Slashdot Mirror

mastergoon writes "MyUID, which has been refered to as an "open MS Passport", has opened their doors to public beta testing. MyUID is a user database system, with the purpose of allowing virtually anyone to refer to its records using only HTTP or HTTPS. Many companies have unified login systems, like Yahoo! and Microsoft, but unlike MyUID, these databases cannot be put to use by any site. As of now there is an alpha release PHP4 connectivity API, which while not feature rich is in full working order. APIs should be available in your favourite language soon. You can view this example of a site remotely connecting to MyUID using the alpha API, and give a go at spoofing a login. They want the security of the login methods tested extensively before going production."

a.h.s. boy asks: "I took a little visit to my usually-neglected Verizon Wireless online account site today, and found myself greeted with the following message: 'Attention This site will not be available for use after October 2002. Please go to http://vzw.msn.com to set up a profile and start using our new VZW with MSN portal.' And now what does it take to login to my wireless phone site? That's right, .NET Passport account. I want one of those like I want a hole in my bedroom wall, however I really do want the convenience of getting my phone information online. I'm sure more and more sites are going to start requiring .NET passports for access, and even if I use bogus information for the Passport, it's still tied to my (quite non-bogus) cell phone records, isn't it? I already sent mail off to the Executive Office of Verizon Wireless to complain, but I can't imagine they're going to care what I think. What are others doing to work around the growing need for a Passport account?" For current customers of Verizon wireless, the question basically boils down to: "Should I stay or should I go?". For those opting for the latter, based on this latest twist, are there other cell-phone companies offering similar features to Verizon's service?

There will be a number of stories out shortly (here's an early one) noting that Microsoft has settled with the FTC over privacy complaints relating to Microsoft Passport. Short summary: Microsoft made lots of false representations about the security of Passport, and collected more information than it disclosed in its privacy policy, and now must be penalized in the usual Microsoft fashion - they must promise not to do it again. The FTC's settlement page has the complaint and settlement documents. We've covered this extensively - All Your Bits Are Belong to Us, EPIC's complaints about the integration of Windows XP and Passport, Microsoft Defends Passport, EPIC pushing state attorneys general to act against Passport, etc. In fact EPIC has an entire page devoted to Passport. The FTC settlement requires two main things: that Microsoft adopt basic security practices (what were they doing before?), and that Microsoft be audited by a third-party to assure compliance - perhaps it will be TrustE, since Passport's privacy policy remains approved by TrustE.

An anonymous submitter writes: "Ladies and gents, the endtimes have begun. The Seattle Times is reporting that Mark Forman, associate director of information technology at the White House (or 'America's CIO', as he bills himself) has said the feds are considering the use of Microsoft's Passport technology to ID every citizen and every business seeking access to government services online. This is about as scary as it gets." To be fair, it looks very preliminary. Read the article. So many companies have tried to assist the government in providing services over the Net... but I guess if your lobbyists are good enough, you can be heard at the top.

alandd writes "As a Microsoft Developer Network (MSDN) member, I just recieved the email below notifying me in order to get special developer downloads, I will have to have a Microsoft Passport account. Passport stores all your private info to share with one click among other sites. Past articles have mentioned some since removed draconian terms of use and there have also been reports of security breaches in the past. Now MS is requiring the technically savy to sign up. I don't want to but my job requirements and MS give me no choice!" No your honor we're not a monopoly. We just use our market share to force people to adopt each of our new products. Click on to read the email

Dear MSDN subscriber,

MSDN® Subscriptions is pleased to announce that the MSDN Subscriber Download Web site at http://msdn.microsoft.com/subscriptions/resources/ subdwnld.asp will soon be upgrading its logon authentication technology to Microsoft® Passport.

Microsoft Passport provides personal authentication services that make it easier for you to navigate between Web sites, and makes it faster and more secure for you to make purchases online.

Beginning in late June, the MSDN Subscriber Download Web site will prompt you to sign up for your personal Passport and associate your current subscriber record to this Passport. After signing up, access to MSDN Subscriber Downloads will be easier, faster, and more secure.

For complete details, and to sign up now for your free Microsoft Passport, please visit http://www.passport.com.

Sincerely,

The MSDN Subscriptions Team

http://msdn.microsoft.com/subscriptions

CT: So, if you want to write code under windows, you must use Passport. Or not use MSDN. And lets face it, if you develop under windows, you must buy MSs tools, and you sure can't use those tools without their docs. Times like this I just sorta throw my hands up in the air and say wow. How long before MSNBC requires it? Windows? IE? Your Visa company works with Microsoft Money, so you can bet that sooner or later, you'll need passport to balance your checkbook and credit cards. Paranoid delusion? Of course not. Windows XP will link my complaints to all sorts of helpful sources of information on medication that can be used to calm my delusions, or the numerous sites that exist to mock me or slashdot, thus undermining my credibility and making me seem like a crazy man to any onlooker.

Ok, I'm obviously exagerating. But you still gotta be a little wary.

Apologies for the AYB title, but that's just what everyone is calling it. Passport is the central repository for your passwords and "personal information" I've looked over the Passport Terms of Use and tried to give them the benefit of the doubt. But I can't read it any other way than this. By "inputting data ... or engaging in any other form of communication with or through the Passport Web Site" -- or any of its "associated services" -- you grant Microsoft the rights to "use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication" and -- just when you were thinking it couldn't get any worse -- "exploit any proprietary rights in such communication, including but not limited to rights under copyright, trademark, service mark or patent laws." Am I wrong? Is that not what it means? And, is Hotmail affected by this?

One of the key questions is what Microsoft means by "associated services." The terms of use agreement applies to "the Microsoft Passport Web Site" which they redefine in the first sentence to mean "a Web site and its associated services."

Later in the terms, they explicitly say:

"The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group (collectively, 'Communication Services')..."

That doesn't sound like a simple site for password- and personal-data-storage to me.

The really big thing that everyone seems to be worried about is, how is Hotmail email affected by this? Here's the Hotmail Terms of Use. So is Hotmail an "associated service"? How would we know? Passport is listed as one of Hotmail's "additional Microsoft web sites and/or services"; what does that mean? If Hotmail is associated with Passport, does that mean Passport is associated with Hotmail? (Is "association" associative?)

And the fact that any access of www.hotmail.com redirects me to a machine at hotmail.passport.com worries me a lot. How could these sites not be considered "associated"?

Some more tidbits...

Don't forget that Passport is a TRUSTe licensee. TRUSTe stands 100% behind their privacy statement, so you can really, really trust that All Your Bits Are Belong To Us. (The joke is that TRUSTe doesn't actually guarantee you any privacy. It supposedly guarantees that, if you can wade through the legal mumbo-jumbo, you'll find yourself being screwed in precisely the way that the lawyers tell you you're being screwed.)

Here's a directory of the sites that use Passport for single-sign-in or purchasing.

You read it here first. Slashdot predicted this eight months ago. "Microsoft Passport And Your Privacy," July 29, 2000: "...I'm sure Microsoft uses it as a user-tracking system more than anything else." Go read Joel's article, from eight months ago, in which he explains how Passport "eliminates the last line of defense protecting your privacy" and how Microsoft will "create a massive consumer information database."

An article in the Daily Aardvark points out that Netscape users have a hard time reading Passport Q&A.

Bryan Smith has a thoughtful rant about what this would mean for open-source software. Dual copyright? Hmmmm. Here's your link, Bryan: "Dual-copyright/licensing" of your IP withOUT your permission.

A RISKS submitter calls it "highway robbery."

Don't forget that Passport is the website for which Microsoft forgot to pay its $35 domain registration fee, back around Christmas '99. This is the company you want to entrust your passwords to?

And finally, All Your Bits may be hard to retrieve once they Belong To Us. jasonjwwilliams writes "After reading about the new Hailstorm.net initiative by Microsoft, and how once integrated with Passport.com, any communcations sent in conjuction with the service in any manner becomes the property of Microsoft, I asked Passport.com to remove me. The response: we don't do that, wait 12 months to be auto-removed. After three e-mails here's the bottom line I received:

"Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account."

"I don't know about anyone else, but I think this is a completely lame response and as far as I understand against the law. Anyone know who to get a hold of? This is arrogance gone too far."

Apologies for the AYB title, but that's just what everyone is calling it. Passport is the central repository for your passwords and "personal information" I've looked over the Passport Terms of Use and tried to give them the benefit of the doubt. But I can't read it any other way than this. By "inputting data ... or engaging in any other form of communication with or through the Passport Web Site" -- or any of its "associated services" -- you grant Microsoft the rights to "use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication" and -- just when you were thinking it couldn't get any worse -- "exploit any proprietary rights in such communication, including but not limited to rights under copyright, trademark, service mark or patent laws." Am I wrong? Is that not what it means? And, is Hotmail affected by this?

One of the key questions is what Microsoft means by "associated services." The terms of use agreement applies to "the Microsoft Passport Web Site" which they redefine in the first sentence to mean "a Web site and its associated services."

Later in the terms, they explicitly say:

"The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group (collectively, 'Communication Services')..."

That doesn't sound like a simple site for password- and personal-data-storage to me.

The really big thing that everyone seems to be worried about is, how is Hotmail email affected by this? Here's the Hotmail Terms of Use. So is Hotmail an "associated service"? How would we know? Passport is listed as one of Hotmail's "additional Microsoft web sites and/or services"; what does that mean? If Hotmail is associated with Passport, does that mean Passport is associated with Hotmail? (Is "association" associative?)

And the fact that any access of www.hotmail.com redirects me to a machine at hotmail.passport.com worries me a lot. How could these sites not be considered "associated"?

Some more tidbits...

Don't forget that Passport is a TRUSTe licensee. TRUSTe stands 100% behind their privacy statement, so you can really, really trust that All Your Bits Are Belong To Us. (The joke is that TRUSTe doesn't actually guarantee you any privacy. It supposedly guarantees that, if you can wade through the legal mumbo-jumbo, you'll find yourself being screwed in precisely the way that the lawyers tell you you're being screwed.)

Here's a directory of the sites that use Passport for single-sign-in or purchasing.

You read it here first. Slashdot predicted this eight months ago. "Microsoft Passport And Your Privacy," July 29, 2000: "...I'm sure Microsoft uses it as a user-tracking system more than anything else." Go read Joel's article, from eight months ago, in which he explains how Passport "eliminates the last line of defense protecting your privacy" and how Microsoft will "create a massive consumer information database."

An article in the Daily Aardvark points out that Netscape users have a hard time reading Passport Q&A.

Bryan Smith has a thoughtful rant about what this would mean for open-source software. Dual copyright? Hmmmm. Here's your link, Bryan: "Dual-copyright/licensing" of your IP withOUT your permission.

A RISKS submitter calls it "highway robbery."

Don't forget that Passport is the website for which Microsoft forgot to pay its $35 domain registration fee, back around Christmas '99. This is the company you want to entrust your passwords to?

And finally, All Your Bits may be hard to retrieve once they Belong To Us. jasonjwwilliams writes "After reading about the new Hailstorm.net initiative by Microsoft, and how once integrated with Passport.com, any communcations sent in conjuction with the service in any manner becomes the property of Microsoft, I asked Passport.com to remove me. The response: we don't do that, wait 12 months to be auto-removed. After three e-mails here's the bottom line I received:

"Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account."

"I don't know about anyone else, but I think this is a completely lame response and as far as I understand against the law. Anyone know who to get a hold of? This is arrogance gone too far."

Apologies for the AYB title, but that's just what everyone is calling it. Passport is the central repository for your passwords and "personal information" I've looked over the Passport Terms of Use and tried to give them the benefit of the doubt. But I can't read it any other way than this. By "inputting data ... or engaging in any other form of communication with or through the Passport Web Site" -- or any of its "associated services" -- you grant Microsoft the rights to "use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication" and -- just when you were thinking it couldn't get any worse -- "exploit any proprietary rights in such communication, including but not limited to rights under copyright, trademark, service mark or patent laws." Am I wrong? Is that not what it means? And, is Hotmail affected by this?

One of the key questions is what Microsoft means by "associated services." The terms of use agreement applies to "the Microsoft Passport Web Site" which they redefine in the first sentence to mean "a Web site and its associated services."

Later in the terms, they explicitly say:

"The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group (collectively, 'Communication Services')..."

That doesn't sound like a simple site for password- and personal-data-storage to me.

The really big thing that everyone seems to be worried about is, how is Hotmail email affected by this? Here's the Hotmail Terms of Use. So is Hotmail an "associated service"? How would we know? Passport is listed as one of Hotmail's "additional Microsoft web sites and/or services"; what does that mean? If Hotmail is associated with Passport, does that mean Passport is associated with Hotmail? (Is "association" associative?)

And the fact that any access of www.hotmail.com redirects me to a machine at hotmail.passport.com worries me a lot. How could these sites not be considered "associated"?

Some more tidbits...

Don't forget that Passport is a TRUSTe licensee. TRUSTe stands 100% behind their privacy statement, so you can really, really trust that All Your Bits Are Belong To Us. (The joke is that TRUSTe doesn't actually guarantee you any privacy. It supposedly guarantees that, if you can wade through the legal mumbo-jumbo, you'll find yourself being screwed in precisely the way that the lawyers tell you you're being screwed.)

Here's a directory of the sites that use Passport for single-sign-in or purchasing.

You read it here first. Slashdot predicted this eight months ago. "Microsoft Passport And Your Privacy," July 29, 2000: "...I'm sure Microsoft uses it as a user-tracking system more than anything else." Go read Joel's article, from eight months ago, in which he explains how Passport "eliminates the last line of defense protecting your privacy" and how Microsoft will "create a massive consumer information database."

An article in the Daily Aardvark points out that Netscape users have a hard time reading Passport Q&A.

Bryan Smith has a thoughtful rant about what this would mean for open-source software. Dual copyright? Hmmmm. Here's your link, Bryan: "Dual-copyright/licensing" of your IP withOUT your permission.

A RISKS submitter calls it "highway robbery."

Don't forget that Passport is the website for which Microsoft forgot to pay its $35 domain registration fee, back around Christmas '99. This is the company you want to entrust your passwords to?

And finally, All Your Bits may be hard to retrieve once they Belong To Us. jasonjwwilliams writes "After reading about the new Hailstorm.net initiative by Microsoft, and how once integrated with Passport.com, any communcations sent in conjuction with the service in any manner becomes the property of Microsoft, I asked Passport.com to remove me. The response: we don't do that, wait 12 months to be auto-removed. After three e-mails here's the bottom line I received:

"Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account."

"I don't know about anyone else, but I think this is a completely lame response and as far as I understand against the law. Anyone know who to get a hold of? This is arrogance gone too far."

Apologies for the AYB title, but that's just what everyone is calling it. Passport is the central repository for your passwords and "personal information" I've looked over the Passport Terms of Use and tried to give them the benefit of the doubt. But I can't read it any other way than this. By "inputting data ... or engaging in any other form of communication with or through the Passport Web Site" -- or any of its "associated services" -- you grant Microsoft the rights to "use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication" and -- just when you were thinking it couldn't get any worse -- "exploit any proprietary rights in such communication, including but not limited to rights under copyright, trademark, service mark or patent laws." Am I wrong? Is that not what it means? And, is Hotmail affected by this?

One of the key questions is what Microsoft means by "associated services." The terms of use agreement applies to "the Microsoft Passport Web Site" which they redefine in the first sentence to mean "a Web site and its associated services."

Later in the terms, they explicitly say:

"The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group (collectively, 'Communication Services')..."

That doesn't sound like a simple site for password- and personal-data-storage to me.

The really big thing that everyone seems to be worried about is, how is Hotmail email affected by this? Here's the Hotmail Terms of Use. So is Hotmail an "associated service"? How would we know? Passport is listed as one of Hotmail's "additional Microsoft web sites and/or services"; what does that mean? If Hotmail is associated with Passport, does that mean Passport is associated with Hotmail? (Is "association" associative?)

And the fact that any access of www.hotmail.com redirects me to a machine at hotmail.passport.com worries me a lot. How could these sites not be considered "associated"?

Some more tidbits...

Don't forget that Passport is a TRUSTe licensee. TRUSTe stands 100% behind their privacy statement, so you can really, really trust that All Your Bits Are Belong To Us. (The joke is that TRUSTe doesn't actually guarantee you any privacy. It supposedly guarantees that, if you can wade through the legal mumbo-jumbo, you'll find yourself being screwed in precisely the way that the lawyers tell you you're being screwed.)

Here's a directory of the sites that use Passport for single-sign-in or purchasing.

You read it here first. Slashdot predicted this eight months ago. "Microsoft Passport And Your Privacy," July 29, 2000: "...I'm sure Microsoft uses it as a user-tracking system more than anything else." Go read Joel's article, from eight months ago, in which he explains how Passport "eliminates the last line of defense protecting your privacy" and how Microsoft will "create a massive consumer information database."

An article in the Daily Aardvark points out that Netscape users have a hard time reading Passport Q&A.

Bryan Smith has a thoughtful rant about what this would mean for open-source software. Dual copyright? Hmmmm. Here's your link, Bryan: "Dual-copyright/licensing" of your IP withOUT your permission.

A RISKS submitter calls it "highway robbery."

Don't forget that Passport is the website for which Microsoft forgot to pay its $35 domain registration fee, back around Christmas '99. This is the company you want to entrust your passwords to?

And finally, All Your Bits may be hard to retrieve once they Belong To Us. jasonjwwilliams writes "After reading about the new Hailstorm.net initiative by Microsoft, and how once integrated with Passport.com, any communcations sent in conjuction with the service in any manner becomes the property of Microsoft, I asked Passport.com to remove me. The response: we don't do that, wait 12 months to be auto-removed. After three e-mails here's the bottom line I received:

"Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account."

"I don't know about anyone else, but I think this is a completely lame response and as far as I understand against the law. Anyone know who to get a hold of? This is arrogance gone too far."

Apologies for the AYB title, but that's just what everyone is calling it. Passport is the central repository for your passwords and "personal information" I've looked over the Passport Terms of Use and tried to give them the benefit of the doubt. But I can't read it any other way than this. By "inputting data ... or engaging in any other form of communication with or through the Passport Web Site" -- or any of its "associated services" -- you grant Microsoft the rights to "use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication" and -- just when you were thinking it couldn't get any worse -- "exploit any proprietary rights in such communication, including but not limited to rights under copyright, trademark, service mark or patent laws." Am I wrong? Is that not what it means? And, is Hotmail affected by this?

One of the key questions is what Microsoft means by "associated services." The terms of use agreement applies to "the Microsoft Passport Web Site" which they redefine in the first sentence to mean "a Web site and its associated services."

Later in the terms, they explicitly say:

"The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group (collectively, 'Communication Services')..."

That doesn't sound like a simple site for password- and personal-data-storage to me.

The really big thing that everyone seems to be worried about is, how is Hotmail email affected by this? Here's the Hotmail Terms of Use. So is Hotmail an "associated service"? How would we know? Passport is listed as one of Hotmail's "additional Microsoft web sites and/or services"; what does that mean? If Hotmail is associated with Passport, does that mean Passport is associated with Hotmail? (Is "association" associative?)

And the fact that any access of www.hotmail.com redirects me to a machine at hotmail.passport.com worries me a lot. How could these sites not be considered "associated"?

Some more tidbits...

Don't forget that Passport is a TRUSTe licensee. TRUSTe stands 100% behind their privacy statement, so you can really, really trust that All Your Bits Are Belong To Us. (The joke is that TRUSTe doesn't actually guarantee you any privacy. It supposedly guarantees that, if you can wade through the legal mumbo-jumbo, you'll find yourself being screwed in precisely the way that the lawyers tell you you're being screwed.)

Here's a directory of the sites that use Passport for single-sign-in or purchasing.

You read it here first. Slashdot predicted this eight months ago. "Microsoft Passport And Your Privacy," July 29, 2000: "...I'm sure Microsoft uses it as a user-tracking system more than anything else." Go read Joel's article, from eight months ago, in which he explains how Passport "eliminates the last line of defense protecting your privacy" and how Microsoft will "create a massive consumer information database."

An article in the Daily Aardvark points out that Netscape users have a hard time reading Passport Q&A.

Bryan Smith has a thoughtful rant about what this would mean for open-source software. Dual copyright? Hmmmm. Here's your link, Bryan: "Dual-copyright/licensing" of your IP withOUT your permission.

A RISKS submitter calls it "highway robbery."

Don't forget that Passport is the website for which Microsoft forgot to pay its $35 domain registration fee, back around Christmas '99. This is the company you want to entrust your passwords to?

And finally, All Your Bits may be hard to retrieve once they Belong To Us. jasonjwwilliams writes "After reading about the new Hailstorm.net initiative by Microsoft, and how once integrated with Passport.com, any communcations sent in conjuction with the service in any manner becomes the property of Microsoft, I asked Passport.com to remove me. The response: we don't do that, wait 12 months to be auto-removed. After three e-mails here's the bottom line I received:

"Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account."

"I don't know about anyone else, but I think this is a completely lame response and as far as I understand against the law. Anyone know who to get a hold of? This is arrogance gone too far."

Apologies for the AYB title, but that's just what everyone is calling it. Passport is the central repository for your passwords and "personal information" I've looked over the Passport Terms of Use and tried to give them the benefit of the doubt. But I can't read it any other way than this. By "inputting data ... or engaging in any other form of communication with or through the Passport Web Site" -- or any of its "associated services" -- you grant Microsoft the rights to "use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication" and -- just when you were thinking it couldn't get any worse -- "exploit any proprietary rights in such communication, including but not limited to rights under copyright, trademark, service mark or patent laws." Am I wrong? Is that not what it means? And, is Hotmail affected by this?

One of the key questions is what Microsoft means by "associated services." The terms of use agreement applies to "the Microsoft Passport Web Site" which they redefine in the first sentence to mean "a Web site and its associated services."

Later in the terms, they explicitly say:

"The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group (collectively, 'Communication Services')..."

That doesn't sound like a simple site for password- and personal-data-storage to me.

The really big thing that everyone seems to be worried about is, how is Hotmail email affected by this? Here's the Hotmail Terms of Use. So is Hotmail an "associated service"? How would we know? Passport is listed as one of Hotmail's "additional Microsoft web sites and/or services"; what does that mean? If Hotmail is associated with Passport, does that mean Passport is associated with Hotmail? (Is "association" associative?)

And the fact that any access of www.hotmail.com redirects me to a machine at hotmail.passport.com worries me a lot. How could these sites not be considered "associated"?

Some more tidbits...

Don't forget that Passport is a TRUSTe licensee. TRUSTe stands 100% behind their privacy statement, so you can really, really trust that All Your Bits Are Belong To Us. (The joke is that TRUSTe doesn't actually guarantee you any privacy. It supposedly guarantees that, if you can wade through the legal mumbo-jumbo, you'll find yourself being screwed in precisely the way that the lawyers tell you you're being screwed.)

Here's a directory of the sites that use Passport for single-sign-in or purchasing.

You read it here first. Slashdot predicted this eight months ago. "Microsoft Passport And Your Privacy," July 29, 2000: "...I'm sure Microsoft uses it as a user-tracking system more than anything else." Go read Joel's article, from eight months ago, in which he explains how Passport "eliminates the last line of defense protecting your privacy" and how Microsoft will "create a massive consumer information database."

An article in the Daily Aardvark points out that Netscape users have a hard time reading Passport Q&A.

Bryan Smith has a thoughtful rant about what this would mean for open-source software. Dual copyright? Hmmmm. Here's your link, Bryan: "Dual-copyright/licensing" of your IP withOUT your permission.

A RISKS submitter calls it "highway robbery."

Don't forget that Passport is the website for which Microsoft forgot to pay its $35 domain registration fee, back around Christmas '99. This is the company you want to entrust your passwords to?

And finally, All Your Bits may be hard to retrieve once they Belong To Us. jasonjwwilliams writes "After reading about the new Hailstorm.net initiative by Microsoft, and how once integrated with Passport.com, any communcations sent in conjuction with the service in any manner becomes the property of Microsoft, I asked Passport.com to remove me. The response: we don't do that, wait 12 months to be auto-removed. After three e-mails here's the bottom line I received:

"Due to security reasons we do not allow nor do we have a feature to delete Passport accounts. Rest assured that if you do not access your account within 12 months our system will automatically delete your account."

"I don't know about anyone else, but I think this is a completely lame response and as far as I understand against the law. Anyone know who to get a hold of? This is arrogance gone too far."

Passport-less asks: "With more and more Web sites requiring registration, I believe 'one login for multiple sites' services (like Microsoft Passport) will become more and more popular. Are they are open-source or community-based projects similar to Passport available? Passport's SDK is currently only available on Win2K (big surprise) -- although support for many UNIX-like platforms is planned in Q2 and Q3. I also don't like the idea of a profit-seeking corporation being in charge of a service like this especially Microsoft, considering their past security record. I also don't like their high fees, so I really think a community-oriented system with high deposits or bonds would be the best solution. Comments, anyone?"

Passport-less asks: "With more and more Web sites requiring registration, I believe 'one login for multiple sites' services (like Microsoft Passport) will become more and more popular. Are they are open-source or community-based projects similar to Passport available? Passport's SDK is currently only available on Win2K (big surprise) -- although support for many UNIX-like platforms is planned in Q2 and Q3. I also don't like the idea of a profit-seeking corporation being in charge of a service like this especially Microsoft, considering their past security record. I also don't like their high fees, so I really think a community-oriented system with high deposits or bonds would be the best solution. Comments, anyone?"

Oryx Gazella writes "Unable to access Hotmail this Christmas morning? This would be why! You may have received an error like "unable to locate host", or "no such domain" after your browser was directed from www.hotmail.com to lc2.law5.hotmail.passport.com. There are no NS records for the domain passport.com in any of the root name servers. Hotmail (www.hotmail.com) uses the Passport Service (www.passport.com) which allows users of the Microsoft Messenger Service to login using their "Passport" and to add other Passport members to their contact list. The new MSN Messenger Service 2.0 is integrated with MSN Hotmail and Microsoft Outlook Express for real-time email notification, and retrieval. " Not being a Hotmail or regular Windows user for that matter, I cannot verify this - but I've gotten several e-mails from people this morning wondering about it.Update: 12/26 01:39 by H :Click below to read the quite humourous conclusion to this story.

Effugas writes "Oh, this is just beautiful. Linux user Michael D. Chaney of Doublewide.Net, upon reading of Microsoft's Christmas loss of the passport.com domain, took it upon himself to donate $35.00 for the world's largest software company to restore service for its customers. I've heard about Linux empowering its users to truly prevent downtime, but this is ridiculous ;-) I'm still laughing--Merry Christmas, Microsoft, from the Linux community to you! "

Publishing and Broadcasting Ltd, Australia's biggest media company and allied to Microsoft, has teamed with IT services company, Acxiom, to create that country's biggest private data repository, according to this story. It will hold the cross-matched details of Australia's 20 million people culled from government electoral rolls, Microsoft-related Web sites including Hotmail and Passport, credit card reports, casino records, bank statements and a variety of undisclosed other sources to provide marketing profiles of the country's entire population. The plan is then to sell these to marketers, insurers, banks and others. Naturally, consumer advocates and privacy groups are wary. A similar Government-sponsored scheme, the Australia Card, was universally rejected by citizens more than ten years ago. Australians are generally not protected by any privacy laws. What do you think: is it ok for private enterprise to hold such detailed information on our private lives, offering these to the highest bidder? Is privacy dead?

Bartleby writes "Here is MS's letter about the 'service issues that have generated questions about security.' A textbook example of PR-driven understatement. When my colleague and I logged in to his Hotmail account with no password using simple HTML, we thought it rated a little higher than a 'service issue.'" Previous Slashdot story about this Hotmail 'service issue' here.