Slashdot Mirror
Private Personal Agents vs. Microsoft's Passport
stefaanh asks: "With the recent MS Passport concerns, I remembered an 'IEEE Expert' 'JANUARY-FEBRUARY 1997 article called 'Managing your privacy in an on-line world' written by Michael McCandless. It talks about why you would hand out private information (on the Net), and proposes a personal agent that manages your info, in a way that you control, what, who and when to give out a selection of your sensitive data. Who benefits: you, and the companies that don't pay for outdated or inaccurate data anymore, but [pay you] for accessing correct data. Since I consider Passports 'security' not as serious as the potential of consumer tracking, what sits in the way for this personal agent to challenge the threat of Passport's centralized approach? Isn't the time right for such an implementation?"
The software that manages your personal information should run on your personal computer.
Yes but don't forget that our era is based on laziness. Anything that makes our lives just that tiny little bit easier is essential to some people. How many people will spend 30 minutes looking for the remote when they could just walk up and change the channel?
Then theres people like my father who *can't* remember half their information. Sometimes i have to call him to get his new email address cause he forgot his password and had to register a new account.. now if only he could get a fingerprint authenticy device to log him into one server that could feed whatever else to whatever site he needed...
I don't know, Its a good idea for some, and a bad idea to others. It depends on what you like. just respect other peoples' choices to decide what THEY like...
It doesn't matter if people are lazy or not. Your brain and keyboard don't mean squat when you want to order a book from Amazon and it says "Passport required." When all commercial sites require this, you are left with no choice but to sign up and have your data managed by M$. Either that, or forgo purchasing online and start buying all your stuff from brick & mortar shops with cash.
-Jeff
-Vercingetorix
"Necessitas non habet legem." -St. Augustine
Wouldn't a program on your computer, which stores your info encrypted, and then sends it out when it gets a finger print work? And would also mean you don't have to store your info on a third party?
Spencer Ogden
I've found that the *only* way to effectivly manage your personal information is to fabricate it when the request for it viloates your personal boundaries.
.com boom going got a little tough), I'm very glad I made this decision. This does go to show you just how careful you have to be when making this call.
r s-resume?
Everybody treats identify theft as a bad thing; however, I believe that as long as you are ethical in your use of another person's or fabricated identity (ie you aren't using their idenity to commit some sort of tanageable fraud that results in loss to another person or company for the direct purpose of evading prosecurtion), there's absoluetly *nothing* wrong with it.
Case in point: ebay has *never* had any of my personal information. They might have enough to eventually track me down to a phone number, but then who's to say if actually that means anything. In retrospect (when the
My windows boxes? All registered to "_" who works for a company called "_@-.com". My word documents? All check with strings and binary edited to remove unwanted tracking information. I'd suggest everyone out there do the same and show microsoft just how irrelivant their user ID is (something that I hope they're not using for passport).
Some suggested reading:
Who Are you?
Inetrrupted Identity
From Victim to Victor
The degree to which an alternate identity is used is, of course, up to the users. And obviously, there's some funadmental line in the sand that each of us draw. Mine is my employer. Basically, I believe that it is funadmentally wrong to use an alternate identity for employment. That usually goes a long way towards abreviating any run-ins I might have with the Feds. regarding victimless forms of "fraud" as interperted by the letter of the law. If you're cleaver, other ways to sign documents and fill out government forms that will keep you clear of these issues, but, for me, it's not worth the hassel.
One of my biggest pet peeves is recruiters and placment sites/agencies that take liberties with my resume, references or other personal information. Recruiters are such information whores (part of their job) and job web sites are even more poorly secured that most ecommerce sites... once the information goes into the hands of recruitment, it's basically public domain. What *really* pisses me off are the government job-kit sites that require your SSN (and threatens the force of fenderal fraud law if you don't supply the correct one). If you've shopped around for a government job, one thing you'll notice is that government bureaucrats required the use of these sites and have you fill out all manner of paperwork and forms in order to reduce their work load. Often, they'll require your SSN to be actually listed *on* your resume (god help you if you mix that up with the regular recruitment agencies).
Consequently, I use web bugs to track the distribution of documents I write. In particular, my resume:
http://www.datadoctors.com/webbugs/
Adding a web bug to your resume is so incrediably easy I don't understand why more people don't do it:
Microsoft Word
Main menu
Insert
Picture
From file
URL in the filename box
Pulldown: link to file.
Of course you have to have a transparent 1 pixel gif/jpg out on a web server to which you have access to the log, but hey doesn't every self-respecting geek have one of those?
I only which this microsoft word feature had the ability to send more information back and perhaps execute some server side code; it would be really nice if you could gain access to word environment variables via the url specification, like this:
http://www.resume-tracker.com/cgi-bin/trackit?use
Which would serve up a 1 pixel transparent gif/jpg while recording the reader's e-mail address in my log file.
Or, how about a word macro that automatically inserts a web bug with the date as a filename in each document you write (of course, you'd have to load up your webserver with a bunch of 1 pixel gifs or the macro would have to dynamically publish the new file name out to the server).
I've also been thinking about extending this technique to web-based or HTML e-mail using javascript/activex, but I don't write a lot of HTML mail (it's fundamentally evil in my opinion).
Also Adding embedded javascript/active-X into the text input at various job sites meets with varying amounts of success.
Of course, sending a word or html document that would load the core information (payload?) from a central location using strong encryption would be best
Upon sending out a few resumes, I've noticed serveral things. First, I can identify those who are well networked. Second, I can track resume age/versions fairly accurately. And finally, I can easily discover which job search sites are the best with respect to the privacy vs. dispersion trade-off.
A resume isn't a fully fleged meme, but it's close and, as a consequence, I would like to have a little control/information about how it propagates.
Is that too much to ask?
Are people really this lazy, or am I missing something?
Passport isn't about saving keystrokes, it's about control, specifically who has access to your personal data and for how long.
As slashdot has reported in the past, Failed Dotcoms Like Selling Private Customer Data, and a most recent example of this is Egghead.com selling its customer list to Fry's Electronics Twice already I personally have knowingly been bitten by this (CDNow and Egghead) and I have no idea what websites I may have bought a book or CD from in the past that may have failed with my personal info in their databases or haven been sold to a competitor. With a system like Passport, I specify what which websites have information about me, what information they get to see and exactly how long keep this information.
This is just one of dozens of possible Passport usage scenarios.
The words that come to mind are "slippery slope." I am a lifelong non-driver. When I was a young adult, I was able to live my life unencumbered by *any* form of ID, and became quite accustomed to doing so. Nowadays I must carry my passport (the govt-issued one, not MS's).
Once 80% of the population have Passport, how many voters would object to a government requirement that you have Passport (or its equivalent) to do your taxes? Or to do any monetary exchange?
Vote with your dollars on that? I don't think so.
I survived the Dick Cheney Presidency 7 to 9 AM 7-21-07
I personally hate Passport. However, if a centralized system were done *correctly*, there are a couple of advantages.
You can use it from any PC. A "wallet" system is just too complicated for most users (it can be transported, but most users won't bother). Plus, if I'm not mistaken, Passport would work from any browser. Wallet systems (which I believe IE and Mozilla both have an implementation) work only on that browser, and on that PC unless you export.
On top of that, the Passport system is more automatic; get a Hotmail account and you have a Passport account. Use one of the participating online retailers and you have a passport account.
OTOH, if a "wallet" system were implemented that was cross-browser (if not cross-platform), and more easily transportable, maybe it would catch on. I would trust my data on my own machine long before I'd trust it on a bunch of NT boxes up in Redmond (or wherever)...
In either case, personally I prefer to judge everything on a site-by-site basis. I often use a different email address for each site, partly so I can track originators of SPAM lists and such... so neither method would work for me.
Also keep in mind that, if you use a "wallet" system and use the same information at each site, this information could just as easily be shared between sites, and compared/compiled to track your usage, though admittedly it would be more difficult/less likely than a centralized system.
NGWave - Fast Sound Editor for Windows
"Hello... Foriegn Leader? Hi, this is GWB calling. I was wondering if you would like to impliment all of our suggested internet security measures as detailed in the email my boys sent you last week? Oh, you were unsure about which bit? Look, let me take this opportunity to assure you that if you find anything whatsoever in these suggestions to be iffy, then we will have no hesitation in turning your county into a glowing, smoking crater. What's that? 110 percent. That's great (thumbs up to advisors sitting quietly across desk)- knew we could count on you. Bye"
Get the Hell off my planet, you slimy mobster Bush!
A personal agent can store your profile data, and have an active implementation of your policy, possibly performing interaction with the owner.
The advantages are clear:
<SHAMELESS PLUG>
My employer Tryllian sells a platform that from the start was designed to deal with these issues.
</SHAMELESS PLUG>