Tillbaka till svenska Fidonet
English   Information   Debug  
OS2BBS   0/787
OS2DOSBBS   0/580
OS2HW   0/42
OS2INET   0/37
OS2LAN   0/134
OS2PROG   0/36
OS2REXX   0/113
OS2USER-L   207
OS2   0/4779
OSDEBATE   0/18996
PASCAL   0/490
PERL   0/457
PHP   0/45
POINTS   0/405
POLITICS   0/29554
POL_INC   0/14731
PSION   103
R20_ADMIN   1117
R20_AMATORRADIO   0/2
R20_BEST_OF_FIDONET   13
R20_CHAT   0/893
R20_DEPP   0/3
R20_DEV   399
R20_ECHO2   1379
R20_ECHOPRES   0/35
R20_ESTAT   0/719
R20_FIDONETPROG...
...RAM.MYPOINT
  0/2
R20_FIDONETPROGRAM   0/22
R20_FIDONET   0/248
R20_FILEFIND   0/24
R20_FILEFOUND   0/22
R20_HIFI   0/3
R20_INFO2   2632
R20_INTERNET   0/12940
R20_INTRESSE   0/60
R20_INTR_KOM   0/99
R20_KANDIDAT.CHAT   42
R20_KANDIDAT   28
R20_KOM_DEV   112
R20_KONTROLL   0/13030
R20_KORSET   0/18
R20_LOKALTRAFIK   0/24
R20_MODERATOR   0/1852
R20_NC   76
R20_NET200   245
R20_NETWORK.OTH...
...ERNETS
  0/13
R20_OPERATIVSYS...
...TEM.LINUX
  0/44
R20_PROGRAMVAROR   0/1
R20_REC2NEC   534
R20_SFOSM   0/340
R20_SF   0/108
R20_SPRAK.ENGLISH   0/1
R20_SQUISH   107
R20_TEST   2
R20_WORST_OF_FIDONET   12
RAR   0/9
RA_MULTI   106
RA_UTIL   0/162
REGCON.EUR   0/2055
REGCON   0/13
SCIENCE   0/1206
SF   0/239
SHAREWARE_SUPPORT   0/5146
SHAREWRE   0/14
SIMPSONS   0/169
STATS_OLD1   0/2539.065
STATS_OLD2   0/2530
STATS_OLD3   0/2395.095
STATS_OLD4   0/1692.25
SURVIVOR   0/495
SYSOPS_CORNER   0/3
SYSOP   0/84
TAGLINES   0/112
TEAMOS2   0/4530
TECH   0/2617
TEST.444   0/105
TRAPDOOR   0/19
TREK   0/755
TUB   0/290
UFO   0/40
UNIX   0/1316
USA_EURLINK   0/102
USR_MODEMS   0/1
VATICAN   0/2740
VIETNAM_VETS   0/14
VIRUS   0/378
VIRUS_INFO   0/201
VISUAL_BASIC   0/473
WHITEHOUSE   0/5187
WIN2000   0/101
WIN32   0/30
WIN95   0/4275
WIN95_OLD1   0/70272
WINDOWS   0/1517
WWB_SYSOP   0/419
WWB_TECH   0/810
ZCC-PUBLIC   0/1
ZEC   4

 
4DOS   0/134
ABORTION   0/7
ALASKA_CHAT   0/506
ALLFIX_FILE   0/1313
ALLFIX_FILE_OLD1   0/7997
ALT_DOS   0/152
AMATEUR_RADIO   0/1039
AMIGASALE   0/14
AMIGA   0/331
AMIGA_INT   0/1
AMIGA_PROG   0/20
AMIGA_SYSOP   0/26
ANIME   0/15
ARGUS   0/924
ASCII_ART   0/340
ASIAN_LINK   0/651
ASTRONOMY   0/417
AUDIO   0/92
AUTOMOBILE_RACING   0/105
BABYLON5   0/17862
BAG   135
BATPOWER   0/361
BBBS.ENGLISH   0/382
BBSLAW   0/109
BBS_ADS   0/5290
BBS_INTERNET   0/507
BIBLE   0/3563
BINKD   0/1119
BINKLEY   0/215
BLUEWAVE   0/2173
CABLE_MODEMS   0/25
CBM   0/46
CDRECORD   0/66
CDROM   0/20
CLASSIC_COMPUTER   0/378
COMICS   0/15
CONSPRCY   0/899
COOKING   27611
COOKING_OLD1   0/24719
COOKING_OLD2   0/40862
COOKING_OLD3   0/37489
COOKING_OLD4   0/35496
COOKING_OLD5   9370
C_ECHO   0/189
C_PLUSPLUS   0/31
DIRTY_DOZEN   0/201
DOORGAMES   0/1974
DOS_INTERNET   0/196
duplikat   5999
ECHOLIST   0/18295
EC_SUPPORT   0/318
ELECTRONICS   0/359
ELEKTRONIK.GER   1534
ENET.LINGUISTIC   0/13
ENET.POLITICS   0/4
ENET.SOFT   0/11701
ENET.SYSOP   33774
ENET.TALKS   0/32
ENGLISH_TUTOR   0/2000
EVOLUTION   0/1335
FDECHO   0/217
FDN_ANNOUNCE   0/7068
FIDONEWS   23439
FIDONEWS_OLD1   0/49742
FIDONEWS_OLD2   0/35949
FIDONEWS_OLD3   0/30874
FIDONEWS_OLD4   0/37224
FIDO_SYSOP   12841
FIDO_UTIL   0/180
FILEFIND   0/209
FILEGATE   0/212
FILM   0/18
FNEWS_PUBLISH   4155
FN_SYSOP   41520
FN_SYSOP_OLD1   71952
FTP_FIDO   0/2
FTSC_PUBLIC   0/13565
FUNNY   0/4886
GENEALOGY.EUR   0/71
GET_INFO   105
GOLDED   0/408
HAM   0/16041
HOLYSMOKE   0/6791
HOT_SITES   0/1
HTMLEDIT   0/71
HUB203   466
HUB_100   264
HUB_400   39
HUMOR   0/29
IC   0/2851
INTERNET   0/424
INTERUSER   0/3
IP_CONNECT   719
JAMNNTPD   0/233
JAMTLAND   0/47
KATTY_KORNER   0/41
LAN   0/16
LINUX-USER   0/19
LINUXHELP   0/1155
LINUX   0/22002
LINUX_BBS   0/957
mail   18.68
mail_fore_ok   249
MENSA   0/341
MODERATOR   0/102
MONTE   0/992
MOSCOW_OKLAHOMA   0/1245
MUFFIN   0/783
MUSIC   0/321
N203_STAT   894
N203_SYSCHAT   313
NET203   321
NET204   69
NET_DEV   0/10
NORD.ADMIN   0/101
NORD.CHAT   0/2572
NORD.FIDONET   189
NORD.HARDWARE   0/28
NORD.KULTUR   0/114
NORD.PROG   0/32
NORD.SOFTWARE   0/88
NORD.TEKNIK   0/58
NORD   0/453
OCCULT_CHAT   0/93
Möte OSDEBATE, 18996 texter
 lista första sista föregående nästa
Text 2059, 651 rader
Skriven 2005-01-18 19:41:08 av Geo (1:379/45)
   Kommentar till text 2031 av Rich (1:379/45)
Ärende: Re: Usage history
=========================
From: "Geo" <georger@nls.net>

This is a multi-part message in MIME format.

------=_NextPart_000_009F_01C4FD95.A7FBD4B0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

sorry, www.whatsmyip.org was the site. As for the mail server yes to = both, I
can create whatever alias I want on netlinks servers and I have = my own
experimental servers for testing purposes (I even own a handful = of my own
domain names). As for nls.net, it would take a couple pages to = explain it but
think of me as netlink's Paul Allen (without the health = problems).

You're probably right about online bank billpaying but the user = agreement
goes far beyond anything I had to agree to in order to open a = checking
account. I also agree with your "don't use it" attitude but it = would be
rather difficult to purchase stuff online without either a = credit card or a
bank.. <g>

Geo.

"Rich" <@> wrote in message news:41ec6f55@w3.nls.net...
     The credit card company knows what the merchants tell them.  Don't =
like this, don't use a credit card.  The problem existed well before the =
Internet and the Internet hasn't changed it.

     Banks letting you pay your bills is nothing.  If you wrote checks =
they got the checks.  Don't like it, don't use a bank.

     Before you try to toss out more examples, anyone you tell about =
yourself knows what you tell them.  Don't want them to know?  Don't tell =
them.

     You don't need to go through a proxy/cache to be tracked.  I don't =
know why you referred to http://www.whatsmyip.com/.  It looks like a = junk
search site.

     You own your own mail server?  Do you think you are in any way with =
a mile of typical?

     I thought that nls.net was your ISP and not your personally.  If =
you create your own email addresses in your ISP's domain then you are = even
further from typical.

  Rich

    "Geo" <georger@nls.net> wrote in message news:41ec4fac@w3.nls.net...
    Not true, yes an ISP can track you provide they are your only =
connection to the net but lots of other places can track you to = different
sites as well. Your credit card company can damn well tell you = where you have
purchased stuff as can any other service that handles = transactions for you.
Bank sites where they let you pay all your bills = from one site is another
example, I would imagine a single login service = could also track you across
sites as can the big advertisers who have = ads on lots of the sites you visit.

    As for if I didn't work for the ISP, I still would have an idea, =
there are tests you can do to see if you are going thru a proxy/cache = server
(www.whatsmyip.com for example) and such. When netlink was small = I busted our
upstream routing my machine different than all the other = machines on the same
subnet, used traceroute to show that. There are = lots of other ways as well
(some ping/syn tricks to find some types of = sniffers etc.)

    And yes, I run my own mail server and I make up lots of alias for me =
specifically for shopping. For example right now today if you send an = email
to shopping@nls.net I'll get it because I used that alias for my = christmas
shopping this year and I haven't deleted it yet.

    Geo.
      "Rich" <@> wrote in message news:41ebf6ae@w3.nls.net...
         Only your ISP can track where you go and what you buy without =
the sites you buying from selling this info.

         If you were not employed by your ISP you would have no idea =
whether or not they are tracking you.

         Doesn't Amazon use an email address for sign-in?  Do you create =
unique email addresses for all such sites?

      Rich

        "Geo" <georger@nls.net> wrote in message =
news:41eba0f1@w3.nls.net...
        My ISP doesn't track dns requests or sniff traffic to see where =
people are going, granted some like AOL do keep stats but the ISP I use = could
care less. My browser cache and history are purged each time I end = crazy
browser as are my cookies. Like Ellen I use different usernames = and passwords
at sites like amazon, my bank, my credit card company, etc = but I use the same
username at sites I don't care about like the NYT = site and other stupid sites
that require a login for no apparent reason.

        The last thing I want is some service that can track where I go =
and what I buy. I only accept this from my credit card company because I = have
no other choice.

        Geo.
          "Rich" <@> wrote in message news:41eaf6bc@w3.nls.net...
             No true.  There is plenty to betray you.  Your ISP of =
course knows the sites you visit as does anyone that can see even the = small
subset of traffic for DNS resolution.  Your browser's cache and = history also
serve this purpose.  There are plenty more.

             The attacker can also take a different approach that is =
likely more effective anyway.  Pick a high value site and try the stolen = IDs
on them.  Amazon may not use single sign-in but you don't care = because it
does not matter.  Then try them again at Citibank.  Then = again at whatever
site you want. This approach will have more value then = trying to sign in at
match.com using AOL's screenname service or = Microsoft's Passport, both of
which it supports.

          Rich

            "Geo" <georger@nls.net> wrote in message =
news:41ea4570@w3.nls.net...
            the difference between single sign on and the practice of =
using the same username/password on multiple sites is that with the = single
password there is no function to betray the user. In other words = there is
nothing but the user to connect all those sites together. With = the single
sign on, all you need is a list of sites that uses that = single sign on
service.

            Geo.
              "Rich" <@> wrote in message news:41e9f6c1@w3.nls.net...
                 There was an optional wallet service and you are right, =
this additional optional service could not be anonymous.  You aren't =
comparing apples to apples if you include the people that made a choice = to
use this.  Folks that wanted to be anonymous would not choose this.

                 Really, this argument is silly.  I don't know you but =
too many people I know use the same password on the many sites that = require
them to register, whether they lie or not.  Their intent is to = have something
that acts like single sign-in.   Now I'm sure the people =
arguing against single sign-in here are not hypocrits and all use = distinct
unique usernames, email addresses, passwords, etc for each and = every account
they have.  Don't you?

              Rich

                "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> =
wrote in message news:ldqju0pdbclq8l54fbhi21220l86uibp28@4ax.com...
                Well, if you only use Passport as a signin, yes.  But =
there was a piece
                to it where it would know your credit card information =
so when you used
                it to log on to a site where you wanted to buy stuff you =
wouldn't have
                to enter the credit card information.   It would be =
impossible to use
                that part and be anonymous.

                On Mon, 10 Jan 2005 15:09:44 -0800, "Rich" <@> wrote in =
message
                <41e30b2c@w3.nls.net>:

                >   I disagree.  Passport is no less anonymous than =
other signin mechanisms.  You are in control of the information you = provide
to create your signin.  If you want to lie then lie.
                >
                >Rich
                >
                >  "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> =
wrote in message news:c5h4u0p76hl80msc3pis0v1puf9k7erkpn@4ax.com...
                >  I think he wasn't addressing services claiming they =
don't disclose...
                >  his message gave examples of people trying to be =
anonymous... but
                >  someone trying to be anonymous wouldn't use Passport =
(unless they were
                >  REALLY stupid) so I'm not quite following the logic =
either.
                >
                >  On Sun, 9 Jan 2005 10:04:25 -0800, "Rich" <@> wrote =
in message
                >  <41e1720a@w3.nls.net>:
                >
                >  >   The fragment you chose to quote is interesting.  =
How many services claim that they do not disclose info as required by = law?
                >  >
                >  >   The rest is garbage.
                >  >
                >  >Rich
                >  >
                >  >  "Mike N." <mike@u-spam-u-die.net> wrote in message =
news:e8b2u0hias1bdkdgbe34mf26snbcna0ov4@4ax.com...
                >  >  On Sun, 9 Jan 2005 01:48:12 -0800, "Rich" <@> =
wrote:
                >  >
                >  >  > If you mean to question what Passport is to =
Microsoft you should use Microsoft's claims about the service
                >  >
                >  >  =
http://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033
                >  >
                >  >  "NET Passport may disclose personal information if =
required to do so by law
                >  >  or in the good-faith belief that such action is =
necessary to: (a) conform
                >  >  to legal requirements or comply with legal process =
served on Microsoft;"
                >  >
                >  >     This confirms the information I already had.  A =
single signon is for
                >  >  convenience, not security.  Sure your ISP can see =
what you're doing.  They
                >  >  can initiate a wiretap when served by a subpoena.  =
However there are many
                >  >  people for which this won't suffice -
                >  >     o terrorists who jump from Cafe to Cafe.
                >  >    o  commuters who use wireless internet services =
from Starbucks, at work,
                >  >  airports, etc.
                >  >    o Those who attempt to escape identity by =
wardriving from open wireless
                >  >  to open wireless LAN.
                >  >      Investigators would need to obtain subpoenas =
from thousands of ISPs to
                >  >  cover all activities of a person.   Alternatively, =
assuming that .NET is in
                >  >  widespread use, they would just need to subpoena =
Microsoft to get a
                >  >  complete profile of sites where a signon was used, =
and the IP
                >  >  address/date/time they were accessed from.
                >  >
                >  >     It still appears that if anyone gets your =
passport  login, they can
                >  >  assume your signon, just as if they are you.

------=_NextPart_000_009F_01C4FD95.A7FBD4B0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1479" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>sorry, <A=20
href=3D"http://www.whatsmyip.org">www.whatsmyip.org</A> was the site. As = for
the=20
mail server yes to both, I can create whatever alias I want on netlinks =
servers=20
and I have my own experimental servers for testing purposes (I even own = a=20
handful of my own domain names). As for nls.net, it would take a couple = pages
to=20
explain it but think of me as netlink's Paul Allen (without the health=20
problems).</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>You're probably right about online bank =
billpaying=20
but the user agreement goes far beyond anything I had to agree to in = order
to=20
open a checking account. I also agree with your "don't use it" attitude = but
it=20
would be rather difficult to purchase stuff online without either a = credit
card=20
or a bank.. &lt;g&gt;</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV>"Rich" &lt;@&gt; wrote in message <A=20
href=3D"news:41ec6f55@w3.nls.net">news:41ec6f55@w3.nls.net</A>...</DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; The credit card company =
knows what=20
  the merchants tell them.&nbsp; Don't like this, don't use a credit =
card.&nbsp;=20
  The problem existed well before the Internet and the Internet hasn't =
changed=20
  it.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; Banks letting you pay =
your bills is=20
  nothing.&nbsp; If you wrote checks they got the checks.&nbsp; Don't =
like it,=20
  don't use a bank.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; Before you try to toss =
out more=20
  examples, anyone you tell about yourself knows what you tell =
them.&nbsp; Don't=20
  want them to know?&nbsp; Don't tell them.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; You don't need to go =
through a=20
  proxy/cache to be tracked.&nbsp; I don't know why you referred to <A=20
  =
href=3D"http://www.whatsmyip.com/">http://www.whatsmyip.com/</A>.&nbsp; = It
looks=20
  like a junk search site.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; You own your own mail =
server?&nbsp;=20
  Do you think you are in any way with a mile of typical?</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; I thought that nls.net =
was your ISP=20
  and not your personally.&nbsp; If you create your own email addresses =
in your=20
  ISP's domain then you are even further from typical.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
  <DIV>&nbsp;</DIV>
  <BLOCKQUOTE dir=3Dltr=20
  style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
    <DIV>"Geo" &lt;<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>&gt;=20
    wrote in message <A=20
    =
href=3D"news:41ec4fac@w3.nls.net">news:41ec4fac@w3.nls.net</A>...</DIV>
    <DIV><FONT face=3DArial size=3D2>Not true, yes an ISP can track you =
provide they=20
    are your only connection to the net but lots of other places can =
track you=20
    to different sites as well. Your credit card company can damn well =
tell you=20
    where you have purchased stuff as can any other service that handles =

    transactions for you. Bank sites where they let you pay all your =
bills from=20
    one site is another example, I would imagine a single login service =
could=20
    also track you across sites as can the big advertisers who have ads =
on lots=20
    of the sites you visit.</FONT></DIV>
    <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
    <DIV><FONT face=3DArial size=3D2>As for if I didn't work for the =
ISP, I still=20
    would have an idea, there are tests you can do to see if you are =
going thru=20
    a proxy/cache server (<A=20
    href=3D"http://www.whatsmyip.com">www.whatsmyip.com</A> for example) =
and such.=20
    When netlink was small I busted our upstream routing my machine =
different=20
    than all the other machines on the same subnet, used traceroute to =
show=20
    that. There are lots of other ways as well (some ping/syn tricks to =
find=20
    some types of sniffers etc.)</FONT></DIV>
    <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
    <DIV><FONT face=3DArial size=3D2>And yes, I run my own mail server =
and I make up=20
    lots of alias for me specifically for shopping. For example right =
now today=20
    if you send an email to <A=20
    href=3D"mailto:shopping@nls.net">shopping@nls.net</A> I'll get it =
because I=20
    used that alias for my christmas shopping this year and I haven't =
deleted it=20
    yet.</FONT></DIV>
    <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
    <DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
    <BLOCKQUOTE dir=3Dltr=20
    style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
      <DIV>"Rich" &lt;@&gt; wrote in message <A=20
      =
href=3D"news:41ebf6ae@w3.nls.net">news:41ebf6ae@w3.nls.net</A>...</DIV>
      <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; Only your ISP can =
track where=20
      you go and what you buy without the sites you buying from selling=20
      this&nbsp;info.</FONT></DIV>
      <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
      <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; If you were not =
employed by your=20
      ISP you would have no idea whether or not they are tracking=20
      you.</FONT></DIV>
      <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
      <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; Doesn't Amazon use =
an email=20
      address for sign-in?&nbsp; Do you create unique email addresses =
for all=20
      such sites?</FONT></DIV>
      <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
      <DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
      <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
      <BLOCKQUOTE dir=3Dltr=20
      style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
        <DIV>"Geo" &lt;<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>&gt;=20
        wrote in message <A=20
        =
href=3D"news:41eba0f1@w3.nls.net">news:41eba0f1@w3.nls.net</A>...</DIV>
        <DIV><FONT face=3DArial size=3D2>My ISP doesn't track dns =
requests or sniff=20
        traffic to see where people are going, granted some like AOL do =
keep=20
        stats but the ISP I use could care less. My browser cache and =
history=20
        are purged each time I end crazy browser as are my cookies. Like =
Ellen I=20
        use different usernames and passwords at sites like amazon, my =
bank, my=20
        credit card company, etc but I use the same username at sites I =
don't=20
        care about like the NYT site and other stupid sites that require =
a login=20
        for no apparent reason.</FONT></DIV>
        <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
        <DIV><FONT face=3DArial size=3D2>The last thing I want is some =
service that=20
        can track where I go and what I buy. I only accept this from my =
credit=20
        card company because I have no other choice.</FONT></DIV>
        <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
        <DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
        <BLOCKQUOTE dir=3Dltr=20
        style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
          <DIV>"Rich" &lt;@&gt; wrote in message <A=20
          =
href=3D"news:41eaf6bc@w3.nls.net">news:41eaf6bc@w3.nls.net</A>...</DIV>
          <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; No true.&nbsp; =
There is=20
          plenty to betray you.&nbsp; Your ISP of course knows the sites =
you=20
          visit as does anyone that can see even the small subset of =
traffic for=20
          DNS resolution.&nbsp; Your browser's cache and history also =
serve this=20
          purpose.&nbsp; There are plenty more.</FONT></DIV>
          <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
          <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; The attacker can =
also take a=20
          different approach that is likely more effective anyway.&nbsp; =
Pick a=20
          high value site and try the stolen IDs on them.&nbsp; Amazon =
may not=20
          use single sign-in but you don't care because it does not=20
          matter.&nbsp; Then try them again at Citibank.&nbsp; Then =
again at=20
          whatever site you want. This approach will have more value =
then trying=20
          to sign in at match.com using AOL's screenname service or =
Microsoft's=20
          Passport, both of which it supports.</FONT></DIV>
          <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
          <DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
          <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
          <BLOCKQUOTE dir=3Dltr=20
          style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
            <DIV>"Geo" &lt;<A=20
            href=3D"mailto:georger@nls.net">georger@nls.net</A>&gt; =
wrote in=20
            message <A=20
            =
href=3D"news:41ea4570@w3.nls.net">news:41ea4570@w3.nls.net</A>...</DIV>
            <DIV><FONT face=3DArial size=3D2>the difference between =
single sign on=20
            and the practice of using the same username/password on =
multiple=20
            sites is that with the single password there is no function =
to=20
            betray the user. In other words there is nothing but the =
user to=20
            connect all those sites together. With the single sign on, =
all you=20
            need is a list of sites that uses that single sign on=20
            service.</FONT></DIV>
            <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
            <DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
            <BLOCKQUOTE dir=3Dltr=20
            style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
              <DIV>"Rich" &lt;@&gt; wrote in message <A=20
              =
href=3D"news:41e9f6c1@w3.nls.net">news:41e9f6c1@w3.nls.net</A>...</DIV>
              <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; There was an =
optional=20
              wallet service and you are right, this additional optional =
service=20
              could not be anonymous.&nbsp; You aren't comparing apples =
to=20
              apples if you include the people that made a choice to use =

              this.&nbsp; Folks that wanted to be anonymous would not =
choose=20
              this.</FONT></DIV>
              <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
              <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; Really, this =
argument is=20
              silly.&nbsp; I don't know you but too many people I know =
use the=20
              same password on the many sites that require them to =
register,=20
              whether they lie or not.&nbsp; Their intent is to have =
something=20
              that acts like single sign-in.&nbsp;&nbsp; Now I'm sure =
the people=20
              arguing against single sign-in here are not hypocrits and =
all use=20
              distinct unique usernames, email addresses, passwords, etc =
for=20
              each and every account they have.&nbsp; Don't =
you?</FONT></DIV>
              <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
              <DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
              <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
              <BLOCKQUOTE=20
              style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; =
MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
                <DIV>"Ellen K." &lt;<A=20
                =
href=3D"mailto:72322.enno.esspeayem.1016@compuserve.com">72322.enno.esspe=
ayem.1016@compuserve.com</A>&gt;=20
                wrote in message <A=20
                =
href=3D"news:ldqju0pdbclq8l54fbhi21220l86uibp28@4ax.com">news:ldqju0pdbcl=
q8l54fbhi21220l86uibp28@4ax.com</A>...</DIV>Well,=20
                if you only use Passport as a signin, yes.&nbsp; But =
there was a=20
                piece<BR>to it where it would know your credit card =
information=20
                so when you used<BR>it to log on to a site where you =
wanted to=20
                buy stuff you wouldn't have<BR>to enter the credit card=20
                information.&nbsp;&nbsp; It would be impossible to =
use<BR>that=20
                part and be anonymous.<BR><BR>On Mon, 10 Jan 2005 =
15:09:44=20
                -0800, "Rich" &lt;@&gt; wrote in message<BR>&lt;<A=20
                =
href=3D"mailto:41e30b2c@w3.nls.net">41e30b2c@w3.nls.net</A>&gt;:<BR><BR>&=
gt;&nbsp;&nbsp;=20
                I disagree.&nbsp; Passport is no less anonymous than =
other=20
                signin mechanisms.&nbsp; You are in control of the =
information=20
                you provide to create your signin.&nbsp; If you want to =
lie then=20
                lie.<BR>&gt;<BR>&gt;Rich<BR>&gt;<BR>&gt;&nbsp; "Ellen =
K." &lt;<A=20
                =
href=3D"mailto:72322.enno.esspeayem.1016@compuserve.com">72322.enno.esspe=
ayem.1016@compuserve.com</A>&gt;=20
                wrote in message <A=20
                =
href=3D"news:c5h4u0p76hl80msc3pis0v1puf9k7erkpn@4ax.com">news:c5h4u0p76hl=
80msc3pis0v1puf9k7erkpn@4ax.com</A>...<BR>&gt;&nbsp;=20
                I think he wasn't addressing services claiming they =
don't=20
                disclose...<BR>&gt;&nbsp; his message gave examples of =
people=20
                trying to be anonymous... but<BR>&gt;&nbsp; someone =
trying to be=20
                anonymous wouldn't use Passport (unless they =
were<BR>&gt;&nbsp;=20
                REALLY stupid) so I'm not quite following the logic=20
                either.<BR>&gt;<BR>&gt;&nbsp; On Sun, 9 Jan 2005 =
10:04:25 -0800,=20
                "Rich" &lt;@&gt; wrote in message<BR>&gt;&nbsp; &lt;<A=20
                =
href=3D"mailto:41e1720a@w3.nls.net">41e1720a@w3.nls.net</A>&gt;:<BR>&gt;<=
BR>&gt;&nbsp;=20
                &gt;&nbsp;&nbsp; The fragment you chose to quote is=20
                interesting.&nbsp; How many services claim that they do =
not=20
                disclose info as required by law?<BR>&gt;&nbsp;=20
                &gt;<BR>&gt;&nbsp; &gt;&nbsp;&nbsp; The rest is=20
                garbage.<BR>&gt;&nbsp; &gt;<BR>&gt;&nbsp; =
&gt;Rich<BR>&gt;&nbsp;=20
                &gt;<BR>&gt;&nbsp; &gt;&nbsp; "Mike N." &lt;<A=20
                =
href=3D"mailto:mike@u-spam-u-die.net">mike@u-spam-u-die.net</A>&gt;=20
                wrote in message <A=20
                =
href=3D"news:e8b2u0hias1bdkdgbe34mf26snbcna0ov4@4ax.com">news:e8b2u0hias1=
bdkdgbe34mf26snbcna0ov4@4ax.com</A>...<BR>&gt;&nbsp;=20
                &gt;&nbsp; On Sun, 9 Jan 2005 01:48:12 -0800, "Rich" =
&lt;@&gt;=20
                wrote:<BR>&gt;&nbsp; &gt;<BR>&gt;&nbsp; &gt;&nbsp; &gt; =
If you=20
                mean to question what Passport is to Microsoft you =
should use=20
                Microsoft's claims about the service<BR>&gt;&nbsp;=20
                &gt;<BR>&gt;&nbsp; &gt;&nbsp; <A=20
                =
href=3D"http://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033">htt=
p://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033</A><BR>&gt;&nbs=
p;=20
                &gt;<BR>&gt;&nbsp; &gt;&nbsp; "NET Passport may disclose =

                personal information if required to do so by =
law<BR>&gt;&nbsp;=20
                &gt;&nbsp; or in the good-faith belief that such action =
is=20
                necessary to: (a) conform<BR>&gt;&nbsp; &gt;&nbsp; to =
legal=20
                requirements or comply with legal process served on=20
                Microsoft;"<BR>&gt;&nbsp; &gt;<BR>&gt;&nbsp;=20
                &gt;&nbsp;&nbsp;&nbsp;&nbsp; This confirms the =
information I=20
                already had.&nbsp; A single signon is for<BR>&gt;&nbsp;=20
                &gt;&nbsp; convenience, not security.&nbsp; Sure your =
ISP can=20
                see what you're doing.&nbsp; They<BR>&gt;&nbsp; =
&gt;&nbsp; can=20
                initiate a wiretap when served by a subpoena.&nbsp; =
However=20
                there are many<BR>&gt;&nbsp; &gt;&nbsp; people for which =
this=20
                won't suffice -<BR>&gt;&nbsp; =
&gt;&nbsp;&nbsp;&nbsp;&nbsp; o=20
                terrorists who jump from Cafe to Cafe.<BR>&gt;&nbsp;=20
                &gt;&nbsp;&nbsp;&nbsp; o&nbsp; commuters who use =
wireless=20
                internet services from Starbucks, at work,<BR>&gt;&nbsp; =

                &gt;&nbsp; airports, etc.<BR>&gt;&nbsp; =
&gt;&nbsp;&nbsp;&nbsp; o=20
                Those who attempt to escape identity by wardriving from =
open=20
                wireless<BR>&gt;&nbsp; &gt;&nbsp; to open wireless=20
                LAN.<BR>&gt;&nbsp; &gt;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
                Investigators would need to obtain subpoenas from =
thousands of=20
                ISPs to<BR>&gt;&nbsp; &gt;&nbsp; cover all activities of =
a=20
                person.&nbsp;&nbsp; Alternatively, assuming that .NET is =

                in<BR>&gt;&nbsp; &gt;&nbsp; widespread use, they would =
just need=20
                to subpoena Microsoft to get a<BR>&gt;&nbsp; &gt;&nbsp; =
complete=20
                profile of sites where a signon was used, and the=20
                IP<BR>&gt;&nbsp; &gt;&nbsp; address/date/time they were =
accessed=20
                from.<BR>&gt;&nbsp; &gt;<BR>&gt;&nbsp;=20
                &gt;&nbsp;&nbsp;&nbsp;&nbsp; It still appears that if =
anyone=20
                gets your passport&nbsp; login, they can<BR>&gt;&nbsp;=20
                &gt;&nbsp; assume your signon, just as if they are=20
              =
you.<BR></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE>=
</BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_009F_01C4FD95.A7FBD4B0--

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)