Text 2038, 369 rader
Skriven 2005-01-17 23:07:22 av John Oellrich (1:379/45)
Kommentar till text 1995 av Ellen K. (1:379/45)
Ärende: Re: Usage history
=========================
From: "John Oellrich" <john@oellrich.us>
This is a multi-part message in MIME format.
------=_NextPart_000_0136_01C4FCE9.4D1FDD90
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Ellen,
Can you keep all these usernames and passwords combos memorized? I know = I
couldn't. And a lot of sites I buy from require the username to be my = e-mail
address, so there goes the username option. I just choose to go = with
essentially a single very strong password (have to do some = variations because
many sites will not allow special characters in = passwords).
--=20
john
john@oellrich.us
"Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in message =
news:18jlu09b16c03vh74i1nv0aa30fsdt9p5i@4ax.com...
The reason I brought up the optional wallet service was that a couple =
of
messages upthread the discussion was about credit card numbers.
To answer your question, yes, I have a unique username and password =
for
any site where I care about the privacy and security of my =
information.
For example I have different usernames and passwords for Schwab,
e*Trade, the outfit that manages my company's 401(k) plan, and the
credit card issuer whose bills I pay online. At work my username is
the same for logon and email because with Novell it has to be, but the
passwords are different, and both the username and password for the =
pcAW
host object on my desktop are different from the other two.
On the other hand, I don't care if my password for the NYTimes is the
same as my password to the LATimes. But even that isn't the same as
single sign-in because there isn't a common manager that looks at what =
I
read in both places, which with single sign-in would be at least
theoretically possible.
On Sat, 15 Jan 2005 21:08:17 -0800, "Rich" <@> wrote in message
<41e9f6c1@w3.nls.net>:
> There was an optional wallet service and you are right, this =
additional optional service could not be anonymous. You aren't = comparing
apples to apples if you include the people that made a choice = to use this.
Folks that wanted to be anonymous would not choose this.
>
> Really, this argument is silly. I don't know you but too many =
people I know use the same password on the many sites that require them = to
register, whether they lie or not. Their intent is to have something = that
acts like single sign-in. Now I'm sure the people arguing against =
single sign-in here are not hypocrits and all use distinct unique = usernames,
email addresses, passwords, etc for each and every account = they have. Don't
you?
>
>Rich
>
> "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in =
message news:ldqju0pdbclq8l54fbhi21220l86uibp28@4ax.com...
> Well, if you only use Passport as a signin, yes. But there was a =
piece
> to it where it would know your credit card information so when you =
used
> it to log on to a site where you wanted to buy stuff you wouldn't =
have
> to enter the credit card information. It would be impossible to =
use
> that part and be anonymous.
>
> On Mon, 10 Jan 2005 15:09:44 -0800, "Rich" <@> wrote in message
> <41e30b2c@w3.nls.net>:
>
> > I disagree. Passport is no less anonymous than other signin =
mechanisms. You are in control of the information you provide to create = your
signin. If you want to lie then lie.
> >
> >Rich
> >
> > "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> wrote in =
message news:c5h4u0p76hl80msc3pis0v1puf9k7erkpn@4ax.com...
> > I think he wasn't addressing services claiming they don't =
disclose...
> > his message gave examples of people trying to be anonymous... =
but
> > someone trying to be anonymous wouldn't use Passport (unless =
they were
> > REALLY stupid) so I'm not quite following the logic either.
> >
> > On Sun, 9 Jan 2005 10:04:25 -0800, "Rich" <@> wrote in message
> > <41e1720a@w3.nls.net>:
> >
> > > The fragment you chose to quote is interesting. How many =
services claim that they do not disclose info as required by law?
> > >
> > > The rest is garbage.
> > >
> > >Rich
> > >
> > > "Mike N." <mike@u-spam-u-die.net> wrote in message =
news:e8b2u0hias1bdkdgbe34mf26snbcna0ov4@4ax.com...
> > > On Sun, 9 Jan 2005 01:48:12 -0800, "Rich" <@> wrote:
> > >
> > > > If you mean to question what Passport is to Microsoft you =
should use Microsoft's claims about the service
> > >
> > > http://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033
> > >
> > > "NET Passport may disclose personal information if required =
to do so by law
> > > or in the good-faith belief that such action is necessary to: =
(a) conform
> > > to legal requirements or comply with legal process served on =
Microsoft;"
> > >
> > > This confirms the information I already had. A single =
signon is for
> > > convenience, not security. Sure your ISP can see what you're =
doing. They
> > > can initiate a wiretap when served by a subpoena. However =
there are many
> > > people for which this won't suffice -
> > > o terrorists who jump from Cafe to Cafe.
> > > o commuters who use wireless internet services from =
Starbucks, at work,
> > > airports, etc.
> > > o Those who attempt to escape identity by wardriving from =
open wireless
> > > to open wireless LAN.
> > > Investigators would need to obtain subpoenas from =
thousands of ISPs to
> > > cover all activities of a person. Alternatively, assuming =
that .NET is in
> > > widespread use, they would just need to subpoena Microsoft to =
get a
> > > complete profile of sites where a signon was used, and the IP
> > > address/date/time they were accessed from.
> > >
> > > It still appears that if anyone gets your passport login, =
they can
> > > assume your signon, just as if they are you.
------=_NextPart_000_0136_01C4FCE9.4D1FDD90
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Ellen,</DIV>
<DIV> </DIV>
<DIV>Can you keep all these usernames and passwords combos memorized? I =
know I=20
couldn't. And a lot of sites I buy from require the username to be my =
e-mail=20
address, so there goes the username option. I just choose to go with =
essentially=20
a single very strong password (have to do some variations because many =
sites=20
will not allow special characters in passwords).</DIV>
<DIV><BR>-- <BR>john</DIV>
<DIV> </DIV>
<DIV><A href=3D"mailto:john@oellrich.us">john@oellrich.us</A></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Ellen K." <<A=20
=
href=3D"mailto:72322.enno.esspeayem.1016@compuserve.com">72322.enno.esspe=
ayem.1016@compuserve.com</A>>=20
wrote in message <A=20
=
href=3D"news:18jlu09b16c03vh74i1nv0aa30fsdt9p5i@4ax.com">news:18jlu09b16c=
03vh74i1nv0aa30fsdt9p5i@4ax.com</A>...</DIV>The=20
reason I brought up the optional wallet service was that a couple=20
of<BR>messages upthread the discussion was about credit card=20
numbers.<BR><BR>To answer your question, yes, I have a unique username =
and=20
password for<BR>any site where I care about the privacy and security =
of my=20
information.<BR>For example I have different usernames and passwords =
for=20
Schwab,<BR>e*Trade, the outfit that manages my company's 401(k) plan, =
and=20
the<BR>credit card issuer whose bills I pay online. At =
work my=20
username is<BR>the same for logon and email because with Novell it has =
to be,=20
but the<BR>passwords are different, and both the username and password =
for the=20
pcAW<BR>host object on my desktop are different from the other =
two.<BR><BR>On=20
the other hand, I don't care if my password for the NYTimes is =
the<BR>same as=20
my password to the LATimes. But even that isn't the same=20
as<BR>single sign-in because there isn't a common manager that looks =
at what=20
I<BR>read in both places, which with single sign-in would be at=20
least<BR>theoretically possible.<BR><BR>On Sat, 15 Jan 2005 21:08:17 =
-0800,=20
"Rich" <@> wrote in message<BR><<A=20
=
href=3D"mailto:41e9f6c1@w3.nls.net">41e9f6c1@w3.nls.net</A>>:<BR><BR>&=
gt; =20
There was an optional wallet service and you are right, this =
additional=20
optional service could not be anonymous. You aren't comparing =
apples to=20
apples if you include the people that made a choice to use this. =
Folks=20
that wanted to be anonymous would not choose =
this.<BR>><BR>> =20
Really, this argument is silly. I don't know you but too many =
people I=20
know use the same password on the many sites that require them to =
register,=20
whether they lie or not. Their intent is to have something that =
acts=20
like single sign-in. Now I'm sure the people arguing =
against=20
single sign-in here are not hypocrits and all use distinct unique =
usernames,=20
email addresses, passwords, etc for each and every account they =
have. =20
Don't you?<BR>><BR>>Rich<BR>><BR>> "Ellen K." <<A =
=
href=3D"mailto:72322.enno.esspeayem.1016@compuserve.com">72322.enno.esspe=
ayem.1016@compuserve.com</A>>=20
wrote in message <A=20
=
href=3D"news:ldqju0pdbclq8l54fbhi21220l86uibp28@4ax.com">news:ldqju0pdbcl=
q8l54fbhi21220l86uibp28@4ax.com</A>...<BR>> =20
Well, if you only use Passport as a signin, yes. But there was a =
piece<BR>> to it where it would know your credit card =
information so=20
when you used<BR>> it to log on to a site where you wanted to =
buy=20
stuff you wouldn't have<BR>> to enter the credit card=20
information. It would be impossible to use<BR>> =
that part=20
and be anonymous.<BR>><BR>> On Mon, 10 Jan 2005 15:09:44 =
-0800,=20
"Rich" <@> wrote in message<BR>> <<A=20
=
href=3D"mailto:41e30b2c@w3.nls.net">41e30b2c@w3.nls.net</A>>:<BR>><=
BR>> =20
> I disagree. Passport is no less anonymous than =
other=20
signin mechanisms. You are in control of the information you =
provide to=20
create your signin. If you want to lie then lie.<BR>> =20
><BR>> >Rich<BR>> ><BR>> =
> "Ellen=20
K." <<A=20
=
href=3D"mailto:72322.enno.esspeayem.1016@compuserve.com">72322.enno.esspe=
ayem.1016@compuserve.com</A>>=20
wrote in message <A=20
=
href=3D"news:c5h4u0p76hl80msc3pis0v1puf9k7erkpn@4ax.com">news:c5h4u0p76hl=
80msc3pis0v1puf9k7erkpn@4ax.com</A>...<BR>> =20
> I think he wasn't addressing services claiming they don't=20
disclose...<BR>> > his message gave examples of =
people=20
trying to be anonymous... but<BR>> > someone trying =
to be=20
anonymous wouldn't use Passport (unless they were<BR>> =
> =20
REALLY stupid) so I'm not quite following the logic =
either.<BR>> =20
><BR>> > On Sun, 9 Jan 2005 10:04:25 -0800, =
"Rich"=20
<@> wrote in message<BR>> > <<A=20
=
href=3D"mailto:41e1720a@w3.nls.net">41e1720a@w3.nls.net</A>>:<BR>>&=
nbsp;=20
><BR>> > > The fragment you chose =
to quote=20
is interesting. How many services claim that they do not =
disclose info=20
as required by law?<BR>> > ><BR>> =
> =20
> The rest is garbage.<BR>> > =20
><BR>> > >Rich<BR>> > =20
><BR>> > > "Mike N." <<A=20
href=3D"mailto:mike@u-spam-u-die.net">mike@u-spam-u-die.net</A>> =
wrote in=20
message <A=20
=
href=3D"news:e8b2u0hias1bdkdgbe34mf26snbcna0ov4@4ax.com">news:e8b2u0hias1=
bdkdgbe34mf26snbcna0ov4@4ax.com</A>...<BR>> =20
> > On Sun, 9 Jan 2005 01:48:12 -0800, "Rich" =
<@>=20
wrote:<BR>> > ><BR>> > =
> >=20
If you mean to question what Passport is to Microsoft you should use=20
Microsoft's claims about the service<BR>> > =20
><BR>> > > <A=20
=
href=3D"http://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033">htt=
p://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033</A><BR>>&nbs=
p;=20
> ><BR>> > > "NET Passport may =
disclose=20
personal information if required to do so by law<BR>> =
> =20
> or in the good-faith belief that such action is necessary =
to: (a)=20
conform<BR>> > > to legal requirements or =
comply=20
with legal process served on Microsoft;"<BR>> > =20
><BR>> > > This =
confirms the=20
information I already had. A single signon is for<BR>> =20
> > convenience, not security. Sure your ISP =
can see=20
what you're doing. They<BR>> > > can =
initiate=20
a wiretap when served by a subpoena. However there are=20
many<BR>> > > people for which this won't =
suffice=20
-<BR>> > > o terrorists =
who jump=20
from Cafe to Cafe.<BR>> > > =
o =20
commuters who use wireless internet services from Starbucks, at=20
work,<BR>> > > airports, etc.<BR>> =
> > o Those who attempt to escape =
identity by=20
wardriving from open wireless<BR>> > > to =
open=20
wireless LAN.<BR>> > =
> =20
Investigators would need to obtain subpoenas from thousands of ISPs=20
to<BR>> > > cover all activities of a=20
person. Alternatively, assuming that .NET is =
in<BR>> =20
> > widespread use, they would just need to subpoena =
Microsoft to get a<BR>> > > complete =
profile of=20
sites where a signon was used, and the IP<BR>> > =
> =20
address/date/time they were accessed from.<BR>> > =20
><BR>> > > It still =
appears=20
that if anyone gets your passport login, they can<BR>> =20
> > assume your signon, just as if they are=20
you.<BR></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0136_01C4FCE9.4D1FDD90--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|