Slashdot Mirror
i-Names Pick Up Steam
There's been coverage in LJ on the whole "Identity Commons idea. Basically, it's a domain registrar for your unique name - with them on sale already. ASN has published a whitepaper on the topic as well.
← Back to Stories (view on slashdot.org)
...I really don't see a chance of this becoming popular, especially when it's arriving late in the game. Like it or not, the guys who thought up foo@bar.com-style addressing hit pay dirt in terms of coming up with an addressing scheme that real people could deal with.
Go somewhere random
buzzword bingo.
anyways, maybe they sold lifetime subs to their previous thing.
now they sell "As a critical part of its mission Identity Commons is offering a time-limited opportunity for individuals to register a global i-name (opens new window) for 50 years for only $25 USD.".
so.. is it going to cost more after this limited time? with all the referral shit too it's starting to sound too much like a network marketing semi-scam - with "pay now, the product may be very good in the future! you can't afford to stay away!" attitude.
world was created 5 seconds before this post as it is.
How come when Microsoft tried to do this with passport everyone thought it was evil. But now, because it's not Microsoft, there will be a lot of people saying this is good. The reason why this stuff bothers me is because I don't want to trust anyone to control all my signing on to every site. Because no matter how secure it is, if someone breaks the security, they now have access to everything. At least I know now, that if someone breaks (guesses) one of my passwords, then they've only broken one of them, and not all of them.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
It was stupid and impractical with MS Passport and it still is with this company. Why would I want one password to access all of my information on the internet. And why would I want one company knowing it.
No Thanks...
I equate ideas like this to a late-arriving cyber real estate agent, seeking to find some creative, yet not terribly useful or practical way to divide up property that people already own.
.name TLD and hasn't worked. And Microsoft has far more resources poured into their pseudo-secure give-me-all-your-personal-info "solution."
The premise is that you pay for a pseudo-permanent identity in cyberspace. Ok, however, the TOS, like most other TOS disclaim any responsibility to consistently deliver the services you're supposedly paying for:
# Although our intention is that this service is always available, 2idi and its licensees and affiliates reserve the right to interrupt or terminate service for some unforeseen circumstance.
# Please note that amendments to this agreement, and to 2idi policies that are incorporated by reference in i-broker agreements, may be made at any time at the sole discretion of 2idi in order to best serve all members of the 2idi community.
The second part is particularly exemplative of the total and utter uselessness of schemes like this. Sure, they want to encourage you to use them as a central repository of personal information, and they allude to respecting your privacy, but they reserve the right, at any time, without your approval, to change the terms of their service, which may arbitrarily involve giving out personal info or whatever they want with whatever they have of yours.
Whenever I evaluate the value of an idea such as this, I consider to what degree the value of the project is based on a useful service, verses the degree to which the success of the project is dependent upon a) obtaining market share and b) marketing. This project fails the test. It doesn't offer anything innovative, and therefore will be marketing driven, and if it doesn't have market share, it will ultimately fail and be useless.
This is one of those markets where it's just too dangerous to fiddle with. For all the resources they invest into this effort, Google, eBay, MSN or Yahoo can pull a similar scheme out of their hat and put them out of business instantly. Spamcop already has a highly effective e-mail/spam forwarding service. The central identity thing has been tried with the
OTOH, what I do like about the basic centralized repository scheme, is that it would be better served as a way to manage and authorize legitimate SMTP servers.
As mentioned by CastrTroy above, identifying yourself with one username and effectively logging much of your internet activity with one company is a very very bad idea. People who accept it as a good thing are nieve, and the sort of people who do not question government but trust it.
In the UK at the moment, we are being shaped and molded by a totalitarian government that is effectively reading from the Manual of Marxism. Not only are they stealing our freedoms by the week, but they are fraudulenty manipulating the voting system to prevent it being used to remove them. This is not an African state I am describing, it is Britain.
So in this light, is it a good idea to let go of any freedoms?
/cynic mode on.
you know why it's wordy and techie? to get techies to jump in quick to register their own name(s). you're not supposed to stop and think for a second if that 25$ is a ripoff or not. the whole community 'feel'(non mega polished with flash) in it is just intended to hide what's underneath.
it's techy and named so 'commons' so that you wouldn't first think that it's a firm that's taking twenty five bucks for you to register a crappy name on it, with basically no real usage on anywhere at all!
world was created 5 seconds before this post as it is.
...Microsoft would certainly tie it to payment methods (possibly creating a time when a Passport is REQUIRED to make online purchases from "partner sites"), and entrench itself everywhere, and use it as a method to hawk and secure market positions for its own products.
A hopefully open consortium of people doing universal identity (not saying this idea is necessarily it) would be doing it for the public good, not for greed or a mechanism to use a monopoly position to force its products on people.
an unambiguous human-friendly name is an oxymoron.
The i-name =slashdot is available.
The i-name =apple is available.
Looks like a real popular system. Isn't this just RealNames all over again?
At first having one login for everything on the web may seem like an intelligent idea; one that solves the problem of people not having to remember a gazillion different logins for every website. This may be also be great for old people who just can't remember. However, what happens if someone gets a hold of you login name, or oh, just overlooks you typing in your password. Will they have access to all your accounts on any website you have registered on the net? Isn't there a reason why people make different logins with different passwords in the first place, so this wouldn't this become a problem in the long term? Just my 2c.
so.. is it going to cost more after this limited time?
Nah, what they aren't telling you is that in 5 years they'll start a new single-sign-in project and call it TheID or something, and all the websites will start using that, forcing you to shell out another $25 for a 50 year TheID account.
Just another bad idea being forced (and for money, geez) upon everyone. Just wondering, how many people are there with same names (I am one of those people, who have such names that are one in a dozen in my culture and language) who will fight for a good i-name. The other point, who on this planet would trust every online access on a single id ? Well, nobody with a sane mind would. Once found out, all your base are belong to them.
No way I am willing to be forced into such a thing and even cashing out money for such a wrong purpose.
MS's passport wasn't that good either, but at least I (we) didn't have to pay for it.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
Comment removed based on user account deletion
I wouldn't call making a donation to Mozilla a waste, but this reminds me of the people selling acres on the moon(or any other entity in space) to people. Like those people have any real right to that property. It's just another way for people to scam people for money.
First Read:
.... wait. You've got spam! What if you have to change it?
http://xns.org/i-names-explained.html
http://xns.org/xri-and-xdi-explained.html
http://www.xdi.org/
The premise is that you pay for a pseudo-permanent identity in cyberspace.
What else have you got? If you don't have your own domain somewhere, that can often times be taken down by your ISP "just because", what else do you have? Your email address. That's pseudo-permanant, right. Is it 50 years permanant? Maybe.
So you tell everyone your email address for a pseudo-permanant identity - great!
Will that email address cost you more than $25 over 50 years? 9 times out of 10 people will spend significantly more than that to maintain an email address with any kind of permanancy. And they'll get spammed all the while because the identifier is directly tied to the delivery method. You can't tell someone who you are without giving them a direct line.
XNS is a global public database that people can go to if they want to find you, just like DNS resolves mabu.com into the IP address your server is at. Not a global public database that contains all the juicy bits, just who's got the goods. Can you imagine being tied to the same IP address for the life of your domain name???? We all want to be able to move but nobody wants the trouble of keeping every single contact you've ever had informed of your new location.
This system makes it like this: If you want to find me ask my broker. He'll get in touch with me and make sure I still want to talk with you, then either I'll tell him "sure - let him know where I'm at." OR "Thanks for trying to get in touch with me. I'll call you."
You can give your broker a whitelist. All these people (your brother, parents, some old school friends) - tell them whatever they want to know. An offwhite list (you can keep a list of individuals, any from *@alumni.school.edu, how "connected" they are or based on reputation) - feel free to give these people my email but I don't want them knowing where I live. A blacklist tells your broker never to give out any information to (=these, =people, =and.weird, =relatives, =and.old, =girlfirends) And on and on.
The global part points anybody in the world to the place where the goods are at, just like how the root DNS servers point to the "authoritative" DNS box you run on your own net. You can change things there and when people come looking you feed them whatever you want - YOU STAY IN CONTROL.
The whole broker thing... You choose a broker you can trust. Right now there is only one, 2idi.com. Not to say you couldn't start up your own. Granted you'd have to get people to trust you if you didn't want your service to fall flat on it's face, but you could do it. Maybe run one for your family or business. Thawte could do it. CACert could do it. Your bank could be your broker. Whoever you trust to handle your personal information, THEY would be your broker.
Sending $25 and your credit card and your email address to 2idi.com is not a requirement to use XNS. At this point they're the only game in town so if you want a particular =i.name, it's pretty much a race. They stick for 50 years.
More (from 2idi.com)...
Basic Terms of Use for your I-Name
* Once registered, you can use your community personal i-name as long as you adhere to this agreement and any applicable laws.
* You can keep your i-name for as long as your community maintains a relationship with an i-broker. You can also add other community or global i-names to your account that can act as synonyms for your community i-name.
* The community i-name registry is public. It does NOT contain any of y
> That single place should be my computer (or, perhaps, a USB pen drive).
No. The problem with all of the single-signon solutions I've seen is that they make it easy for me to blanket the earth with my personal information. They're solving the problem of how annoying it is to enter the information, but not the problem of how annoying it is to have to enter the information in the first place.
Instead, I want my personal information stored with an escrow agent (such as a bank), and then I want to use their information to buy things, etc. The escrow agent would act as a proxy for transaction-related information. For instance, if the vendor needs to contact me, they call the escrow agent, who then forwards the call. The vendor gets to talk to me, but they don't know my phone number.
Similar for the rest of the voluminous information that most vendors require to buy stuff online. Think in terms of the one-off credit card numbers you can get from amex and other companies for online transactions, but extended to all personal information.
-scott
what evidence have you to specifically tie Oasis to Palladium?
Technically Oasis projects are designed to be "platfrom independant". If you actually look at the projects Oasis is working on they all revolve around DRM and DRM support systems. In particular a central project is site:www.oasis-open.org "eXtensible rights Markup Language", which is a general language for DRM enforment.
If you read the technical specifications of their various projects, including XrML, which I did several months ago, they state that they require/run-on-top-of a hardware "security support system". And if you look at the details, requirements, capabilities, and terminology of that "security support system" they just so coincidentally happen to exactly match the details, requirements, capabilities, and terminology of the Trusted Computing Group's Trusted Computing System.
Oh, and Microsoft's own website documents that their NGSCB (aka Palladium) is built on top of the Trusted Computing Group's Trusted Computing system. Palladium's "Security Support Component" (SSC) *is* the Trusted Computing Group's Trusted Platform Module (TPM).
Oasis is not locked to Microsoft's implementation of Palladium, it will work on top of Linux, but ONLY if that Linux machine also contains a Trusted Computing Group chip (TPM) and that Linux is a TrustedLinux that has almost exactly the same properties, capabilities, and restrictions, as Palladium. Oasis will work on top of a Palladiumized-Linux, or on top of a Palladiumized Mac.
Oh, and by the way, if you check Oasis's membership list, it not only includes Microsoft, but all of the Trusted Computing Group's core membership.
The TPM is the security chip. Palladium (NGSCB) is the PC architecture (hardware and operating system) built on top of that chip. And on top of the operating system you have DRM applications which comply with Oasis DRM rights language and protocols, and on top of that you have the Oasis servers and protocols on the internet.
Trusted Computing is a layered system, and part of deflecting critism is that they constantly change names and present the different layers as seperate entities. TCPA, TCG, TPM, SSC, Palladium, NGSCB, Longhorn, Oasis, XrML, Intel's La Grande, Transmeta's Security eXtensions (TSX), IBM's Embedded Security Subsystem and ThinkVantage Technology, National Semiconductor's SafeKeeper, HP's ProtectTools, Via Technologies's Padlock, Phoenix's Core Managed Environment, nVidia's ActiveArmor, all that and countless more, all different aspects and layers and names for Trusted Computing systems.
These companies and projects generally bury any public documentation that it has any connection to Trusted Computing at all to hide from criticism, sometimes actively scrub any such direct admission from public text. Digging up a smoking-gun confrimation sometimes takes hours of reading documentaion and websites and net searches. For example AMD definitely has a Trusted Computing project but I can't even find a name for it, much less any doumentation or time table.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.