Slashdot Mirror
Private Personal Agents vs. Microsoft's Passport
stefaanh asks: "With the recent MS Passport concerns, I remembered an 'IEEE Expert' 'JANUARY-FEBRUARY 1997 article called 'Managing your privacy in an on-line world' written by Michael McCandless. It talks about why you would hand out private information (on the Net), and proposes a personal agent that manages your info, in a way that you control, what, who and when to give out a selection of your sensitive data. Who benefits: you, and the companies that don't pay for outdated or inaccurate data anymore, but [pay you] for accessing correct data. Since I consider Passports 'security' not as serious as the potential of consumer tracking, what sits in the way for this personal agent to challenge the threat of Passport's centralized approach? Isn't the time right for such an implementation?"
Didn't you watch Ashcroft's announcement how fighting the terrorism means that you have you sacrifice your privacy to the FBI? If you haven't done anything, you've got nothing to fear, right?
The police will be able to come to your door and demand your electronic wallet. Or in an auto accident, the opposing party can demand it in discovery. Think of the black boxe in your totalled vehicle, now in the possession the insurance company. What if it contained GPS data?
Fight Spammers!
It keeps your personal data (optionally encrypted) and fills in forms for you. You can then select what data you want actually sent.
Is this what the asker referred to?
Make even shorter URLs - 8LN.org
I don't like tracking, and I can remember multiple, non-obvious passwords. A lot of other people can't, and most of us don't have any serious data to protect. Passport isn't perfect, but nothing is. It simplifies life for a lot of people, they like it, they WANT to use it, so why not just leave them alone?
Better yet, write another open source replacement that copies the commercial versions features, only make it WORK and don't do it in JAVA for Chrissake....
'Gassport' perhaps?
Even if we have dedicated networks to homes, and even if those networks are deployed to everyone's home like telephones, and even if we create this cryptographically secure database, how do we prevent someone from getting information out of it, and then reselling that information to someone else?
I think that this guy has an interesting idea, but I don't think that it's necessarily a solution for the privacy problem. I do very much like the idea of flipping a switch on my home PC to invite people to advertise to me for services that I need at the current time (e.g. my washer just broke and I need a new one). But how do I then prevent the phone number, contact information, interests, etc that I just gave out to Sears (et al) from getting stored in their own database and being resold to someone else?
Did I miss something in the article that addressed this?
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
I think you're missing something.
"They" are trying to come up with a system so you don't HAVE to type that data in over and over (good for those of us with RSI). The corporate world throws in the added benifit for themselves of keeping the data that allows them to profile and target consumers. What we need is a system that benefits us. I don't mind helping a company out but I want to choose when to do it.
You can argue that if you don't like it you don't have to do it, but what if it becomes a wide spread system? What if for some assinine system the US government started using MS passport to log into the IRS page and you HAD to file electronically? You start getting boxed into a corner. It's important that we have some say over the information profiles on us.
Never understimate the power of human stupidity -Lazarus Long
Having to carry all that information with you (maybe in a PDA or something?) if you want access to it is an additional burden.
Perhaps having an open standard for exchange of this type of information such as done by http://xns.org/, would allow multiple competing agencies to act as costodians. Give people choice and perhaps some of the control and privacy (and cost) issues would be less pressing than if all data was held by a single player such as Microsoft.
The article by Michael McCandless (stupid PDF file!) addresses some of the issues that XNS tries to address - albeit with the idea of the personal information residing on your network connected home computer rather than on an XNS-server run by some company that you decide to trust.
Now if XNS would get around to releasing their open source code examples and the detail technical specifications perhaps there could be more motion to widespread adoption. They claim plans to do so "real soon now".
With that said, XNS's ecard address book features are pretty nifty even at this early development stage.
From what I understand this only works for previously filled out forms.
.net authentication less attractive.
What is really needed is someone to release a standard for form field naming (i.e. name_first) then when confronted with a form you can select to fill all recognized form fields from an encrypted password protected database kept on your computer. Then it would nice if you could transfer this this database, encrypted and password protected, to sync up your other computers. This would make MS
They are called financial managers. They get all the bills, they keep tabs on all expenses, they handle all dealings with the financial world. All the rich person does is spend it and read reports on the interest they've earned.
So why shouldn't the rest of us have the same thing? I hate having to update dozens of records across the country every time i change an address or lose a credit card. Switching banks caused a huge uproar in my automatic online banking.
It's like e-mail. I would have to be a complete idiot to use my ISP-given e-mail box. As soon as a switch providers, its worthless since no ISP wants to offer a nice handy eForwarding option (even for a small fee). They want to punish you for leaving. Not even that, sometimes ISPs decide on their own to change their addresses (like what Netscape did when it bought some free webmail thing, or like MediaOne did when they became part of @Home).
So what do I do? I get my own domain and give that out. When my ISP changes, I don't care. Update the record in a single place and I'm done.
Extra layers of abstraction, like this, are desperately needed in the financial sector. I would love to see some AI that could handle the same functions as a financial manager without me having to make enough interest off of my measly savings account to be able to pay his salary.
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
This truely scares me. No words can describe the terrible events of Sept. 11 and there are things that can be and should be doen to improve security like having well paid, well trained FAA people at security checkpoints, and although im loath to say this face recognition software at those bording gates as well.
However, for the Atty General to want to trash the Bill of Rights which is was supposededly sworn to uphold is a far greater threat than any terrorist act.
Think of all the people that fought in previous wars and gave their lives to protect us from random police searches.
This is one of the most fundimental freedoms we have.
Am iI the only one to see Mr Ashcrofts actions as spitting on all the veterens of every war since 1776?
I hope those who cherish freedom can help in this, I for one am going to donate to the EFF.
If we let the FBI (et al) randomly scoure our comunications, then the terrorists have won, and iI am not ready for this.
I do not want to live in a 'banana republic' however if we allow this invasion of our privacy, the next White House news conference may very well look like THIS
* Carthago Delenda Est *
I don't want to dismiss the fear, because I think it is important.
But why attack Passport? How is Passport any more centralized than Visa or Mastercard?
You don't think credit card companies track your purchases? You don't get a statement at the end of the month? In the case of American Express they send you a statement at the end of the year that even classifies your purchases, so much at restaurants, so much for travel, etc...
These reactions seem to be more anti-Microsoft kneejerk reactions than any serious discussion of the problems and solutions. I don't see much value in that tactic.
...is that they run on hostile computer systems.
How can you make code that securely holds data, can unlock that data, can not be altered, and runs on systems that you do not control?
Sooo, which is worse, MS holding data about you on the terms that they won't do anything with it without your permission, or a piece of code running on hostile systems in every corporation that holds more data about you?
At OpenPrivacy, we are building a framework to separate who you are from what you do, so that you can contract with an agent (via a pseudonymous nym, so even the agent doesn't know who you are) to act as your "book recommender." This agent could be loaded with not only the books you're bought from Amazon, but also relevant magazine subscription, web sites, and, of course, books bought from other sources online or in meatspace. This agent would present this info to Amazon - perhaps via a Passport - as representing person X (or a demographic segment of size Y with Z tastes). After Amazon makes its recommendations and this information is returned to the user via an onion-routed delivery path, the user could go to Amazon and buy what they want. Or somewhere else, if Amazon won't play unless you have a Passport, which I doubt will happen.
The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
Right. But it does no good for you to just not shop there. It is important for you to email their site designers and TELL THEM "you have lost my business because you have given me no alternative to shop without MS-passport".
http://www.starbucks.com/customer/contact_forms.as p?nav=3i
Be fore-warned: Unfortunately, the idiots require javascript to submit this form, on top of everything else.
But I think it would definately get their attention if 20 different people contacted them with this.
NOTE: do NOT convert the above URL to a link. It will look better if they cant see the complaints all came from one place like slashdot.