[EMAIL PROTECTED] wrote:
VO,
Perhaps they need a centrally administered site across the web, some kind of
extra-national thing providing bona-fides for web interactions. One would
register with conventional documents such as drivers license, passport etc.
and you'd log on to it (some generated bit string unique to oneself) before
doing any secured site surfing to say you are currently on the net, the
secured site would then quiz it to find out who you were no matter what the
moniker?
Just a guess without thinking things through. A sort of centralised
repository of names, webs, computer serial numbers etc. If you don't sign
up, you don't play.
Um ... wouldn't this make identity theft awfully easy?
How would you feed it the "generated bit string"? If it's secure, it's
too long to type by hand, and a program would have to do it for you.
Now suppose your system picks up a Trojan horse that just knows how to
sniff for those bit strings ... oops.
Even worse, assume for a moment that the central system's security isn't
perfect, and somebody makes off with a snapshot of the database...
Also keep in mind that every real-world financial database which
requires an ID of some sort also has a back door, because losing the key
could be a disaster otherwise. Mother's maiden name plus last four
digits of your SS number is the most common one. So, if someone got a
copy of the central database, they could get into all the accounts using
the back doors, whether or not there was a whizzbang public/private key
supposedly keeping it all buttoned up.
Central identity databases of any sort are scary. That's one reason
states and colleges don't (or can't) generally force you to use your SS
number as your driver or student ID number.
Sleepy and dozy at the moment so point the flaws out please. Might be back
Tuesday.
Remi.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of William Beaty
Sent: 17 December 2005 04:11
To: [email protected]
Subject: Re: Correa attacks Wikipedia
On Fri, 16 Dec 2005, Rhong Dhong wrote:
At the moment then, requiring an email address to be
confirmed may not mean that the subscriber can be
traced.
Where anonymity is banned (or where money is involved,) some places refuse
to honor yahoo.com email addresses or other free email services for
confirmations. Then you have to search for a free email service which
the forum owners haven't added to their exclude list.
Sometimes they ban fee-for-service email addresses like PObox, as well.
And then I ban them and take my money elsewhere.
