The end of passwords - for sure, but when?

My first blog post "How to create better passwords - why bother?!" back in December, 2005, tried to briefly summarize my thoughts and comments I've been making on the most commonly accepted way of identifying yourself - passwords.

Bill Gates did a commentary on the issue, note where, at the RSA Conference, perhaps the company that's most actively building awareness on the potential/need for two-factor authentication, or anything else but using static passwords for various access control purposes. Moreover, it was again Bill Gates who wanted to integrate the Belgian eID card with MSN Messenger (Anonymity or Privacy on the Internet?) Microsoft are always reinventing the wheel, be it with antivirus, or their Passport service, and while they have the financial obligations to any of their stakeholders, I feel it's a wrong approach on the majority of occasions.

What I wonder is, are they forgetting the fact that over 95% of the PCs out there, run Microsoft Windows, and not Vista, and how many would continue to do so polluting the Internet at the bottom line. My point is that MS's constant rush towards "the next big thing" doesn't actually provides them with the resources to tackle some of the current problems, at least in a timely manner. What do you think? What could Microsoft do to actually influence the acceptance of two-factor authentication, and moreover, how feasible is the concept at the bottom line?

Technorati tags :
security, microsoft, authentication, passwords

What search engines know, or may find out about us?

Today, CNET's staff did an outstanding job of finding out what major search companies retain about their users. AOL, Google, Microsoft and Yahoo! respond on very well researched questions!

Whatever you do, just don't sacrifice innovation and trust in the current services for misjudged requests at the first place from my point of view.

At the bottom line, differentiate your Private Searches Versus Personally Identifiable Searches, consider visiting Root.net, and control your Clickstream. You can also go through Eric Goldman's comments on the issue and his open letter regarding Search Engines and China.

As a matter of fact, I have just came across a very disturbing fact that I compare with initiatives to mine blogs for marketing research, EPIC has the details on its front page. It was about time a private entity comes up with the idea given the potential and usability of the idea. Could such a concept spot, or actually seek for cyber dissidents in restrictive regimes with the idea to actually reach them, besides mining for extremists' data? I really hope so!

Technorati tags:  

Privacy, search engine, Google, Yahoo, MSN, AOL

The Feds, Google, MSN's reaction, and how you got "bigbrothered"?

There's still a lot of buzz going on, concerning which search engine provided what type of data to law enforcement officials, and the echo effect of this event resulted in waves of angry end users, that among feeling "bigbrothered", now have yet another reason to switch back to Google, simple. MSN's silent reaction to this is the worst thing they could do given how actively they're trying to catch-up on search traffic. What did they provide anyway?

"Specifically, we produced a random sample of pages from our index and some aggregated query logs that listed queries and how often they occurred. Absolutely no personal data was involved. With this data you :

CAN see how frequently some query terms occurred
CANNOT look up an IP and see what they queried
CANNOT look for users who queried for both “TERM A” and “TERM B”

So picture, the following, "someone" requests his name, his friends' names, physical locations giving clues on possible area and while it isn't personal information(exact names, address etc.) it is personally identifiable one! If it happens once, it would become a habit, my point is that aggregating search info on ECHELON's wordlist is so realistic that you need a company to say NO, and evaluate the reactions of the others. The best thing is that I'm sure the majority of adult entertainment seekers don't need to take advantage of Echelon's Trigger Words Generator :)

Why you don't need to issue a subpoena to find out what's hot in the online porn world?

- take Google's advice into consideration, or start using Overture's keyword selector tool
- now ensure you have the most popular porn related keywords, and if in doubt, consult with an "insider" who would be definitely aware of what's hot, and who's to keep in mind
- use the first 20 pages from each popular search for your sample, these get the majority of traffic
- do a little research over Alexa to further back up your statements, and even use Google to measure the relative popularity of the first site that pop ups when you search for porn.
- ensure you have first consulted with traffic aggregators or paid reports on who's who online
- make sure before going online, another distribution vector so to say, the iPod is taken care of
- envision what's to come in the future, and mostly the interest and the social implications of these issues
- now, come up with ways to restrict children from using these going beyond the usual "But of course I'm over 21 years old" terms of use

What's to come up in the future? In one of my previous posts "Still worry about your search history and BigBrother?" I pointed out the possibilities for Search engines regulation and P3P, but the current self regulation is simply not working anymore.

Further resources on the topic can be found at :

Lorrie Cranor's Searching for Privacy : Design and Implementation of a P3P-Enabled Search Engine
PrivacyBird
An Analysis of P3P-Enabled Web Sites among Top-20 Search Results
Protecting Your Search Privacy: A Flowchart To Tracks You Leave Behind
Using search engines data, Google and forensics - clip

Technorati tags :
privacy,search engine,google,MSN,surveillance,porn

Image originally uploaded at Flickr by villoks