Inside Germany's Plan To Kill Online Registrations (cnn.com) 61
An anonymous reader writes: Germany's corporate giants are promising a brave new future in the form of a single account -- one that will let you do your online shopping, get a flight and rent a car, all with no more registrations or repetitive passwords. Deutsche Bank (DB), Germany's biggest bank, announced Monday it's teaming up with other big firms to create a new company that will create the service. Users would enter their ID details just once before they can make all their online purchases across multiple sites. The partners -- which include Mercedes-Benz maker Daimler, insurer Allianz and publisher Axel Springer -- hope other firms will sign up to their vision. They're calling it a "pan-industry platform for online registration, e-identity and data services." The program could eventually be expanded to include government services. For example, drivers could apply for a new license through the system before their old one expires. The partners expect the program will be running in Germany by mid-2018, and they stressed it will be "secure" and comply with all European Union data protection rules.
Great idea... (Score:4, Insightful)
And then once you have universal registration - you can be tracked all over the internet with ONE ID - including all your political commentary!
Commercial use (Score:2)
you can be tracked all over the internet with ONE ID - including all your political commentary!
Technically, this effort (like lots of other similar efforts in the past) aren't targetting forum, but mostly on-line shops, and e-government platforms.
- i.e.: things where you already need to identify with your real-world ID for obvious reasons. (e.g.: Because the goods need to be delivered to you in person).
They are all platform who already know you, and could (if they wanted to put the effort and collude together) trace you.
You're confusing with OAuth and OpenID platforms (like Google, Facebook, etc.) wh
Re: (Score:2)
You do realize how easy and 'logical' (to state bureaucrats) it is to extend this to forums and everything else, right? First they'll make it optional and then they'll mandate it.
Re: (Score:2)
Re: (Score:1)
At least they said it will be secure. That's a relief.
Re: Great idea... (Score:4, Funny)
Germany has never had any problems with overbearing governance, so stop the fear mongering and show me your papers, please.
Re: (Score:2)
Conversely, my credit-card provider will happily hand out ephemeral "ids", good only for a single use. Do you suppose they know something more about the trustworthyness of the folks who want to send them a bill than this company does?
If they start up, I'm starting a company to offer them fraud insurance, for a shatteringly high fee.
Only a Matter of Time (Score:2)
Gonna happen eventually. Trusting your online identity to Google or Yahoo or some outfit that may go bankrupt someday is becoming more and more stupid, in a world where having a persistent, secure, accountable and trustworthy e-mail account unique to you is becoming essential to pay your bills, do your taxes, get your Medicare, and other plain life stuff. People are afraid of government, sure, but Google or Microsoft or AOL/Verizon do not owe you an e-mail account, and can probably shut it down any time t
One Ring to Rule them All (Score:2)
Re: (Score:1)
SSO? For the entire internet? What could possibly go wrong?
I'm announcing My new company SSOSSO (Score:2)
I'm announcing a company whose service will be to hold the passwords to all your different and incompatible "universal" password holders. It' will be called single-sign-on-single-sign-on or SSOSSO
obligatory xkcd (Score:2)
https://xkcd.com/927/ [xkcd.com]
Who actually believes that any of these "one standard" things REDUCE the number of different accounts you have to have?
Re: (Score:2)
The good old 927. Anybody who've been in IT for a few years probably know that number by heart by now.
Re: (Score:2)
I'll shamefully admit that, although I had memorized the content of the comic, I did have to google the number.
Re: (Score:2)
That and 538 tend to answer many, many items that pop up in IT discussions.
Re: (Score:1)
Re: (Score:1)
Oh, these systems work just fine if the powers-that-be all cooperate to make it happen.
The problem is that this is not something anyone that cares about privacy should want or encourage. It's too easy for the powers-that-be or governments to intentionally abuse and when it is compromised by criminals the damage is likely much worse than today's login systems..
There is a place for federated/one-keyring-to-rule-them-all logins. Many companies use them so you don't have to log into otherwise-unrelated databas
Re: (Score:2)
The New Privacy Plan (Score:2)
I'll keep what tiny bit of privacy I have left
It's pretty obvious we have essentially no privacy now, and what little there is left will be gone soon.
So the answer to that problem, is spurious data. If no-one can be sure the data is really you, then you are back to having privacy...
So the solution is to program a bot to randomly browse the internet, sign up for accounts, and post things. You have no control or visibility into what the bot is doing, it just does things in the background.
Then if someone acc
Great! (Score:2)
I'll put it in a pile with all my other pan-industry platforms for online registration, e-identity and data services.
Obligatory XKCD link omitted because everybody's seen it. Really. Everyone on the internet. Don't bother.
What's so wrong with OpenID (Score:2)
Haven't we been down this road several times before?
How come no one thought of this before? (Score:4, Insightful)
Oh wait, they did. It didn't work out because it is not as great of an idea as it sounds at first.
You have one logon for ALL of your online accounts. That's great only one ID and password to remember to get access to everything you do online. Of course, that also means only one ID and password to hack for someone ELSE to get access to all of your online accounts. Then once they do, aside from the losses you might take from the hack, how do you get your account back?
Re: (Score:2)
That's not actually the biggest obstacle to this. The real problem is that too many websites think they're more important than that. In fact, many think they're so important that they have their OWN single sign on for other websites to use.
The end result is that there is never wide enough adoption of this for it to actually work out the way it's planned, and the average person never finds a "single sign on" that works for more than 1-2 sites out of the dozens upon dozens that they use.
Re:How come no one thought of this before? (Score:4, Interesting)
A related problem is that whoever sponsors the single sign one that become THE single sign on will forever after have a competitive advantage over their direct competitors in whatever their business is. The result being that those competitors will not sign up for it (for good reason).
Re: (Score:2)
Re: (Score:2)
Of course, that also means only one ID and password to hack for someone ELSE to get access to all of your online accounts
The advantages of centralizing credential validation far outweighs the disadvantages you mentioned:
1. Most people already use the same username and password for most of their accounts
2. Currently these 3rd parties are getting their databases hacked hence, accounts are hacked. With centralized account management we can apply very strong security to minimize such instances.
3. With only one service to cater to, devices can run anti logging software (such as what some banks have you install to avoid account the
Re: (Score:2)
Oh wait, they did. It didn't work out because it is not as great of an idea as it sounds at first.
Except that a huge swath of Intertube Serfs do exactly that with Facebook Login.
What could possibly go wrong? (Score:4, Insightful)
Talk about too many eggs in one basket! This is hoarding everyone's most precious eggs into one giant egg silo!
Not to mention this is almost THE nightmare account in terms of online privacy: one account for everything, linked to your real name through government ID. It could only be worse if it were controlled by a corporation rather than a government...at least you should be able to vote to keep marketers out!
Re: (Score:2)
You have one place to fix the weak login specifically, but ALL of the damage is already done and you'll have to fix things in many more places. It's better to compartmentalize things so that if someone breaks into your car rental shop's online login they can't transfer money out of your bank account, steal your airline travel information, and order $5k of dildos and lube to your house with same-day shipping, for example.
Shaking my head (Score:2)
Just what the hackers wanted (Score:2)
Let's help the hackers! All they need to do is hack a single account, and they get access to all of the linked accounts! Isn't technology great!
Any institution that participates in such idiocy would not get any of my business, that's for damn sure.
Really evil idea (Score:3)
This isn't killing registration, it's REQUIRING one. A really horrible one.
It is like facebook, only forcing people to use it - FOR EVERYTHING.
It's not just the end of online anonymity, it's the total destruction of what remains of privacy.
Look, I do NOT want to use the same ID for my Medical history for ANYTHING. No one should be able to know what ointments I am getting or for what, just because I sent them an email.
People have a right to privacy, even if most morons ignore it.
What could possibly go wrong???? (Score:2)
Just saying.
United States Post Office (Score:2)
As such, I have been pushing through manager levels to get them to start handling User Certificates.
This is not just useful for buying, but twitter,facebook, even slashdot could treat positively IDed ppl different than those that are true ACs.
The hard part is getting a group that knows how to handle IDs, as well as has offices all over the US.
Re: (Score:2)
I applied for my passport at the municipal registrar office, and as far as I know, they're actually issued by the state department, not the post office.
You show a bunch of ID, they take your picture and send it off with your birth certificate to the state department who then does something mysterious and then issues the passport.
Strangely, when I applied for Global Entry I had to do it all over again, but starting with my passport. But sure enough, they took another photo, a set of finger prints, an interv
666 (Score:2)
Revelation 13
;-)
17 And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
18 Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six.
Re: (Score:2)
Single Point of Failure (Score:1)
No thanks. I prefer unique passwords for each site as a firewall should one or more become compromised.
Re: (Score:2)
has been possible for decades (Score:2)
we always had a social insurance, social security, or other unique ID that could have been used with open access to government databases. We could have had this at any time since the dawn of the internet. retail stores could have accepted any government id as contact information and/or payment for well-over a century.
credit cards, debit cards, bank information, drivers' licences, social insurance numbers, social security numbers, tax filings, incorporation documents -- any one of them could have been open
Hackers rejoice... (Score:1)