Text 2016, 143 rader
Skriven 2005-01-17 13:43:32 av Ellen K. (1:379/45)
   Kommentar till text 2010 av Geo (1:379/45)
Ärende: Re: Usage history
=========================
From: Ellen K. <72322.enno.esspeayem.1016@compuserve.com>

Some shopping sites will now let you make a purchase without "registering" --
where I am offerred this option I use it.

On Mon, 17 Jan 2005 06:26:17 -0500, "Geo" <georger@nls.net> wrote in message
<41eba0f1@w3.nls.net>:

>My ISP doesn't track dns requests or sniff traffic to see where people are
going, granted some like AOL do keep stats but the ISP I use could care less.
My browser cache and history are purged each time I end crazy browser as are my
cookies. Like Ellen I use different usernames and passwords at sites like
amazon, my bank, my credit card company, etc but I use the same username at
sites I don't care about like the NYT site and other stupid sites that require
a login for no apparent reason.
>
>The last thing I want is some service that can track where I go and what I
buy. I only accept this from my credit card company because I have no other
choice.
>
>Geo.
>  "Rich" <@> wrote in message news:41eaf6bc@w3.nls.net...
>     No true.  There is plenty to betray you.  Your ISP of course knows the
sites you visit as does anyone that can see even the small subset of traffic
for DNS resolution.  Your browser's cache and history also serve this purpose.
There are plenty more.
>
>     The attacker can also take a different approach that is likely more
effective anyway.  Pick a high value site and try the stolen IDs on them.
Amazon may not use single sign-in but you don't care because it does not
matter.  Then try them again at Citibank.  Then again at whatever site you
want. This approach will have more value then trying to sign in at match.com
using AOL's screenname service or Microsoft's Passport, both of which it
supports.
>
>  Rich
>
>    "Geo" <georger@nls.net> wrote in message news:41ea4570@w3.nls.net...
>    the difference between single sign on and the practice of using the same
username/password on multiple sites is that with the single password there is
no function to betray the user. In other words there is nothing but the user to
connect all those sites together. With the single sign on, all you need is a
list of sites that uses that single sign on service.
>
>    Geo.
>      "Rich" <@> wrote in message news:41e9f6c1@w3.nls.net...
>         There was an optional wallet service and you are right, this
additional optional service could not be anonymous.  You aren't comparing
apples to apples if you include the people that made a choice to use this.
Folks that wanted to be anonymous would not choose this.
>
>         Really, this argument is silly.  I don't know you but too many people
I know use the same password on the many sites that require them to register,
whether they lie or not.  Their intent is to have something that acts like
single sign-in.   Now I'm sure the people arguing against single sign-in here
are not hypocrits and all use distinct unique usernames, email addresses,
passwords, etc for each and every account they have.  Don't you?
>
>      Rich
>
>        "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in message
news:ldqju0pdbclq8l54fbhi21220l86uibp28@4ax.com...
>        Well, if you only use Passport as a signin, yes.  But there was a
piece
>        to it where it would know your credit card information so when you
used
>        it to log on to a site where you wanted to buy stuff you wouldn't have
>        to enter the credit card information.   It would be impossible to use
>        that part and be anonymous.
>
>        On Mon, 10 Jan 2005 15:09:44 -0800, "Rich" <@> wrote in message
>        <41e30b2c@w3.nls.net>:
>
>        >   I disagree.  Passport is no less anonymous than other signin
mechanisms.  You are in control of the information you provide to create your
signin.  If you want to lie then lie.
>        >
>        >Rich
>        >
>        >  "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in
message news:c5h4u0p76hl80msc3pis0v1puf9k7erkpn@4ax.com...
>        >  I think he wasn't addressing services claiming they don't
disclose...
>        >  his message gave examples of people trying to be anonymous... but
>        >  someone trying to be anonymous wouldn't use Passport (unless they
were
>        >  REALLY stupid) so I'm not quite following the logic either.
>        >
>        >  On Sun, 9 Jan 2005 10:04:25 -0800, "Rich" <@> wrote in message
>        >  <41e1720a@w3.nls.net>:
>        >
>        >  >   The fragment you chose to quote is interesting.  How many
services claim that they do not disclose info as required by law?
>        >  >
>        >  >   The rest is garbage.
>        >  >
>        >  >Rich
>        >  >
>        >  >  "Mike N." <mike@u-spam-u-die.net> wrote in message
news:e8b2u0hias1bdkdgbe34mf26snbcna0ov4@4ax.com...
>        >  >  On Sun, 9 Jan 2005 01:48:12 -0800, "Rich" <@> wrote:
>        >  >
>        >  >  > If you mean to question what Passport is to Microsoft you
should use Microsoft's claims about the service
>        >  >
>        >  >  http://www.passport.net/Consumer/PrivacyPolicy.asp?lc=1033
>        >  >
>        >  >  "NET Passport may disclose personal information if required to
do so by law
>        >  >  or in the good-faith belief that such action is necessary to:
(a) conform
>        >  >  to legal requirements or comply with legal process served on
Microsoft;"
>        >  >
>        >  >     This confirms the information I already had.  A single signon
is for
>        >  >  convenience, not security.  Sure your ISP can see what you're
doing.  They
>        >  >  can initiate a wiretap when served by a subpoena.  However there
are many
>        >  >  people for which this won't suffice -
>        >  >     o terrorists who jump from Cafe to Cafe.
>        >  >    o  commuters who use wireless internet services from
Starbucks, at work,
>        >  >  airports, etc.
>        >  >    o Those who attempt to escape identity by wardriving from open
wireless
>        >  >  to open wireless LAN.
>        >  >      Investigators would need to obtain subpoenas from thousands
of ISPs to
>        >  >  cover all activities of a person.   Alternatively, assuming that
.NET is in
>        >  >  widespread use, they would just need to subpoena Microsoft to
get a
>        >  >  complete profile of sites where a signon was used, and the IP
>        >  >  address/date/time they were accessed from.
>        >  >
>        >  >     It still appears that if anyone gets your passport  login,
they can
>        >  >  assume your signon, just as if they are you.

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)