Slashdot Mirror
MS Wants To Identify All Web Surfers
Moochman writes "New Scientist reports on a technology Microsoft is developing to identify users based on their browsing habits. Quote: 'The software could get its raw information from a number of sources, including a new type of 'cookie' program that records the pages visited. Alternatively, it could use your PC's own cache of web pages, or proxy servers could maintain records of sites visited. So far it can only guess gender and age with any accuracy,' but the aim is to be able to identify name, occupation and location as well. On a related note, The Inquirer reports on Microsoft's plans to widen the use of its identity-verification technology CardSpace, which is built into Windows Vista and available as an add-on to XP. It's being envisioned as an identity solution for the entire internet: says Kim Cameron, pioneer of the technology, 'We feel it has to solve all use cases.' (Aha, so the anonymous use cases, too, eh?) One might ask, with all of this user-ID information on hand, how long will it be until the Feds come knocking on Microsoft's door asking for help? They already have."
The computing giant is developing software that could accurately guess your name, age, gender and potentially even your location, by analysing telltale patterns in your web browsing history.
Uh, wouldn't location be the easiest thing to figure out? Yes. The answer is yes.
That's always my first question when I see an article like this; who could ever think this was a good idea? Obviously not someone who reads Slashdot.
I don't know how much Microsoft is paying, but it must be alot if people are thinking that such a ridiculous idea makes sense.
Combining client side info with what server sees is the only way to do this, and that means the client has to send information to the server without the user being aware of it.
Good reason to stick to Firefox.
http://www.ft.com/cms/s/c3e49548-088e-11dc-b11e-00 0b5df10621.html
Of course, they will only use it for good.
I have no doubt that Google (do no evil?) already does this. I have some friends who have been banned from the AdSense network because they clicked their own ads (big no-no), but not from their own network. Laptops from other networks in the same region (say, Chicago). Google's ads definitely send back SOMETHING to Google -- maybe screen resolution + browser version + operation system + who knows what. No one really knows what it shared (someone should trace the traffic), but Google knows more than they're sharing. Heck, their Google search tells you how many times you recently visited a searched site (I log in via gmail, though).
It isn't that hard, and it won't be that hard to deflect if you're privacy crazy. I'd say this is mostly un-news, because privacy geeks will work around it, and those who don't work around it will get some benefit from targetted ads, better compensated search opportunities, and who knows what else.
They can figure out whether you're sitting in a chair or jying in bed
Engineering is the art of compromise.
I wonder how well this would work for someone like myself who frequently uses stumbleupon.com (or del.icio.us) to surf the net, or indeed anyone who tends to explore the net outside their own backyard.
To me this profiling technology seems like going through someone's garbage to find out what kind of person they are. Works great, unless they live in an RV or on a boat....I'm not sure that analogy works perfectly, but I think I'm going to start putting my trash in my neighbor's bin from here on.
Note: Stumbleupon is a firefox toolbar which will take you to a random site when you click the Stumble button.
Read my Very Short "Stories"
I wonder if they're trying to get all this information about the users to be able to identify what advertising to show them on those websites. If so google should be interested in stopping MS from doing this too.
It's suprising it hasn't been mentioned in the article. Its taking more of a privacy and anti-government stance. It looks to me like Microsoft are trying to take the lead in the advertising dollar in shifty ways also. As mentioned in the zdnet article too microsoft are already doing some of this through passport. The difference is that is opt-in whereas this is invisible to the vista user. While currently a download for XP, how long before it becomes part of the auto-updates?
If I share a computer with my family, won't their data get watered down? And when my friend comes over and checks his favorite web sites, the data will just get worse. I know MS could still find me 99%, I'm the guy who goes to /. and nytimes web site a dozen times a day, no chance there's another person with habits like that, but their database will be compromised by every user variable you can imagine. You have no privacy on the internet but you do have anonymity because your computer doesn't care who you are, just what kind of access you have.
We have found that 5% of Internet user are identifiable by there browsing habits, all the other 95% do is surf for porn making it hard to narrow down.
If you could reason with religious people, there would be no religious people
My cookies files and folders are read-only. Every time I shut down the browser (at least daily), all cookies are gone. Works great with cookies-required sites, since they're still enabled, but leaves no trail beyond the session. If there's a cookie that I REALLY wanted (so far, none), I could include it manually, while the browser is closed, and return the file/folder to read-write.
This is why i run Fedora 6 , and only use MS for the 3 games i like and the 1 in-painter program I use .It runs on the nvidia gpu and the cpu and is written in .net .
"I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
They can pretty much only guess that I am a Norwegian transvestite. Not that I visit any transvestite websites or anything.
Don't worry, I'm sure this will be an opt-in feature. You won't need to enable it on your Windows machine (yes, there will be desktop component, why not), unless you want to upgrade to Vista SP1, or get IE8, or use Windows Update, Hotmail, or MSN messenger, or Word, or Outlook, or prevent WGA from deactivating your machine after a month.
Frankly, I'm surprised we haven't seen MS-TCP/IP yet (no, wait, marketing name "MS Live Connect"). A proprietary, "safe" networking protocol on top of the Internet as we know it that requires you to log-in and authenticate against their servers to use the Internet, uses their own DNS (by default, but you can change it if you're technically competent enough), and of course makes sure you're not doing anything that could interfere with MS DRM in any way.
Now it's your job, given the content and the topic of this post, to figure out if I'm being serious or sarcastic. Honestly, I am not sure which one it is.
Surely Google is doing this already?
MS is dropping the ball.
Does it go on forever?
They are unable to identify their next cash-cow, how can they even think to be able to identify users?
Is that instead of using the systems they probably already have, the government is starting to utilize private companies to do their dirty work for them. Another layer of deniability to everything, I suppose. I forget; was North America part of Oceania or did it partially belong to Eastasia?
Want to identify all your data, your applications, your media files, the path you take to get to the office...
---- Booth was a patriot ----
Why the hell do you think Redmond has been sponsoring Homeland Security conferences?
ASL
It looks like MS is now going to copy everything that Google does. You know, just to stay ahead of the herd.
You can't handle the truth.
Microsoft, you can have my identity when you pry it from my cold dead Anonymous hands.
Gee, do you think this has anything to do with Microsoft acquiring Aquantive? http://slashdot.org/article.pl?sid=07/05/18/162221 2
Better user tracking = more targeted ads = more ad revenue = more of a monopoly.
I for one welcome this technology if it's able to decide that I'm not going to be influenced by any advertising, I'm not going to take out another credit policy, buy penny shares or anything else. The day that a company decides that I'm not worth spending advertising dollars on (and leave me in peace) will be the day that I re-enable my cookies.
-1 not first post
User-identifying technology... WGA...
This fortells mass-lawsuits of pirates, RIAA style.
with this story, that bill gates icon with the borg visor has never been more appropriate
"resistance is futile, you will be assimilated"
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Microsoft probably feel like they're losing all of their mindshare to Google. So, they come out with this identification technology to win back the hearts and minds of the anti-Google brigade. I'm so confused now....
If I wanted to identify myself, I'd do myself, thank you very much!
- Anonymous Coward, and proud of it.
Finally! I had been wondering how Bill Gates was going to share his fortune! This sounds like the technology that can make it happen!
Slashdot's first reaction to VMware
it would take about 20 minutes to write a bot that would browse at random for you and render this useless. Sounds like a great way to look anonymous. Or really, really weird, depending on where your bot runs off to.....
This signature is a waste of 42 characters
Under corporate feudalism, the corporation has rights by default. Can they do it? Check. Will it make money for them and the shareholders? Check. There are no other questions.
"Only the small secrets need to be protected. The big ones are kept secret by public incredulity." - Marshall McLuhan
Gates: "We need to distract people from the open-source stuff. We need to find a way to trigger the ultimate paranoia among Microsoft detractors; something that brings out their worse fears and draws their energies away from open source."
Executive: "How about using Windows to spy on people and keeping a huge database and not tell anybody what it's for."
Gates: "Brilliant!"
Table-ized A.I.
As I recall the ID number in the Intel chip was a complete bomb as far a sales went. Also didn't the Que-Cat also become a dismal failure?
Some days I get the sinking feeling Orwell was an optimist.
That's always my first question when I see an article like this; who could ever think this was a good idea? Obviously not someone who reads Slashdot. I don't know how much Microsoft is paying, but it must be alot if people are thinking that such a ridiculous idea makes sense.
This is precisely the sort of thing that Google is working on as well. It is all about targeted advertising, and Microsoft wants to be a provider of targeted advertising like Google. Q. Why did you think that Google offers you free email service? A. So they can build up their personal profile of you and provided better targeted advertising.
The following is a question I posted to another forum after reading this article. It's a genuine dilemma I've been pondering for a while now. I fully expect to get boiled alive for even asking the question, but any input will be appreciated.
-----
You may be aware that the UK leads the world with a billion CCTV cameras on every street corner. Various countries are pondering the adoption of mandatory ID cards. I've just been reading a Slashdot article about Microsoft's proposal to identify users from their browsing history. People have suggested a comprehensive crime-fighting fingerprint database.
I'm opposed to these things. The problem is that I'm having trouble explaining to myself why, precisely, it's a bad thing to have Big Brother watching me. And basing my opinion on a vague premonition of dread is pissing me off.
Whenever a measure such as those above is suggested, newspaper articles will invariably mention objections from civil liberties campaigners. I like civil liberties and am inclined to instinctively agree with those who campaign for them. But comments like "If you're not doing anything wrong, why do you care?" are simultaneously smug, irritating and difficult to torpedo convincingly. Three arguments spring to mind:
1) The government shouldn't know any more about you than it absolutely needs to. I agree with that. The problem is that it seems reasonable to assume that an extreme surveillance society which logs the activity of you, your car, your browsing, your shopping, your library borrowing, your finances and everything else would have an easier time of it in identifying criminals. Does that constitute a reasonable need, and why or why not? This argument is rather abstract and arbitrary for my comfort.
2) Unscrupulous government officials could abuse the information. Hard to argue with that one, and no doubt abuses would occur, but it seems paranoid to reject the whole deal on those grounds given the cost/benefit ratio.
3) It wouldn't work properly, would be insecure, and would be a colossal waste of money. I agree, given the UK's track record in large IT projects, but that's an implementation problem rather than a philosophical objection.
Can anyone give me any other specific, compelling argument against the surveillance society which doesn't rely on an axiom that it's an inherently bad thing? Because this is annoying the hell out of me.
MSFT is just amazing at the depths they will troll to invade a user's privacy. This article only highlights how deep MSFT has their hand up the proverbial *** of the end-user. Data-mining a user's browsing cache? Are you serious? If they can read from the browser cache, what ELSE can they do? And how far will they go? If Joe User has been surfing pr0n sites and accidently comes across something he should see, will MSFT know about it? Will they inform the authorities?
With Microsoft's recent advertising acquisition, will they use this technology to data-mine and serve up targeted advertisements? If they know Joe User is browsing car sites, will they serve up GM ads because GM is an MSFT partner? Will those ads overlay or replace existing ads from other companies? Don't believe it can't happen. We just had a link a day or so ago about spyware doing it.
I cringe everytime I see a computer running an MSFT operating system now. Seriously.
This almost sounds like a dying man gasping for air. Sales from Vista (despite tainted projections) aren't nearly as high as expected. Widespread adoption isn't happening (companies and Federal agencies are shunning Vista for now). MSFT has had to turn up the screws on piracy to recoup lost dollars. Cue the OSS FUD about patent infringement that allows MSFT to squeeze Fortune 100 companies for cash. Now this -- MSFT's attempt to be the identity manager of the Internet.
Not on my computers on my networks. Not now. Not ever.
Hey Microsoft,
I've deactivated JavaScript, Java, Flash and every other plugin / scripting via NoScript
also I've forbidden cookies
and I'm behind the TOR network
on a Linux machine
TRY AND FIND ME!!!
oh and while I'm safe... FUCK YOU, MICROSOFT!!!
So how will they identify me? By my work surfing profile, or my home surfing profile?
Yes, I surf at work, both to take a break, and to keep abreast of developments in I.T., specifically, the Java world.
At home, I'll probably surf the BBC, Slashdot, Apple sites, and my blog.
So which "me" does Microsoft hope to profile? Combine that with the fact that I use a Mac at home, and that my surfing habits will change when I change jobs.
Still, methinks this is the quid pro quo for Microsoft's deal with the Bushies to gets itself out of an enforced monopoly breakup....
This space left intentionally blank.
be trusted.
the reason is simple - if it is created through usage of bits and bytes, and everything is in any digital environment, it can be modified, changed, and faked.
nothing on the internet can be trusted to identify a person. nothing.
Read radical news here
Firefox is all good and well, but you need to
be on a non-Microsoft client. Otherwise, the
Microsoft software under the browser still has
access to all of the data anyway.
Perhaps it is already doing what the article describes.
You are being MICROattacked, from various angles, in a SOFT manner.
Even it works perfectly.
When issues come up, people will change their behavior.
People will by pass this easily.
Have they identified the goatse guy yet?
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Exactly. And because they are dealing with a closed-source solution, there is no direct way of knowing. What's to say an ActiveX component isn't briefing scanning a user's browser cache and reporting that information to an MSFT server. Without a sniffer between the box and the 'net, most people wouldn't be the wiser.
My browsing habits will be as useful to Microsoft as they are to Google - not very useful at all as I don't leave a trail of cookies/cache/passwords behind when I'm done and even if I did I don't see their targetted ads anyway. And it's not as if changing your IP for those 'special moments' is rocket science. Everyday there's a new story in the newspapers about some guy who's had his identity stole online, so even your average Windows user is becoming less likely to save any type of personal information on a PC and is generally more educated about using the tubes. Microsoft are desperately trying to catch up with Google with web ads, but that ship has already sailed. Yaaar! Next thing you know MS will be buying an online ad company...
This is why you use Firefox, to disable ActiveX. You also use a better firewall than that provided with XP; one that warns you when a program wants to "call home" and allows you to decide if you're going to let it.
Good, inexpensive web hosting
In other news the guys in Hell want to have some Ice
I wonder if they are using this study "Clickprints on the Web: Are there signatures in Web browsing data?" ; which explains in detail how a user can be tracked by user interaction. Nice thing to read, for sure if you know you could also "be" the parameter (invalidating such methods completely) in such ways of tracking.
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
heck, didn't we have a patent article about it a week or two ago?
--
Don't like it? Respond with words, not karma.
... project that Microsoft started years ago to track email.
Don't worry about it. They'll pay $5 for every site they track you as visiting.
If you disagree with me on social issues, then it's pretty clear that you are a narrow-minded bigot.
So how is this different from any other spyware? Let SpyBot do its job and kill these cookies before they can do any damage.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
First, theres an article on slashdot yesterday about spyware that has been "approved" by truste and now vista comes with embedded spyware to tell MS (who are trying to break into advertising) where i am, what im looking at and what my name is?
The thing that worries me about all this is the rather lack-lustre response you'd expect from the general slashdot community about breaches of privacy, etc. Have the aliens invaded?
im scared... they only come out at night, mostly...
Seriously though for everything that sucks about vista atm (performance, etc), knowing it had embedded spyware (or what exactly is a "special cookie program"?) would stop me moving to it.
Well I read through the stuff, so now what? They're gonna do it cause it's profitable. What are we/you gonna do about it?
How about counter-measures and solutions? How about those anonymizing proxy services? Firefox extensions: Ad Block, CookieSafe, Flashblock, NoScript... I suppose if I wasn't so lazy I'd hot link all of those. There's also a google scraper that will give you google search results without directly using google. I'm thinking maybe there should be more encrypted tunneling proxy services which let you route through different proxies on different parts of the world like TriLightZone. Now I heard e-gold is having some trouble, some people like Cotse mentioning it's been difficult to cash back out and find an exchange. But where I'm going is a reputable online cash service so that the transaction can't be traced back to you/your CC/Paypal accounts... in order to completely separate direct ties between you and your bank acct and your anonymizing service.
http://www.primidi.com/2002/07/08.html
" This week, Microsoft announced Palladium through an exclusive story in Newsweek written by Steven Levy, who ought to have known better. Palladium is the code name for a Microsoft project to make all Internet communication safer by essentially pasting a digital certificate on every application, message, byte, and machine on the Net, then encrypting the data EVEN INSIDE YOUR COMPUTER PROCESSOR. Palladium compatible hardware (presumably chipsets and motherboards) will come from both AMD and Intel, and the software will, of course, come from Microsoft. That software is what I had dubbed TCP/MS.
The point of all this is simple. It may actually make the Internet somewhat safer. But the real purpose of this stuff, I fear, is to take technology owned by nobody (TCP/IP) and replace it with technology owned by Redmond. That's taking the Internet and turning it into MSN. Oh, and we'll all have to buy new computers."
I like and use Firefox, but it seems awfully chummy with Google for my taste. I don't think it's the default, but Firefox 2.0 allows you to check with Google whether each site you visit is a "suspected forgery." Probably a sizable percentage of Firefox users takes Google up on its offer.
Man, the slashdot icon for Microsoft gets modded +1 insightful. I shall be henceforth known as 100 Of 255 of subjunction 83 of unimatrix 72 in quadrant 9. Must, the individual identity suffer more to the corporate bottom line. I, for one, don't really welcome our new corporate overlords. Read the sig for further enlightenment.
You don't have to be smart to use a Mac, you just have to be smart enough to buy one
Yes, but they are idiots. For instance, my wife, my kids, and I all use the same machine. Must make for a very interesting viewer profile. And of course there is always Firefox...
To own a Mac
my real name is Shackelford, Rusty Shackelford. I happen to share the same name and have the same web browsing habits of over 15 million other people like reading Slashdot.
I doubt Microsoft can figure out my real name, if I keep entering bogus online profiles like Rusty Shackelford and I happen to visit the same technology news sites as 15 million other people.
On the Internet nobody knows if you really are a dog.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
Remember when personal computers used to be PERSONAL!??!?
Need any more reasons to drop Windows?
I'm confused how Microsoft might plan to collect this information?
I can imagine using ad network to plant cookies and track IP addresses as I'm sure is already done, but many browsers (although not Firefox by default any longer to the best of my knowledge) block third party cookies, and IP addresses can change or be the front ends to NAT networks so they don't uniquely identify visitors, and definitely don't generally do so over spans of weeks or months. I'm not sure conventional ad networks are adequate alone.
TFA mentions the web page cache from the local computer or data from proxy servers, but those data aren't going to beam themselves to Microsoft. Something has to do the beaming for them. Does Microsoft have some plan, as the parent suggests, to install software on our computers to beam this information back to MS or control huge numbers of proxy servers? How would this work??
TFA also mentions some new kind of "cookie program." Regular cookies are probably inadequate since many people clean them out frequently. Flash local shared objects last longer since most people still don't know about them, but they're not exactly new. So what could MS be referring to? Maybe Silverlight could do it, but I'm not sure that would endear people to the technology. Maybe some funky IE proprietary Javascript that beams back private information about your computer, or some other plugin?
This seems likely to work for MS Windows users, but I don't use Windows, certainly don't trust Microsoft enough to install Silverlight, have disabled Flash local shared objects, don't generally allow Flash and other plugins to run, don't use a proxy (let alone one controlled by MS), and browse with JavaScript disabled. Does Microsoft think they'll be able to identify me, and if so, how?
Are they going to try to make deals with big ISPs or backbone providers to glean this data directly off the wire? (Maybe the NSA would be kind enough to share. I mean, there's no sense in duplicating all that effort...)
It's scary that a company like Microsoft would be so nonchalant about collecting this sort of information; it could reflect Microsoft's arrogance and yet unbridled Monopoly power. Or maybe Microsoft just believes it can get away with anything thanks to the success of Windows Genuine Advantage. To see what I mean, substitute "Microsoft" in this story with "Zango."
I think it is important to note that Google and Microsoft have no real interest in your name and any data that indicates exactly who you are. They are interested information that will allow them to better serve marketing material and improve their products, not so they can steal your identity or hack your bank account. I am happy for Microsoft and Google to do this as in the long run it will vastly improve their services.
I will be able to search on google and know that the results I get are more and more revelant the more I use it. I will click the occasional ad that interests me as I know that the system will learn and start to show more ads that are of interest to me.
This essay takes the paranoia all the way, but, as it turns out, maybe not far enough...
The Ugly Truth About Online Anonymity
http://cryptogon.com/?p=624
All of the stuff that you do with your "normal" online persona, you know, online banking, checking email, discussion groups, etc: You can't do any of that. The second you associate a user profile on a server with your behavior, you're back to square one. The Matrix has you. You would have to create what the intelligence business calls a "legend" for your new anonymous online life. You may only access this persona using these extreme communications security protocols. Obviously, you can't create an agent X persona via your anonymous connection and then log into some site using that profile on your home cable modem connection. To borrow another bit of jargon from the people who do this for real, full time, you must practice "compartmentalization."
What's the difference between this and microsoft passport?
"This is why you use Firefox" with the trackmenot extension:
http://mrl.nyu.edu/~dhowe/trackmenot/
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
When people are helped along, they tend to become productive much faster than when they're ridiculed and scorned. In this case, the help given to them may help them to become "real Mac users" much more quickly. If you simply explain that there is no such thing as a maximize button, they will probably listen, especially if you provide them with another way to achieve the desired result. If the name "Clarus" means nothing to you... "Clarus" (sic) hasn't done anything under that name since 1998, when they renamed to become FileMaker Inc. ClarisWorks was returned to Apple as AppleWorks, and the last product with Claris branding was discontinued in 2001. (Trust me, I looked.) If you still call it Claris, then buy new software.
It's people like you that contribute to the myth that all Mac users are elitist bastards. I don't know the name of the law that states something along the lines of "the smaller the minority, the more noise it makes", but I'm sure there's one like that, and it's relevant here. (If there isn't, there should be.) I'm a Mac user, and you are (AFAIK) in a very small minority. Unfortunately, since you and the rest of your cohorts prefer to post AC, we'll never know just how many of you there are. A shame, too... I'd like to know just how many people actually post this type of thing.
Anyone who attempts to put a positive spin on this abominable practice HAS to have a vested interest in it. It's a bunch of $h!# that Google or Microsoft isn't interested in knowing you by name. After all, isn't there money to be had by selling your profile to snail-mailers so they can also "target" you?
Personally, I hit the "Clear Private Data" button on the Firefox "Tools" menu every couple of minutes, and urge others to do the same.
Like I posted in response to an earlier comment, to get an idea what this means try substituting "180Solutions" in place of "Microsoft" and see how the story reads.
It's rather stunning actually.
I'm getting really tired of seeing dada21's wannabe-libertarian garbage on Slashdot. Take your bullshit somewhere else, or keep it in one of your sleazy blogs.
I'll take one of dada21's rants about gold any day over your repressive fascist belligerence.
Hint: put him on your foes list and score down your foes in the preferences. That's what it's there for, so you can be happy without advocating oppression to satiate your minority opinions.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Clarus != Claris
Claris is the office software. Clarus is the dogcow.
I'm not surprised to see Cardspace and Kim Cameron trashed on Slashdot by someone who hasn't RTFA so to speak about the guy and the technology. I recently saw Cameron speak at CFP 2007. I'm a 14 year long GNU/Linux devotee and I was pretty skeptical. As a software engineer who works in security and is concerned with his privacy, Cardspace seems like a reasonable solution compared to the competitors. Nobody adopted passport because Microsoft was MITM. CardSpace puts you in control of your identit(ies).
So basically this post is trashing a guy who went to Microsoft, saw the Passport debacle, is concerned with privacy and is probably the only guy at Microsoft with a paid interest in bridging between all platforms to solve the identity (and anonymitiy) problems on the net. Good work.
Sure, Microsoft is a big evil monolith but sometimes it's got bright, friendly guys doing good work too. (You can't believe how amazed I am that I'm saying that.)
I'm impressed that he got modded a troll.
Just more of the anti-consumer practices we know and hate from our favorite monopolist. I especially like the way their updates change my default browser to IE even though the system was configured to use Firefox as the default.
Whoever it was that said CardSpace was optional - ask them how to remove it. I'd like to exercise that option...
Earlier this month there was a sobering article on Groklaw "3 CNET Reporters Will Sue HP Seeking Punitive Damages - What's That?" wherein PJ discussed privacy. She had this to say:
Does that help answer your questions? Oh, by the way, GODWIN!
Hey, you don't have to tell me about ActiveX:
:D
bash-3.00$ uname -a
SunOS phoenix 5.10 Generic_118855-33 i86pc i386 i86pc
I'm just saying for all those still clinging to the Redmond teet.
I think this connecting Web surfing behavior to individual people is somewhat scary but probably inevitable. Deleting cookies daily will not keep you anonymous forever. Even if the Fed's or EU make this stuff illegal it will be done by somebody. I'd rather it was done in a transparent way - at least that way we have some idea of what "they" know. Regarding CardSpace and InfoCards...as a heavy Web user I would LOVE if it were to succeed. It would make my job much easier and ultimately more secure. The thing about InfoCards is that you're not transmitting your user name and password over the wire. You're sending an encrypted token. The data stays with whomever "issued" you your InfoCard. For example, I use Bank of America (fuck them, by the way). When I sign-in to the B of A Web site today I enter a username...then they prompt me with a second screen which shows a photo that I selected. If the photo is the one I selected I enter my password and I'm authenticated. While this is somewhat more secure than the usual username and password combo it's still unsecure for a number of reasons. First, because B of A is only one of about 1000 sites I use I use a password that...while somewhat secure...is probalby relatively easy to break. Second, I send my username and password over the wire every time I sign on to the site. While they use SSL it would be relatively easy for someone to steal the user name and password - eithe from Phising or some other method like keystroke logging. With an InfoCard, B of A issues me an encrypted token that says I am who I say I am. When I sign-on to their site using that InfoCard I send them the token, not the actual username and password. This is still not perfect but from a usability standpoint and from an overall security standpoint it is a huge advance over the way things are done today. The other neat thing about InfoCards is that there is nothing Microsoft proprietary about them. They're based on WS* standards. Anyone could implement their own InfoCard manager on any platform/OS. Microsoft happens to have one in Windows Vista that they call CardSpace. All CardSpace is is a "wallet" for storing the cards. But all the cards have is the token...not the actual data. CardSpace also has a neat feature where you can create a self-issued InfoCard. You can create as many as you want that share as little or as much information as you may want to share with a site. You can have one that has a made-up name (studmuffin) and lame password (player) that you can use when creating accounts on Web sites you've never visted before. The idea is that rather than going through the process of filling out a bunch of fields on the Web site you submit your self-issued InfoCard and it happens automatically. For sites that you want/need to have a more secure and personal relationship like a bank you might have another self-issued InfoCard that includes your real name, address, phone number etc. Overall I think InfoCards...or something like them...are necessary. How many of you have 20 or 30 user names and passwords either written down on paper somewhere or maybe in a file on your system or in your email address manager? That's insecure and a hassle. I want to be able to sign-on in a click of two. By the way, the guy behind InfoCard/CardSpace is not some wierd Microsoft borg guy. He's a renounded leader in identity management and, based on what I've read, is probably more concerned about privacy and security than most people.
I hate to be the voice of reason here, but this is all for develop better advertising on the web. They clearly are interested in behavior and targeted advertising. And this is a good thing. If there have to be ads on a web page at least make them relevant to me.
Hmmm... The patent that Xerox filed on that was noted in /. a little while ago -- http://yro.slashdot.org/article.pl?sid=07/04/11/23 9243
Move along.
Say hello to my little sig.
Will you people STOP giving money to this company?!
We feel it has to solve all use cases
Do anyone other than an android talk like that?
But does it disable the Windows network stack? No -- Linux, and Mac OS do ;-)
OK... I do this when I suspect I've discovered the internet to be a small world after all, by comparing post times. You can also pay attention to sentence pattern habbits, trance words, and just word choice preferences. It's a pseudoscience at best.
It's entirely circumstantial, and will only give you a vague idea. I don't really see the use of such a technology. It doesn't meet standards of evidence beyond interesting coincidence. It's not accurate enough to be much value to marketers. Any help from the host itself is a gaping security hole.
As a threat to privacy, it's only worrisome to people smart enough to protect their anonymity in other ways, but dumb enough to then decide to follow their recreational web surfing habbits...
Microsoft deserves to be boycotted for the sheer retardedness of this idea. I don't trust a company that would run with something like this with anything.
In response to the snarky aside in the summary, the Cardspace designers actually had anonymous use cases in mind when they designed it. You can generate a card at any time with any information on it. When you submit a card to a site, you get to choose what personal information (if any) gets sent along with it. And, there is a unique ID generated for each site/card combination. So, you could create 100 different cards named "Anonymous Coward" and use a different one each time you came to Slashdot to post as 100 different Anonymous Cowards from one machine.
So what they need is browser cache, cookies, proxies, and Windows. Well, it seems they will only be able to keep track of a very large number of totally uninteresting people - I mean from a security or threat or else point of view. Why would the feds want information about such people ? As from the advertising point of view, well, I say let them do it, and wait till even the average user crowds start hating them for it.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
When MS share price drops a bit, automatically send out "You owe us money for not using Windows" messages to any IP stealing, Linux hippies !!
BTW You BSD users can stop sniggering too !! As for you smug Mac users, just wait ...
Art Makers Just an excuse to show photos of naked women !!
Microsoft OpenSources YOU!!
Its that simple. Its not like its hard to figure out who you are, just have windows log your name, address, age, and credit card entries from IE and MS knows who you are and they can easily track where you go buy just logging every dam address your windows connects to...
Its not that hard really. The question is why would they want to do this? and more importantly... Why should we let them?
Since M$'s processes are looking at your browsing habits in order to put you into the right "stats box" the solution is simple. Spoil their results.
How long till someon enterprising person comes up with a random page caller that will let you choose some "page types" that you want to browse ?
--- This meme is memory intensive
Im not saying I am for this at all. I like the choice of being anonymous. However, say you have a website that you want to see how your visitors got to you, rather than just seeing the referrer link, this could be just the stuff you want. As we know, when we surf, we use hyperLINKS to move from one site to another. How valuable would it be to know that before visiting your store, they searched for an item on MSN.com (eughhh) that sent them to a site that linked to you, so you can track the history from search to them landing on your site.
Just a thought.
http://www.writeitfor.us - Writing IT for the IT generation.
Once you identify any weird or unwanted network connections, then it's relatively simple to stop them with a firewall rule or two, or to put a dummy entry in a hosts file somewhere.
Gentoo Linux - another day, another USE flag.
Information want to be free including all the information we've traditionally regarded as private.
Get used to it.
to be able to better serve their ads to users.. Having all browsing data of users is something Google won't have to exploit.
The more and more technology advances to waste my CPU cycles, the more and more I retract to using what just works.
The problem as I see it is that the Internet was designed with conflicting design goals. The two conflicting goals were 1) Allow Anonymity and 2) Allow Business Critical Transactions. Those two requirements create an insurmountable conflict for the design of the Internet. You can not possibly (it is impossible) to achieve both simultaneously. The result is exactly what we see today - various efforts to "ID" people on the net, and the counter outcry from all of us who have gotten used to the idea that we should be allowed to be anonymous on the Internet. Originally, the designers could have added a strong authentication protocol to the Internet. They refused (it was discussed at the time, iirc) on the grounds that they did not want to create "the big brother machine". Originally, they wanted business to Stay Out, and for the net to be used exclusively for academic purposes and knowledge sharing. Laudable, but completely unrealistic given the overwhelming advantages to business for a Business Critical Transactional system. So... here we are. My suggestion is to create a new Internet just for business, medical and legal, called BCTNet, and leave the old one alone (I would call it JunkNet) for those who don't mind getting hacked and viruses etc on their machines (but would no longer ever dream of doing any sort of business transaction). The fact is that with strong authentication hacking and virus uploading and scriptkiddidom would be severely curtailed. That said, JunkNet would still have the problem that terrorists can use it as their primary means of communications, which is actually exactly what they are doing today. SSL is their friend. Anonymity is not necessarily the friend of Civilization. I have yet to hear a convincing argument why Civilization requires it. Seems to me that most of what Anonymity is used for is illegal or immoral activity. Oh, and anonymous political discourse, I guess. Hmmm... maybe. It is a serious problem. I don't see much in the way of serious solutions. Microsoft's proposed solution is, predictably, totally backwards. Instead of approaching the topic from the direction of "how do we secure a BCT system?", they instead are asking themselves "How do we most greedily and sickly exploit the fundamental weakness of the Internet and our users to make more money and build the Big Brother system that the Internet guy deprived us of?" I suspect this is a strong subconscious impulse on the part of those who are at MS (and now at Google too). Or so it would seem. Maybe they can bother to make clear exactly what their intentions really are? Oh Gaffaw gaffaw! LOL.
now we just need the microsoft google alliance and we can do anything!!!!1one
0 0b5df10621.html
http://www.ft.com/cms/s/c3e49548-088e-11dc-b11e-0
the Political Inquirer
All well and good to go pawing through my drawers, as long as they start with the one I throw my *dirty* underwear and socks into. In that case, I think the punishment fits the crime. Excuse me, I have to scrub my typing fingers after that one. ewww!
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
"That the people shall be secure in their persons, houses,
papers, and possessions..."
No sig today...
I neither abandon Microsoft software, nor do I leave myself open to tricks like Microsoft's latest dream of world conquest. I choose a middle ground.
I run the Windows software I cannot or will not replace in a virtual VMWare sandbox with no internet connection (just a local intranet connection). That way, I don't feel the urge to update Windows (I generally use Win2k sp4) or play the old "whack-a-mole" game with viruses and trojans. It's not perfect, and I still use Wine for the occasional Windows game (I don't stay up-to-date there, either, preferring older games), but I avoid a whole lot of pain and most of the risk in using Windows software.
There's an old saying in computer software (and yes, it's US centric. sorry about that): You can tell who the pioneers are, they're the ones with arrows in their backs. Avoid being a pioneer, and all sorts of viable solutions to Microsoft's schemes and dreams present themselves.
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
The installed spyware might in addition analyze typing/mouse movement patterns in order to identify who's currently sitting on the computer.
Which doesn't help if the trojan is installed into the base Windows system. Of course there's always Linux
The Tao of math: The numbers you can count are not the real numbers.
This thread contains good arguments why, once a buyer has passed a background check, centralized records on gun owners should not be kept. As Germans were rounding up Jews on the lists of the Dutch, Germans were going to the homes of those with registered firearms and confiscating them.
Time for the automated desktop bot that surfs in your absence and in the background to generate noise. Possibly with parameters and profiles that you can change to become someone else.
It would seem that recent Windows updates also included hotfixes for CardSpace.
So after this action I can assume that my machine now has CardSpace installed....
How does one go about to remove Cardspace?
Every day MS displays more distinctly that they are catering to the interests of big corporations, and couldn't care less about individual users. So, let them keep moving their entire product line/architecture/applications to the big brother end of the spectrum! The only thing that this will do is send all the non-corporate users rushing to the other end. I think this latest move might be the tipping point the market needs to start moving away from MS.
I think this year I will start pushing for a "Bring-Your-Mac/Linux-To-Work Day". Most "average" users choose Microsoft because it is what they are used to or exposed to at work. I think if people in corporate settings had the chance to see the alternatives first-hand, it would be a different story.
So ahoy! I encourage everyone to institute "Bring Your Mac/Linux To Work Day" at your jobs, and watch as your coworkers stare, green with envy, as you boot blazingly fast, work and surf without restrictions, and achieve equal if not superior productivity.
1) legitimate reason: MS is a SW company providing solutions to customers. Big problem online is proving you are who you say you are to a 3rd party. How does a merchant verify I am who I say I am (and that they are not taking on a fraudulent transaction which they will be held responsible for)?
How does bank or stock broker verify it is you doing a money transfer or stock transaction?
How can I prove my age complies with laws regarding age? Are you "thirteen"? Are you "eighteen"? Are you "twenty-one"?
If the good senator from N/S. Carolina is determined to enact age-verification to adult websites, do you have to give a credit card with your age that maybe could be verified against a card-holder database? How can you verify age?
How do Ebay parties verify they aren't entering into a scam?
These are all "legitimate" areas where there is a need for some type of user identification/verification. It is a legitimate problem in doing commerce on the web. A software company has every "legitimate" right to attempt to create a solution. So your first statement and its conclusion regarding motive is flawed.
Regarding your second statement about this being a reason to use a different OS. That's also logically flawed, since we are identifying people from browsing habits -- something that would be OS neutral. People still browse with Linux and Mac-based computers. In fact, using an alternate browser and OS puts you in a minority of sorts -- providing additional identification factors. If you wanted to remain "anonymous", standing out from the crowd isn't a great way to do it.
That people agreed with you and marked you insightful only shows how many others on slashdot have similarly faulty logic.
hope they do it to me then I can sue their arses and work on open source full time.
Like I always say, Microsoft if inherently evil. Like kicking puppies!
from my cold dead robotic-enhanced RFID-enabled hands!
-- Tigger warning: This post may contain tiggers! --
the fuckin' dumbest idea i've heard at microsoft...
They want to sell you info. ...
They want to send spam
They know who has thier OS
They want to target you for
They want control
They, well they just want control
-- I am the NRA, enough said...
but my name and location?
why do they want that?
-- I am the NRA, enough said...
Well, if they include this technology in Macroslop Idiot Exploiter 8, it'll kill it stone dead then. ;-)
"I hope you like Guinness, Sir. I find it a refreshing substitute for, er... food." Col. Jack O'Neil, SG-1
The reporter is mixing the meaning of "Identity" and "Preference". If you read the conference paper, you can see the researchers are trying to provide personalized service which match people's perference, instead of trying to identify people.