Security and privacy on the Internet? There MUST be a better way!
Looks like Account Chooser is run by OpenID, which is run by people from not just Google but peeps all over the place like Microsoft, Symantec, AOL, Verizon, the list goes on:
Also, no fucking thanks.
There's no such thing as "run by" OpenID. OpenID is a protocol, like HTTP or email. See my comments below.
This has been an opt-in "feature" for a couple of years now, but I guess people were ignoring it, so for the last few months Google's been pushing the Account Chooser mighty hard. This may not be an issue if you're only using one account on your own device, or are working with Android/ Chrome (you've got to assume everything you're doing is already part of the Google cyber-mind with either of those services), but I've been trying to help some old Vietnam vets get hooked up to the internet on a work computer, and it's a bitch trying to keep their identities separate and private. Oh, and Google seems to have gone back to their hardcore anti-Nym stance, which seems to change as regularly as the tides; they were locking one of the guys out of his account, because his brand-new email identity had his first name listed as "Ed", rather than the Panopticon-approved "Edward". Of course, MY real name, as far as Google knows, is still "Ninja Rainbow Dash".
FUCK. Sorry, I know I'm starting to rant, and I know this isn't really a new problem, as Google loves tracking things you do even when you're not using their services, but it's very fucking annoying and I wish Google would get hit with an anti-trust lawsuit that actually sticks.
There's also this, which I thought was kind of interesting:
It's a power point slide from an internal Google Workshop, where a man named Eric Sachs discussed this wonderful little service that will help us all along to the new happy Eden of digital feudalism. Eric Sachs (more like BALLSACHS amirite) even has his own corporate bio:
... which is neatly summed up in the following excerpt:
"My career is focused on getting more technology moved into a "software as a service" model, both for enterprises and end users. I generally find that identity/security/trust issues are large barriers for that goal, and so historically I have mostly focused on those issues."
Dear Eric Sachs: fuck you.
Oh, and I'll be damned. I think the voice on this video is Eric Sachs himself.
"Adoption increases confidence" is all I need to see.
George Orwell's screaming spectre just vomited in my mouth.
"When do we start shaming sites for using passwords?"
Fuck, this makes me wish poeTV would make you log in to even view it.
Well, "Identity Provider" is an absolutely horrible new idea I'm now aware of.
Microsoft tried to implement something almost identical to this over a decade ago, called Passport. Internet people laughed at it and said no one on the internet would ever want to appear online under one identity tied to their real name. The feature was pared back and most websites didn't bother adding the functionality.
The only difference with Google is that they didn't bother with a PR campaign and just went ahead and did it. It's an effective tactic. See also: Comcast turning every customer's home router into a public wifi hotspot.
Why do so many people want to kill internet anonymity? Like seriously, as an internet user, what disadvantage are you at being anonymous?
No one knows who's getting all those like votes!
Y'all need to learn what OpenID is about. It's an open protocol that allows single-signin, and you can run your own identity provider like SimpleID. It's a very simple protocol for decentralized authentication, and it's very nice to have support for it, especially since it means not having a billion places that have databases of passwords to get hacked and decrypted and whatever.
I've been using OpenID for years (on my own self-hosted OpenID provider) and I love that it's finally getting traction.
Obviously if you can't trust your OpenID provider you don't want to use it but the great thing is that you actually have a choice in the matter.
oh and there's nothing about OpenID that requires that it be a single traceable identity or whatever. The OpenID provider I use (SimpleID, hosted on my own webhost) tells me exactly what information is being requested and allows me to choose which information gets passed along, and I can set up as many throwaway identities as I want.
The problem is, we *don't* have a choice in the matter - anyone who uses Gmail is being automatically enrolled in Google's OpenID service. Most people aren't even aware this being done, and it's very difficult (currently impossible?) to opt out; the few methods I've found either don't work due to Google's constantly changing policies and protocols, or get reverted every time you sign in with a new ID. If this was strictly voluntary, AND the service was being hosted by someone more trustworthy than Google (such as yourself, fluffy), I might not mind. But it isn't.
Anyway, this is one of your fields of expertise and I'm sure you know a hell of a lot more about OpenID than I do. I'd love to be corrected on this, fluffy, so when you say
"oh and there's nothing about OpenID that requires that it be a single traceable identity or whatever"
...do you mean that there is nothing inherently traceable about the OpenID protocol itself , or do you mean that that *the way it is being implemented by Google* does not create a single traceable identity? Because it seems to me that, regardless of the possibilities for using OpenID in a noninvasive manner, establishing a single traceable identity is precisely what Google is doing. Am I wrong in assuming that Google has access to our own individual lists of linked accounts?
Oh, I wasn't addressing Google's auto-coalescing of accounts - that's pretty skeevy, but I also don't think they're using OpenID to do it on the backend. My comment was just in response to people getting afraid of OpenID just because of the fact it exists.
If you do use the same OpenID URL on multiple sites then those sites could theoretically link you together, but that's no different than using the same email address on multiple sites (or browsing from the same IP address, even).
Admittedly, the purpose of OpenID was originally to make it easy to have one public identity everywhere, like for posting on a bunch of different forums and blogs and shit. You know, things you're already doing in public anyway. There's nothing about OpenID itself that causes multiple-identity coalescing to occur, and the protocol doesn't make it any easier than it already was.
Also, a lot of things provide OpenID, but you don't have to use it on third-party sites. AOL, LiveJournal, WordPress.com, and a bunch of other things all provide OpenID. But an OpenID profile existing doesn't mean that it's going to get used - it's purely an opt-in mechanism.
| Register or login To Post a Comment|