Conspiracy lurks in every nook and cranny. No, we’re not talking about re-runs of The X-Files here. If you were to believe Microsoft’s critics, you are in danger of losing control of your personal information (much less your identity) to the Evil Empire when you choose to use Windows XP’s bundled Passport service.
Passport is a core piece of Microsoft’s .NET strategy. Anyone who uses Hotmail, MSN Messenger or the MSN Explorer has a Passport. This serves as a single sign-on for interactions with any company that requires Passport-based authentication.
If the grand scheme of things works in Microsoft’s favour, soon you will only need to authenticate once with the Passport server and you can surf from one Passport-enabled Website to another without having to log in again.
This is where Passport’s detractors claim will make you vulnerable to identity theft. Passport might be of great convenience to users, but a worm, Trojan horse, or other malicious code that frequently targets Windows machines could easily nab your sign-on information. Worse of all, since Microsoft is tying its Wallet service to the Passport, hackers and thieves could very well steal your credit card information and spend your money on your behalf.
Which is why the Liberty Alliance Project has been conceived with the explicit purpose of challenging Passport. Backed by Sun Microsystems, Liberty marked another showdown between the industry’s two bitterest rivals.
To date, the alliance has drawn membership from heavyweights such as General Motors, Bank of America, Cisco Systems, Nokia, Sony, and RealNetworks. The line-up is sufficient to impress most sceptics, but does it have a business case in the making?
Even within its ranks, there are signs that some companies are simply betting on two horses in case one of them doesn’t make it to the finish line. eBay and VeriSign, for instance, are both members of Liberty as well as partners of Passport.
VeriSign, in particular, appears to be a dark horse in the authentication feud. As many of you are aware, the Mountain View, California, company offers authentication, validation and payment services along with domain-name registration services. With its acquisition of Illuminet Holdings and the opening of a Trust Hub in Singapore through its Asian affiliate (TrustAsia), VeriSign seems poised to establish itself as an Internet trust player.
Whereas Passport is already an established service with more than 160 million user accounts (according to Microsoft), the Liberty alliance has yet to iron out a road map for how its system will operate.
Unfortunately, Microsoft-bashing has become such a chic pastime for many people that some simply jump onto the bandwagon without realizing where they actually stand behind all those issues.
Perhaps Microsoft is indeed the Evil Empire, but I am no Skywalker myself. Hence I’m in no position to wield my moral lightsabre at the software giant. The same goes for companies that compete (often aggressively) against Microsoft – whether they are named after a star, a fruit, or some kind of exclamation. The bottom line is: They are all going after one of the Holy Grails of online computing – the digital ID.
Either way, there is always a significant risk in every activity – online or offline – that we perform. You can say as much about the possibility of your credit card being forged behind the cashier’s counter. So quit whining and get on with it.
I’m just afraid that Microsoft, or for that matter, any other company that manages my personal information online, may end up spamming (or whatever you call it – “targeted advertising?”) the wrong guy for the wrong purpose.
Put it this way: How many of you have never lied about at least one category of information (age, income, education level, owned car/property/credit card) when filing out Web forms? To be honest, the only piece of information I have never consistently faked (at least not successfully) is sex (i.e. gender, not how many times).
In the end, I decide what kind of information about me goes online and which service provider I choose to use. The decision will not be based on how secure a company claims its system is. After all, name me one protected site that you think is hack-proof and I’ll find you three sites that publish the crack or ways to hack it.
Now, if you’ll excuse me, I’m going to create another profile on the Internet.