News - Mozilla looks to BrowserID to simplify logins on the Web

Quote:

---

Lets websites offer logins without the need to ask users for a password.

---

Read more.

Am I the only one who thinks this Browser ID thing is a bad idea? I mean at the moment I have loads of different passwords of various complexity. But with Browser ID am I right in thinking you would for example use the same email and password for a number of sites? So what if the Browser ID list is hacked? The hackers now have access to all those sites I have registered on. Where as now because I use a different password for each site, if one is hacked it will not compromise the others. Have I got the right end of the stick here?

and why not let Sony host it? :surprised:

I think your security concerns are good ones, it does provide an easy way to access multiple accounts of yours provided they can crack your password. I've always kept different passwords for that reason.

I currently use LastPass which instead of replacing a password for every site you use, it just stores your data for each site. They use plenty of encryption which is way beyond my knowledge, all I know is that it is far more secure than what I used to have(browser password saves). I love the option for multi-factor authentication where you have a password and something else to verify your login(I use a simple GRID they provide for free). It has made my 50+ logins easier to manage, well worth it in my opinion.

Quote:

---

Originally Posted by AledJ

Am I the only one who thinks this Browser ID thing is a bad idea? ....

---

No, you're not the only one. I'll go further than that. I will not use it, and if it means changing browser, or sticking with old versions, I'll do that. So if Mozilla adopt this, it had better be optional.

In addition to your concerns, I'm NOT giving an outfit like Google access to the sites I visit, let alone potentially access to the logins. It ain't happening.

Quote:

---

with identities shared across browsers on different systems using cloud syncing solutions.

---

The cloud bit puts me right off. Any access to lists of my online activity is staying, as far as is possible, on my PC and I'm certainly not syncing it via the cloud. Big corporates already know far too much about us, and I don't trust Google, or any other large corporate, with than information any further than I can throw their corporate HQ. So I'm not making their data collection activities or warehousing any easier, and in fact, already work quite hard to keep my profile with them as low as possible.

Quote:

---

Mozilla is also keep to highlight the decentralised nature of BrowserID.

---

Also, JavasScript in the second paragraph.

Although this system is a good idea, it's definitely risky. There must be a better way to impliment it - maybe add a personal detail to it, e.g postcode, but that's only an example.

Quote:

---

Originally Posted by AledJ

Am I the only one who thinks this Browser ID thing is a bad idea?

---

No, you're not! It sounds like a terrible security risk to me, I know if I'd be thinking about banning it at work, wouldn't want people to be saving their passwords in it for the VPNs etc.

LastPass is much better solution, encryption, long passwords, generate random ones, and you can use Yubi Keys or the previously mentioned grids to authenticate.

Go check out w w w . roboform . com

This you can use as a cloud and log into any browser using aes256 bit encryption. Also, can be used on your home network or secure USB. So this isn't new.

Quote:

---

Originally Posted by Saracen

Big corporates already know far too much about us, and I don't trust Google, or any other large corporate, with than information any further than I can throw their corporate HQ.

---

This belief that Google actually cares about your information specifically is one which always baffles me. Why on earth are you important enough for Google to take interest in your information? If Google does anything with your info, it will just be aggregated with the info of millions of other users first.

@ Mattus

I agree but it still has implications for individuals as illustrated so well by this talk:
http://www.ted.com/talks/eli_pariser...r_bubbles.html

Quote:

---

Originally Posted by Mattus

This belief that Google actually cares about your information specifically is one which always baffles me. Why on earth are you important enough for Google to take interest in your information? If Google does anything with your info, it will just be aggregated with the info of millions of other users first.

---

Data mining and data warehousing is big business. It's been going on for years, and it's growing. Why do they care? For a start, because the revenues from advertising depend directly on how well targeted the adverts are, and how well-targeted they are depends entirely on what the company doing the targeting knows about you.

Think about it. A blind ad campaign is lucky if it results in 1 in 1000 sales. But if you're selling widgets, you'll likely get a FAR higher response if you deliver your ad to people known to be looking to buy widgets. You might get 1 in 100, or even 1 in 10.

So, it's about knowing as much as possible about as many people as possible, and about keeping it as current as possible.

Suppose your web-browsing activity shows you looking at baby clothes sites. Guess what adverts you'll get. Suppose you're looking at TVs, or car sites, or holiday companies. Guess what adverts you get.

This already happens, right now. But expand it a bit. Google (or whoever) builds up a profile. Next thing is it's being sold on as a profile, and you're getting mail drop through your door and telesales calls.

And you're missing the point if you think I think this happens to me because I'm in any way important. It's happening to anyone and everyone, and it'll only get worse the more you let companies like Google know about you. That's what data-warehousing and data-mining are all about. You can take a vast morass of apparently unrelated data, and if you've enough of it, you can draw a remarkably broad, deep and accurate profile of people's lives, and that is important, because it add value to data sales, or even just to ad targeting people pay companies like Google to do for them.

It's not about any of us, individually, being important. I don't think some Google executive arrives at work every morning and inspects their records to see where I've been browsing, or what sites I've logged on to. It's not about that. It's about the phenomenal power of computers to analyse database contents and draw information and trends out that simply would not be visible form a manual look.

What do you think store reward cards are all about? Superficially, it's about maintaining customer loyalty. But that's really just a good cover story, and the flaw is that it might work if one company did it, but it falls over when, as has happened, they all do it. What it's actually about is primarily data acquisition.

And personally, I don't want Google, or Tesco, Sainsbury, BT, GSK or any of these big companies holding any more data about me than I can help. Or, for that matter, government agencies.

Maybe you're happy for them to have all this data, and to use it. Maybe you're happy to get targeted browser ads, junk mail through your door or even telesales calls at home. If so, fine, that's your right. But I'm not. That's why I don't use store reward cards, for instance, and for the most part, pay cash rather than even use credit/debit cards.

You can't entirely avoid get data profiled. You can, however, reduce the extent and impact and I do, whenever and wherever I can.

Quote:

---

Originally Posted by Saracen

You can't entirely avoid get data profiled. You can, however, reduce the extent and impact and I do, whenever and wherever I can.

---

Result: you receive adverts about stuff you *really* don't want ;)

Obviously not being serious above, but really, what is all that bad about getting adverts for stuff you're more likely to want? For instance, in the case of daytime TV, I really don't need a short-term loan, or to sue anyone. I'd probably watch TV more often if the adverts were less annoying and instead tried to sell me gadgets I was at least vaguely interested in.

Quote:

---

Originally Posted by Fraz

Result: you receive adverts about stuff you *really* don't want ;)

Obviously not being serious above, but really, what is all that bad about getting adverts for stuff you're more likely to want? For instance, in the case of daytime TV, I really don't need a short-term loan, or to sue anyone. I'd probably watch TV more often if the adverts were less annoying and instead tried to sell me gadgets I was at least vaguely interested in.

---

Profiling is about more than that. So much more than that.

On the advert subject, I don't want adverts, PERIOD. But TV adverts are voluntary in the sense that you don't have to watch TV, and you sure don't have to watch it "live". And in fact, very rarely do I watch it live. I record nearly everything and de-advert it first, or at the very least, watch it on catch-up and skip the adverts. Why? Because the blasted adverts wreck my enjoyment of whatever I'm watching. It wreck the mood and destroys the illusion because it makes it disjointed.

That's TV adverts. But what about the rest? I don't want junk though my door, and I most emphatically don't what to be pestered at home by phone calls or, worst of all, knocks on the door. Any junk coming through my door involves me in wasting time by, first, sorting out the crap from the actual mail, and then dealing with the crap, whether that be removing name/address labels or simply going backwards and forwards to the recycling bin. Whatever, it all adds up, a little at a time. And as for phone calls, they really annoy me.

So, the more data someone has on you, the more of a profile they build, and the more of a profile they build, the more valuable that info is to advertisers, thereby increasing the chances that you get targeted. The higher the match between you and the advertisers target demographic, the more it becomes worth spending to target you, perhaps up to and including door knocks.

But what about other possibilities for the use of data profiling. What you do, where you go and what you buy can tell advertisers a lot about you, such as whether you've got kids, or what your hobbies are. What if that information were accessible to your employer, or future employer? Or to insurance companies, and so forth. Perhaps that future employer might not like the notion that some physically dangerous hobby is a passion, and that might cost you a job. Or it might jack up your insurance premiums.

The point is that vast amounts of data can be plumbed to draw insights into your life that corporates have no justification for knowing,and there's no knowing what it's being used for now, let alone what it'll be used to in 10 or 20 years time. And every little nugget that gets added to that morass of data just makes that data mining more accurate, and more valuable.

It's an entirely personal thing, of course. Maybe you like adverts, and junk mail. Some people, apparently, do. Maybe you don't mind mindless corporations having such "files" on you, to be used for their exploitation? But I do. All I want from such corporations is to be left the hell alone. If I want their products or services, I'll find them. Otherwise, I do not want to be pestered by them.

The only way I can see to be "left the hell alone" is to do everything I reasonably can to not feed the dragon. I certainly deny them any data I possibly can, and I certainly won't sell it to them for a few quid a year in coupons from "loyalty" cards. Hence, I won't use Tesco (etc) cards, and won't give either Google or Mozilla any more information than I can help.