Special Edition Using Microsoft Windows Vista: Chapter 15, Using Internet Explorer 7

Getting a Microsoft Live ID

In past years, Microsoft required the use of Microsoft Passport to access several of their sites and services. With the release of Windows Vista and 2007 upgrades to other Microsoft products (such as Microsoft Money) and Web services (such as Windows Marketplace), Microsoft is rolling out the upgrade and replacement for Passport: Live ID. If you already have a Hotmail or MSN email address, you already have a Live ID. If not, you can get a Microsoft Live ID simply by signing up for a free Hotmail address at http://www.hotmail.com.

As with Live ID's predecessor, Microsoft Passport, some might be understandably concerned that Live ID is yet another way Microsoft is trying to invade our space and privacy to increase its profits. You can minimize the effect by entering the bare minimum of personal information when you sign up for a Live ID. We were able to sign up using a single letter for a first name and last name. You also must enter a birth year and a ZIP Code, but the Microsoft stormtroopers are not going to knock down your door in the middle of the night if you don't enter it truthfully.

Hey, Who's Afraid of Microsoft Live ID?

The Microsoft Live ID makes it easy to sign on and purchase items and services from a growing number of sites affiliated with (read: "owned by") Microsoft. Because people struggle to remember all their passwords, the idea of using a simple Live ID that stores your username, password, credit card info, and so forth, and promises to effortlessly log you on to all kinds of websites and services, might sound pretty alluring. I mean, I forget my passwords all the time, don't you? In fact, I keep a Notepad file on my computer of nothing but my passwords. If I don't have access to this file when I'm traveling and I want to purchase a plane ticket, I'm out of luck because I can't remember how to log in to Travelocity. (Of course, I keep this file in an encrypted file folder running under Windows Vista, so it's not going to be easy for someone to liquidate my IRA. After the "substantial penalty for early withdrawal," it's not going to amount to that much anyway.)

However, Live ID isn't all it's cracked up to be. In fact, it's a lot less. If you were concerned about cookies, you'll really be scared of Live ID. As mentioned earlier, cookies are small text files stored locally on your computer that contain information about you. When you go to a website that uses cookies, the web server and your computer agree to exchange information based on what you do on the website. Suppose you set up an account at Jack's Pizza with your name and address, or just that you like pepperoni pizza. The information you give to that site, along with possibly when you viewed the site, what you purchased, and what server you were coming from, will be stored in the cookie. The idea is to make it easier for the site to recognize you the next time you visit. This is why you can go to some sites and the web page says "Hi Karen!" It simply looks in your cookie directory on your hard disk (the cookie jar) and looks for the one it stored there. It opens the cookie, sees that your name is Karen (because you typed that into its site the last time you visited), and then displays it. It also knows that last time you bought an extra-large pepperoni pizza and a bag of fries. This time it automatically suggests an extra-large pepperoni pizza and fries. Neat. Convenient. It's like going into your favorite restaurant, and the waiter knows what you like.

The important point to remember is this: The agreement is that this information is transacted only between you and the website you're visiting. You have some privacy of information. Jack's Pizza's web server is not talking to Jill's Soda Pop Company's web server and then generating email to you trying to sell you a soda to wash your pizza down with. (Okay, maybe you want a soda with your pizza, so it's not a bad idea. But it can get out of hand. Keep reading.)

The idea of Live ID is totally different. Although it contends otherwise, I don't think Microsoft is just trying to offer a better user experience on the Web by offering you a Live ID to keep your passwords and other information all tidy. With Live ID, you sign on in one place--essentially, Microsoft--even if you're clicking the Sign In Through Live ID link on your favorite website. Really, you're signing in at Microsoft's Live ID, which, in turn, links you back to the site you wanted. Then you start hopping around among sites. Although most of the Live ID sites are now MS sites such as Hotmail, they hope to entice other vendors to become Live ID enabled. (With any luck on Microsoft's site, Jack and Jill will both fall down this slippery slope.) When that happens, the web servers are linked to one another. Garnering lots of valuable customer information (such as your buying patterns, net worth, geographical location, age, sex, hobbies, medical history, and other such private info) can be easily aggregated into one large database. Do you think that kind of information is valuable? You bet it is, and Microsoft knows it!

Let's consider some examples. Log in to the MSN Money site (moneycentral.msn.com/home.asp) and look in the upper-right corner. There's a Sign In link for Live ID. Suppose you're buying a house, refinancing your current one, or buying a new car through a Live ID-affiliated site. It is possible, using today's technology, that the selling agent can determine your net worth by checking your portfolio on Investor.com and bargain harder with you. I'm not saying this is currently happening, but it's possible. In fact, this kind of thing actually happened with Amazon, which raised its DVD prices for people who regularly bought DVDs from them. The practice was based only on cookies (and was stopped after customers discovered what was going on).

If you want to read that story, here's a brief quote and URL: "Amazon charging different prices on some DVDs." http://www.computerworld.com/industrytopics/retail/story/0,10801,49569,00.html

In essence, the idea of cookies being private is being circumnavigated by Live ID. What's particularly scary about all this is that there is one entry point (or gatekeeper) to all Live ID sites--Microsoft. Over time, look to see more sites (and even IE itself) incorporating Live ID. I think we should be wary of the aggregation of information about us and should not allow that information to be passed around freely among corporations. Even umpteen-page-long privacy statements can't protect you when a web company goes bankrupt and the court orders sale of its valuable database with your buying patterns or other private information in it.