Grab them eyeballs! Any cred at all!

Want to deeply understand how OpenID would make our lives better on social networks? Check out this piece by Dare Obasanjo, a program manager within Windows Live.  But be prepared to be jolted.  According to Dare, there is indeed a promised land, but we won&#39t be allowed into it.

Dare is responding to Wired&#39s Slap in the Facebook:  It&#39s Time for Social Networks to Open Up.  He talks about the common-sense economics of identity, then asks why “there seem to be more OpenID providers than there are consumers”, concluding:

Why would Facebook implement a feature that reduced their user growth via network effects? Why would MySpace make it easy for sites to extract user profile information from their service? Because openness is great? Yeah…right.

Openness isn’t why Facebook is currently being valued at $6 Billion…

Dare&#39s explanation of how the big web properties see things is spot on.  But are they right? 
Continue reading

Digital gifts for my digital birthday

When I do a telephone transfer at my bank, they ask me to prove I&#39m legitimate by giving them a few pieces of information – including my birth date.  I also know that by combining birth date, surname and zip code, marketers can uniquely identify almost the whole population.  To my way of thinking, this puts it in the same class as a social security number, and I&#39m careful about who I give it to.

So when signing up for Facebook I didn&#39t consider for one moment the idea of publishing my natural birth date.   Nor did I read the terms of service.  If sites hide away their terms of service, I figure that means they don&#39t expect me to read them anyway. Continue reading

Dynamite interview with Latanya Sweeney

Scientific American has published a must-read-in-its-entirety interview with Carnegie Mellon computer scientist Latanya Sweeney. She begins by showing that privacy is not a political issue, but an animal need:

“We literally can&#39t live in a society without it. Even in nature animals have to have some kind of secrecy to operate. For example, imagine a lion that sees a deer down at a lake and it can&#39t let the deer know he&#39s there or [the deer] might get a head start on him. And he doesn&#39t want to announce to the other lions [what he has found] because that creates competition. There&#39s a primal need for secrecy so we can achieve our goals.”

Then she ties privacy to human ontogenesis – again, a requirement for the existence of the species: 

Privacy also allows an individual the opportunity to grow and make mistakes and really develop in a way you can&#39t do in the absence of privacy, where there&#39s no forgiving and everyone knows what everyone else is doing. There was a time when you could mess up on the east coast and go to the west coast and start over again. That kind of philosophy was revealed in a lot of things we did. In bankruptcy, for example. The idea was, you screwed up, but you got to start over again. With today&#39s technology, though, you basically get a record from birth to grave and there&#39s no forgiveness. And so as a result we need technology that will preserve our privacy.

Continue reading

Linkage with CardSpace in Auditing Mode

As we said here, systems like SAML and OpenID work without any changes to the browser or client – which is good.  But they depend on the relying party and identity provider to completely control the movement of information, and this turns out to be bad. Why? Well, for one thing, if the user lands at an evil site it can take complete control of the client (let&#39s call this “extreme phishing”) and trick the user into a lot of evil.

Let’s review why this is the case.  Redirection protocols have two legs.  In the first, the relying party sends the user’s browser to the identity provider with a request.  Then the identity provider sends the browser back to the relying party with a response.   Either one can convince the user it&#39s doing one thing while actually doing the opposite.

It’s clear that with this protocol, the user’s system is “passive”. Services are active parties while the browser does what it is told.  Moreover, the services know the contents of the transaction as well as the identities and locations of the other service involved.  This means some classes of linkage are intrinsic to the protocol, even without considering the contents of the identity payload.

What changes with CardSpace?

CardSpace is based on a different protocol pattern in which the user’s system is active too.  Continue reading

Burton Group reports on user-centric interop

The Burton Group has posted its evaluation of the user-centric interopathon held at this year&#39s Catalyst. The analyst is Bob Blakley, now with Burton and previously chief scientist for Security and Privacy at IBM Tivoli Software. 

Bob writes, “Prior to the event, there were some specifications, one commercial product, and a number of open-source projects.  After the event, it can accurately be said that there is a running identity metasystem.” Continue reading

The Biometric Dilemma

Vision researcher Terrence E. Boult has identified what he calls the “Biometric dilemma” – the more we use biometrics the more likely they will be compromised and hence become useless for security.   

This is a hugely important observation – the necessary starting point for all thinking about biometrics.  I&#39d even call it a law.

Terrence was responding to a piece by Sean Convery that picked up on my post about reversing biometric templates.  Terrence went on to call our attention to more recent work, including some that details the reversibility of fingerprint templates. Continue reading