Slashdot Mirror
Inside Germany's Plan To Kill Online Registrations (cnn.com)
An anonymous reader writes: Germany's corporate giants are promising a brave new future in the form of a single account -- one that will let you do your online shopping, get a flight and rent a car, all with no more registrations or repetitive passwords. Deutsche Bank (DB), Germany's biggest bank, announced Monday it's teaming up with other big firms to create a new company that will create the service. Users would enter their ID details just once before they can make all their online purchases across multiple sites. The partners -- which include Mercedes-Benz maker Daimler, insurer Allianz and publisher Axel Springer -- hope other firms will sign up to their vision. They're calling it a "pan-industry platform for online registration, e-identity and data services." The program could eventually be expanded to include government services. For example, drivers could apply for a new license through the system before their old one expires. The partners expect the program will be running in Germany by mid-2018, and they stressed it will be "secure" and comply with all European Union data protection rules.
And then once you have universal registration - you can be tracked all over the internet with ONE ID - including all your political commentary!
And the Great Eye of fire sees all. Come to think of it, this was discussed in the film "The Circle". Not a great film, but it puts these ideas into a realistically scary context. Does this idea of removing choice from whether or not we WANT to be registered concern anyone else?
"Imagination is more important than knowledge" - Einstein
https://xkcd.com/927/
Who actually believes that any of these "one standard" things REDUCE the number of different accounts you have to have?
I'll keep what tiny bit of privacy I have left
I'll put it in a pile with all my other pan-industry platforms for online registration, e-identity and data services.
Obligatory XKCD link omitted because everybody's seen it. Really. Everyone on the internet. Don't bother.
That is all.
Haven't we been down this road several times before?
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
How come no one thought of this before?
Oh wait, they did. It didn't work out because it is not as great of an idea as it sounds at first.
You have one logon for ALL of your online accounts. That's great only one ID and password to remember to get access to everything you do online. Of course, that also means only one ID and password to hack for someone ELSE to get access to all of your online accounts. Then once they do, aside from the losses you might take from the hack, how do you get your account back?
The truth is that all men having power ought to be mistrusted. James Madison
Talk about too many eggs in one basket! This is hoarding everyone's most precious eggs into one giant egg silo!
Not to mention this is almost THE nightmare account in terms of online privacy: one account for everything, linked to your real name through government ID. It could only be worse if it were controlled by a corporation rather than a government...at least you should be able to vote to keep marketers out!
"When information is power, privacy is freedom" - Jah-Wren Ryel
you can be tracked all over the internet with ONE ID - including all your political commentary!
Technically, this effort (like lots of other similar efforts in the past) aren't targetting forum, but mostly on-line shops, and e-government platforms.
- i.e.: things where you already need to identify with your real-world ID for obvious reasons. (e.g.: Because the goods need to be delivered to you in person).
They are all platform who already know you, and could (if they wanted to put the effort and collude together) trace you.
You're confusing with OAuth and OpenID platforms (like Google, Facebook, etc.) which are targetting forums.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Not including the obvious "Big Frau is watching you" aspects, having everything tied together makes the potential for fraud and theft a one-stop shop. I'll pass, thank you very much.
I'm announcing a company whose service will be to hold the passwords to all your different and incompatible "universal" password holders. It' will be called single-sign-on-single-sign-on or SSOSSO
Some drink at the fountain of knowledge. Others just gargle.
It's almost always the carelessness of business or government when peoples identities and accounts are stolen.
If anything, the German government and businesses will create this and THEY will be the ones to fuck up and have their citizens and customers data being sold in Russia to criminal gangs.
Why yes, lets have ONE centralized repository of user data, force everyone to use it for validation, and put the whole damned thing online. WHAT COULD POSSIBLY GO WRONG.
Seven puppies were harmed during the making of this post.
Just what the hackers wanted ... easy access to all of my accounts.
Let's help the hackers! All they need to do is hack a single account, and they get access to all of the linked accounts! Isn't technology great!
Any institution that participates in such idiocy would not get any of my business, that's for damn sure.
This isn't killing registration, it's REQUIRING one. A really horrible one.
It is like facebook, only forcing people to use it - FOR EVERYTHING.
It's not just the end of online anonymity, it's the total destruction of what remains of privacy.
Look, I do NOT want to use the same ID for my Medical history for ANYTHING. No one should be able to know what ointments I am getting or for what, just because I sent them an email.
People have a right to privacy, even if most morons ignore it.
excitingthingstodo.blogspot.com
One account, one login, one password. If it gets hacked or compromised, you only have ONE place to fix it. This is great for privacy and identity theft prevention. What we have now is multiple points of vulnerability, and to fix any one of them requires different avenues of detection, notification and policies. Can they track you? Of course, but right now they do that already. If you are paranoid, you could even make this ONE account a fake one, and drop out!
I'll keep what tiny bit of privacy I have left
It's pretty obvious we have essentially no privacy now, and what little there is left will be gone soon.
So the answer to that problem, is spurious data. If no-one can be sure the data is really you, then you are back to having privacy...
So the solution is to program a bot to randomly browse the internet, sign up for accounts, and post things. You have no control or visibility into what the bot is doing, it just does things in the background.
Then if someone accuses you of something you just shrug and say "could've been the bot I guess".
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Just saying.
In American, the USPO handles passports. As such, they are used to making sure that these ppl are who they claim to be.
As such, I have been pushing through manager levels to get them to start handling User Certificates.
This is not just useful for buying, but twitter,facebook, even slashdot could treat positively IDed ppl different than those that are true ACs.
The hard part is getting a group that knows how to handle IDs, as well as has offices all over the US.
I prefer the "u" in honour as it seems to be missing these days.
How is this better than SSO options from Facebook, Twitter, Google, Microsoft...
This is just another registration. ONe that is completely pointless and unneeded.
I won't even go into what a terrible idea any kind of single online registration is.
Revelation 13 ;-)
17 And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
18 Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six.
And this is the only way they know how to get in on it: Force everybody to use a centralized system. Please allow me to apologize on behalf of all Germans for the unintentional hilarity. These people really don't know how far behind they are and still think they can "lead" in information technology. Again, sincerest apologies.
No thanks. I prefer unique passwords for each site as a firewall should one or more become compromised.
This starts as a shopping convenience, and then it becomes mandatory.
Let's say this kind of idea turns a few gears over at the Trump Dump. You don't think the Zuck and other social media barons in the making would be all kinds of delighted by a mandatory "digital passport"?
Stay weary.
they will fail
we always had a social insurance, social security, or other unique ID that could have been used with open access to government databases. We could have had this at any time since the dawn of the internet. retail stores could have accepted any government id as contact information and/or payment for well-over a century.
credit cards, debit cards, bank information, drivers' licences, social insurance numbers, social security numbers, tax filings, incorporation documents -- any one of them could have been open-access for identification.
Wanna give your social security number to everyone? Want every retail store to have access to your complete set of co-ordinates?
I didn't think so.
So how much for every adult, child and toddler? 2 to 4 EURs per months for every citizen from birth in perpetuity perhaps? Get a visit from a collection agency and lose credit information among the possibility for loans, rent, ownership and a job if failing to pay for the service, or failing to notice an account overdraw because of the service payments?
Deutschland, Deutschland über Alles ...
Über Alles auf der Welt
What could possibly go wrong? Or to paraphrase our pussy-grabber in Chief: "What have you got to lose?" The answer is left as an exercise for the class.
I thought having the same authentication for multiple sites was bad practice? I guess I'm living in the past! I should change my bank password and username to match my Slashdot creds, then I will only have to remember once set!
Gonna happen eventually. Trusting your online identity to Google or Yahoo or some outfit that may go bankrupt someday is becoming more and more stupid, in a world where having a persistent, secure, accountable and trustworthy e-mail account unique to you is becoming essential to pay your bills, do your taxes, get your Medicare, and other plain life stuff. People are afraid of government, sure, but Google or Microsoft or AOL/Verizon do not owe you an e-mail account, and can probably shut it down any time they want (you ain't paying for it, for example, and if they go bankrupt, who ya gonna sue to pull it back from backups?) Smart guys can roll their own servers, of course, or work for a university their whole life. But that's still no guarantee that their e-mails are coming from then - the server gets hacked and someone uses it to steal your tax return, there's nobody to turn to.
I see a national e-mail account as an inevitability, like getting a passport, run by the Post Office for example, as soon as government don't wanna pay for letting people do business any other way (like paper). Just a matter of when. Maybe not soon, but someday.
Take it easy, Charlie, I've got an Angle...
If this goes through, you'll only have to steal any given individual's details ONCE to rob them blind everywhere! What a boon for hackers!
A literal, virtual "Papers, Please".
Didn't the Bible have a passage about this? I don't recall it being a happy parable.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
the Stasi: "your papers, bitte"
sigs are for losers (except to point out that sigs are for losers)
The children need to be protected from this idea, not with this idea.
excitingthingstodo.blogspot.com
I'm sure this will all work as well as intended, at least for the goobers trying to make it happen.
There is no XUL, only WebExtensions...
Hello from Germany here.
It's the first time ever i heard from it. So i believe there is some initiative, but that does not mean, that this is "Germany's plan".
It's just another corporate dream. Or like our politicians tell us "the internet is new land for all of us" (Angela Merkel).
We have a thing, which is the ePerso (electronic identification built into our identity card), which nobody uses either.
In theory it can do a lot of cool stuff, including ideas like providing a pseudonymous identity to websites which is backed by a real identity you do not need to reveal, which should be able to be used to authorize for official tasks for tax and others and provide some more things.
In reality nobody is using it, nobody is implementing it and the people able to use such techie-stuff know the problems with it and are a bit paranoid (they may have a cause) about what the government may be able to do with it, when it gets established.
Back to the article: BULLSHIT. Nobody is killing online registrations, some companies are just trying to reinvent something again in ambitious ways. They may be soon some headlines about it then everybody forgets it again.
This service is named Facebook, right?
"pan-industry platform for online registration, e-identity and data services"... so, OpenID (http://openid.net/connect/faq/). Minus the open part.
Estonian ID card / mobile identification works pretty well. Any service can do an API call to the national system [...] Most buy/sell forums demand ID card identification to avoid fraud.
How do such forums handle buyers and sellers not from Estonia?
The banks in the Netherlands use a system called iDEAL which is used for online transactions. It is run through banking website and uses a challenge and response system combined with the presence of a user's bank card.
They branched out recently to create a new side system called iDIN. The premise is also simple: If a bank can already authenticate a person for the purposes of transactions, why not also do it for web logons? I'm starting to see many services adopt it, starting with the government and tax department which now give you the option of logging in with your government login (DigiD) or iDIN.
All that is fine providing it's restricted to services who absolutely have to positively identify me. Facebook and the like can fuck right off if they are thinking of adopting something similar.
Complete with backdoor access by the NSA, CIA, FBI, and China. I'm sure hackers won't bother trying to break in to such an important single access point for a person's entire online life.
If I had a Springer Verlag account, of course I would want my fake news subscription to link to my insurance, car and bank account. Good thing I'm not one of those people.
There once was a time when corporations had established the network of their dreams in Germany: It was called "BTX", run by the "Bundespost" (later to become Deutsche Telekom). You had to use that one entrypoint to BTX which was connected to your personal data, and every single page you wanted to look at could ask for a price - so even the coarsest of pixel-graphics came at a 10 Deutsche Mark charge and even the most irrelevant information presented came at hilarious page prices.
Of course, it was also important for the corporations to make sure that not just anybody could present data - otherwise, Joe User could have presented information competing with the one already sold by some corporation via BTX.
Guess what, BTX never became very popular, and died off quickly once the World Wide Web became popular.
Corporations are still mad at the freedom and choice available there, so they'll do anything to turn back the wheel of time to the dark age of "BTX".
Single sign on options are just like standards - there are so many to choose from. And when someone implements a solution to solve THAT problem, the pool of choices grows.
when somebody gets a driver's licence or state ID card they are issued a unique number besides their drivers licence number on the back of the licence, and it identify s you to any website you log in to things like banks and making purchases at amazon or google, but people can still use their old anonymous login IDs for non-essential websites like craigslist or facebook or twitter or slashdot etc...
Politics is Treachery, Religion is Brainwashing
For this it is far, far too lucrative to compromise it.
Just think: An ID that lets you basically take over the life of someone else. There is no way you could possibly keep this secure. Even if I have to throw near infinite resources at it to compromise it, it's worth it.
This cannot be made secure. And anyone with a hint of a brain cell between his ears would try to stay away from using something like this for as long as it is humanely possibly.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
If they want my participation, they'll have to march into Oslo again. Or not. If they do, I'll probably join the resistance :)
The last thing we need (especially here in Germany, for historical reasons!) is state-corporate collusion.
The last big one was Krupp, IG Farben (among others) and... Hitler.
Yes, yes. I know about Godwin.
It NEVER begins with good intentions. The elites get out in front of a technology before the civilian population understands it, then they figure out how to pervert it to control people. If you're too naive to understand that, then remember that Uber began with CIA funding. What the hell would a taxi service be getting intelligence funding for? Exactly. This is also why you don't know how advanced the space program really is. The tastiest sheep are the ones who believe the government tells them everything that's going on. Why, if it were true it would be in the news! (and nobody would die of suicide!)
https://en.wikipedia.org/wiki/The_Circle_(Eggers_novel)
Your scenario is EXACTLY how the novel runs, and no, it doesn't end well ...
You just start with a government ID used for shopping and eGovernment. How could that possibly be evil? It's just one ID for all your government services. And shopping. It'd be really great to use this for shopping. And health services. We already need a central repository for our health records so it should be there too. Oh and hey all of our banking accounts should tie into this too.
These are all service that already need to know who the real you is.
Even if there's not a simplified "Internet ID" scheme, they already know who you are, by virtue of how they work.
They all need to know that their client ID#xxxxxx is the real person Mr/Mrs. Yyyy Zzzzz.
Its convenient and it really helps government crack down on crime.
Huh ? How does it help government crack down on crime ?!
It's mainly a simple way by which they can confirm the real identity of a person.
The only thing remotely related to crime, is that all the above administrations and shops will be less compelled to try establishing real identities using flimsy proofs like bills (easy to forge).
Well now that we have you spending habit it'd be a good idea to give you tax credits on your health if you eat buy healthy food instead of junk food.
Nope.
That's doesn't require a standardized internet identity (again, all the above *already* have to know who you are in real life, except for grocery stores where you pick-up in person instead of being delivered to).
That requires *sharing of information* which is a big no-no in most jurisdiction (e.g.: Europe, where TFA's country is located).
Again, *how* a company establishes your real-world identity is completely orthogonal to *what* the company is doing with your personal data.
What you need is *not* stopping methods to register a real world identity to web service.
What you need is *legislation* and *occasional investigation* to prevent the various web services sharing information beyond what is required.
(i.e.: the tax websites should only know "this user is real world user Mr Xxxx Yyyy". Same for your health insurance. None of them should receive your shopping list through the identification service).
and speaking of these laws, and investigation (instigated by consumer-protection associations) - SPOILER ALERT - Germany has them.
In fact now that 80% of the internet uses your ID we should roll it out for Hulu and forum services too,
Why the fuck does a forum needs to be able to map to your real id ?
Translate it to today's pre-IDservice era : does a forum asks for a photocopy of your passport / ID card ? Nope. They only needs any log-in so you can come back later. But you can use a pseudonyme and a password, or any of the optional OAuth / OpenID providers. (but can still rely on your password manager instead for similar convenience).
Same after ID services : forum still have no grounds to require a service to guarantee that you're the real-world person you pretend to be.
Oh hey since we have IDs tied to facebook we can finally solve this troll problem. In fact we should require your government ID to be used to login to Facebook to verify it because everybody agrees hate speech needs to be properly penalized.
Actually, even before a central standard way to confirm real world identites, Facebook attempted to require its users to identify with real world identity (Was it called "RealID" or "RealName" ? can't remembre).
on the grounds to fight against internet trolls and cyber-bullies. (read: and better datamine the shit out of you).
result: in vain.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
And probably do all the transaction where your actual real world identity is a requirement in person, I presume ?
(like filing your taxes)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]