Slashdot Mirror
i-Names Pick Up Steam
There's been coverage in LJ on the whole "Identity Commons idea. Basically, it's a domain registrar for your unique name - with them on sale already. ASN has published a whitepaper on the topic as well.
← Back to Stories (view on slashdot.org)
Now if there were only a site to keep track of my multiple Identity Commons names.
> whole "Identity Commons idea
:)
UNTERMINATED STRING CONSTANT. My head hurts now
My other car is first.
...I really don't see a chance of this becoming popular, especially when it's arriving late in the game. Like it or not, the guys who thought up foo@bar.com-style addressing hit pay dirt in terms of coming up with an addressing scheme that real people could deal with.
Go somewhere random
I tried reading up about this in the past and couldn't figure it out. Is this going to be big or just a flash in the pan? I mean is it worth it to bother putting down money for this or will it be something like Microsoft's Passport failure?
Trolling using another account since 2005.
Is it just me or is the site rather too wordy and techie for the purpose is it indended for? (ie. it's a site to sell their product and idea).
I had a quick skim of the site and I'm still none the wiser.
How come when Microsoft tried to do this with passport everyone thought it was evil. But now, because it's not Microsoft, there will be a lot of people saying this is good. The reason why this stuff bothers me is because I don't want to trust anyone to control all my signing on to every site. Because no matter how secure it is, if someone breaks the security, they now have access to everything. At least I know now, that if someone breaks (guesses) one of my passwords, then they've only broken one of them, and not all of them.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Oh, and public lynching of people who use Flash for forms (*cough* UCI Cinemas *cough*).
I am TheRaven on Soylent News
Sure the idea of one common identifier is cool, but how does this system provide me with more security. Where is my personal data maintained? How do I know that this won't just end up as another information clearing house for corporations and the government?
I haven't read all the article yet, but... if one of the ideas of this thing is to enable sites to prevent multiple accounts by a single person, will be there be a way for me to register in a site using my i-name, without letting the site to know what's my actual i-name? (unlike MS-passport).
It's technically possible.. I hope they implement it.
Slashdot community, please notice: I am looking for a girlfriend.
Nave H. Weiss
How many eggs are in your basket today?
It would be cool if it didn't suck.
It was stupid and impractical with MS Passport and it still is with this company. Why would I want one password to access all of my information on the internet. And why would I want one company knowing it.
No Thanks...
Isn't this just another MS Passport like scheme? The reason that thing didn't catch on wasn't so much that it was Microsoft or even that they wanted to keep all your information on one (hackable) computer, but the fact that it simply isn't a big enough advantage.
I personally have tens of usernames and passwords; the important ones are all different (as are the passwords), and the unimportant ones are from a small selection of names. Having only one names means having only one thing that an ID thief needs to crack. Thanks, but no thanks.
i-Names Pick Up Steam
I wonder how much Valve sold it for.
Just a guy with an opinion
I equate ideas like this to a late-arriving cyber real estate agent, seeking to find some creative, yet not terribly useful or practical way to divide up property that people already own.
.name TLD and hasn't worked. And Microsoft has far more resources poured into their pseudo-secure give-me-all-your-personal-info "solution."
The premise is that you pay for a pseudo-permanent identity in cyberspace. Ok, however, the TOS, like most other TOS disclaim any responsibility to consistently deliver the services you're supposedly paying for:
# Although our intention is that this service is always available, 2idi and its licensees and affiliates reserve the right to interrupt or terminate service for some unforeseen circumstance.
# Please note that amendments to this agreement, and to 2idi policies that are incorporated by reference in i-broker agreements, may be made at any time at the sole discretion of 2idi in order to best serve all members of the 2idi community.
The second part is particularly exemplative of the total and utter uselessness of schemes like this. Sure, they want to encourage you to use them as a central repository of personal information, and they allude to respecting your privacy, but they reserve the right, at any time, without your approval, to change the terms of their service, which may arbitrarily involve giving out personal info or whatever they want with whatever they have of yours.
Whenever I evaluate the value of an idea such as this, I consider to what degree the value of the project is based on a useful service, verses the degree to which the success of the project is dependent upon a) obtaining market share and b) marketing. This project fails the test. It doesn't offer anything innovative, and therefore will be marketing driven, and if it doesn't have market share, it will ultimately fail and be useless.
This is one of those markets where it's just too dangerous to fiddle with. For all the resources they invest into this effort, Google, eBay, MSN or Yahoo can pull a similar scheme out of their hat and put them out of business instantly. Spamcop already has a highly effective e-mail/spam forwarding service. The central identity thing has been tried with the
OTOH, what I do like about the basic centralized repository scheme, is that it would be better served as a way to manage and authorize legitimate SMTP servers.
Isnt this like the .Net Passport idea? Maybe I am confused, but I thought that was the idea behind the Microsoft Passport system... to have one common ID and login place.
Only problem is... I have only ever seen it embraced by Microsoft.
Correct me, if I am confused.
As mentioned by CastrTroy above, identifying yourself with one username and effectively logging much of your internet activity with one company is a very very bad idea. People who accept it as a good thing are nieve, and the sort of people who do not question government but trust it.
In the UK at the moment, we are being shaped and molded by a totalitarian government that is effectively reading from the Manual of Marxism. Not only are they stealing our freedoms by the week, but they are fraudulenty manipulating the voting system to prevent it being used to remove them. This is not an African state I am describing, it is Britain.
So in this light, is it a good idea to let go of any freedoms?
I-Names ... ...
what is next I-address, I-telephone, I-slashdot
I had a look at each of the links in the summary and after reading what amounts to a bunch of technical docs thinly coated with some sales and marketing I still can't find a single reason I would want to sign up for this. Can anyone argue as the devils advocate here and point out the possible benefits of signing away $25USD to an organisation I hadn't heard of until this morning?
huh? LiveJournal? Some angsty teen fearing her AOL screenname got haxored and is now Identity Commonized?!?
i-Names? Is this an Apple product?
Coder's Stone: The programming language quick ref for iPad
...Microsoft would certainly tie it to payment methods (possibly creating a time when a Passport is REQUIRED to make online purchases from "partner sites"), and entrench itself everywhere, and use it as a method to hawk and secure market positions for its own products.
A hopefully open consortium of people doing universal identity (not saying this idea is necessarily it) would be doing it for the public good, not for greed or a mechanism to use a monopoly position to force its products on people.
an unambiguous human-friendly name is an oxymoron.
I guess they set up this service only to get all the "$25 for 50 years" payments of people or companies which don't want someone else to take their "i-name".
I'm sure they'll make a few thousand bucks on it, especially after the slashdotting. A few months later, the site silently disappears.
Come on, the "single sign on" idea is flawed anyway. I'm never gonna trust all my data to a single entity, nobody does that - just look at asset management. Diversify your risks.
I don't care about dozens of passwords, my (Apple) Keychain stores them all. That's one system that works, and the data stays on my computer.
The i-name =slashdot is available.
The i-name =apple is available.
Looks like a real popular system. Isn't this just RealNames all over again?
i-names tries to sell uniqueness through a world domination scheme. ($25 ?! )
Google already has the world domination. (Microsoft tried with Passport, didn't work out.)
Fight Frist Psoting!
Browse Slashdot with 'Newest First'!
What a load of crap!
500GB of disk, 5TB of transfer, $5.95/mo
Sounds weak to me. I wont do it.
Long Live OSX!
This should be done via a software solution on the desktop that keeps track of all your passwords and inputs them for you automatically (a la Mac OS X Keychains). Uploading all your personal passwords to the net (no matter how many claims the company makes regarding their trustworthiness) is suicide.
Seriously, I think companies are going to lose this battle. The internet started life as an anonymous network, and there are many people (myself included) who want to keep things that way. Though it would be convient, the major reason I don't want a single online indentity is that there is too much potential for abuse by companies who LOVE to track the movements of their customers. A company searching the internet for my online identity can basically trace everywhere I've gone and everything I've done while online, no matter how many years back it was. Nobody should have that kind of power. You can't even get this kind of info on someone in the real world (unless you're a government spy agency), so why should anyone need it in the virtual world?
Thank you for listing the reasons simply and succintly. There has been a growing "Why do you keep senselessly bashing Microsoft?" voice on Slashdot, lately. Your post highlights that much (though I can grant not all) of the Microsoft bashing is NOT senseless, and IS based on their past corporate conduct.
The living have better things to do than to continue hating the dead.
At first having one login for everything on the web may seem like an intelligent idea; one that solves the problem of people not having to remember a gazillion different logins for every website. This may be also be great for old people who just can't remember. However, what happens if someone gets a hold of you login name, or oh, just overlooks you typing in your password. Will they have access to all your accounts on any website you have registered on the net? Isn't there a reason why people make different logins with different passwords in the first place, so this wouldn't this become a problem in the long term? Just my 2c.
Is it just me, or does the whole i-Something naming scheme make anyone else want to vomit? Everytime I see i-This or i-That, I want to hurl all over my monitor. Is anyone attracted to that?
PS The e-Thing shit is starting to get annoying as well. Get some creativity and get a real name.
Looking strictly at a single global namespace of all possible people, human-friendly globally unique identifiers cannot scale. I know, I am one of at least two people in my extended family with the same first, middle and last name. (Hmmm... I wonder if that isn't why C++ has namespaces? :-) )
:-) ) There's "Jesus of Nazareth", etc. etc. People's names tended to be locally unique, and global references simply used locality to distinguish one from another. We have more flexibility in expressing "locality" in the internet than classical geography, but there are ways to do it.
Thinking about how these things would actually be used, however, it's not so difficult to arrange a way to make it work. People who interact with me are not likely to be interested in the other people with "my" name. As long as it's possible to establish an extensible model for expressing unique identity (not necessarily *easy*, but I believe feasible), then one can use a locally defined alias to the globally unique identifier.
Maybe some history of an individual might be useful in disambiguating one individual from another where name doesn't match. "Leonardo da Vinci" is an example. That guy was "Leonardo", and "da Vinci" distinguished him from "Leonardo da Verona" consequent to his being from "Vinci". (apologies to people who actually know how to express such things in Italian.
A PayPal ID has a means behind it to actually verify your ID - the credit ID system. I see no way in which INames ensures that the person holding an ID is...anyone. Since there is no verifiability behind the ID (and no penalty for misuse), this is already DOA. With a PayPal-style account, you can leverage the entire industry of identity theft tracking and misuse-penalizing via the credit industry (i.e., hit em in the wallet)
Just another bad idea being forced (and for money, geez) upon everyone. Just wondering, how many people are there with same names (I am one of those people, who have such names that are one in a dozen in my culture and language) who will fight for a good i-name. The other point, who on this planet would trust every online access on a single id ? Well, nobody with a sane mind would. Once found out, all your base are belong to them.
No way I am willing to be forced into such a thing and even cashing out money for such a wrong purpose.
MS's passport wasn't that good either, but at least I (we) didn't have to pay for it.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
What is generally used to make human names unique is the date of birth. It would be pretty rare to have the same exact name plus the same exact date of birth. Of course, once you have that information, you can do all kinds of nasty things like look that person up in public databases (voter registration, DMV, etc.). So in the end it isn't good to have your i-name reveal anything about you that can be used to find information you don't want to reveal (i.e. address), and definitely not to have it provide information that will connect to your real-world identity if you wish to keep those separate. That makes it an even more difficult task.
I just read
Comment removed based on user account deletion
Guess I'm the only one who read the title and thought that a company bought Steam, the half life 2 content delivery garbage.
OMG. WTF? LOL!
http://xkcd.com/386/
First Read:
.... wait. You've got spam! What if you have to change it?
http://xns.org/i-names-explained.html
http://xns.org/xri-and-xdi-explained.html
http://www.xdi.org/
The premise is that you pay for a pseudo-permanent identity in cyberspace.
What else have you got? If you don't have your own domain somewhere, that can often times be taken down by your ISP "just because", what else do you have? Your email address. That's pseudo-permanant, right. Is it 50 years permanant? Maybe.
So you tell everyone your email address for a pseudo-permanant identity - great!
Will that email address cost you more than $25 over 50 years? 9 times out of 10 people will spend significantly more than that to maintain an email address with any kind of permanancy. And they'll get spammed all the while because the identifier is directly tied to the delivery method. You can't tell someone who you are without giving them a direct line.
XNS is a global public database that people can go to if they want to find you, just like DNS resolves mabu.com into the IP address your server is at. Not a global public database that contains all the juicy bits, just who's got the goods. Can you imagine being tied to the same IP address for the life of your domain name???? We all want to be able to move but nobody wants the trouble of keeping every single contact you've ever had informed of your new location.
This system makes it like this: If you want to find me ask my broker. He'll get in touch with me and make sure I still want to talk with you, then either I'll tell him "sure - let him know where I'm at." OR "Thanks for trying to get in touch with me. I'll call you."
You can give your broker a whitelist. All these people (your brother, parents, some old school friends) - tell them whatever they want to know. An offwhite list (you can keep a list of individuals, any from *@alumni.school.edu, how "connected" they are or based on reputation) - feel free to give these people my email but I don't want them knowing where I live. A blacklist tells your broker never to give out any information to (=these, =people, =and.weird, =relatives, =and.old, =girlfirends) And on and on.
The global part points anybody in the world to the place where the goods are at, just like how the root DNS servers point to the "authoritative" DNS box you run on your own net. You can change things there and when people come looking you feed them whatever you want - YOU STAY IN CONTROL.
The whole broker thing... You choose a broker you can trust. Right now there is only one, 2idi.com. Not to say you couldn't start up your own. Granted you'd have to get people to trust you if you didn't want your service to fall flat on it's face, but you could do it. Maybe run one for your family or business. Thawte could do it. CACert could do it. Your bank could be your broker. Whoever you trust to handle your personal information, THEY would be your broker.
Sending $25 and your credit card and your email address to 2idi.com is not a requirement to use XNS. At this point they're the only game in town so if you want a particular =i.name, it's pretty much a race. They stick for 50 years.
More (from 2idi.com)...
Basic Terms of Use for your I-Name
* Once registered, you can use your community personal i-name as long as you adhere to this agreement and any applicable laws.
* You can keep your i-name for as long as your community maintains a relationship with an i-broker. You can also add other community or global i-names to your account that can act as synonyms for your community i-name.
* The community i-name registry is public. It does NOT contain any of y
So uh...does anyone know what these "domains" will look like? Personally, I'd rather just go with a .name address, anyway. At least the Internet isn't going to go bankrupt. I guess...
Your ad here.
I'm working on a thing called "Local Names."
It points names to URL's, but you can use that for identifying purposes. Especially if you mix & match with FOAF.
There are no central registries.
Names are based on the community namespace, rather than some central server.
(That means you don't have to pay me $25, and can address your friends by their first name.)
Maybe VAC will get updated... :)
Looking strictly at a single global namespace of all possible people, human-friendly globally unique identifiers cannot scale.
if they're not globally unique, they're ambiguous.
People who interact with me are not likely to be interested in the other people with "my" name.
It's happened to me, more than once. There used to be someone with the same name as me working for Microsoft. Due to blind trust in directories and address books, I used to get some mail intended for him, and he got some mail intended for me. There was another situation where someone at a different company had the same name as me, but because of the way their screwy email directory worked, any mail from anyone at that compnay to that person would get sent to me. The sender didn't even have an opportunity to double-check the address.
Yes, we can use additional information to disambiguate names, but if we want that additional information to also be human-friendly then it's going to need to be able to match against lots of different attributes (where you live, where you work, what you do, what organizations or communities you belong to, what you look like) and do some amount of fuzzy matching - and then you get into 'interesting' privacy issues.
not that people shouldn't try to work on it, but it's not a simple problem with an obvious solution.
One of the primary misconceptions about i-names is that they're centralized. They're not.
Another is that 2idi is just another passport controlling your information. It isn't.
It's clear that Identity Commons and 2idi have to work on their messaging...
The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
I found this particularly telling;
Even assuming for the moment that you could substitute an i-name for an email address, there's no reason to suppose that your i-name wouldn't get just as much spam.
Then there's this;
In other words, this part doesn't work yet.
Personally, I have more trouble preventing my personal data from getting into databases that I don't want it in,
than I do getting in to the ones I do.
i-names makes that problem worse, not better.
-- should you believe authority without question?
I agree with you wholeheartedly.
What I want to see is a format that offers these advantages with out the funky format. Instead of redoing the email address format, lets see a change which allows for the benefits in the existing format.
The views expressed are mine own and do not express the views of my employer.
you gotta own your own name. I have so many frigging identies the same way as I got to lug around a pocket full of keys...I go places not everyone is trusted to go..e.g. my bank account, my car, my email etc.
Identies are necessary like keys to make sure the entitled party has exclusive access to things that he/she "owns" in whatever sense.
WTF do I own that these 2idi.com people are going to guard for me? They have set up a toll booth in the middle of frigging e-nowhere.net and hope people will still pay.
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
Funny how you can tell whether a product will flop just by the website's visual appeal (or lack thereof).
It's all marketing: if they can't make a website look appealing, how on earth will they polish a turd of a product like this?
Would somebody please explain to me why with Passport we're in mortal danger but with i-Names we're supposed to be safe? Seriously ... why does central single-sign-on become a good idea just because it has the word "commons" in it? To briefly don my tinfoil hat, how does anyone even know that this company isn't just a front for Micr[NO CARRIER]
I haven't found in the FAQs or anywhere on the site what that EGS period is
...vision of an accountable, trustworthy layer on the Internet
From the FAQ: In this program, individuals may purchase a 50-year global personal i-name What isn't in the FAQ is that you are only reserving the name for 50 years and getting 2 years of free "managment services". After that management fees are around $10 a year.
Now that I have answered your question and justified leeching off of the first high rated post (chuckle) I have an important message:
IT IS A FRONT FOR TRUSTED COMPUTING AND DRM!!
IT IS A FRONT FOR TRUSTED COMPUTING AND DRM!!
IT IS A FRONT FOR TRUSTED COMPUTING AND DRM!!
The organisations involved, OASIS (oasis-open.org), XDI.ORG and the others, they are all TRUSTED COMPUTING groups creating "open standards" for ENFORCING DRIGITAL RIGHTS MANAGAMENT systems.
One of OASIS's primary projects is:
Extensible Rights Markup Language (XrML): 'The Digital Rights Language for Trusted Content and Services'.
XDI.org's FAQ
What does XDI.ORG do
This "Identity Commons" wants you to sign up and created a "Trusted Identity" (which is conviently tied to the CREDIT CARD you used to register!), and in the future DRM files will be locked to that identity, and software installations will be locked to that identity, and access to websites will be locked to that identity (single sign-on oh joy) and on and on. And they are offering you an opportunity to sign up and reserve your name before the system is fully deployed, gee thanks.
The system will not be fully operational unless you are running Microsoft's Palladium operating system, or if you are running a Palladiumized version of Linux or other operating system. Palladiumized TrustedLinux is already under construction. And these new operating systems will only work on the new TrustedHardware. IBM and HP and others are already shipping PCs with this new Trust chip. Intel has already embedded a version of the Trust chip inside the Intell Prescott, although it is in an inactive form. The expectation is that the Trust chip will soon be standard on all motherboards, and then move into the CPU itself. Intel, AMD, ARM, Transmeta, and the rest, all of the CPU makers are on board.
The Trust chip spys on your hardware and what software you are running and reports it to other people (remote attestation), the Trust chip makes it impossible to read your own files except with the approval and under the restrictions imposed by the software you were given (sealed storage), it prevents you from modifying the software on your own machine (code identity and sealed storage), the Trust chip even DEFEATS THE GPL! Having the source code and being able to modify and compile it is USELESS when that recompiled code DOES NOT WORK. The Trust chip forbids the recompiled code from access to the required encryption keys. The recompiled code will "run", but it will not WORK because it cannot read it's encrypted files and it cannot interoperate.
I know this sounds like a tinfoil hat conspiracy theory, but IBM is already shipping ThinkCenter, ThinkVantage andNetvista desktops, and Thinkpad laptops with this chip embedded. HP/Compaq are already shipping dc7100 and D530 Desktops and nc6000,nc8000,nw8000, nc4010 notebooks with these chips embedded. Acer Veriton 3600GT/7600GT. Toshiba Tecra M2 Series. Fujitsu Lifebook S7010 and E8000 series and the T4000 Tablet PCs. Samsung all X model laptops. And more every day. As I said, the expectation is that is will soon be standard hardware on ALL motherboards.
EFF on Trusted Computing
GNU.org on Trusted Computing
Wikipedia on Trusted Computing
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Hey all -- as one of the developers on this project, and a rabid privacy freak, this thing is a good idea in a poor package. The best way to think of it is like a DNS system, but for individuals. You can buy an iName at any one of a hundred places (iBrokers) that you trust, similar to GoDaddy or NetworkSolutions in DNS space. That broker has information about you, but it is private. That broker has the responsibility to maintain your information, and handle requests for that information from groups that want your info. You set who gets your information. Just like DNS brokers, there's good ones with good servers and services, there's bad ones, etc, but like DNS, you can ALWAYS change brokers. (iname portability) It's not controlled by one group, it's an open standard that's been around for a while, and groups are signing up right now as completely independent iBrokers. Right now there's only one (which is clearly a problem), but it's similar to the beginning of DNS. YOU could be an iBroker, if you ascribed to the standards -- People much brighter than I have been thinking hard about this, and individuals whose privacy is very critical have been working on this -- there is a profit motive to get companies interested -- but hopefully that won't be confused with a desire to screw people out of money then bolt with the check -- there's good folks working on this.
-m
People often ask: what is the difference between your technology and Microsoft Passport?
As I like to say, the only thing good about Passport is at least you know their database won't get bought by Microsoft (because they already own it!).
In functionality - such as automatic data sharing, form filling and single sign-on - we share much with Microsoft Passport. (In fact, Passport grew out of Firefly, which is descended from my 1981 thesis on a personalized newspaper - NewsPeek - at what became soon after the M.I.T. Media Lab. I named the systems "NewsPeek" for two reasons: it provided a "peek at the news," and it was a warning that if centralized control over personal profiles existed, the future depicted in George Orwell's 1984 - where the official language was "NewSpeak" - could come true.)
But all that aside, where we differ is where it gets interesting. For one, we are decentralized. There is no single i-broker or data store that you must use. While it is true that there is only one sanctioned global registry for '=' (personal) and '@' (organizational) names, many other forms of community and peer-to-peer i-name registries can exist. It's also important to note that your data is not necessarily stored in any one place. For ease of use reasons you may choose to use a single i-broker to negotiate access to you data, but each item of your profile could conceivably be stored in a different data hosting service. (Note that current service providers that store information about you are acting as a data hosting service already.)
Another point is that, through our architecture and FOSS (free and open source software) availability of our code, we don't lock you in. Rather, you are free to move around between the i-brokers of your choosing - and even to run an i-broker yourself! We (at 2idi) are committed not only to providing you this choice, but also to providing such a compelling suite of services that i-name holders choose to have their i-names hosted at 2idi.
The antidote for misuse of freedom of speech is more freedom of speech.
-- Molly Ivins
I don't suppose this could be a place for PKI type of trust model could it?
How does this avoid duplicates?
I could see where as with DNS you have POC information for the admin type person for this type of configuration you would need more unique information about the indivudal like birthday (time included if possible), birth location, and maybe even some bioinformatic type of information (finger prints, retna scans, etc).
Maybe they should use RFID tags for this type of things kept with each individual. The RFID tage would go with the individual, and you would need a means of retransmitting the id to a proxy type component to allow for movement and new home locations.
I'm sure this is one of those things that I need to RTFA some more...
Eric B
ebresie@gmail.com
Because You Can't Trust Anyone: Trust Us
Share and rate p
Evidence, please? I loathe and abhor trusted computing in all forms, but what evidence have you to specifically tie Oasis to Palladium?
Also, further up you say something about tying DRM to a credit card. Isn't that what basically ALL DRM does? And how is this technology any different from the CPU Serial debacle that occured when the P3 first came out? (or was it P2, don't remember) The World was outraged, and all manufacturers pretty much turned it off by default. End of story, beginning of tinfoil hat bubble.
That's not available? How about iIshmael? Take, too? Ishmael2? no? How about...
Call me Ishmael-7143.
the major advances in civilization are processes which all but wreck the societies in which they occur - A.N. White
what evidence have you to specifically tie Oasis to Palladium?
Technically Oasis projects are designed to be "platfrom independant". If you actually look at the projects Oasis is working on they all revolve around DRM and DRM support systems. In particular a central project is site:www.oasis-open.org "eXtensible rights Markup Language", which is a general language for DRM enforment.
If you read the technical specifications of their various projects, including XrML, which I did several months ago, they state that they require/run-on-top-of a hardware "security support system". And if you look at the details, requirements, capabilities, and terminology of that "security support system" they just so coincidentally happen to exactly match the details, requirements, capabilities, and terminology of the Trusted Computing Group's Trusted Computing System.
Oh, and Microsoft's own website documents that their NGSCB (aka Palladium) is built on top of the Trusted Computing Group's Trusted Computing system. Palladium's "Security Support Component" (SSC) *is* the Trusted Computing Group's Trusted Platform Module (TPM).
Oasis is not locked to Microsoft's implementation of Palladium, it will work on top of Linux, but ONLY if that Linux machine also contains a Trusted Computing Group chip (TPM) and that Linux is a TrustedLinux that has almost exactly the same properties, capabilities, and restrictions, as Palladium. Oasis will work on top of a Palladiumized-Linux, or on top of a Palladiumized Mac.
Oh, and by the way, if you check Oasis's membership list, it not only includes Microsoft, but all of the Trusted Computing Group's core membership.
The TPM is the security chip. Palladium (NGSCB) is the PC architecture (hardware and operating system) built on top of that chip. And on top of the operating system you have DRM applications which comply with Oasis DRM rights language and protocols, and on top of that you have the Oasis servers and protocols on the internet.
Trusted Computing is a layered system, and part of deflecting critism is that they constantly change names and present the different layers as seperate entities. TCPA, TCG, TPM, SSC, Palladium, NGSCB, Longhorn, Oasis, XrML, Intel's La Grande, Transmeta's Security eXtensions (TSX), IBM's Embedded Security Subsystem and ThinkVantage Technology, National Semiconductor's SafeKeeper, HP's ProtectTools, Via Technologies's Padlock, Phoenix's Core Managed Environment, nVidia's ActiveArmor, all that and countless more, all different aspects and layers and names for Trusted Computing systems.
These companies and projects generally bury any public documentation that it has any connection to Trusted Computing at all to hide from criticism, sometimes actively scrub any such direct admission from public text. Digging up a smoking-gun confrimation sometimes takes hours of reading documentaion and websites and net searches. For example AMD definitely has a Trusted Computing project but I can't even find a name for it, much less any doumentation or time table.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Are you saying I won't be able to write any programs on my own?
You can do that just fine for programs YOU wrote, or "normal" programs which other people wrote. The problem kicks in when someone intentionally utilizes the Trust system. For example the RIAA can give you a GPL open source DRM enforcing music player. You could even compile it yourself (you'd have to get teh EXE exactly right) and it will play the music files just fine and it will enforce the DRM. If you attempt to modify that program in any way it will fail completely, it will not be able to read any of the music files. The source is useless.
You have the GPL source, but that source is useless.
The same goes for a Trusted web browser. It will enforce DRM and it can enforce ad-displays. Trusted ad-supported websites will work just fine. However that website will simply give you an error message if you attempt to modify the browser or make any attempt to block the ads. It will be impossible to view the website except with the unmodified Trusted browser and viewing the ads.
And again, the browser could be GPL'd, but the source is useless. Any attempt to modify the source and the browser no longer works, those Trusted websites become unviewable.
If I write a program which creates files, I sure as hell better be able to read said files from another program
If you wrote the software that created the files in the first place then you can choose to create normal files usuable by anyone, or restricted files which can only be read by programs you you personally approve, or files which can NEVER be read by any program except the program which initially created them. In that last case, even you the original author could never decrypt those files execept through the original software and as permitted by the original software.
The point is that if someone else wrote the software in the first place then they can defeat the GPL. You can modify the source code all you like, but you can never read files created by the original program (because they are encrypted and the software does not have the key, the hardware has the key and will never release it to different software), and you cannot interoperate with the original software or software that expects to talk to the original software (because the chip will "attest" that this is different software and thus unrecognized, and communications will be encrypted and unreadable).
And how is this technology any different from the CPU Serial debacle that occured when the P3 first came out?
It is a million times worse than the P3 CPUID numbers, but they are also spending hundreds of millions to sell this as a GOOD thing, and as a privavy enhancing thing. They also have essentially the entire computer industry (and content industry) on board. Your computer will have a unique "ID" number, but that "ID" will only be revealed if you "opt-in" to allow it to be revealed. And they have a complex system (which would take pages to explain) where you have have multiple identies or even a form of anonymity, all tied to that unique ID number, but without revealing that ID number.
Perhapse you have seen IBM's "Man in black" Think pad commercial? You can view it here. This "self-destructing chip" can protect your data for you, but it also has your keys inside it, it refuses to allow you to see your own keys, and if you make any attempt to get at your own keys then the chip self destructs. The expectation is in about a year or so this chip will be standard hardware, shipped on EVERY new motherboard.
You won't see any nastyness in the first phases of the roll out, they WANT people to adopt it. There will also be too few people with compliant machines to even attempt to abuse the system because you'de be excluding the entire public with noncompliant machines. By the time there's a fair percentage of machines have this chip then and they can start abusing it, and then it's too late to escape.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
The problem is that in a "Trusted Computing" environment, you won't be able to run your own program without the encryption keys. The problem now becomes getting said keys. Also, the "secure storage" part of it, which is touted to protect your private data from malicious crackers and malware, keys in files to the program they were run in. For example- if you created a file in vim in a TrustedLinux distro, you wouldn't be able to do anything with that file except in vim. That is, if you can even run vim.
I'm stocking up on my currently non-trusted computers for these reasons
I wish I could write clever and witty sigs.
I still do think it's evil. Well, Not inherently and despicibly evil, perhaps not even evil at all, but at least distasteful. I would much prefer to handle my accounts with each site through the site. Suppose I used my name and password to log in to slashdot, and some elite cracker managed to lift my password, then decided to go see if I had a login over at ebay, perhaps even with a credit card number saved. No thanks, sell it to someone else.
What exactly is this "i-name" crap anyway? Is it smoe kind of domain? :-\
(Yet Another Non-Authoritative Namespace Resolution Scheme?)
I tried to RTFA, but my brain blew a buzzword fuse. How does this differ from the various other non-authorative namespace resolution schemes out there selling cute "internet names" that a majority of machines can't resolve?
Caveat Emptor is not a business model.
More links, blogs, articles, insight, and opinion can be found here:
http://idcommons.net/press/index.html