US gov sites embrace GooHoo instant logins Hoping to make it easier for American citizens to log into and use federal web sites, the US government has embraced not one but two digital identity standards: OpenID and InfoCard. Today, the nation's (first) chief information officer, Vivek Kundra, announced a pilot program that will let you log into a handful of government …
I don't like the idea that someone with access to one of the sites that the SSO system is used on being able to simply spoof my credentials and becoming able to read my records from the DoD, NSA, FBI or IRS (All organizations I contracted for or given a large sum of my paycheck to). These things are far more important than the convenience of being freed from memorizing a separate set of credentials.
SSO systems are only good for trivial things, such as allowing me to use the same creds to log into my Hotmail account and my TechNet and MSDN subscriptions. None of which contains anything highly sensitive, and most of the info is false.
This is just foolish, rather than the Government tracking your every move (As is the case in of the UK) the US is moving to where now big business can do so. Despite what they say, companies WILL monetize your information (Particularly advertising companies such as Google)
Call me paranoid, but this is how it happens, they take away little pieces of your privacy at a time and you will one day wake up to find that your every move is being tracked in order to sell you something, or even worse, to keep you in line when they grow bored of just controlling markets and move to controlling entire peoples and the destiny of the human race, to become gods.
My personal feeling is that a person willing to give freedom for security deserves neither, but a person willing to give up their personal identity for convenience deserves nothing.
I have always maintained separate credentials for talking to government websites because I don't trust them enough to not take the opportunity at some stage to go fishing around my other on-line activities. Of course, they've probably already acquired my existing logins through a bit of net snooping, but why make it too easy for them?
An OpenID is a virtual ID card, and its a smoke screen cover for yet another way to gathered yet more data on each of us.
"This is just foolish, rather than the Government tracking your every move (As is the case in of the UK) the US is moving to where now big business can do so"
The difference between government and government contracted companies is a very narrow difference, just as the difference between government contracted companies and government friendly companies is very narrow. They all work together to achieve their goals and their goals are always ultimately at their core, the same goal, i.e. Seek some way to gain control over some part of peoples lives, then seek to profit from having that control. That applies to governments and it applies to big businesses.
The whole concept of ID cards works in this way. Convince enough people (sheeple) to use the cards and these sheeple are then corralled into leaking their data into a standard system of monitoring, then the people in control of the monitoring system seek to profit from all the monitoring. If that isn't bad enough we are also accelerating towards a consolidation of all monitored information on us all. We have more information gathered on us all than ever before and every day the spying on us in increasing. Yet as we all know, ultimately knowledge is power. Therefore the ability to track us all with ID cards is very powerful and that power will be sought by governments and companies.
Technology it seems is opening up a Pandora Box of trouble for us all. Its very good at gathering and processing information, and so the governments and companies are seeking to exploit it ever more. The problem is the very act of seeking power over other people is also the act of removing some power from the people being ruled over. Therefore with ever greater amounts of knowledge being sought on us all, we are all slowly loosing ever more freedom because we are being every more monitored, corralled and manipulated into doing what the people in power want. The more knowledge they get the more power they get and they keep showing they are relentless in their desire for ever more knowledge and power.
So I don't care if an OpenID card is easier to use. Separate passwords is safer. A government with access to an OpenID could access any web site used by the OpenID, plus governments and businesses could use ID cards to spy on all activity to gain ever more data on people, which I'm sure if there real goal. Because yet again, they seek power and knowledge is power and ultimately power gives personal gain. The problem is its only personal gain for the people with the power at the expense of everyone else. No wonder they want to convince people to use ID cards.
I get the feeling there are some misunderstandings about OpenID.
First of all, your OpenID password is only known at the OpenID provider you yourself choose. In my case, I set up my own, on my own server, in my own house (just a simple little PHP script). I consider this to be a pro, since, in this case the government, does not know my password.
Second, nothing stops you from using multiple OpenIDs for different purposes. For example, one for fun, one for work-related stuff, one for government related stuff and one for banking. There is no correlation between these IDs if you don't want it.
Third, for the government, you already have a single ID: your social security number. And it's already linked to different things, like an address, a bank account, a job, etc. So with an OpenID you just have another ID linked to this. The benefit to this is that your social security number can stay private and is not needed to log in. Instead you use an OpenID, which can only be used with strong security (e.g. a password you choose on a secure server).
So now, whenever there is a security lapse at the Center for Information Technology (CIT), the National Institutes of Health (NIH), the US Department of Health and Human Services (HHS), and related agencies, or at Yahoo!, PayPal, Google, AOL, and VeriSign, or at any other OpenID- or InfoCard-based site, my highly-sensitive government-hosted information will be at risk? Woohoo! I think they may be taking "transparency" a bit too far.
No, I want my authentication to a government site to be used ONLY for that ONE site, not other government sites, and no non-government sites. And I want that site to accept NO OTHER authentication. Actually, that's how I want authentication to ANY site. It may be more inconvenient, but it's certainly more secure.
Fuck, why not just go all out and use our Social Security Number as username and birth date as password? Logins are used to SECURE the service. When you allow authentication credentials shared with other systems, you've just eliminated the security.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
