Slashdot Mirror
MS Zone Users Must Use Passport Accounts
pathos writes: "CNet reports in this article that Microsoft, in its continued obsession to get everyone and his/her mother to be a registered Passport user, forced all of it's MS Zone gaming site users (including players of 'Asheron's Call') to open accounts in Passport in order to keep using the service... too bad that a bug with their .NET deployment kept many users not being able to access the service..." Of course, if you run the hotel, you get to say who uses the pool ...
I hate Microsoft as much as the next *nix guy, but this makes sense to me. If you're going to push a single account/password strategy, you need to implement it yourself first.
.NET and Passport. For myself, I'll just continue to choose not to use any Microsoft web services.
If you are going to use Microsoft web services, you have to get used to
But the whole point of passport was to provide a single continous logon throughout the MSN suite of web sites.
Why is Zone.com any different?
Of course, it looks a little different if you consider things from a business perspective. If you're a company that has 7 different login and authentication systems for their wide array of services, and you could centralize that for cost savings, wouldn't you do it? I would.
The problem with Microsoft is that later down the line someone will say "we should use this massive pile of user data we've got to get volunteers to test our new free brain implants."
Not everything Microsoft does is evil, it's just usually the last thing that they do that turns everything they've done before evil.
Predictions:
Microsoft will block access to www.microsoft.com unless you have a Passport account.
When that happens, Slashdot will report it as 'news'.
If all this should have a reason, we would be the last to know.
I have never paid for MS product. Sure, I've used them countless times, buy not a single dollar of mine has gone to the evil empire.
sin(6cos(r)+5A)
And if I violate the ToS for any Microsoft service, do I get my passport pulled so that I can no longer access my Hotmail account or anything else that requires it?
I know we've said this before, but whenever Passport allows access to everyone bank account and stock portfolio the Passport servers will the the target of every black-hat hacker on the planet. And you know that script kiddies will be blasting it constantly with DOS attacks.
I'm sure MS will have excuses for why it happened to, like published security holes and such. But it will be their fault for leaving so much critical information linked to one account.
-Xenopax
Hmmm, I was unaware that special legislation was required to make people use their login system for their website. What did I miss?
If it ain't broke, you need more software.
Here's a question for people to ponder. What happens if I violate the terms of service of Passport or any attached property of Microsoft? Or more to the point, what happens if Microsoft mistakenly thinks I did but I didn't (like if I was hacked, etc). It seems that as Passport is further extended, this has a greater and greater impact on my ability to do things on-line. What if my bank uses passport? What if I communicate with my doctor through a passport secured site? If I get booted from passport for whatever reason, there could be some serious personal ramifications, and there's noreal recourse for me because I clicked the little "I Accept" button.
I grant you this is a little out there and paranoid, but I think that if passport does become a very fundamental part of on-line authorization systems, this could become a potential problem
This sig has been temporarily disconnected or is no longer in service
It remindes me of Tandy's long-bankrupt Incredible Universe, which wouldn't let you in the the door without a credit check. Hmm, I wonder why they're no longer in business?
If all this should have a reason, we would be the last to know.
aware.
98% of all usable land. Now, if they did, and they
insisted that some African goat-herder who has
never even heard of the US be a US citizen in
order to continue herding goats, you could expect
a bit of a protest. Quite a bit of a protest.
The point is not that Microsoft is doing something
wrong, because they DO own the service and they DO
therefore have a say on how it is used.
The point is that they have monopoly control on
the desktop, they have monopoly control on the
browser market, and they are rapidly acquiring a
monopoly on the online gaming industry. The
leverage of a monopoly in ONE field to control
another is illegal, never mind three!
And therein lies the problem. The control is not
at issue. It is the abuse of monopoly power in a
seperate field, in order to gain that control,
which is so often the problem. You are simply not
permitted that kind of power, in the US. At least,
in theory. It's not slowed Microsoft any, even
though their actions have been declared illegal,
by numerous courts, over monopoly abuse.
(And here you were, thinking Monopoly was just a
board game!)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
This has nothing to do with rights. Well, it does, but it has to do with Microsoft's rights. They have a right to use whatever authentication system for their web pages that they choose.
You, as the average internet consumer do not have a right to access some companies pages without using the access mechanism that they choose. You do have a right to not grace that company with your business, though.
Really, can someone explain to me all of the mis-directed righteous indignation at Microsoft over this? It's a non-issue. If you don't like what MS has done with the Zone...tough. Just go play elsewhere.
I can still play MechWarrior 4, for example, I just can't be an 'uber stat monkey' and sit around on the zone all day making fun of people who can't stand against my ph4t sk1llZ. :p
And even if future Microsoft games require Passport to play.. So? It's a Microsoft game. They have a right to choose who plays it. As long as it says, "Passport required for play." on the box, why do we have the right to bitch?
..If I want karma on Slashdot, I need to make an account. True, an account also saves preferences and tells the server where to shove that karma. But there's little difference here, because the Zone, for example, required me to make an account to store my MW4 stats.
So they're changing from some obscure account system to Passport. An account is an account. Accounts tend to hold you accountable, too, from what I hear.
Of course, there are alternatives. If I don't wish to endure the Passport system, I can go play, say, Heavy Gear instead. Or insist that Bandai needs to release a Gundam sim. Sure, it's not Mechwarrior 4, but maybe I should be taking that up with the people who sold the Battletech rights?
Rights, there's that word again. Yes, people who create things generally have rights to do with as they please with said thing. I'm an author by trade, and, while I don't feel the need to come out and say, "Hey, Joe Windows User, I don't want you reading my book!", I have the right to say, "Hey! Fred Publisher! You're not reprinting my material without paying me!"
But should I ever want to say, "Hey, Joe Windows User..", shouldn't I have that right? (Granted, it'd be pretty stupid of me *to* say that, but hey, work with me, people.) After all, anything I create is *mine*, to do with as *I* please.
I'm delving into things that are just silly here, but the argument holds with common sense issues too. Just as we don't want foreign nationals electing our president, we don't want people basing programs off of GPL'd code and closing the source. If we have those rights, why doesn't Microsoft have the right to say, "You can't utilize our stat recording system without getting a Passport."?
Perhaps it's just that some people insist the entire world revolves around and exists to serve *them*. (:
Worse, Microsoft is peeing in their own pool.
They've managed to walk a fine line for years between having notoriously bad security, but not bad enough to get into serious trouble, legally or civilly (let's face the whole DoJ thing is a bust). Now _that's_ innovation!
You are in a maze of twisty little passages, all alike.
Exactly, in this case it is using its lock-in to a popular site and popular game to drive people to register with Passport.
Someone at Microsoft creamed their pants when they woke up one day and realized how many things they could tie Passport into. And by tieing into it, they realized that they would have 80% of the world on Passport before Joe Consumer realized how dangerous Passport could be.
It's insidious.
When another company does it ... it's called "Single Sign-On". When Microsoft does it ... it's an attack on personal rights and privacy.
Taken on its own, this doesn't mean much. However, I was just reading an article on The Reg - The Microsoft Secure PC: MS patents a lock-down OS and this paragraph puts Microsofts plans much more in place...
"the content provider would have to maintain a registry of each subscriber's DRMOS identity or delegate that function to a trusted third party," and the number of unique DRMOSes, the authors acknowledge, could run into the millions."
This fits in very nicely with passport as you can not only authenticate the user, but the system they are operating as well. Not nice when you consider that MSFT has registered patents that include the removal of unauthorised software from the system...
So how do you propose these problems are solved?
.Net? Just so you don't have to remember many passwords? I think that's a very silly idea on its face.
What problem? That you can't remember your own passwords? That justifies the titanic investment in infrastructure that Microsoft is making, along with Sun, and everyone else who is throwing their hat into this ring?
I doubt any of them are trying to solve the same, simple problem you want them to solve. How would solving it contribute to their bottom line? Think about it. Has Microsoft ever done anything that didn't reflect their desire to increase the bottom line? Why do you think they are spending a massive amount of money on
But I am sure that they will continue to promote the idea that that are trying to solve that simple problem of multiple accounts and passwords. After all, who could object to that?
Edith Keeler Must Die
Oh, I dunno... How about an open, documented trust protocol so that more than one trust authorizer could be established? How about having the trust authorizer legally liable for any financial damage cause by their mismangement of trusted information? Have the providers establish bonds or insurance to cover this.
How about extending the current trust infrastructure into the digital domain rather than handing off to one company on a silver platter?
Oh yeah, I forgot... This is America 2001 - private is good, public is bad. Sorry for the slip up. I promise it won't happen again.
That is all.
Sure, look at your e-mail address and basically copy that architecture. E-mail overloads the DNS system by specifying a MX record that takes you to a mail exchanger. The entire system is very distributed, unlike the centralized nature of passport and hailstorm. So, to create an alternative, just add some DNS records for authentication and user information records for a given domain. Of course for this to work the DNS system would need to be secured via DNSSEC or something similar.
That way, just like I run my own DNS server and my own e-mail server on a box sitting under my desk, I could similarly run authentication and authorization services from a box under my desk. When I logged into a site it would acccept my e-mail address as my username and validate my password against my authorization service sitting under my desk at home. Then the site could be allowed to store cookies and other information it needs on my box at home for personalization of that site (or this could be denied by those who were paranoid about usage tracking). Then when I wanted to buy something it could securely retrieve my credit card information from the authorication server sitting under my desk and use that.
This way I get to control access to all my information, I get to run security on all my information and I'm not affected by any sort of failures (security, availability, etc) in any centralized service (other than the root nameservers, which i don't want to claim isn't important, but its less of a problem than centralized control of everything like passport and hailstorm). For people who don't know how to setup their own mail and DNS servers they could choose ISPs that they trusted, or if they trusted their IS department at work they could use servers at work. Ideally you'd see the current crop of DSL router/hub/firewall/DHCP boxes grow to also offer plug-and-play authentication and authorization for more novice users at home.
This solves both the multiple-account problem and it also solves the multiple access point problem (having uniform accounts and such across your laptop, desktop, PDA, home, work, etc...). It doesn't, however, give one company centralized control over all of the information and the ability to tax every transaction running across the service (as may happen with passport).
I sincerely hope that something like this will come out of the Liberty Alliance. Unfortunately, I don't see much of a business model involved in it. The only hope for this is either in truely altruistic Open Source, or in a consortium of companies that want to avoid the Microsoft Passport Tax.
I don't rent videos from Blockbuster because they insist I waive my rights under the Video Rental Privacy Act.
I don't buy from Amazon because they now insist I "register" before buying.
It's getting hard to spend money.
One company does not need to control ALL of anyone's information. Credit card companies can continue to hold your credit card number, banks can continue to hold you bank numbers, your phone company can continue to hold your phone number and address, etc. With the help of a central company, one can link much of this information together with a single password, but still having information stored and protected by these original organizations. One profit driven (or even not for profit, motive hidden) organization cannot possibly handle the amount of trust that would be required to have all of this information together centrally controlled, both for technical and trust issues. No alternatives exist because this is a being implimented by a monopoly which will do everything required (not justified) to fulfill their task of remaining at the top in their current fields and new ones. Everyone with a computer that has anything recent M$aft based are already being flooded with reminders to register for this so called optional service that has an agreement over 4 pages long. Someone already mentioned you can't de-list from some of their email lists without a passport, what happened to the law that required prompt removal from unwanted email lists without the need for personal information? They are already breaking the law. Where does this leave the future when undoubtedly all M$aft based computers will require passport to even turn on to it's rent-a-software scheme? It's a grim future for computing and personal privacy if something is not done.