use it from any PC. A "wallet" system is just too complicated for most users (it can be transported, but most users won't bother). Plus, if I'm not mistaken, Passport would work from any browser. Wallet systems (which I believe IE and Mozilla both have an implementation) work only on that browser, and on that PC unless you export.

    On top of that, the Passport system is more automatic; get a Hotmail account and you have a Passport account. Use one of the participating online retailers and you have a passport account.

    OTOH, if a "wallet" system were implemented that was cross-browser (if not cross-platform), and more easily transportable, maybe it would catch on. I would trust my data on my own machine long before I'd trust it on a bunch of NT boxes up in Redmond (or wherever)...

    In either case, personally I prefer to judge everything on a site-by-site basis. I often use a different email address for each site, partly so I can track originators of SPAM lists and such... so neither method would work for me.

    Also keep in mind that, if you use a "wallet" system and use the same information at each site, this information could just as easily be shared between sites, and compared/compiled to track your usage, though admittedly it would be more difficult/less likely than a centralized system.
    • Passport would work from any browser


      For now, maybe (and I do mean maybe), but can you honestly believe that Microsoft isn't working on a suite of Passport-related ActiveX plugins (or .Net or whatever) that work on any browser so long as it's an IE version running on a Windows platform? Or an IE release that has native support for HTML extensions needed to effectively use Passport?

      • I'll admit that I don't know much about how Passport works, but I was under the impression that it was a simple cookie-based system, coupled with a redirection through the Passport site for authentication. I thought they really did intend it to be cross-platform, if only due to "internet appliances" and public kiosks that may not be IE...

        I think Microsoft will (or has) probably weigh the benefits of making it IE specific versus the benefits of making it cross-platform. In this case, even MS sees that people will be more apt to use it if they know they can get there using their iPaq or whatever.
    • "Plus, if I'm not mistaken, Passport would work from any browser."

      Try using Mozilla 0.9.4/Linux for registering at passport.com!

      When you click on "register", it will say "Unsupported browser, need at least IE 4.0+ or Netscape Navigator 4.08+" and won't let you register.

      (translated from Hungarian, although I'd rather see this message in English, it would be easier to copy that here)
      • Oddly enough, Mozilly 0.9.4 is my main browser; I don't have access to an IE machine, and I don't keep the older Netscape around any more.

        Maybe, just to get some better insight on all of this, I'll try to register using either Mozilla or Konqueror (with which I can fake the User-Agent if necessary) out of curiosity. Maybe I was wrong on that (I explained my thinking in a different reply above)...
    • Comment removed based on user account deletion
  • Disclaimer: I work for this company.


    Great question! We've [netdestinysystems.com] been working on this solution for a year, and plan to go alpha this month. Basically, it's a privacy firewall and service platform that allows an ISP or other provider (whom you already trust and typically already knows all about you) to customize the content or services you get without your personal info flying all over the net. A sandbox approach even allows content providers to provide customization and policies for it.


    http://www.netdestinysystems.com [netdestinysystems.com]

  • Some of the stuff that goes on in the US is illegal in many other countries. Collection of data without a persons knowledge, use of collected data for purposes other than the specified use, matching of different personal database - these are all illegal.



    Unless the US shapes up it's privacy practices, a lot of US outfits will find themselves involved in foreign lawsuits.

  • Our company has a notice up that specifically rejects passport users and directs them to a link that demonstrates the security flaws in it. The link is below on the info page for those intersted.
  • A centralized storage "solution" for sensitive information cannot work. Compare it to a bank: while in general we can trust banks, it still happens that bank employees take the money and run.

    A personal agent can store your profile data, and have an active implementation of your policy, possibly performing interaction with the owner.

    The advantages are clear:

    • everybody can create their own agents to represent them, putting the responsability where it belongs,
    • no update problems,
    • no single party that everyone must trust.
    • No centralized storage of sensitive information.
    • Depending on the type of application the agent can move to the host or do its work remotely using messaging.

    <SHAMELESS PLUG>
    My employer Tryllian [tryllian.com] sells a platform that from the start was designed to deal with these issues.
    </SHAMELESS PLUG>

  • I guess it would be rather easy to define an open and distributed authentication protocol that uses open encryption algorithms and protocols. Just use PGP/GPG or even SSH as the basis for the protocol.

    I guess there might already be such software?

    You could hold your "PassPouch" on a single client machine, but you could add a possibility to give a "PassPouch" to a centralized server. Then use a trivial negotiation. I guess it wouldn't take too many days (hours?) to implement a simple prototype.

    Or use public key crypto the way PGP or SSH does, and simply give a public key to the sites that need authentication, and implement a trivial negotiation.

    I guess the biggest problem is finding trusted servers for storing the pass pouches. The servers can also be hacked easily, in which case someone could steal your passpouch (which is useless without a password though) and then sniff your password. I think there might be some cryptographic solutions for this. In some earlier Slashdot article someone mentioned that computing in a hostile environment might be possible with some cryptographic solution. It might then be possible to run the authentication code in a secure virtual computer.

    You could also have a number of different pouches for different tasks, if you want to have more security.

    IANACE.

Slashdot Top Deals

"God is a comedian playing to an audience too afraid to laugh." - Voltaire

Close