Langa Letter: The End Of Anonymous Surfing? - InformationWeek
Software // Enterprise Applications
10:18 AM
Fred Langa
Fred Langa
[Cybersecurity] Costs vs. Benefits
Feb 28, 2017
This online event, hosted by the editors of Dark Reading, brings together IT security leaders, bus ...Read More>>

Langa Letter: The End Of Anonymous Surfing?

Microsoft's Passport and its competitors are making it harder than ever for computer users to keep a low profile, Fred Langa says.

AOL's 'Magic Carpet' And Sun's 'Liberty Alliance'
Sensing a danger in letting Microsoft set itself up as a primary gatekeeper of E-commerce, AOL Time Warner and Sun Microsystems each independently revealed their own versions of Passport: AOL's is called Magic Carpet and Sun's is called the Liberty Alliance.

There are differences among and between these services, but they share the same broad conceptual framework. And, to my mind, they all share the same fundamental flaws. They're asking us to entrust them with private data that has absolutely nothing to do with our specific dealings with these companies, and to place this data under their control in centralized locations that will surely be irresistible targets for crackers.

I have to ask why. Why should we trust them? Why should we trust that any of these companies can keep our personal information safe from bugs, hackers, incompetence, and malicious misuse?

Passport, Magic Carpet, and Liberty Alliance are marketing tools in search of an user problem where none really exists. There already are plenty of methods for automatically logging on to sites and automatically filling out forms. Nothing has to be stored in any offsite central database, nothing has to be entrusted to any remote third party. For example, you can employ a simple free tool such as Roboform, under your local control, behind your firewall, where you can monitor its safety and security and control exactly which sites get what information. It and other similar form fillers and password keepers are simple, safe, easy, and free.

Using a local password keeper/form filler also lets you have a different username/password combination at every site. That's a huge benefit, because a security problem with any one name or password won't affect a whole cluster of sites.

So, what's the problem here? Why do we need Microsoft, Sun, or AOL stepping in to take over this simple, yet sensitive, function?

Call me a cynic, but I can think of no significant user benefit from any of these centralized login services. In fact, the only real beneficiaries I see are Microsoft, AOL, and Sun.

What's your take? Is Fred too cynical? Does the benefit of a single login/password offset the potential problems? If you dislike Passport, what about Magic Carpet and Liberty Alliance? Will P3P solve the problems of login insecurity? Do you use a locally running form filler/password keeper; if so, which one, and what are its plusses and minuses? Join in the discussion!

Additional Resources

3 of 3
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll