Author Topic: Internet ID for Americans (Read 3812 times)

Kolgena · **Reply #20 on:** January 09, 2011, 11:07:11 am

Eh. Some of those will be fake aliases as well. I personally have half a dozen fake emails/random accounts on forums with passwords like asdf1234 or some variant of that. I'm guessing I'm not the only one out there that does this.

(I only have 1 account on HLP though, don't shoot me)

OT: This proposal seems dumb to me. It also seems like something that's going to happen naturally if augmented reality systems start really taking off.

Goober5000 · **Reply #21 on:** January 09, 2011, 06:30:24 pm

Quote from: -Joshua- on January 09, 2011, 04:46:26 am

If human randomness is tremendously predictable, many of the world's problems would have been solved already, without any side effects. [...] If human randomness was so predictable, then all those complicated financial programs people used before the credit crunch would have worked or never have existed.

Off-topic...

Human randomness (i.e. human behavior) is eminently predictable. The problem is that people ignore, or refuse to learn, the lessons of history. Or they sacrifice long-term stability for short-term gains. Congress tried to do something about FNMA and FDMC at least two years before they collapsed. One of the Federal Reserve governors warned that loose mortgage policies would lead to a housing crash way back in 2000. And the national debt has been a topic of discussion ever since this country was founded.

Beskargam · **Reply #22 on:** January 09, 2011, 08:36:10 pm

would work better in theory than in practice?

Kosh · **Reply #23 on:** January 09, 2011, 10:17:49 pm

Quote from: Beskargam on January 09, 2011, 08:36:10 pm

would work better in theory than in practice?

Even if it were to work better in theory than in practice, what exactly is the point of it? To track everything we do? I'm not seeing what good can possibly come out of it even theoretically.

MachManX · **Reply #24 on:** January 19, 2011, 08:02:10 pm

I think the govt. is just trying to create something to show the Americans that they are doing something to better secure the people...it's not really about the effectiveness. As long as they show the people that they are doing something, the people (aka avg. joes) will be content. Like the saying goes, "It's the thought that counts...", er something along those lines.

Thaeris · **Reply #25 on:** January 19, 2011, 09:29:42 pm

If that is the case, I really wish they'd use their brains to work on more important matters...

Shade · **Reply #26 on:** January 20, 2011, 01:13:41 am

This sort of thing doesn't have to be a cornucopia of ID theft, power abuse etc.

Around here, we've actually had an ID scheme for online banking and the like for a while now, and it is implemented in such a way that I don't see any real potential for abuse: There are no ID cards. There are no chips. What you get is a card with some 300 or so unique codes on it, which are used as a one time pad (along with a personal login name and password, which are really only used to identify which set of codes your bank or whatever will be comparing against) when logging on to any banking, tax-related or whatever website. Once a key is used, it is discarded for good, meaning that you can actually do online banking from any public computer and still have no fear of unsavoury elements nicking your password. Because said password no longer works. And whenever your code-card gets down to 10 or so codes remaining, a new one is automatically mailed to you in an anonymous envelope, so you never run the risk of running out. And the entire card can be blocked with a single phone call, should you lose it.

Since there's no personal information involved, there's no ID to steal. And yet, it will uniquely identify you to any website where you need secure and reliable authentication. Admittedly, it is a bit more cumbersome than your regular website logins, but I'll take the security.

Mikes · **Reply #27 on:** January 20, 2011, 05:35:19 am

Germany has already something similar rolling out. (When you get a new ID card you can choose if you want it to have cyberspace functionality or not... you get to pay 20 bucks either way tho lol).

Chaos Computer Club took 30 mins to hack a sample card (showcased it on TV even) and open a bank account with the ID... all that needs to be said really. The US version won't be any different.

In related news, corporations still have a massive interest in tracking real IDs on the net to be able to microcharge you for everything and anything and effectively and the area of a "free web" forever.
This definitely is a first step into that direction. Once the system would be in widespread use it's not that farfetched to see it changed to be "mandatory" at some point.
(And if you like conspiratory theories, you propably are already wondering when the big cyberspace based fear mongering will start on the news to make us all welcome a mandatory "secrure" (lol) ID.)

BloodEagle · **Reply #28 on:** January 20, 2011, 06:37:26 am

Quote from: Shade on January 20, 2011, 01:13:41 am

This sort of thing doesn't have to be a cornucopia of ID theft, power abuse etc.

Around here, we've actually had an ID scheme for online banking and the like for a while now, and it is implemented in such a way that I don't see any real potential for abuse: There are no ID cards. There are no chips. What you get is a card with some 300 or so unique codes on it, which are used as a one time pad (along with a personal login name and password, which are really only used to identify which set of codes your bank or whatever will be comparing against) when logging on to any banking, tax-related or whatever website. Once a key is used, it is discarded for good, meaning that you can actually do online banking from any public computer and still have no fear of unsavoury elements nicking your password. Because said password no longer works. And whenever your code-card gets down to 10 or so codes remaining, a new one is automatically mailed to you in an anonymous envelope, so you never run the risk of running out. And the entire card can be blocked with a single phone call, should you lose it.

Since there's no personal information involved, there's no ID to steal. And yet, it will uniquely identify you to any website where you need secure and reliable authentication. Admittedly, it is a bit more cumbersome than your regular website logins, but I'll take the security.

Huh. Mailmen are going to rule the world.

....

I didn't see it coming.

Shade · **Reply #29 on:** January 20, 2011, 06:58:34 am

Except the mailman would also need to somehow get your personal login to go with the one-time pad. Oh, and there's an activation code for each pad which mailed seperately too, so he'd need that as well. It really is quite a secure system. Granted, nothing's going to be 100% when not dealing with things in person (and not even then for that matter), but I think it's about as close as you can get.

So for example, assuming the mailman really did want access to your online banking account, he'd need to:

A) Intercept the key card, which is not credit card sized nor made of plastic (though it is thinly laminated) and so isn't readily identifiable in an envelope.
B) Intercept the activation code, which is in a different envelope sent at a different time, and is simply a scrap of paper with some alphanumerical characters on it.
C) Get a keylogger onto a computer you use to access your online banking, tax returns or whatever, and grab your personal login.
D) Pull all this off before you start wondering where your new key card is and call to have it blocked.

Alternatively replace A and B with stealing an already activated key card, in which case he'd have to be very fast indeed in grabbing the money since it only takes a phone call to block it. And he'd still need to do C. And of course he'd need to know which bank you use, but being the mailman I think we can assume this to be true.

And as for ID theft, the key cards being one time pads basically rules it out. Yes, if you went through the steps above you'd get access to some personal information, but the moment the key card is blocked you lose access, and there's nothing you could do to prevent the correct owned from regaining control. He simply gets a new key card, and he's back on top - And you can't use the key card to change the address new cards are sent to.

[Edit: Added example]

MachManX · **Reply #30 on:** January 21, 2011, 02:40:20 am

Quote from: Thaeris on January 19, 2011, 09:29:42 pm

If that is the case, I really wish they'd use their brains to work on more important matters...

Sometimes when the govt. does use its brains properly, the dumb ones fight against it stating all sorts of reasons. Hence why nothing ever gets done on time...if at all

karajorma · **Reply #31 on:** January 22, 2011, 03:32:28 am

Quote from: Mikes on January 20, 2011, 05:35:19 am

Germany has already something similar rolling out. (When you get a new ID card you can choose if you want it to have cyberspace functionality or not... you get to pay 20 bucks either way tho lol).

Chaos Computer Club took 30 mins to hack a sample card (showcased it on TV even) and open a bank account with the ID... all that needs to be said really. The US version won't be any different.

It doesn't have to be that crappy though. No doubt the Germans did the exact same thing the British do with all their big government computer projects. Hand it out to the lowest bidder, accept massive cost over runs, and end up with a shoddy product that's not fit for purpose.

News:

Author Topic: Internet ID for Americans (Read 3812 times)

Kolgena

Re: Internet ID for Americans

Goober5000

Re: Internet ID for Americans

Beskargam

Re: Internet ID for Americans

Kosh

Re: Internet ID for Americans

MachManX

Re: Internet ID for Americans

Thaeris

Re: Internet ID for Americans

Shade

Re: Internet ID for Americans

Mikes

Re: Internet ID for Americans

BloodEagle

Re: Internet ID for Americans

Shade

Re: Internet ID for Americans

MachManX

Re: Internet ID for Americans

karajorma

Re: Internet ID for Americans