Slashdot Mirror
Private Personal Agents vs. Microsoft's Passport
stefaanh asks: "With the recent MS Passport concerns, I remembered an 'IEEE Expert' 'JANUARY-FEBRUARY 1997 article called 'Managing your privacy in an on-line world' written by Michael McCandless. It talks about why you would hand out private information (on the Net), and proposes a personal agent that manages your info, in a way that you control, what, who and when to give out a selection of your sensitive data. Who benefits: you, and the companies that don't pay for outdated or inaccurate data anymore, but [pay you] for accessing correct data. Since I consider Passports 'security' not as serious as the potential of consumer tracking, what sits in the way for this personal agent to challenge the threat of Passport's centralized approach? Isn't the time right for such an implementation?"
The police will be able to come to your door and demand your electronic wallet. Or in an auto accident, the opposing party can demand it in discovery. Think of the black boxe in your totalled vehicle, now in the possession the insurance company. What if it contained GPS data?
Fight Spammers!
It keeps your personal data (optionally encrypted) and fills in forms for you. You can then select what data you want actually sent.
Is this what the asker referred to?
Make even shorter URLs - 8LN.org
a personal agent that manages your info, in a way that you control, what, who and when to give out a selection of your sensitive data.
Boy, I think I already have one of these. It's called my brain, and when a web site asks me for personal information, I consult with my brain to see if I want to give it to them. Then, I use another technology called my 'keyboard', and type in the relevant data. It takes about 30 seconds usually, and it has none of the potential vulnerabilities that come from entrusting my data to some 3rd party.
Are people really this lazy, or am I missing something?
Invisible Agent
This post is a mirror; when a monkey stares in, no hacker gazes out.
Even if we have dedicated networks to homes, and even if those networks are deployed to everyone's home like telephones, and even if we create this cryptographically secure database, how do we prevent someone from getting information out of it, and then reselling that information to someone else?
I think that this guy has an interesting idea, but I don't think that it's necessarily a solution for the privacy problem. I do very much like the idea of flipping a switch on my home PC to invite people to advertise to me for services that I need at the current time (e.g. my washer just broke and I need a new one). But how do I then prevent the phone number, contact information, interests, etc that I just gave out to Sears (et al) from getting stored in their own database and being resold to someone else?
Did I miss something in the article that addressed this?
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
Having to carry all that information with you (maybe in a PDA or something?) if you want access to it is an additional burden.
Perhaps having an open standard for exchange of this type of information such as done by http://xns.org/, would allow multiple competing agencies to act as costodians. Give people choice and perhaps some of the control and privacy (and cost) issues would be less pressing than if all data was held by a single player such as Microsoft.
The article by Michael McCandless (stupid PDF file!) addresses some of the issues that XNS tries to address - albeit with the idea of the personal information residing on your network connected home computer rather than on an XNS-server run by some company that you decide to trust.
Now if XNS would get around to releasing their open source code examples and the detail technical specifications perhaps there could be more motion to widespread adoption. They claim plans to do so "real soon now".
With that said, XNS's ecard address book features are pretty nifty even at this early development stage.
I used to work for Intermind, which morphed into 'OneName', which was the commercial counterpart to xns.org. The open source community just hasn't picked up the XNS ball for some reason. *shrug*
From what I understand this only works for previously filled out forms.
.net authentication less attractive.
What is really needed is someone to release a standard for form field naming (i.e. name_first) then when confronted with a form you can select to fill all recognized form fields from an encrypted password protected database kept on your computer. Then it would nice if you could transfer this this database, encrypted and password protected, to sync up your other computers. This would make MS
Make it a law: in order to email me or send me junkmail or otherwise harass me with advertising, you must pay me to get my updated contact information. (It'd be like $0.001 per but you know, when someone sends out 1,000,000 emails that's $10000 extra. At the rate of emails that I get, about 30 spams a day prefilter, that'd add up after a while).
Even if it was like $0.0001 the advertiser could benefit because they would have up-to-date advertising information.
And if I could indicate what I like and don't like, then they can also target better.
So $0.0001 if you just want my updated email address, or $0.001 if you want to know what I don't like, or $0.005 if you want to know what I like.
Pay per use advertising. Nice!
Scary thing is that it could benefit the advertisers too. =)
If God gave us curiosity
They are called financial managers. They get all the bills, they keep tabs on all expenses, they handle all dealings with the financial world. All the rich person does is spend it and read reports on the interest they've earned.
So why shouldn't the rest of us have the same thing? I hate having to update dozens of records across the country every time i change an address or lose a credit card. Switching banks caused a huge uproar in my automatic online banking.
It's like e-mail. I would have to be a complete idiot to use my ISP-given e-mail box. As soon as a switch providers, its worthless since no ISP wants to offer a nice handy eForwarding option (even for a small fee). They want to punish you for leaving. Not even that, sometimes ISPs decide on their own to change their addresses (like what Netscape did when it bought some free webmail thing, or like MediaOne did when they became part of @Home).
So what do I do? I get my own domain and give that out. When my ISP changes, I don't care. Update the record in a single place and I'm done.
Extra layers of abstraction, like this, are desperately needed in the financial sector. I would love to see some AI that could handle the same functions as a financial manager without me having to make enough interest off of my measly savings account to be able to pay his salary.
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
A recent MSDN article quotes, "Microsoft will not mine, target, sell, or publish any data contained within the Hailstorm data store without explicit user concent."
Is there any way to have a "EULA" type thing from the USER instead of the company? Could we take legal action in the same way they can if we violate thier EULA?
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
This truely scares me. No words can describe the terrible events of Sept. 11 and there are things that can be and should be doen to improve security like having well paid, well trained FAA people at security checkpoints, and although im loath to say this face recognition software at those bording gates as well.
However, for the Atty General to want to trash the Bill of Rights which is was supposededly sworn to uphold is a far greater threat than any terrorist act.
Think of all the people that fought in previous wars and gave their lives to protect us from random police searches.
This is one of the most fundimental freedoms we have.
Am iI the only one to see Mr Ashcrofts actions as spitting on all the veterens of every war since 1776?
I hope those who cherish freedom can help in this, I for one am going to donate to the EFF.
If we let the FBI (et al) randomly scoure our comunications, then the terrorists have won, and iI am not ready for this.
I do not want to live in a 'banana republic' however if we allow this invasion of our privacy, the next White House news conference may very well look like THIS
* Carthago Delenda Est *
I've found that the *only* way to effectivly manage your personal information is to fabricate it when the request for it viloates your personal boundaries.
.com boom going got a little tough), I'm very glad I made this decision. This does go to show you just how careful you have to be when making this call.
r s-resume?
Everybody treats identify theft as a bad thing; however, I believe that as long as you are ethical in your use of another person's or fabricated identity (ie you aren't using their idenity to commit some sort of tanageable fraud that results in loss to another person or company for the direct purpose of evading prosecurtion), there's absoluetly *nothing* wrong with it.
Case in point: ebay has *never* had any of my personal information. They might have enough to eventually track me down to a phone number, but then who's to say if actually that means anything. In retrospect (when the
My windows boxes? All registered to "_" who works for a company called "_@-.com". My word documents? All check with strings and binary edited to remove unwanted tracking information. I'd suggest everyone out there do the same and show microsoft just how irrelivant their user ID is (something that I hope they're not using for passport).
Some suggested reading:
Who Are you?
Inetrrupted Identity
From Victim to Victor
The degree to which an alternate identity is used is, of course, up to the users. And obviously, there's some funadmental line in the sand that each of us draw. Mine is my employer. Basically, I believe that it is funadmentally wrong to use an alternate identity for employment. That usually goes a long way towards abreviating any run-ins I might have with the Feds. regarding victimless forms of "fraud" as interperted by the letter of the law. If you're cleaver, other ways to sign documents and fill out government forms that will keep you clear of these issues, but, for me, it's not worth the hassel.
One of my biggest pet peeves is recruiters and placment sites/agencies that take liberties with my resume, references or other personal information. Recruiters are such information whores (part of their job) and job web sites are even more poorly secured that most ecommerce sites... once the information goes into the hands of recruitment, it's basically public domain. What *really* pisses me off are the government job-kit sites that require your SSN (and threatens the force of fenderal fraud law if you don't supply the correct one). If you've shopped around for a government job, one thing you'll notice is that government bureaucrats required the use of these sites and have you fill out all manner of paperwork and forms in order to reduce their work load. Often, they'll require your SSN to be actually listed *on* your resume (god help you if you mix that up with the regular recruitment agencies).
Consequently, I use web bugs to track the distribution of documents I write. In particular, my resume:
http://www.datadoctors.com/webbugs/
Adding a web bug to your resume is so incrediably easy I don't understand why more people don't do it:
Microsoft Word
Main menu
Insert
Picture
From file
URL in the filename box
Pulldown: link to file.
Of course you have to have a transparent 1 pixel gif/jpg out on a web server to which you have access to the log, but hey doesn't every self-respecting geek have one of those?
I only which this microsoft word feature had the ability to send more information back and perhaps execute some server side code; it would be really nice if you could gain access to word environment variables via the url specification, like this:
http://www.resume-tracker.com/cgi-bin/trackit?use
Which would serve up a 1 pixel transparent gif/jpg while recording the reader's e-mail address in my log file.
Or, how about a word macro that automatically inserts a web bug with the date as a filename in each document you write (of course, you'd have to load up your webserver with a bunch of 1 pixel gifs or the macro would have to dynamically publish the new file name out to the server).
I've also been thinking about extending this technique to web-based or HTML e-mail using javascript/activex, but I don't write a lot of HTML mail (it's fundamentally evil in my opinion).
Also Adding embedded javascript/active-X into the text input at various job sites meets with varying amounts of success.
Of course, sending a word or html document that would load the core information (payload?) from a central location using strong encryption would be best
Upon sending out a few resumes, I've noticed serveral things. First, I can identify those who are well networked. Second, I can track resume age/versions fairly accurately. And finally, I can easily discover which job search sites are the best with respect to the privacy vs. dispersion trade-off.
A resume isn't a fully fleged meme, but it's close and, as a consequence, I would like to have a little control/information about how it propagates.
Is that too much to ask?
Looking at online stores I think it's a fair deal that they collect the information _they_need_ to do their business in a database - but only that bits they need and with a grant that they use this information only for their business.
So the problem remains with logging in to their site and people today seemingly unable to remember username&password. So what we need is a standardized login interface (xml-rpc, soap whatever) and a facility in the browser to talk to it.
The browser would hold a database with URIs (https of course) and login/pw. To add security, this database could be encrypted globally with a user password and per-site with a key the site transmits (or just with the URI said information gets POSTed to).
Are people really this lazy, or am I missing something?
Passport isn't about saving keystrokes, it's about control, specifically who has access to your personal data and for how long.
As slashdot has reported in the past, Failed Dotcoms Like Selling Private Customer Data, and a most recent example of this is Egghead.com selling its customer list to Fry's Electronics Twice already I personally have knowingly been bitten by this (CDNow and Egghead) and I have no idea what websites I may have bought a book or CD from in the past that may have failed with my personal info in their databases or haven been sold to a competitor. With a system like Passport, I specify what which websites have information about me, what information they get to see and exactly how long keep this information.
This is just one of dozens of possible Passport usage scenarios.
I don't want to dismiss the fear, because I think it is important.
But why attack Passport? How is Passport any more centralized than Visa or Mastercard?
You don't think credit card companies track your purchases? You don't get a statement at the end of the month? In the case of American Express they send you a statement at the end of the year that even classifies your purchases, so much at restaurants, so much for travel, etc...
These reactions seem to be more anti-Microsoft kneejerk reactions than any serious discussion of the problems and solutions. I don't see much value in that tactic.
Fortunately, I am working on a free replacement to Passport. It's called GMOTB (GNU Mark of the Beast). All versions will be version 6.66. The software is free (as in beer) and free (as in speech), except you will have to give us an irrevocable perpetual non-exclusive license to your soul. We will not have to safeguard your soul or keep it private, and we can cross-sell souls with some of the other companies with businesses in this same IP space (such as the Christians and Muslims). Even though they don't like us very much. We are protecting our IP space from thieves like open source advocates by enforcing our patents in several key areas including "A Method and Apparatus for Parallel Achievement of Salvation", and "An Apparatus for Storing Large Numbers of 1's and 0's and Changing them Periodically to New Arrangements Based on their Current Arrangements to Create Mathematical Models of Real-World Phenomena". Needless to say, although Bill Gates has been one of our strategic partners for a long time, we feel it is important enough to win in this market segment that we have struck out on our own to give consumers true choice.
Best. Comment. Ever. Enjoy!
...is that they run on hostile computer systems.
How can you make code that securely holds data, can unlock that data, can not be altered, and runs on systems that you do not control?
Sooo, which is worse, MS holding data about you on the terms that they won't do anything with it without your permission, or a piece of code running on hostile systems in every corporation that holds more data about you?
I personally hate Passport. However, if a centralized system were done *correctly*, there are a couple of advantages.
You can use it from any PC. A "wallet" system is just too complicated for most users (it can be transported, but most users won't bother). Plus, if I'm not mistaken, Passport would work from any browser. Wallet systems (which I believe IE and Mozilla both have an implementation) work only on that browser, and on that PC unless you export.
On top of that, the Passport system is more automatic; get a Hotmail account and you have a Passport account. Use one of the participating online retailers and you have a passport account.
OTOH, if a "wallet" system were implemented that was cross-browser (if not cross-platform), and more easily transportable, maybe it would catch on. I would trust my data on my own machine long before I'd trust it on a bunch of NT boxes up in Redmond (or wherever)...
In either case, personally I prefer to judge everything on a site-by-site basis. I often use a different email address for each site, partly so I can track originators of SPAM lists and such... so neither method would work for me.
Also keep in mind that, if you use a "wallet" system and use the same information at each site, this information could just as easily be shared between sites, and compared/compiled to track your usage, though admittedly it would be more difficult/less likely than a centralized system.
NGWave - Fast Sound Editor for Windows
At OpenPrivacy, we are building a framework to separate who you are from what you do, so that you can contract with an agent (via a pseudonymous nym, so even the agent doesn't know who you are) to act as your "book recommender." This agent could be loaded with not only the books you're bought from Amazon, but also relevant magazine subscription, web sites, and, of course, books bought from other sources online or in meatspace. This agent would present this info to Amazon - perhaps via a Passport - as representing person X (or a demographic segment of size Y with Z tastes). After Amazon makes its recommendations and this information is returned to the user via an onion-routed delivery path, the user could go to Amazon and buy what they want. Or somewhere else, if Amazon won't play unless you have a Passport, which I doubt will happen.
The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
Comment removed based on user account deletion
A personal agent can store your profile data, and have an active implementation of your policy, possibly performing interaction with the owner.
The advantages are clear:
<SHAMELESS PLUG>
My employer Tryllian sells a platform that from the start was designed to deal with these issues.
</SHAMELESS PLUG>
I guess it would be rather easy to define an open and distributed authentication protocol that uses open encryption algorithms and protocols. Just use PGP/GPG or even SSH as the basis for the protocol.
I guess there might already be such software?
You could hold your "PassPouch" on a single client machine, but you could add a possibility to give a "PassPouch" to a centralized server. Then use a trivial negotiation. I guess it wouldn't take too many days (hours?) to implement a simple prototype.
Or use public key crypto the way PGP or SSH does, and simply give a public key to the sites that need authentication, and implement a trivial negotiation.
I guess the biggest problem is finding trusted servers for storing the pass pouches. The servers can also be hacked easily, in which case someone could steal your passpouch (which is useless without a password though) and then sniff your password. I think there might be some cryptographic solutions for this. In some earlier Slashdot article someone mentioned that computing in a hostile environment might be possible with some cryptographic solution. It might then be possible to run the authentication code in a secure virtual computer.
You could also have a number of different pouches for different tasks, if you want to have more security.
IANACE.