Text 2059, 651 rader
Skriven 2005-01-18 19:41:08 av Geo (1:379/45)
Kommentar till text 2031 av Rich (1:379/45)
Ärende: Re: Usage history
=========================
From: "Geo" <georger@nls.net>
This is a multi-part message in MIME format.
------=_NextPart_000_009F_01C4FD95.A7FBD4B0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
sorry, www.whatsmyip.org was the site. As for the mail server yes to = both, I
can create whatever alias I want on netlinks servers and I have = my own
experimental servers for testing purposes (I even own a handful = of my own
domain names). As for nls.net, it would take a couple pages to = explain it but
think of me as netlink's Paul Allen (without the health = problems).
You're probably right about online bank billpaying but the user = agreement
goes far beyond anything I had to agree to in order to open a = checking
account. I also agree with your "don't use it" attitude but it = would be
rather difficult to purchase stuff online without either a = credit card or a
bank.. <g>
Geo.
"Rich" <@> wrote in message news:41ec6f55@w3.nls.net...
The credit card company knows what the merchants tell them. Don't =
like this, don't use a credit card. The problem existed well before the =
Internet and the Internet hasn't changed it.
Banks letting you pay your bills is nothing. If you wrote checks =
they got the checks. Don't like it, don't use a bank.
Before you try to toss out more examples, anyone you tell about =
yourself knows what you tell them. Don't want them to know? Don't tell =
them.
You don't need to go through a proxy/cache to be tracked. I don't =
know why you referred to http://www.whatsmyip.com/. It looks like a = junk
search site.
You own your own mail server? Do you think you are in any way with =
a mile of typical?
I thought that nls.net was your ISP and not your personally. If =
you create your own email addresses in your ISP's domain then you are = even
further from typical.
Rich
"Geo" <georger@nls.net> wrote in message news:41ec4fac@w3.nls.net...
Not true, yes an ISP can track you provide they are your only =
connection to the net but lots of other places can track you to = different
sites as well. Your credit card company can damn well tell you = where you have
purchased stuff as can any other service that handles = transactions for you.
Bank sites where they let you pay all your bills = from one site is another
example, I would imagine a single login service = could also track you across
sites as can the big advertisers who have = ads on lots of the sites you visit.
As for if I didn't work for the ISP, I still would have an idea, =
there are tests you can do to see if you are going thru a proxy/cache = server
(www.whatsmyip.com for example) and such. When netlink was small = I busted our
upstream routing my machine different than all the other = machines on the same
subnet, used traceroute to show that. There are = lots of other ways as well
(some ping/syn tricks to find some types of = sniffers etc.)
And yes, I run my own mail server and I make up lots of alias for me =
specifically for shopping. For example right now today if you send an = email
to shopping@nls.net I'll get it because I used that alias for my = christmas
shopping this year and I haven't deleted it yet.
Geo.
"Rich" <@> wrote in message news:41ebf6ae@w3.nls.net...
Only your ISP can track where you go and what you buy without =
the sites you buying from selling this info.
If you were not employed by your ISP you would have no idea =
whether or not they are tracking you.
Doesn't Amazon use an email address for sign-in? Do you create =
unique email addresses for all such sites?
Rich
"Geo" <georger@nls.net> wrote in message =
news:41eba0f1@w3.nls.net...
My ISP doesn't track dns requests or sniff traffic to see where =
people are going, granted some like AOL do keep stats but the ISP I use = could
care less. My browser cache and history are purged each time I end = crazy
browser as are my cookies. Like Ellen I use different usernames = and passwords
at sites like amazon, my bank, my credit card company, etc = but I use the same
username at sites I don't care about like the NYT = site and other stupid sites
that require a login for no apparent reason.
The last thing I want is some service that can track where I go =
and what I buy. I only accept this from my credit card company because I = have
no other choice.
Geo.
"Rich" <@> wrote in message news:41eaf6bc@w3.nls.net...
No true. There is plenty to betray you. Your ISP of =
course knows the sites you visit as does anyone that can see even the = small
subset of traffic for DNS resolution. Your browser's cache and = history also
serve this purpose. There are plenty more.
The attacker can also take a different approach that is =
likely more effective anyway. Pick a high value site and try the stolen = IDs
on them. Amazon may not use single sign-in but you don't care = because it
does not matter. Then try them again at Citibank. Then = again at whatever
site you want. This approach will have more value then = trying to sign in at
match.com using AOL's screenname service or = Microsoft's Passport, both of
which it supports.
Rich
"Geo" <georger@nls.net> wrote in message =
news:41ea4570@w3.nls.net...
the difference between single sign on and the practice of =
using the same username/password on multiple sites is that with the = single
password there is no function to betray the user. In other words = there is
nothing but the user to connect all those sites together. With = the single
sign on, all you need is a list of sites that uses that = single sign on
service.
Geo.
"Rich" <@> wrote in message news:41e9f6c1@w3.nls.net...
There was an optional wallet service and you are right, =
this additional optional service could not be anonymous. You aren't =
comparing apples to apples if you include the people that made a choice = to
use this. Folks that wanted to be anonymous would not choose this.
Really, this argument is silly. I don't know you but =
too many people I know use the same password on the many sites that = require
them to register, whether they lie or not. Their intent is to = have something
that acts like single sign-in. Now I'm sure the people =
arguing against single sign-in here are not hypocrits and all use = distinct
unique usernames, email addresses, passwords, etc for each and = every account
they have. Don't you?
Rich
"Ellen K." <72322.enno.esspeayem.1016@compuserve.com> =
wrote in message news:ldqju0pdbclq8l54fbhi21220l86uibp28@4ax.com...
Well, if you only use Passport as a signin, yes. But =
there was a piece
to it where it would know your credit card information =
so when you used
it to log on to a site where you wanted to buy stuff you =
wouldn't have
to enter the credit card information. It would be =
impossible to use
that part and be anonymous.
On Mon, 10 Jan 2005 15:09:44 -0800, "Rich" <@> wrote in =
message
<41e30b2c@w3.nls.net>:
> I disagree. Passport is no less anonymous than =
other signin mechanisms. You are in control of the information you = provide
to create your signin. If you want to lie then lie.
>
>Rich
>
> "Ellen K." <72322.enno.esspeayem.1016@compuserve.com> =
wrote in message news:c5h4u0p76hl80msc3pis0v1puf9k7erkpn@4ax.com...
> I think he wasn't addressing services claiming they =
don't disclose...
> his message gave examples of people trying to be =
anonymous... but
> someone trying to be anonymous wouldn't use Passport =
(unless they were
> REALLY stupid) so I'm not quite following the logic =
either.
>
> On Sun, 9 Jan 2005 10:04:25 -0800, "Rich" <@> wrote =
in message
> <41e1720a@w3.nls.net>:
>
> > The fragment you chose to quote is interesting. =
How many services claim that they do not disclose info as required by = law?
> >
> > The rest is garbage.
> >
> >Rich
> >
> > "Mike N." <mike@u-spam-u-die.net> wrote in message =
news:e8b2u0hias1bdkdgbe34mf26snbcna0ov4@4ax.com...
> > On Sun, 9 Jan 2005 01:48:12 -0800, "Rich" <@> =
wrote:
> >
> > > If you mean to question what Passport is to =
Microsoft you should use Microsoft's claims about the service
> >
> > =
http://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033
> >
> > "NET Passport may disclose personal information if =
required to do so by law
> > or in the good-faith belief that such action is =
necessary to: (a) conform
> > to legal requirements or comply with legal process =
served on Microsoft;"
> >
> > This confirms the information I already had. A =
single signon is for
> > convenience, not security. Sure your ISP can see =
what you're doing. They
> > can initiate a wiretap when served by a subpoena. =
However there are many
> > people for which this won't suffice -
> > o terrorists who jump from Cafe to Cafe.
> > o commuters who use wireless internet services =
from Starbucks, at work,
> > airports, etc.
> > o Those who attempt to escape identity by =
wardriving from open wireless
> > to open wireless LAN.
> > Investigators would need to obtain subpoenas =
from thousands of ISPs to
> > cover all activities of a person. Alternatively, =
assuming that .NET is in
> > widespread use, they would just need to subpoena =
Microsoft to get a
> > complete profile of sites where a signon was used, =
and the IP
> > address/date/time they were accessed from.
> >
> > It still appears that if anyone gets your =
passport login, they can
> > assume your signon, just as if they are you.
------=_NextPart_000_009F_01C4FD95.A7FBD4B0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1479" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>sorry, <A=20
href=3D"http://www.whatsmyip.org">www.whatsmyip.org</A> was the site. As = for
the=20
mail server yes to both, I can create whatever alias I want on netlinks =
servers=20
and I have my own experimental servers for testing purposes (I even own = a=20
handful of my own domain names). As for nls.net, it would take a couple = pages
to=20
explain it but think of me as netlink's Paul Allen (without the health=20
problems).</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>You're probably right about online bank =
billpaying=20
but the user agreement goes far beyond anything I had to agree to in = order
to=20
open a checking account. I also agree with your "don't use it" attitude = but
it=20
would be rather difficult to purchase stuff online without either a = credit
card=20
or a bank.. <g></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>"Rich" <@> wrote in message <A=20
href=3D"news:41ec6f55@w3.nls.net">news:41ec6f55@w3.nls.net</A>...</DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT face=3DArial size=3D2> The credit card company =
knows what=20
the merchants tell them. Don't like this, don't use a credit =
card. =20
The problem existed well before the Internet and the Internet hasn't =
changed=20
it.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Banks letting you pay =
your bills is=20
nothing. If you wrote checks they got the checks. Don't =
like it,=20
don't use a bank.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Before you try to toss =
out more=20
examples, anyone you tell about yourself knows what you tell =
them. Don't=20
want them to know? Don't tell them.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> You don't need to go =
through a=20
proxy/cache to be tracked. I don't know why you referred to <A=20
=
href=3D"http://www.whatsmyip.com/">http://www.whatsmyip.com/</A>. = It
looks=20
like a junk search site.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> You own your own mail =
server? =20
Do you think you are in any way with a mile of typical?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> I thought that nls.net =
was your ISP=20
and not your personally. If you create your own email addresses =
in your=20
ISP's domain then you are even further from typical.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:41ec4fac@w3.nls.net">news:41ec4fac@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>Not true, yes an ISP can track you =
provide they=20
are your only connection to the net but lots of other places can =
track you=20
to different sites as well. Your credit card company can damn well =
tell you=20
where you have purchased stuff as can any other service that handles =
transactions for you. Bank sites where they let you pay all your =
bills from=20
one site is another example, I would imagine a single login service =
could=20
also track you across sites as can the big advertisers who have ads =
on lots=20
of the sites you visit.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>As for if I didn't work for the =
ISP, I still=20
would have an idea, there are tests you can do to see if you are =
going thru=20
a proxy/cache server (<A=20
href=3D"http://www.whatsmyip.com">www.whatsmyip.com</A> for example) =
and such.=20
When netlink was small I busted our upstream routing my machine =
different=20
than all the other machines on the same subnet, used traceroute to =
show=20
that. There are lots of other ways as well (some ping/syn tricks to =
find=20
some types of sniffers etc.)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>And yes, I run my own mail server =
and I make up=20
lots of alias for me specifically for shopping. For example right =
now today=20
if you send an email to <A=20
href=3D"mailto:shopping@nls.net">shopping@nls.net</A> I'll get it =
because I=20
used that alias for my christmas shopping this year and I haven't =
deleted it=20
yet.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:41ebf6ae@w3.nls.net">news:41ebf6ae@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> Only your ISP can =
track where=20
you go and what you buy without the sites you buying from selling=20
this info.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> If you were not =
employed by your=20
ISP you would have no idea whether or not they are tracking=20
you.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Doesn't Amazon use =
an email=20
address for sign-in? Do you create unique email addresses =
for all=20
such sites?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:41eba0f1@w3.nls.net">news:41eba0f1@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>My ISP doesn't track dns =
requests or sniff=20
traffic to see where people are going, granted some like AOL do =
keep=20
stats but the ISP I use could care less. My browser cache and =
history=20
are purged each time I end crazy browser as are my cookies. Like =
Ellen I=20
use different usernames and passwords at sites like amazon, my =
bank, my=20
credit card company, etc but I use the same username at sites I =
don't=20
care about like the NYT site and other stupid sites that require =
a login=20
for no apparent reason.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>The last thing I want is some =
service that=20
can track where I go and what I buy. I only accept this from my =
credit=20
card company because I have no other choice.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:41eaf6bc@w3.nls.net">news:41eaf6bc@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> No true. =
There is=20
plenty to betray you. Your ISP of course knows the sites =
you=20
visit as does anyone that can see even the small subset of =
traffic for=20
DNS resolution. Your browser's cache and history also =
serve this=20
purpose. There are plenty more.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> The attacker can =
also take a=20
different approach that is likely more effective anyway. =
Pick a=20
high value site and try the stolen IDs on them. Amazon =
may not=20
use single sign-in but you don't care because it does not=20
matter. Then try them again at Citibank. Then =
again at=20
whatever site you want. This approach will have more value =
then trying=20
to sign in at match.com using AOL's screenname service or =
Microsoft's=20
Passport, both of which it supports.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A=20
href=3D"mailto:georger@nls.net">georger@nls.net</A>> =
wrote in=20
message <A=20
=
href=3D"news:41ea4570@w3.nls.net">news:41ea4570@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>the difference between =
single sign on=20
and the practice of using the same username/password on =
multiple=20
sites is that with the single password there is no function =
to=20
betray the user. In other words there is nothing but the =
user to=20
connect all those sites together. With the single sign on, =
all you=20
need is a list of sites that uses that single sign on=20
service.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:41e9f6c1@w3.nls.net">news:41e9f6c1@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> There was an =
optional=20
wallet service and you are right, this additional optional =
service=20
could not be anonymous. You aren't comparing apples =
to=20
apples if you include the people that made a choice to use =
this. Folks that wanted to be anonymous would not =
choose=20
this.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Really, this =
argument is=20
silly. I don't know you but too many people I know =
use the=20
same password on the many sites that require them to =
register,=20
whether they lie or not. Their intent is to have =
something=20
that acts like single sign-in. Now I'm sure =
the people=20
arguing against single sign-in here are not hypocrits and =
all use=20
distinct unique usernames, email addresses, passwords, etc =
for=20
each and every account they have. Don't =
you?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; =
MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Ellen K." <<A=20
=
href=3D"mailto:72322.enno.esspeayem.1016@compuserve.com">72322.enno.esspe=
ayem.1016@compuserve.com</A>>=20
wrote in message <A=20
=
href=3D"news:ldqju0pdbclq8l54fbhi21220l86uibp28@4ax.com">news:ldqju0pdbcl=
q8l54fbhi21220l86uibp28@4ax.com</A>...</DIV>Well,=20
if you only use Passport as a signin, yes. But =
there was a=20
piece<BR>to it where it would know your credit card =
information=20
so when you used<BR>it to log on to a site where you =
wanted to=20
buy stuff you wouldn't have<BR>to enter the credit card=20
information. It would be impossible to =
use<BR>that=20
part and be anonymous.<BR><BR>On Mon, 10 Jan 2005 =
15:09:44=20
-0800, "Rich" <@> wrote in message<BR><<A=20
=
href=3D"mailto:41e30b2c@w3.nls.net">41e30b2c@w3.nls.net</A>>:<BR><BR>&=
gt; =20
I disagree. Passport is no less anonymous than =
other=20
signin mechanisms. You are in control of the =
information=20
you provide to create your signin. If you want to =
lie then=20
lie.<BR>><BR>>Rich<BR>><BR>> "Ellen =
K." <<A=20
=
href=3D"mailto:72322.enno.esspeayem.1016@compuserve.com">72322.enno.esspe=
ayem.1016@compuserve.com</A>>=20
wrote in message <A=20
=
href=3D"news:c5h4u0p76hl80msc3pis0v1puf9k7erkpn@4ax.com">news:c5h4u0p76hl=
80msc3pis0v1puf9k7erkpn@4ax.com</A>...<BR>> =20
I think he wasn't addressing services claiming they =
don't=20
disclose...<BR>> his message gave examples of =
people=20
trying to be anonymous... but<BR>> someone =
trying to be=20
anonymous wouldn't use Passport (unless they =
were<BR>> =20
REALLY stupid) so I'm not quite following the logic=20
either.<BR>><BR>> On Sun, 9 Jan 2005 =
10:04:25 -0800,=20
"Rich" <@> wrote in message<BR>> <<A=20
=
href=3D"mailto:41e1720a@w3.nls.net">41e1720a@w3.nls.net</A>>:<BR>><=
BR>> =20
> The fragment you chose to quote is=20
interesting. How many services claim that they do =
not=20
disclose info as required by law?<BR>> =20
><BR>> > The rest is=20
garbage.<BR>> ><BR>> =
>Rich<BR>> =20
><BR>> > "Mike N." <<A=20
=
href=3D"mailto:mike@u-spam-u-die.net">mike@u-spam-u-die.net</A>>=20
wrote in message <A=20
=
href=3D"news:e8b2u0hias1bdkdgbe34mf26snbcna0ov4@4ax.com">news:e8b2u0hias1=
bdkdgbe34mf26snbcna0ov4@4ax.com</A>...<BR>> =20
> On Sun, 9 Jan 2005 01:48:12 -0800, "Rich" =
<@>=20
wrote:<BR>> ><BR>> > > =
If you=20
mean to question what Passport is to Microsoft you =
should use=20
Microsoft's claims about the service<BR>> =20
><BR>> > <A=20
=
href=3D"http://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033">htt=
p://www.passport.net/Consumer/PrivacyPolicy.asp?lc=3D1033</A><BR>>&nbs=
p;=20
><BR>> > "NET Passport may disclose =
personal information if required to do so by =
law<BR>> =20
> or in the good-faith belief that such action =
is=20
necessary to: (a) conform<BR>> > to =
legal=20
requirements or comply with legal process served on=20
Microsoft;"<BR>> ><BR>> =20
> This confirms the =
information I=20
already had. A single signon is for<BR>> =20
> convenience, not security. Sure your =
ISP can=20
see what you're doing. They<BR>> =
> can=20
initiate a wiretap when served by a subpoena. =
However=20
there are many<BR>> > people for which =
this=20
won't suffice -<BR>> =
> o=20
terrorists who jump from Cafe to Cafe.<BR>> =20
> o commuters who use =
wireless=20
internet services from Starbucks, at work,<BR>> =
> airports, etc.<BR>> =
> o=20
Those who attempt to escape identity by wardriving from =
open=20
wireless<BR>> > to open wireless=20
LAN.<BR>> > =20
Investigators would need to obtain subpoenas from =
thousands of=20
ISPs to<BR>> > cover all activities of =
a=20
person. Alternatively, assuming that .NET is =
in<BR>> > widespread use, they would =
just need=20
to subpoena Microsoft to get a<BR>> > =
complete=20
profile of sites where a signon was used, and the=20
IP<BR>> > address/date/time they were =
accessed=20
from.<BR>> ><BR>> =20
> It still appears that if =
anyone=20
gets your passport login, they can<BR>> =20
> assume your signon, just as if they are=20
=
you.<BR></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE>=
</BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_009F_01C4FD95.A7FBD4B0--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|