Slashdot Mirror
Microsoft Defends Passport To Privacy Group
securitas writes: "CNET reports that Microsoft is defending Passport as safe and secure in a presentation to the Center for Democracy and Technology. Other organizations such as the Electronic Privacy Information Center, Junkbusters and even the U.S. government may be lobbied by MS this week to fend off a Federal Trade Commission complaint filed by 15 consumer and privacy groups that charges unfair and deceptive practices."
Well I feel safer....
Microsoft accused of unfair practices and deceptive techniques!?! I must say that I am shocked, schocked I tell you!
Unfortunatly I am uneligable for any such legal action against them as I think I gave them my soul in the last click thruogh agreement I did...
Papa Legba come and open the gate
This says it all:
"One of Passport's greatest security weaknesses may be the single sign-on process, analysts said. The single point of entry could also be a single point of failure. Since the ID is always an e-mail address, someone looking to break into an account might easily obtain half the information needed to do so."
Because people usually don't pick very secure passwords, it's better to have multiple passwords so that an evesdropper or other malicious person can't crack into all yur accounts. U of I just made people intentionally set all their 3 or 4 passwords instead of just giving them one the applied to all 4 (although most people tend to choose the same password for all their online services anyway)
Also, because Passport's trying to incorporate a lot of information in one place that used to be distrubuted in many different places, if some one hacks into Passport, there goes all your privacy.
F-bacher
James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
Passport is definitely an easier solution for consumers than any alternative yet presented. Having all your information stored in one central location is definitely better than having all your information stored all over the place. Microsoft also has a lot more motivation and resources to protect it than Joe Random Vendor.
The problem is that they haven't had any success protecting it anyway. To be completely fair, neither has anyone else. The other difficulty is that although I would trust MS rather than JRV to protect my data, the necessity of distribution and interaction opens up a whole new class of security holes that no one has even thought of before.
The unfortunate truth is that right now the only way to protect your privacy online is not to give out any information, and that Passport will do exactly nothing to remedy this situation.
Even Slashdot wants to hide some things
So these privacy groups get worried about Microsoft's Passport leaking information when the biggest leaks of personal info are from fallen dotcoms and stupid e-commerce web sites? People, when you are paranoid, at least be paranoid to everybody, not just to Microsoft.
¦ ©® ±
Yep Verisign.
:-)
Because web certificate authentication is so wonderful as it is today.
Just last month, Microsoft changed the service agreement for their passport system to require only an email address and password to sign up. Did Microsoft do this without any armtwisting? No. Did they do it, though? Yes.
Just keep the pressure on them up. They're going to go ahead with some sort of service no matter what, but the amount of opposition they face now will determine how many of these concessions will be made "voluntarily". That way, even if the FTC doesn't come down with a favorable ruling, we won't be completely left out in the cold.
Incidentally, msnbc also has some coverage. A disinterested and impartial news source if there ever were one... or not, as it were.
It's not just the central source that needs to be trustworthy. Everyone that gets permission to access that info from the source needs to trustworthy too.
In a perfect world businesses would never sell information about their customers, but we all know it happens occasionally. What if a supposedly legitimate business with access to Passport decides they can make good bucks selling user information to a 3rd party that can't get it legitimately? Not to mention the fact that Passport may give this rude business more info about me than I would normally need to give them during the course of doing business with them.
The fact that businesses, for the most part, only have information that they need about their own clients is a level of security in itself.
Does anyone know more about how MS plans to allow 3rd parties access to Passport authentication?
I don't know about many other people, but I don't think too many people would have an e-mail account on a service such as Passport if it was going to contain highly sensitive material. I use services like this as "spam e-mails" so that I can sign up for things that require an e-mail address (but some websites won't even let you sign up with an e-mail like Passport or Hotmail, anyways).
Sure, my current passport account is filled with bogus info and is mostly used for hotmail and sometimes msn communities. But the idea is that the passport login will be required for more legit/official uses such as the MSN HomeAdvisor, financial sites, and maybe even ecommerce. Sites that you'd ordinarily give real info to will soon be using passport. And that sucks.
___
The way to see by faith is to shut the eye of reason. --Ben Franklin
"I'm calling at international rates from Outthebackofstan, I've been on hold for three hours, and why don't you ^%#$%#^ read your email?"
"Oh, I'm sorry, you have the wrong department, this is the Pacific USA only support line. Please dial this number again in another eleven hours and the people supporting your region will be here. Have a nice day" (To co-worker: "Another commie towelhead") click."
Like this one. They won't allow users to use Passport authentication to buy thier goods, and they posted info about why. What better way to prevent users from using MSPassport, than to send consumers mixed signals about being able to use it.
Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
For those that are interested here are links to the:
Passport EULA
Passport Privacy Policy
Privacy advocate: "So, you are trying to set yourself up as the one definitive source for our personal information online. Let's talk about your record: Hotmail backdoors, Code Red, Melissa, IIS, and Kournikova, among others, are horrible things which have been influenced by your poor implementations of products. And you want to have even more power?"
Microsoft PR guy: "Try to think of those as valuable lessons we have learned to make Passport more secure...
But no way would I use a single password for important stuff. And there's the problem: MS obviously wants to force you to use it for /everything/. So then you can have your whole identity stolen by the first criminal who watches over your shoulder while you type in your password.
It's also scary to ponder that next they'd probably force you to use it with ENUM, a new scheme we're going to have shoved down our throats, which involves linking the DNS database to the database of phone numbers.
Find free books.
I'm not terribly worried by any "unfair and deceptive practices" that may ensue with regard to privacy. Any information given to Microsoft is done so in a completely voluntary manner: any leak of that information would certainly become well-known in a very short amount of time.
.NET "architecture", relies in significant part on the confidentiality of any personal information stored. As the system aspires to collect an amount of personal info I've never seen one company (truthfully) attempt to aquire, I would expect consumers to be very wary. If any of this personal data should be stolen, the repercussions for their entire system could be enormous. In short, I think the market will sort this problem out. Though, given the track record of Microsoft, I certainly don't want to be a test subject while it does.
The success of the passport system, and quite possibly their
What's even more interesting, to me, is the fact Microsoft is using it's very large distribution channel to advertise and promote services in which it's competing against non-monopolistic companies. Messenger vs. ICQ (and others), Hotmail vs. many free email services, etc. I can't help but wonder if the FTC will look into this, rather than just the special interest groups concern.
"God is a comedian playing to an audience too afraid to laugh." -Voltaire
Information leaking from one site is annoying, esp. if it's something like a credit card number, but it's nothing compared to aggregated information being leaked.
As a silly example, let's say you buy rat poison. No big thing, people buy it all the time.
Let's say you buy a book about "perfect murders... and how they were caught." No big deal, people buy true crime books all the time.
Now let's say you recently bought a bunch of lingerie. And had it delivered. But not to your home address. You're having an affair, sleazy, but not unheard of.
Now finally let's toss in the fact that you just consulted a lawyer. A divorce lawyer. One who specializes in breaking prenuptial agreements.
Suddenly things are much more interesting.
Most of us aren't planning to murder our spouse, or even to look like we're thinking about it. But it's certainly possible for mindless data aggregation to cause people to jump to the wrong conclusion. E.g., you bought a couple books on alcoholism, and a few cases of wine? You obviously have a problem, don't you. (Nope, the wnie is a gift to newlyweds and the book is to help me understand if my nephew needs help.) Etc and so forth.
Even with all of this information centralized with Microsoft (and make no mistake that the Passport/Hailstorm system will not collect this information), my biggest concern isn't that it will be leaked. My concern is that it will have bogus information feed into it. There's a nice market opportunity for nasty companies to put bad information into these records, then offer to clean it up for you. For a modest price, of course. All of the potential damage of a credit report, but with none of the legal safeguards.
Of course, that same problem exists today with the aggregated data provided by from credit card companies, but again it isn't a *single* point of failure. Even if you crack Citibank (still the largest CC issuer?), it does nothing about the hundreds of millions of people who don't have Citibank cards. But crack Hailstorm and you'll have information on almost everyone online.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
this is such a classic microsoft-ism: thinking up a really good idea, and totally fucking up the implementation ([d]com, ole, activex, etc).
.NET has shackled it to possibly the worst authentication possible.
.NET?
.NET platform to the username/password "security system" is about as intelligent as locking your car with duct tape, and will probably be about as effective.
what I can't figure out is why this company, which is supposedly on the brink of launching this massive, multi-tiered platform that is
I mean, come on, the username/password combo was maybe reasonable in the days when everyone had exactly one shell account. but today when everyone is expected to remember a user/pass combo for every one of a dozen or so websites they want to log into, the weakness of this paradigm has hit pretty hard. simply put: people can't remember them all, which means they either write them down lots of places (prett damn insecure) or use the same username/password for each account (even worse).
and MS has made THIS the lynchpin of their security model?
why couldn't MS use some of their much vaunted "monopoly power" to "leverage" an authentication system that actually matched the sophistication of the rest of
my suggestion: the medium which most people are accustomed to carrying that is intimately tied to their financial and personal data is the credit card. my MS "Passport" could be a physical smartcard that held authentication data, encryption keys...hell, anything. each copy of XP (and each bundled OEM copy) would include a small USB device that could read this card, maybe that was designed to mount onto the side of the monitor so it would stay out of the way.
YES this would be a major move, and it would stir things up a little. but when it is clearly called for, WHY NOT? people would just carry another little card in their wallet, the reader device would be small and dirt cheap (in that volume, most anything is) and in a year we would forget what we did without them. we have calling cards, and credit cards,and ATM cards...where is my computer card?
in any case, tying their much-heralded
The reasons are complicated, and IANAL.
Its explained here to some extent. That story claims its because Maryland has a law (that microsoft helped to pass) which is incompatible with the passport legal B.S.
___
The way to see by faith is to shut the eye of reason. --Ben Franklin
Actually I changed my mind - Passport does change things slightly.
The problem with aggregagating user transactions across multiple sites is matching up user accounts on one site with user accounts on another. DoubleClick solved this by using cookies, but (at least on single user Win9x boxen) identify a machine only, not a user, i.e. they can't detect multiple users of one machine or someone who uses lots of machines.
What passport does is make people use the same account ID at all sites (i.e. their email address).
Passport sites aren't the only sites that do this, e.g. safari.oreilly.com uses your email address as the login, as does amazon. So if Oreilly and Amazon wanted to match up the userbase to see what other books safari users purchased, they could quite easily. It would be a bit harder for Oreilly and SlashDot to match users however, since the login on slashdot is NOT your email address. But slashdot, like most sites, does still collect an email so matching would still be possible.
They way passport changes things a little is that people with multiple emails are more likely to use the same address on all sites, and less likely to give bodgey email addresses. So matching will be (a little bit) more reliable.
Passport, or a similar concept, is still needed. Customers want it. If a user has to have 10 different logins, they may:
1. Use the same password on all 10 anyway
2. Use grossly easy passwords so that they can remember them
3. A combo of 1 and 2.
With a Passport like concept, there's only one account to remember. Maybe then consumers will find it reasonable to memorize a secure password. Either way, a centralized system is needed for identification. As a web developer for 5+ years, customers don't want to fill out the same crap each time they visit a site, and if they could just type in their passport info to authorize access to certain private information, they'd do it. Now, it's up to us to come do the social and technological engineering to make this happen safely, and securely.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
...unless they specifically address the bullying issues they have towards the consumer.
I used to have a Hotmail account, for several years (even before they were bought by MS). I was only logging in every 3-4 months, mostly to keep it active, because it wasn't my main email address.
One day I found in it a message informing me that I had been automatically issued a passport. Without my consent. They had just taken the info in my hotmail registration and created a passport for me, without asking my permission. I got very angry, and asked that the "passport" be removed, because I didn't want it. The reply was "it cannot be removed, once you got one, you're stuck with it forever". It seems that, by logging into my hotmail account after they had sent me the info, I had "automatically given them permission to activate the passport". But nowhere on the login page was there any information about this!
I eventually let the hotmail account expire, but AFAIK the passport account they crammed down my throat is still there. There is no option to delete it.
I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
as the article says, banks (and other partners) have the option of popping up their own authentication, to make sure Joe Blow is really who he says he is.
kinda blows the whole single point of authentication out of the picture.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
As someone who works for an e-commerce company I am irritated when I see what appears to be half-assed security on high profile websites. When a site run by a company like Microsoft is hacked, it becomes more difficult to convice my clients they can conduct business with us in confidence.
I make my living because people visit our website and conduct online transactions. I know how much thought goes into security issues for our site. If we were to be hacked, it would reflect negatively the site and all other aspects of our business, as well as fail to serve the trust of our users.
Microsoft does not appear to share these same concerns. Time and again they have a cavalier attitude towards very public attacks on their websites. Hotmail was hacked, so what, someone read your email. It was just porn, right? If Code Red turns IIS into a zombie it's your fault you didn't patch your server.
Microsoft has not solved the security concerns that have plagued IIS, but that won't stop them from pushing forward with .net. If there were a massive hole found in this new web platform, I fear it what fallout may ultimately come of it. At some point the damage to the online economy will push lawmakers into imposing regulations. These regulations will become huge hurdles for the publishers of OSs, software, and websites.
I have always felt that if there is one entity I trust less with my computer than MS it is the US Government. There is nothing worse than a cogressman or senator who doesn't understand computers making laws that effect them.
Its not just a world wide identification system... passport is the first installment of Hailstorm its not just a common identification service its the first step towards common data storage that may be shared between web sites...
This is a good idea... all of you who contend otherwise are speaking purely out of emotion.
It's very clear that one of the biggest reasons for the success of windows desktop platform has been the interopability of windows applications.
It's very clear why this is a good thing for the user, what is not clear is how it might be implemented on the web whilst safe guarding peoples very basic human rights such as liberty and privacy.
I agree that this would be a huge step forward for the web, and is a step towards its ultimate evolution. Accordingly this should not be seen as something that should be crushed at all costs... it should be seen as something that needs to be debated, fleshed out and evolved. Taking a hostile approach against this is only going to see less public input put into it than might otherwise be acheived.
once was. >:)
It's probably supported by M$ on all currently supported processors: Intel and AMD chips and any in that family...
...for now.
On Paper and Online, News Publishers Rapidly Adopting Microsoft BackOffice Technologies
The Center for Democracy and Technology? When the hell did M$'s business goal coalesce with Democracy as Franklin, Jefferson and co. enacted it?
This friendly public service announcement posted from:
vanboers@tempe:~$ uname -a
Linux tempe 2.4.9-ac1 #2 Sun Sep 2 22:20:55 MST 2001 alpha unknown
Nope, not even a Linus Torvalds kernel. Alan Cox rocks, too.
Choice is.
www.dedserius.com
VB != VisualBasic
When you sign-in to Passport there are two checkboxes...
One says 'Sign me on Automatically'. If you check this, a cookie is stored that remembers to authenticate you from then on.
If you don't check this box(which is the default condition), then a cookie is created and stored which remembers your username. But the authentication information is stored as a session cookie which disappears when you close the browser.
There is a second checkbox. It says 'I'm using a public computer'. This stores a session cookie on your machine for both the username and authentication.
Once you have closed the browser, the session cookie is gone and you no longer authenticate automatically, nor is your username auto entered for you.
So while I understand your concern, Microsoft has provided two checkboxes which alleviate this concern. Neither checkbox is on by default which means the default behavior is to remember your username only.
If you have a better solution to this problem, I'm sure we'd all appreciate hearing about it.
BTW, the paper you linked to has much better explanations of problems Passport might have then what you wrote about. Man in the middle type attacks that involve redirecting DNS, etc.
I've seen a lot of posts bashing on Micosoft. I don't like passport not because I don't like everything from Microsoft, but Microsoft PR tends to boast passport system's security level in such a way that general public wouldn't aware of its risks.
(of course, the fact that these people are unaccountable is one of the major factor; but this just FUD in some people's eyes)
The amount of your personal information to give to passport system depends on the degree of trust you have on a username/password security system over the Internet.
I think Passport is secure to some degree, but it's definitely not absolute secure(nothing is). However, I never hear a Microsoft PR would say 'but' in propaganding their passport system.
E.g. when I apply for a personal certificate I was given a time limit for using it. Not because the certificate issuer is a greedy bastard, but they want me to know the encryption in it can be broken by known technology beyond this period(by brute force attack, computer tech advanced, etc.).
Computer security is not absolute. The claims of its security level is part of the security system itself. No matter how well the Passport system is made, failure to give honest claim would render its useless.
Just my opinion. You can start bashing me by clicking the reply below. Thanks.
That's right, if you follow this mantra then you must agree that ultimately all of your information will be free on the net...what sites you have visited recently, your credit card info, your sexual preferences, who you work for, your favorite sports team etc, will be public domain. However, there is a solution, I heard it in a speech by my favorite man!.....
.. you desseerve to looooose yo privacy! Ahmen Brotha.. If you chooooses, to usess, an Allllternatitivvvve oppperatin system, such as my dear brotha's-- Leeeenux, and Bee eSss Deee, (that stands fo Brotha's Standdd Dogetha), or my personal fave, Mac OS X (Staand togetha now!!!! Hear me clear?) then you have notttthing to fearrrrr!!! Ahhhmmeeeenn Brotttha!.... For We Maaaayyy be fewww (Yes!, Yesssss!) and we Maaayyy be poooorrr (praisse godddd!), but we are brotha's in arms, Hallejjjjulla Brottttha!, Praissee the Loooooooooorrrrrrdd! The Lorrrrd does not need a passport, NO!!!. The Lord does not need Micros$$$$$ft, NO!!! He praises each and every one of of you, who do not commit the siiiiiinns of the ignoorant! Yea! He praises and encourages alllllll thooose who strive for freedom and equalitya on the Woooorld Wiiiiide Weeebbbbbb! Yeaah Brotha!!!
To quote J.Jackson
"If you choose, to use, your paaaaspoorrt,
If you are stuuupid enough to paaaaayyy! for this craap! Then we are prayin for ya, yea , we prayin fo yo'soulll. For you have fallen inta the bad mannnss hannnds! Chill! I can save ya! Just say afta me..... haich tee tee peee colon slash shash, doubleya doubleya doubleya, dot, sourceforge, dot, net. Ahhhhhmmeeennnn and Hallelullghia Brotha! Peace be wit you!"
That was the best speech I have ever heard!!!! Vote Jackson!
Y
no sig.
Your analogy is a bit off. Email addresses are available by the thousand from hotmail.com or usa.com or whatever. You only have on passport account.
War is necrophilia.
I work for a company, that among other things, buys computer equipment from failing companies to resell it. As a bonus for moving a bunch of equipment one day, my boss let me take home a dat tape drive, and about 80 2 gigabytes tapes from the site we were on, which happened to be an accountant. Well, turns out those dat tapes i got werent new, but were the financial records for every single one of their clients starting in 1996. I had complete records of all client data for a good 4 years just because they were lazy once the hammer fell on them. My point? You trust your stockbroker? Don't. You trust your accountant? Don't. You trust anyone with info you dont want others to see? Don't. It is a harsh world, and when a company goes belly up, whether it is a magazine, a stockbroker, or an accountant, there is a good chance your data could wind up in the hands of someone less scrupulous than me. btw, those dat tapes, I pulled the tape out of the cassettes and destroyed them. it may sound like overkill, but if anything happens to one of these companies down the line, I have no interest in owning a copy of their financial information.
Moral to the story? Basically, watch your back. If you employ an accounting firm, and they go belly up, be sure you get your records back from them. This is just one shining example I gained from experience.
Time for some tasty Shiner Bock!
You know, having been tested is not enough. What you need is something that has been tested with positive results.
This sig under construction. Please check back later.
What is to stop someone creating email addresses which are only used for one supplier? Not only does this provide more privacy, but it makes it easier to track the source of Spam.
'Passport' is something anyone with a Postgres or mySQL database, Apache, OpenSSL and Perl could write the functional equivalent in a day.
Sure, it's obviously been written by a huge team of programmers, carefully screened for any possible security hole and tested on a massive scale at Microsoft's fortress in Redmond.
It's just amusing how nobody really has any confidence that the largest software company in the world can write something so basic, and get it right.
I gots ta ding a ding dang my dang a long ling long
Single signon/login is a great idea on a secure, managed corporate network where all the applications can be trusted and crackers don't have access.
But what kind of moron says, this is a good idea for my corporation so it must be a good idea for the entire internet?
Deleted
So you're telling me, that you'd be willing to render control of your very private data to one single company, located in a country with probably the piss-porest privacy protection laws in the Western hemisphere, just for the sake of convenience ?
We're not talking about CC # here, but about everything surrounding your person, including potentially medical data.
See, I agree that it's up to society to define the sidelines. It's however not society that controls Passport. It's the Microsoft Corporation, which I personally woudn't entrust with my cell phone number.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
Unfortunately, that's just not true. Usability research has shown certain facts about passwords again and again. In particular, as soon as you start forcing users to remember several passwords, they immediately start using obvious and easy to remember passwords, or writing them down in a readily accessible location. Clearly, this does not improve security.
Having a single sign-in, with a single, genuinely cryptic ID and password, is far more secure than twenty different authentication schemes for different facilities. Of course you rely on the keeper of that information to keep your data in a trustworthy fashion, but you have that problem anyway. At least with a single secure sign-in the average five year old can't guess everyone's ludicrously simple password.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Using smart cards for ID is an interesting idea, and one I believe even MS have mentioned considering before. It's important to remember that such a mechanism brings its own problems, however.
The logistical problem is the Big One, I suppose. You need smart card readers to become more ubiquitous even than CD drives today. Every machine that'll use Passport-subscribing services will need one. Someone's going to have to make an awful lot of readers, and someone else is going to have to pay for it.
On top of that, smart cards are not a silver bullet for security problems anyway. What happens when the card gets stolen? If it's my credit card, I call the bank, get it cancelled, and have a new one sent to me in the post. In the meantime, I can always visit a branch to take out cash if I need to.
What do we do when our smart card is nicked? Call MS to cancel it? How do we then reidentify ourselves to them to get a new one with the same access? They need... wait for it... more personal information about us to identify us. And surely I can't just use the card without any additional security -- if anyone does nick it, they can do anything until I realise and get it stopped. Suddenly, we're back to needing IDs, passwords and PIN numbers all over again, and now the whole point of using a smart card has been compromised.
So, while I agree that smart cards or some other more original technological solution may be the answer to Swordfish Syndrome, I don't think we should be too hasty to criticise a long-standing, tried and tested approach until we know the alternative is genuinely better.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
I guess there must be dozens of distributed alternatives to this centralized Passport system. It would be interesting to find a nice short overview about them.
I think a nice solution would be a kind of "PassPouch", based on public-key crypto, etc. A pouch would contain arbitrary number of passwords. To authenticate a user, a service would need your pouch password to open the pouch, and then use its site-password to authenticate a security cookie in the pouch. Well, something like this. You could have multiple pouches, and a pouch could be stored in your personal computer, or in any "PouchServer", based on for example LDAP. There probably already are such systems, but I haven't noticed any so far (I don't know much about the topic).
thats just a jab at microsoft, and has nothing to do with the thrust of my post but...Do you want to give some examples (perhaps corresponding to mine) of exactly who they ripped off? it's not that I don't believe you, but I see too many angry and unsubstantiated posts on /.
Comment removed based on user account deletion
Nobody's saying it should be "crushed at all costs". I simply won't use it. And neither will, probably, all those who don't like the idea. For me at least, it's a little difficult to trust Microsoft with my personal data when I don't even trust them enough to have any of their software installed on my computers. It's not an emotional or religious issue: I just can't trust them.
Firstly, those who say that it's GOOD to have centralized authentication like this, because people tend to be sloppy with their passwords, etc.
Okay. On a small scale, it might make sense. This is not a small scale. This is microsoft. The Internet was not built so one company could control it; it's independent. MS is doing this to corner the e-commerce market. I don't want to let them do that. They are already free to compete fairly with everyone else.
Regarding the comment about Windows XP product activation containing a GUID (which should scare everyeone). I refuse to buy a product that requries me to 'authorize' it's use with the company I bought it from. It's wrong. I paid for it, like a product, at the store. It's mine to use. I should not in any way have to deal anymore with the creator unless I choose to.
Regarding Passport in general... using it for hotmail? MSN messenger? Fine. That's great. But let's not get carried away. I won't give MS my financial information, ever.
... so it will defend (the value of) it. I explained lately how I got my Passport account. Not with my consent. This is the most anti-democratic construct I've ever seen grow in the U.S.
--------
* Sigh *
Then this makes passport essentially useless. A passport account can be no more reliable then a free account on hotmail. Very interesting. An authentication mechanism that is unable to verify the real user.
War is necrophilia.
There is. You can put your keyring file on your iDisk, which makes it accessible from anywhere on the net.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Sure. Here are a few examples of some blatant theft:
CP/M: Caught red-handed with code that wasn't theirs. Faced with the prospect of not being able to ship the orignal IBM PC, IBM paid off Digital Research to avoid the lawsuit and prosecution.
Quicktime: Again, caught red-handed with Quicktime code in the Windoze Media Player. They made an investment in Apple and promised to keep shipping Office on Mac OS X in order to avoid prosecution for piracy.
Stacker: patent violations.
MicroSoft Money: written to the Quicken 4 product plan, which they had obtained by pretending to be interested in buying Intuit. Intuit smoked them though, by simply dropping the Quicken 4 plan, and jumping ahead to the Quicken 5 plan. MicroSquish money was followed by about three months by the more advanced Quicken product.
I'm sure you can find another fifty or so examples in a cursory web search.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
IANAL, but looking at some information about UK data protection law, it would seem that Microsoft's behaviour here might be illegal on several counts. Oops. :-)
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.