Text 2001, 399 rader
Skriven 2005-01-16 15:36:14 av Rich (1:379/45)
Kommentar till text 1995 av Ellen K. (1:379/45)
Ärende: Re: Usage history
=========================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_070E_01C4FBE1.1D74E530
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Yes, cc numbers were brought up earlier in one of the attempts to =
divert the discussion.
You are very unusual if you have different usernames and passwords. =
I fail when I explain to people why they should do this. As for = usernames
specifically, it is not practical as many sites use email = addresses instead
usernames for sign-in and unless you want to create = multiple email accounts,
which most people don't, you can only change = the password. Heck, I know
people that do not realize that when signing = up for site X that requires an
email address and password that the = password for site X need not be the same
as the password for their email = address.
Your work examples though I think are examples of bad or lacking =
integration. My logon and email identifies are the same because they = are the
same. For Remote Deskop and Terminal Services, again my one = identity is
used. Logging on remotely doesn't, and shouldn't, use a =
different identity than logging on locally.
Rich
"Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in message =
news:18jlu09b16c03vh74i1nv0aa30fsdt9p5i@4ax.com...
The reason I brought up the optional wallet service was that a couple =
of
messages upthread the discussion was about credit card numbers.
To answer your question, yes, I have a unique username and password =
for
any site where I care about the privacy and security of my =
information.
For example I have different usernames and passwords for Schwab,
e*Trade, the outfit that manages my company's 401(k) plan, and the
credit card issuer whose bills I pay online. At work my username is
the same for logon and email because with Novell it has to be, but the
passwords are different, and both the username and password for the =
pcAW
host object on my desktop are different from the other two.
On the other hand, I don't care if my password for the NYTimes is the
same as my password to the LATimes. But even that isn't the same as
single sign-in because there isn't a common manager that looks at what =
I
read in both places, which with single sign-in would be at least
theoretically possible.
On Sat, 15 Jan 2005 21:08:17 -0800, "Rich" <@> wrote in message
<41e9f6c1@w3.nls.net>:
> There was an optional wallet service and you are right, this =
additional optional service could not be anonymous. You aren't = comparing
apples to apples if you include the people that made a choice = to use this.
Folks that wanted to be anonymous would not choose this.
>
> Really, this argument is silly. I don't know you but too many =
people I know use the same password on the many sites that require them = to
register, whether they lie or not. Their intent is to have something = that
acts like single sign-in. Now I'm sure the people arguing against =
single sign-in here are not hypocrits and all use distinct unique = usernames,
email addresses, passwords, etc for each and every account = they have. Don't
you?
>
>Rich
>
> "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in =
message news:ldqju0pdbclq8l54fbhi21220l86uibp28@4ax.com...
> Well, if you only use Passport as a signin, yes. But there was a =
piece
> to it where it would know your credit card information so when you =
used
> it to log on to a site where you wanted to buy stuff you wouldn't =
have
> to enter the credit card information. It would be impossible to =
use
> that part and be anonymous.
>
> On Mon, 10 Jan 2005 15:09:44 -0800, "Rich" <@> wrote in message
> <41e30b2c@w3.nls.net>:
>
> > I disagree. Passport is no less anonymous than other signin =
mechanisms. You are in control of the information you provide to create = your
signin. If you want to lie then lie.
> >
> >Rich
> >
> > "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in =
message news:c5h4u0p76hl80msc3pis0v1puf9k7erkpn@4ax.com...
> > I think he wasn't addressing services claiming they don't =
disclose...
> > his message gave examples of people trying to be anonymous... =
but
> > someone trying to be anonymous wouldn't use Passport (unless =
they were
> > REALLY stupid) so I'm not quite following the logic either.
> >
> > On Sun, 9 Jan 2005 10:04:25 -0800, "Rich" <@> wrote in message
> > <41e1720a@w3.nls.net>:
> >
> > > The fragment you chose to quote is interesting. How many =
services claim that they do not disclose info as required by law?
> > >
> > > The rest is garbage.
> > >
> > >Rich
> > >
> > > "Mike N." <mike@u-spam-u-die.net> wrote in message =
news:e8b2u0hias1bdkdgbe34mf26snbcna0ov4@4ax.com...
> > > On Sun, 9 Jan 2005 01:48:12 -0800, "Rich" <@> wrote:
> > >
> > > > If you mean to question what Passport is to Microsoft you =
should use Microsoft's claims about the service
> > >
> > > http://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033
> > >
> > > "NET Passport may disclose personal information if required =
to do so by law
> > > or in the good-faith belief that such action is necessary to: =
(a) conform
> > > to legal requirements or comply with legal process served on =
Microsoft;"
> > >
> > > This confirms the information I already had. A single =
signon is for
> > > convenience, not security. Sure your ISP can see what you're =
doing. They
> > > can initiate a wiretap when served by a subpoena. However =
there are many
> > > people for which this won't suffice -
> > > o terrorists who jump from Cafe to Cafe.
> > > o commuters who use wireless internet services from =
Starbucks, at work,
> > > airports, etc.
> > > o Those who attempt to escape identity by wardriving from =
open wireless
> > > to open wireless LAN.
> > > Investigators would need to obtain subpoenas from =
thousands of ISPs to
> > > cover all activities of a person. Alternatively, assuming =
that .NET is in
> > > widespread use, they would just need to subpoena Microsoft to =
get a
> > > complete profile of sites where a signon was used, and the IP
> > > address/date/time they were accessed from.
> > >
> > > It still appears that if anyone gets your passport login, =
they can
> > > assume your signon, just as if they are you.
------=_NextPart_000_070E_01C4FBE1.1D74E530
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.3790.1289" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> Yes, cc numbers were =
brought up=20
earlier in one of the attempts to divert the discussion.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> You are very unusual if =
you have=20
different usernames and passwords. I fail when I explain to people =
why=20
they should do this. As for usernames specifically, it is not = practical
as=20
many sites use email addresses instead usernames for sign-in and unless = you
want=20
to create multiple email accounts, which most people don't, you can only =
change=20
the password. Heck, I know people that do not realize that when = signing
up=20
for site X that requires an email address and password that the password =
for=20
site X need not be the same as the password for their email=20
address.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Your work examples though =
I think are=20
examples of bad or lacking integration. My logon and email = identifies
are=20
the same because they are the same. For Remote Deskop and Terminal =
Services, again my one identity is used. Logging on remotely =
doesn't, and shouldn't, use a different identity than logging on=20
locally.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Ellen K." <<A=20
=
href=3D"mailto:72322.enno.esspeayem.1016@compuserve.com">72322.enno.esspe=
ayem.1016@compuserve.com</A>>=20
wrote in message <A=20
=
href=3D"news:18jlu09b16c03vh74i1nv0aa30fsdt9p5i@4ax.com">news:18jlu09b16c=
03vh74i1nv0aa30fsdt9p5i@4ax.com</A>...</DIV>The=20
reason I brought up the optional wallet service was that a couple=20
of<BR>messages upthread the discussion was about credit card=20
numbers.<BR><BR>To answer your question, yes, I have a unique username =
and=20
password for<BR>any site where I care about the privacy and security =
of my=20
information.<BR>For example I have different usernames and passwords =
for=20
Schwab,<BR>e*Trade, the outfit that manages my company's 401(k) plan, =
and=20
the<BR>credit card issuer whose bills I pay online. At =
work my=20
username is<BR>the same for logon and email because with Novell it has =
to be,=20
but the<BR>passwords are different, and both the username and password =
for the=20
pcAW<BR>host object on my desktop are different from the other =
two.<BR><BR>On=20
the other hand, I don't care if my password for the NYTimes is =
the<BR>same as=20
my password to the LATimes. But even that isn't the same=20
as<BR>single sign-in because there isn't a common manager that looks =
at what=20
I<BR>read in both places, which with single sign-in would be at=20
least<BR>theoretically possible.<BR><BR>On Sat, 15 Jan 2005 21:08:17 =
-0800,=20
"Rich" <@> wrote in message<BR><<A=20
=
href=3D"mailto:41e9f6c1@w3.nls.net">41e9f6c1@w3.nls.net</A>>:<BR><BR>&=
gt; =20
There was an optional wallet service and you are right, this =
additional=20
optional service could not be anonymous. You aren't comparing =
apples to=20
apples if you include the people that made a choice to use this. =
Folks=20
that wanted to be anonymous would not choose =
this.<BR>><BR>> =20
Really, this argument is silly. I don't know you but too many =
people I=20
know use the same password on the many sites that require them to =
register,=20
whether they lie or not. Their intent is to have something that =
acts=20
like single sign-in. Now I'm sure the people arguing =
against=20
single sign-in here are not hypocrits and all use distinct unique =
usernames,=20
email addresses, passwords, etc for each and every account they =
have. =20
Don't you?<BR>><BR>>Rich<BR>><BR>> "Ellen K." <<A =
=
href=3D"mailto:72322.enno.esspeayem.1016@compuserve.com">72322.enno.esspe=
ayem.1016@compuserve.com</A>>=20
wrote in message <A=20
=
href=3D"news:ldqju0pdbclq8l54fbhi21220l86uibp28@4ax.com">news:ldqju0pdbcl=
q8l54fbhi21220l86uibp28@4ax.com</A>...<BR>> =20
Well, if you only use Passport as a signin, yes. But there was a =
piece<BR>> to it where it would know your credit card =
information so=20
when you used<BR>> it to log on to a site where you wanted to =
buy=20
stuff you wouldn't have<BR>> to enter the credit card=20
information. It would be impossible to use<BR>> =
that part=20
and be anonymous.<BR>><BR>> On Mon, 10 Jan 2005 15:09:44 =
-0800,=20
"Rich" <@> wrote in message<BR>> <<A=20
=
href=3D"mailto:41e30b2c@w3.nls.net">41e30b2c@w3.nls.net</A>>:<BR>><=
BR>> =20
> I disagree. Passport is no less anonymous than =
other=20
signin mechanisms. You are in control of the information you =
provide to=20
create your signin. If you want to lie then lie.<BR>> =20
><BR>> >Rich<BR>> ><BR>> =
> "Ellen=20
K." <<A=20
=
href=3D"mailto:72322.enno.esspeayem.1016@compuserve.com">72322.enno.esspe=
ayem.1016@compuserve.com</A>>=20
wrote in message <A=20
=
href=3D"news:c5h4u0p76hl80msc3pis0v1puf9k7erkpn@4ax.com">news:c5h4u0p76hl=
80msc3pis0v1puf9k7erkpn@4ax.com</A>...<BR>> =20
> I think he wasn't addressing services claiming they don't=20
disclose...<BR>> > his message gave examples of =
people=20
trying to be anonymous... but<BR>> > someone trying =
to be=20
anonymous wouldn't use Passport (unless they were<BR>> =
> =20
REALLY stupid) so I'm not quite following the logic =
either.<BR>> =20
><BR>> > On Sun, 9 Jan 2005 10:04:25 -0800, =
"Rich"=20
<@> wrote in message<BR>> > <<A=20
=
href=3D"mailto:41e1720a@w3.nls.net">41e1720a@w3.nls.net</A>>:<BR>>&=
nbsp;=20
><BR>> > > The fragment you chose =
to quote=20
is interesting. How many services claim that they do not =
disclose info=20
as required by law?<BR>> > ><BR>> =
> =20
> The rest is garbage.<BR>> > =20
><BR>> > >Rich<BR>> > =20
><BR>> > > "Mike N." <<A=20
href=3D"mailto:mike@u-spam-u-die.net">mike@u-spam-u-die.net</A>> =
wrote in=20
message <A=20
=
href=3D"news:e8b2u0hias1bdkdgbe34mf26snbcna0ov4@4ax.com">news:e8b2u0hias1=
bdkdgbe34mf26snbcna0ov4@4ax.com</A>...<BR>> =20
> > On Sun, 9 Jan 2005 01:48:12 -0800, "Rich" =
<@>=20
wrote:<BR>> > ><BR>> > =
> >=20
If you mean to question what Passport is to Microsoft you should use=20
Microsoft's claims about the service<BR>> > =20
><BR>> > > <A=20
=
href=3D"http://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033">htt=
p://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033</A><BR>>&nbs=
p;=20
> ><BR>> > > "NET Passport may =
disclose=20
personal information if required to do so by law<BR>> =
> =20
> or in the good-faith belief that such action is necessary =
to: (a)=20
conform<BR>> > > to legal requirements or =
comply=20
with legal process served on Microsoft;"<BR>> > =20
><BR>> > > This =
confirms the=20
information I already had. A single signon is for<BR>> =20
> > convenience, not security. Sure your ISP =
can see=20
what you're doing. They<BR>> > > can =
initiate=20
a wiretap when served by a subpoena. However there are=20
many<BR>> > > people for which this won't =
suffice=20
-<BR>> > > o terrorists =
who jump=20
from Cafe to Cafe.<BR>> > > =
o =20
commuters who use wireless internet services from Starbucks, at=20
work,<BR>> > > airports, etc.<BR>> =
> > o Those who attempt to escape =
identity by=20
wardriving from open wireless<BR>> > > to =
open=20
wireless LAN.<BR>> > =
> =20
Investigators would need to obtain subpoenas from thousands of ISPs=20
to<BR>> > > cover all activities of a=20
person. Alternatively, assuming that .NET is =
in<BR>> =20
> > widespread use, they would just need to subpoena =
Microsoft to get a<BR>> > > complete =
profile of=20
sites where a signon was used, and the IP<BR>> > =
> =20
address/date/time they were accessed from.<BR>> > =20
><BR>> > > It still =
appears=20
that if anyone gets your passport login, they can<BR>> =20
> > assume your signon, just as if they are=20
you.<BR></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_070E_01C4FBE1.1D74E530--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|