Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Privacy Security The Internet IT

Inside Germany's Plan To Kill Online Registrations (cnn.com) 140

An anonymous reader writes: Germany's corporate giants are promising a brave new future in the form of a single account -- one that will let you do your online shopping, get a flight and rent a car, all with no more registrations or repetitive passwords. Deutsche Bank (DB), Germany's biggest bank, announced Monday it's teaming up with other big firms to create a new company that will create the service. Users would enter their ID details just once before they can make all their online purchases across multiple sites. The partners -- which include Mercedes-Benz maker Daimler, insurer Allianz and publisher Axel Springer -- hope other firms will sign up to their vision. They're calling it a "pan-industry platform for online registration, e-identity and data services." The program could eventually be expanded to include government services. For example, drivers could apply for a new license through the system before their old one expires. The partners expect the program will be running in Germany by mid-2018, and they stressed it will be "secure" and comply with all European Union data protection rules.
This discussion has been archived. No new comments can be posted.

Inside Germany's Plan To Kill Online Registrations

Comments Filter:
  • Great idea... (Score:5, Insightful)

    by Anonymous Coward on Monday May 08, 2017 @01:21PM (#54378051)

    And then once you have universal registration - you can be tracked all over the internet with ONE ID - including all your political commentary!

    • Commercial use (Score:4, Informative)

      by DrYak ( 748999 ) on Monday May 08, 2017 @01:34PM (#54378179) Homepage

      you can be tracked all over the internet with ONE ID - including all your political commentary!

      Technically, this effort (like lots of other similar efforts in the past) aren't targetting forum, but mostly on-line shops, and e-government platforms.
      - i.e.: things where you already need to identify with your real-world ID for obvious reasons. (e.g.: Because the goods need to be delivered to you in person).
      They are all platform who already know you, and could (if they wanted to put the effort and collude together) trace you.

      You're confusing with OAuth and OpenID platforms (like Google, Facebook, etc.) which are targetting forums.

      • Re:Commercial use (Score:5, Insightful)

        by Anonymous Coward on Monday May 08, 2017 @01:45PM (#54378301)

        Sure.

        Technically it never starts out that way. Just some good intentions. That's how these laws work. A frog will always jump out of a hot pot - you just put the frog in cold water and turn the heat up slowly over time.

        Nobody would buy into an internet ID # scheme that would track you everywhere because nobody wants to be traced. You just start with a government ID used for shopping and eGovernment. How could that possibly be evil? It's just one ID for all your government services. And shopping. It'd be really great to use this for shopping. And health services. We already need a central repository for our health records so it should be there too. Oh and hey all of our banking accounts should tie into this too. Its convenient and it really helps government crack down on crime. Well now that we have you spending habit it'd be a good idea to give you tax credits on your health if you eat buy healthy food instead of junk food. While we're at it you should use your to register your car too and the auto insurance associated with it. Oh hey, your driving record says you speed so that should affect your government health tax credits too. In fact now that 80% of the internet uses your ID we should roll it out for Hulu and forum services too, as a convenience and let Facebook tie your account to it too.

        Oh hey since we have IDs tied to facebook we can finally solve this troll problem. In fact we should require your government ID to be used to login to Facebook to verify it because everybody agrees hate speech needs to be properly penalized.

        And that's how it works Charlie Brown.

        • Don't worry big German governmental IT projects are predistined to fail because the Germans are most tech-sceptical people after the Amish. Some universities still have student's ids printed on plain ass paper because having a smart card someone could track your eting habits at the cafeteria.
        • You just start with a government ID used for shopping and eGovernment. How could that possibly be evil? It's just one ID for all your government services. And shopping. It'd be really great to use this for shopping. And health services. We already need a central repository for our health records so it should be there too. Oh and hey all of our banking accounts should tie into this too.

          These are all service that already need to know who the real you is.
          Even if there's not a simplified "Internet ID" scheme, they already know who you are, by virtue of how they work.
          They all need to know that their client ID#xxxxxx is the real person Mr/Mrs. Yyyy Zzzzz.

          Its convenient and it really helps government crack down on crime.

          Huh ? How does it help government crack down on crime ?!
          It's mainly a simple way by which they can confirm the real identity of a person.
          The only thing remotely related to crime, is that all the above administrations and shops will be less com

      • by epyT-R ( 613989 )

        You do realize how easy and 'logical' (to state bureaucrats) it is to extend this to forums and everything else, right? First they'll make it optional and then they'll mandate it.

      • by thsths ( 31372 )

        And then there is paypal for payments. So it all exists, and I am not really sure what is novel in this approach, except that it is happening in Germany (and supposedly linked to your government issued ID card).

      • by sycodon ( 149926 )

        Thanks...but no thanks.

        I'll register for the service I want, if I want, when I want.

        I have separate IDs for ALL my online activity, all linked to a pseudonym email and only use PayPal filled with Gift Card cash.

        I'm sure someone can track me if they tried hard enough, but at least I can make it difficult for them.

        • And probably do all the transaction where your actual real world identity is a requirement in person, I presume ?
          (like filing your taxes)

    • Re: (Score:3, Funny)

      by Anonymous Coward

      At least they said it will be secure. That's a relief.

    • by ArmoredDragon ( 3450605 ) on Monday May 08, 2017 @01:36PM (#54378199)

      Germany has never had any problems with overbearing governance, so stop the fear mongering and show me your papers, please.

      • by mjwx ( 966435 )

        Germany has never had any problems with overbearing governance, so stop the fear mongering and show me your papers, please.

        But this isn't being proposed by teh Ebil Gubbermint, it's being proposed by nice, safe and friendly private enterprise. What could possibly go wrong, I'm sure banks (Deutsche bank) and insurers (Allianz) always have out best interest at heart and would never seek to abuse our private information friend. Now sit back and consume some non mandatory Cadbury confectionery and Delicious Coca-Cola Amtil beverages whilst watching your favourite dramas on your LG television.

        In reality I cant see this working.

        • But this isn't being proposed by teh Ebil Gubbermint, it's being proposed by nice, safe and friendly private enterprise. ..

          Jawohl!!!.. Giants of integrity like Volkswagen

          In reality I cant see this working. They're trying to replace individual registrations with one giant registration. In theory it sounds great, but in reality it'll just be one more password you need to remember and another giant security nightmare.

          Being as nothing on the Internet seems to be secure other than the US Treasury, Treasury Direct program which seemingly achieves security by being pretty much unusable, I imagine this will turn out to be just another attack vector.

          Like we need more attack vectors.

    • by davecb ( 6526 )

      Conversely, my credit-card provider will happily hand out ephemeral "ids", good only for a single use. Do you suppose they know something more about the trustworthyness of the folks who want to send them a bill than this company does?

      If they start up, I'm starting a company to offer them fraud insurance, for a shatteringly high fee.

      • Conversely, my credit-card provider will happily hand out ephemeral "ids", good only for a single use.

        Intresting enough, anonymous or pseudonymous IDs are already features of the new electronic ID card (along with verified ID and anonymous age verification) and if for the sake of the argument we could assume the German beurocrazy as a trustworthy root, they did lots of things right from design perspective and could probably put OAuth to shame.

        But still, no one is using it

        And I'm not expecting anyone to use the next me-too product (both users and services) if even mandatory ownership of a secure access card

        • by davecb ( 6526 )

          I suspect the part they've fallen down on is fraud.
          I recently worked for a start-up, and 1/3 of our gross income was sucked up by our (North American) payment processor, who charges about six times more than a European processor who we'd have loved to use. Five sixths of the difference was purported to be handing and ensuring us against fraud.

    • by WheezyJoe ( 1168567 ) <fegg@exc[ ].com ['ite' in gap]> on Monday May 08, 2017 @02:24PM (#54378621)

      Gonna happen eventually. Trusting your online identity to Google or Yahoo or some outfit that may go bankrupt someday is becoming more and more stupid, in a world where having a persistent, secure, accountable and trustworthy e-mail account unique to you is becoming essential to pay your bills, do your taxes, get your Medicare, and other plain life stuff. People are afraid of government, sure, but Google or Microsoft or AOL/Verizon do not owe you an e-mail account, and can probably shut it down any time they want (you ain't paying for it, for example, and if they go bankrupt, who ya gonna sue to pull it back from backups?) Smart guys can roll their own servers, of course, or work for a university their whole life. But that's still no guarantee that their e-mails are coming from then - the server gets hacked and someone uses it to steal your tax return, there's nobody to turn to.

      I see a national e-mail account as an inevitability, like getting a passport, run by the Post Office for example, as soon as government don't wanna pay for letting people do business any other way (like paper). Just a matter of when. Maybe not soon, but someday.

    • Wouldn't it just be easier to tattoo the number on peoples arms? That way online and offline presence will always be in sync!
      • No, numbers on arms would be inefficient. Tatooing 2D barcodes on people's foreheads; now there's efficiency.

    • thats exactly what its for.

    • dont be so dense, change browsers, i have three browsers installed, chromium, palemoon & seamonkey, i could install three more firefox, opera and vivaldi, use them with my discretion,. but if the govt goons & spooks really wanted to watch you they could do it at the ISP by your IP address so it would not matter what app you used to access the internet they got your NUMBER
    • by ( 4475953 )

      You can be tracked easily across the internet anyway.

      However, with the new Deutsche Bank system, you can also be hacked easily across the internet.

  • by evolutionary ( 933064 ) on Monday May 08, 2017 @01:25PM (#54378089)
    And the Great Eye of fire sees all. Come to think of it, this was discussed in the film "The Circle". Not a great film, but it puts these ideas into a realistically scary context. Does this idea of removing choice from whether or not we WANT to be registered concern anyone else?
    • by Anonymous Coward

      SSO? For the entire internet? What could possibly go wrong?

    • I'm announcing a company whose service will be to hold the passwords to all your different and incompatible "universal" password holders. It' will be called single-sign-on-single-sign-on or SSOSSO

  • by green1 ( 322787 ) on Monday May 08, 2017 @01:26PM (#54378095)

    https://xkcd.com/927/ [xkcd.com]

    Who actually believes that any of these "one standard" things REDUCE the number of different accounts you have to have?

    • by grumpy_old_grandpa ( 2634187 ) on Monday May 08, 2017 @01:33PM (#54378165)

      The good old 927. Anybody who've been in IT for a few years probably know that number by heart by now.

    • Estonian ID card / mobile identification works pretty well. Any service can do an API call to the national system, which authenticates the user and sends back first+last name and social security number. The ID cards are smart cards. Most people have smart card readers (€10 a piece), or the mobile identification thing (special SIM card with certificates, asks for your PIN number upon authentication). Log in to any state institution website or any supporting 3rd party website. Banks, telecom companies to
      • by davidwr ( 791652 )

        Oh, these systems work just fine if the powers-that-be all cooperate to make it happen.

        The problem is that this is not something anyone that cares about privacy should want or encourage. It's too easy for the powers-that-be or governments to intentionally abuse and when it is compromised by criminals the damage is likely much worse than today's login systems..

        There is a place for federated/one-keyring-to-rule-them-all logins. Many companies use them so you don't have to log into otherwise-unrelated databas

      • Estonian ID card / mobile identification works pretty well. Any service can do an API call to the national system [...] Most buy/sell forums demand ID card identification to avoid fraud.

        How do such forums handle buyers and sellers not from Estonia?

    • Oh my God, like, entering my personal information to register for a website is *SO HARD*, I just can't take it anymore.
      • by green1 ( 322787 )

        It's more that half the websites that want you to do so, have no valid reason to need it.
        If I'm trying to read your pointless blog, I'm not going to "Sign up", but I might "sign in" if it didn't involve all my personal details being transferred to you.

      • Along with the same password on each website?

        That's the point where SSO comes into play.

  • by frank_adrian314159 ( 469671 ) on Monday May 08, 2017 @01:29PM (#54378123) Homepage

    I'll put it in a pile with all my other pan-industry platforms for online registration, e-identity and data services.

    Obligatory XKCD link omitted because everybody's seen it. Really. Everyone on the internet. Don't bother.

  • Haven't we been down this road several times before?

  • by Attila Dimedici ( 1036002 ) on Monday May 08, 2017 @01:31PM (#54378147)
    How come no one thought of this before?
    Oh wait, they did. It didn't work out because it is not as great of an idea as it sounds at first.
    You have one logon for ALL of your online accounts. That's great only one ID and password to remember to get access to everything you do online. Of course, that also means only one ID and password to hack for someone ELSE to get access to all of your online accounts. Then once they do, aside from the losses you might take from the hack, how do you get your account back?
    • by green1 ( 322787 )

      That's not actually the biggest obstacle to this. The real problem is that too many websites think they're more important than that. In fact, many think they're so important that they have their OWN single sign on for other websites to use.

      The end result is that there is never wide enough adoption of this for it to actually work out the way it's planned, and the average person never finds a "single sign on" that works for more than 1-2 sites out of the dozens upon dozens that they use.

      • by Attila Dimedici ( 1036002 ) on Monday May 08, 2017 @01:47PM (#54378317)
        The problem you are pointing out is not so much that they think they are more important than they are (although that is an element to it). The problem is that everybody who comes up with this idea thinks, "I can make money doing this." Which leads everyone else to think, "Why should they make the money? Why not me?"
        A related problem is that whoever sponsors the single sign one that become THE single sign on will forever after have a competitive advantage over their direct competitors in whatever their business is. The result being that those competitors will not sign up for it (for good reason).
    • Of course, that also means only one ID and password to hack for someone ELSE to get access to all of your online accounts

      The advantages of centralizing credential validation far outweighs the disadvantages you mentioned:
      1. Most people already use the same username and password for most of their accounts
      2. Currently these 3rd parties are getting their databases hacked hence, accounts are hacked. With centralized account management we can apply very strong security to minimize such instances.
      3. With only one service to cater to, devices can run anti logging software (such as what some banks have you install to avoid account the

      • Of course, that also means only one ID and password to hack for someone ELSE to get access to all of your online accounts

        The advantages of centralizing credential validation far outweighs the disadvantages you mentioned:
        1. Most people already use the same username and password for most of their accounts
        2. Currently these 3rd parties are getting their databases hacked hence, accounts are hacked. With centralized account management we can apply very strong security to minimize such instances.
        3. With only one service to cater to, devices can run anti logging software (such as what some banks have you install to avoid account theft via key logging)

        Off course having your account stolen is going to be a huge problem but it already is for most as mentioned in #1.

        Err... I have to disagree...

        • 1. Your answer is not relevant. Even though most people already have the same username and password, it does not mean all people do. Also, you exaggerate the number of "most people" by the way. If you said "more than half" then I could agree with, but it is still irrelevant. Because majority of people do not follow or understand security, does not mean we all have to adjust to their less secure way.
        • 2. How do we apply "strong security" when users themselves don't understand or ev
        • Correct myself... "Centralization" not "Centralized data"
        • Even though most people already have the same username and password, it does not mean all people do. Also, you exaggerate the number of "most people" by the way. If you said "more than half" then I could agree with,

          I meant majority of people reuse the same username and password.

          but it is still irrelevant. Because majority of people do not follow or understand security, does not mean we all have to adjust to their less secure way./quote>
          It's not irrelevant if even 30% of people do it. And yes we have to adjust if there is that much failure and the failure points are obvious.

          Let say you have implemented an unhackable system. Let's say a mother gives her ID and password (and whatever your system requires) to her daughter to do some online shopping for her. Then later on, the daughter does the online shopping without the mother's permission. How could your unhackable system prevent that? I'm not talking about how to catch her misbehave, but I'm pointing directly to your argument about "strong security" perspective

          If you give your username and password the problem is there regardless of solution you put in place I suspect the same user is the one that uses the same credentials for all his accounts. The current system is so convoluted and complicated that the non technical user just can't care to learn it. Click button and get moving. With a well rounded technology and processes we can simplify this to the point where grandma gets it. Remove the complications, then educate is what I think we need to do.

          Please look back at #2. If someone could steal crucial information to log in, it is extremely difficult to distinguish who is who. Sometimes, you may be able to find out, but it is usually too late because all other information/asset have been stolen/sold already.

          But that is true of all current account management systems and to top it off they don't usually have the expertise to do it right the first 15 times. With expertise in one place and a well rounded system it's less of an issue and easier to educate users on. With a centralize system you apply good password practices combined with "through device validation". These types of systems are known to be very strong.

          Centralized data is good for convenience, but it goes opposite way of security

          Simplicity to users has always resulted in lowered risk. Cars, tools... the list goes on. When you simplify use you reduce risk. This will be true of security as well.

          • I agree that simplicity could reduce risk; however, it is correct if and only if you are talking about its own aspect. However, changing from one stage to the other, regardless make it more complicated or simplified, does not guarantee that the change will not introduce any critical flaws. In this case, it obviously gives users an ease to do stuff (convenience), but at the same time it introduces an ease abusing data in various ways. Does this centralization really simplify security? I don't think so. They

            • Users will be more willing to deal with slightly more complicated authentication if the process is the same across the spectrum of accounts needed to be accessed. If the users don't understand the importance of protecting their data, both scenarios are doomed so for that reason better have the simpler system which has a chance of avoiding breaches and a better chance of being fully embraced by users.

              • Users will be more willing to deal with slightly more complicated authentication if the process is the same across the spectrum of accounts needed to be accessed. If the users don't understand the importance of protecting their data, both scenarios are doomed so for that reason better have the simpler system which has a chance of avoiding breaches and a better chance of being fully embraced by users.

                In reality, user will lose trust once even a small wrong thing happens, and then they will reject it. Also, your argument doesn't invalidate what I said in my previous post -- simpler is not equal to more security or even easier maintenance because it could introduce more worse situations that would be more difficult to handle.

                • In reality, user will lose trust once even a small wrong thing happens

                  I guarantee that isn't true. Credit cards are a great example. Many get defrauded yet many continue to use it.

                  simpler is not equal to more security or even easier maintenance because it could introduce more worse situations that would be more difficult to handle

                  Let me ask you this. Who's data security do you think will be better?
                  A) Company who needs a credential validation for users to authenticate to access what they sell (services or goods)
                  B) Company who's business is to be the best at user authentication, specializes in fraud detection and fraud counter measures

                  Considering that a majority of users use the same credentials for most of their accounts it's

      • by epyT-R ( 613989 )

        At some point, reducing points of failure hits diminishing returns if the result is one big catastrophic failure point. If someone hacks an email account, he just has access to that. Even with some password recycling, the benefit of separate systems isn't completely negated because the attacker only has some idea where the victim has accounts or what the usernames might be. With single signon, the attacker gets everything that authenticates against it and he knows he's got the keys to the victim's entire ki

    • Oh wait, they did. It didn't work out because it is not as great of an idea as it sounds at first.

      Except that a huge swath of Intertube Serfs do exactly that with Facebook Login.

    • by Orphis ( 1356561 )

      It doesn't have to be done this way.

      In Sweden, we basically have that. We put our "person number" in the website and then it opens an identification request on our mobile phone (you can also use a desktop plugin). Proper 2FA, no stupid password to put on the website.

      That's what I use to declare my taxes, use the local eBay, apply for a customer credit when buying something expensive online, connect to my bankS websites and also approve direct money transfers to friends through their phone number (so one pay

  • by GameboyRMH ( 1153867 ) <gameboyrmh@NoSpam.gmail.com> on Monday May 08, 2017 @01:33PM (#54378161) Journal

    Talk about too many eggs in one basket! This is hoarding everyone's most precious eggs into one giant egg silo!

    Not to mention this is almost THE nightmare account in terms of online privacy: one account for everything, linked to your real name through government ID. It could only be worse if it were controlled by a corporation rather than a government...at least you should be able to vote to keep marketers out!

    • by Anonymous Coward

      One account, one login, one password. If it gets hacked or compromised, you only have ONE place to fix it. This is great for privacy and identity theft prevention. What we have now is multiple points of vulnerability, and to fix any one of them requires different avenues of detection, notification and policies. Can they track you? Of course, but right now they do that already. If you are paranoid, you could even make this ONE account a fake one, and drop out!

      • You have one place to fix the weak login specifically, but ALL of the damage is already done and you'll have to fix things in many more places. It's better to compartmentalize things so that if someone breaks into your car rental shop's online login they can't transfer money out of your bank account, steal your airline travel information, and order $5k of dildos and lube to your house with same-day shipping, for example.

        • if someone breaks into your car rental shop's online login

          If implemented properly, breaking into that system will get you just the token used to identify the user on that one system. And ideally, the actual authentication to produce that token would only take place on the centralized system's servers. The most breaking in would get you is a chance to create a realistic looking attack to steal credentials later.

          • For the system to work this way, people would have to be harangued to re-enter their password when moving across different parts of the system, basically recreating the problems of early versions of Windows UAC on the web. And this would still only compartmentalize server-side exploits - a stolen password would still take everything in one fell swoop. It would be vastly worse than having your email account broken into under the status quo. Otherwise there has to be a publicly-accessible "central point of fa

  • Why yes, lets have ONE centralized repository of user data, force everyone to use it for validation, and put the whole damned thing online. WHAT COULD POSSIBLY GO WRONG.
    • by mikael ( 484 )

      If there was no danger of identity theft, then it would work. But with high unemployment or low wages, it's a high risk.

      Norway do this with their folk-register. Everyone registers their name, SSN number with a home/mail address. This is used by banks and mail order companies. You can opt not to use this address with each company, but it saves time in filling in online forms and validating ID.

  • Just what the hackers wanted ... easy access to all of my accounts.

    Let's help the hackers! All they need to do is hack a single account, and they get access to all of the linked accounts! Isn't technology great!

    Any institution that participates in such idiocy would not get any of my business, that's for damn sure.
  • Really evil idea (Score:4, Insightful)

    by gurps_npc ( 621217 ) on Monday May 08, 2017 @01:45PM (#54378293) Homepage

    This isn't killing registration, it's REQUIRING one. A really horrible one.

    It is like facebook, only forcing people to use it - FOR EVERYTHING.

    It's not just the end of online anonymity, it's the total destruction of what remains of privacy.

    Look, I do NOT want to use the same ID for my Medical history for ANYTHING. No one should be able to know what ointments I am getting or for what, just because I sent them an email.

    People have a right to privacy, even if most morons ignore it.

  • In American, the USPO handles passports. As such, they are used to making sure that these ppl are who they claim to be.
    As such, I have been pushing through manager levels to get them to start handling User Certificates.
    This is not just useful for buying, but twitter,facebook, even slashdot could treat positively IDed ppl different than those that are true ACs.
    The hard part is getting a group that knows how to handle IDs, as well as has offices all over the US.
    • by swb ( 14022 )

      I applied for my passport at the municipal registrar office, and as far as I know, they're actually issued by the state department, not the post office.

      You show a bunch of ID, they take your picture and send it off with your birth certificate to the state department who then does something mysterious and then issues the passport.

      Strangely, when I applied for Global Entry I had to do it all over again, but starting with my passport. But sure enough, they took another photo, a set of finger prints, an interv

  • Revelation 13
    17 And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
    18 Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six. ;-)

  • by Anonymous Coward

    No thanks. I prefer unique passwords for each site as a firewall should one or more become compromised.

  • we always had a social insurance, social security, or other unique ID that could have been used with open access to government databases. We could have had this at any time since the dawn of the internet. retail stores could have accepted any government id as contact information and/or payment for well-over a century.

    credit cards, debit cards, bank information, drivers' licences, social insurance numbers, social security numbers, tax filings, incorporation documents -- any one of them could have been open

  • If this goes through, you'll only have to steal any given individual's details ONCE to rob them blind everywhere! What a boon for hackers!
  • A literal, virtual "Papers, Please".
  • Didn't the Bible have a passage about this? I don't recall it being a happy parable.
  • the Stasi: "your papers, bitte"
  • I'm sure this will all work as well as intended, at least for the goobers trying to make it happen.
  • That's bullshit (Score:4, Informative)

    by allo ( 1728082 ) on Monday May 08, 2017 @03:27PM (#54379173)

    Hello from Germany here.

    It's the first time ever i heard from it. So i believe there is some initiative, but that does not mean, that this is "Germany's plan".
    It's just another corporate dream. Or like our politicians tell us "the internet is new land for all of us" (Angela Merkel).

    We have a thing, which is the ePerso (electronic identification built into our identity card), which nobody uses either.
    In theory it can do a lot of cool stuff, including ideas like providing a pseudonymous identity to websites which is backed by a real identity you do not need to reveal, which should be able to be used to authorize for official tasks for tax and others and provide some more things.
    In reality nobody is using it, nobody is implementing it and the people able to use such techie-stuff know the problems with it and are a bit paranoid (they may have a cause) about what the government may be able to do with it, when it gets established.

    Back to the article: BULLSHIT. Nobody is killing online registrations, some companies are just trying to reinvent something again in ambitious ways. They may be soon some headlines about it then everybody forgets it again.

  • This service is named Facebook, right?
  • "pan-industry platform for online registration, e-identity and data services"... so, OpenID (http://openid.net/connect/faq/). Minus the open part.

  • The banks in the Netherlands use a system called iDEAL which is used for online transactions. It is run through banking website and uses a challenge and response system combined with the presence of a user's bank card.

    They branched out recently to create a new side system called iDIN. The premise is also simple: If a bank can already authenticate a person for the purposes of transactions, why not also do it for web logons? I'm starting to see many services adopt it, starting with the government and tax department which now give you the option of logging in with your government login (DigiD) or iDIN.

    All that is fine providing it's restricted to services who absolutely have to positively identify me. Facebook and the like can fuck right off if they are thinking of adopting something similar.

  • There once was a time when corporations had established the network of their dreams in Germany: It was called "BTX", run by the "Bundespost" (later to become Deutsche Telekom). You had to use that one entrypoint to BTX which was connected to your personal data, and every single page you wanted to look at could ask for a price - so even the coarsest of pixel-graphics came at a 10 Deutsche Mark charge and even the most irrelevant information presented came at hilarious page prices.
    Of course, it was also impo
  • when somebody gets a driver's licence or state ID card they are issued a unique number besides their drivers licence number on the back of the licence, and it identify s you to any website you log in to things like banks and making purchases at amazon or google, but people can still use their old anonymous login IDs for non-essential websites like craigslist or facebook or twitter or slashdot etc...
  • For this it is far, far too lucrative to compromise it.

    Just think: An ID that lets you basically take over the life of someone else. There is no way you could possibly keep this secure. Even if I have to throw near infinite resources at it to compromise it, it's worth it.

    This cannot be made secure. And anyone with a hint of a brain cell between his ears would try to stay away from using something like this for as long as it is humanely possibly.

  • If they want my participation, they'll have to march into Oslo again. Or not. If they do, I'll probably join the resistance :)

To write good code is a worthy challenge, and a source of civilized delight. -- stolen and paraphrased from William Safire

Working...