Slashdot Mirror
Hailstorm: Changing Society's Privacy Infrastructure
chikanamakalaka writes: "I found an article at the Seattle Times about Microsoft's upcoming "Hailstorm" service and associated privacy concerns. The story is here."
← Back to Stories (view on slashdot.org)
OK, so if I get in a car accident, it'll call my spouse, send my medical records, and reschedule my appointments.
How do I tell it? Are we going to wire my car with Hailstorm, too? I drive a friggin 1991 Bronco II, not exactly a tremendous technology platform. OK, maybe my WinCE Pocket PC will do it for me; hope the paramedics know how. No, better yet, I'll let them spend their time keeping me out of shock.
I'm all for "changing society's infrastructure", but c'mon.
ZOMG I WOULD LOVE TO KNOW ABOUT YOUR FEELINGS ON MACINTOSH VERSUS WINDOWS, VI VERSUS EMACS, AND HOW YOU'RE NOT A DORK
I suggest using something that sends a message. I always use no_privacy_policy@<whatever their domain is>, or unacceptable_privacy_policy@<whatever>, or simply that_info_is_private@<whatever>. That way, the email isn't just bounced without an explanation, but there's a chance that someone at the company will see the objection and maybe even note it if it happens enough. Same with meatspace places like Radio Shack. When they ask for your name/address, don't waste everyone's time (especially your own) by giving out a made-up address, tell them flat out that you don't give that information out. Go further and tell them that you don't like being asked for it, if that's how you feel. At least someone there will know, and you eventually might never get asked again.
Cheers,
When I first read the article, it sounded like it would be incredibly convenient and make many tedious tasks very easy...
Then, what if someone hijacks your account... they now have your credit card numbers, your home phone, your wife's phone, your kids school info, your bosses office number and his birthday, your automobile information, etc...
Imagine the possabilities...
Maybe it's called HailStorm because, as they say, "When it rains, it pours" implying that if someone gets your password, they get your life.
Think about it, it can be scary as hell.
I quit smoking four years ago. it was the hardest thing I ever did. I am so happy now that I did it. Kicking any bad habit weather it's heroin, or windows is hard but it can be done and you'll have more freedom afterwards. Just like a junkie is a slave to the dealer and to heroin you are a slave to Bill Gates and windows. Kick the habit. It will be very hard and you'll be tempted to go back but in the end everything will be much better. Trust me I know.
War is necrophilia.
They played with our privacy?
How we know is more important than what we know.
...they made a server I could deploy on my hardware and control myself.
People could run of these for their own families, small business. Companies could deploy them for their employees.
It would also be nice if the different servers could talk to each other.
My devices would be updated by both my home server for essential personal information and my work server, for appointments and business data. This should be as seamless as receiving email from these separate people is now.
Naturally, if I wanted to I could pay someone to do this for me, and I'd have to give them my information. They could discount the service if I let them share my information for marketing.
So...anyone starting a project to this the right way ?
Don't post innacurate information
If you do, I swear by my pretty floral bonnet I will end you.
I am in the process of working on a way to short circuit privacy policies on the Internet so it is the user is who is in control and not large companies like Microsoft. The DMCA and other US regulation now gives systems like Hailstorm rights to keep your information as a corporate asset. This would basically make systems like Hailstorm a wholesale violation of both the users rights on their *own* data and their privacy.
I have come up with a system so that the user who originates the request can maintain copyright on his data and so that the receiving site has a chance to either opt-out or accept and abide by the agreement. (of course all this will be Open Source).
Basically it works with the HTTP protocol and should support any server/browser combination. Right now I have hacked Mozilla 0.8.1 to support this.
The mechanism is *very* simple. Basically it add one more HTTP header *prior* to the request being transferred. A valid request would look like:
GET http://hailstorm.microsoft.com/ HTTP/1.0
User-Agent: GNU/Linux and Mozilla
User-License: All your base are belong to us!
The goal here is that the single click licenses that Amazon/Microsoft and every other site can also be used by users:
"By responding to this HTTP request, you are accepting the practices described in this Privacy Notice. You will not give my information out to other users and you understand that I maintain copyright" (this would have to be encoded so that it is an HTTP param)
Of course the above is not Lawyer talk but I am hoping that we can get some official licenses together. If anyone knows any lawyers who are interested in contributing please give them my e-mail (burton@openprivacy.org).
The goal is that users would standardize on icenses, if sites ever violated the user policy then they would file a class action suit.
I have the code local if anyone wants a copy. It is really raw right now but I am trying to add a control panel in Mozilla so that users can nable/disable it and also set their license.
Kevin
This strikes me as good and bad.
Bad because I don't want people to know when I'm looking at pr0n.
Good, because if it decides that me looking at pr0n is me being "busy", maybe it'll cut back on the damn pop-up ads.
- Jonathan
This may be redundant, but these quotes have to be seen to be believed (empahsis added in the following):
...Microsoft may be the only company in the world with the skill and clout to pull it off...
...the public will fully accept the HailStorm concept and Microsoft as a trusted repository within five to 10 years...
..Initially, HailStorm will consist of a universal password and a service...
...If you are in a car accident, HailStorm could automatically send your medical history and insurance information to the hospital before the ambulance arrived...
...Microsoft officials acknowledged the company has been vulnerable to attacks and system failures...
...They're the most attacked infrastructure there is on the Internet, they're the No. 1 target for hackers...
It'll never work. There is no fucking way I'd trust anyone, let alone microsoft, with that sort, or quantity, of private information.
There may be many reasons not to kill you, but among them is not that you'll be missed by NASA - The Long Kiss Goodnight
If this goes anywhere, it will be because Microsoft finds some way to cram it down everybody's throats, like building it into the Windows registration process. They'll probably make it free at first, then later change the customer agreement to take a cut on every transaction.
If you are in a car accident, HailStorm could automatically send your medical history and insurance information to the hospital before the ambulance arrived. Then it could page your spouse and reschedule your appointments.
Honey, I'm in the ER bleeding like a sieve. Could you pick up the kids at soccer practice today?
Sure. No problem.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Information is as marketable as any currency on the market today. Trading information you want (data) for the information the company wants (personal, marketable data) is a logical extension of the old horse-trader ideal.
If people really wanted this to stop, all they would have to do is not divulge any personal information at all. That will not happen though, as people will think, this site wants my address, that site wants my age, the other site wants my gender, but it will not occur to the typical surfer that those sites are all on the same database and will compile an entire background, shopping history and link through-click and target them for what the companies believe they will want.
People, do not give out personal information on the 'net, in person, or anywhere else if you do not want it to become public information by default.
DanH
Cav Pilot's Reference Page
Cav Pilot's Reference Page
UNIX - Not just for Vestal Virgins anymore
Shortly afterwards a group of University of Illinois students formed an organization, !NET (Not Net). www.notnet.org
We plan on spreading awareness about HailStorm as well as designing an open source alternative for it. It involves using SOAP and XML and encrypting data inside XML tags with PGP public keys. You choose what information you want to make available to companies by encrypting your entries with their public keys. Then your encrypted information is stored in an existing peer to peer system which is completely decentralized (possibly freenet) so the whole system can't break down or get hacked. In this way you encrypt your data and an unencrypted copy isn't even stored on your local machine.. no one organization, government or company (Microsoft) has access to your data.
If Microsoft is not an Evil Empire(TM), I don't think there ever was one!
-----
Now, If you just toss a frog straight into a pot of boiling water, this is not going to to anything but upset the frog and make the frog jump out of the pot. BUT, if you put the frog into the pot when tha water is cool, the frog will like it. If you then very gradually raise the temperature of the water the frog will not notice it. You can eventually raise the temperature of the water until it is boiling, and you now have one cooked frog dinner. NOTE, California bullfrogs, weighing in at about 3 or 4 pounds, have enough meat to make a decent meal.
How does this relate? Simple.
The long term strategy of MS is to slowly increment changes in the way things worked so that in the end, everything works they way they want, and they can dictate how it goes together. If they got greedy and tried to do it all in a year or so, then they would never get agreeement. But by implementing it bit and piece, they can continue to carve a large and larger section of the pie for themselves. All they have to do is think longer term than their opponents.
Actually, I am sure they have on a wall someplace their equivalent of a 5 or 10 year plan to conquer the known (software) world, subject to revision and new discoveries, etc. They likely planned killing off Windows about 3 to 5 years ago when it became obvious that the legal suites were beginning to be a real pain. They are not there yet, but they needed an escape plan. Part of the move to taking over the Internet was part of this escape plan, which is why Gates made sure it was the equivalent of a oceanliner coming to a halt and turning on a dime.
How to we handle this?
We need as far reaching an effort and long range vision as they do. A competitive Argument that resonates. Microsofts's sells to the inherently lazy streak in people, even if the PR is twisted. They sell to "we make it easier for you".
What competitive meme do we offer to fight this Microsoft meme virus?
Check out the Vinny the Vampire comic strip
"It is a greater offense to steal men's labor, than their clothes"
Microsoft's Hailstorm is another manifestation of the American "I want my mommy" society. Consider, for instance, a currently-running commercial for the Chevy Suburban, wherein some dumb cluck locks his keys in the truck whilst ruining tundra in the Rocky Mountains. He calls out on his cell phone, and Chevy unlocks his car remotely .
Holy Big Brother, Batman!
It sure makes me appreciate my 1985 4x4 Chevy Suburban; the most technologically-advanced priginal equipment feature on my truck is the electric windows. Now, I have some communication doodads onboard, and I'm adding a few other James Bond features, but I'll be damned if I want some anonymous corporate cog accessing to my doorlocks!
And Satan will be dodging snowballs in Hades before Microsoft pries the personal data from my cold, dead fingers. Just don't be surprised if Hailstorm is a success, especially among the people who desperately want to be wet-nursed through life...
--
Scott Robert Ladd
Master of Complexity
Destroyer of Order and Chaos
All about me
What Microsoft is doing is convenient: centralize it all on Microsoft servers and Microsoft standards. Forget about federation, server-to-server protocols and all that. What Microsoft is doing is also cheaper in the short run an quicker to market (which is why it will likely beat open standards). Nobody but Microsoft can deliver this, not because they have any better technology, but because they have the market position.
The loser is the consumer, who will be denied any kind of market choice again: your choice may be to buy Microsoft or not schedule any appointments with your doctor, dentist, or insurance broker.
On the bright side: there is a good chance that this will not fly. With always-on Internet connections, people can control their data themselves. Even without any privacy incentives, answering machines still sell well, despite personal voice mail offerings. Many people will probably prefer to keep their personal data in cheap, secure Internet servers in their home, no larger and no more complex than an answering machine.