Text 1988, 292 rader
Skriven 2005-01-16 05:40:06 av Geo (1:379/45)
Kommentar till text 1984 av Rich (1:379/45)
Ärende: Re: Usage history
=========================
From: "Geo" <georger@nls.net>
This is a multi-part message in MIME format.
------=_NextPart_000_006D_01C4FB8D.D54B5120
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
the difference between single sign on and the practice of using the same =
username/password on multiple sites is that with the single password = there is
no function to betray the user. In other words there is nothing = but the user
to connect all those sites together. With the single sign = on, all you need is
a list of sites that uses that single sign on = service.
Geo.
"Rich" <@> wrote in message news:41e9f6c1@w3.nls.net...
There was an optional wallet service and you are right, this =
additional optional service could not be anonymous. You aren't = comparing
apples to apples if you include the people that made a choice = to use this.
Folks that wanted to be anonymous would not choose this.
Really, this argument is silly. I don't know you but too many =
people I know use the same password on the many sites that require them = to
register, whether they lie or not. Their intent is to have something = that
acts like single sign-in. Now I'm sure the people arguing against =
single sign-in here are not hypocrits and all use distinct unique = usernames,
email addresses, passwords, etc for each and every account = they have. Don't
you?
Rich
"Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in =
message news:ldqju0pdbclq8l54fbhi21220l86uibp28@4ax.com...
Well, if you only use Passport as a signin, yes. But there was a =
piece
to it where it would know your credit card information so when you =
used
it to log on to a site where you wanted to buy stuff you wouldn't =
have
to enter the credit card information. It would be impossible to =
use
that part and be anonymous.
On Mon, 10 Jan 2005 15:09:44 -0800, "Rich" <@> wrote in message
<41e30b2c@w3.nls.net>:
> I disagree. Passport is no less anonymous than other signin =
mechanisms. You are in control of the information you provide to create = your
signin. If you want to lie then lie.
>
>Rich
>
> "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in =
message news:c5h4u0p76hl80msc3pis0v1puf9k7erkpn@4ax.com...
> I think he wasn't addressing services claiming they don't =
disclose...
> his message gave examples of people trying to be anonymous... but
> someone trying to be anonymous wouldn't use Passport (unless they =
were
> REALLY stupid) so I'm not quite following the logic either.
>
> On Sun, 9 Jan 2005 10:04:25 -0800, "Rich" <@> wrote in message
> <41e1720a@w3.nls.net>:
>
> > The fragment you chose to quote is interesting. How many =
services claim that they do not disclose info as required by law?
> >
> > The rest is garbage.
> >
> >Rich
> >
> > "Mike N." <mike@u-spam-u-die.net> wrote in message =
news:e8b2u0hias1bdkdgbe34mf26snbcna0ov4@4ax.com...
> > On Sun, 9 Jan 2005 01:48:12 -0800, "Rich" <@> wrote:
> >
> > > If you mean to question what Passport is to Microsoft you =
should use Microsoft's claims about the service
> >
> > http://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033
> >
> > "NET Passport may disclose personal information if required to =
do so by law
> > or in the good-faith belief that such action is necessary to: =
(a) conform
> > to legal requirements or comply with legal process served on =
Microsoft;"
> >
> > This confirms the information I already had. A single =
signon is for
> > convenience, not security. Sure your ISP can see what you're =
doing. They
> > can initiate a wiretap when served by a subpoena. However =
there are many
> > people for which this won't suffice -
> > o terrorists who jump from Cafe to Cafe.
> > o commuters who use wireless internet services from =
Starbucks, at work,
> > airports, etc.
> > o Those who attempt to escape identity by wardriving from =
open wireless
> > to open wireless LAN.
> > Investigators would need to obtain subpoenas from =
thousands of ISPs to
> > cover all activities of a person. Alternatively, assuming =
that .NET is in
> > widespread use, they would just need to subpoena Microsoft to =
get a
> > complete profile of sites where a signon was used, and the IP
> > address/date/time they were accessed from.
> >
> > It still appears that if anyone gets your passport login, =
they can
> > assume your signon, just as if they are you.
------=_NextPart_000_006D_01C4FB8D.D54B5120
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1479" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>the difference between single sign on =
and the=20
practice of using the same username/password on multiple sites is that = with
the=20
single password there is no function to betray the user. In other words = there
is=20
nothing but the user to connect all those sites together. With the = single
sign=20
on, all you need is a list of sites that uses that single sign on=20
service.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:41e9f6c1@w3.nls.net">news:41e9f6c1@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> There was an optional =
wallet service=20
and you are right, this additional optional service could not be=20
anonymous. You aren't comparing apples to apples if you include =
the=20
people that made a choice to use this. Folks that wanted to be =
anonymous=20
would not choose this.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Really, this argument is =
silly. I don't know you but too many people I know use the same =
password=20
on the many sites that require them to register, whether they lie or=20
not. Their intent is to have something that acts like single=20
sign-in. Now I'm sure the people arguing against single =
sign-in=20
here are not hypocrits and all use distinct unique usernames, email =
addresses,=20
passwords, etc for each and every account they have. Don't=20
you?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Ellen K." <<A=20
=
href=3D"mailto:72322.enno.esspeayem.1016@compuserve.com">72322.enno.esspe=
ayem.1016@compuserve.com</A>>=20
wrote in message <A=20
=
href=3D"news:ldqju0pdbclq8l54fbhi21220l86uibp28@4ax.com">news:ldqju0pdbcl=
q8l54fbhi21220l86uibp28@4ax.com</A>...</DIV>Well,=20
if you only use Passport as a signin, yes. But there was a =
piece<BR>to=20
it where it would know your credit card information so when you =
used<BR>it=20
to log on to a site where you wanted to buy stuff you wouldn't =
have<BR>to=20
enter the credit card information. It would be =
impossible to=20
use<BR>that part and be anonymous.<BR><BR>On Mon, 10 Jan 2005 =
15:09:44=20
-0800, "Rich" <@> wrote in message<BR><<A=20
=
href=3D"mailto:41e30b2c@w3.nls.net">41e30b2c@w3.nls.net</A>>:<BR><BR>&=
gt; =20
I disagree. Passport is no less anonymous than other signin=20
mechanisms. You are in control of the information you provide =
to=20
create your signin. If you want to lie then=20
lie.<BR>><BR>>Rich<BR>><BR>> "Ellen K." <<A=20
=
href=3D"mailto:72322.enno.esspeayem.1016@compuserve.com">72322.enno.esspe=
ayem.1016@compuserve.com</A>>=20
wrote in message <A=20
=
href=3D"news:c5h4u0p76hl80msc3pis0v1puf9k7erkpn@4ax.com">news:c5h4u0p76hl=
80msc3pis0v1puf9k7erkpn@4ax.com</A>...<BR>> =20
I think he wasn't addressing services claiming they don't=20
disclose...<BR>> his message gave examples of people trying =
to be=20
anonymous... but<BR>> someone trying to be anonymous =
wouldn't use=20
Passport (unless they were<BR>> REALLY stupid) so I'm not =
quite=20
following the logic either.<BR>><BR>> On Sun, 9 Jan 2005 =
10:04:25 -0800, "Rich" <@> wrote in message<BR>> =
<<A=20
=
href=3D"mailto:41e1720a@w3.nls.net">41e1720a@w3.nls.net</A>>:<BR>><=
BR>> =20
> The fragment you chose to quote is =
interesting. How=20
many services claim that they do not disclose info as required by=20
law?<BR>> ><BR>> > The rest is=20
garbage.<BR>> ><BR>> >Rich<BR>> =20
><BR>> > "Mike N." <<A=20
href=3D"mailto:mike@u-spam-u-die.net">mike@u-spam-u-die.net</A>> =
wrote in=20
message <A=20
=
href=3D"news:e8b2u0hias1bdkdgbe34mf26snbcna0ov4@4ax.com">news:e8b2u0hias1=
bdkdgbe34mf26snbcna0ov4@4ax.com</A>...<BR>> =20
> On Sun, 9 Jan 2005 01:48:12 -0800, "Rich" <@>=20
wrote:<BR>> ><BR>> > > If you mean =
to=20
question what Passport is to Microsoft you should use Microsoft's =
claims=20
about the service<BR>> ><BR>> > <A=20
=
href=3D"http://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033">htt=
p://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033</A><BR>>&nbs=
p;=20
><BR>> > "NET Passport may disclose personal=20
information if required to do so by law<BR>> > or =
in the=20
good-faith belief that such action is necessary to: (a)=20
conform<BR>> > to legal requirements or comply =
with legal=20
process served on Microsoft;"<BR>> ><BR>> =20
> This confirms the information I already =
had. A single signon is for<BR>> > =
convenience, not=20
security. Sure your ISP can see what you're doing. =20
They<BR>> > can initiate a wiretap when served by =
a=20
subpoena. However there are many<BR>> > =
people for=20
which this won't suffice -<BR>> =
> o=20
terrorists who jump from Cafe to Cafe.<BR>> =
> =20
o commuters who use wireless internet services from Starbucks, =
at=20
work,<BR>> > airports, etc.<BR>> =20
> o Those who attempt to escape identity by =
wardriving=20
from open wireless<BR>> > to open wireless=20
LAN.<BR>> > Investigators =
would=20
need to obtain subpoenas from thousands of ISPs to<BR>> =
> =20
cover all activities of a person. Alternatively, =
assuming that=20
.NET is in<BR>> > widespread use, they would just =
need to=20
subpoena Microsoft to get a<BR>> > complete =
profile of=20
sites where a signon was used, and the IP<BR>> > =20
address/date/time they were accessed from.<BR>> =
><BR>> =20
> It still appears that if anyone gets =
your=20
passport login, they can<BR>> > assume your =
signon,=20
just as if they are you.<BR></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_006D_01C4FB8D.D54B5120--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|